<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link rel="alternate" hreflang="en-SG"
                       href="https://www.techradar.com/sg/feeds/tag/security"
                       type="application/rss+xml"/>
                            <title><![CDATA[ Latest from TechRadar SG in Security ]]></title>
                <link>https://www.techradar.com/sg/pro/security</link>
        <description><![CDATA[ All the latest security content from the TechRadar  SG team ]]></description>
                                    <lastBuildDate>Mon, 06 Jul 2026 15:23:55 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Enhance your password security with up to 50% off Keeper plans — secure credential generation, storage, and autofill to help protect all your online accounts ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/enhance-your-password-security-with-up-to-50-percent-off-keeper-plans-secure-credential-generation-storage-and-autofill-to-help-protect-all-your-online-accounts</link>
                                                                            <description>
                            <![CDATA[ Keeper is one of the best solutions to password storage and security, with up to 50% off across Personal, Family, and Business plans ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ApPLkhJvqBoVwiFH37tkrR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QFvexowkpqsxcqY8TUgdgc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 06 Jul 2026 15:23:55 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QFvexowkpqsxcqY8TUgdgc-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Keeper logo next to a label stating &quot;Price Cut&quot;.]]></media:description>                                                            <media:text><![CDATA[The Keeper logo next to a label stating &quot;Price Cut&quot;.]]></media:text>
                                <media:title type="plain"><![CDATA[The Keeper logo next to a label stating &quot;Price Cut&quot;.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QFvexowkpqsxcqY8TUgdgc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>How many unique passwords do you use to secure every single one of your hundreds of online accounts? If your answer isn't, "I have a strong unique password for every account," then you're among the millions of people at risk of having multiple accounts stolen from just a single password leak. All it takes is the right combination.</p><p>But that doesn't have to be the case. Using a password manager to generate and store your credentials is a secure and convenient way to prevent your accounts from being hacked. The best part is, <a href="https://www.keepersecurity.com/en_GB/pricing/personal-and-family.html" target="_blank" rel="nofollow">Keeper has cut prices on its personal, family, and business starter plans by up to 50%.</a></p><p>Keeper's password manager offers secured password storage vaults, a password generator that easily complies with password strength requirements, and includes convenient features for privately sharing regularly used passwords - like the one for the Wi-Fi.</p><div class="product"><a data-dimension112="63d01321-3ade-4614-b32e-969fc681bde8" data-action="Deal Block" data-label="Get up to 50% off Keeper plans" data-dimension48="Get up to 50% off Keeper plans" href="https://www.keepersecurity.com/pricing/personal-and-family.html" target="_blank" rel="nofollow"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:131px;"><p class="vanilla-image-block" style="padding-top:100.00%;"><img id="TbfSUDRsU8NdGFXVDRFiSW" name="keeper!.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/TbfSUDRsU8NdGFXVDRFiSW.jpg" mos="" align="middle" fullscreen="" width="131" height="131" attribution="" endorsement="" credit="" class=""></p></div></div></figure></a><p><a href="https://www.keepersecurity.com/pricing/personal-and-family.html" target="_blank" rel="nofollow" data-dimension112="63d01321-3ade-4614-b32e-969fc681bde8" data-action="Deal Block" data-label="Get up to 50% off Keeper plans" data-dimension48="Get up to 50% off Keeper plans" data-dimension25=""><strong>Get up to 50% off Keeper plans</strong></a></p><p>Keeper is offering 50% off its Personal and Family plans, making it even more affordable to secure both personal and household accounts. The Family plan covers multiple users with five secured vaults, making it perfect for shared accounts without the hassle of mixing browsers and reusing passwords.</p><p>Keeper Business Starter is discounted by 30%, and is an excellent choice for small teams looking for a credentials control platform without the complexity and hassle of enduring an enterprise rollout. It includes centralized management, secure password sharing, and role-based access, cleanly organizing your passwords without unnecessary complications.</p><p>The full terms and pricing are available on the <a href="https://www.keepersecurity.com/en_GB/pricing/personal-and-family.html" target="_blank" rel="nofollow">Keeper site</a>.<a class="view-deal button" href="https://www.keepersecurity.com/pricing/personal-and-family.html" target="_blank" rel="nofollow" data-dimension112="63d01321-3ade-4614-b32e-969fc681bde8" data-action="Deal Block" data-label="Get up to 50% off Keeper plans" data-dimension48="Get up to 50% off Keeper plans" data-dimension25="">View Deal</a></p></div><h2 id="why-we-recommend-keeper">Why we recommend Keeper</h2><p>Our <a href="https://www.techradar.com/reviews/keeper-password-manager" target="_blank">Keeper review</a> found the password manager to be an excellent addition to anyone wanting to improve their personal or household security.</p><p>The service uses zero knowledge architecture and device level encryption to keep the contents of your personal vault hidden from private eyes.</p><p>Rather than having to enter your master password each time you need to fill in your credentials, Keeper uses biometric security to access your vault. This uses the built in facial scan or fingerprint tech on your device. Keeper will also recognize when you are trying to log in to a website or app, and allow you to autofill the exact credentials you need.</p><p>Four households, the family plan includes five private vaults, allowing you to quickly share Wi-Fi or streaming passwords using Keeper's shared vaults.</p><p>These discounts apply to the first year only, so the value is highest for new customers or anyone switching from a monthly plan. After that, pricing goes back to standard rates.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Alibaba is banning its workers from using Claude Code as US v China AI battle heats up ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/alibaba-is-banning-its-workers-from-using-claude-code-as-us-v-china-ai-battle-heats-up</link>
                                                                            <description>
                            <![CDATA[ Claude Code was tracking whether users were accessing the tool from China – leading Alibaba to ban it over security concerns. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">LgjvueoyrMqaeAPoHaXto</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SQriLkNFMAWuNK8Fz7yhFL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 06 Jul 2026 13:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SQriLkNFMAWuNK8Fz7yhFL-1280-80.jpg">
                                                            <media:credit><![CDATA[BBC]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Claude AI]]></media:description>                                                            <media:text><![CDATA[Claude AI]]></media:text>
                                <media:title type="plain"><![CDATA[Claude AI]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SQriLkNFMAWuNK8Fz7yhFL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Alibaba bans access to Claude Code, tells employees to use internal Qoder instead</strong></li><li><strong>Anthropic was tracking markers to indicate which users were in China</strong></li><li><strong>Anthropic accused Alibaba of major Claude model distillation effort</strong></li></ul><p>Alibaba has reportedly banned its employees from using Claude Code internally, beginning July 10 2026, classifying it as a high-risk tool that risks organizational security.</p><p>The change follows similar trends already observed among American tech giants, banning Chinese tools from internal use, but Alibaba cited genuine concerns that have been acknowledged by Claude-maker Anthropic.</p><p>The ban could also be seen as a push for Alibaba's own alternative, with workers advised to use the company's own Qoder AI assistant instead.</p><h2 id="alibaba-bans-claude-code-over-security-concerns">Alibaba bans Claude Code over security concerns</h2><p>The controversy stems from developers reverse-engineering Claude Code, revealing it contained code to identify Chinese users. Checks for Chinese system time zones, proxy servers, AI lab infrastructure and network characteristics were all revealed.</p><p>Anthropic stated this experimental feature launched in March, and was designed to combat unauthorized resellers, prevent account abuse and protect its models from AI distillation.</p><p>However, the spyware was reportedly hidden using obfuscation and steganographic techniques, making them effectively invisible to users.</p><p>This isn't the first time both companies have found themselves in a sticky situation – Anthropic recently accused Alibaba of conducting the largest known model distillation attack against Claude (via <a href="https://www.reuters.com/world/china/alibaba-ban-claude-code-workplace-over-alleged-backdoor-risks-source-says-2026-07-03/" target="_blank"><em>Reuters</em></a>).</p><p>More broadly, Chinese companies have been increasingly referring to domestic AI tools like Qwen, DeepSeek, Moonshot and Ship amid growing geopolitical tensions.</p><p>While that trend has been largely mirrored in the US, in favor of the likes of OpenAI, Anthropic, Google Cloud and xAI, US firms have <a href="https://www.techradar.com/pro/many-us-tech-firms-are-turning-to-chinas-deepseek-as-the-bill-for-homegrown-ai-bites-american-ai-companies-could-learn-a-thing-or-two">reportedly</a> been exploring cheaper Chinese alternatives in the name of cost efficiency.</p><p>Alibaba and Anthropic haven't publicly commented on this matter as yet.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ We built a trillion-dollar security industry on top of an unprotected layer ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/we-built-a-trillion-dollar-security-industry-on-top-of-an-unprotected-layer</link>
                                                                            <description>
                            <![CDATA[ As attackers increasingly exploit the 'human stack', organizations must shift from purely technical defenses to behavior-based resilience. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sMHxNdB4WmJWK3NYsDeq6N</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/wV66hEbpJdAc4iPB7RwtkK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 06 Jul 2026 10:46:42 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sarah Gosler ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/wV66hEbpJdAc4iPB7RwtkK-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An exclamation mark inside a red warning triangle, surrounded by email symbols, superimposed on someone typing on a laptop]]></media:description>                                                            <media:text><![CDATA[An exclamation mark inside a red warning triangle, surrounded by email symbols, superimposed on someone typing on a laptop]]></media:text>
                                <media:title type="plain"><![CDATA[An exclamation mark inside a red warning triangle, surrounded by email symbols, superimposed on someone typing on a laptop]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/wV66hEbpJdAc4iPB7RwtkK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>For thirty years, the hardest part of a sophisticated cyberattack was the human labor behind it. Finding the vulnerability. Writing the exploit. Chaining the access. Staying quiet long enough to matter. </p><p>That work required teams, time, and tradecraft. It’s the reason nation-state operations looked different from criminal ones, and why most organizations could plan around the gap between them.</p><p>That gap is closing. </p><p>We are entering what I think of as the Mythos era, in which machines can do in minutes what used to take skilled human operators months. <a href="https://www.techradar.com/best/best-online-cyber-security-courses">Cybersecurity</a> defenses are improving, but the layer where final decisions are made, the human one, is now the easiest to exploit. </p><p>The advantage that protected most organizations, most of the time, is going with it. Precision at scale is no longer a contradiction. It’s a feature.</p><h2 id="the-human-stack-what-it-is-and-why-it-matters">The Human Stack: what it is and why it matters</h2><p>Most of the conversation about this shift has focused on what these systems do to vulnerabilities. That conversation is accurate, but incomplete. The harder problem is what machine-speed attacks do to the systems those vulnerabilities ultimately route through: systems that depend on human decisions.</p><p>That’s a layer most <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> programs don’t explicitly own. I call it the Human Stack, the point where every system finally comes down to a person deciding whether a wire transfer goes through, whether an email is trusted, or whether a voice on a phone call is real. We have spent a generation hardening everything above it, and almost nothing on the layer itself.</p><p>For most of cybersecurity's history, that was a tolerable bet. Attackers had to choose between going wide and crude, or narrow and precise. The Human Stack held because precision didn’t scale, and scale didn’t achieve precision.</p><p>That tradeoff is gone.</p><h2 id="what-the-next-wave-of-attacks-looks-like">What the next wave of attacks looks like</h2><p>The next wave won’t arrive as <a href="https://www.techradar.com/best/best-malware-removal">malware</a>. It’ll arrive as evidence. A voicemail that sounds exactly like the person it claims to be. A video call with a face you have known for ten years. An email thread that picks up a conversation you actually had, in the cadence you actually use, referencing a project that actually exists. The technical indicators will be clean, and the social indicators will be perfect. The only thing that will be wrong is the conclusion the human is being led to.</p><p>Last year, I spent time with the team behind Midnight in the War Room, a documentary premiering August 5 at Black Hat USA. It brings together over 50 experts, from global CISOs and military strategists to reformed hackers and victims of cyber conflict. The conversations were about something that has been happening for a long time and is about to be accelerated: the industrialization of social engineering, and the steady weaponization of the behavioral attack surface.</p><p>That surface doesn't stop at your perimeter. It extends through every vendor, managed service provider, and <a href="https://www.techradar.com/best/best-cloud-computing-services">cloud services</a> administrator your business depends on. Your operations going offline may have nothing to do with your own people, and everything to do with someone three vendors deep making a decision under synthetic pressure.</p><h2 id="what-this-means-for-enterprises">What this means for enterprises</h2><p>For businesses, this isn’t theoretical. Financial risk is direct. We're already seeing fraudulent wire transfers, manipulated approval chains, and finance chiefs impersonated so convincingly that payments clear before anyone notices.</p><p>Operational disruption can come with no malware on your systems. The behavioral attack surface doesn't stop at your perimeter. It extends through every vendor, managed service provider, law firm, auditor, and cloud administrator your business depends on. </p><p>A compromised third party, manipulated through a perfectly constructed social engineering campaign, can take your operations offline without leaving a fingerprint anywhere near your network. Most organizations scrutinize their own security posture far more rigorously than the human decision-making environments of the third parties they rely on, leaving that exposure largely unmanaged. </p><p>Regulators and insurers are starting to ask harder questions about that exposure, and most organizations don't yet have good answers.</p><h2 id="the-shift-from-prevention-to-resilience">The shift from prevention to resilience</h2><p>There's a second shift that boards need to start preparing for, and it's bigger than any single control or technology. We're leaving the era in which security success is measured by attacks prevented. We're entering one in which the realistic measure is how quickly an organization recovers when belief fails.</p><p>Prevention still matters, and the investments organizations have made in it have been the right ones. But in a world where attacks will sometimes succeed because they're indistinguishable from legitimate activity, prevention alone is no longer a coherent strategy. Resilience is.</p><p>What resilience means at the human layer is different from what it means at the technical one. Technical resilience is about systems that fail gracefully and recover quickly. Human resilience is about decision-making environments that can absorb a successful deception, recognize it, and contain it before it compounds. Most organizations have invested in the first. Very few have invested in the second. That's the gap the next decade will judge us on.</p><h2 id="what-leaders-should-do">What leaders should do</h2><p>The security stack remains necessary, but this era exposes that even the best systems hand their hardest decisions to humans, and we haven't invested in that layer with the same rigor. Here’s where to start:</p><p><strong>Measure recovery, not just prevention</strong></p><p>When belief fails, how fast can your organization catch it, contain it, and get back up? That has to be designed into your operating model now, not figured out after an incident. </p><p><strong>Design for decision-making under deception</strong></p><p>Training people to spot phishing isn't sufficient when the phishing email is indistinguishable from a real one. Build institutional processes that don't rely on a single person making the right call under pressure.</p><p><strong>Treat people as operational infrastructure. </strong></p><p>Human judgment is a critical system. It needs redundancy and failure protocols, just like any other.</p><p><strong>Extend your security culture to your vendor ecosystem</strong></p><p>The behavioral attack surface runs through your entire supply chain. Your third-party risk program needs to account for the human layer, not just the technical one.</p><h2 id="the-window-is-closing">The window is closing</h2><p>Midnight in the War Room will make this visible in a way an op-ed cannot. </p><p>The Mythos era did not create this problem. It revealed it. The cost of exploiting human decision-making precisely was high enough to keep most attackers out. That barrier is collapsing now.</p><p>What comes next will not announce itself. It’ll arrive looking like someone you trust, asking for something that feels completely reasonable, right up until the moment it isn't.</p><p>The question is no longer whether your systems can withstand attack. It's whether your people are prepared to make decisions in a world where the evidence itself can no longer be trusted, and whether your organization is built to recover when those decisions go wrong.</p><p><em></em><a href="https://www.techradar.com/best/best-cloud-antivirus"><em>We've reviewed and ranked the best cloud antivirus</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft makes major AI U-turn following user revolt — will let Teams users turn off Copilot, Facilitator and Recap ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/microsoft-makes-major-ai-u-turn-following-user-revolt-will-let-teams-users-turn-off-copilot-facilitator-and-recap</link>
                                                                            <description>
                            <![CDATA[ User backlash to Microsoft Teams AI tools leads to major shift in policy choices. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">tVZioWJvSvsyUTmbRFv7pU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 06 Jul 2026 10:46:35 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                                                                                    <dc:creator><![CDATA[ Mike Moore ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vinm2oPWMvB8yMg7qLhtxg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C technology journalist for nearly a decade, including at one of the UK&#039;s leading national newspapers and fellow Future title ITProPortal, covering everything from cybersecurity to phone reviews to VR at the Winter Olympics.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;Mike is the main editorial contact for TechRadar Pro, responsible for the news content across the site, as well as managing the contributed content. PRs looking to pitch news stories, bylines/analysis pieces or event invitations should get in contact via the email address mentioned above.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;He has a Masters degree in American Studies from the University of Nottingham, along with a BA in American &amp;amp; English Studies from the same institution. When he&#039;s not keeping track of all the latest enterprise and workplace trends, he can most likely be found watching, following or taking part in some kind of sport.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Teams logo on smartphone]]></media:description>                                                            <media:text><![CDATA[Microsoft Teams logo on smartphone]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Teams logo on smartphone]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft Teams will now let users turn off its AI tools</strong></li><li><strong>Copilot, Facilitator and Intelligent recap all affected</strong></li><li><strong>Users will be able to pick and choose which AI tools they want on Teams</strong></li></ul><p>Microsoft has apparently backed down in plans to introduce a host of AI tools across Teams after it faced a major backlash from users.</p><p>In recent weeks, the company has revealed several new AI-powered Teams features it says will help boost user productivity and efficiency, offering the likes of catch-up tools, note-taking and even translation.</p><p>However, following an apparent fightback from users, the company says it will now offer a simple toggle to turn off its "Meeting AI" features on your calls.</p><h2 id="turn-off-ai-in-microsoft-teams">Turn off AI in Microsoft Teams</h2><p>The news was outlined in an <a href="https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1319216" target="_blank" rel="nofollow">admin center post</a>, seemingly admitting the company might have overdone its AI expectations.</p><p>“Microsoft Teams will add an in-meeting toggle for licensed organizers and presenters to turn Meeting AI (Copilot, Facilitator, recap) on or off during live meetings,” the company said. “Rollout starts early July 2026, with no changes to existing compliance or licensing requirements.”</p><p>Microsoft also demonstrated what the feature might look like in a Teams meeting, with a screenshot showing a toggle to individually disable the likes of Copilot, Facilitator, and Intelligent recap - or turn off all tools at once.</p><p>The company also pointed out its Meeting AI tools will only show up after being cleared by your admins, so specific policy considerations will always be considered - and the toggle will not appear if Meeting AI is specifically turned off by policy.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1700px;"><p class="vanilla-image-block" style="padding-top:56.76%;"><img id="co4CsjTu6yHVYocKPqiK9Q" name="Meeting-AI-control-in-Microsoft-Teams" alt="Microsoft Teams turn off AI tools" src="https://cdn.mos.cms.futurecdn.net/co4CsjTu6yHVYocKPqiK9Q.jpg" mos="" align="middle" fullscreen="" width="1700" height="965" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>The news comes shortly after <a href="https://www.techradar.com/pro/microsoft-teams-has-a-slightly-creepy-new-feature-which-will-watch-and-listen-to-your-meetings-but-thankfully-only-if-you-let-it" target="_blank">Microsoft revealed Facilitator</a>, a new AI-powered tool which will look to help better manage Teams calls, filling in any potential knowledge gaps which pop up during a meeting.</p><p>This has already led some observers to worry about the tool's privacy and security limits, however Microsoft noted it will need to be activated to listen and watch all of your meetings, so it knows when to interfere and chip in.</p><p>The toggle is rolling out now, and should complete by mid-July 2026, with Teams users across all devices, including Windows, macOS, mobile, and web, included.</p><p>Via <a href="https://www.windowslatest.com/2026/07/05/microsoft-caves-after-teams-ai-backlash-will-let-you-turn-off-copilot-facilitator-and-recap-mid-meeting/" target="_blank"><em>WindowsLatest</em></a></p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="middle" fullscreen="" width="676" height="213" attribution="" endorsement="" class="inline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Agentic coding tools have access to everything they need for this': Security experts warn Claude Code can be exploited simply by trying to be helpful ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/agentic-coding-tools-have-access-to-everything-they-need-for-this-security-experts-warn-claude-code-can-be-exploited-simply-by-trying-to-be-helpful</link>
                                                                            <description>
                            <![CDATA[ A hidden DNS record tricked Claude Code into opening a reverse shell during routine error recovery, bypassing every standard security scanning tool completely. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ST9jVeqUvxPgXzQE3PvLf4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/eZs7VDaqqgXt5TBmcicAmS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 04 Jul 2026 20:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/eZs7VDaqqgXt5TBmcicAmS-1280-80.jpg">
                                                            <media:credit><![CDATA[Anthropic]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Claude Tag]]></media:description>                                                            <media:text><![CDATA[Claude Tag]]></media:text>
                                <media:title type="plain"><![CDATA[Claude Tag]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/eZs7VDaqqgXt5TBmcicAmS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Claude Code ran the dangerous command while treating it as routine recovery</strong></li><li><strong>A single fake error message triggered the entire hidden attack chain</strong></li><li><strong>Static scanners and firewalls saw nothing more than normal DNS resolution</strong></li></ul><p>Researchers at Mozilla's 0din team have shown how Claude Code can be manipulated into opening a hidden reverse shell on a developer's device.</p><p>The exploit required no malicious code inside the cloned project, since every visible file passed ordinary review without raising suspicion.</p><p>Instead, the dangerous instruction arrived later, fetched at runtime from a DNS text record that no scanner would ever inspect.</p><h2 id="how-a-routine-setup-error-became-an-entry-point">How a Routine Setup Error Became an Entry Point</h2><p>The attack began with an unremarkable Markdown file explaining how to install a package called Axiom, a common monitoring tool.</p><p>Running the tool without initialising it produced a plain error message instructing the user to execute a specific setup command.</p><p>The <a href="https://0din.ai/blog/clone-this-repo-and-i-own-your-machine" target="_blank" rel="nofollow">research team</a> noted this pattern closely resembles ordinary developer troubleshooting, which is precisely why it evaded suspicion so effectively.</p><p>Claude Code, attempting only to be helpful, followed that written instruction automatically, treating the documented fix as ordinary routine error recovery.</p><p>That single command triggered a hidden shell script which quietly queried a DNS text record controlled entirely by the remote attacker.</p><p>The record decoded into a base64-encoded reverse shell command, which executed silently and connected straight back to the attacker's remote server.</p><p>Persistence was also possible once inside, since the attacker could plant an SSH key or schedule a hidden cron job.</p><p>A single repository link shared in a job posting or chat message could expose every developer who simply opened it.</p><h2 id="why-standard-security-tools-failed-to-notice">Why standard security tools failed to notice</h2><p>Regular security tools, such as <a href="https://www.techradar.com/best/best-antivirus">antivirus software</a> or <a href="https://www.techradar.com/best/firewall">firewall protection</a>, failed to notice this flaw since none of the individual steps looked suspicious on their own.</p><p>Static code-scanning tools only registered a routine DNS lookup, which did not indicate anything malicious underway.</p><p>Network monitoring registered nothing more than ordinary domain name resolution, and the agent itself viewed the command as a pre-authorised setup.</p><p>0din stressed that coding agents need to inspect exactly what setup script will actually run before executing anything at all.</p><p>It concluded that developers should never assume an unfamiliar repository is trustworthy, regardless of how ordinary its setup files appear.</p><p>This case suggests that agentic <a href="https://www.techradar.com/best/best-ai-tools">AI tools</a> built on <a href="https://www.techradar.com/computing/artificial-intelligence/best-llms">large language models</a> may need far stronger runtime safeguards.</p><p>Until such agents can meaningfully evaluate what a command actually executes, similar indirect attacks will likely remain difficult to prevent.</p><p>The broader lesson extends beyond Claude Code, since most agentic AI systems share similar blind spots toward indirect prompt injection.</p><p>For now, treating unfamiliar automation as a genuine risk remains the single most reliable safeguard available to most individual developers.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="middle" fullscreen="" width="676" height="213" attribution="" endorsement="" class="inline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Advances in quantum research and development have shifted the risk horizon': Microsoft says it is ramping up its quantum computing security work ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/advances-in-quantum-research-and-development-have-shifted-the-risk-horizon-microsoft-reveals-it-is-ramping-up-its-quantum-computing-security-work</link>
                                                                            <description>
                            <![CDATA[ Microsoft plans a broad post-quantum migration by 2029 as concerns over future decryption risks increase globally. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">UPjdPJsXtBFkTe6goeryKn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UVm4pWzxzFfM3waNQDdPrD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 04 Jul 2026 18:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UVm4pWzxzFfM3waNQDdPrD-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Quantum computing concept. Digital communication network. Technological abstract.]]></media:description>                                                            <media:text><![CDATA[Quantum computing concept. Digital communication network. Technological abstract.]]></media:text>
                                <media:title type="plain"><![CDATA[Quantum computing concept. Digital communication network. Technological abstract.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UVm4pWzxzFfM3waNQDdPrD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Quantum readiness is moving from research projects into deployment schedules</strong></li><li><strong>The 2029 deadline signals growing urgency across enterprise security planning</strong></li><li><strong>Crypto agility could become as important as encryption strength itself</strong></li></ul><p>Quantum computing timelines, once treated as distant concerns, are increasingly influencing security planning across major technology companies worldwide.</p><p>Microsoft has revealed it is now accelerating its Quantum Safe Program, arguing that preparations for post-quantum cryptography can no longer wait indefinitely.</p><p>The company says organizations should begin preparations immediately because the migration process could require several years across large infrastructures.</p><h2 id="microsoft-moves-quantum-preparations-into-its-wider-security-strategy">Microsoft moves quantum preparations into its wider security strategy</h2><p>The company plans to complete the transition of critical offerings to post-quantum cryptography technologies before the end of 2029.</p><p>Microsoft also confirmed that quantum readiness metrics will become part of its broader Secure Future Initiative security programme moving forward.</p><p>Rather than concentrating exclusively on replacing cryptographic algorithms, the company believes infrastructure modernization should receive greater attention from organizations globally.</p><p>Microsoft argued that improving flexibility within existing systems could reduce the complexity associated with future cryptographic transitions considerably over time.</p><p>One priority involves upgrading network cryptography through newer standards such as TLS 1.3 and hybrid key exchange technology adoption.</p><p>Another objective involves developing crypto agility capabilities allowing cryptographic mechanisms to change without requiring extensive application redesign work later.</p><p>The company also intends to modernize trust chains supporting certificate issuance, software updates, code signing, and hardware-backed protections.</p><p>Microsoft has not identified a single scientific breakthrough responsible for changing its timeline regarding quantum-resistant security implementation activities worldwide.</p><p>Instead, executives described the decision as a precautionary exercise intended to reduce exposure to future developments within quantum computing research.</p><h2 id="microsoft-warns-preparation-could-take-longer-than-expected">Microsoft warns preparation could take longer than expected</h2><p>"Shifting to quantum-resistant security takes years. This is a proactive, risk-informed decision to help customers stay ahead of potential future threats," Microsoft Azure CTO Mark Russinovich said.</p><p>He added that the initiative covers the entire Microsoft portfolio rather than a narrow collection of selected enterprise services only.</p><p>The company also referenced growing concerns surrounding harvest now, decrypt later scenarios involving sensitive information collected and retained today.</p><p>Under that model, encrypted information stolen presently could remain inaccessible until future quantum systems become capable of decoding archives successfully.</p><p>Several technology companies, including Apple, Google, and Signal, have already incorporated elements of post-quantum cryptography into products recently.</p><p>Microsoft believes the amount of work required before deployment at scale remains substantial regardless of when capable machines eventually emerge.</p><p>The company stated that advances in research and development have already altered previous assumptions surrounding the acceptable preparation timetable significantly.</p><p>For years, planning for post-quantum cryptography was widely treated as important and inevitable while remaining comfortably distant for organizations.</p><p>Microsoft now argues that perspective is changing as technology advances and preparations begin reflecting the scale of the transition ahead.</p><p>The company believes cryptographically relevant quantum computers could arrive sooner than many previous forecasts had anticipated across the technology sector.</p><p>Whether these expectations ultimately prove accurate, organizations appear increasingly unwilling to rely on the assumption that they remain decades away.</p><p>Via <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-accelerates-quantum-safe-roadmap-as-risks-grow/" target="_blank" rel="nofollow">BleepingComputer</a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Running on-premise in an agentic world ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/running-on-premise-in-an-agentic-world</link>
                                                                            <description>
                            <![CDATA[ On-prem AI is costly, slow, and quickly outdated versus cloud-native, continuously evolving models. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZnDdnJnCqneddxJtrXKaFS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/KNPUc7wQaTTAwBR9EVypsK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Jul 2026 14:17:25 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rob Gates ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/KNPUc7wQaTTAwBR9EVypsK-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An outline of a cloud in neon orange, inside a circle of blue fibers, suggesting cloud computing]]></media:description>                                                            <media:text><![CDATA[An outline of a cloud in neon orange, inside a circle of blue fibers, suggesting cloud computing]]></media:text>
                                <media:title type="plain"><![CDATA[An outline of a cloud in neon orange, inside a circle of blue fibers, suggesting cloud computing]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/KNPUc7wQaTTAwBR9EVypsK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The business case for running things on-premise has always started with control. </p><p>Host it yourself, keep the data in your environment, avoid vendor lock-in. It's a reasonable instinct, and for a long time it was a reasonable answer. </p><p>The gap between what you could run internally and what was available externally was manageable. On-premise was a defensible choice.</p><p><a href="https://www.techradar.com/best/best-ai-tools">AI</a> is changing that.</p><p>The build-it-yourself case ignores almost everything that comes after: the people required to keep things running as AI models evolve, the license fees and compute costs that compound as the landscape shifts, the upgrade cycles that never quite arrive on schedule, and the work required to unpick decisions made against a technology landscape that looked completely different six months ago.</p><p>None of these costs are hidden, exactly. They're just easy to ignore when the initial <a href="https://www.techradar.com/best/best-business-plan-software">business</a> case is about build cost.</p><h2 id="you-can-run-ai-on-premise-just-not-the-best-ai">You can run AI on-premise - just not the best AI</h2><p>The frontier models - the ones getting most of the headlines - can't be self-hosted. Their providers don't make them available for private deployment. </p><p>What you can license and run internally is constantly improving, but so is the frontier. Anthropic alone released over a dozen Claude models in under two years, and they're far from the only provider.</p><p>Self-hosting means slow release cycles. Upgrades are expensive and disruptive, so firms stay on versions longer than they should. The same is true of the hardware underneath. </p><p>Specialized AI chips go out of date fast. New GPU generations arrive every couple of years, each meaningfully better than the last, and each requiring fresh capital investment. Your model is behind, the silicon it's running on is behind, and upgrading either is a major project.</p><p>Models, licenses, <a href="https://www.techradar.com/best/best-infrastructure-management-service">infrastructure</a>, tooling, people - none of it follows a predictable refresh cycle. In the current environment, "out of date" can mean within months. Each round of investment is made under pressure, with limited time to evaluate options properly.</p><h2 id="the-talent-drain">The talent drain</h2><p>To build and run AI tools on-premise, you need engineers who aren't working on what actually differentiates your business. They're keeping up with the AI. Tweaking tools as models evolve. Troubleshooting when things break. Managing the infrastructure. Evaluating new model releases as they come out.</p><p>When it comes to data processing and reconciliation, these things are required but they're not differentiating. They need to work, but significant engineering time spent on them won't give you an edge. It's expensive maintenance of something that isn't your business.</p><p>As the internal environment expands and the technology ages, the headcount required to manage it grows. These are expensive specialists, and most of what they do doesn't move the business forward.</p><h2 id="why-ai-belongs-in-a-cloud-native-world">Why AI belongs in a cloud-native world</h2><p>The argument for cloud-native AI isn't really about <a href="https://www.techradar.com/best/best-cloud-computing-services">cloud computing</a>. It's about whether your architecture can keep pace with a technology that's moving faster than any internal release cycle can match.</p><p>In a cloud-native world, new model capabilities arrive as features, not projects. When something better appears at the frontier, the platform absorbs it. The compliance conversation doesn't restart. The <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> review doesn't go back to zero. The engineering team doesn't have to rebuild anything. The capability lands, and your operations team can use it the same day.</p><p>The control argument that drove firms to on-premise in the first place still matters - but it's no longer in tension with cloud-native deployment. Permissions, audit trails, governance, data sovereignty: all of it can be enforced just as rigorously in a properly architected cloud-native platform, often more so. The trade-off has shifted. Control no longer requires standing still.</p><p>The firms that recognize this early get a head start. Their engineers focus on what differentiates the business. Their operations teams get better tooling every quarter without a procurement cycle. The question of "are we keeping up?" stops being one anyone has to ask.</p><h2 id="what-changes-when-you-work-with-a-trusted-partner">What changes when you work with a trusted partner</h2><p>Shifting the burden of building, maintaining, securing and testing to a specialist partner means your resources stay focused where they should be, and your capability evolves with the market. </p><p>Platforms built on infrastructure like AWS Bedrock are designed to absorb new model capabilities as they emerge - including the frontier models that can't be self-hosted at all. The underlying architecture keeps pace so the firms using it don't have to.</p><p>When a better model becomes available, the platform adapts. No new project, no additional engineers, no unravelling months of integration work. Operations teams focus on what they're there to do. </p><p>Engineers focus on the things that differentiate the firm. And the question of "are we running the right model?" stops being a quarterly investment committee discussion and starts being a setting someone flips.</p><p><em></em><a href="https://www.techradar.com/best/best-business-cloud-storage-service"><em>Use the best business cloud storage to manage your data</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why 'time to token' is the new battleground for data centers ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/why-time-to-token-is-the-new-battleground-for-data-centers</link>
                                                                            <description>
                            <![CDATA[ The disconnect between the pace of software capabilities and physical constraints of data center infrastructure. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vaYG4ERAvqRuoJBxUoKJkB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zwBWPNAfpJdnNkfJY3wUKM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Jul 2026 12:53:13 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Martin Ryder ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zwBWPNAfpJdnNkfJY3wUKM-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A data center in a blue light]]></media:description>                                                            <media:text><![CDATA[A data center in a blue light]]></media:text>
                                <media:title type="plain"><![CDATA[A data center in a blue light]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zwBWPNAfpJdnNkfJY3wUKM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The rapid expansion of Generative <a href="https://www.techradar.com/best/best-ai-tools">AI</a> has created a significant disconnect between the pace of software capabilities and the physical constraints of data center infrastructure. </p><p>Hyperscalers and enterprises alike are discovering that raw compute capacity alone is no longer the differentiator. Instead, the focus has shifted decisively toward the speed of deployment. </p><p>In this new era, the primary metric for success is Time to Token - the end-to-end duration from initial planning and site preparation to the moment an AI cluster powers up and begins generating its first output tokens.</p><p>This metric encapsulates far more than inference latency (the traditional "time to first token" in model serving). </p><p>It measures the full orchestration challenge - securing power, procuring hardware, navigating logistics, implementing advanced cooling and integrating systems under immense time pressure. </p><p>As AI capital expenditure rises, delays in activating capacity carry a growing commercial cost. This means that the <a href="https://www.techradar.com/best/best-infrastructure-management-service">IT infrastructure</a> challenge is shifting from isolated component optimization to end-to-end delivery.  </p><h2 id="from-silos-to-high-velocity-orchestration">From silos to high-velocity orchestration</h2><p>Traditional data center construction followed a predictable, linear hierarchy. Power providers, cooling specialists, civil engineers, and hardware vendors operated in silos, handing off responsibilities sequentially. </p><p>This model worked for stable enterprise workloads, but AI deployments have changed those assumptions. Where high-performance clusters are concerned, infrastructure dependencies become tightly coupled and delays in one layer of the stack can slow the entire program.</p><p>Modern AI deployments demand deep, partnership-based orchestration that brings power, cooling, and hardware vendors together from day one. The power train and thermal chain should be co-designed alongside compute as an integrated stack. </p><p>This collaborative approach compresses deployment timelines from years to months with industry leaders increasingly designing infrastructure to be "silicon-ready," with facilities prepared and waiting for graphics processing unit (GPU) shipments rather than the reverse.</p><p>The economic driver is that idle high-end AI hardware is extraordinarily expensive. When racks worth millions of pounds sit unpowered due to lack of site readiness, the financial implications are immediate and severe. </p><p>Converged infrastructure eliminates traditional bottlenecks such as mismatched power feeds, inadequate cooling loops, or incompatible networking, that once plagued brownfield retrofits.</p><h2 id="bridging-the-density-gap-with-liquid-cooling">Bridging the density gap with liquid cooling</h2><p>One reason this issue has become so urgent is the sharp increase in rack density associated with AI workloads. Legacy data centers were typically engineered for 5-15 kW per rack. AI clusters now push toward 100 kW and beyond, with some next-generation designs targeting 175 kW+ or even 600 kW per rack. Air cooling hits fundamental physical limits at these densities.</p><p>Bridging this cooling gap involves integrating more advanced liquid-based solutions with traditional air cooling. IEEE Spectrum suggests that liquid cooling is essential for capturing the intense heat generated by modern GPUs. Rear-door heat exchangers or direct-to-chip systems allow legacy sites to support AI hardware without a total rebuild.</p><p>The integration of these cooling systems requires precise mechanical engineering of secondary loops. Even minor pressure drops or temperature fluctuations can destabilize hardware in high-density AI clusters. Using Coolant Distribution Units (CDUs) to manage the interface between facility-side and rack-side cooling is now a baseline necessity. This orchestration allows thermal equipment to remain stable even during peak processing loads.</p><p>Hybrid approaches enable operators to retrofit existing sites, extending the life of brownfield facilities while avoiding full rebuilds. Liquid cooling also delivers significant efficiency gains, with studies showing notable increases in Power Usage Effectiveness (PUE) compared to air-only systems.</p><h2 id="the-role-of-converged-infrastructure">The role of converged infrastructure</h2><p>The rise of sovereign AI - where nations and regulated industries demand local control over data, models, and compute for <a href="https://www.techradar.com/news/best-internet-security-suites">security</a>, privacy, and compliance - requires dedicated infrastructure that remains within specific jurisdictional boundaries. </p><p>Meeting this demand requires the rapid deployment of industrialized data center blocks. These converged infrastructure designs can reduce deployment times by up to 85%, allowing organizations to scale their AI capacity locally and securely.</p><p>The pre-engineered, factory-integrated blocks are validated in controlled conditions and delivered for streamlined on-site deployment, which reduces the complexity of on-site construction and improves overall reliability. By adopting an industrialized approach, organizations can bypass the traditional multi-year construction cycle. This agility is important for keeping pace with the rapid evolution of the AI sector.</p><p>Standardized modules offer predictability in cost and timeline, scalability ("pay-as-you-grow"), and higher reliability through offsite quality control. For organizations pursuing national AI strategies, this agility enables secure, localized clusters without waiting for multi-year construction cycles. Hybrid modular solutions further allow brownfield expansions or edge deployments.</p><h2 id="a-collective-ecosystem-for-infrastructure-success">A collective ecosystem for infrastructure success</h2><p>The lesson from recent major AI deployments is clear. To meet deployment windows of months rather than years, the ecosystem must operate as a collective with transparent <a href="https://www.techradar.com/best/best-online-collaboration-tools">collaboration</a> across grid operators, energy providers, critical digital infrastructure providers, and logistics partners. Heat orchestration, power management, and supply chain synchronization are now core competencies. </p><p>Organizations can overcome complexity by using digital twins for simulation, advanced <a href="https://www.techradar.com/pro/best-it-automation-software">automation</a>, and real-time visibility. Facilities will need to become more adaptive, efficient, and responsive as concerns such as water usage, energy sourcing, and environmental impact face greater scrutiny alongside performance metrics.</p><p>Success in this new era will be defined by the ability to orchestrate a transparent and integrated ecosystem. This requires a tight feedback loop between grid providers, energy companies, and end-to-end infrastructure partners.</p><p>Critical digital infrastructure is no longer a static foundation - it is a dynamic, strategic asset. Deployment velocity should be treated as a core engineering discipline, orchestrating every layer from electrons to tokens with precision and speed. </p><p>The race to minimize Time to Token is about keeping pace with innovation as well as defining the next generation of digital infrastructure.</p><p><em></em><a href="https://www.techradar.com/news/best-cloud-hosting-providers"><em>We list the best cloud hosting services</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Two of the world's fastest-growing skills are in the same job description ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/two-of-the-worlds-fastest-growing-skills-are-in-the-same-job-description</link>
                                                                            <description>
                            <![CDATA[ The future of cybersecurity depends on professionals who can secure and govern AI. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">udMg4N6s5rWAxnURbNcVG7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mfPaYGQmks2VALWFFBnSej-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Jul 2026 10:30:45 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Brooke Johnson ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mfPaYGQmks2VALWFFBnSej-1280-80.jpg">
                                                            <media:credit><![CDATA[Blue Planet Studio/Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot hand touching a locked digital shield blocking a human from accessing data]]></media:description>                                                            <media:text><![CDATA[A robot hand touching a locked digital shield blocking a human from accessing data]]></media:text>
                                <media:title type="plain"><![CDATA[A robot hand touching a locked digital shield blocking a human from accessing data]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mfPaYGQmks2VALWFFBnSej-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If you look at where global skills demand is climbing fastest right now, two areas are pretty hard to ignore: <a href="https://www.techradar.com/best/best-ai-tools">artificial intelligence</a> and cybersecurity. </p><p>According to the World Economic Forum's Future of Jobs Report 2025, AI and big data sit at the top of the fastest-growing skills ranking, with networks and cybersecurity directly behind. </p><p>These skills are increasingly being asked of the same person.</p><p>For most of the last decade, these were distinct careers. </p><p>Cybersecurity professionals attended <a href="https://www.techradar.com/best/best-online-cyber-security-courses">cybersecurity</a> conferences, earned cybersecurity certifications and worked in cybersecurity teams. </p><p>AI and machine learning sat elsewhere in data science org charts, research labs, product groups. </p><p>The two communities knew about each other. They rarely shared a calendar.</p><h2 id="security-teams-are-now-expected-to-manage-ai-systems">Security teams are now expected to manage AI systems</h2><p>That separation has collapsed in the last 18 months or so, mostly because <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> teams are now expected to deploy, oversee and defend AI systems as a routine part of their work. </p><p>Research finds that 87% of security teams are prioritizing agentic AI adoption, with 77% of cybersecurity professionals comfortable letting these systems take action without human review. Adoption is happening fast. Demand for people capable of managing that adoption is growing accordingly. And the talent pool, predictably, has not caught up.</p><p>“Hybrid skills” is the operative phrase right now. Research finds that 59% of security professionals expect demand for hybrid skills to climb over the next three to five years. What hybrid means here is pretty specific. You need someone who understands attack surfaces and can also interrogate why a model behaved the way it did. </p><p>That same person has to have compliance literacy and be able to evaluate whether a deployed system is drifting from its intended behavior. And also be able to talk to engineers about adversarial inputs in the morning and to a general counsel about regulatory exposure in the afternoon. </p><p>That's a lot of capability for one job description. But it’s what’s happening.</p><h2 id="active-demand-and-under-supplied">Active demand and under-supplied</h2><p>This profile barely existed as a hiring category two years ago. Today it's in active demand and naturally under-supplied. According to the World Economic Forum, only 14% of organization's have the skilled talent they need to meet their cybersecurity objectives. </p><p>And that figure becomes more uncomfortable when you remember that the bar keeps moving. AI literacy is now part of meeting cybersecurity objectives. A team that was adequate 18 months ago may not be adequate now, through no fault of their own.</p><p>External recruiting is not going to be a panacea for most companies. The supply of candidates who already combine deep security expertise with AI fluency and regulatory awareness is thin enough that aggressive hiring against this profile produces long, expensive vacancies and a lot of bruised hiring managers. </p><p>Which means most companies will have to grow these professionals internally. That looks like routing existing security staff through AI literacy training, embedding compliance professionals with model engineering teams, or rotating talent across both functions deliberately enough that the hybrid skill set develops as a byproduct.</p><p>This is a longer game than most CISOs and HR leaders want to play. </p><h2 id="a-real-opportunity-for-cybersecurity-professionals">A real opportunity for cybersecurity professionals</h2><p>Understandably, at least on the surface. It produces dividends in 12 to 24 months, in a discipline where the threat surface changes every month. </p><p>But the alternative is worse. Continuing to hire based on the old talent profile means continuing to deploy AI systems that nobody on the security team is fully equipped to govern, which means continuing to accumulate organizational risk that compounds quietly until it surfaces all at once. And it always surfaces.</p><p>There is a real opportunity buried in this for cybersecurity professionals reading the same data. It used to be that a career path like this one would plateau around senior analyst or security architect. Now it extends into AI risk leadership, AI governance, model security and adjacent roles that essentially didn’t exist as career destinations three years ago. </p><p>If you're a practitioner who adds AI literacy to existing security depth, you are positioning yourself for roles that are scarce, valuable and likely to remain so for at least the rest of the decade.</p><p>For employers, the takeaway probably feels less shiny, but it’s no less urgent. </p><h2 id="the-cybersecurity-workforce-of-2030">The cybersecurity workforce of 2030</h2><p>The cybersecurity workforce of 2030 is being trained right now, mostly by companies willing to invest in development before the market makes it cheap to hire ready-made talent. </p><p>There may not be an explosion of market talent, because they’re already in house. That means you really can’t wait around for these unicorn skill sets to hit the talent market. Instead, you have to cultivate them.</p><p>Look at your existing security and compliance teams. Find the people with curiosity about how AI systems work. Invest in them now.</p><p>The organizations that move first will be the ones best prepared to secure what comes next.</p><p><a href="https://www.techradar.com/best/best-hr-software"><em>We've reviewed and ranked the best HR software</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 81 million login attempts hit Microsoft 365 accounts as hackers try password-spraying to force entry using stolen credentials and OAuth to bypass authentication ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/81-million-login-attempts-hit-microsoft-365-accounts-as-hackers-try-password-spraying-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication</link>
                                                                            <description>
                            <![CDATA[ The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">d8vfHgQqzay2L4VV6dTngh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 17:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft 365]]></media:description>                                                            <media:text><![CDATA[Microsoft 365]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft 365]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>A password-spraying attack successfully breached Microsoft 365 accounts</strong></li><li><strong>The hackers abused improperly configured conditional access policies to bypass MFA</strong></li><li><strong>Many organizations targeted had no MFA implemented</strong></li></ul><p>Hackers have used previously leaked credentials to target Microsoft 365 accounts in a password-spraying attack that resulted in over 81 million login attempts during a two-week period.</p><p>The attackers then abused the improperly implemented Conditional Access policies within the Resource Owner Password Credentials (ROPC) OAuth mechanism using Azure command-line interface (CLI), allowing the hackers to bypass authentication altogether when a matching username and password was discovered.</p><p>Cybersecurity company <a href="https://www.huntress.com/blog/lshiy-password-spray-attack" target="_blank">Huntress</a> observed the attack campaign as it targeted customers and noted that 78 Microsoft accounts across 64 organizations were compromised between June 12 and 26 2026.</p><h2 id="hackers-access-365-accounts-without-authentication">Hackers access 365 accounts without authentication</h2><p>The success of the attack ultimately came down to how well organizations had implemented Conditional Access policies relating to multi-factor authentication. </p><p>“Many of the compromised businesses had implemented multi-factor authentication (MFA) via a Conditional Access Policy (CAP), but the MFA was not configured to cover this specific flow that attackers used,” Huntress explained, referring to the exploitation of ROPC.</p><p>“ROPC is considered problematic for several reasons, but one of those reasons is that it doesn't offer support for modern auth flows like MFA or SSO. That means, as we saw in this campaign, ROPC sends the password straight to the /token endpoint with no interactive MFA prompt.”</p><p>Several of the organizations that were breached did not enforce an MFA policy at all, with others only applying MFA for specific user groups such as administrators. In other cases, a login attempt only required MFA when the traffic was coming from an untrusted location, meaning that MFA was not enforced if the connection was coming from a trusted IP address. Additionally, some organizations had only enforced MFA in report-only mode, meaning that the MFA policies were never actually applied.</p><p>In order to protect against attacks of this kind of attack, Huntress recommended the following mitigations:</p><ul><li>Organizations should implement MFA for All Users, All Cloud Apps, and All Client App types</li><li>The Azure CLI application should be restricted from use by non-admin users</li><li>Response to the attack should be made on credential validity, rather than spray volume</li></ul><p>Via <a href="https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-365-accounts-with-81-million-login-attempts/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘100% of Hide My Email addresses were exploitable’: Apple’s security feature can be duped into supplying the real contact info — and the bug has remained unpatched for over a year ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/100-percent-of-hide-my-email-addresses-were-exploitable-apples-security-feature-can-be-duped-into-supplying-the-real-contact-info-and-the-bug-has-remained-unpatched-for-over-a-year</link>
                                                                            <description>
                            <![CDATA[ The bug was reported to Apple over a year ago, but still nothing has been done. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8zAuVdPwPxYpCY6BAjr9eN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 13:57:57 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg">
                                                            <media:credit><![CDATA[Apple / 9to5Mac]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:description>                                                            <media:text><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:text>
                                <media:title type="plain"><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Apple Hide My Email can reveal a user's authentic email address</strong></li><li><strong>The bug puts users at risk of identification, experts warned</strong></li><li><strong>It has been unpatched for over a year</strong></li></ul><p>A bug in Apple’s ‘Hide My Email’ feature allows for those with knowledge of the vulnerability to identify the real email address hidden behind the anonymous email address.</p><p>The bug was discovered by EasyOptOuts co-founder, Tyler Murphy, who shared the exploit with <a href="https://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses/" target="_blank"><em>404 Media</em></a> after notifying Apple multiple times that the feature could be actively exploited.</p><p>“We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer,” Murphy said.</p><h2 id="hide-my-email-can-be-actively-exploited">Hide My Email can be actively exploited</h2><p>As the bug still hasn’t been patched, the details of how the exploit works have not been shared. </p><p>Apple’s Hide My Email feature was designed to anonymize email addresses, helping to prevent a user’s real email address from being leaked in a data breach, or to prevent a user’s email address from being linked to them personally in a way that could reveal their identity.</p><p>There lies the crux of the issue. By being able to identify the real email address by exploiting the bug, a malicious actor could uncover the real identity of the anonymized email.</p><p>“Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy said. “We don't know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable.”</p><p>Users concerned about being identified via people-search sites can use a <a href="https://www.techradar.com/pro/best-data-removal-services-of-year" target="_blank">data removal service</a> to have their data scrubbed from these sites, but the process can take a few days.</p><p>The issue was first reported to Apply by Murphy in June 2025, with Apple replying a month later that it was looking into the cause of the issue. Earlier this year, in March, Apple said that it had “addressed the reported issue in a recent system change,” but Murphy found that the bug could still be exploited.</p><p>Again, Murphy notified Apple, who replied in May 2026, stating, “We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products."</p><p>Later in the same month, Apply said a fix was “expected in the coming weeks."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Mythos shows why AI governance must catch up to the speed of risk discovery ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/mythos-shows-why-ai-governance-must-catch-up-to-the-speed-of-risk-discovery</link>
                                                                            <description>
                            <![CDATA[ AI is accelerating risk discovery, forcing businesses to confront governance gaps before exposures multiply further. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ncNMKuuTQS72zbp55mcDnZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 10:59:02 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Richard Marcus ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:description>                                                            <media:text><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:text>
                                <media:title type="plain"><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The debate around Anthropic’s Mythos has understandably focused on model safety, but for businesses the more important lesson may be one of <a href="https://www.techradar.com/best/best-ai-tools">AI</a> governance. </p><p>Mythos points to a problem most organizations are not currently built to manage: AI can now help uncover weaknesses faster than businesses can assess, prioritize and remediate them. Security vulnerabilities have always existed across software, infrastructure, supplier relationships, data flows and internal processes. </p><p>What has changed is not the existence of risk, but the speed at which it can now be discovered and the pressure that places on organizations to decide what matters most, who owns the response and how quickly action needs to be taken.</p><p>For large technology companies with deep security research capability, that acceleration may be difficult but manageable. For many other businesses, particularly smaller organizations, the challenge is very different. They are exposed to the same shift in risk discovery, but without anything close to the same resources, specialist teams or remediation capacity to absorb it.</p><p>At a time when organizations are already dealing with a flow of serious cyber attacks, this cannot be treated as a security issue alone. It is becoming a governance issue too, because greater visibility into risk only improves resilience if the business has the structure, accountability and confidence to act on what it finds.</p><h2 id="when-discovery-outpaces-response">When discovery outpaces response</h2><p>As more weaknesses are surfaced, the real bottleneck shifts from detection to prioritization, and then ultimately remediation. Recent data shows that 34% of leaders cite employees inputting sensitive data into AI systems as their top concern, while 21% attribute risky behavior to insufficient training and a further 21% to the pressure to act quickly.</p><p><a href="https://www.techradar.com/news/best-internet-security-suites">Security</a> teams may be the first to see an issue, but they cannot resolve it in isolation. Someone has to determine which systems are most critical, which vulnerabilities create genuine business exposure, and which risks can be tolerated for a period of time. These are not purely technical decisions. They involve operations, legal, procurement, compliance, engineering and senior leadership.</p><p>This is why Mythos should be read as a governance signal. It shows how quickly technical discovery can create organizational pressure. If a business cannot clearly answer who owns the response, how issues are escalated and when leadership needs to make an explicit risk decision, then faster discovery does not necessarily make the organisation safer. It may simply reveal the places where governance was already weak.</p><h2 id="unknown-risk-is-still-accepted-risk">Unknown risk is still accepted risk</h2><p>One of the most important shifts businesses need to make is in how they think about unknown risk. Very few organizations have perfect visibility across every system, supplier and process, and security teams have always understood that some level of unknown risk exists.</p><p>What AI changes is the speed and scale at which that risk can be brought to the surface. As discovery becomes faster, broader and more continuous, organizations can quickly find themselves with more issues than they have the capacity to triage or fix.</p><p>That creates an uncomfortable reality. If a vulnerability exists in the organisation, the business is carrying it whether or not it has been formally recorded, reviewed or approved. Unknown risk is still accepted risk, even when that acceptance is accidental.</p><p>Risk discovery only creates value when it leads to better-informed decisions. Without a clear operating model, businesses are left with a widening gap between what they know, what they can fix and what they are implicitly choosing to tolerate.</p><p>Organizations need to understand which systems matter most, which suppliers are critical, who is responsible for remediation and when leadership needs to decide whether a risk should be fixed, monitored, transferred or accepted. That does not mean every business needs to build a program on the scale of Project Glasswing, but it does mean they need a more disciplined way of turning visibility into action.</p><h2 id="closing-the-governance-gap">Closing the governance gap</h2><p>The practical response is to treat AI-driven risk discovery as more than a security workflow. Security teams need the capability to detect, validate and investigate weaknesses, but governance determines what happens after that. It defines ownership, escalation, prioritization and accountability, and prevents risk decisions from being made informally, inconsistently,  too late or not at all.</p><p>This means governance has to move closer to day-to-day operations. It cannot sit only in policy documents, periodic reviews or committee structures. It needs to influence the decisions people make in the systems they use every day, whether they are approving a supplier, deploying a tool, handling sensitive data or responding to a newly discovered weakness.</p><p>This is where governance becomes a practical business capability rather than a compliance exercise. A strong program should help the organization understand what has been found, how serious it is, who owns the response, what action is being taken and how quickly progress can be shown.</p><h2 id="conclusion">Conclusion</h2><p>Mythos matters because it points to a future where risk discovery becomes more difficult to contain within traditional security processes. Finding weaknesses earlier gives organizations a better chance of addressing them before attackers exploit them, but discovery on its own is not enough.</p><p>The organizations that handle this shift well will not necessarily be those that surface the most issues. They will be the ones that can decide what matters, assign ownership and act with enough speed to reduce exposure.</p><p>AI is magnifying the gap between what organizations know and what they are able to govern. Closing that gap will decide whether greater visibility becomes a source of resilience or simply another source of pressure.</p><p><em></em><a href="https://www.techradar.com/best/best-antivirus"><em>We've ranked and reviewed the best antivirus software available</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft Teams has a slightly creepy new feature which will watch and listen to your meetings — but thankfully only if you let it ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/microsoft-teams-has-a-slightly-creepy-new-feature-which-will-watch-and-listen-to-your-meetings-but-thankfully-only-if-you-let-it</link>
                                                                            <description>
                            <![CDATA[ A new Microsoft Teams AI tool promises to help with knowledge gaps, but says it will have to listen and watch to all your meetings first. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">tTRMxw2Y6Xvq9fjG9E62LQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 10:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Mike Moore ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vinm2oPWMvB8yMg7qLhtxg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C technology journalist for nearly a decade, including at one of the UK&#039;s leading national newspapers and fellow Future title ITProPortal, covering everything from cybersecurity to phone reviews to VR at the Winter Olympics.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;Mike is the main editorial contact for TechRadar Pro, responsible for the news content across the site, as well as managing the contributed content. PRs looking to pitch news stories, bylines/analysis pieces or event invitations should get in contact via the email address mentioned above.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;He has a Masters degree in American Studies from the University of Nottingham, along with a BA in American &amp;amp; English Studies from the same institution. When he&#039;s not keeping track of all the latest enterprise and workplace trends, he can most likely be found watching, following or taking part in some kind of sport.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Teams logo on smartphone]]></media:description>                                                            <media:text><![CDATA[Microsoft Teams logo on smartphone]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Teams logo on smartphone]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft Teams reveals more on new Facilitator AI tol</strong></li><li><strong>Facilitator will monitor your Teams meetings and act as a manager and assistant</strong></li><li><strong>It can help fill in knowledge gaps, but raises concern over privacy</strong></li></ul><p>Microsoft Teams is set to roll out Facilitator, a new AI-powered tool which will look to help better manage your calls, and fill in any potential knowledge gaps which pop up during a meeting.</p><p>However, in order to do so, the tool will need to be activated to listen and watch all of your meetings, so it knows when to interfere and chip in.</p><p>This has already led some observers to worry about the tool's privacy and security limits, but Microsoft says the tool will be turned off by default, meaning users will actively have to switch it on.</p><h2 id="bots-in-teams">Bots in Teams</h2><p>“We are introducing a new Microsoft Teams Facilitator capability that proactively detects and resolves knowledge gaps during meetings,” an update on the company's admin portal <a href="https://support.microsoft.com/en-us/teams/copilot/facilitator-in-microsoft-teams-meetings" target="_blank" rel="nofollow">noted</a>. </p><p>“Facilitator can identify when participants ask questions or express uncertainty and retrieve and share relevant answers using web search in the meeting chat.”</p><p>The company laid out a host of possible use cases where Facilitator may come in handy - such as monitoring an agenda in a meeting invite to help keep everyone on track, displaying the information in a sidebar.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1500px;"><p class="vanilla-image-block" style="padding-top:58.00%;"><img id="XBq2pHUebaJMUBrf9ADq6J" name="Microsoft-Teams-Facilitator" alt="Microsoft Teams Facilitator tool" src="https://cdn.mos.cms.futurecdn.net/XBq2pHUebaJMUBrf9ADq6J.jpg" mos="" align="middle" fullscreen="" width="1500" height="870" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>Facilitator can also start a timer to make sure everyone stays focused on the key points of an agenda, which can be lengthened, paused or reset depending on the need. Anyone joining the call late can ask the tool for a quick summary of what has already been discussed, and quickly search for relevant information.</p><p>It can also create a document based on a particular topic discussed during a call, helping kick-start a new project or brainstorm ideas, as helping you manage any action items assigned by capturing details in the Notes app.</p><p>For those on the move, Facilitator can also instantly capture, transcribe, and organize in-person meeting notes, complete with speaker distinction and actionable recaps, directly from your mobile device.</p><p>Once a call is done, Facilitator can also review any content it generated during the meeting, which can be accessed in a separate recap menu, and shared among participants.</p><p>Facilitator is in public preview for selected customers now - the company added that a Microsoft 365 Copilot license will be required to add Facilitator to a meeting or turn it on during a meeting. However, any meeting participant (excluding external participants) can see all real-time updates in Chat and Notes.</p><p>Via <a href="https://www.windowslatest.com/2026/07/02/microsoft-teams-new-controversial-ai-will-listen-to-your-meetings-and-answer-before-you-ask-but-it-wont-be-turned-on-by-default/" target="_blank"><em>WindowsLatest</em></a></p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="middle" fullscreen="" width="676" height="213" attribution="" endorsement="" class="inline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The security alerts you ignore are the ones that matter ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/the-security-alerts-you-ignore-are-the-ones-that-matter</link>
                                                                            <description>
                            <![CDATA[ Ignoring security alerts is a dangerous strategy. Here are the steps to reduce the risk. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">AE8bY5akSRXXXEgKgrhpTZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YQaVTQE6JAfu6bvPgwmd5U-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 08:53:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Mitchem Boles ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YQaVTQE6JAfu6bvPgwmd5U-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Phone malware]]></media:description>                                                            <media:text><![CDATA[Phone malware]]></media:text>
                                <media:title type="plain"><![CDATA[Phone malware]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YQaVTQE6JAfu6bvPgwmd5U-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>With alert volumes running into the hundreds of thousands, <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> teams have built habits around what to ignore. And attackers have learned to exploit them.</p><p>For years, security operations centers (SOCs) have dealt with sorting through the noise of security alerts by prioritizing vulnerabilities based on severity level. </p><p>As the enterprise technology stack became more complex with a growing number of endpoints, cloud infrastructure, and multiple identity systems, it became impractical, if not impossible, for SOCs to address every single alert that got flagged.</p><p>As a result, most teams have adopted an approach where they focus their efforts on mitigating the medium- and high-severity alerts and dismissing or deprioritizing those flagged as lower risk. </p><p>However, just because a threat is deemed “low risk” doesn’t mean it’s “no risk.” Recent large-scale analysis of enterprise security alerts found that around 1% of all incidents can be traced back to alerts initially categorized as low severity. </p><p>For an average enterprise with 450,000 alerts per year, this translates to approximately one real threat slipping by each week. Although the percentage sounds small, it does represent a number of real threats that are being dismissed instead of being addressed by security teams. </p><p>These findings challenge the current best practice of prioritizing alerts based on severity level. They raise a critical question for today’s security teams: how can they realistically consider low-severity alerts while managing the high volume of alerts they’re receiving every day?</p><h2 id="real-threats-are-hiding-in-the-noise">Real Threats Are Hiding in the Noise </h2><p>Companies get hundreds of thousands of security alerts every year, and that number can rise to over a million for the largest enterprises. At this scale, security teams might be dealing with thousands of alerts every single day, so it’s no surprise that several recent studies have found that over half of alerts are never even reviewed. </p><p>Given this volume, triaging alerts by severity has been a necessity to sort through the noise. Instead, SOCs focus their efforts on the threats that appear most impactful and urgent. This makes sense, of course, as it would be unwise (and potentially dangerous) to ignore a critical alert in favor of a low-risk anomaly that likely will never amount to anything. </p><p>However, when these low-severity alerts are ignored, they create the opportunity for real threats to persist undetected. </p><h2 id="attackers-favor-stealth">Attackers Favor Stealth </h2><p>Threat actors would prefer to sneak in and remain hidden, quietly carrying out their attacks for as long as possible. Instead of launching high-impact attacks that would immediately raise alarm bells, they gain access and try to remain undetected so that they can move laterally throughout a <a href="https://www.techradar.com/best/best-network-monitoring-tools">network</a>, escalating privileges and extracting data over time without raising suspicion. </p><p>Severity classifications don’t always reflect this reality. Alerts are typically categorized based on a number of factors, including how critical an affected system is, the impact if that system were to go down, known threat actor activity, and how confident the security system is that malicious activity is taking place. </p><p>For example, detection of mass file <a href="https://www.techradar.com/best/best-encryption-software">encryption</a> might be categorized as a high-severity alert because it indicates <a href="https://www.techradar.com/best/best-ransomware-protection">ransomware</a> execution, whereas a suspicious PowerShell command might be low severity because it could just as easily be legitimate activity from an admin. Yet in practice, that PowerShell command could be from an attacker downloading payloads, establishing persistence, or running recon within the environment. </p><p>In many cases, major security incidents are the result of a string of multiple low-severity actions that don’t appear malicious individually. This allows the attacker to continue conducting their activities for weeks or even months without being noticed. </p><h2 id="rethinking-alert-triage-in-the-soc">Rethinking Alert Triage in the SOC</h2><p>The challenge for modern SOCs is not only to work faster but to work with more complete information. Treating alerts as isolated events, each evaluated on its own merits and severity score, is a structural limitation that threat actors have learned to exploit.</p><p>Low-severity alerts rarely tell a complete story on their own. A login anomaly, a suspicious script execution, a privilege change, each one individually may be inconclusive or entirely benign. But when those signals appear across the same user, system, or time window, they describe something far more concerning. The ability to surface that pattern depends on whether the investigation goes looking for it.</p><p>This requires two shifts in how security teams operate. The first is contextual. Alerts need to be analyzed against what else is happening in the environment, not just against the criteria that triggered the original detection. The second is coverage. Teams cannot build a complete behavioral picture if a large portion of signals never get examined at all. When low-severity alerts are systematically skipped, the picture has gaps, and those gaps are where attackers persist.</p><p>The practical implication is that alert triage can no longer rely solely on human capacity to determine what gets investigated. The volume problem is real, and severity-based prioritization exists for good reason. But the teams best positioned to catch early-stage threats are those that have found ways to extend consistent investigative coverage across the full alert stream, not just the top tier, and correlate what they find into a coherent view of attacker behavior over time.</p><p>The question is no longer whether low-severity alerts deserve attention. The data shows they do. The question is how to build an operation that can actually give it to them.</p><p><em></em><a href="https://www.techradar.com/best/best-antivirus"><em>We feature the best antivirus software</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The developer device is the new supply chain attack blind spot ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/the-developer-device-is-the-new-supply-chain-attack-blind-spot</link>
                                                                            <description>
                            <![CDATA[ Trusted developer tools are becoming the new path into enterprise software environments. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9DQ5gTWaf3VKAiWNrVj5FV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7DtE9RCVmUtmH2FAfvxsvM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 14:02:22 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Willem Delbare ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/7DtE9RCVmUtmH2FAfvxsvM-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Malware attack virus alert , malicious software infection , cyber security awareness training to protect business]]></media:description>                                                            <media:text><![CDATA[Malware attack virus alert , malicious software infection , cyber security awareness training to protect business]]></media:text>
                                <media:title type="plain"><![CDATA[Malware attack virus alert , malicious software infection , cyber security awareness training to protect business]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7DtE9RCVmUtmH2FAfvxsvM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The software supply chain has had a brutal run. </p><p>In the past few months, we’ve seen attacks against Axios, Trivy, LiteLLM, SAP, Vercel, and a new Mini Shai-Hulud campaign that has impacted a long list of packages that includes TanStack, UiPath, and Mistral AI. </p><p>Then GitHub confirmed that attackers had accessed nearly 3,800 internal repositories after a poisoned VS Code extension landed on a single employee’s <a href="https://www.techradar.com/news/best-business-laptops">laptop</a>. </p><p>The extension was Nx Console, a legitimate tool with 2.2 million installs and a verified publisher badge, compromised using a stolen token from a separate supply chain attack. </p><p>The malicious version was live on the marketplace for just eighteen minutes, but auto-update had already pushed it to running editors during that window.</p><p>These attacks came through different doors. </p><p>A browser extension, a worm in the package registry, a poisoned IDE plugin. But they all landed on the same thing: a developer’s machine. GitHub is not a careless company. </p><p>If this can happen to the platform that hosts most of the world’s source code, it can happen to anyone.</p><h2 id="developers-are-now-the-primary-target">Developers Are Now the Primary Target</h2><p><a href="https://www.techradar.com/best/best-linux-distro-for-developers">Developers</a> have become one of the most valuable targets in the software supply chain because they hold cloud credentials, SSH keys, npm publish tokens, Kubernetes configs, and direct access to source code. A single compromised credential can be enough to publish malicious packages or trigger downstream compromises across thousands of organizations. </p><p>The rise of AI-driven development is also contributing to the challenge in two ways. First, coding agents working on <a href="https://www.techradar.com/news/best-laptop-for-programming">developers’ laptops</a> are pulling packages and adding skills with little to no human oversight over what gets installed, which, of course, further increases the attack surface on the developer device. </p><p>Second, it has dramatically lowered the barrier to entry to carry out supply chain attacks because what used to require real skill and deep technical knowledge now only requires an <a href="https://www.techradar.com/computing/artificial-intelligence/best-llms">LLM</a> subscription. More skilled attackers are also using AI to conduct increasingly sophisticated attacks that scale faster than security teams can respond.</p><p>For years, supply chain security meant securing the infrastructure that code passes through, like registries and build pipelines and CI/CD systems. Those layers still matter, but the vulnerability now starts earlier, on the developer's device, before code ever enters shared infrastructure. </p><h2 id="traditional-endpoint-protection-is-inadequate">Traditional Endpoint Protection Is Inadequate</h2><p>Despite the sensitive content on developer machines and the growing risks they face, most enterprises still secure them the same way they secure any standard corporate employee laptop: including traditional <a href="https://www.techradar.com/news/best-endpoint-security-software">endpoint protection</a> (EDR) for detecting threats on the operating system and mobile device management (MDM) for managing what gets installed. </p><p>The problem is that most of what developers do day-to-day happens above the OS, through package managers, <a href="https://www.techradar.com/best/best-ide-for-python">IDE</a> marketplaces, browser extensions, and AI tools. These are mostly invisible to EDR and MDM. A malicious npm package running a post-install script doesn’t register. </p><p>A compromised VS Code extension quietly exfiltrating credentials doesn’t register. An AI <a href="https://www.techradar.com/best/browser">browser</a> plugin with over-permissioned OAuth access doesn’t register. These tools weren’t designed for how software development works today. </p><h2 id="companies-are-stuck-choosing-between-bad-options">Companies Are Stuck Choosing Between Bad Options</h2><p>As a result, most companies find themselves trying to defend the developer endpoint with approaches they’d prefer not to have to use. </p><p>Some block everything, drawing a hard line between developers and the open internet. This can work in highly regulated environments like financial services, but it kills development speed everywhere else. This approach is so restrictive that developers in these environments often find workarounds like second laptops and disabled VPNs, which makes the security posture worse than if you’d done nothing. </p><p>Many companies go the other direction and allow developers to install everything they need and hope nothing goes wrong. Given the issues I just listed, this approach is extremely risky (and pretty much indefensible). </p><p>Others try a third path, manually approving install requests on a case-by-case basis. While this precision is effective from a safety and developer needs standpoint, it’s impossible to scale. </p><h2 id="the-industry-is-solving-the-wrong-problem">The Industry Is Solving the Wrong Problem</h2><p>Most of the supply chain <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> conversation right now is about detection. How fast can you identify a malicious package? How quickly can you flag a compromised extension? These are reasonable questions, but they miss something important.</p><p>Look at the GitHub breach. The malicious Nx Console extension was identified and pulled within eighteen minutes. That's genuinely fast. But it didn't matter, because auto-update had already distributed the compromised version to running editors during that window. Detection told you something bad existed. It didn't stop it from landing on developer machines.</p><p>The more useful question is: how do you stop something from reaching the device in the first place? A cooldown period, a delay between when a new version is published and when it's allowed to install, would have prevented the GitHub breach entirely. </p><p>If your policy says "don't auto-install anything published less than 48 hours ago," the malicious Nx Console version never reaches a single device. That's a basic timing rule that buys the ecosystem the window it needs to catch problems before they land.</p><p>The same thinking applies more broadly. Know what's installed across every developer machine. Set policies around which packages, extensions, and plugins are allowed. When a developer needs something outside the policy, give them a way to request it that's fast enough they don't route around it.</p><p>None of this means making developer environments sterile. Modern software development depends on open source, third-party tools, and increasingly on AI agents. Developers need freedom to work. But that freedom should be visible and governed, not invisible.</p><h2 id="the-first-domino">The First Domino</h2><p>The developer device is the first domino in the software supply chain. Every major breach I've described in this piece started there. Not in a pipeline or in production.</p><p>The fixes aren't complicated. The cost of ignoring them is. The industry has spent years shifting security left into the pipeline. It's time to shift it all the way to the device.</p><p><em></em><a href="https://www.techradar.com/news/best-business-monitor"><em>We've reviewed and ranked the best business monitors</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ This new tool can let you ask Claude if that 'too good to be true' online offer is actually a scam ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/this-new-tool-can-let-you-ask-claude-if-that-too-good-to-be-true-online-offer-is-actually-a-scam</link>
                                                                            <description>
                            <![CDATA[ Norton's scam detection will let you ask Claude whether an email or online deal looks suspicious without leaving the AI chatbot. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oiyS6nwHQLbUz3BVKzPJj6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 12:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg">
                                                            <media:credit><![CDATA[Norton]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Norton Genie in Claude]]></media:description>                                                            <media:text><![CDATA[Norton Genie in Claude]]></media:text>
                                <media:title type="plain"><![CDATA[Norton Genie in Claude]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Norton's scam detection tools are now available in Claude and ChatGPT</strong></li><li><strong>Users can ask their preferred AI chatbot about the legitimacy of an email, text, website</strong></li><li><strong>Most threats consumers face now come from scams, phishing and fake ads</strong></li></ul><p>Claude is the latest AI assistant to get access to <a href="https://www.techradar.com/vpn/vpn-services/nordvpns-new-tool-helps-you-spot-online-scams-and-its-free-for-everyone">Norton's Genie scam detection tool</a> following its available for ChatGPT customers earlier this year.</p><p>Available across all Claude subscription tiers, Genie gives users access to scam detection capabilities and other cyber safety tips and advice.</p><p>Norton says its tool can analyze suspicious emails, texts, messages, images and links using its "multi-layered" detection intelligence.</p><h2 id="norton-scam-detection-now-available-in-claude-chatgpt">Norton scam detection now available in Claude, ChatGPT</h2><p>"AI assistants are becoming part of how people make decisions and evaluate information online," Head of Products and Portfolios Travis Witteveen noted, hinting that the increased prevalence of AI assistants.</p><p>"By bringing Norton Genie into even more AI platforms like Claude and ChatGPT, we’re making trusted Cyber Safety intelligence available directly in those moments to help people make more confident decisions in real time."</p><p>The company explained that Genie looks for language patterns, social engineering tactics, urgency cues, impersonation attempts, and requests for sensitive information. It also checks URLs and analyzes domains to confirm whether a user should click on the link.</p><p>When the tool launched for ChatGPT in March 2026, Norton described it as the "world's first AI-powered scam detector." Users can start conversations by tagging @Norton and asking questions like whether an email looks legit or if an online offer looks like a scam.</p><p>The company's own reporting reveals that nine in 10 threats targeting people in 2025 came from scams, phishing and fake advertisements.</p><p>So far, Norton looks to be the only security company offering direct AI chatbot integration to provide accurate insights into threat detection.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Who decides when a cyber AI tool is safe to deploy? ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/who-decides-when-a-cyber-ai-tool-is-safe-to-deploy</link>
                                                                            <description>
                            <![CDATA[ As AI cyber threats grow, organizations need trained teams, not just stronger tools. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vMsnJXdsYP8jwJDqFuSBhV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 10:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Phil Chapman ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:description>                                                            <media:text><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:text>
                                <media:title type="plain"><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>OpenAI and Anthropic are publicly disagreeing about whether their new <a href="https://www.techradar.com/best/best-ai-tools">AI</a> cyber tools should be shared with European regulators. </p><p>OpenAI has offered Brussels access to its model. Anthropic is holding back, with Commission talks described as being at a different stage. Both have framed their position as the responsible one, and both arguments have merit.</p><p>But whether openness or restriction is the right call is ultimately a policy question and one that will take time to resolve. For organizations managing cyber risk today, the more immediate question is whether the teams are equipped to handle what these tools can already do.</p><p>AI systems can now autonomously carry out multi-step cyberattack tasks in controlled environments. Anthropic's Mythos completed a 32-step simulated corporate attack in testing. </p><p>Before it existed, no AI had ever done that in this type of full-chain simulation. Regulatory access to that kind of model matters for policy development. But the organizations that will be on the receiving end of attacks it enables are not waiting for that process to conclude.</p><p>The question of who decides when a powerful cyber tool is safe to deploy is important. But responsible deployment cannot just mean responsible release. It also means ensuring the organizations expected to defend against these capabilities actually have the people and skills to do so. </p><h2 id="most-organizations-are-underprepared">Most organizations are underprepared</h2><p>Recent UK survey data found that only 27% of UK organizations are fully prepared for AI-powered attacks. Seven in ten are operating with partial or no AI-specific readiness, even though the vast majority of senior leaders already recognize that AI is increasing their risk. The awareness is there. The preparation is not keeping pace with it.</p><p>Part of the issue is that <a href="https://www.techradar.com/best/best-online-cyber-security-courses">cyber security</a> has long been treated as a technical problem with a technical solution. Buy the right tools, run the right software and you are covered. AI fundamentally changes that assumption. </p><p>When attack tools can learn, adapt and probe defenses continuously, finding weaknesses, failing and trying again without getting tired, the humans on the other side need to be able to keep up. That requires expertise, not just familiarity with a dashboard.</p><h2 id="the-skills-gap-is-an-operational-risk">The skills gap is an operational risk</h2><p>AI identifying a vulnerability is only the first part of the problem. Someone still needs to understand what they are looking at, assess how serious it is, prioritize it against everything else on their plate and act quickly. That judgement does not come from a tool. </p><p>It comes from trained, experienced people who have built that capability over time. This is especially important as AI-generated attacks become harder to distinguish from legitimate activity. Threat recognition at speed requires pattern-matching built through experience and training, not simply access to the right <a href="https://www.techradar.com/best/best-small-business-software">software</a>. </p><p>The data supports this. Among organizations that have invested in ongoing certification training, 86% report a measurable reduction in cyber risk, with an average reduction of nearly 48%. Certified teams also recover faster when something goes wrong. </p><p>Nearly half of UK organizations surveyed experienced at least one attack in the past 12 months, with the financial cost most commonly landing between £100,000 and £199,999 once recovery, downtime, regulatory fines and reputational damage are factored in. </p><h2 id="regulation-is-moving-but-slowly">Regulation is moving, but slowly</h2><p>This is also where the governance question gets more practical. Giving regulators access to frontier AI models is useful for understanding what they are dealing with. But that access is only meaningful if the organizations it is meant to protect have the capability to act on what those models can do. A policy framework built around tools most security teams are not yet equipped to respond to does not close the gap. </p><p>AI <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> standards are still being written. Most security teams have limited awareness of what frameworks even exist, let alone what is coming. The EU AI Act, NIS2 (Network and Information Security Directive 2) and emerging sector-specific guidance are all moving targets. Organizations that build continuous training into how they operate will be better placed to keep up as those requirements take shape.</p><h2 id="the-fix-is-known">The fix is known</h2><p>For most organizations, the question of whether they have the skills in their people to respond when it matters is the gap between awareness of risk and readiness to manage it. </p><p>The investment in trained and certified security professionals has a measurable impact on an organization's ability to deal with attacks. It also builds the kind of internal capability that makes it easier to maintain regulatory compliance as requirements evolve. This isn’t a glamorous answer but the evidence for it is consistent.</p><p>Organizations that view training as a core part of managing cyber risk, rather than something to be revisited after a breach, are generally in a much better place. The tools and the threats will evolve all the time. It is the difference between resilience and vulnerability.</p><p><a href="https://www.techradar.com/vpn/best-vpn"><em>Connect securely online with the best VPN service</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US Secret Service personnel are putting the lives of America’s VIPs at risk by refusing to use government-issued phones — but they might not be up to the job in the first place ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/us-secret-service-personnel-are-putting-the-lives-of-americas-vips-at-risk-by-refusing-to-use-government-issued-phones-but-they-might-not-be-up-to-the-job-in-the-first-place</link>
                                                                            <description>
                            <![CDATA[ The Secret Service isn't abiding by its own guidance, and it could be putting lives at risk. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4PKFD4i7pkjQkzmdZJyAPg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 21:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:description>                                                            <media:text><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:text>
                                <media:title type="plain"><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>US Secret Service personnel are using personal devices while conducting official business</strong></li><li><strong>Personal devices are not secured against the threats faced by Secret Service members</strong></li><li><strong>But government-issued devices aren't equipped for the needs of Secret Service members either</strong></li></ul><p>The Department of Homeland Security inspector general has released a new report which claims the US Secret Service is refusing to use government-furnished equipment (GFE), such as smartphones, because they are not suitable for mission operations. </p><p>The <a href="https://www.oig.dhs.gov/sites/default/files/assets/2026-06/OIG-26-09-Jun26.pdf" target="_blank">report</a> states GFE fails to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals” with the equipment found to contain multiple third-party apps with security vulnerabilities that could expose communications.</p><p>In order to be able to perform effectively, Secret Service members are using personal devices to communicate with law enforcement and each other during missions, but many personal devices are not secured against the threats faced during the protection of America’s VIPs.</p><h2 id="us-government-struggles-to-secure-issued-phones">US government struggles to secure issued phones</h2><p>But using personal devices in professional operations is also highly unsecure. These devices often contain the whereabouts of Secret Service personnel and the targets they are protecting during missions at home and abroad.</p><p>Furthermore, the devices only have the consumer level of cyber protections. As they are not managed or operated by the US government, there is very little protection against commercially available spyware or malware. </p><p>In some cases, personnel used their personal devices as a hotspot for their GFE, or used their personal devices to access websites otherwise blocked on their GFE.</p><p>The report explains: “If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication. Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”</p><p>The main culprit behind Secret Service personnel choosing not to use GFEs was found to be the Secret Service’s Office of the Chief Information Officer (OCIO). According to the report, “GFE mobile devices lacked mission-critical capabilities because Secret Service OCIO’s process for assessing and approving requests did not always correctly identify operational needs.”</p><p>Additionally, the expected protocol for most Secret Service members was to use personal devices, so many avoided navigating the bureaucracy of requesting access to communications apps on their GFE, which in return created a blindspot for the OCIO who were not aware these apps were already being used at such a scale.</p><p>The report further found that no Secret Service GFE was equipped with Mobile Threat Defense software until August 2025, leaving them exposed to “malicious software,</p><p>cyberattacks, and other vulnerabilities.” Critical data was also retained on GFE devices after operatives returned from missions abroad, despite policy stating that devices should be wiped within 24 hours of returning to the US.</p><p>Ultimately, the report makes five key recommendations to the Secret Service in order to improve the security of its operators:</p><ul><li>Introduce a formal policy that ensures all GFE are issued with the required capabilities and software for each mission</li><li>Ensure all employees complete the required cybersecurity training</li><li>Ensure the Secret Service OCIO clearly communicates its guidance that personal devices are forbidden from use during official business</li><li>Ensure controls are implemented to wipe devices in line with OCIO policy for returning personnel</li><li>Subject all GFE mobile app code to an updated vulnerability testing policy</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft takes down over 100 malicious Edge extensions hiding malware in images and fonts ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/microsoft-takes-down-over-100-malicious-edge-extensions-hiding-malware-in-images-and-fonts</link>
                                                                            <description>
                            <![CDATA[ Microsoft says the 119 malicious extensions were downloaded a total of 2.6 million times since 2021. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bnhci9nDQycibFqBVf6SpU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 15:15:00 +0000</pubDate>                                                                                                                                <updated>Wed, 01 Jul 2026 13:07:58 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg">
                                                            <media:credit><![CDATA[Zulfugar Karimov on Unsplash]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:description>                                                            <media:text><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:text>
                                <media:title type="plain"><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>119 malicious Edge extensions flew under the radar</strong></li><li><strong>They installed harmful code days after extension installation</strong></li><li><strong>It's proof that static code review is no longer sufficient</strong></li></ul><p>Microsoft <a href="https://microsoftedge.github.io/edgevr/posts/Inside-StegoAd-How-We-Disrupted-a-Massive-Malicious-Extension-Campaign/" target="_blank">says</a> it has taken down 119 malicious extensions from the Edge Add-ons store after "proactive threat hunting" revealed a campaign that's been dubbed StegoAd.</p><p>As part of the program, the company also had to suspend more than 90 developer accounts associated with the dodgy activity.</p><p>Believed to have been active since at least 2021, it's believed that the malicious browser extensions had been downloaded a total of 2.6 million times.</p><h2 id="microsoft-removes-119-stegoad-malicious-extensions">Microsoft removes 119 'StegoAd' malicious extensions</h2><p>The campaign was so broad that the extensions didn't just occupy one category: ad blockers, VPNs, video downloaders, translators and utility tools like PDF exporters were all ploys for the malicious extensions.</p><p>This particular campaign got its name from the type of tactic used – steganography is the name given to hiding malicious code inside seemingly harmless files. PNG images, SVG graphics and font files had hidden JavaScript embedded inside to bypass traditional antivirus tools and web filtering.</p><p>Once installed, Microsoft says they remained dormant for three to five days to avoid detection before going on to steal browser credentials, redirect users to malicious websites, manipulate affiliate links for financial gain, download additional malicious code and even communicate with C2 servers for updated instructions.</p><p>"The StegoAd campaign demonstrates that browser extensions remain a potent and evolving attack surface," Microsoft wrote, admitting that even its own safeguards had missed these dodgy extensions.</p><p>The report also concludes that static code review alone is no longer sufficient, because extensions and other installations can download malicious code long after they were first installed.</p><p>For developers themselves, Microsoft recommends being as clear as possible by not obscuring code, requesting only the necessary permissions to build trust, and report any suspected impersonation.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/nearly-400-illegal-world-cup-2026-streaming-sites-taken-offline-by-us-doj</link>
                                                                            <description>
                            <![CDATA[ Operation Offsides was a coordinated takedown of sites illegal streaming World Cup games. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Bb9zwqtckkZobw2ECG6Aq6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 13:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Streaming]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images / Michael Regan - FIFA]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:description>                                                            <media:text><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:text>
                                <media:title type="plain"><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>US DOJ has seized nearly 400 domains</strong></li><li><strong>The sites were being used to illegally stream World Cup games</strong></li><li><strong>Users of the sites were exposed to malware, data theft, and other threats</strong></li></ul><p>Almost 400 domains have been seized as part of Operation Offsides - a coordinated global effort to take down sites illegally streaming the FIFA World Cup 2026.</p><p>The sites were seized by the US Justice Department's Criminal Division for violating copyright and intellectual property law.</p><p>The takedowns were coordinated by members of the International Computer Hacking and Intellectual Property (ICHIP) network.</p><h2 id="us-and-friends-enforce-the-offside-rule">US and friends enforce the offside rule</h2><p>Many of the seized domains now display a banner explaining that the website was seized as part of Operation Offsides. “This action was taken to protect consumers and enforce intellectual property rights worldwide,” the banner states.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:628px;"><p class="vanilla-image-block" style="padding-top:60.83%;"><img id="wSkc22iLD5oCmHtsdaH9MZ" name="seizure_banner_fifa_world_cup" alt="A screenshot of the banner uploaded to domains seized by the US DOJ that were illegal streaming 2026 FIFA World Cup games." src="https://cdn.mos.cms.futurecdn.net/wSkc22iLD5oCmHtsdaH9MZ.webp" mos="" align="middle" fullscreen="" width="628" height="382" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: U.S. Justice Department)</span></figcaption></figure><p>Back in May 2026, the FBI warned that thousands of domains were being registered ahead of the World Cup, with most set up with the intention to scam fans looking for cheap tickets, access to streaming services, and those looking for discounted merchandise. It appears that Operation Offside was focused on disrupting streaming sites in particular, rather than taking down the wider scam networks associated with these domains.</p><p>“We have seized hundreds of domains, used to illegally stream World Cup matches for profit, to disrupt the international networks that profit from the global popularity of the World Cup,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.</p><p>“This operation illustrates the Department’s respect for intellectual property rights and the responsibility of the United States as a host nation to protect the FIFA World Cup from criminals. The Criminal Division will continue to disrupt and, where appropriate, seek to prosecute these sites and the subjects responsible for this criminal activity.”</p><p>In many cases, the networks of fake domains offering cheap or free access to streaming services are run by cybercriminals deliberately operating at a loss in order to attract users to their services. In return for accessing the streaming site, the domain will use the user’s local network as an exit node for the cybercriminal network, obscuring their traffic and making it appear legitimate.</p><p>Unfortunately for the user, who may think they have just found <a href="https://www.techradar.com/how-to-watch/football/world-cup-2026-free-anywhere">free access to every World Cup game</a>, their network and IP address could be used to distribute malware, cybercriminal communications, and illegal content such as stolen data and exploitative materials - including child sex abuse material.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AI adoption problems are usually organizational problems in disguise ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/ai-adoption-problems-are-usually-organizational-problems-in-disguise</link>
                                                                            <description>
                            <![CDATA[ Many AI programs underperform because businesses fail to redesign how work happens. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sW6P7rvAAxriZhHUhQk6NQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 13:02:20 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Fynn Feldpausch ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:description>                                                            <media:text><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:text>
                                <media:title type="plain"><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Most large enterprises have already experimented with <a href="https://www.techradar.com/best/best-ai-tools">AI</a> in some form. </p><p>They have tested copilots, automated workflows, analytics platforms, content generation tools and customer service assistants, and initial reactions are often positive. Demonstrations create excitement, leadership teams engage quickly and investment follows.</p><p>Yet many organizations still struggle to move beyond isolated successes. Adoption slows, usage becomes inconsistent and AI initiatives gradually lose visibility inside day-to-day operations. </p><p>What begins as a strategic priority often becomes another innovation program that never fully reshapes the business.</p><p>At that point, organizations frequently conclude that the technology is not mature enough. </p><p>In reality, the bigger obstacle is often structural rather than technical. AI adoption rarely fails because the tools are incapable. </p><p>More commonly, organizations fail to adapt their operating models, incentives and decision-making structures to support meaningful change.</p><h2 id="fragmented-ownership-weakens-adoption">Fragmented ownership weakens adoption</h2><p>One of the biggest barriers to enterprise AI adoption is unclear accountability: technology teams manage <a href="https://www.techradar.com/best/best-infrastructure-management-service">IT infrastructure</a>, governance, security and vendor relationships; innovation teams run pilots; individual business units experiment independently; and senior executives communicate ambition and strategic direction. Yet in many organizations, nobody owns AI adoption from end to end.</p><p>But without clear ownership tied to operational outcomes, AI initiatives often become disconnected from how work actually happens. Teams are encouraged to experiment but lack the authority to redesign processes or redefine how decisions are made. Pilots move forward without long-term accountability and successful experiments fail to scale beyond individual departments.</p><p>As a result, AI can exist inside the organisation without becoming embedded into its operating model. The technology itself may function well, but adoption stalls because no one is responsible for turning experimentation into lasting behavioral change.</p><h2 id="why-technology-teams-cannot-solve-this-alone">Why technology teams cannot solve this alone</h2><p>This challenge becomes particularly visible inside platform, data and IT functions. These teams are frequently tasked with enabling enterprise AI adoption by assessing vendors, integrating systems, securing data environments and establishing governance frameworks. At the same time, they are expected to minimize operational risk and ensure compliance requirements are met.</p><p>However, they rarely control how individual departments actually work. Technology teams cannot independently redesign sales processes, restructure customer support operations or redefine <a href="https://www.techradar.com/best/best-hr-software">HR</a> workflows. They can provide tools and infrastructure, but they are not usually empowered to drive organizational change across business functions.</p><p>That imbalance creates predictable tension. If AI deployments introduce operational or <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> risks, technology teams are held accountable. But if adoption slows because departments resist changing established processes, responsibility becomes far less clear.</p><p>Over time, this dynamic naturally encourages caution. Teams carrying significant risk without the authority to control it often become more conservative in how aggressively they push transformation initiatives forward.</p><h2 id="incentives-matter-more-than-strategy-documents">Incentives matter more than strategy documents</h2><p>Many organizations also underestimate how strongly incentives shape adoption behavior. A customer service team may be encouraged to use AI tools at the same time as being measured primarily on ticket throughput and response speed. <a href="https://www.techradar.com/best/best-content-marketing-tools">Marketing</a> teams may be asked to experiment with AI-generated content while facing scrutiny over even minor inconsistencies in tone or branding. </p><p>Compliance teams could be expected to support innovation even though they’re evaluated almost entirely on risk reduction. In each case, employees respond rationally to the incentives in front of them.</p><p>Meaningful AI integration almost always creates short-term disruption. Teams need time to test workflows, adjust processes and learn how humans and AI systems operate together effectively. <a href="https://www.techradar.com/best/best-productivity-apps">Productivity</a> can temporarily decline before long-term gains become visible.</p><p>If organizations continue rewarding operational stability above all else, employees will avoid experimentation regardless of how ambitious leadership messaging may be.</p><p>This is one reason many “AI-first” strategies struggle to move beyond isolated use cases. Declaring strategic intent is relatively easy. Adjusting performance frameworks, redefining accountability and creating room for experimentation is far more difficult.</p><h2 id="unclear-governance-creates-hesitation">Unclear governance creates hesitation</h2><p>Another major obstacle to adoption is uncertainty around governance and operational boundaries. Many organizations still have not clearly defined what AI represents within their broader operating model. Is it an individual productivity layer? A centrally governed capability? A feature embedded into existing enterprise platforms? Or a specialist function managed by dedicated teams? When those questions remain unanswered, ambiguity spreads quickly.</p><p>Employees become unsure what usage is permitted, while managers struggle to establish consistent expectations. Technology, legal and compliance teams disagree on where accountability begins and ends - and in practice, this uncertainty often slows adoption more than technical limitations do.</p><p>Clear governance does not need to eliminate experimentation. In fact, successful organizations usually balance flexibility with oversight. Employees are far more likely to engage confidently with AI systems when they understand where experimentation is encouraged and where stricter controls apply. Without that clarity, even capable tools can remain underused.</p><h2 id="ai-transformation-is-an-operational-challenge">AI transformation is an operational challenge</h2><p>For CIOs and senior technology leaders, this requires an important shift in perspective. AI transformation is often framed primarily as a technology modernization effort focused on infrastructure, integration and data readiness. Those foundations remain essential. Without them, large-scale deployment is impossible. However, technical readiness alone does not determine adoption outcomes.</p><p>The organizations making meaningful progress with AI tend to treat it as an operational redesign challenge rather than simply a software rollout. They integrate AI into existing workflows, align ownership with accountability and adapt governance structures to support new ways of working.</p><p>This also explains why many AI programs gradually shift from transformational ambitions into smaller experimental efforts. Experimentation is organizationally safer because it avoids forcing structural change. Unfortunately, it also limits long-term impact.</p><p>Successful organizations tend to share several characteristics. They establish clear executive accountability for measurable outcomes linked to AI adoption. Rather than prioritizing short-term stability, they align incentives with workflow evolution. By integrating AI directly into operational systems, they aren’t left to rely on disconnected standalone tools. And they define governance boundaries clearly enough that employees understand how AI should be used.</p><p>Notably, none of these are primarily technical decisions. They are organizational and leadership choices.</p><h2 id="the-real-question-organizations-need-to-answer">The real question organizations need to answer</h2><p>When AI initiatives underperform, organizations often focus first on the technology itself. Vendors are reassessed, models are compared and infrastructure decisions are revisited. Sometimes, those issues do genuinely matter. Often, however, the technology is functioning adequately while the organisation surrounding it has not evolved enough to support adoption at scale.</p><p>That distinction is crucial because organizational barriers are solvable. Accountability can be clarified. Incentives can be redesigned. Governance structures can be simplified. Operational ownership can be aligned more effectively with responsibility.</p><p>Ultimately, adopting AI means changing how work gets done across the business. And that means the question facing enterprises today is no longer whether AI technology is capable enough to deliver value. It is whether they are prepared to redesign themselves around it.</p><p><em></em><a href="https://www.techradar.com/pro/best-employee-management-software-of-year"><em>We list the best employee management software</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft Teams is wants to block bad bots for good ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/microsoft-teams-wants-to-block-bad-bots-for-good</link>
                                                                            <description>
                            <![CDATA[ Better bot blocking is coming to Microsoft Teams to keep your meetings safe. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fbm8YajB7J2sBPS2oeZUZE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 10:05:00 +0000</pubDate>                                                                                                                                <updated>Thu, 02 Jul 2026 08:21:28 +0000</updated>
                                                                                                                                            <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Mike Moore ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vinm2oPWMvB8yMg7qLhtxg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C technology journalist for nearly a decade, including at one of the UK&#039;s leading national newspapers and fellow Future title ITProPortal, covering everything from cybersecurity to phone reviews to VR at the Winter Olympics.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;Mike is the main editorial contact for TechRadar Pro, responsible for the news content across the site, as well as managing the contributed content. PRs looking to pitch news stories, bylines/analysis pieces or event invitations should get in contact via the email address mentioned above.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;He has a Masters degree in American Studies from the University of Nottingham, along with a BA in American &amp;amp; English Studies from the same institution. When he&#039;s not keeping track of all the latest enterprise and workplace trends, he can most likely be found watching, following or taking part in some kind of sport.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Teams logo on smartphone]]></media:description>                                                            <media:text><![CDATA[Microsoft Teams logo on smartphone]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Teams logo on smartphone]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SBzPzhCfwgmSc69ebbGyEi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft Teams is getting better bot protection</strong></li><li><strong>Humans will now need to clear any bots or agents attending a meeting</strong></li><li><strong>Developers will be able to register and pre-clear their agents</strong></li></ul><p>Microsoft is cracking down on bots infiltrating Teams meeting, bringing in a new technology which will let humans check all participants in a call are who they say they are.</p><p>Much like a nightclub bouncer, the new tool will require a human user check the identity of bots in the call's lobby, before the meeting commences.</p><p>The company says it has used a combination of "behavioral and infrastructure signals to identify bots with a higher degree of accuracy” to be able to boost Microsoft Teams' ability "to distinguish between bots and human participants as they join a meeting.”</p><h2 id="bots-in-teams-2">Bots in Teams</h2><p>Rolling out now, the launch comes as transcription and note-taking bots and agents are becoming an increasingly common sight in meetings - ostensibly to help participants recap and recall details, but these unwanted guests could also pose a security and privacy risk.</p><p>“Bots have begun joining meetings that participants never intended them to attend,” wrote Microsoft product marketing manager Meera Ajam wrote in a company <a href="https://techcommunity.microsoft.com/blog/microsoftteamsblog/introducing-smarter-bot-protection-in-microsoft-teams-meetings/4531375" target="_blank" rel="nofollow">blog post</a>. “For example, after connecting a third-party service to a meeting, some users have found that its bot continues joining future meetings automatically.”</p><p>“Admitting a bot should be a deliberate decision, not something that happens by mistake,” Ajam added, noting that multiple clicks from a human will now be required for a bot to be allowed in.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1430px;"><p class="vanilla-image-block" style="padding-top:57.97%;"><img id="yhthRehnKoeti2u3cXjvsP" name="AI Note Taker" alt="Microsoft Teams AI bot protection" src="https://cdn.mos.cms.futurecdn.net/yhthRehnKoeti2u3cXjvsP.png" mos="" align="middle" fullscreen="" width="1430" height="829" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>If this sounds like unwanted extra hassle, then never fear - Microsoft says it has added a way for users to pre-check agents or bots - notably, “a registration path for independent software vendors (ISVs) that build meeting experiences for Microsoft Teams.”</p><p>“When Teams recognizes that marker, it can identify the bot as a known participant,” Ajam wrote.</p><p>This means developers will be able to register with Microsoft to make sure their tools are cleared for use in Teams, with Ajam noting the company is working with "a limited set of ISVs to preview this capability and validate the experience before broader availability.”</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="middle" fullscreen="" width="676" height="213" attribution="" endorsement="" class="inline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ I went inside FIFA's super-secret Technology Command Center for the World Cup — but sadly I can't really tell you too much about what I saw ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/i-went-inside-fifas-super-secret-technology-command-center-for-the-world-cup-but-sadly-i-cant-really-tell-you-too-much-about-what-i-saw</link>
                                                                            <description>
                            <![CDATA[ The FIFA World Cup Technology Command Center was a tech nerd's dream - but you'll just have to believe me. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NBzycvEcGAHKM3WcGZA2UV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tpCFt5LKnMzPmPZF7w9Fa8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 21:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Mike Moore ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vinm2oPWMvB8yMg7qLhtxg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C technology journalist for nearly a decade, including at one of the UK&#039;s leading national newspapers and fellow Future title ITProPortal, covering everything from cybersecurity to phone reviews to VR at the Winter Olympics.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;Mike is the main editorial contact for TechRadar Pro, responsible for the news content across the site, as well as managing the contributed content. PRs looking to pitch news stories, bylines/analysis pieces or event invitations should get in contact via the email address mentioned above.&lt;/p&gt;
&lt;p&gt;&lt;br&gt;&lt;/p&gt;
&lt;p&gt;He has a Masters degree in American Studies from the University of Nottingham, along with a BA in American &amp;amp; English Studies from the same institution. When he&#039;s not keeping track of all the latest enterprise and workplace trends, he can most likely be found watching, following or taking part in some kind of sport.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tpCFt5LKnMzPmPZF7w9Fa8-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty IMandel NGAN - Pool/Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[FIFA World Cup Trophy is displayed during the FIFA World Cup 2026 Official Draw at John F. Kennedy Center for the Performing Arts on December 05, 2025 in Washington, DC. ]]></media:description>                                                            <media:text><![CDATA[FIFA World Cup Trophy is displayed during the FIFA World Cup 2026 Official Draw at John F. Kennedy Center for the Performing Arts on December 05, 2025 in Washington, DC. ]]></media:text>
                                <media:title type="plain"><![CDATA[FIFA World Cup Trophy is displayed during the FIFA World Cup 2026 Official Draw at John F. Kennedy Center for the Performing Arts on December 05, 2025 in Washington, DC. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tpCFt5LKnMzPmPZF7w9Fa8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>With the <a href="https://www.techradar.com/tag/world-cup-2026">FIFA World Cup 2026</a> now well underway, the excitement is building as the tournament reaches its most crucial stages.</p><p>But this edition of the world's biggest sporting event is also notable for being the most technologically-friendly so far, with a raft of new AI-powered tools, services and broadcast innovations.</p><p>As the official technology partner of the World Cup and FIFA itself, Lenovo has been at the heart of much of this innovation, and the company invited me to Miami to see it all in action.</p><h2 id="behind-the-curtain">Behind the curtain</h2><p>Now - a word of caution - sadly this article isn't going to delve too much into specifics, or include photos of all the amazing work the FIFA team is doing to keep this World Cup safe and running smoothly.</p><p>That's because the organization is understandably pretty focused on making sure the tournament (the biggest and most spread-out yet, with 48 teams competing at 16 stadiums across 3 countries) continues to do so, and for that reason we weren't allowed to take any video or photos during our visit - for obvious reasons.</p><p>However the Technology Command Center (TCC), situated in the sleepy Miami suburb of Coral Gables, is a dream come true for tech nerds like me - banks of screens showing detail on everything from network infrastructure strength to any possible cyberattacks to the live match feeds themselves.</p><p>We're visiting on a day when six matches are scheduled to take place - a huge strain on the FIFA networks, Nacho Fresco, Director of Technology at FIFA explains.</p><p>The TCC is able to monitor in real-time across the entire tournament's tech stack, which includes 30 proprietary apps, spotting any issues before they happen, and ensuring fans around the world continue to get access to the action.</p><p>Inside the TCC is a huge team of analysts, managers and other tech experts making sure all the services are functioning properly, with direct links to the wider FIFA organization along with remote teams at all 16 stadiums.</p><p>This includes Lenovo engineers, who are present at stadiums but also the central International Broadcast Center (IBC) in Dallas overseeing the global distribution of the action to the estimated six billion people watching across the globe.</p><p>We saw a screen showing the various connections between the 16 venues and the IBC, all including fallback options in case any issues should occur, making sure the broadcast continues.</p><p>In order to help boost this, Lenovo has deployed servers at the IBC to provide the power needed for the most expansive broadcast operation in FIFA World Cup history, with a total of over 17,000 Lenovo and Motorola devices  also deployed across venues and Team Base Camp training sites.  </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:4000px;"><p class="vanilla-image-block" style="padding-top:56.40%;"><img id="HRGxNo9uXwTzyq7rKPj39Q" name="PXL_20260628_004321013" alt="Colombia v Portugal World Cup 2026" src="https://cdn.mos.cms.futurecdn.net/HRGxNo9uXwTzyq7rKPj39Q.jpg" mos="" align="middle" fullscreen="" width="4000" height="2256" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Lenovo is the first ever official technology partner of the FIFA World Cup </span><span class="credit" itemprop="copyrightHolder">(Image credit: Future / Mike Moore)</span></figcaption></figure><h2 id="under-threat">Under threat</h2><p>Probably the most intriguing screen was the one showing cybersecurity threats targeting FIFA's systems and services at the World Cup.</p><p>In real-time, the team can see exactly how many attempts are being made to hack or disrupt the platforms, including the location of the criminals, and even what kind of bots are being used.</p><p>It's fascinating to see the sheer scale of attacks - Fresco says they currently face around a staggering 300-500 million cyberattacks a day, a number that seems crazy, but shows just how attractive a target FIFA is.</p><p>Fresco notes that attacks have been slowly ramping up over the last few months, and expects the total number to top that seen in the 2022 World Cup in Qatar, which saw around 11 billion attempted attacks.</p><p>I ask Fresco what would constitute success for FIFA when it comes to the technology stack at the tournament - is it making sure everything runs smoothly, or just keeping the lights on? </p><p>Unsurprisingly, he replies that delivering a great viewing experience for the fans is the priority, as the organization looks to continue with its Lenovo partnership and take it further in the future.</p><p>"It's a game changer," he says, "it's what we need for this tournament."</p><p>So - no pressure then. But as Fresco pointed out, the mere fact that all the talk around the tournament has been about the football itself, not any issues with the technology, is the best outcome FIFA and Lenovo can hope for.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/lECM1plTKrE" allowfullscreen></iframe></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets — this is how to secure your account ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/fbi-warns-of-russian-intelligence-phishing-campaign-abusing-signal-support-services-to-target-vips-and-high-value-government-and-military-targets-this-is-how-to-secure-your-account</link>
                                                                            <description>
                            <![CDATA[ Russian Intelligence are trying to hijack Signal accounts by tricking users into sending their Backup Recovery Keys ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NFHSVuh7G9qYjTamC5fMmJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 18:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Email &amp; Messaging]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg">
                                                            <media:credit><![CDATA[Michele Ursi / Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WhatsApp and Signal app icons]]></media:description>                                                            <media:text><![CDATA[WhatsApp and Signal app icons]]></media:text>
                                <media:title type="plain"><![CDATA[WhatsApp and Signal app icons]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Russian Intelligence are targeting Signal accounts of officials based in Ukraine</strong></li><li><strong>They pose as Signal support services and ask users to submit their Backup Recovery Keys</strong></li><li><strong>Using these keys, the hackers can hijack the users account and any other accounts created using the same mobile phone number</strong></li></ul><p>The FBI has warned Russian Intelligence Services are posing as commercial messaging application support services in order to steal Backup Recovery Keys belonging to targets of high value in the military and government of the US, Europe, and Ukraine.</p><p>In a <a href="https://www.ic3.gov/PSA/2026/PSA260626" target="_blank">joint warning</a> alongside the CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign which seeks to access messaging accounts in order to perform intelligence gathering of secret information.</p><p>Specifically, the FBI provided sample phishing lures targeting users of the Signal messaging app. If the hackers successfully lure a victim into sharing their Backup Recovery Key, they can access the account's message history, private and group messages, and fully take over the victim's account.</p><h2 id="russian-intelligence-pose-as-signal-support-services">Russian Intelligence pose as Signal support services</h2><p>In the FBI warning, the phishing techniques are further detailed. The Russian Federal Security Service (FSB) are targeting government officials, military personnel, political figures, journalists, and key officials from the US and Europe located in Ukraine.</p><p>The attackers send emails that appear to be automated messages from Signal, asking users to turn on their message backup using their Backup Recovery Key. Victims are provided with false instructions that instead send the Backup Recovery Key to the attacker, who can then use the key to take over the victim’s account.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:777px;"><p class="vanilla-image-block" style="padding-top:108.62%;"><img id="JoZ4UqwN8LL25f5u4bEqvH" name="Screenshot 2026-06-29 131941" alt="Example phishing messages used by Russian Intelligence, supplied by the FBI" src="https://cdn.mos.cms.futurecdn.net/JoZ4UqwN8LL25f5u4bEqvH.png" mos="" align="middle" fullscreen="" width="777" height="844" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Example phishing messages used by Russian Intelligence to obtain Backup Recovery Keys </span><span class="credit" itemprop="copyrightHolder">(Image credit: FBI)</span></figcaption></figure><p>In order to establish urgency and trust that the message is legitimate, the attackers posed the phishing message as a protection against recent hacking attempts from “Iran and post-Soviet countries.” In another sample message, the attacker's message says that the victim’s account data “is at risk of permanent loss due to a sync issue.”</p><p>If a victim shares their unique Backup Recovery Key, it allows the attacker to hijack their current Signal account alongside any subsequent accounts made with the same phone number.</p><p>For users who may fear their Backup Recovery Key has been compromised, users are instructed to use Signal settings to create a new Backup Recovery Key. This new key will invalidate all previous Backup Recovery Keys and prevent account takeover if the previous key was leaked.</p><p>In order to avoid falling victim to phishing messages, there are several ways to stay safe:</p><ul><li>Support services will generally only communicate with users via an official company email address. Always carefully check communications from the legitimate email address.</li><li>Customer support will never request that you supply your Backup Recovery Key via the application</li><li>You will never be asked to verify or restore your account via an automated customer support message</li></ul><p>In order to further protect your Signal account, or other accounts, against phishing, users should consider the following:</p><ul><li>Use a passkey wherever possible. This will use your device’s built in biometric verification methods to authenticate your login.</li><li>Use phishing resistant multi-factor authentication where possible</li><li>Always double check messages and emails are legitimate, and are using an official company email</li><li>Never supply your Backup Recovery Keys unless you are actively attempting to regain access to your account via a legitimate service</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Over 14 million login credentials leaked from six ISPs in major data breach — here’s what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/over-14-million-login-credentials-leaked-from-six-isps-in-major-data-breach-heres-what-we-know</link>
                                                                            <description>
                            <![CDATA[ The credentials were exposed via an attack on third-party software. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">q3LqdS6SNsXmNzrsX9V2tX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 17:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Email &amp; Messaging]]></category>
                                                    <category><![CDATA[Software &amp; Services]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:description>                                                            <media:text><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:text>
                                <media:title type="plain"><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Tens of millions of credentials may have been leaked following an attack on one of Japan's largest ISPs</strong></li><li><strong>The attack leveraged a vulnerability in a third-party software used by KDDI</strong></li><li><strong>Five other ISPs were also affected in the attack</strong></li></ul><p>A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation.</p><p>According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked the hackers' access after discovering the intrusion on June 17, 2026.</p><p>“Although technical defensive measures have already been implemented for the system, there remains a possibility that customers' email addresses and passwords were obtained by unauthorized third parties as a result of the incident,” the company said in a <a href="https://newsroom.kddi.com/news/assets/2026/kddi_nr_s-71_4593/kddi_nr_s-71_4593_pdf_01.pdf" target="_blank" rel="nofollow">statement</a>.</p><h2 id="millions-of-credentials-exposed">Millions of credentials exposed</h2><p>Unfortunately, the breach was not confined to just KDDI. The email services of five other ISPs were also affected by the breach:</p><ul><li>STNet, Inc.</li><li>JCOM Co., Ltd.</li><li>Chubu Telecommunications C., Inc.</li><li>NIFTY Corporation</li><li>BIGLOBE Inc.</li></ul><p>KDDI is yet to finish a formal investigation into the attack, but said that the hacker may have gained access to the emails addresses and passwords for 14.22 million current and former customers. The company also said that some of the passwords were stored in an encrypted format, and so will be inaccessible for the hackers, but the company did not say how many were stored in this manner.</p><p>Since discovering the breach, KDDI has also been working alongside the affected ISPs to secure systems and put in place mitigation measures to counter the abuse of exposed account credentials.</p><p>In order to stay protected, customers have been advised to change their account passwords and implement two-factor authentication.</p><p>Breaches such as these are particularly dangerous because they expose email and password combinations. As most people will have either one or two email addresses across their accounts, it increases the likelihood that hackers can attempt to use the exposed email and password combinations to try and access other accounts created with the same email.</p><p>This is especially true if the same password (or a variant thereof) is used across multiple accounts. Hackers can use brute force techniques to try hundreds of password combinations in a very short amount of time in order to crack weak or reused passwords.</p><p>When creating or updating a password for any account, no matter how infrequently it is used, always create a strong unique password. <a href="https://www.techradar.com/best/password-manager" target="_blank">Password managers</a> can create and suggest strong passwords, securely store them, and automatically fill login forms to take the hassle out of remembering passwords. </p><p>Alternatively, some services offer the ability to login using a <a href="https://www.techradar.com/pro/passwords-out-passkeys-in-the-future-of-secure-authentication" target="_blank">passkey</a>, which utilizes the built-in biometric authentication mechanisms of your device such as a facial scan or fingerprint. These login methods not only remove the need to type in passwords, but also reduce the possibility of hackers accessing your account through phishing attacks.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How AI observability helps organizations move from experimentation to production ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/how-ai-observability-helps-organizations-move-from-experimentation-to-production</link>
                                                                            <description>
                            <![CDATA[ AI observability prevents invisible drift and reduces AI overheads to deliver multiple model, agent driven systems. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aum9Tgz3kcMochWf9iKy3U</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LoWx2ez5csUMomcF2Tt4kM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 14:32:34 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Pejman Tabassomi ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LoWx2ez5csUMomcF2Tt4kM-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A digital representation of the globe in blue with white spikes of light erupting from the surface to form vertical cities]]></media:description>                                                            <media:text><![CDATA[A digital representation of the globe in blue with white spikes of light erupting from the surface to form vertical cities]]></media:text>
                                <media:title type="plain"><![CDATA[A digital representation of the globe in blue with white spikes of light erupting from the surface to form vertical cities]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LoWx2ez5csUMomcF2Tt4kM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Enterprise <a href="https://www.techradar.com/best/best-ai-tools">AI</a> has entered a new operational phase, moving rapidly from experimentation into production systems integrated into customer experiences, workflows, and software delivery pipelines. </p><p>However, as organizations operationalize AI, they are also introducing new complexity around infrastructure, governance, debugging, capacity planning, and cost control.</p><p>This complexity introduces new operational risks.</p><p>AI systems continuously evolve as prompts change, models are updated, agents become more autonomous, and <a href="https://www.techradar.com/best/best-infrastructure-management-service">infrastructure</a> dependencies shift over time. </p><p>Without end-to-end visibility across the full AI stack, issues related to reliability, latency, output quality, or cost efficiency can gradually slip into production unnoticed: resulting in what many teams refer to as “invisible drift.” </p><p>As AI adoption scales, observability is becoming essential for helping engineering teams maintain operational control, reliability, and resilience in rapidly changing environments.</p><h2 id="multi-provider-ai-brings-a-new-wave-of-platform-engineering-challenges">Multi-provider AI brings a new wave of platform engineering challenges</h2><p>Organizations are increasingly adopting multi-model AI strategies rather than relying on a single provider. Recent research shows that more than 70 per cent of organizations now use three or more models in their production environments. This reflects a broader shift toward diversified model libraries, with teams are selecting models based on specific workload requirements such as latency, reasoning ability, operational risk, and cost efficiency.</p><p>This shift is creating a new generation of platform engineering challenges. AI environments now span evolving ecosystems of models, agents, orchestration frameworks, APIs, vector <a href="https://www.techradar.com/best/best-database-software">databases</a> and infrastructure layers. As coding agents accelerate development, organizations are generating more code, dependencies, and operational overhead than teams can realistically manage manually.</p><p>At the same time, enterprises are accumulating significant <a href="https://www.techradar.com/computing/artificial-intelligence/best-llms">LLM</a> technical debt as they rapidly integrate new tools and frameworks. Tool sprawl, fragmented visibility, and constantly evolving AI architectures are making systems harder to govern, troubleshoot, optimize and secure. This makes AI observability essential, providing centralized visibility into model behavior, prompts, latency, hallucinations, token usage, infrastructure performance, and operational bottlenecks across complex multi-model environments.</p><h2 id="scaling-ai-safely-reliably-and-at-speed-requires-control">Scaling AI safely, reliably and at speed requires control</h2><p>As organizations race to scale their AI initiatives, operational failures are becoming more visible. Recent analysis shows that two per cent of all LLM calls returned errors, with rate limit issues accounting for almost a third of these (equating to approximately 8.4 million rate limit errors in total). This highlights the operational strain on systems as AI adoption accelerates. </p><p>At the same time, pressure to remain competitive is pushing organizations to move projects into production before operational controls have fully matured. Scaling too quickly introduces significant reliability, resilience, and governance risks. Real-time observability across the AI stack gives engineering teams the visibility needed to move quickly while maintaining high performance standards. </p><p>AI agents are adding yet another layer of complexity. Adoption of agent frameworks has doubled in the past year, leading to increased “agent sprawl”. These agents autonomously interact with multiple tools, systems, APIs, and datasets, making it harder for organizations to monitor behavior, diagnose faults, manage security risks, and maintain governance controls without deeper telemetry. </p><p>To manage this complexity, organizations need enterprise-grade observability that delivers end-to-end visibility across the AI stack (from development through to production). This includes visibility into prompts, model interactions, inference pipelines, infrastructure performance, latency, failures, and downstream dependencies. With comprehensive telemetry in place, teams can accelerate AI innovation while improving reliability, <a href="https://www.techradar.com/news/best-internet-security-suites">security</a>, and operational controls at scale. </p><h2 id="four-ways-observability-helps-organizations-scale-ai-more-reliably">Four ways observability helps organizations scale AI more reliably</h2><p>Organizations moving AI into production are increasingly treating observability as a foundational operational discipline, rather than simply a monitoring capability. Four practices are becoming particularly important as enterprises scale multi-model AI environments: </p><p><strong>1.Managing multi-model environments more effectively</strong></p><p>Teams are implementing gateways, routing layers, and evaluation frameworks that enhance their ability to select, assess, and manage multi-model environments effectively. These systems enable organizations to compare model behaviors, evaluate outputs, optimize workload placement, and enforce governance policies across various providers. AI observability provides the real-time data needed to support these decisions.</p><p><strong>2.Reducing operational overhead and tech debt</strong></p><p>Centralized visibility across prompts, models, inference pipelines, and infrastructure helps teams manage increasingly distributed environments. Observability reduces operational overhead and limits the accumulation of LLM technical debt as tools and frameworks evolve. </p><p><strong>3.Improving agent reliability and preventing infrastructure failures</strong></p><p>AI observability improves agent reliability and helps organizations eliminate failures caused by capacity constraints and infrastructure bottlenecks. Real-time monitoring of GPU utilization, throughput, latency, request failures, and workload behavior enables engineering teams to identify emerging scaling limitations before they impact production systems or user experiences. </p><p><strong>4.Diagnosing faults and understanding agent behavior</strong></p><p>Detailed tracing across prompts, workflows, APIs, orchestration layers, and infrastructure dependencies provides the operational context needed to investigate anomalies and identify root causes. This is critical for understanding how AI agents behave in real-world production environments.</p><h2 id="moving-to-a-state-of-production-ready-ai">Moving to a state of production-ready AI</h2><p>Enterprise AI is now entering its operational era. As organizations move from experimentation to production, observability becomes the backbone for managing the growing complexity of multi-model architectures, autonomous agents, and distributed AI systems. </p><p>Without deep visibility into how these systems operate in production, organizations risk increasing operational failures, accumulating technical debt, and allowing invisible drift to undermine performance, reliability and governance over time. </p><p>AI observability provides the control needed to scale AI safely and effectively.  Visibility across models, prompts, infrastructure, agents, and workflows helps teams build more governable, resilient and cost-effective AI systems. </p><p>Success in the next phase of AI adoption will depend on transforming experimental AI systems into disciplined production platforms that can be continuously evaluated, improved and trusted at scale.</p><p><em></em><a href="https://www.techradar.com/best/best-data-migration-tools"><em>We've featured the best data migration tools</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Watch out — that income tax form could actually be dangerous malware ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/watch-out-that-income-tax-form-could-actually-be-dangerous-malware</link>
                                                                            <description>
                            <![CDATA[ Researchers uncovered a fake tax notice campaign that delivered remote-access malware via staged downloads and encrypted communications. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qR5LQKebhB7ovBuobVQom</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sun, 28 Jun 2026 16:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg">
                                                            <media:credit><![CDATA[financialcrimeacademy]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Income tax fraud]]></media:description>                                                            <media:text><![CDATA[Income tax fraud]]></media:text>
                                <media:title type="plain"><![CDATA[Income tax fraud]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Fake tax notices are becoming delivery vehicles for sophisticated remote access malware</strong></li><li><strong>Attackers hide malicious code behind convincing government branding and legal references</strong></li><li><strong>The malware quietly establishes encrypted communication with servers outside the country</strong></li></ul><p>A new phishing campaign is using fake income tax assessment notices to deliver dangerous malware to unsuspecting victims across India.</p><p>Researchers at <a href="https://www.cyfirma.com/research/an-income-tax-assessment-notice-phishing-campaign-delivering-malware/" target="_blank">CYFIRMA</a> identified the operation, which relies on a fraudulent website built to resemble official communication from the Indian Income Tax Department closely.</p><p>The fake portal, hosted on a recently registered domain, presents a convincing assessment order complete with legal references, financial penalties, and urgent compliance language designed to pressure recipients into acting quickly.</p><h2 id="how-the-infection-unfolds">How the infection unfolds</h2><p>Victims who interact with the fake notice are prompted to download a ZIP archive disguised as official assessment documentation and supporting calculations.</p><p>Once extracted, that archive reveals a disk image file functioning as a container for the actual malicious payload.</p><p>Inside sits a loader program that quietly triggers a second component, a DLL file disguised to resemble a legitimate Windows service.</p><p>Researchers found that this loader uses reflection-based techniques specifically built to make automated detection and analysis considerably more difficult.</p><p>Both files were obfuscated using a known protection tool, further complicating efforts by security teams to inspect the code.</p><p>Once active, the payload behaves like a Remote Access Trojan, granting attackers persistent, encrypted access to the infected machine.</p><p>It can collect system details, monitor user activity, check which security software is installed, and silently load additional malicious components on command.</p><p>Communication with the attacker's server happens over an encrypted channel, using a hardcoded address traced to infrastructure based in Hong Kong.</p><p>These capabilities point toward a financially motivated operation, rather than one focused on immediate damage or disruption, and they closely resemble traits associated with known commodity RAT families such as XWorm.</p><p>However, researchers note that conclusive attribution to a specific threat actor remains unconfirmed at this stage.</p><h2 id="why-this-campaign-matters">Why this campaign matters</h2><p>This is not an isolated phishing attempt but part of a broader pattern of attackers exploiting tax season anxiety to bypass user caution entirely.</p><p>CYFIRMA's findings show the same loader-and-payload architecture has previously been linked to <a href="https://www.techradar.com/best/best-ransomware-protection">ransomware</a> operators, suggesting this infrastructure may serve more than one type of attack depending on the victim.</p><p>Up-to-date <a href="https://www.techradar.com/best/best-antivirus">antivirus software</a> with behavioral detection remains one practical defence against this kind of staged, multi-component <a href="https://www.techradar.com/best/best-malware-removal">malware</a> delivery.</p><p>Security researchers recommend that individuals verify any tax-related correspondence directly through official government channels rather than clicking embedded links.</p><p>Organizations are advised to restrict the execution of unknown files arriving through archives or disk images, since this campaign relies heavily on that exact delivery method to succeed.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GTA VI fans beware — experts warn 'a new wave of scam websites' is offering early access, but just stealing your bank details instead ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/gta-vi-fans-beware-experts-warn-a-new-wave-of-scam-websites-is-offering-early-access-but-just-stealing-your-bank-details-instead</link>
                                                                            <description>
                            <![CDATA[ Cybercriminals are exploiting GTA VI anticipation with fake beta programmes designed to steal money, credentials, and personal information. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">RkCkYdUg2ZHeUHU4pa3vaS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Sat, 27 Jun 2026 23:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png">
                                                            <media:credit><![CDATA[Malwarebytes]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:description>                                                            <media:text><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:text>
                                <media:title type="plain"><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Fake GTA VI beta keys are already draining cryptocurrency wallets worldwide</strong></li><li><strong>AI-generated scam websites now imitate Rockstar branding with alarming accuracy</strong></li><li><strong>Malware hidden inside fake game downloads can expose banking credentials instantly</strong></li></ul><p>Grand Theft Auto VI is not due on consoles until November 19 2026, but official preorders open soon, and cybersecurity researchers have warned criminals are already exploiting the wait with a coordinated wave of fraudulent websites.</p><p>Malwarebytes and NordVPN have both flagged sites promising "VIP early access" or exclusive beta keys to one of gaming's most anticipated releases.</p><p>The schemes ask victims to hand over money, personal information, or both, often before any real product changes hands.</p><h2 id="how-the-scam-works">How the scam works</h2><p>Some fraudulent sites ask players to pay a few hundred dollars in cryptocurrency for a so-called VIP beta key. This method makes refunds or fraud reports practically impossible once the payment clears.</p><p>According to Stefan Dasic of Malwarebytes, GTA VI is "the perfect bait" that can be used by cybercriminals.</p><p>The franchise sold hundreds of millions of copies and went 13 years without a new entry — conditions that make hype, and therefore impatience, unusually intense.</p><p>Gerald Kasulis of NordVPN said scammers now use AI to mimic Rockstar's official branding so convincingly that polished emails and websites slip past a gamer's usual scepticism.</p><p>Some pages invoke the phrase "help us build Vice City," a reference to the game's fictional setting, to create a false sense of insider access.</p><p>Victims are sometimes directed to download software branded as an early build, including one fake file called GTA Mobile 6.</p><p>According to researchers, this file contains <a href="https://www.techradar.com/best/best-malware-removal">malware</a> capable of letting fraudsters remotely access the victim's device, often bypassing <a href="https://www.techradar.com/best/best-antivirus">antivirus</a> software.</p><p>NordVPN has separately traced some of these fraudulent domains to a wider network with a documented history of spreading banking trojans, infostealers, and <a href="https://www.techradar.com/best/best-ransomware-protection">ransomware</a>.</p><p>Other variants simply harvest names, addresses, dates of birth, or existing GTA login credentials, data that can then be resold.</p><p>Several of these scam sites even target PC and Android users, despite Rockstar never confirming that those versions exist yet.</p><h2 id="who-is-being-targeted">Who is being targeted?</h2><p>The typical victim tends to be someone too young, too eager, or simply underinformed, and primarily driven by a desire to be first in line for the game.</p><p>However, Malwarebytes' assessment of the scam wave reveals that the trick itself is rarely sophisticated, yet it consistently fools people regardless of age.</p><p>The character of those falling for these scams goes beyond simple naivety, since urgency and curiosity are what scammers are really exploiting across these campaigns.</p><p>Younger players and newcomers to online gaming appear especially exposed, given their relative unfamiliarity with how official preorder and beta access processes normally function.</p><p>Neither company has data on exactly how many people have visited these sites or lost money so far.</p><p>Rockstar Games has not responded to requests for comment on the ongoing scam wave or its impact on players.</p><p>Security researchers are urging anyone tempted by claims of early GTA VI access to pause and verify the source before entering any personal or financial details.</p><p>Players who have already entered credentials or payment information are advised to change their passwords immediately.</p><p>They should also contact their bank without delay, since cryptocurrency payments in particular cannot be reversed once sent. </p><p>Via <a href="https://www.pcgamer.com/games/grand-theft-auto/grand-theft-auto-6-vip-early-access-scam-sites-are-already-popping-up-malwarebytes-warns/" target="_blank" rel="nofollow">PCGAMER</a></p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NAIC confirms data breach with ShinyHunters claiming 3.1TB of data stolen in Oracle zero-day attack ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack</link>
                                                                            <description>
                            <![CDATA[ Insurer regulatory filing documents, customer bulk orders, and more, stolen in a major zero-day supply chain attack ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rq7YhrojSragNBymdm8FYn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 18:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[hacker hands at work with  interface around]]></media:description>                                                            <media:text><![CDATA[hacker hands at work with  interface around]]></media:text>
                                <media:title type="plain"><![CDATA[hacker hands at work with  interface around]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>NAIC confirmed a cyberattack exploiting an Oracle PeopleSoft zero‑day, with ShinyHunters claiming theft of 3.1TB of data</strong></li><li><strong>Stolen cache allegedly includes insurer filings, credit rating files, AWS logs, configs, and PII; NAIC says only financial reports and technical data were taken</strong></li><li><strong>Incident spotted June 11, disclosed June 17; files leaked online suggest NAIC did not pay ransom, as ShinyHunters continues exploiting the zero‑day across 100+ organizations</strong></li></ul><p>The National Association of Insurance Commissioners (NAIC) confirmed suffering a cyberattack that resulted in the stolen data being leaked on the dark web. While the company did not name the group responsible, or mentioned the size of the stolen cache, the infamous ShinyHunters claimed responsibility and stated they snatched around 3.1TB of information.</p><p>In a security notice published on the NAIC website, it was explained that the attackers managed to exploit a <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">zero-day vulnerability</a> in Oracle PeopleSoft. This is an <a href="https://www.techradar.com/best/best-erp-software" target="_blank">enterprise resource planning</a> (ERP) software suite, designed to help businesses manage employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews says ShinyHunters first started exploiting the zero-day on May 27, and managed to compromise more than 100 organizations and 300 individuals, before Oracle finally pushed an emergency update on June 10.</p><p>Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised, and used to obtain credentials and move laterally to internal data storage locations. </p><h2 id="shinyhunters-step-forward">ShinyHunters step forward</h2><p>Based on NAIC’s investigation, the stolen information includes publicly available statutory financial reports, insurer investment credit rating data, and some technical information such as outdated logs and configuration files. There is no evidence that personal information, banking information, or payment data was accessed, it said.</p><p>NAIC spotted the attack on June 11 and immediately launched its incident response protocol, which includes notifying law enforcement, blocking malicious actors, and bringing in third-party security experts. The Commission disclosed the incident on June 17, a day before ShinyHunters went public. </p><p>The notorious ransomware gang claims to have taken more than 264,000 insurer regulatory filing documents, 2,000 customer and bulk orders containing personally identifiable information, some 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements submitted by insurers, production AWS infrastructure logs, cloud configuration files, and workload automation data, and SQL scripts.</p><p>Since the files were seemingly leaked online, it’s safe to assume that NAIC did not (want to) pay the ransom demand.</p><p><em>Via </em><a href="https://cybernews.com/news/naic-breach-shinyhunters-3tb-insurance-systems-data/" target="_blank"><em>Cybernews</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Prediction market giant Polymarket hit by cyberattack, with company confirming user funds stolen — here is what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/prediction-market-giant-polymarket-hit-by-cyberattack-with-company-confirming-user-funds-stolen-here-is-what-we-know</link>
                                                                            <description>
                            <![CDATA[ Polymarket confirms user funds affected and says it's refunding them in full. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3dpJ4Ku3eDTX7eCaCgqXRh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 17:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg">
                                                            <media:credit><![CDATA[Omar Marques/SOPA Images/LightRocket via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:description>                                                            <media:text><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Polymarket prediction platform was hacked via a compromised third‑party vendor dependency, injecting malicious scripts into its frontend</strong></li><li><strong>Around $3M in crypto stolen from ~11 users, according to PeckShield; Polymarket is refunding victims in full while removing the affected dependency</strong></li><li><strong>Community reactions on X were critical, with some blaming prior “taunting hackers”; one victim speculated the breach may have involved Xorek Cloud’s VPS</strong></li></ul><p>Polymarket, a prediction platform where people trade on the likelihood of different real-world events, got hacked and allegedly lost around $3 million in user funds. The company is now refunding the victims in full.</p><p>In a <a href="https://x.com/PolymarketTrade/status/2070155882906730671" target="_blank">short post</a> published on X earlier this week, Polymarket confirmed the news, saying it discovered that a third-party vendor had been compromised. Through that compromise, the attackers injected a malicious script “into our frontend for some users.”</p><p>Since then, Polymarket said it contained the incident and removed the affected dependency but did not say which dependency it was. It did not say which third-party vendor was compromised. Furthermore, it said it is currently contacting impacted users and refunding them in full, but did not state how many people were affected, or how much money is involved. </p><h2 id="context-dependent-vulnerabilities">Context-dependent vulnerabilities</h2><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.<a href="https://twitter.com/cantworkitout/status/2070155882906730671">June 25, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>In its write-up, TechCrunch cited blockchain monitoring firm PeckShield, which claims that around $3 million in cryptocurrency was stolen in the attack. The publication also reported that around 11 people were affected. Polymarket allows its users to be paid in crypto.</p><p>X users who left comments on Polymarket’s announcement seem utterly unsurprised by the breach. “I spent weeks telling you this and you ignored it,” one person said. “The next time l find a vulnerability, l will sell it to criminal gangs.” Three users suggested Polymarket deserved what had happened for “taunting hackers” in the past. One made a sly joke saying, “how did you not predict this?”</p><p>Polymarket did not say which third-party vendor was compromised, but one of the users who lost funds in this attack speculates it happened through Xorek Cloud’s <a href="https://www.techradar.com/news/best-vps-hosting" target="_blank">VPS</a>:</p><p>“I recently bought a VPS from Xorek Cloud and stored my private key on it,” <a href="https://x.com/ashgang51/status/2070105083891851364" target="_blank">they said on X</a>. “I'm not sure how the compromise happened, but that's the only possible security risk I can think of.”</p><p><em>Via </em><a href="https://techcrunch.com/2026/06/25/polymarket-says-hackers-stole-users-funds/" target="_blank"><em>TechCrunch</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/less-than-one-in-ten-of-cybersecurity-pros-trust-ai-testing-tools-to-find-vulnerabilities-with-over-three-quarters-say-their-ai-vulnerability-scanning-tools-missed-critical-flaws</link>
                                                                            <description>
                            <![CDATA[ Fully automated testing is being replaced with a hybrid model, as "elite human expertise remains foundational". ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NtCxDQSRi4raWmmtyYwyKQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 14:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:description>                                                            <media:text><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:text>
                                <media:title type="plain"><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Cobalt’s 2026 State of Pentesting Report shows confidence in fully automated AI testing collapsed from 29% in 2025 to 9% this year</strong></li><li><strong>78% of respondents saw automated tools miss critical vulnerabilities; LLM flaws proved complex, with MTTR rising from 19 to 36 days and most issues left unresolved</strong></li><li><strong>Hybrid models surged to 47% adoption, as experts stress automation should complement, not replace, elite human expertise in uncovering business logic risks</strong></li></ul><p>As the world praises <a href="https://www.techradar.com/pro/security/vulnerabilities-uncovered-in-secret-us-government-systems-and-software-during-testing-of-anthropic-mythos" target="_blank">Mythos</a>, and the Chinese rush to create <a href="https://www.techradar.com/pro/security/chinese-cybersecurity-company-360-unveils-chinas-version-of-mythos-and-yitianzhen-to-automate-cyber-defense" target="_blank">their own variant</a>, a report painting an entirely different picture comes from Cobalt. </p><p>The cybersecurity company just published the Cobalt State of Pentesting Report 2026, based on two comparative surveys, one in 2025 and one in 2026. Polling around 450 cybersecurity professionals, Cobalt wanted to see how confident the cybersecurity community is in automated AI testing for vulnerabilities and it turns out - not that much.</p><p>Last year, just below a third (29%) relied entirely on AI automation for testing. This year, the figure dropped to 9%. Cobalt suggests that the key reason for such a steep drop in confidence is the fact that 78% saw fully automated scanning tools missing critical vulnerabilities. Another key reason is the complexity of the AI attack surface the scanners are testing. </p><h2 id="context-dependent-vulnerabilities-2">Context-dependent vulnerabilities</h2><p>Roughly one in three findings from an AI pentest are rated “high-risk” - which is 2.7 times the average of conventional software, it was said. Also, at the time of analysis, less than two-fifths (38%) of LLM vulnerabilities were fixed, while 62% remained open. Mean time to resolve (MTTR) for AI/LLM security issues rose from 19 days to 36 days.</p><p>“LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an architectural understanding of the application,” said Andrew Obadiaru, CISO of Cobalt. “To close the validation gap, automation should be deployed exactly where it excels, but elite human expertise remains foundational to uncovering and remediating the most complex business logic risks.” </p><p>It took the cybersecurity community less than a year to almost completely abandon fully automated <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI testing</a> and replace it with a hybrid model - something around 47% said they now prefer. This model has surged 22% year-over-year, while the percentage of organizations using automation for low-risk environments also increased to 47%. </p><p>“While the industry is rightfully excited about the potential of Mythos-class tools, unguided algorithms are inherently prone to returning even more false positives and costly false negatives than the automated scanners we have today,” continued Obadiaru.</p><p><em>Via </em><a href="https://www.infosecurity-magazine.com/news/trust-ai-vulnerability-scanning/" target="_blank"><em>Infosecurity Magazine</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers are establishing persistence in hospitality and hotels by posing as guests with poisoned ZIP archives, but no one knows what their plan is ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/hackers-are-establishing-persistence-in-hospitality-and-hotels-by-posing-as-guests-with-poisoned-zip-archives-but-no-one-knows-what-their-plan-is</link>
                                                                            <description>
                            <![CDATA[ It looks like reconnaissance activity, possibly in preparation of a more destructive attack. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uFvUz5mRvhqu4D8SqDToRo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 14:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:description>                                                            <media:text><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:text>
                                <media:title type="plain"><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft Threat Intelligence warns of a phishing campaign targeting hotel staff in Europe and Asia with guest complaint‑themed emails</strong></li><li><strong>Attackers abuse services like Calendly and Google redirects to bypass authentication checks, delivering photo‑themed ZIPs that install a persistent Node.js implant</strong></li><li><strong>Malware disables Defender, runs C2 beaconing, gathers system info, and forces shutdowns; signs include unusual PowerShell activity, Node.js execution, and suspicious registry entries</strong></li></ul><p>Hackers are establishing a foothold on hotels and hospitality organizations across Europe and Asia, but no one really knows what for, at least not yet.</p><p>This is according to Microsoft Threat Intelligence, who recently published a new report saying that since April, it’s been tracking an active phishing campaign. In this campaign, the unnamed attackers target front desk, reception, and reservations staff with emails about guest complaints, room conditions, bedbug infestations, booking inquiries, and similar.</p><p>The messages, sent in different languages (Danish, Dutch, Japanese), are not distributed directly. Instead, the crooks abuse legitimate services such as Calendly, and Google’s redirect infrastructure, which helps them pass SPF, DKIM, and DMARC authentication checks.</p><h2 id="tricking-defender">Tricking Defender</h2><p>This “authentication laundering”, as Microsoft puts it, results in photo-themed ZIP archives making their way directly to their victims. The archives contain a fake image shortcut (.LNK) files that, at a glance, appear to be harmless .PNG images. However, these files launch a sophisticated multi-stage infection chain that installs a persistent Node.js-based implant.</p><p>After being deployed, the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a> tweaks Microsoft Defender to exclude itself (and other, randomly named executables) from scanned processes, downloads additional payloads, and copies itself into different places. </p><p>On compromised systems, Microsoft observed the malware running command-and-control beaconing, gathering environmental information such as the victim's public IP details, launching headless browser sessions, and in some cases forcing immediate system shutdowns. While it could not say what the goal of the campaign is, it all points to a reconnaissance stage that usually comes before a more disruptive malware or ransomware attack. </p><p>Microsoft recommends organizations focus on detecting the campaign's behavior rather than individual indicators. Key signs include photo-themed ZIP archives, unusual PowerShell activity, unexpected Node.js execution from user profile directories, .NET compilation initiated by PowerShell, and Defender exclusion changes.</p><p>Furthermore, there are random executables running from temporary folders, suspicious Run and RunOnce registry entries, outbound connections on the campaign's non-standard ports, connections to newly registered .cfd domains, and combinations of headless browser activity followed by forced shutdown commands.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Unnamed hackers steal stolen data from Icarus hackers responsible for Klue supply chain hack — and yes, it's as confusing as it sounds ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/unnamed-hackers-steal-stolen-data-from-icarus-hackers-responsible-for-klue-supply-chain-hack-and-yes-its-as-confusing-as-it-sounds</link>
                                                                            <description>
                            <![CDATA[ Klue was hacked by Icarus, and then Icarus was hacked by another group. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dn5yZH8XeXT5eSKjpEMKUe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 13:27:16 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:description>                                                            <media:text><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:text>
                                <media:title type="plain"><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Klue recently suffered a cyber attack at the hands of Icarus</strong></li><li><strong>Icarus was apparently deleting the stolen customer data</strong></li><li><strong>An unnamed group claims to have stolen the data from Icarus, and is now extorting Klue customers directly</strong></li></ul><p>Earlier this month, market research provider Klue suffered a cyberattack with the knock-on effects <a href="https://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-know" target="_blank">hitting major companies such as LastPass</a>, Gong, Jamf, HackerOne, Huntress and others.</p><p>Klue has since revealed it is in contact with the Icarus ransomware group, who claim to have been in possession of stolen data and were threatening to leak the data in an attempt to extort the company.</p><p>But a second, unnamed group has emerged, which claims to have broken into a member of the Icarus group’s environment to steal the customer data stolen by Icarus from Klue. This second group is now apparently attempting to extort Klue customers directly, much to the annoyance of Icarus.</p><h2 id="hackers-hacked-by-hackers">Hackers hacked by hackers</h2><p>An update shared privately with Klue customers on Wednesday night and seen by <a href="https://techcrunch.com/2026/06/25/hacked-klue-says-criminals-are-deleting-stolen-customer-data-but-now-other-hackers-are-making-threats/" target="_blank"><em>TechCrunch</em></a> said, “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”</p><p>Icarus later informed Klue that the second group was attempting to extort Klue customers using the same data, having posted a list of affected companies on its own website. Alongside this list, they also claimed to have stolen the customer data from Icarus, after one of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.</p><p>Although there is no evidence that Klue has paid the Icarus group, the unnamed group also posted a statement that an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries” had been paid by Klue to delete the stolen data.</p><p>A further communique issued by Klue to its customers said that it had been reassured by Icarus that the unnamed group only had samples of the stolen data, not the full set. It also said that, “Icarus has asked us to inform Klue customers to not make payment to this other party.”</p><p>Klue also suggested that its customers should ask the second group for random samples of their data to prove whether or not they actually had obtained the full set of stolen customer data.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ This macOS malware can avoid AI analysis with gaslighting prompts hidden inside its architecture ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/this-macos-malware-can-avoid-ai-analysis-with-gaslighting-prompts-hidden-inside-its-architecture</link>
                                                                            <description>
                            <![CDATA[ A new piece of malware tries to trick AI-assisted analysis into showing errors. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">U53dE6YVGq8TtTv52qNvmn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 13:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:description>                                                            <media:text><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:text>
                                <media:title type="plain"><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>SentinelOne uncovered macOS malware “Gaslight” that uses prompt injection to mislead AI‑assisted triage tools during analysis</strong></li><li><strong>Beyond standard backdoor and infostealer capabilities, it embeds fake Markdown “system” messages to trick LLMs into halting investigation</strong></li><li><strong>Researchers warn defenders to treat malware samples as adversarial input and isolate AI pipelines, as more analyst‑targeting prompt injection is expected</strong></li></ul><p>We’ve seen prompt injection in websites and emails, but what about - malware samples? Security researchers SentinelOne recently published an in-depth report on a newly uncovered piece of macOS malware called Gaslight that, as the name suggests, tries to gaslight AI-assisted triage agents into stopping the analysis.</p><p>The malware itself is nothing out of the ordinary: it infects the device by whatever means necessary (usually phishing and social engineering), connects to attacker-controlled infrastructure via Telegram, and then executes different commands such as profiling the device, running arbitrary shell commands, stealing files, or terminating processes. </p><p>It also delivers a stage-two malware that acts as an infostealer, pulling passwords, sensitive PDFs, cryptocurrency wallet information, and more.</p><h2 id="weaponizing-llm-assisted-triage-pipelines">Weaponizing LLM-assisted triage pipelines</h2><p>But where Gaslight stands out is its defenses against <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI-powered malware analysis</a>. According to SentinelOne, the malware contains a large block of fake Markdown-formatted "system" messages designed for AI assistants that security researchers may use during reverse engineering. These messages claim things like “the AI's authentication token has expired”, “the analysis environment is running out of memory”, “disk space has been exhausted”, “static analysis is unsafe”, and similar. </p><p>While a human analyst would definitely recognize these fake messages even at a glance, an LLM that isn’t properly isolated from untrusted input could interpret them as genuine system instructions and refuse to further analyze the malware. </p><p>“macOS.Gaslight is noteworthy for its analyst-targeting prompt injection, an attempt to weaponize the LLM-assisted triage pipelines that increasingly sit in the reverse-engineering loop,” SentinelOne explains. “Anyone building such tooling should treat the contents of the samples they triage as adversarial input, never as instructions, and be prepared to keep hostile content out of the model entirely. As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it.”</p><p>The researchers have published a full list of indicators of compromise on <a href="https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/" target="_blank">this link</a>.</p><p><em>Via </em><a href="https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html" target="_blank"><em>The Hacker News</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Know your agent: building the foundation of autonomous commerce ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/know-your-agent-building-the-foundation-of-autonomous-commerce</link>
                                                                            <description>
                            <![CDATA[ As AI agents become autonomous, establishing cryptographic trust and verifying identity is crucial for business security. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">EVowRYbugXKgBqtoVmD5qB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/fL8Ba8CiJjt2qsAVpr6UmK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 10:47:04 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Kartik Venkatesh ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/fL8Ba8CiJjt2qsAVpr6UmK-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A credit card passed between two hands]]></media:description>                                                            <media:text><![CDATA[A credit card passed between two hands]]></media:text>
                                <media:title type="plain"><![CDATA[A credit card passed between two hands]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/fL8Ba8CiJjt2qsAVpr6UmK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.techradar.com/best/best-ai-tools">Artificial intelligence</a> has officially entered its execution phase. After years of experimentation, businesses are rapidly deploying AI not just to analyze data, but to act on it. </p><p>At the forefront of this shift are AI agents, autonomous systems designed to execute complex tasks, automate workflows, and interact with other digital systems on our behalf.</p><p>Their adoption is accelerating at an incredible pace, with a recent McKinsey study finding that 62% of organizations are already experimenting with them. It’s easy to see why, as Agentic AI offers a relatively straightforward path to embedding powerful <a href="https://www.techradar.com/pro/best-it-automation-software">automation</a> deep into business processes.</p><p>However, as these systems evolve from passive tools into autonomous agents, we are entering a new era of digital risk. The conversation is no longer just about building smarter agents, but whether the entire agent economy can function without a trust layer underneath it. Identity verification has evolved beyond being a basic <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> feature into the infrastructure that makes autonomous commerce possible at all.</p><p>When an AI can access sensitive <a href="https://www.techradar.com/best/best-database-software">databases</a>, interact with third-party systems, and execute commands, a critical question emerges: how do you know who, or what, is really on the other end of that API call? Without a robust framework for agent identity and accountability, true agentic commerce will not be possible.</p><h2 id="the-real-world-risks-of-unchecked-ai-agents">The real-world risks of unchecked AI agents</h2><p>The appeal of agentic AI is its autonomy, but this is also its greatest risk. An unchecked or compromised AI agent operating within a corporate network can become a powerful vector for malicious activity. These risks are not new, but are a direct extension of existing cyber threats, amplified by the speed and scale of AI.</p><p>The most defining threat vector in the era of agentic AI is prompt injection. This is unique to AI agents as it weaponizes the very natural language capabilities that make them so powerful. Unlike traditional cyberattacks that rely on exploiting software bugs or cracking passwords, prompt injection bypasses standard security perimeters by feeding maliciously crafted text directly into an agent's processing stream. </p><p>This essentially tricks the AI into overriding its core system instructions and executing the attacker’s commands as if they were legitimate tasks. In an enterprise environment where agents hold permissions to access CRMs, process invoices, or alter databases, a successful injection can instantly turn a helpful digital assistant into an undetected insider threat.</p><p>Through prompt injection, agents can be instructed to exfiltrate data or escalate their privileges.  An agent designed to access a <a href="https://www.techradar.com/best/the-best-customer-database-software-of-year">customer database</a> for legitimate analysis could, if compromised, be instructed to copy and transmit that entire database to an external server. Similarly, privilege escalation becomes a major concern, as an agent with limited permissions could probe the network for vulnerabilities or exploit a flaw to grant itself higher levels of access, effectively becoming a rogue administrator.</p><p>AI-to-AI interactions present a new frontier of security risk. As one business’s AI agents begin to interact with agents from partners or customers, the potential for supply-chain compromise grows exponentially. Without a way to verify the identity of the interacting agent, every AI-to-AI connection becomes a potential security blind spot.</p><h2 id="building-a-framework-for-agentic-trust">Building a framework for agentic trust</h2><p>In the emerging agent economy, trust hinges on answering three questions, only two of which today's standards meaningfully address: “who is this agent?” (addressed by identity primitives like W3C DIDs, increasingly applied to agents), “does this agent have authorization to spend this money on a user's behalf?” (frameworks such as FIDO Alliance-stewarded standards such as AP2 and Verifiable Intent, contributed by Google and Mastercard), and finally “what is this agent's reputation and track record?”, a question the current standards stack leaves open.</p><p>Together, they form the essential trust and <a href="https://www.techradar.com/news/best-mobile-payment-app">payment</a> stack required to move agentic commerce from experimental sandboxes to mainstream, high-value transactions. Zero trust architecture is also more critical than ever for securing systems against agentic threats. An agent's identity must be re-verified for every single transaction or request, and its permissions should be limited to the absolute minimum required for its specific task, based on the principle of least privilege. This means even if a trusted agent is compromised, its ability to cause widespread damage is severely restricted.</p><p>This same logic extends well beyond the corporate perimeter, in both directions. On one side, AI agents are beginning to transact on behalf of consumers: booking, buying, paying, returning. On the other, businesses are deploying agents to fulfil those same orders, onboard new customers, automate supply chains, and run entire back-office functions. What's emerging is a new trust triangle between consumers, businesses, and agents, operating simultaneously on both sides of every interaction.</p><p>In that world, agent identity becomes a commercial problem as much as a security one. A business needs to know that the agent placing an order holds a valid, scoped mandate from a real human who authorized it to act. But equally, a consumer's agent needs confidence that the business agent fulfilling that order is legitimate, authorized, and traceable. Trust has to flow in both directions, and at machine speed. That's a verification challenge of a fundamentally different order to anything we've dealt with before, and one the industry is only beginning to standardize through frameworks like FIDO's Agentic Payments Protocol. Getting KYA right is foundational to enabling a function agent economy.</p><p>Finally, businesses need systems that continuously monitor agent behavior to create a baseline of normal activity, making it possible to spot anomalous actions. If an agent suddenly attempts something outside its regular function, such as accessing a new database, connecting to an unusual IP address, or executing commands at a much higher frequency, this behavior should instantly trigger an alert and, potentially, an automatic suspension of the agent’s permissions.</p><h2 id="trust-as-a-catalyst-for-innovation">Trust as a catalyst for innovation</h2><p>Some technology leaders hold the view that strict security measures are a barrier to innovation, however in reality the opposite is true. By building trust and safeguards into AI agents from the ground up, businesses can innovate without fear. They can confidently deploy agentic solutions to drive efficiency, reduce operational costs, and unlock new revenue streams, all without exposing themselves to the catastrophic risks of uncontrolled autonomy.</p><p>The agentic AI era is here, and it has the potential to reshape how enterprises operate. Autonomy without oversight is liability, but autonomy with verified identity, scoped mandates, and continuous trust signals is the foundation of a new commercial layer. As agent architectures mature, trust certification will become a precondition for being transacted with at all. KYA isn't a security cost. It's how you stay in the game.</p><p><em></em><a href="https://www.techradar.com/news/the-best-ecommerce-platform"><em>We feature the best ecommerce platforms</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Almost half of ransomware victims have data stolen before they can even detect an intrusion ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/almost-half-of-ransomware-victims-have-data-stolen-before-they-can-even-detect-an-intrusion</link>
                                                                            <description>
                            <![CDATA[ Hackers are getting better at hiding and stealing files without raising alarms. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Hd8JzdR7bXBBwF9wxPm2vD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 19:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ransomware]]></media:description>                                                            <media:text><![CDATA[Ransomware]]></media:text>
                                <media:title type="plain"><![CDATA[Ransomware]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>ExtraHop’s Global Threat Landscape Report shows 49% of ransomware victims only detected attacks after data theft, up from 31% last year</strong></li><li><strong>Average dwell time before detection is 2.5 weeks; attackers exploit encrypted channels, valid accounts, and alert fatigue to evade defenses</strong></li><li><strong>Ransom payments fell from $3.6M to $2.8M, but payment frequency rose sharply, with 83% of surveyed victims paying in 2026 vs. 70% in 2025</strong></li></ul><p>Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever. </p><p>Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of organizations that were struck by <a href="https://www.techradar.com/best/best-ransomware-protection" target="_blank">ransomware</a> did not detect the threat until after the data was stolen.</p><p>This is up from 31% a year ago, ExtraHop stressed, showing the improvement criminals made within just 12 months. </p><h2 id="several-factors">Several factors</h2><p>On average, cybercriminals have 2.5 weeks of quiet time before being spotted in ransomware incidents, the report stated. Furthermore, 14% of victims were unaware of an attack until receiving a ransom demand, which is also up from 6% a year ago.</p><p>“Prolonged dwell times often parallel a highly complex threat environment where critical alerts are obscured,” ExtraHop said in a press release shared with TechRadar Pro. The researchers uncovered several factors that led to delays in investigating critical alerts, including attackers using encrypted channels (41%), attacker activity mirroring legitimate workflows and processes (38%), using valid, high-privilege account permissions (34%), and alert fatigue (30%). Undermined baseline behavior also enabled anomalous actions to fly under the radar (27%). </p><p>The good news is that the average ransom payment dropped year-on-year, from $3.6 million down to $2.8 million. However, the bad news is that the payment frequency spiked. While in 2025 70% of respondents paid a ransom, this year 83% have done the same, at least among ExtraHop’s respondents.</p><p>When <a href="https://www.techradar.com/pro/security/ransomware-payments-drop-to-record-low-even-as-attacks-surge" target="_blank">Chainalysis</a> ran a similar survey recently, it said that in 2025 the number of successful ransomware attacks grew, while the number of payments remained relatively flat, meaning that in absolute numbers - there were fewer companies paying ransomware attackers.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Chinese cybersecurity company 360 unveils “China's version of Mythos”, and Yitianzhen, to automate cyber defense ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/chinese-cybersecurity-company-360-unveils-chinas-version-of-mythos-and-yitianzhen-to-automate-cyber-defense</link>
                                                                            <description>
                            <![CDATA[ China "cannot afford to wait", the company says, as Mythos finds more and more flaws. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nGjAzTcRfdkNnLbQCY3xQf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 17:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:description>                                                            <media:text><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:text>
                                <media:title type="plain"><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>At ISC.AI 2026, China’s 360 Security Technology unveiled “Yitian Tulong,” two AI models for vulnerability discovery and automated defense</strong></li><li><strong>Founder Zhou Hongyi described Tulongfeng as the “Chinese Mythos,” claiming it found 3,432 flaws, with 105 confirmed by the government</strong></li><li><strong>Zhou acknowledged a 20–30% capability gap vs. US models, but stressed building a professional attack‑and‑defense team over reliance on a single “genius hacker” approach</strong></li></ul><p>A Chinese cybersecurity company recently unveiled two Artificial Intelligence (AI) models, one of which is supposed to be the country’s answer to Anthropic's Mythos.</p><p>Mythos is an advanced <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI model</a> that can surface and exploit software vulnerabilities at scale and is currently only available to a couple dozen major US firms because it is allegedly too powerful (and thus dangerous) to be shared with everyone. </p><p>During the ISC.AI 2026 cybersecurity conference, which was held at the Beijing National Convention Center on June 24, 2026, Chinese cybersecurity company 360 Security Technology unveiled two tools collectively called “Yitian Tulong”, Reuters reports.</p><h2 id="taking-a-different-approach">Taking a different approach</h2><p>Yitial Tulong comprises two AI models: Tulongfeng, and Yitianzhen. According to founder Zhou Hongyi, the former is the “Chinese Mythos”, while the latter is a way to automate defense and incident response. </p><p>"This kind of powerful weapon that can change the landscape of cyber offence and defense cannot be held ⁠only by others," Zhou allegedly said during the presentation. </p><p>Claims about the capabilities of these models cannot be independently verified, and in the case of Yitian Tulong, will probably never be. The company said Tulongfeng found 3,432 software flaws, including 105 allegedly confirmed by the Chinese government. </p><p>Zhou also discussed taking a different approach compared to the US - a country which relies on “the strongest model, the strongest computing power, and the strongest chips”.</p><p>"Objectively speaking, domestic models still have a 20%-30% gap in base capability," Zhou said. "China cannot wait until model capabilities have fully caught up before starting ​vulnerability discovery, because we cannot afford to wait."</p><p>According to Zhou, 360 is building a “professional attack-and-defense team”, rather than “just” a single genius hacker: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes," he said. "If the U.S. route is to cultivate a genius hacker, 360's route is to organise a professional attack-and-defense ⁠team."</p><p><em>Via </em><a href="https://www.reuters.com/legal/litigation/chinas-360-says-it-has-developed-tools-match-anthropics-mythos-2026-06-24/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ '27 million stolen login credentials have been recovered': Global coordinated takedown hits SocGholish, Amadey, and StealC malware networks where it hurt ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/27-million-stolen-login-credentials-have-been-recovered-global-coordinated-takedown-hits-socgholish-amadey-and-stealc-malware-networks-where-it-hurt</link>
                                                                            <description>
                            <![CDATA[ EUROPOL and national law enforcement agencies struck three major MaaS platforms, froze money and servers, and cleaned websites. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3aH5bGcNCmgAYwLxtCQJUm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 15:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:description>                                                            <media:text><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:text>
                                <media:title type="plain"><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>EUROPOL’s Operation Endgame froze $47M in cryptocurrency and dismantled infrastructure for SocGholish, Amadey, and StealC malware</strong></li><li><strong>326 servers, 142 domains, and 14,971 infected websites were taken down, disrupting distribution networks and recovering 27M credentials</strong></li><li><strong>No arrests were made; experts warn such disruptions often only temporarily halt criminal operations before infrastructure is rebuilt</strong></li></ul><p>Millions of dollars in cryptocurrency were frozen, and hundreds of servers taken down, in a sweeping operation by EUROPOL and multiple national law enforcement agencies against cybercriminals.</p><p>Over the last couple of weeks, EUROPOL ran Operation Endgame, together with law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States. Multiple private companies, including Microsoft, participated as well.</p><p>The goal was the dismantling of digital infrastructure used by three distinct hacking operations: SocGholish, Amadey, and StealC. These are known malware variants, granting attackers backdoor access, and stealing valuable secrets from compromised devices.</p><h2 id="shutting-down-servers-and-cleaning-websites">Shutting down servers and cleaning websites</h2><p>SocGholish, for example, is a sophisticated JavaScript downloader and loader, linked to a Russian Malware-as-a-Service (MaaS) operation called Evil Corp. </p><p>During the operation, the police managed to identify and freeze $47 million in cryptocurrencies. It cannot access or retrieve these funds, but by freezing them, it effectively removed them from circulation. Around 27 million login credentials were also recovered as part of this operation.</p><p>Furthermore, law enforcement shut down 326 servers and 142 domains that were used to host and distribute the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a>. This, EUROPOL says, “severely crippled” the malware’s distribution network: “By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover.”</p><p>EUROPOL also said that by taking down SocGholish, 14,971 infected websites were “remediated”. These are legitimate sites, belonging to different businesses such as restaurants, auto repair shops, and others, but were compromised and used as launchpads for malware delivery. </p><p>Sadly, no arrests have been made, and EUROPOL did not say if key players of these groups were even identified. Usually, disruptions such as this one only momentarily stop malicious activities, which resume in a few weeks once the infrastructure is rebuilt. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Edge users beware — this malicious extension can break out of the sandbox and install ransomware ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/edge-users-beware-this-malicious-extension-can-break-out-of-the-sandbox-and-install-ransomware</link>
                                                                            <description>
                            <![CDATA[ Hackers found a way to get an Edge extension to do their bidding. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZW8e2HVDrnR2AMfRNTKep3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 14:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg">
                                                            <media:credit><![CDATA[Tada Images / Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:description>                                                            <media:text><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:text>
                                <media:title type="plain"><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Zscaler uncovered “Edgecution,” a malicious Edge extension deployed via fake Outlook update sites shared in Teams phishing</strong></li><li><strong>Attack uses ZIP archives with Python runtime to escape browser sandbox, creating a backdoor capable of shell/PowerShell execution and system data theft</strong></li><li><strong>Believed linked to Initial Access Brokers tied to ransomware group Payout Kings, showing evolving sophistication in access‑for‑sale operations</strong></li></ul><p>If you are using the Edge browser be careful - there is a malicious campaign going round that uses the <a href="https://www.techradar.com/best/browser" target="_blank">browser</a> to deploy a backdoor via an extension.</p><p>According to security researchers Zscaler, scammers are reaching out to their victims via Microsoft Teams, pretending to be IT support. They claim the user needs to install an Outlook update, or a spam filter, and direct the victims to a fake “Outlook Updates Management Console” website. </p><p>There, the users are instructed to run one of the three provided processes, all of which download a ZIP archive that, when executed, creates a scheduled task. This task starts the Edge browser in headless mode (invisible to the user) and installs an extension officially called “Edge Monitoring Agent”. Zscaler, on the other hand, calls it “Edgecution”.</p><h2 id="creating-a-native-messaging-manifest">Creating a Native Messaging manifest</h2><p>The ZIP archive also contains an embedded Python runtime and a Python-based <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">backdoor</a>. The runtime creates a Native Messaging manifest - a file that tells the browser how to communicate with the backdoor. That’s the way the threat actors managed to escape the browser’s sandbox and run the backdoor on the compromised computer itself. </p><p>That backdoor can do multiple things, from executing shell commands, to running PowerShell and arbitrary Python code. It can also write files on the host, enumerate running processes, and gather system information. </p><p>Zscaler believes this is the work of an Initial Access Broker (IAB), a malicious group whose only job is to obtain access to a victim’s infrastructure and then sell it - or share it with a partnering group. This particular IAB, the researchers believe, is connected to a ransomware operation called Payout Kings. </p><p>“The Edgecution browser extension illustrates the evolving sophistication of initial access brokers operating in the ransomware landscape,” Zscaler warns. “The reliance on a malicious browser extension to relay commands to a Python-based native host demonstrates a creative approach to evade traditional endpoint detection.”</p><p>A full list of Indicators of Compromise (IoC) can be found on <a href="https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution" target="_blank">this link</a>.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Multiple malicious OpenClaw skills found online - including two macOS infostealers ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/multiple-malicious-openclaw-skills-found-online-including-two-macos-infostealers</link>
                                                                            <description>
                            <![CDATA[ Criminals found yet another marketplace to infect and use as a launchpad for malware delivery. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vFgwHmcERf3Dv9c4J9df9G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 12:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png">
                                                            <media:credit><![CDATA[Fortune]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft OpenClaw]]></media:description>                                                            <media:text><![CDATA[Microsoft OpenClaw]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft OpenClaw]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Palo Alto Networks’ Unit 42 found five malicious “skills” on ClawHub, OpenClaw’s official marketplace, delivering infostealers and fraud</strong></li><li><strong>Threat actors bypassed VirusTotal/ClawScan checks with inflated file sizes and evasive techniques, showing persistent supply chain risk</strong></li><li><strong>All malicious skills were removed and accounts banned; researchers urge strict provenance validation and source code audits for published packages</strong></li></ul><p>ClawHub is the latest marketplace hackers are poisoning with malware, in an attempt to compromise software developers and other advanced users. Earlier this week, security researchers from Palo Alto Networks’ Unit 42 team disclosed finding, and reporting, five “skills” on that marketplace, that sought to infect their users with infostealer <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a>. </p><p>First a little context: OpenClaw (originally published as Clawd/Clawdbot) was released in November 2025. It is an <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">open-source agent</a> platform that performs actions on a computer, such as browsing the web, or managing files, instead of simply answering questions like a chatbot. To perform different actions, OpenClaw must first learn how to do them, which is done through “skills” - add-ons that extend the agent’s capabilities.</p><p>Soon after, ClawHub was born - the official marketplace and registry for OpenClaw skills and plugins, attracting not just the AI developer community, but cybercriminals, as well. Early reports, published in February this year, forced OpenClaw to integrate VirusTotal and ClawScan, to better protect the community and allow proactive screening of published skills.</p><h2 id="persistent-and-evasive-malicious-skills">Persistent and evasive malicious skills</h2><p>However, Unit 42 says this didn’t stop threat actors, and that it has since discovered multiple “persistent and evasive malicious skills” on the platform. </p><p>In total, the researchers discovered five skills, including two that delivered the AMOS infostealer, one that came with an inflated file size to trick scanners, and two that were essentially commission fraud, abusing the fact that an AI agent can make decisions and perform actions on behalf of the user. Details on all five can be found on <a href="https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/" target="_blank">this link</a>.</p><p>All five were since reported to ClawHub, and OpenClaw had them removed and the accounts behind them banned. </p><p>Unit 42 recommends organizations use a “rigorous supply chain verification framework” to remain secure: “We identified that skill execution occurs within the agent process. This necessitates active validation of publisher provenance and a line-by-line audit of package source files.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Deepfake as a service' sees 39% spike in dark web conversations — and experts fear it will fuel the next wave of “fake boss” scams ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/deepfake-as-a-service-sees-39-percent-spike-in-dark-web-conversations-and-experts-fear-it-will-fuel-the-next-wave-of-fake-boss-scams</link>
                                                                            <description>
                            <![CDATA[ Businesses must prepare for what's coming by focusing on prevention and employee education. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uqGUzUHZcRV9JjCB8DpwmK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 17:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png">
                                                            <media:credit><![CDATA[Gemini]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:description>                                                            <media:text><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:text>
                                <media:title type="plain"><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>NordStellar found 924 dark‑web posts about deepfakes‑as‑a‑service (DFaaS) Jan–May 2026, up 39% year‑on‑year</strong></li><li><strong>Rising interest driven by generative AI advances, enabling hyper‑realistic “fake boss” scams and lowering barriers for attackers</strong></li><li><strong>Experts urge prevention through employee education and monitoring for leaked company data to reduce risk of targeted deepfake attacks</strong></li></ul><p>The interest in deepfakes-as-a-service (DFaaS) among criminals is growing, and the cybersecurity community is worried it might fuel the next wave of “fake boss” scams.</p><p>This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, the researchers found that between January and May this year, there were 924 posts about DFaaS, up 39% compared to the same period last year, when there were 663 similar posts.</p><p>“The rapid growth in popularity of deepfakes as a service is likely accelerated by advancements in generative AI, which help cybercriminals in two ways — by speeding up the creation of deepfakes and making them hyper-realistic,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to entry for deepfake technology, enabling threat actors to deploy highly deceptive attacks at a larger scale, regardless of their personal technical skill set.”</p><h2 id="how-to-defend-against-convincing-deepfake-attacks">How to defend against convincing deepfake attacks?</h2><p>Experts are worried the rising interest might result in more “<a href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">fake boss</a>” scams which, at that, would be even more difficult to spot. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has for years been among the most lucrative tactics in the criminal underworld. According to the FBI, BEC was the second costliest tactic last year, with company losses exceeding $3 billion (up 11% compared to 2024). </p><p>Defending against highly convincing deepfake images and videos might not be easy, but it certainly isn’t impossible. Noreika suggests businesses should focus on prevention and employee education, since they cannot control whether crooks target them or not. </p><p>“The more details and access attackers obtain, the easier it is for them to craft highly realistic, targeted attacks,” says Noreika. “Monitoring the dark web for leaked company information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as intel.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Vulnerabilities uncovered in secret US government systems and software during testing of Anthropic Mythos ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/vulnerabilities-uncovered-in-secret-us-government-systems-and-software-during-testing-of-anthropic-mythos</link>
                                                                            <description>
                            <![CDATA[ The US Government confirmed what the community already knows - Mythos is a true beast. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">E4KAsTKAfsByohfTR8cSML</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 16:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:description>                                                            <media:text><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Senator Mark Warner testified NSA confirmed Mythos Preview identified vulnerabilities in nearly all classified systems within hours during a controlled exercise</strong></li><li><strong>US officials clarified Mythos found flaws rapidly rather than exploiting them, but the capability still raises major concern</strong></li><li><strong>Anthropic withheld public release, sharing only with select firms; Mozilla and others validated its potency, with thousands of critical bugs uncovered in weeks</strong></li></ul><p>We now have another witness claiming <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">Mythos Preview</a> is able to break into protected systems fast and this one is none other than a high-ranking member of the US Government.</p><p>According to the Associated Press, Senator Mark Warner of Virginia testified in front of a congressional hearing this month, saying he was informed by National Security Agency (NSA) chief Joshua Rudd that Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”</p><p>It’s worth mentioning here that the break-in was controlled, since it was part of an exercise done by the Anthropic team and the intelligence agency.</p><h2 id="how-powerful-is-mythos">How powerful is Mythos?</h2><p>The Associated Press dug deeper, and was informed by an unidentified US official that Mythos merely found vulnerabilities within hours, not necessarily exploited them. Still, identifying a vulnerability that theoretically can be exploited for attacks against protected US Government systems should be cause for concern on its own. </p><p>Mythos is an advanced AI model built by Anthropic, first introduced in early April this year. However, the company decided not to share it with the general public because it was apparently too capable of discovering and leveraging software vulnerabilities.</p><p>Instead, Anthropic shared it with a handful of major corporations, to help them secure their systems before cybercriminals can use the tool. Since then, multiple companies came forward to confirm Mythos’ potency, including Mozilla, which said the tool was “<a href="https://www.techradar.com/pro/mozilla-says-anthropics-mythos-is-every-bit-as-capable-as-the-worlds-best-security-researchers-after-firefox-experiment-and-says-the-zero-days-are-numbered" target="_blank">every bit as capable</a>” as the world’s best security researchers.</p><p>Mozilla said that with the help of Mythos, it was able to ship more than 400 Firefox security bugs in April alone. </p><p>A month later, Anthropic said the 50 companies using the tool discovered <a href="https://www.techradar.com/pro/security/after-one-month-most-partners-have-each-found-hundreds-of-critical-or-high-severity-vulnerabilities-anthropic-claims-mythos-has-found-over-ten-thousand-major-security-vulnerabilities-across-the-most-systemically-important-software-in-the-world" target="_blank">more than 10,000</a> critical and high-level security vulnerabilities in roughly two months’ time. </p><p>“Several have told us that their rate of bug-finding has increased by more than a factor of ten,” the company said. “For instance, Cloudflare has found 2,000 bugs (<a href="https://www.techradar.com/pro/security/mozilla-says-anthropics-mythos-preview-and-other-ai-models-helped-it-identify-and-ship-423-firefox-security-bug-fixes-in-just-one-month" target="_blank">400 of which are high- or critical-severity</a>) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”</p><p><em>Via </em><a href="https://www.reuters.com/business/anthropics-mythos-model-found-vulnerabilities-classified-us-government-systems-2026-06-24/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 87% of cybersecurity managers say quick compliance programs are actually increasing risk and making businesses less resilient ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/87-percent-of-cybersecurity-managers-say-quick-compliance-programs-are-actually-increasing-risk-and-making-businesses-less-resilient</link>
                                                                            <description>
                            <![CDATA[ Security professionals are skeptical if the speed comes at the expense of actual business resilience. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xnUzWbMFJxMtv3g4Caau2f</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 13:10:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg">
                                                            <media:credit><![CDATA[Thapana Onphalai via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:description>                                                            <media:text><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:text>
                                <media:title type="plain"><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>IO research shows 87% of UK cybersecurity managers doubt the credibility of speed‑focused certification programs</strong></li><li><strong>Rapid, automated compliance creates a false sense of security, with certifications like ISO 27001 not guaranteeing resilience</strong></li><li><strong>Experts stress continuous monitoring and human oversight, as automated recommendations and evidence still need validation and interpretation</strong></li></ul><p>Speed-focused compliance programs could help businesses get cybersecurity certifications quicker, but security professionals are skeptical if the speed comes at the expense of actual business resilience. </p><p>This is according to new research from resilience specialists IO, which claims that 87% of senior cybersecurity managers in the UK believe the speed at which certification is achieved affects its credibility. </p><p>According to the report, compliance initiatives that are either heavily automated or compressed into short timeframes are creating a false sense of security. Certifications like ISO 27001 might help companies win contracts and maintain an image, but researchers are warning that certification alone does not guarantee actual operational resilience. </p><h2 id="gaps-in-security-posture">Gaps in security posture</h2><p>“Organizations that focus on achieving certification as quickly as possible are at risk of leaving gaps in their security posture,” says Chris Newton-Smith, CEO of IO. “Certification can open doors to new contracts and demonstrate commitment to recognised standards but treating certification as the end goal rather than the outcome of establishing and embedding effective compliance is more often than not at the expense of long-term resilience. Businesses must treat compliance not as a tick-box exercise but an evolving, iterative, and business critical project.”</p><p>Polling 251 cybersecurity managers in the UK, IO found that 31% consider continuous controls monitoring as the strongest indicator of compliance resilience. At the same time, a fifth (21%) said certifications could reflect security controls at the time of an audit, but could soon after become obsolete. </p><p>IO also stressed the importance of human expertise in these programs. Almost half (45%) of the respondents said human involvement is still essential when evaluating if automated compliance recommendations are still relevant and accurate, and another third (33%) said complex regulations still need human interpretation. </p><p>Finally, 32% stressed the importance of human in validating compliance evidence generated by automated systems. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Organised crime operating like a tech startup': EvilToken PHaaS group ramp up AI-enabled attacks by 1,380% in 2026 ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/organised-crime-operating-like-a-tech-startup-eviltoken-phaas-group-ramp-up-ai-enabled-attacks-by-1-380-percent-in-2026</link>
                                                                            <description>
                            <![CDATA[ AI is used for more than just scaling - it enabled personalization at an unprecedented level. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6qoys784Jwtsumx53H7bdD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 12:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg">
                                                            <media:credit><![CDATA[weerapatkiatdumrong / Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:description>                                                            <media:text><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:text>
                                <media:title type="plain"><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Huntress report highlights “EvilTokens” PhaaS scaling phishing attacks 1,380% in early 2026 compared to last year</strong></li><li><strong>AI integration enables per‑victim personalization at scale, bypassing MFA, with subscription tiers from $600 to $1,500</strong></li><li><strong>Service sold openly on Telegram, showing how PhaaS now operates like a startup with cheap, powerful attack capabilities</strong></li></ul><p>Cybercriminals offering phishing-as-a-service (PhaaS) are increasingly operating like a tech startup, and a good one, at that. They are also using Artificial Intelligence (AI), which helped them scale significantly. This is according to a new report from cybersecurity researchers Huntress, called “EvilTokens and the Rise of AI-Powered Phishing”.</p><p>In the report, Huntress claims that this particular PhaaS operation, called EvilTokens, was used to run 1,380% more phishing attacks in early 2026 compared to the same period last year. </p><p>“We’re seeing a clear maturation of the phishing-as-a-service (PhaaS) market as threat actors increasingly integrate AI workflows into their product offerings,” the report reads. “The result is directly observable in our telemetry: a 1,380% increase in device code phishing attacks detected between July–December 2025 and January–April 2026, with over 50% of those incidents linked to two major waves of correlated incidents.”</p><h2 id="a-cheap-service">A cheap service</h2><p>“Furthermore, across hundreds of incidents associated with EvilTokens, no two phishing lures were identical. This level of per-victim personalization was previously limited to targeted, manually crafted campaigns. Now, it’s achievable at scale by any threat actor at the price of a subscription service”</p><p>So, AI is not only used to scale the operation, but it is also used for personalization at an unprecedented level. At the same time, the service is relatively cheap to use: it is being sold on Telegram for as little as $600.</p><p>If this sounds like a lot, keep in mind that a single successful phishing attack is enough to steal data worth hundreds of thousands on the black market, or even millions - in ransom negotiations.</p><p>EvilTokens’ service is tiered, too. The cheapest package costs $600, while two more expensive ones cost $1,000 and $1,500, respectively. For criminals, it is likely worth the investment, since this PhaaS is capable of bypassing multi-factor authentication, as well. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LastPass confirms data breach after hacker compromises supply chain — here's what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-know</link>
                                                                            <description>
                            <![CDATA[ Plenty of personal data obtained, but passwords seem to be safe. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YLZZHhV78hiaRnFhwZW28c</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 10:12:32 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png">
                                                            <media:credit><![CDATA[LastPass]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[LastPass]]></media:description>                                                            <media:text><![CDATA[LastPass]]></media:text>
                                <media:title type="plain"><![CDATA[LastPass]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environment</strong></li><li><strong>Customer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains high</strong></li><li><strong>Threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impacted</strong></li></ul><p>Password manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.</p><p>As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there. </p><p>“On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,” LastPass said.</p><h2 id="compromising-names-and-emails">Compromising names and emails</h2><p>"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”</p><p>“The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.”</p><p>Further in the report, the <a href="https://www.techradar.com/best/password-manager" target="_blank">password manager</a> said the attackers most likely accessed customer names, phone numbers, email addresses, postal addresses, support case information, and sales/CRM-related data. </p><p>Passwords, including the master password, were most likely not exposed. However, criminals can use the data they obtained to launch phishing attacks, through which they might trick the victims into sharing those secrets, as well. </p><p>LastPass is now urging customers to remain vigilant and be careful with incoming messages, particularly those claiming to come from the company. </p><p>According to <em>BleepingComputer</em>, the Klue supply chain attack was claimed by a threat actor called Icarus, which apparently used compromised legacy credentials for an integration service to breach the intelligence platform. </p><p>Besides LastPass, a number of other organizations are affected as well, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass has now disabled employee access to Klue.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘Travelers are getting better at spotting obvious scams' — but experts warn Airbnb scams are on the rise as summer arrives ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/travelers-are-getting-better-at-spotting-obvious-scams-but-experts-warn-airbnb-scams-are-on-the-rise-as-summer-arrives</link>
                                                                            <description>
                            <![CDATA[ As summer travel peaks, experts warn of Airbnb scams exploiting verified host accounts to trick users into fake vacations. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7XmXUDBXn3r3R4jkjMNZ8j</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 00:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock / Iryna Kalamurza]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:description>                                                            <media:text><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:text>
                                <media:title type="plain"><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Airbnb scams have surged 30x since 2023, including a sharp rise this year</strong></li><li><strong>Criminals hijack legitimate host accounts to to trick holidaymakers</strong></li><li><strong>Staying safe isn't so straightforward as threats evolve</strong></li></ul><p>Airbnb-related scam activity has increased 30x since the first half of 2023, according to new research from Saily and NordStellar, confirming that cybercriminals continue to go after holidaymakers seeking the best deals amid rising prices.</p><p>The report ultimately concludes that attackers are now targeting the trust built by larger platforms, saving them from having to build new identities from scratch.</p><p>And to top it all off, the nature of scams is also changing, as instead of using suspicious websites to obtain victim payments or information, criminals are now targeting legitimate Airbnb host accounts which have spent years amassing positive reviews and high ratings.</p><h2 id="exploiting-legitimate-accounts-and-hijacking-trust">Exploiting legitimate accounts and hijacking trust</h2><p>While the end goal remains high volumes of vulnerable consumers, scammers have added an extra layer of victim in their pipeline. Verified Airbnb hosts are now valuable assets for criminals because they already have identity verifications, positive reviews, booking histories, years of activity and established credibility.</p><p>Once the verified account is compromised, attackers can then go on to scam higher volumes of unsuspecting victims by posting – and charging for – fake property listings.</p><p>“Travelers are getting better at spotting obvious scams,” Saily Head of Product Matas Cenys said. “Criminals know this, so they are increasingly trying to steal trust instead of building fake trust from scratch.”</p><p>Where this type of attack differs from others, though, is that the victims never leave the platform. Rather than falling victim to phishing attacks and being redirected to malicious external sites, they interact fully with supposed legitimate hosts on the Airbnb platform.</p><p>While Airbnb attacks have seen a 30x increase in around three years and a sharp rise in the last year alone, they reflect a much broader trend of attackers compromising existing trusted accounts.</p><p>The recent ramp-up in attacks could also be tied to the summer season, with holidaymakers looking to book last-minute deals in the run-up to the summer season. Urgency and pressure to keep costs low also adds to criminals’ success.</p><p>“Everything looks normal until they arrive at their destination and discover the accommodation never existed," Cenys added.</p><h2 id="how-to-protect-yourself-from-booking-scams">How to protect yourself from booking scams</h2><p>Saily is recommending that all communication stays within the booking platform and that customers avoid payment methods suggested outside of official channels. Unusually attractive listings in high-demand destinations could also be taken with a pinch of salt, and savvy shoppers may choose to reverse image search a property to double check its authenticity.</p><p>“As travel booking becomes increasingly digital, trust becomes one of the most valuable currencies in the travel ecosystem,” Cenys warned.</p><p>As for abusing victim trust, researchers also argue that AI has aided attacks by allowing criminals to produce better fake listings more quickly.</p><p>More generally, Airbnb revealed that two in five Americans have fallen victim for an online scam, with the average loss totalling nearly $2,000. The company has introduced measures to remind its users how to avoid scams, including introducing identity verification and reminders not to leave the platform, but account takeovers can still slip under the radar.</p><p>Airbnb also holds guest payments until 24 hours after check-in to ensure that everything is as described. Anti-fraud tech also prevented around 265,000 suspicious listings from appearing on the platform in 2025, the company boasted.</p><p>The company <a href="https://news.airbnb.com/partnering-with-experts-on-tips-to-help-avoid-summer-travel-scams-in-u-s/" target="_blank">posted</a> a comprehensive eight-step list of how to avoid scams on its platform online, calling out pressure tactics and unusual deals.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US healthcare AI platform Xsolis confirms data breach that affects 1.4 million individuals ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/us-healthcare-ai-platform-xsolis-confirms-data-breach-that-affects-1-4-million-individuals</link>
                                                                            <description>
                            <![CDATA[ Social Security numbers and health insurance information nabbed as Xsolis tells its customers to be careful. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gAz4cBUXQQLpm3WEY4yfLR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 17:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:description>                                                            <media:text><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:text>
                                <media:title type="plain"><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Xsolis confirmed a phishing‑enabled breach on Jan 22, 2026, exposing data of 1.39M individuals</strong></li><li><strong>Stolen info includes names, addresses, DOBs, SSNs, health insurance, and medical treatment details; no ransom demands or dark web leaks yet</strong></li><li><strong>Customers offered free credit monitoring and identity theft protection, with warnings to watch for phishing and fraud attempts</strong></li></ul><p>Healthcare technology company Xsolis disclosed a cyberattack in which it lost sensitive data on almost 1.4 million customers.</p><p>Xsolis is a company that uses AI to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notification on its website, saying that it spotted the intrusion on January 22, 2026.</p><p>Apparently, after a successful phishing attack on one of its employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to exfiltrate people’s names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.</p><h2 id="almost-1-4-million-victims">Almost 1.4 million victims</h2><p>This level of information is more than enough information to target these individuals with phishing or even <a href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">steal their identity</a> for more disruptive attacks elsewhere.</p><p>In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 individuals were affected by this breach.</p><p>“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We also implemented additional safeguards to further enhance the security of information in our possession and to help prevent similar incidents from occurring in the future.”</p><p>So far, there is no evidence of the data being used in follow-up attacks, or being offered on the dark web. No threat actors have yet claimed responsibility for the attack, and no one has yet demanded ransom in exchange for the files. </p><p>Xsolis told its customers to be wary of incoming messages, especially those pretending to be from the company, or using it in any other context. Customers are also offered free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New WhatsApp phishing campaign allows for remote access from a single business document ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/new-whatsapp-phishing-campaign-allows-for-remote-access-from-a-single-business-document</link>
                                                                            <description>
                            <![CDATA[ WhatsApp users are getting shady documents from their contacts, leading to an infection. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">JRh3tr92xwF7jFh5aPHHcX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 16:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg">
                                                            <media:credit><![CDATA[Anton/Pexels]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WhatsApp on smartphone in a hand]]></media:description>                                                            <media:text><![CDATA[WhatsApp on smartphone in a hand]]></media:text>
                                <media:title type="plain"><![CDATA[WhatsApp on smartphone in a hand]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Kaspersky warns of a WhatsApp phishing campaign spreading malicious VBScript files disguised as business documents</strong></li><li><strong>Running them installs ManageEngine Endpoint Central, giving attackers remote access; filenames localized boosted global reach</strong></li><li><strong>Victims span Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia; compromise method remains unknown</strong></li></ul><p>WhatsApp users beware - there is a phishing campaign ongoing on the platform, seeking to infect your devices with a legitimate, but unsolicited endpoint security platform.</p><p>Security researchers Kaspersky recently published a new report detailing a campaign that starts with a compromised <a href="https://www.techradar.com/phones/7-great-whatsapp-alternatives-for-android-users-google-messages-discord-and-more" target="_blank">WhatsApp</a> account. They could not determine how these accounts got breached but found that they were being used to reach out to the victims’ contacts and share a VBScript file masquerading as business or financial documents.</p><p>People who don’t find it strange that their contacts are suddenly sharing business documents, and end up running them, will get ManageEngine’s Endpoint Central, a unified endpoint management (UEM) and endpoint security platform built to help IT teams manage a fleet of desktops, laptops, servers, mobile devices, and other endpoints, all from a single console.</p><h2 id="two-scripts-one-malware">Two scripts, one malware</h2><p>In this case, however, they wouldn’t be managing anything - they would just be granting remote system access to the attackers. Kaspersky says that the campaign is rather widespread, with victims located across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.</p><p>One of the reasons the campaign was so successful on an international level is because the filenames are localized in multiple languages, Kaspersky added.</p><p>“Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky’s researchers said.</p><p>“At the time of writing, the exact method used to compromise these <a href="https://www.techradar.com/best/best-encrypted-messaging-app-android" target="_blank">WhatsApp accounts</a> remains unknown.”</p><p>Downloading and running the malicious files on Windows result in the deployment of two scripts that first disable UAC protections and then deploy the UEM. Kaspersky also stressed that when users open WhatsApp on the web, they must first download the files, but when they open the desktop client, the files can be executed directly via Windows Script Host. </p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ From alert fatigue to autopilot fatigue: How agentic AI shifts cyber risk ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/from-alert-fatigue-to-autopilot-fatigue-how-agentic-ai-shifts-cyber-risk</link>
                                                                            <description>
                            <![CDATA[ Agentic AI is reshaping how security teams need to think about risk. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">EWyHKzsWAKPLDiQkUZx7sZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5rDPr5xYvLwnkP7ZvpR2w3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 14:54:53 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Fielder ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5rDPr5xYvLwnkP7ZvpR2w3-1280-80.jpg">
                                                            <media:credit><![CDATA[sarayut Thaneerat/ via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website]]></media:description>                                                            <media:text><![CDATA[Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website]]></media:text>
                                <media:title type="plain"><![CDATA[Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5rDPr5xYvLwnkP7ZvpR2w3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>For a long time, <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> teams have been dealing with the same problem: a constant stream of security alerts, but not enough context. </p><p>Missing details like user behavior, asset importance, or related activity, means there’s a heavy reliance on analysts to work out what actually matters. </p><p>This doesn’t just slow teams down; it puts real pressure on teams and limits how much they can realistically review or understand.</p><p>Agentic AI changes this dynamic. </p><p>Instead of looking at alerts in isolation, these systems can piece activity together, understand what’s happening in context, and in some cases take action on their own. </p><p>Often, issues are resolved before they ever need to be escalated. That removes a lot of the manual effort that’s shaped security operations for years.</p><p>But while a clear improvement, it doesn’t remove risk—it shifts it.</p><h2 id="as-systems-improve-scrutiny-declines">As systems improve, scrutiny declines</h2><p>A useful comparison is aviation. As systems become more reliable, people naturally step back. Not because they’re careless, but because constantly double-checking something that’s almost always right starts to feel unnecessary. Over time, trust stops being something you actively think about and becomes something you assume.</p><p>The same thing is starting to happen in <a href="https://www.techradar.com/best/best-online-cyber-security-courses">cybersecurity</a>. As these systems prove themselves, teams spend less time questioning individual decisions. The environment feels calmer, and the lack of issues reinforces that sense of control. The real risk isn’t frequent failure, it’s that when something does go wrong, it’s less likely to be challenged.</p><p>Alert fatigue comes from having to pay attention to too much, too quickly. What follows is something different: a gradual drop in attention, where growing confidence in the system weakens the instinct to double-check.</p><h2 id="a-model-built-on-two-interdependent-layers">A model built on two interdependent layers</h2><p>The structure of security operations starts to shift as well. Instead of everything hinging on human decision-making, you end up with two connected layers. People set the intent – defining policy, access and boundaries – while agents interpret it and act on it, often much faster than any person could.</p><p>Both layers can be influenced. Traditional attacks aimed at people don’t go away, but there’s now another surface to think about: the data, prompts, and workflows that shape agent behavior. If those inputs are manipulated, the system can still produce actions that look valid, because they follow its internal logic.</p><p>At the same time, the distance between decision and execution increases. Human operators aren’t as involved in the moment an action happens, which makes it harder to spot when something isn’t quite right. In practice, each layer ends up relying on the other for validation. </p><p>When that assumption holds, the system works efficiently. When that works, everything runs smoothly. When it doesn’t, the gap between them can be hard to see in real time.</p><h2 id="how-risk-scales-in-an-agentic-environment">How risk scales in an agentic environment</h2><p>Risk doesn’t just increase in this kind of environment, it spreads differently. Each agent has its own identity, permissions, and decision-making logic, and they’re often connected. Actions taken in one part of the system can trigger responses elsewhere, creating chains of automated behavior.</p><p>That means a single bad input or flawed decision doesn’t stay contained. It can move quickly across systems without anyone stepping in. The issue isn’t just speed, it’s how connected everything is. Small mistakes can have much bigger consequences because they’re carried through multiple layers of automation.</p><h2 id="why-identity-and-access-need-to-change">Why identity and access need to change</h2><p>How agents are set up today adds another layer of risk. In many cases, they’re treated as extensions of the user, with the same credentials and access. It’s convenient, but it also widens the blast radius if something goes wrong.</p><p>A more resilient approach is to treat agents as their own entities. Give them distinct identities, limit what they can do to specific tasks, and make sure their actions can be tracked and reversed if needed, without affecting everything else. </p><p>It’s less about efficiency and more about putting the right foundations in place for systems that are increasingly acting on their own.</p><h2 id="maintaining-control-as-reliance-increases">Maintaining control as reliance increases</h2><p>One of the trickier aspects is that failure doesn’t always look like failure. Fewer alerts and faster resolutions can make it feel like risk has gone down, when in reality oversight may just be less active.</p><p>Staying in control comes down to how these systems are designed and used. High-impact actions still need some form of verification, even if most routine work doesn’t. It also matters that teams can see not just what an agent did, but how it arrived there—what inputs it used and how it interpreted them.</p><p>The ability to step in is just as important. If stopping or overriding an automated process is slow or awkward, it probably won’t happen in time when something goes wrong. That kind of intervention needs to be simple enough to use under pressure.</p><p>More broadly, the role of the security professional shifts. It’s not just about spotting obvious problems anymore, but recognizing when something that looks fine might still need a second look.</p><h2 id="a-quieter-more-concentrated-risk">A quieter, more concentrated risk</h2><p>Agentic AI will do a lot to reduce alert fatigue, which has weighed on security teams for years. The trade-off is that risk becomes less visible and more concentrated in the space between what people intend and what machines actually do.</p><p>In systems that work correctly most of the time, the real challenge isn’t constant failure. It’s what happens when something does go wrong and whether the usual signals that would catch it are still there.</p><p><em></em><a href="https://www.techradar.com/best/firewall"><em>We've reviewed, rated, and ranked the best firewall software</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Meta investigates security concerns of internal mouse-tracking tech used to track employees and train AI ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/meta-investigates-security-concerns-of-internal-mouse-tracking-tech-used-to-track-employees-and-train-ai</link>
                                                                            <description>
                            <![CDATA[ An employee-tracking program will be paused, but no one knows for how long. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">f5mynf9rYaocR8JvywmQun</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 14:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Mark Zuckerberg Meta]]></media:description>                                                            <media:text><![CDATA[Mark Zuckerberg Meta]]></media:text>
                                <media:title type="plain"><![CDATA[Mark Zuckerberg Meta]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Meta paused its internal Model Capability Initiative (MCI) after an employee flagged exposure of sensitive data from mouse movement and activity tracking</strong></li><li><strong>Program allegedly collected prompts, private conversations, performance data, and even tax/medical info in unencrypted form</strong></li><li><strong>Meta says no improper access confirmed but is investigating; some employees still see the program running during the pause</strong></li></ul><p>Meta is pausing an employee-tracking program after one of the employees flagged it as exposing sensitive data.</p><p>The company behind Facebook, Instagram, and WhatsApp, was apparently running an internal program that was tracking employee mouse movements and digital activity. Called Model Capability Initiative (MCI), this program allegedly started in April with the goal of training <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">Meta’s AI models</a> through employee behavior recordings. </p><p>According to a memo released on launch, the purpose of the program was to improve the company’s AI models in areas where they struggled to replicate how humans interacted with computers, such as picking from a dropdown menu, or using different keyboard shortcuts.</p><h2 id="personal-tax-and-medical-information-exposed">Personal tax and medical information exposed?</h2><p>"This is where all Meta employees can help our models get better simply by doing their daily work," the memo said at the time.</p><p>Reuters reported that an employee filed a high-priority security incident report (SEV) over the program’s exposure of employee data, including "full ​prompts and transcriptions, private ​conversations, people & performance ⁠data, DSS sensitivity ratings (1-4)." The same publication also said the program was collecting “more information than initially described” and stored it in unencrypted form. </p><p>"I have accessed both personal tax and medical information through ⁠my ​work computer, as have many thousands of employees,” the employee allegedly said. “​We were told this data would be protected and only used for valid business purposes after aggressive ​filtering."</p><p>Now, Meta confirmed pausing the program to investigate these claims. </p><p>"We have carefully designed this program ​with privacy safeguards and while we have no indication at this time that ​any data was improperly accessed by Meta employees, we're pausing it while we investigate," company spokesperson Tracy Clayton was cited saying. The company did not say for how long the program will be paused but stressed that it would take time to stop it for everyone, so some employees might still see it running. </p><p>As of Monday afternoon, the program was still running for some people, Reuters confirmed. </p><p><em>Via </em><a href="https://www.reuters.com/sustainability/boards-policy-regulation/meta-start-capturing-employee-mouse-movements-keystrokes-ai-training-data-2026-04-21/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>