Kategorie

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

As PC vendors continue to launch multiple variations of AI PCs, the promises of Microsoft Copilot and Copilot+ PCs have demonstrated little relevance to enterprises, who have yet to see enough use cases to justify the purchase. However, Lenovo is trying to change that with its own AI assistant, AI Now.

Based on Meta’s Llama 3.0, Lenovo AI Now is a small language model that focuses on a limited number of tasks such as document organization and device management, but does it locally, so users don’t have to worry about exposing their data to the outside world and tasks such as document summaries can be done even on an airplane, without an internet connection.

[ Related: More AI PC news and insights ]

The inspiration for AI Now comes from Copilot’s limited success as a PC assistant. “I think at the launch of Copilot in June last year, there was a promise of more, and they had to pull back. I think it’s going to take some time for us to see wide-scale deployment, especially for some of the features like Recall, which they [Microsoft] showed and then came back off of,” said Tom Butler, VP for worldwide commercial portfolio and product management at Lenovo.

“For AI Now, we have used a very focused local model experience. We’re not trying to be cloud. We’re demonstrating just really two things. One is the knowledge assistant, which uses your personal knowledge base; you put specific sets of files, documents into that knowledge base. Then you can run queries, comparisons, summarizations, and work through just that set of documents,” Butler said.

The other aspect is that of a PC assistant that the user can instruct to change their PC settings without having to navigate the Settings app, by simply telling it, for example, “turn on dark mode.”

Challenges with Copilot+ PCs

Privacy issues related to Microsoft Recall, which was touted as one of the key use cases for a Microsoft Copilot+ PC over a typical AI PC, have put a dent in Microsoft’s positioning, said Udit Singh, vice president, Everest Group.

“As such, the business case for Microsoft Copilot+ is weak today. However, this is not uncommon with Microsoft, as it has a tendency to start with a weak business case initially, but then beef up its offering over time,” Singh said.

Other experts also struggle to see why enterprises would want to buy an AI PC. “At this stage, AI PCs do not offer enough compelling value to justify large-scale investment, particularly for enterprises with existing AI capabilities in cloud or data center environments,” said Eric Helmer, CTO at Rimini Street. “Many AI workloads can already be effectively managed without requiring a dedicated neural processing unit (NPU) on every employee’s device.”

As many enterprises are already cautious with IT spending, initiatives that provide immediate and measurable ROI will remain their priority. Helmer pointed out that investing in AI PCs today could mean paying a premium for capabilities that may soon become accessible through standard hardware and software advancements. “Instead of reacting to vendor-driven cycles, CIOs should assess whether AI PCs align with their broader IT modernization strategies and whether the investment makes sense given their organization’s specific needs,” he said.

PC vendors like Lenovo are moving in the right direction by developing on-device AI solutions, arguably the most secure form of genAI, said Himani Reddy, PC research manager at Canalys.

“This approach addresses enterprises’ top concern: data privacy,” Reddy argued. “At this stage, the market has limited options, and consumers must choose to either adopt the available solutions or wait for future developments. Unless vendors develop their own personal AI for PCs, like Lenovo’s aggressive push in AI with applications like ‘AI Now’ and HP’s ‘AI Companion,’ Copilot+ PC remains the primary option. Although there are privacy concerns associated with Copilot, it remains a more secure option compared to publicly available generative AI models, which enterprises may be hesitant to adopt.”

Move to agentic AI

While Lenovo’s entry into the AI PC world has started with a localized AI assistant, the company plans to transform this into a platform that will allow enterprises to choose from multiple LLMs and agentic AI offerings from vendors such as OpenAI, Meta, or even DeepSeek.

“When you think of the North Star vision that we have as a company, we have two statements. One is smarter AI for all; we want to deliver this at every price point,” Butler said.

The other thing that Lenovo is trying to achieve is to turn the PC into the digital twin of the user. “If each of these devices is operating as our bespoke, unique voice, our digital twin, and I can go ask AI Now, ‘plan my flight to the US,’ and it just goes off and does that for me, that time saving can be immense,” Butler said.

To create the digital twin, Lenovo plans to take the agentic AI path. With agentic AI, Butler said, AI Now will move from being merely a personal assistant to a digital twin that can extract the maximum value out of the hardware.

Butler said that Lenovo is working with multiple software vendors to integrate more LLMs and AI agents to make the digital twin a reality.

Changes to Intel’s executive management team by its new CEO, after just over a month on the job, is proof of the sense of urgency in the company to act quickly to compete with rivals Nvidia, AMD, and TSMC, an industry analyst said Monday.

Mario Morales, group vice president, enabling technologies and semiconductors at IDC, was responding to a recent Reuters report in which, according to a memo it quoted from by new Intel CEO Lip-Bu Tan, “networking chip chief” Sachin Katti has been promoted to the role of “chief technology officer and artificial intelligence chief.”

In the memo, Tan stated that the company’s data center and AI chip group, and its personal computer chip group, would report to him directly, not as before to Michelle Johnson Holthaus, who will take on new responsibilities.

Reuters reported that Tan wrote, “I want to roll up my sleeves with the engineering and product teams so I can learn what’s needed to strengthen our solutions. As Michelle and I drive this work, we plan to evolve and expand her role, with more details to come in the future.”

Morales said the appointment of Katti, who previously was vice president and general manager of the Network and Edge Group (NEX) at Intel, is a good move, because “it tells us that that Intel needs to really rebalance and focus on AI, because that’s where we’re seeing the most rapid growth for the semiconductor market as a whole. That’s probably the area that has the biggest gap in terms of Intel versus its competition.”

Scott Bickley, advisory fellow at Info-Tech Research Group,added, “Intel is facing a monumental uphill battle. After completely opting out of the mobile and AI chip design innovation waves, they are now faced with a slumping x86 legacy CPU business coupled with their high-risk strategy to move to a sub-2nm design produced in their fabs.”

He pointed out that this “includes new process technologies such as Gate All Around [GAA] processing and backside power delivery that have yet to be proven at scale. It would be somewhat of a miracle to expect Intel to leapfrog both Nvidia and their fab partner, TSMC, in the AI space. Even if these new chips are successful in terms of design and performance, they may be a product in search of a market.”

It is possible, said Bickley, that “Intel could seek to be the fab of choice for the hyperscalers if they can bend the cost-for-performance curve, but that is a longshot and likely to only garner a fraction of this market. Intel’s best hope is a paradigm shift to whatever is post-AI chip architecture … they are not in an enviable position.”

Morales added that giving more power to Intel engineers is important, since the company has “lost its way,” and the move should help the organization start making the changes that it needs to make.

Now, he said, there is a need for Intel to act more quickly, adding that when Tan spoke at the recent Intel Vision conference in Las Vegas, he presented with a “humbleness and integrity that I think resonated with a lot of partners and developers there, but you can see that he needs to make these moves very quickly. He is basically a month into the role and already making management changes, and I think you are going to see more announcements later this week when they announce their earnings.”

Morales said he would be not surprised to see more employee attrition, because when it comes to revenue per employee, “it is not as good as the competition.”

Alvin Nguyen, senior analyst at Forrester, said that while having a dedicated person in charge of AI development is a “good move,” the proof will come in what Katti is able to deliver as the new CTO.

While the fab partnership with TSMC is a “nice cash infusion” for Intel, he said, it is still unclear what Intel will get out of the arrangement, and investors are “not going to be happy until those details come out.”

According to Nguyen, the longer this takes, the less latitude the new CEO will be given. “The problem is that they are nowhere near the top of their game in terms of products or fab technology,” he said. “They are behind Nvidia, they are behind AMD in terms of AI, in terms of data center CPUs and in some cases the workplace CPU markets.”

He said that the move by Tan to streamline the organization “gives him the ability to see more of what is going on, but the question at this point is, is he overwhelming himself, or does it give him the ability to provide better guidance?”

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. [...]

Apple executives will certainly be hoping that raw materials and components intended for use in the iPhone 17 will remain available despite the politically driven trade war with China. They can see that while what they promise will be exciting for Apple’s customers, getting the components together and manufacturing the devices is more challenging than ever.

There’s a lot at stake. This is, after all, allegedly set to be the biggest iPhone upgrade in years.

What to expect from the iPhone 17 range

The devices are expected to host a faster A19 Pro 3nm processor and significant camera improvements. Those include a 48MP camera to replace the current 12MP rear camera unit sitting on a larger camera island, as well as a 24MP front-facing camera. With the exception of the new, thin, iPhone 17 Air model, the new iPhones may be slightly thicker than today, thanks to a much larger-capacity battery that supports reverse wireless charging. 

You’ll see Apple’s C-series 5G modems begin to proliferate across the iPhone range, potentially with a C2 variant with slightly wider 5G band support. Software improvements will include iOS 19, which is also being billed as a huge change in the system and the introduction (we hope) of contextually aware Apple Intelligence. 

Roll it all together and you have the biggest iPhone redesign for years, including the introduction of iPhone Air, all supported by new modems and Apple AI. With new folding iPhones anticipated for release in the next year or so, the stage is set for a new generation of iPhone sales, with new designs and reinvigorated operating systems all supported by an AI that means you can get more done with the computer in your pocket.

Trouble at the mill

Except for one thing: component supply. Now, it’s easy to mistake the iPhone as comprising solely the components inside those devices, but that’s to miss the parts included elsewhere in the ecosystem. That includes incredibly expensive and hard to get tools for component manufacture (including processor manufacturing) and also includes the components and rare earth materials used across the supporting ecosystem — all those Apple Intelligence servers need components too.

The problem here is that trade agreements continue to unravel worldwide as political will coalesces to express itself as a self-harming rejection of aspects of globalism. That unravelling has a multitude of faces, from limited exports of rare earth materials to tariffs on components that can only be made in one part of the world.

While many of these challenges can be solved by sourcing elsewhere or throwing money at the problem, their impact will be to build in additional frustration and delay inside the Apple component supply chain. We know this is already impacting the company as it has reportedly flown iPhones into the US in huge quantities to slip past the tariffs. 

Complex components

Apple won’t be able to just do the same thing with the iPhone 17 series. In part that’s because they aren’t being manufactured in quantity quite yet, though I imagine production will begin in June and also think we’ll see more models than ever before flying to the US from India.

But it’s not just about US tariffs, it’s also about international response to those tariffs. Open up an iPhone and you’ll find raw materials and components that come from all around the world, and many of those nations — including China — seem a little upset at how they feel they have been treated recently. They are articulating this in their own ways: China’s move to limit exports of rare earths will have a particular impact on smartphone manufacturing, though China is not the only nation to respond to these taxes.

That’s likely to make life quite difficult for a company that likes to create new hardware using cutting-edge material science and advanced manufacturing processes. Even if iPhone components ship in quantity, items used in the manufacture of those parts may be limited in some way. I’ve even seen one fairly weak claim that suggests the company is already experiencing problems as a result of WTW1 (World Trade War 1). 

Along with manufacturing bottlenecks, the new post-globalist tradeoff era will be defined by price.

When it comes to iPhones, Apple may be able to swallow some of the additional costs on the strength of the money it is saving on licensing fees to Qualcomm for the 5G modems it has used until now. Those savings may enable Apple to mitigate some of the cost but won’t mitigate all of it. In practice, while I think Apple will maintain good prices on some models, others — principally the iPhone 17 Air — seem likely to come in at reassuringly expensive prices, with Apple management sensibly thinking its highest-end customers are the least price sensitive and will buy the best all the same.

While the iPhone 17 will no doubt be the best iPhone yet and the new design will no doubt impress, it hits a market in turmoil and to some extent existentially articulates the challenges of a politically fragmented world. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device [email protected]

The US reciprocal tariffs war is beginning to hit the Indian IT industry, with contracts getting delayed as customers adopt a wait-and-watch approach.

Some of the country’s top tech services exporters — including Tata Consultancy Services (TCS), Infosys, and Wipro — have begun to show signs of strain, as revealed in their recent quarterly earnings calls.

Tata Consultancy Services (TCS), Asia’s largest IT services provider, has flagged growing uncertainty, which it said started in February but has now begun to impact project timelines and client decision-making.

K. Krithivasan, CEO and MD at TCS, while announcing the quarterly results, stated that while the overall business environment was positive till February, the company started witnessing some amount of uncertainty since March. This has resulted in some project delays and some ramp-downs. “The Consumer Business Group saw heightened caution and delays in discretionary projects, especially in the US. This was driven by the significant drop in consumer sentiment in February, which preceded changes in global trade and tariffs, creating a domino effect on retail CPG (Consumer Packaged Goods) and TTH (Travel, Transport, and Hospitality) industries,” he said.

Wipro is facing a similar heat from the US tariff announcement. While the company started the January 2025 quarter on a positive note, gradually during the quarter, the sentiments turned negative, and the company started witnessing the impact in the US as well as the European market.

This is because of the tariff hike and the anticipation around that, which had a cascading impact, Srinivas Pallia, CEO & MD of Wipro, said during the company’s recent analyst call. He also acknowledged that some of the clients in Europe have also slowed down transformation projects, and want to relook at the timelines at this point in time.

Infosys, on the other hand, said that its clients have started experiencing tariff pressures, but that hasn’t led to any impact on any existing client discussions.

Neil Shah, Vice President Research at Counterpoint Research, said the mounting pressure for onshoring from the US government, beginning with tariffs on goods, will tend to impact IT outsourcing and offshoring – sectors where US firms have long relied on global partners like TCS due to talent gaps, global reach, and cost competitiveness.

Experts also said that many companies want to wait out the 90-day tariff hold and reassess their IT spending once the US trade posture becomes clearer.

“The biggest challenge for IT budgets is uncertainty.  That being said, projects that are focused on cost reduction, exponential efficiency, and regulatory compliance are still being funded,” said Ray Wang, principal analyst and founder at Constellation Research.

The 90-day pause: No relief yet

The 90-day pause of tariffs by the White House was meant to give companies some breathing room. However, the reality on the ground is starkly different as it has deepened hesitation among enterprise clients, triggering deal delays, project suspensions, and a slowdown in digital transformation spending.

“We were doing a large SAP program, which was very critical for the client, and this was in the consumer sector. And when the client heard about the tariff situation, they were bang in the middle of that, and they put the whole program on pause. Not because they don’t want to do the program, but they wanted to understand, get the certainties of the tariff situation,” said Pallia of Wipro.

Even Krithivasan of TCS added that there would be delays in decision-making on discretionary spend if this uncertainty continues.

“There are two types of IT services contracts – ‘run the business’ and ‘grow the business.’ ‘Run the business’ will continue while ‘grow the business,’ which is dependent on discretionary spending, will be impacted. Clients might prefer shorter deals for ‘grow the business.’ For ‘run the business,’ clients will expect cost optimization with GenAI, so the contract value of these deals may come down,” said Pareekh Jain,  CEO at EIIRTrend & Pareekh Consulting.

Jain said that contrary to the belief that there will be an increase in discretionary spending and more contracts in growth the business with GenAI, but that looks doubtful because of tariff uncertainty.

What happens after the tariff pause ends?

The biggest question remains: what happens once the 90-day tariff hold ends? If tariffs are reinstated — or even expanded — could it potentially lead to contract renegotiations or client attrition?

There can be significant near-term structural shifts in how US firms engage with IT companies, driven by government pressure for onshoring and increasing market volatility. In the long term, the potential for AI to reduce reliance on outsourced IT services can add another layer of transformation, said Shah.

Wang of Constellation Research said up to two-thirds of the pending contracts would be in this limbo due to tariff uncertainties.

Shah of Counterpoint Research said there is a potential 10-20% impact on future growth opportunities due to the current tariff wars and potential rising inflation in the US, necessitating TCS and other firms to be astute with more flexible engagement models to protect the pipeline until the tariff situation stabilizes.

The IT companies are learning to navigate a world where trade policy, not technology, has emerged as the biggest disruptor. Amidst all the uncertainty, TCS is hopeful that FY26 will be better than FY25. Infosys is looking to expand in other geographies, such as Japan, in addition to the work the company has been doing in the US.

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Generative AI (genAI) tools — especially those like OpenAI’s ChatGPT — are being used by many job seekers to enhance, exaggerate, or outright fabricate parts of their resumes, cover letters, or even responses during job interviews.

“We’re seeing this a lot with our tech hires, and a lot of the sentence structure and overuse of buzzwords is making it super obvious,” said Joel Wolfe, president of HiredSupport, a California-based business process outsourcing (BPO) company. HiredSupport has more than 100 corporate clients globally, including companies in the eCommerce, SaaS, healthcare, and fintech sectors.

Wolfe, who weighed in on the topic on LinkedIn, said he’s seeing AI-enhanced resumes “across all roles and positions, but most obvious in overembellished developer roles.”

Cliff Jurkiewicz, vice president of Global Strategy at Phenom, an HR technology vendor, said he’s also seeing a rise in fraud during job applications and interviews. “It is definitely something we have seen for a while, but are seeing a lot more of [now],” Jurkiewicz said.

Candidates are even turning to tools like ChatGPT during live remote or recorded video interviews — sometimes reading answers off a second screen fed by an AI assistant. In some cases, it’s not even the real applicant being interviewed, but someone more qualified standing in.

“This is happening globally and across industries, with the goal of getting a more capable person to pass the interview while someone else shows up for the job,” Jurkiewicz said. “Clients report that 10% to 30% of interviews — especially for roles like engineering — involve some level of fraud.”

Workers admit exaggerating their skills

A 2023 survey by UK-based StandOut CV, a resume writing service, found that 73% of US workers would consider using AI to embellish or lie on their resumes — and that was before genAI tools had become as common as they are now. The survey also showed that nearly two-thirds of respondents (64.2%) said they’d lied on their resume at least once. Conversely, only one-in-five said they’d not been caught lying on their resumes.

In a separate survey by Resume Builder, 45% of respondents said they exaggerated their skills with AI tools during the hiring process: 32% lied about skills on their resumes and 30% lied during the interview process.

In general, employers generally say they don’t have a problem with applicants using genAI tools to write a resume, as long as it accurately represents a candidate’s qualifications and experience. ZipRecruiter, an online employment marketplace, said 67% of 800 employers surveyed reported they are open to candidates using genAI to help write their resumes, cover letters, and applications, according to its Q4 2024 Employer Report.

Companies, however, face a growing threat from fake job seekers using AI to forge IDs, resumes, and interview responses. By 2028, a quarter of job candidates could be fake, according to Gartner Research. Once hired, impostors can then steal data, money, or install ransomware.

For example, North Korean IT workers are reportedly flooding tech companies with fake resumes and often use names that sound American, such as Mike Smith or Thomas Williams. The North Koreans utilize stolen American identities, often obtained through dark web marketplaces, and employ VPNs to mask their true locations. In some instances, they manipulate session history files and transfer potentially harmful files to company systems. These “workers” are typically based in countries like China and Russia to avoid detection.

In January, the US Department of Justice indicted five people involved in facilitating this operation. The Justice Department has also seized $1.5 million and 17 domain names linked to these activities. The FBI and other agencies continue to monitor and disrupt such schemes.

Legitimate IT job applicants might be more confident using genAI technology as AI coding tools become more common. Gartner predicts 70% of developers will use them by 2027, up from less than 10% in 2023.

Two sides of the genAI coin

Emi Chiba, a senior principal analyst in the Gartner Human Resources practice, said genAI makes it easy to create tailored content, so many job candidates use it for resumes and cover letters.

“At this point I would assume the majority of candidates are submitting applications augmented by AI,” Chiba said. “I’ve spoken to organizations who also noticed candidates using it during interviews or assessments where the candidate may read an answer generated by AI, or use it to help craft an answer.”

Some candidates use AI deepfakes — changing their voice or appearance — to hide their identity, location, or so someone else can do the interview for them, Chiba said.

“This happened to me personally,” Jurkiewicz said. “We hired someone in Texas who was secretly outsourcing the work overseas for a fraction of her pay.”

The counterfeit employee was repeating the deceptive practice with four employers at once, earning $300,000 to $500,000 a year while doing almost no work herself, Jurkiewicz said. “It was purely a money grab, and with little to no consequences; there’s no real deterrent,” he said. “That’s why we need better tech to detect this kind of fraud.”

GenAI, Jurkiewicz said, is both a problem and a solution. It helps screen applicants, and can also detect fraud. The company recently announced it would be launching a built-in AI agent for spotting deepfakes around May or June.

Fake candidates make it harder for qualified workers

Another downside to the growing flood of AI deep fake applicants is that it affects “real” job applicants’ chances of being hired. “What if you are getting passed over for jobs by ‘fake’ candidates?” Jurkiewicz said. “There’s an interesting dilemma.”

Job applicants who fake their credentials will in all likelihood eventually be uncovered and fired, Jurkiewicz said — but by then they’ve accomplished their goal. “It’s a numbers game: people submit hundreds of applications, hoping some will slip through undetected. Even if only a few succeed, that’s enough to exploit the system,” he said.

After working three, four or six months, the fake employee leaves with the pay he or she has earned, and moves onto the next employer, Jurkiewicz said.

The financial impact can be huge. The US Department of Labor says a bad hire can cost 30% of their first-year salary, with some HR firms estimating losses between $240,000 and $850,000 per fake employee.

“Now, imagine the cost of hiring a fake candidate,” Jurkiewicz said. “They go through training, do all this orientation. You’re three months getting paid, and let’s say you do that across the board for 100 different employers, because you built this fraudulent network. You’re making a lot of money before they detect it.”

Your weekly round-up of the questions asked by readers of CIO, Computerworld, CSO, InfoWorld, and Network World sees Smart Answers offering advice on help for hallucinations; automating website certifications; and software development using LLMs.

Help for Hallucinations

Hey you: fancy a spot of Slopsquatting? Thought not.  

And yet when we reported this week that Slopsquatting is a new type of supply chain attack, the readers of CSO could not get enough of it. Attackers can weaponize and distribute a large number of packages recommended by AI models that don’t really exist, which is a potential problem for all organizations running AI. Basically – all enterprises.  

What to do about it? CSO readers rushed to Smart Answers to ask our non-hallucinating chatbot to query decades of reporting. And it transpires that enterprises can reduce AI hallucinations in their systems by implementing several strategies.  

Retrieval-Augmented Generation (RAG) supplements AI models with up-to-date, relevant data, thereby reducing hallucinations. Organizations can also enhance vector search and improve retrieval accuracy. Anchoring AI outputs on validated data sources can reduce the likelihood of producing misleading information. And every organization should be improving prompts and implementing human review and fact-checking.  

Fun fact: all of this is true of Smart Answers. As you can see from the full answer below. 

Find out: How can enterprises reduce AI hallucinations in their systems?  

Safer Surfing Through Certification Automation

Website certificates, also known as SSL/TLS certificates, are issued by trusted certification authorities (CAs) and use public-key cryptography to authenticate websites to web browsers.  

This week Computerworld reported that members of the CA/Browser Forum have voted to slash cert lifespans from the current one year to just 47 days. This will – in principle at least – make browsing websites more secure. But it’s an added burden on enterprise IT staff who must ensure they are updated. 

But there is hope for hardworking IT pros, and Smart Answers is here to bring it. The answer may be your friend and mine: automation.  

Can automation make certification a cinch? Smart Answers says that it can, and likely it will. But you may wish to do some research before diving in. On which, find out all that Smart Answers has to say below. 

Find out: How can automation improve certificate management for websites?  

Software Development Using LLMs

This week InfoWorld reported on DSPy: an open-source framework for LLM-powered application. We said that DSPy shifts the paradigm for interacting with models from prompt hacking to high-level programming, making LLM applications far easier to maintain and optimize. 

InfoWorld readers loved the concept, but raced to ask Smart Answers fundamental questions about the use of LLMs in software development. In essence: why is it good? Smart Answers says LLMs have several benefits in software development – both integrated into code, and assisting with the coding itself.  

Find out: What are the benefits of using large language models in software development?  

About Smart Answers 

Smart Answers is an AI-based chatbot tool designed to help you discover content, answer questions, and go deep on the topics that matter to you. Each week we send you the three most popular questions asked by our readers, and the answers Smart Answers provides.  

Developed in partnership with Miso.ai, Smart Answers draws only on editorial content from our network of trusted media brands—CIO, Computerworld, CSO, InfoWorld, and Network World—and was trained on questions that a savvy enterprise IT audience would ask. The result is a fast, efficient way for you to get more value from our content. 

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.  "Net

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.  "NetRavie Lakshmananhttp://www.blogger.com/profile/[email protected]