Hisense Unveils XR10: The Apex Projector, Bringing Cinema into Every Home 

Posted in Commentary with tags on May 8, 2026 by itnerd

Hisense, a leading global brand in consumer electronics and home appliances, has unveiled the XR10, a premium laser projector designed to deliver true cinematic immersion at home. XR10 combines powerful performance with refined design, bringing a big-screen experience into everyday life — whether for movies, gaming or shared family moments.

With 6,000 ANSI lumens, XR10 ensures bright, vivid visuals even in well-lit spaces, so users can enjoy clear, lifelike images from morning news to late-night movies — no need to dim the room. Its industry-widest 0.84–2.0:1 optical zoom and 4K Lossless lens shift (±130% vertical, ±46% horizontal) make setup effortless, projecting perfectly aligned images up to 300 inches, turning any wall into a truly cinematic canvas that adapts naturally to different room layouts.

An advanced Iris Lens boosts viewing contrast up to 60,000:1, automatically adapting to each scene — revealing subtle details in shadow and adding depth and intensity to every highlight, so stories feel more immersive and emotionally engaging, whether you’re watching a blockbuster or a quiet drama.

The experience is further elevated with sound co-engineered with Devialet | Opéra de Paris, creating rich, room-filling audio that brings viewers closer to the action. Powered by Auto Magic AI Adjusting 3.0, along with QuadCam and ToF Smart Sense, XR10 intelligently optimizes picture quality and alignment in real time, enabling a truly effortless plug-and-play experience. An advanced liquid cooling system ensures stable, consistent performance, even during extended viewing sessions, maintaining brightness and image quality over time.

Building on its broader display innovation strategy, Hisense continues to expand large-screen solutions across both home cinema and living room environments. With XR10, Hisense brings cinema closer, more immersive and seamlessly integrated into everyday life, transforming how people experience content at home.

For more information, please visit hisense-canada.com

Leave a comment »

Cybersecurity expert explains Instagram’s bot purge and what users should do next

Posted in Commentary with tags , on May 8, 2026 by itnerd

This week, Instagram users woke up to something that is already being called The Great Purge of 2026, as the platform reportedly removed millions of fake user accounts, affecting many platform users’ follower numbers, including famous influencers and celebrities.

However, this isn’t an isolated event. Major social media platforms are constantly struggling to maintain the authenticity of their user bases. To put this in perspective, recent research from Surfshark shows that the most popular social media platforms collectively remove about 6.3 billion fake accounts and 11.1 billion pieces of spam content every year.

Tomas Stamulis, Chief Security Officer at Surfshark, shared his insights into the situation:

“While I’m convinced that the vast majority of fake accounts removed in Instagram’s latest purge were bots, I’m also sure that many legitimate users were caught in the crossfire. With the rapid evolution of AI, creating and managing bots that mimic human behavior has become incredibly simple. Instagram, being a highly visual platform, is particularly susceptible to this, as AI can easily fake engagement without the need for the complex, context-aware interactions you might see on platforms like LinkedIn.”

Stamulis notes that a purge of this scale wouldn’t be possible without the help of artificial intelligence and notes that while AI can really help with a bot problem, some legitimate accounts might be misidentified as bots in the process.

“No AI system is without its flaws, and a purge of this scale inevitably means that legitimate users get flagged as bots. A fundamental drawback of any AI system lies in its reliance on the data it was trained on. If the training data is biased or certain legitimate behaviors are underrepresented, the AI can misinterpret the actions of real users as inauthentic. For instance, if an individual consistently follows a large number of new accounts in a short period due to a niche interest or an event, the AI might interpret this as bot-like behavior, when in reality, it’s an authentic user action. These ‘false positives’ can lead not only to temporary inconvenience but also to lost revenue for businesses or damaged reputations for creators.”

If your legitimate Instagram account was impacted by the recent Instagram bot purge, a cybersecurity expert shared a few tips:

“First, immediately document everything by taking screenshots of your profile, follower count, and any notifications or error messages, as this evidence is crucial for your appeal. While going through Instagram’s official appeal process, avoid third-party services, as these can also be flagged as bot behavior. Be clear, concise, and human in your language, explaining your situation.”

Leave a comment »

SOCRadar positioned as a Leader and Emerging Innovator in the SPARK Matrix: Digital Threat Intelligence Management, 2026 by QKS Group

Posted in Commentary with tags on May 7, 2026 by itnerd

QKS Group announced today that it has named SOCRadar as a leader in theSPARK Matrix™: Digital Threat Intelligence Management, 2026.

QKS Group defines Digital Threat Intelligence Management as technology that offers unified insight into external threats to organizational digital-facing assets. The technology aggregates and processes threat intelligence from multiple sources and provides comprehensive information about threat actors to enable improved investigation, threat hunting, and cyber defense.

SOCRadar differentiates itself within the DTIM landscape through a comprehensive, intelligence-driven platform that unifies digital risk protection, threat intelligence, and external attack surface management under a single operational framework. Its ability to correlate threat actor activity, brand exposure, dark web intelligence, and asset-level vulnerabilities provides organizations with enriched, contextual visibility beyond traditional threat monitoring. By integrating automation, analyst-ready insights, and continuous monitoring across deep and dark web, social media, and open sources, the platform enables faster threat prioritization and response. Supported by a globally scalable delivery model and localized intelligence coverage, SOCRadar allows enterprises to proactively mitigate external threats, strengthen digital resilience, and streamline security operations without increasing tool sprawl or operational complexity.

The QKS Group SPARK Matrix™ includes a detailed analysis of the global market dynamics, major trends, vendor landscape, and competitive positioning. The study also provides a competitive analysis and ranking of the Digital Threat Intelligence Management, 2025 providers in the form of the SPARK Matrix™. The study also provides strategic information for users to evaluate different vendor capabilities, competitive differentiation, and market positions.

Additional Resources:

Leave a comment »

Palo Alto warns of actively exploited PAN-OS firewall flaw

Posted in Commentary with tags on May 7, 2026 by itnerd

Palo Alto Networks has disclosed a critical vulnerability in multiple PAN-OS versions, tracked as CVE-2026-0300 (CVSS 9.3), that allows unauthenticated remote attackers to execute arbitrary code with root privileges on affected firewalls. The flaw is a buffer overflow vulnerability impacting the User-ID Authentication Portal service on PA-Series and VM-Series firewalls.

Palo Alto confirmed the vulnerability is being actively exploited in limited attacks, specifically targeting systems where the Authentication Portal is exposed to untrusted IP addresses or the public internet. 

Palo Alto said fixes will begin rolling out starting May 13, with additional patches planned later in the month. Until patches are available, the company is advising organizations to restrict Authentication Portal access to trusted internal networks or disable the feature entirely if not required. Prisma Access, Cloud NGFW, and Panorama are not affected.

Underscoring how critical this is, the CISA has added the vulnerability to its KEV catalog May 6th.

Jacob Warner, Director of IT, Xcape, Inc.:

   “The disclosure of CVE-2026-0300 is a sobering reminder that the network edge remains the highest-value target for state-sponsored espionage. By the time Palo Alto Networks released this advisory, the suspected threat actor CL-STA-1132 had already spent nearly a month refining their exploit, moving from failed attempts on April 9 to successful root RCE by mid-April. This is not a theoretical vulnerability; it is an active, surgical operation where attackers are using the firewall’s own nginx processes to drop tunneling tools like EarthWorm and ReverseSocks5.

   “For leadership, the takeaway is that a “critical” CVSS score on a firewall often means the attacker is already behind your lines before the alert even fires. With patches not arriving until May 13, the only viable defense is immediate exposure reduction. If your User-ID Authentication Portal is reachable from the public Internet, you are essentially providing an unauthenticated root shell to anyone with the right packet sequence. You must audit your Interface Management Profiles now: restrict portal access to trusted internal zones and ensure that “Response Pages” are disabled on all Internet-facing interfaces. In 2026, if you aren’t actively shrinking your edge attack surface, you’re just waiting for the next zero-day to do it for you.

   “This bug was a zero-day for 26 days before we even gave it a name. In the time it took us to get an advisory, the bad guys were already halfway through the Active Directory.”

Denis Calderone, CTO, Suzu Labs:

   “This one is a little different from the management interface exposures we’ve been warning about with other edge devices like Fortinet, SonicWall, and Cisco. This vulnerability is in the User-ID Authentication Portal, which is the page users hit to authenticate through the firewall. In a lot of deployments, that portal is internet-exposed on purpose because that’s how it’s designed to work. That makes the mitigation more complicated than just “take it off the internet,” because for some organizations, it’s there for a reason.

   “That said, there are a lot of environments where the exposure isn’t necessary. If your Authentication Portal is used for local captive portal authentication, guest WiFi, or BYOD segments, it only needs to be reachable from those specific interfaces. Restrict it to those zones and block everything else. If the portal serves branch offices or remote sites over SD-WAN or site-to-site tunnels, you can restrict access to known source IP ranges for those branches. You don’t need to open it to the entire internet just because some of your traffic originates externally.

   “The harder scenario is organizations using the portal for VPN-less remote authentication, where users could be connecting from anywhere. You can’t restrict by source IP in that case. Those organizations need to look at migrating remote users to GlobalProtect or Prisma Access, both of which are not affected by this CVE. If that’s not possible before May 13, enable Threat ID 510019 if you have a Threat Prevention subscription on PAN-OS, and understand that you’re carrying real risk until the patch drops.

   “Nation-state actors have had nearly a month with this one. They’ve been deploying tunneling tools and cleaning logs immediately after compromise. If your Authentication Portal has been internet-exposed, don’t just apply the workaround and move on. Assume compromise and hunt for it.”

Rajeev Raghunarayan, Head of GTM, Averlon:

   “CVE-2026-0300 is an unusual situation: active exploitation confirmed, added to KEV, and for many systems there is no patch available yet. The only immediate option is to restrict the Authentication Portal to trusted internal zones or disable it entirely. The silver lining is that the vulnerable service is not enabled by default, and organizations following best practice by keeping the Authentication Portal restricted to trusted internal networks are at much lower risk.

   “A perimeter firewall is a gateway into the environment. When the gateway is owned, access is owned. With root-level access on a perimeter control point, the concern is no longer just the vulnerable service itself, but the visibility, access, and control that position can provide into the systems behind it.

   “Even for organizations that have already applied the workaround, the important question is what was potentially exposed during that window and what activity should now be treated as suspicious.”

Given how long this has been out there, and the fact that it is being exploited, this is a drop everything and patch now sort if thing. Which is of course the worst kind of situation to be in.

Leave a comment »

Today Is World Password Day

Posted in Commentary on May 7, 2026 by itnerd

Today is World Password Day. Held annually on the first Thursday of May, World Password Day focuses on promoting strong password habits, reducing reliance on weak credentials, and encouraging multi-factor authentication (MFA).

Dan Moore, Sr. Director CIAM Strategy at cybersecurity company FusionAuth, shared some of his thoughts on World Password Day:

“World Password Day exists because passwords remain the weakest link in most security chains and that’s still true in 2026, even as passkeys gain momentum. The reality is that the vast majority of applications in production today still rely on passwords as either a primary or fallback credential. That means the basics still matter enormously: checking credentials against breach databases, knowing and following NIST guidelines, and making it easy for users to do the right thing. The industry’s job right now isn’t to declare passwords dead but to manage the transition responsibly while the ecosystem catches up.

I genuinely wonder how many more World Password Days we’ll observe. Passkeys are now supported across every major platform, social login, SMS and email OTPs are mainstream fallbacks, and the developer tooling to implement passwordless is never more accessible. We’re not there yet: passwords will be with us for years, embedded in legacy systems and user habits, but the trajectory is clear. The question for businesses isn’t whether to move beyond passwords, it’s how to build their identity infrastructure today in a way that makes that transition smooth when the time comes, or painful.”

Now is a really good time to not only re-evaluate your passwords to make more complex ones for example, but to evaluate the usage of other forms of authentication, or using forms of MFA for example. Because the harder that you make it for the bad guys to get in, the safer you will be.

Leave a comment »

Average password count decreased from 168 to 120: NordPass

Posted in Commentary with tags on May 7, 2026 by itnerd

For the first time since NordPass began observing password usage trends in 2020, the average number of passwords managed by an individual has finally decreased. A new study from the password manager provider reveals that in 2026, the average person handles approximately 120 personal and 67 work-related passwords.

This marks a significant reversal of a multi-year trend that saw password burdens skyrocket. The peak was recorded in 2024, when the average user was juggling 168 personal and 87 business-related passwords.

First decrease

NordPass has chronicled the expanding digital footprint of the average user. An initial research in February 2020, just before the COVID-19 pandemic, found users managed around 80 passwords. That number quickly jumped by 25% to 100 within the first eight months of the pandemic, beginning a steady climb that has only now started to recede.

The new data offers hope that passwords are finally being replaced by passkeys and other login methods. But he stresses that these figures should be interpreted cautiously because the overall number of accounts and associated login credentials continues to grow.

Also SSO is not always the safest option, especially if a person reuses a password, which around 60% of Americans and Brits do.

Trouble with too many accounts

It’s a well-known security risk that when people manage too many passwords, they often reuse them or create simple variations, such as changing a single letter or number. This practice creates significant vulnerabilities — if one of these accounts is breached, all other accounts sharing the same or a similar password become compromised.

Forgotten or abandoned accounts also pose a security risk because users may overlook data breach notifications and remain unaware that their information has been exposed. In these cases, tools like the Data Breach Scanner can help. They actively scan the internet and dark web for your credentials and alert you if your information appears in a breach, helping to protect even your forgotten accounts.

Methodology: The quantitative research by NordPass was conducted on April 4-15, 2026, and included 1,509 NordPass users.

Leave a comment »

Other World Computing Expands UK Channel with M2M Direct Distribution Partnership

Posted in Commentary with tags on May 7, 2026 by itnerd

Other World Computing today announced the appointment of M2M Direct as a UK distribution partner. Effective April 6, 2026, the agreement expands OWC’s reach across the UK, making its full portfolio more accessible to specialist retailers, value-added resellers, system integrators, and e-commerce channels as part of the company’s broader European growth strategy.

For OWC, this builds on an established UK presence and pairs it with a partner that brings the reach, expertise, and execution to dramatically expand it across a highly business-critical market. For M2M Direct, it adds a high-performance portfolio that aligns with where demand is going – content creation, data-heavy environments, and AI-driven workloads that don’t leave room for compromise. For the channel, it opens the door to more opportunity – giving partners access to solutions they can confidently bring to customers, expanding what they offer and how they show up. And for end users, it simply means better access to technology that performs, scales, and keeps up with the way modern work actually gets done.

Resellers interested in becoming OWC partners can contact M2M Direct here: sales@m2m-direct.co.uk to learn more about the OWC Deal Registration and Partner Programme.

Leave a comment »

Fortra Pursues FedRAMP High Authorization for Data Classification Capabilities

Posted in Commentary with tags on May 7, 2026 by itnerd

Fortra today announced it is pursuing Federal Risk and Authorization Management Program (FedRAMP) High authorization for its data classification capabilities, which will further extend its support of U.S. public sector, federal, and defense organizations operating in critical cloud environments.

FedRAMP High, required for systems that process the government’s most sensitive unclassified data, is the U.S. government’s most stringent cloud security authorization. By pursuing this authorization, Fortra aims to enable secure discovery, classification, and movement of data across contested, classified, and disconnected operational environments.

Fortra is partnering with Coalfire, a leading cybersecurity advisory firm and accredited Third-Party Assessment Organization (3PAO), to support its FedRAMP High authorization activities. The effort includes significant internal investment in security engineering, compliance maturity, and operational rigor aligned with federal requirements.

Fortra’s commitment to FedRAMP demonstrates its broader strategy to deliver advanced security solutions to highly regulated and mission-driven sectors with integrated, resilient cybersecurity solutions.

Learn more at: https://www.fortra.com/industry/government

Leave a comment »

North Korea-aligned APT group ScarCruft compromises gaming platform in supply-chain espionage attack, ESET Research finds

Posted in Commentary with tags on May 7, 2026 by itnerd

ESET researchers have uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor. The backdoor, named BirdCall by ESET, was originally known to target Windows only; the Android version was later discovered as part of this supply-chain attack.  

The Android version of BirdCall, discovered in the latest attack, implements a subset of the commands and capabilities of the Windows backdoor – it collects contacts, SMS messages, call logs, documents, media files, and private keys. It can also take screenshots and record surrounding audio. ESET discovered, based on this investigation, that Android BirdCall has been actively developed over a span of several months and at least seven versions have been deployed.

Since the website compromised in this attack is dedicated to the people of Yanbian and their traditional games, ESET concludes that the primary targets are ethnic Koreans living in Yanbian.  It is probable that the attack was aimed at collecting information on individuals based in (or originating from) the Yanbian region and deemed of interest to the North Korean regime – most likely refugees or defectors.

The gaming platform’s Windows client was compromised through a malicious update leading to the RokRAT backdoor, which deployed the more sophisticated BirdCall backdoor. “Victims downloaded the trojanized games via a web browser from a single page on their devices and likely installed them intentionally. We did not identify any other APK locations or any malicious APKs on the official Google Play store. We were unable to determine when the website was first compromised and the supply-chain attack started. However, based on our analysis of the deployed malware, we estimate that it happened in late 2024,” says ESET researcher Filip Jurčacko, who discovered the latest attack by ScarCruft.

The Windows backdoor was initially discovered in 2021 and attributed to ScarCruft as part of ESET Threat Intelligence Reporting . The original Windows backdoor has a wide range of spying capabilities, including taking screenshots, logging keystrokes and clipboard content, stealing credentials and files, and executing shell commands. For C&C purposes, the backdoor utilizes legitimate cloud storage services, such as Dropbox or pCloud, or compromised websites. 

ScarCruft, also known as APT37 or Reaper, has been operating since at least 2012 and is suspected to be a North Korean espionage group. It primarily focuses on South Korea, but other Asian countries have also been targeted. ScarCruft seems to be interested mainly in government and military organizations, and companies in various industries linked to the interests of North Korea. The group also targets North Korean defectors.

For a more details about BirdCall, check out the latest ESET Research blogpost “A rigged game: ScarCruft compromises gaming platform in a supply-chain attack,”  on WeLiveSecurity.com

Leave a comment »

Red Team Exercise Results In Bypass Of Azure AD Conditional Access Via Phantom Device Registration 

Posted in Commentary with tags on May 7, 2026 by itnerd

A critical attack chain has been found that completely bypasses Microsoft Entra ID Conditional Access without deploying malware or touching an endpoint. Using just a single set of credentials, the researchers compromised a production tenant with over 16,000 users.

Howler Cell conducted authorized red team operations against a production enterprise Microsoft Entra ID tenant (~16,000 users, ~82,000 devices, 78 Conditional Access policies). Starting from a single set of valid user credentials blocked by Conditional Access, the engagement produced a full bypass chain: 

  • Phantom device registration
  • Primary Refresh Token minting 
  • Intune compliance without a real device 
  • Enterprise application exfiltration 
  • On-premises-to-cloud privilege escalation path mapped to Global Administrator.

No corporate endpoint was touched. No malware was deployed. The vulnerability is not in any single component. It is in the trust chain between them.

More details here: https://www.cyderes.com/howler-cell/azure-ad-conditional-access-device-identity-abuse

Ensar Seker, CISO at threat intel company SOCRadar, commented:

“The Howler Cell research highlights a dangerous reality many organizations still underestimate: identity has become the new perimeter, and attackers know how to abuse the trust built into cloud identity ecosystems. What makes this attack path especially concerning is that Conditional Access was technically functioning as designed, yet the attacker was still able to introduce a “trusted” phantom device into the environment and obtain a valid Primary Refresh Token. Once the identity system believes a device is compliant, many downstream protections effectively collapse.

This also demonstrates why organizations cannot rely solely on default Entra ID configurations or compliance states as proof of trust. Attackers increasingly target enrollment workflows, token issuance, and device registration processes because these areas often receive less scrutiny than endpoint malware defenses. Organizations should aggressively restrict device registration permissions, require hardware-backed authentication such as phishing-resistant MFA, continuously audit newly joined devices, monitor abnormal PRT issuance activity, and implement strong conditional policies around privileged access and unmanaged enrollment scenarios.”

Consider this to be your wake up call. Zero trust isn’t a buzzword, it should be a reality for you. And this red team exercise illustrates why.

Leave a comment »

« Older Entries