Kategorie

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

“The future of AI should be accessible, available, and open to people and builders everywhere, and it should not require an absurd amount of resources only available to a handful of cloud providers,” Paolo Ardoino, CEO, Tether.

About 700 million people use generative AIs like Gemini and ChatGPT weekly, but adoption is far from uniform. McKinsey’s 2025 State of AI survey found that nearly half of respondents from companies with more than $5 billion in revenue have reached the AI scaling phase, compared with just 29 percent of those from companies with less than $100 million in revenue, a gap that only widens further down the chain, locking out smaller businesses, developers, and everyday users.

Retail and small businesses are limited to basic AI utilities that their facilities can power, such as text-based inference and multimedia generation, using base models. That is billions of end users, and developers locked out of full utilization and development of intelligent software due to high infrastructure demands.

Tether’s edge-first LoRA fine-tuning framework for Microsoft’s Bitnet LLM is an important step towards developing an infrastructure system that supports billions of AI agents and intelligent machines. By reducing the computational overhead of machine learning and enabling consumer-grade devices to perform advanced operations, Tether’s edge-first approach ensures greater leverage for the larger population.

Imagine a 13-billion-parameter model being fine-tuned on everyday handheld devices like Samsung S25 and iPhone 16, as well as on regular personal computers. The breakthrough combines resource-efficiency and platform-agnostic techniques to develop a fine-tuning framework for the ternary-quantized LLM.

Behind Tether’s Bitnet fine-tuning framework

Bitnet LLM was born out of the vision of an intelligent AI model that doesn’t consume outrageous computing resources even at full precision. Earlier attempts at resource-efficient AI relied on trade-offs, such as running small-parameter models at higher precision or larger-parameter models at lower precision, but neither approach fully solved the problem.

Bitnet takes a more fundamental approach. The result is a model that achieves linear efficiency while consuming only a fraction of the computing resources traditionally required.

The challenge, however, is that contemporary GPUs are optimized for the very floating-point operations Bitnet eliminates, creating a hardware compatibility gap. Compounding this, Bitnet was originally confined to its own Bitnet.cpp inference engine, limiting its broader utility. Tether’s breakthrough addresses both constraints at once by integrating a Vulkan and Metal GPU backend that unlocks true cross-platform capabilities for BitNet inference and LoRA fine-tuning on heterogeneous consumer GPUs, including mobile GPUs. Bitnet can now run on more mature, widely supported inference engines without sacrificing its efficiency advantages.

Vulkan’s cross-platform nature is key here. Unlike CUDA, which ties developers to NVIDIA hardware, Vulkan runs across a broad range of GPUs and operating systems, opening Bitnet to genuinely multi-platform deployment. Tether’s Bitnet fine-tuning framework implements a dynamic tiling technique to mitigate limitations in Vulkan driver buffer allocation on mobile GPUs.

The dynamic tiling algorithm technique was first applied in the fine-tuning framework for QVAC Fabric LLM, the AI model that powers Tether’s QVAC Workbench application.

This implementation demonstrates the efficiency of this approach: fine-tuning a 13-billion-parameter model across a range of consumer devices with varying GPU configurations.

The Bitnet LLM Fine-tuning framework is Tether’s latest achievement and part of a broader expansion into open-source AI and communication technologies that challenge current, slow, fragile, and controlled systems. These developments are open-sourced and packaged as modules in the QVAC SDK for easy deployment and to help developers build edge-first AI applications without needing anyone’s permission.

Tether envisions superintelligence as a foundational element possessed by its owner and is enforcing this through:

Local-first AI

Synonymous with decentralized AI, “Local-first” AI aims to create sovereign AI solutions that do not rely on centralized infrastructure, such as data centers, to operate. They are considered cost-effective, relatively more sustainable, and unarguably more private than centralized AI. Tether is building AI applications that rely entirely on the device’s resources. These applications store data in device memory and use its processors for advanced operations, such as fine-tuning and inference.

P2P computing network for AI inference

Tether’s AI applications are built on the Pear runtime. Pear is a tooling platform for fully P2P applications that can operate without servers. Pear leverages the Holepunch tech stack. Holepunch is purpose-built for stable, direct communication between devices. Pear enables delegated inference for AI applications such as QVAC Workbench. Delegated inference enables a unified, dynamic workstation architecture where compute tasks are fluidly distributed between mobile and desktop environments, allowing either device to offload high-intensity processing to the most capable system. That is, you can start a task on your mobile device and delegate it to your desktop or laptop for completion.

AI for everyone

The only way to scale intelligence to the needs of a ten-billion-strong society is to push it to the edge. This, in turn, depends on the progress made by experiments aimed at cost-effectively localizing AI computation.

Billions of AI agents and countless AI applications deployed by developers in every region of the world, running effectively on user-owned resources, is the only way we can democratize superintelligence and avoid creating another ‘luxury’ cutting-edge technology controlled by unicorns and fully accessible only to elites.

Tether is pioneering limitless superintelligence for an ever-growing society and applications. Follow the journey to truly local and edge-first AI solutions

MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Apple publishes its App Store fraud prevention report every year,. And when it does, the company presses the point that its curated system brings much value to developers and customers, including highly effective protection against fraud. It says it prevented more than $2.2 billion in potentially fraudulent transactions in 2025 alone.

A tax worth paying

The company said it has prevented $11.2 billion in such fraud in the last six years. That’s a lot of value for the 15% or lower commission that all but the biggest-selling developers are required to pay on their store sales.

Don’t believe the hype, as most developers are not generating the $1 million a year required before the 30% payment kicks in.

You might reflect that if there is an Apple Tax, it’s a progressive tax in which those with the broadest shoulders help support the wider developer community, which is probably why some tech billionaires don’t like it. 

But I’m not here to write about taxation; I’m here to highlight the value the App Store brings. Apple diligently works to protect customers and developers against the ever-growing threat of cybercrime at a scale few other companies could hope to match. That matters in an environment dominated by ever more sophisticated attacks, including scenarios in which a developer submits a benign app for review and then modifies it once the app is online to commit financial fraud.

More than fraud prevention

It’s not just fraud Apple protects App Store customers from. It also attempts to protect privacy. Look, we know that tech firms now exist for whom privacy is a roadblock to profit; they want to take all your information for free to sell it for money, or worse. Apple stands against this and has done so for years, which is why it is under steady attack by entities that want privacy destroyed to boost their bottom line. Nation states and nation-state-adjacent attacks don’t help in the battle for your private digital life, throwing huge resources at undermining personal protections.

Apple’s report gives you a solid glimpse at the anti-privacy environment. App Store rejected 443,000 app submissions for privacy violations; it also rejected 22,000 apps for holding undocumented anti-privacy features. 

The upshot is that while Apple’s protections aren’t 100% perfect, they’re still industry leading. Where incidents do take place, they are resolved swiftly, and the bait-and-switch approach (in which an app pretends to be benign but carries malware) remains the biggest threat. That’s why customers should always verify they trust a developer before downloading apps.

The threats coming over the hill

The thing is, all of these threats are evolving, and Apple is equipped to evolve in parallel with them. In part, that’s because it has scale, in part because it has that huge 2.2-billion-device ecosystem, in part because the company entered the app store race with deep understanding of how online transactions were evolving in the first place. It didn’t run iTunes for years only to learn nothing.

Coming up over the hill we can see new-breed quantum-based threats. Along with artificial intelligence, that combination will likely spawn a mass attack of AI-generated, malware-infested apps being built and submitted at a record pace. 

We will also likely see increased attacks made against developers in order to extract their Developer ID to help in the submission of such apps. And we will see increasingly sophisticated algorithmic hacks to attack security, identity, and even app ownership. Protecting against those consequential evolutions will be neither easy nor cheap. Doing so will require near state-level protection, a degree of security no small entity can meet. We have no idea if smaller app stores can even visualize such protection — and the EU doesn’t know, either.

In time, hopefully, new businesses will emerge offering quantum-safe security to protect online purchases. But for now, we’ll mostly need to look to large entities such as Apple, or payment services providers, to make the grade. 

Near state-level protection

Will Apple put protection at scale in place to protect against these incoming threats against its App Store? It seems likely, given it is already investing in OS-level mitigations to protect encryption on its services, including around encrypted communications. 

It is also in Apple’s interest to future-proof protection around payment services, ergo also the App Store. At the same time, as Apple’s latest fraud report confirms, the threat landscape remains highly volatile. Time will show that the store’s degree of protection is well worth the cost of Apple’s progressive App Store tax. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]

Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a [email protected]

For years, software developers on H-1B visas benefited from steady demand among US technology employers. That market is becoming more selective as companies redirect spending toward AI and rely more heavily on coding assistants.

Recent layoffs at companies including Meta and Amazon have added to the uncertainty, with engineering and software roles affected even as major technology companies continue to deepen investments in AI.

Developers and analysts say traditional engineering roles are becoming harder to land, recruiters are asking more often for AI-related experience, and workers are being pushed to keep pace with tools such as GitHub Copilot, Claude, and ChatGPT.

The shift is being driven by both AI investment and broader economic uncertainty, according to Pareekh Jain, CEO of Pareekh Consulting. Companies are changing the profile of the developers they want, hiring fewer people in some areas while paying more for AI talent.

“AI investments are changing company hiring strategy,” Jain said. “They require a different profile, fewer numbers, and also across geographies.”

This shift is colliding with a tougher sponsorship environment for H-1B developers.

Jain said companies are more selective about hiring visa-dependent workers than they were two or three years ago, especially when permanent residents and US citizens are more available in the market.

“Companies are not looking for H-1B now,” Jain said. “They are building a local workforce and preferring green card holders and citizens.”

Employers may now be more likely to consider H-1B candidates only when they have immediate project needs, rather than building a longer-term bench of visa-dependent workers.

Concerns are visible in public forums used by technology workers. In one January post on Blind, an anonymous senior software engineer with seven years of experience said she had been laid off while on an H-1B visa and was “not interview-ready,” highlighting how quickly job loss can become a visa problem for H-1B workers in the US.

Junior developers face the squeeze

The combination of AI tools and tighter hiring is hitting early-career developers hardest, said Adarsh ML, a product engineer at Ather Energy who tracks global engineering hiring trends.

“Companies are increasingly looking for specialized engineers with machine learning and data science skills,” Adarsh said. “Job opportunities for people with zero to three or four years of experience are not really there anymore.”

The shift is also changing team structures, Adarsh said. Earlier, one manager may have had two or three interns and several freshers reporting to them. Now, many of those roles are being replaced by AI agents.

“Companies now want people who understand software well enough to catch the mistakes these AI agents make,” Adarsh said.

That creates a longer-term risk for the software talent pipeline.

“If companies only want people with five years of experience to manage AI agents today, who will have that experience five years from now?” he said. “There may not be enough experienced developers left.”

AI literacy becomes baseline

The impact is not the same for every role. Sophia James, an Indian software professional based in the US who works in database monitoring, said AI has not significantly changed her team’s daily workflow. But AI literacy is becoming a management expectation.

“Managers are trying to understand whether we are keeping up with the changes happening in the market,” James said. “Recently graduated students, whether BS or MS, are finding it difficult to get jobs. But people who already have jobs, like us, are not facing that much of an issue in terms of projects continuing.”

Jain also stressed that AI literacy is now becoming a baseline expectation for software developers, even outside AI-focused roles.

“Being AI-literate is a must now, even if the role is not directly in AI development,” he said. “This is like knowing Excel even if you are not from finance in the earlier era.”

Fewer developers required

Jain said AI coding tools are likely to reduce the number of developers companies need for similar tasks, making the technology deflationary for some software work.  

But Jain added the impact may not be entirely negative. Enterprises will need to invest in data, cloud, and modernization to become AI-ready, creating new work. AI could also encourage companies to build more applications internally instead of buying from SaaS providers, potentially creating opportunities for IT services firms.

The effect is already visible in hiring decisions. Nikhil Dhiman, head of engineering at CarInfo, said AI is changing the economics of early-stage software development, particularly when companies are building proofs of concept or testing new ideas.

“Some companies are very cautious now,” he said. “They want to leverage AI more and hire less. They just want to see the impact first.”

Navigating the new hiring market

Familiarity with tools such as ChatGPT and GitHub Copilot is now a baseline requirement for developers, said Sanchit Vir Gogia, chief analyst at Greyhound Research.

Developers need deeper expertise in areas such as cloud infrastructure and data engineering, as well as security and AI governance, he said. Those skills are closer to the systems enterprises need to validate and scale, rather than the routine coding work AI tools are starting to compress.

“The engineer who only produces output grows easier to replace as the output grows easier to generate,” Gogia said. “The engineer who can validate it, secure it, situate it in a real business, and stand behind the result becomes harder to replace.” For H-1B developers, he said, adaptation also requires visa planning. Developers should understand portability rules and employer sponsorship timelines before a job loss forces urgent decisions.

“A high-skilled worker has up to 60 days after a role ends, and the right to begin new employment the moment a valid portability petition is filed,” Gogia added. “The strategic error is treating that window as a safety net rather than a planning horizon.”

The article originally appeared on InfoWorld.

Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]

Over the past decade, there’s something I’ve hinted at, mentioned in passing as a part of broader discussions, and told more people than I can count privately via email and other one-on-one conversations.

And now, as the writer of the internet’s longest-standing Android column and newsletter — a fancy way of saying someone who is apparently now old as molasses — I feel like I’d be doing a disservice if I didn’t just come out and say it as prominently and plainly as possible:

There is no valid reason anyone should be buying Motorola Android devices in 2026. None.

It’s a shame, too, ’cause Motorola has a heck of a history within Android and the mobile realm in general. And, to its credit, the company does still make some impressive-looking and at times quite interesting hardware.

But the compromises that come with that package are just too serious and consequential to be forgiven. That’s been the case for some time now, truth be told — but with yet another facepalm-inducing infraction being added onto the list now, it’s time to say it loud and clear:

Please stop buying Motorola Android phones. And please join me in telling everyone you know the same thing. 

Trust me: You’ll be doing them a major favor. And here, with no punches pulled and absolutely no sugarcoating, is exactly why.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter — three new things to try every Friday and tons of other tasty treats.]

The Motorola Android compromise: Part I

I won’t beat around the bush: The most pressing reason Motorola Android phones are completely inadvisable to buy is the reason that’s been present for the longest — and that’s the company’s complete and utter disregard for even minimally acceptable post-sales software support.

It’s something I’ve noted in my data-based Android Upgrade Report Cards for more years than I can even remember at this point, and it’s almost comically consistent: Year after year, upgrade cycle after upgrade cycle, Motorola simply does not give a damn about investing the time or the money to bring current Android versions to its existing customers in anything close to a timely manner. Once you’ve forked over your phone and put away your wallet, good luck: You’ll be lucky if you get a single software update from Motorola after that, half a year to a year after the fact — and you almost certainly won’t hear a single peep from the company about the progress (or lack thereof) at any point along the way.

Motorola has managed to score an almost impressive number of back-to-back “F” scores on my annual analyses; no other Android device maker even comes close to that record. And lest you think this is purely about pokiness in providing polish and surface-level progress, remember that practically every Android software update is packed with critically important changes around privacy, security, and performance — and the way apps are able to interact with both your data and your hardware.

Running outdated software isn’t just dangerous — it’s downright irresponsible, especially if you’re a professional using your phone for business purposes but even if you’re just a regular ol’ schmoe focused purely on personal stuff. No one who understands a thing about security would ever recommend that, and that’s exactly what you’re signing up for anytime you buy a Motorola-made device.

So that’s part one, and that’s the biggest problem with Motorola’s Android products. But it isn’t the end of this tale nor the reason I was finally moved to write this missive, with the hopes that it’d eventually reach any Android-interested phone-buyers with Motorola on their minds.

Motorola’s more recent Android offenses

All update-related issues aside, the problem with Motorola’s Android products is that they make all sorts of compromises that are all about lining Motorola’s pockets at the expense of your experience.

The most recent example and the straw that broke the Android columnist’s (increasingly creaky) back is the new discovery that Motorola had seemingly been indirectly hijacking the Amazon app on its devices and sneakily injecting an affiliate code into links. The end result of such actions, according to observations published this week, is generating unearned revenue from your day-to-day purchases.

That’s an underhanded and shady-seeming practice, to say the very least. It just feels icky and ethically reckless. And clearly, what was demonstrated was intended to go unnoticed, which is always a pretty apparent sign in my mind that someone’s doing something shifty.

Following the discovery and subsequent outcry, Moto released a statement saying that the behavior was “unintended” and the result of its partnership with a company called Device Native. According to Moto, it had teamed up with that organization to develop “an app search and suggestion experience for the Moto App Launcher.” You can choose to interpret that how you will, but the reality is that Device Native is a company that exists to inject personalized, native-seeming ads directly into the core Android software experience, as its website plainly establishes — with “no user opt-in required,” allowing for easier “scale” of “monetization globally.”

A screenshot from the Device Native website.Device Native / JR Raphael, Foundry

On some level, at least, Motorola evidently decided to work with this company and integrate its ad technology into the Android experience on its phones. Regardless of whether the Amazon code injection was truly deliberate, which organization caused it to happen, and who was or wasn’t aware of the actions, Motorola opted to place this ad-serving system into the phones it was selling and to allow the company behind it to exert this kind of control over its customers’ experiences — as well as, one would imagine, likely leaning on it for other forms of invasive system-level ad integration.

And sure, maybe Moto will back down from this practice and perhaps even distance itself from the partnership entirely if the outrage grows loud enough. But does someone stopping a shady-seeming practice simply because they got caught and people complained make for the kind of company you want to trust in general?

It’s similar to the way Moto lards up its devices with so much preinstalled bloatware that you actually have to fight to get through it or — Goog forbid — remove it and reclaim the product you paid hundreds of dollars to purchase. Heck, even the company’s top-of-the-line, nearly $2,000 folding Razr Fold phone is guilty of this sin, and that’s just embarrassing for a device of that price and caliber.

Even with Motorola’s lower-level phones, though, we’re talking about devices that often cost $500 or close to that. These aren’t bottom-of-the-barrel, heavily subsidized garbage gadgets. You could get one of Google’s Pixel 10a phones for that same price or often even less — without any of the bloatware, the link-hijacking and potential ad-injecting shenanigans, or the unforgivable software support failures. You’d get a full seven years of guaranteed timely and reliable software updates, from major Android versions to monthly security patches and the quarterly feature drops that accompany those. And that’s to say nothing of the superior camera experience and other assorted advantages.

You could go with one of Samsung’s midrange models, too, imperfect as those are in their own ways, and it’d still be a massive step up from the Motorola madness.

We’ve reached a point where there really is just no comparison — and, again, no reason why anyone should be buying a Motorola phone anymore. The issue, unfortunately, is that most of the people who are buying Moto devices are the same people who aren’t reading columns like these. They’re the people who waltz into a carrier store, see whatever model is featured on the shelf or pushed by a commission-earning, partnership-promoting salesperson, and walk out with whatever caught their eye or had the best promotional pricing on that particular day.

Make no mistake about it: these types of devices give Android a bad name and propagate the myth of the entire platform being a second-rate dumping ground for “folks who can’t afford iPhones.” Android is so much more and so much better than that. You deserve so much better than that.

Plain and simple, this isn’t the Motorola of yesterday. There’s no reason to keep setting yourself up for failure when so many better options exist. At this point, there’s no excuse — and no reason to keep setting yourself up for failure when so many better options exist.

Say goodbye, Moto. And make sure everyone you know who won’t be reading this column knows why they should do the same.

Get unmatched Android insight in your inbox with my free Android Intelligence newsletter — three new things to try and zero punches pulled every Friday.

A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The rise of generative AI (genAI) technology has prompted a growing debate about the future of software-as-a-service (SaaS) business models. 

Some of the fears are overblown: enterprises are unlikely to vibe-code their own applications to replace their SaaS suppliers anytime soon, while software vendors have yet to see per-seat sales fall off due to mass automation of white-collar jobs. (In fact, some now predict the opposite will happen.)

At the same time, AI has the potential to change the way work is carried out, with AI agents empowered to interact with software applications on behalf of users. For software vendors, that could mean a future where applications are accessed less through traditional user interfaces as AI agents connect via APIs. 

It’s an inevitable shift, says Box CEO Aaron Levie, and one that requires software vendors to adapt their existing products and business models to prepare for agent workflows. 

Computerworld recently spoke with Levie about how Box — and other SaaS vendors — can adapt as agentic AI threatens to upend existing business models. (This interview has been edited for clarity.)

Discussion about a “SaaS-pocalypse” has died down recently, and software stocks have rebounded. At the same time, it seems clear the adoption of AI agents could change how workers interact with software. How can companies like Box adapt to this new environment? If AI increasingly becomes the interface users interact with, where does the long-term value lie? “People are realizing that you’re not going to rebuild a lot of the systems that people were kind of claiming you would [with vibe-coding]; it just doesn’t make sense. So, that part is sort of dissipating. However, headless software and the ability to use your systems via AI is obviously going to happen, there’s no question. 

“So, I think the conversation is shifting from ‘AI disrupts software’ to ‘AI is going to be the biggest consumer and user of software going forward.’ And for that, the main thing is: can you have a business model that allows you to actually monetize the consumption of those agents using your underlying tools? We’re fortunately built for that; we’ve had an API business model basically forever, so we’re well prepared.

“There’ll be some companies that have to pivot a little bit more significantly over time — there’s no question that will happen in a bunch of organizations. We’re big believers that AI will be the biggest user and interface for the future of software.”

How important is it for Box to retain that interaction with human workers, rather than becoming more of the underlying layer AI agents interact with? “I would say that we’re totally comfortable with that shift. When you have AI agents, you still need a place to be able to secure the data — you need to protect it, you need to govern it, you need to make sure you know who’s accessing it. None of that changes in the world of AI. In fact, if anything, it actually increases. 

“We don’t really care if it’s an agent using the data, an application using the data, a person using the data — we want to be the best content management system that connects your information to all of those applications.”

How does that perspective feed into your product development and roadmap “It basically means that we need to be a headless platform. That means customers need to be able to access their data via MCP inside of ChatGPT, inside of Claude, inside of all these systems. It means that we care as much about our APIs and access to those APIs as we now do our user experience. We have to make sure that both of those environments are as simple and clean as possible, and as usable as possible.

“It’s basically as if there’s another constituent now in our ecosystem that we have to go and pay attention to.

“We need to be the best place to manage your content, and then wherever you want to work with it from, we’re totally fine. So, if you want to work with your files from your desktop, from Claude Cowork, from ChatGPT Codex — we just want to make sure we are universally accessible across every single place that people want to work with their data.”

Could that mean changes around how you price access to your software? Do you expect a shift to usage-based pricing? “Not as much as is probably being talked about online, because seats still make sense for the employee and the end user. Even when an agent is doing work on your data, it’s still you invoking that agent. It sort of makes sense that the seat is still attached to the underlying end user employee, even though an agent is going to be doing work on your data.

“We think the seat model will be quite durable over time. What this does is just add another business model, where you have agent-only interactions; those will be primarily coming through the API, and then that will be a consumption model.”

What are your thoughts on outcome-based pricing? Is that something you look at? “We do one thing that’s close to that — we have the Box Agent that does things like data extraction. It extracts your data and we charge based on the number of pages that you want to extract data from. So there are some things that approximate outcomes, but not at the level of resolving a customer service ticket or something like that, that maybe has been talked about. We’re probably going to be more aligned to…the amount of compute that that is used.”

What are your conversations with customers around moving to a usage-based model? A lot of organizations are used to fixed monthly subscriptions — can metered AI agents become problematic? “I think it definitely can be. This is sort of a common tension in general.… We saw this with cloud computing, for instance. The difference with cloud computing is that cloud was relatively centralized, versus the use of AI and tokens are much more diffuse. That’s a big difference that companies have to think about.

“There’s always this tension: you can pre-buy and have a subscription, but then you might be overpaying for periods where you’re not using it as much. Or you can only pay for what you use, in which case you might have some volatility in the pricing of what happens.”

How are customers progressing in adopting AI agents — particularly, the move from pilot projects to production. What are some of the biggest barriers to wider deployment of agents? “We’re very much moving from coding agents to the rest of knowledge work: this is the jump that’s starting to occur. In that, one of the big questions and challenges is how companies get agents the right context and information to work with — how do they enable agents with the right level of constraints in their organization from a security and compliance standpoint? This is our kind of reason to exist, and what we’re helping our customers on.

“Overall, it’s just a transformational moment in the enterprise. Every customer that I talk to, every dinner that we have with customers, every CIO meeting I’m in, every CEO meeting I’m in, it’s all about agents.

“Agents have thrown the whole world into this kind of dynamic period of, ‘What does the shape of your organization look like? What’s the future of a manager versus an individual contributor? What are the workflows that you can go and execute on?’ There are so many different ways that this is starting to change.”

You were part of another major industry transition with the adoption of cloud computing. Are there similarities you see or major differences that customers can learn from? “The big difference between [them] is that, with cloud, you could centralize the deployment of and management of.Cloud really only affected 3% of your organization that was moving from the data center to the cloud, and then every employee got better products and experience as a result of that. The change was really kind of fairly concentrated. AI affects every single employee in the company. It’s a radically different type of transformation of what work looks like.

“There are only so many analogies you can make to cloud before quickly you realize, no, this is actually a different transformation. Maybe it’s even closer to the PC, in the sense of every single worker has to change what they’re doing to be productive. It’s not a technology delivery shift, it’s a fundamental reworking of every workflow in the enterprise. And so that’s I think what most companies are going through right now.”

Introduction

In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.

Clicking the link downloaded a ZIP archive with the following contents:

The archive contained a legitimate executable, HLS Installer.874.exe, alongside a malicious DLL. Launching the EXE triggered a DLL side-loading mechanism, injecting the malicious module into a legitimate program process and executing code within its context. The library contained the logic for deploying the miner and establishing persistence on the device.

At the time of the investigation, the infection risk was associated with two pirated video sites in the .ru and .top TLDs.

Link to previous campaigns

The current incident does not appear to be an isolated case. After analyzing the infection vector and the logic of the DLL, we concluded that this activity is a continuation of a campaign involving pirated digital libraries, which was previously described by another cybersecurity company.

The delivery mechanism for the malicious archive has remained virtually unchanged. Previously, the archive was downloaded in parts from the domain file[.]ipfs[.]us[.]69[.]mu, but this domain was unavailable at the time of our investigation. Instead, the threat actor employed a new website, urush1bar4[.]online.

The structure of the archive has also been preserved: inside is a legitimate executable and a large malicious DLL (see the screenshot below).

In the course of our research, we also discovered a blog post by NTT Security describing a similar delivery method for a malicious archive. In that instance, the threat actors displayed a fake browser crash page (shown below) while simultaneously downloading an archive to the device with a name starting with chromium-patch-nightly.

This scenario resembles the current scheme involving the fake video player plugin update. Given the previously described activity, it’s safe to assume that this campaign has been active since at least 2022. Throughout this entire period, the threat actor has been updating both the downloadable malware and individual parts of the infection mechanism.

Potential distribution scale

As in previous episodes of the campaign, infections occur via highly popular websites. As of late April 2026, sites linked to the campaign typically displayed extremely high monthly traffic. For instance, the audience for the smallest of the free digital libraries stood at 11,000 users, while the largest reached 4.7 million. For pirated movie and TV show streaming sites, this figure ranged from 2.1 million to 27.4 million. In April, the total number of visits to websites where the malware described in this study was detected reached 40 million.

The popularity of these sites increases the potential scale of the miner’s distribution. Furthermore, the campaign is not limited to a single type of platform: the malicious archive is being distributed through both online digital libraries and movie and TV show streaming sites. This broadens the potential range of victims and makes it more difficult to attribute the threat to a single infection vector.

The downloadable archive

The current version of the downloadable malware is a ZIP archive containing a legitimate EXE file and a malicious DLL. When the executable runs, the library side-loads into its process, triggering the malicious logic.

The technical analysis that follows covers the current version of this malware. This version was first observed in April 2025 and has been distributed unmodified for over a year.

DLL analysis

Most of the data inside the DLL carries no meaningful weight and was randomly generated just to inflate the file size and impede analysis.

Amidst the large volume of junk code inside the DLL, there is a single function that triggers a stack overflow during execution:

Based on the code, the size of the stackBuf buffer on the stack is only 64 bytes, and the SmashStack function overwrites this buffer without validating the length of the input data.

This overflow constructs a ROP chain that decrypts the next stage. After decryption, it transfers execution to code located within the modified DOS header of the PE file:

The header was intentionally modified to make it into valid shellcode:

pop r10 push r10 call $+5 pop rcx sub rcx, 9 mov rax, rcx add rax, 5C1000h call rax retn

This shellcode passes control to a function located at offset 0x5C1000 from the base of the PE file. This function then reflectively loads the same PE file into memory.

Going forward, we will refer to this decrypted PE file as the main module.

Main module

The module’s behavior across its different operational stages is detailed below:

The main module is a modified fork of the SilentCryptoMiner project. We have previously analyzed miners leveraging this project in other posts: Scam Information and Event Management and Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool. However, this specific fork has not been documented anywhere before, which is why we decided to break down its unique features in detail in this article.

Upon an initial run, the main module checks whether it has permission to proceed with execution. To do this, it collects the following data from the victim’s device:

• Processor information
• The serial number of the C:/ drive
• Whether the process was launched with elevated privileges
• The process start time in Unix timestamp format

The information is transmitted as a single large DNS query using the DNS tunneling technique. An example of the DNS query is shown below:

The attackers disguise the DNS query as legitimate traffic through low-level packet crafting and by using a domain name ending in microsoft.com. However, the IP address to which the query is actually sent has no relation to Microsoft.

DNS query crafting code

The execution of the main module proceeds only if the following byte sequence is detected in the response: 01 02 03 04. Following a successful check, the main module launches, and the subsequent logic is adjusted depending on whether the process has elevated privileges on the compromised host.
Let’s look at both scenarios:

1. The process is launched with elevated privileges.

In this case, preparatory steps precede the miner launch:

• The malware adds Windows Defender exclusions for EXE and DLL files, as well as for the %USERPROFILE%, %PROGRAMDATA%, and %WINDIR% folders.
• It kills Microsoft’s Malicious Software Removal Tool (MSRT) by calling ZwSetInformationFile with the FileDispositionInformation type, which causes the mrt.exe file to be deleted upon closing. To prevent MSRT from being automatically installed during the next update, the DontOfferThroughWUAU parameter is created with a value of 1 under the HKLM\Software\Policies\Microsoft\MRT registry key.
• Automatic hibernation and sleep mode are disabled for when the device is running on both AC power and battery.

powercfg /x -hibernate-timeout-ac 0 powercfg /x -hibernate-timeout-dc 0 powercfg /x -standby-timeout-ac 0 powercfg /x -standby-timeout-dc 0

This is done to maximize the miner’s potential runtime on the device.

Next, to achieve persistence, a copy is created in the C:\ProgramData\Google\Chrome directory, after which the GoogleUpdateTaskMachineQC service is registered and configured to launch automatically at system startup.

Finally, four reflexive loads are executed: the components are injected directly into the memory of the target processes without writing to disk, having bypassed standard Windows loading mechanisms. Each implant is injected into its own host process:

• RAT agent → into conhost.exe
• Watchdog → into explorer.exe
• CPU miner → into explorer.exe
• GPU miner → into explorer.exe, but only if a discrete GPU is present in the system. This is verified by enumerating all display adapters in the system.

2. The process is launched with standard privileges.

In this scenario, the miner begins repeatedly triggering User Account Control (UAC) prompts until it is successfully executed with elevated privileges. The workflow is as follows:

1. Upon initial execution, a copy is made to the %USERPROFILE%\AppData\Roaming\Sandboxie directory and relaunched from there. Simultaneously, an attempt is made to launch it with elevated privileges via UAC.
2. If execution occurs from the Sandboxie folder:

• Persistence is configured for the miner copy in this folder by adding an entry to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
• Every three minutes, an attempt is made to launch with elevated privileges via UAC until the GoogleUpdateTaskMachineQC service is successfully installed.

A successful installation requires all of the following conditions to be met:

1. The GoogleUpdateTaskMachineQC service exists in the system.
2. The Start value for this service is set to 2 (Automatic).
3. The ImagePath value points to a file in the C:\ProgramData\Google\Chrome folder.
4. This file exists on disk.

Watchdog

The purpose of this component is to ensure the uninterrupted operation of the miner. At the very beginning of its execution, it copies all files from the C:\ProgramData\Google\Chrome folder and encrypts the contents of each file using a cyclic XOR algorithm with the key AFeIboiOmImJS2ypJU0pTpAO61SELkUc. After that, the encrypted contents are written into the process memory, and the following structure is created in memory for each file:

class FileContainer{ wchar_t* fullPath; // full path to file size_t* ptrSize; // pointer to file size uint8_t* xorEncryptedFile; //pointer to buffer containing encrypted file contents };

As soon as the contents of all files are saved in memory, Watchdog enters an infinite loop, where every five seconds, it checks the integrity of the installed GoogleUpdateTaskMachineQC service, just as the main module does. If the service is found to be incorrectly installed, the miner overwrites its files in the C:\ProgramData\Google\Chrome path with the contents acquired at startup.

To successfully remediate the miner, this module, which runs inside the explorer.exe process, must be terminated first.

RAT agent

This module provides remote control capabilities via four commands, which are described at the end of this section. The command-and-control addresses used to receive these commands follow this format:

• http://{domain}.space/index.php?authorization=1
• http://{domain}.site/index.php? backup version

The {domain} is calculated based on the current date. The process starts with the current year, then adds the zone identifier for the current month. All 12 months are divided into four zones. Finally, the word microsoft is appended to the resulting string. This final string is used as the input for subsequent double hashing using the MurmurHash64 algorithm. The hash output is the domain for the implant to communicate with.

At the time of writing this, the following domains were registered:

• 2025, April-July → 5d14vnfb[.]space
• 2025, August-November → r7mvjl67[.]space
• 2025, December → zgj1tam9[.]space
• 2026, January-March → jeaw520i[.]space
• 2026, April–July → qdmagva5[.]space

An example of a request to the C2 server is provided below:

As can be seen, the request contains an encrypted body consisting of data encrypted via AES-CBC with the key 0123456789abcdef0123456789abcdef and the initialization vector 000102030405060708090a0b0c0d0e0f. The data contains a list of installed programs on the system, along with processor information and the serial number of the C: drive.

This information is likely used by the backend to check for virtual or debugging environments.

The first 16 bytes of the server response body represent the initialization vector for the AES-CBC algorithm with the key 0123456789abcdef0123456789abcdef, while the remaining bytes are the data encrypted with this algorithm. The decrypted data contains a malicious payload, as well as its RSA-SHA256 signature (sign):

struct PLAINTEXT{ uint32_t len_payload; uint8_t payload[len_payload]; uint32_t len_sign; uint8_t sign[len_signature]; }

The authenticity of the message is verified via the sign signature using the server’s public key, which is embedded in the executable.

Inside the malicious payload is a 4-byte code that determines the subsequent behavior of the program, along with additional data whose meaning depends on the code.

The table below lists the four remote control commands for the RAT agent module.

Code Purpose 1 Execution of an arbitrary command 2 Reflexive execution of the provided PE file within the explorer.exe process 3 Execution of the provided shellcode 4 Exit The miners

Depending on whether a discrete GPU is present in the system, either the CPU miner alone or a combination of the CPU and GPU miners is launched. The CPU miner is based on XMRig, while the GPU miner supports multiple algorithms.

Upon initial execution, both miners attempt to retrieve their startup configuration from a remote server. The potential addresses are listed below:

• “{domain}.strangled.net”
• “{domain}.ignorelist.com”
• “{domain}.ftp.sh”
• “{domain}.zanity.net”

As with the RAT agent component, the server address is generated from the current date — in this case, the server address changes every week. This results in quite a large number of domains for the 2020–2030 period; however, all of them point to the same IP address: 107[.]172[.]212[.]235. The first available domain out of the four potential domains listed above will be used.

The algorithm for retrieving the configuration from the server is completely identical to that used by the RAT agent, with the sole exception that th1s1sth3key0f4n1ntere5t1ngw0rld is used as the AES-CBC key in this scenario, and the configuration resides within the payload. The retrieved configuration is encrypted via AES-CBC using the key UXUUXUUXUUCommandULineUUXUUXUUXU and the initialization vector UUCommandULineUU. The encrypted data is then converted into a base64 string, which is passed as a command-line parameter to launch the miner inside the explorer.exe process through process hollowing.

Conclusion

Our investigation focused on an ongoing campaign distributing miners via popular illegal content sites. The threat actors leverage a variety of sites, ranging from online libraries to movie and TV show streaming platforms. There is no telling what channels they will use to distribute the malicious archive in the future. However, the current case shows that users visiting pirated websites continue to take a serious risk.

Our products detect this malware with the following Generic verdicts:

• HEUR:Trojan.Win64.DllHijack.gen
• MEM:Trojan.Win32.SEPEH.gen

Indicators of Compromise

Malicious archive download URL
urush1bar4[.]online

Malicious DLL libraries:
6A0FE6065D76715FEEBC1526D456DB73
7F624407AE489324E96A708A09C17E6F
02A43B3423367B9DDDC24CC7DFC070DF

RAT C&C:
5d14vnfb[.]space
r7mvjl67[.]space
zgj1tam9[.]space
jeaw520i[.]space
qdmagva5[.]space

Configuration retrieval address
107[.]172[.]212[.]235

UnamWebPanel control panel addresses
m4yuri[.]online
kristina[.]quest

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns.

The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United Services Institute (RUSI), a UK-based defense and security think tank, defines PF as the use of funds or financial services to acquire, develop or otherwise deal in weapons of mass destruction (WMD). It states, “North Korea and Iran are now developing and deploying AI models to aid with sanctions evasion activities.”

Key findings include the fact that AI is now capable of mass producing high-quality fraudulent documents, as well as automating what the report describes as “the administrative minutia of managing extensive shell company  networks.” AI powered systems, it states, can also “analyze blockchain patterns in real time to dynamically adjust cryptocurrency mixing strategies, effectively evading detection tools.”

In addition, it says, “[tools such as generative AI] which can produce sophisticated fraudulent identification documents, for example, have helped North Korea perpetrate phishing attacks against Western companies.”

Dr. Aaron Arnold, senior associate fellow with the Centre for Finance and Security at RUSI, who authored the paper, said in an email that what prompted it was an uptick over the last year in North Korea’s use of AI to facilitate and enhance its cyber operations, in the form of phishing schemes designed to generate revenue for the country’s ballistic missile and nuclear weapons programs.

He advised enterprise IT managers who need to protect their organizations from becoming victims of sanction evasion activities that “[it] means largely adapting to a landscape where traditional human-focused security boundaries are being bypassed by automated technologies.”

For IT managers, said Arnold, “this might entail incorporating defensive AI, the use of behavior-based analytics, using ‘circuit breakers’ when there is heavy use of API or MCPs, updating personnel training, and hardening identity verification, especially for any remote hiring.” 

Distinction between AI-assisted and AI-enabled activity is ‘central’

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the RUSI report matters “because it names the right structural shift. AI is not creating sanctions evasion from thin air, it is compressing and scaling methods that already work.”

He pointed out that none of the sanction-evading techniques such as fraudulent documents, synthetic identities, shell companies, hidden beneficial ownership, crypto laundering, and others are new. “What changes is the speed, quality, volume and coordination with which these methods can now be assembled,” he said.

According to Gogia, “the distinction between AI-assisted and AI-enabled activity is central. AI-assisted evasion uses AI for discrete tasks: writing a better email, producing a cleaner document, generating a stronger false profile, translating a pitch, summarizing regulations or preparing a plausible job application. AI-enabled evasion is more serious.”

A ‘structural asymmetry’

This tactic, he said, “begins to coordinate the system itself. It links identity, documents, ownership structures, payment routes, cloud access, crypto wallets, API calls and timing. The difference is not whether AI helps someone fake a document. The difference is whether AI begins to orchestrate the deception.”

That is why the report’s findings should worry enterprise leaders, he noted: “Many organizations still assume the bad actor is mostly human, mostly linear and mostly slow. That assumption is expiring. AI lets adversaries run more attempts, with fewer errors, across more channels, in more languages, with better paperwork and greater patience than most enterprise review processes can absorb. This is not a tale of genius criminals discovering magic. It is the story of ordinary controls meeting industrialized plausibility.”

The evidence today, he pointed out, is strongest around tactics such as identity fraud, document fraud, synthetic personas, remote-worker deception, phishing, social engineering, crypto obfuscation and workflow abuse. “Fully autonomous evasion networks sit on the horizon,” he said. “They are serious, but they are not yet the everyday baseline.”

This distinction matters, said Gogia: “If enterprises obsess over cinematic autonomous agent scenarios while leaving remote hiring, vendor onboarding, payment approvals, and document review full of holes, they will lose in the most prosaic way imaginable.”

The report, he said, also gets the “asymmetry” right. “Offensive actors can learn across the ecosystem,” he said. “They can scrape open information, reuse leaked records, study enforcement patterns, test onboarding forms, inspect public procurement data, watch court filings, probe compliance thresholds and [use the information to] refine their behavior.”

Defenders, by contrast, are hemmed in by privacy rules, fragmented data, explainability requirements, jurisdictional boundaries, conservative operating models and siloed technology estates. “Offensive AI learns broadly,” he said. “Defensive AI often learns from fragments. That is the structural asymmetry.”

He explained that the regulatory landscape also amplifies the problem, in that regulatory bodies “still speak in separate dialects. [For example] the EU AI Act pushes organizations toward stronger obligations for high-risk AI. NIST-style frameworks push risk management, transparency, and governance.”

A trust architecture problem

Financial Action Task Force (FATF) expectations push national risk assessment and counter-proliferation controls, he noted, while banking regulators focus on model risk, accountability and operational resilience. “None of these streams is irrelevant. The trouble is that criminals do not organize themselves around regulatory workstreams. They organize around outcomes.”

What that means, said Gogia, “is that enterprise cannot wait for a clean global rulebook. It will not arrive in time. CIOs, CISOs, compliance officers and boards need a working governance model now. They need privacy-preserving analytics, controlled data environments, audit trails, legal safeguards and clear model-risk accountability.”

He said that enterprise IT managers should treat the situation as a trust architecture problem rather than a narrow sanctions-screening problem. “The uncomfortable truth is that AI is not simply helping bad actors write better phishing emails or forge tidier documents,” he noted. “It is helping them manufacture legitimacy across a chain of enterprise workflows.”

Likely outcome an ‘AI arms race’

Report author Arnold also noted that there are signs that cyber criminals have discovered new AI technologies and abilities that legitimate enterprises could adopt for legitimate applications.

History, he said, “is replete with [criminals] developing novel solutions to tough problems, [which are] later adopted by law enforcement. Much of our anti-financial crime policy is effectively a response to bad actors exploiting systems or using technology in novel ways to perpetrate crimes. In this scenario, I think an ‘AI arms race’ between enforcement authorities and bad actors is the most likely outcome.”

Gogia added, “the baddies are not teaching enterprises how to invent AI. They are teaching enterprises where trust is leaking. That is the lesson worth taking seriously.”

This article originally appeared on CIO.com.

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]

Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.

A side channel based on contention

The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.

Read full article

Comments

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. TheRavie Lakshmananhttp://www.blogger.com/profile/[email protected]