Kategorie

The European Commission is now investigating whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images. [...]

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

OpenAI’s GPT-5.2 Pro does better at solving sophisticated math problems than older versions of the company’s top large language model, according to a new study by Epoch AI, a non-profit research institute.

GPT-5.2 Pro solved four problems that had been too difficult for any other AI models to solve, and of the 13 problems that any other model had previously solved, it was able to solve 11, Epoch reported.

This means GPT-5.2 Pro had solved 31% of Epoch AI’s challenges, a rise from the previous score best of 19%.

Math problems have long proven difficult for AI. Scientists have speculated that this could be because AI systems can’t recognize their own limitations, while others have surmised that the issue is that AI are focused on language and not on numbers, leading to a few stumbles along the way. 

The Epoch AI experiment has demonstrated that AI is becoming more adept at some of the trickier math issues. In the test, GPT-5.2 Pro was presented with problems from various branches of math.

Joel Hass, a professor in the department of mathematics at University of California, Davis, contributed one of the problems solved by GPT-5.2 Pro. He told Epoch AI he was impressed with the way it cracked his topological challenge.  “GPT-5.2 Pro solved the problem with correct reasoning. Notably it was able to recognize the specific geometry of a surface defined by a polynomial in the problem statement,” he said.

Number theorist Ken Ono of the University of Virginia contributed another of the problems. He said that the AI model had “understood the essential theoretical trick and executed the necessary computations” to solve it, but added, “If it was a PhD student I would award only 6/10 for rigor due to missing details.”

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. [...]

Microsoft gave Windows users’ BitLocker encryption keys for to US law enforcement officers, providing access to encrypted data, according to a news report.

The US Federal Bureau of Investigation approached Microsoft with a search warrant in early 2025, seeking keys to unlock encrypted data stored on three laptops in a case of alleged fraud involving the COVID unemployment assistance program in Guam. As the keys were stored on a Microsoft server, Microsoft adhered to the legal order and handed over the encryption keys, Forbes reported on Friday.

Microsoft did not immediately respond to a request for comment.

There have been instances in the past where the big tech companies were approached by law enforcement for access to devices but have resisted handing encryption keys to authorities.

BitLocker is a widely used tool for securing data at rest, whether by individuals or enterprises managing hundreds or thousands of Windows devices. By default, many Windows installations back up BitLocker recovery keys to Microsoft’s cloud services, where Microsoft can retrieve them if legally compelled with a valid order.

Custody issue, not BitLocker

BitLocker is designed to provide encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. As BitLocker is bunded with Windows 10 and Windows 11, it has effectively become the default full-disk encryption layer across Windows endpoints, say experts.

“BitLocker itself does not fail here. The software does what it is built to do, encrypts the disk, integrates into Windows, allows for easy recovery,” said Sanchit Vir Gogia, chief analyst at Greyhound Research.

While the encryption of BitLocker is robust, enterprises need to be mindful of who has custody of the keys, as this case illustrates.

“The encryption engine in BitLocker, using AES-128 or AES-256 in XTS mode, is built to resist modern cryptanalysis. Even the US Department of Homeland Security has admitted they lack the forensic tooling to break it directly. However, most enterprise fleets running Windows use tools like Intune and Autopilot to roll out and manage devices. In that flow, unless explicitly disabled, recovery keys are automatically backed up to Microsoft Entra ID. These keys are then viewable via the admin centre or retrievable through scripts,” Gogia said.

Where most enterprises go wrong

Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.

The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even if stored in corporate-controlled directory or service such as Microsoft Entra ID or Intune, there should be strong governance on who can read the keys, with effective logging and just-in-time access, said Amit Jaju, a global partner at Ankura Consulting. This can cut Microsoft out of the recovery loop, he said.

If keys have to reside in Microsoft’s cloud, use strong multi-factor authentication for admin roles, with conditional access and privileged-access workstations so a compromise of admin credentials does not automatically become a compromise of all keys, he said.

Enterprises should ensure strict access control and separation of duties. “Only a small, vetted group such as security operations, endpoint engineering, should have rights to view or export recovery keys. Approvals should be workflow-based, not ad hoc. Every key retrieval should leave an auditable, immutable trail, and ideally be tied to an incident or ticket ID,” said Jaju.

CISOs should also ensure that when devices are repurposed, decommissioned, or moved across jurisdictions, keys should be regenerated as part of the workflow to ensure old keys cannot be used.

Gogia warned of the long tail of insecure setups. Personal accounts linked during provisioning, or BYOD devices that silently sync keys to consumer dashboards, are invisible pathways for leakage. “If those keys sit outside your boundary, you no longer have a clean chain of custody. That’s not a theoretical risk. It’s something auditors are now actively checking,” he said.

As many breaches are not cryptographic but procedural, enterprises should have a formal playbook for when a recovery key can be used (lost PIN, internal investigation with legal approval, lawful order) and when it cannot (informal manager request to access an employee’s data), noted Jaju.

Geopolitics reshaping enterprise data and key control

Geopolitical tensions are also reshaping global trade and technology policies, something enterprises increasingly need to factor into their security strategies. As governments assert greater control over data, trade secrets and proprietary information risk becoming entangled in broader state interests.

Gogia warned, “The US CLOUD Act allows law enforcement to compel US-based providers to hand over data and keys, even if that data is hosted in Europe or Asia. Similarly, Chinese data localisation rules require keys and data to be accessible to state regulators. In India, recent legislation has introduced broad access rights for security agencies. And the EU is debating whether sovereignty must include key custody by design, not just data residency.”

If recovery keys are stored with a cloud provider, that provider may be compelled, at least in its home jurisdiction, to hand them over under lawful order, even if the data subject or company is elsewhere without notifying the company. This becomes even more critical from the point of view of a pharma company, semiconductor firm, defence contractor, or critical-infrastructure operator, as it exposes them to risks such as exposure of trade secrets in cross‑border investigations.

Jaju added, “Enterprises should assume that where keys are held, they can potentially be compelled. So where practical, ensure that the entities controlling keys are legally anchored in the jurisdiction whose laws and due-process standards you trust most. Establish board-level oversight on cross-border data access, including a register of government data-access requests, where legally permitted. For multinational companies, legal and security teams must work together to understand mutual legal-assistance treaties, CLOUD Act implications, and local interception laws.”

Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. [...]

Outlook users have reported difficulties with Microsoft’s January Patch Tuesday updates, forcing Microsoft, once again, to patch some of its patches.

Users reported that, after applying the January 13 Windows updates, some applications became unresponsive or encountered unexpected errors when opening files from or saving files to cloud-based storage such as OneDrive or Dropbox. In particular, certain Microsoft Outlook configurations with the PST file containing a users’ messages stored on OneDrive could cause Outlook to hang or lead to sent messages going missing or previously downloaded emails being re‑downloaded.

In response, Microsoft has issued a bunch of out-of-band emergency updates for Windows 11 and 10 and Windows Server 2019, 2022, and 2025 to solve the problem.

This is not the first time that Microsoft has had to issue a patch for a patch. Just last week, it had to react when it inadvertently introduced two new bugs: an inability to connect to Windows Cloud PCs and an inability to shut down some machines with Secure Launch enabled. Prior to that, in October 2025, a patch caused a multitude of different issues, while in May 2025 Microsoft had to issue an out-of-band patch to fix a Windows 11 start-up failure.

Microsoft said the latest out-of-band updates are cumulative and include security fixes and improvements from the January 13, 2026, security update (KB5074109) and the out-of-band update (KB5077744) from January 17, 2026.

While Apple CEO Tim Cook spent an evening at the movies, Bloomberg reported that his company intends to introduce a much-improved, Google Gemini-boosted AI in February, following this with an even bigger upgrade later this year.

We’ve heard much of this before; what’s new is the timing. (The partnership envisions Google Gemini integrated within Apple’s Foundation Models.)

Beta testing from February

The initial beta upgrade is scheduled to ship with iOS 26.4 in the second half of February, Bloomberg said. If everything goes as expected during beta testing, the software should ship for real in March or April. 

The company is then expected to announce an even bigger upgrade to Siri at WWDC in June, when Apple unveils its next iPhone OS — iOS 27, which is due out in the fall. This will turn Siri into a smart, conversational chatbot.

We all understand why the partnership between Apple and Google is happening: The iPhone maker encountered big problems in its own AI development, and while a lot of heads have rolled since then, it clearly needed to reach a deal to expedite its platform embrace of artificial intelligence. 

The company’s failure to introduce an AI-enabled Siri in 2024 is something it knows a billion customers are aware of, with millions now making regular use of the array of generative AI (genAI) services already out there. With 73% of CIOs saying Macs are already in use to run AI in the enterprise, Apple wants to meet the needs of that particular audience.

Getting it right

With platforms that have arguably become the best devices on which to run and build AI, Apple is under great pressure to prove it can also provide AI services people will trust and use, while retaining the essential simplicity of the Apple user experience.

For good or ill, the importance of AI will only grow in the coming years, meaning Apple is under serious pressure not just to deliver something good, but also to deliver something that satisfies expectations. The millions who have waited since 2024 for some of the promised Siri features will be less likely to forgive the company if it ships anything unremarkable. This is a high-pressure moment that could even be existentially decisive for the firm.

It’s possible those high stakes will work in Apple’s favor. That’s because the long wait and wide reporting of problems Apple faced, which means that interest in whatever it does come up with will be very high.

Will this AI make or break Apple?

We don’t know yet whether people will rush to install iOS 26.4, however. We’ve heard reports that interest in iOS 26 may be lower than normal, which possibly reflects reluctance to embrace the Liquid Glass UI.

It is true that many people are curious about AI — even in Europe, 37.2% of the population has used genAI tools. All the same, not everyone is completely enthusiastic, fearing it further entrenches the power of Big Tech while decimating employment prospects. 

Within this environment, initial reactions to what Apple delivers are important because many users may be cautious about the upgrade. As a result, initial reactions from the media and early adopters could make or break Apple’s new Google Gemini partnership.

Ultimately the world will be waiting to see whether this is an Apple Maps moment, or the something closer to the unveiling of the first Mac. 

We’re about to find out.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. [...]

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. [...]

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade [email protected]

AI assistants and more advanced agent-based tools are gaining visibility in the workplace, even as most organizations remain cautious about deploying them at scale. Analysts say that might change as the technology matures, but only if businesses address persistent challenges around security, governance, and trust.

A Gallup poll in November showed that just 18% of US workers use AI tools on a weekly basis, and just 8% use AI daily, highlighting its still limited use in the workplace. A separate PwC survey of 50,000 workers globally found similar results: 14% of respondents use generative AI (genAI) daily, while 6% interact with AI agents each day. 

Even so, analysts envision some organizations moving beyond pilot projects in the near future. When it comes to AI in collaboration software applications, Irwin Lazar, principal analyst at Metrigy, sees signs that businesses intend to move more aggressively from experimentation to broader adoption this year. 

Lazar said companies increasingly fear falling behind if they fail to adopt the technology, particularly given its potential to streamline collaboration and save time. “I expect you’ll see a large movement into real-world adoption, whereas last year it was more about pilots and trying to figure out how do we deploy successfully?”

“Adoption is picking up,” said Ethan Ray, senior analyst at 451 Research, part of S&P Global Market Intelligence. The research firm found that more than half of enterprises already have agents in production or testing, and organizational integration of genAI use is expected to jump from 27% to 40% within the next 12 months. That, he said, assumes businesses can overcome nagging deployment challenges.  

“Progress will depend on building trust as leaders need strong governance, observability, and security controls, because top concerns are data privacy, accuracy, and reliability,” said Ray. 

AI assistants still struggle to scale in the workplace

Even with a wide range of AI tools available to workers, deployments have been limited so far. Take Microsoft 365 (M365) Copilot, for example: two years after its full launch, businesses remain slow to adopt the AI assistant.

“Despite the hype, Microsoft has really struggled to make huge headway in terms of deploying it at scale,” Max Goss, senior director analyst at Gartner, said at the Gartner IT Symposium/Expo in Barcelona in November. 

An audience poll during Goss’s presentation showed that most either remain in pilot deployments or have rolled out to a small group of less than 20% of employees. Few have deployed M365 Copilot widely across their workforce, mirroring the broader pattern of business adoption Gartner has noted, said Goss. 

Several factors have slowed wider adoption, including security and governance worries, and the need to train staffers to use the AI assistant. An unclear ROI case has also put the brakes on any expansion plans and is having “real impact on Copilot adoption” when it comes to larger rollouts, said Goss. 

Still, business interest in M365 Copilot remains high, he said, an indication that Microsoft’s marketing efforts are paying off in some ways. A Gartner survey showed that IT leaders’ priorities for AI assistants over the next 12 months largely center around M365 Copilot, both for the paid version (86%) and the free Copilot Chat (68%).

Businesses are interested in other AI assistants too: 56% of IT leaders plan to roll out OpenAI’s ChatGPT to staff, according to Gartner data, with Google’s Gemini, Anthropic’s Claude, and Amazon’s Q also piquing interest. 

In fact, most organizations are looking at multiple AI assistants. Only 8% are focused  on a single tool, with an average of at least three enterprise AI assistants in use at surveyed organizations. “The AI race is still very much on, and Microsoft has genuine competition,” said Goss.

AI tools start to mature

While customers are cautious, software vendors continue to add AI features into their products. Almost every vendor in the collaboration software market has an agent offering at this point, said Lazar. 

“They’re going from standalone agents [where] you have to build capabilities, to agents that are already available within the applications,” said Lazar. This includes off-the-shelf agents that users can select for tasks such as project management, sales management, or IT service desk support. Customers only need to grant access to relevant data and set governance rules before putting the agent into use.

“Now you’re really starting to see this agentic era start to move forward, at least from the vendor standpoint,” he said. 

“In 2026, vendors will move past just adding assistants and start building features that make agents reliable, explainable, and easy to govern,” said Ray. He expects more focus on “things like memory (so agents remember context), transparency in decision-making, and guardrails for safety.” 

Agents get connected  

One development that could enhance the usefulness of agents is the ability for AI assistants to interact with each other. 

Employees can get frustrated with AI tools that are confined to a single app, which is at odds with the way employees work. “Work doesn’t live in one software tool,” said Will McKeon-White, senior analyst at Forrester. “I suspect most platforms have now realized the need for multi-vendor, multi-agent orchestration.” 

To address this challenge, tech companies have been finding ways to simplify communication between agents — most notably turning to Anthropic’s model context protocol (MCP) and Google’s Agent2Agent (A2A) protocol.

MCP servers have been built into a wide variety of collaboration and productivity tools already. “Vendors have realized they can’t own everything, and so they’re building MCP servers to essentially federate the data they have with other AIs,” said Lazar. 

The use of MCP servers could change how employees interact with collaboration and productivity tools, he said, by allowing businesses to choose a primary AI model and pull in data from multiple sources. “It saves the user from having to move back and forth between applications in order to do things like summarize chats or get a pulse on what’s happening in the company,” said Lazar. 

Security and governance

Alongside the potential benefits, the use of MCP also introduces new security risks.  

“The big concern I hear when I talk to folks is related to security of MCP servers,” said Lazar. “They will be the number one target for attack as they become more widely available, because that’s the gateway to enterprise data.” 

For attackers, MCP servers present a “target-rich environment,” whether for data exfiltration or data poisoning. “If there’s any limitation on deployment, that’s going to be what people are concerned about,” he said.

In his presentation, Goss said security and governance will continue to be key considerations for IT decision-makers rolling out M365 Copilot, though the challenges continue to evolve.

Oversharing – where M365 Copilot surfaces sensitive corporate data to users not authorized to have the information — remains a priority, for instance. Other risks have emerged, with “agent sprawl” becoming a notable topic in 2025 as businesses deploy agents and workers build their own. 

In 2026, he said “multimodel agent sprawl” could be an emerging issue for M365, as Microsoft offers the option to connect its AI assistant to a wider range of models, notably Anthropic’s, as it moves beyond OpenAI as its main partner. 

“When Microsoft integrated Anthropic, they took the decision not to host an Anthropic model: that model is still in the AWS environment,” he said. “As Microsoft onboards more models, it’s going to be very difficult for them to host them all and do what they’ve done with with OpenAI. So, we’re now going to have to start to think about: how do we manage agents and models that are outside of the Microsoft trust boundary, as well as the ones that are within? What do you do about that? What strategy should you have?” 

He recommended that organizations use “adaptive governance” to manage agents, setting the level of governance controls in relation to the level of risk. This approach enables the creation of a “self-governed, safe zone where users can create low-risk agents using Copilot Studio or other tools that will help them improve their productivity without exposing you to risk,” he said.

Goss said governance concerns shouldn’t be a reason to avoid deploying AI assistants or agents. “For me, governance is the ultimate enabler of AI — but we’ve got to get it right, and we’ve got to spend some time on it,” he said. “While the value around Copilot is still a little bit mixed, it’s a perfect time to think about how we get the foundations in place. Because I think there will come a tipping point…where most people are deploying Copilot at scale.

“…We’re not there yet, so it’s a great opportunity to fix the foundations.”

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, CheckRavie Lakshmananhttp://www.blogger.com/profile/[email protected]