New data on future of VDI and workspace delivery put out by Recast Software

Posted in Commentary with tags on June 30, 2026 by itnerd

Recast, in partnership with Nerdio and VMblog, today released the findings of the 2026 State of VDI Survey in a new report, “VDI Isn’t Done. It’s Being Reworked.” The results show that VDI remains part of the workspace mix, but many IT teams are changing how they operate, secure, and support these environments. Notably, administrators lack confidence in their ability to patch VDI environments in a timely manner, making them prone to risk.

VDI is not being abandoned, but it is being actively retooled

Contrary to industry lore, VDI isn’t dead. However, it is evolving. Only 2% of respondents planned to exit an existing deployment entirely in the next 12 to 18 months, while 49% of current users reported a significant change to their VDI, Cloud PC, or published application environment over the last two years. Plans were mixed across keeping, expanding, replacing, reducing, evaluating, or starting deployments, which points to active modernization rather than a broad move away from VDI.

VDI teams lack confidence that their environments are being patched on time

The survey highlights a patch confidence gap between operations and security. Among current users, only 34% were very or extremely confident that required operating system and third-party application updates were being applied on time. Security concerns extended beyond access, with 47% citing audit logging and traceability, 41% citing data leakage controls, and 31% citing patch or vulnerability exposure windows. Although confidence is not proof of failure, it is an important operating signal. Secure access matters, but teams also need timely updates, clear reporting, and proof that controls are working.

The real cost of VDI is the burden of everyday operational work

Performance variability was the top operational pain point at 41%, but 53% of current users cited at least one lifecycle-related issue, including image management and update effort, application delivery or updates, or user profiles and personalization. Additionally, 32% of current users cited high ongoing cost, and 61% of those asked about barriers to change cited budget constraints. Together, the findings suggest that much of the cost and friction in VDI comes from the everyday work of keeping environments current, usable, and supportable.

The report is based on a significant number of responses from IT professionals with awareness of VDI, Cloud PCs, and published applications. Percentages are rounded, and some questions were multi-select.

Leave a comment »

Nomerra raises $2 million to tackle private markets’ looming paperwork crisis

Posted in Commentary with tags on June 30, 2026 by itnerd

Private markets are on track to triple from $13 trillion to over $30 trillion in the next few years, but the operational work underneath has not kept up. It still runs through emails, PDFs, spreadsheets, and disconnected systems, while the industry is running out of people who can hold it all together. Nomerra has raised $2 million to make private market operations AI-native for the asset servicers and asset managers behind the world’s fastest-growing capital market.

Nomerra has secured $2 million in its first round of funding, making it one of the largest FinTech pre-seed rounds this year. The round was led by 14Peaks Capital, with participation from Redstone Fintech and senior individuals from firms including KKR and Intapp.

The company was founded by Johannes Gebendorfer and Jakob Zacherl, who were both first employees at bunch, a tech-enabled fund administrator that recently announced its Series B and has raised more than $50 million. They helped scale the team to more than 100 people and expand across Europe. Both saw firsthand how AI transforms private market operations and founded Nomerra to bring that shift to the industry at large.

In their previous roles, the founders realized that everything that makes public markets efficient simply does not exist for private markets: there is no standardization, no interconnectedness, no efficient record-keeping. The same data gets manually retyped between isolated systems and spreadsheets, often multiple times for a single transaction. Meanwhile, private markets have become much more complex to operate in recent years: new investor channels, more frequent reporting, tighter regulation, semi-liquid structures, evergreens and expansion into novel asset classes all add more operational load. The industry’s default response has been to hire more people, but the right people are getting harder to find. As private markets triple in size over the next five years, the number of qualified accountants has decreased by a third over the last decade.

Nomerra tackles this by making private market operations AI-native, starting with the scattered, high-volume work enterprise asset servicers and managers still run by hand: fund accounting, treasury and transfer agency. It is the work that runs in the background, but holds the entire industry together.

Nomerra connects to the systems firms are already using, including ERPs, banking platforms, email and document storage. It pulls information into a single context layer so agents can see everything a human operator would see. From there, Nomerra agents follow the firm’s own operating procedures: reading documents, extracting the right data, cross-checking it across sources, and delivering outcomes the same way a trained team member would. Users hand off work to Nomerra agents through tools they’re already in or by setting up continuously running background agents.

The goal is to shift people from preparing deliverables to reviewing them. Nomerra agents handle the end-to-end execution and present the output in purpose-built review interfaces with a full audit trail: what was done, why, and where the data came from. Over time, even the review layer becomes supervisory, and teams orchestrate fleets of Nomerra agents that ship entire deliverables on their own.

More capital than ever is expected to flow into private markets, and every manager and servicer needs to be ready to capture their share. Nomerra gives them the bandwidth to do it, letting firms scale without being bottlenecked by operations. The company will use the funding to grow its engineering team and meet surging demand for AI solutions across enterprise asset servicers and managers in Europe and the United States.

Leave a comment »

Challengermode partners with WBSC to deliver competition technology infrastructure for the WBSC eBaseball Series

Posted in Commentary with tags on June 30, 2026 by itnerd

Challengermode today announced a landmark partnership with the World Baseball Softball Confederation (WBSC), becoming the Official Gaming Platform of the WBSC eBaseball™ Series. The partnership will initially cover the 2026 and 2027 seasons and will culminate with the second edition of the WBSC ePremier12, the flagship international eBaseball competition featuring the world’s top-ranked players.

This collaboration marks an important step in the continued development of WBSC eBaseball™, bringing Challengermode’s competitive gaming technology and tournament infrastructure to one of the fastest-growing digital extensions of international sport.

Through the partnership, Challengermode will provide a dedicated home for WBSC eBaseball™ competitions and rankings, creating a centralized competitive environment for players, National Federations, tournament organizers and gaming communities around the world.

With millions of users across its platform and a strong presence within the competitive gaming ecosystem, Challengermode will support WBSC in connecting baseball and softball with the global gaming community through accessible, scalable and automated competition technology.

The partnership will initially cover the 2026 and 2027 seasons and will culminate with the second edition of the WBSC ePremier12, the flagship international eBaseball competition featuring the world’s top-ranked players.

Leave a comment »

Attackers exploit critical Oracle E-Business vulnerabilitie

Posted in Commentary with tags on June 29, 2026 by itnerd

Threat intel company Defused has reported that attackers are exploiting a critical vulnerability which is named CVE-2026-46817 in the Oracle E-Business Suite (EBS) financial application.

The vulnerability in the File Transmission component of EBS’s Oracle Payments product lets unauthenticated malicious actors with HTTP network access to take over vulnerable systems through low-complexity attacks.

Oracle released security updates to address the vulnerability in the May 2026 Critical Security Patch Update and urged that customers patch immediately. The vulnerability has no known previous exploitation or POC, according to Defused.

Sunil Gottumukkala, CEO of Averlon had this comment:

“This is an unauthenticated, low-complexity takeover of Oracle E-Business Suite, which runs many companies’ financials and payments, so the value to an attacker is obvious. EBS is already a known extortion target.

“Oracle shipped the patch in May, there is still no public proof-of-concept, yet attackers are already exploiting it, most likely by reverse-engineering the patch itself. A released fix can become the attacker’s roadmap, which is why the exposure window, the gap between when a patch ships and when it’s actually deployed, is where the real risk lives. Every day a critical vulnerability sits unpatched is another day inside that window.

“Organizations running EBS Payments on affected versions have no time to spare. Patch now, take the File Transmission component off the open internet, and hunt for compromise.”

Denis Calderone, CTO, Suzu Labs had this to say:

“The Cl0p campaign that exploited CVE-2025-61882 across more than a hundred Oracle EBS environments proved two things. First, that Oracle EBS is a target-rich environment full of financial, HR, and procurement data worth serious extortion money. And second, that a lot of organizations are running internet-exposed EBS instances and not patching fast enough. CVE-2026-46817 looks like what follows when that kind of spotlight gets put on a platform. Different actors, different component, but the same exposed attack surface. And this time, the target is Oracle Payments’ File Transmission module, the component that formats and transmits payment instructions, ACH batches, wire transfers, and EFT files directly to financial institutions.

“Some months back we all witnessed Cl0p’s Oracle EBS campaign hit over a hundred organizations using a sophisticated five-step exploit chain through BI Publisher that required SSRF, CRLF injection, path traversal, and malicious XSLT template processing just to get to code execution. That was a fairly sophisticated chained attack. CVE-2026-46817 looks far less complex, more like the front door was just left wide open. There is no authentication on the HTTP endpoint, and no complex exploit chain required. A crafted HTTP request gets you from zero access to full control of the system that formats and transmits ACH batches, wire transfers, and EFT files to financial institutions. Oracle EBS has a definite spotlight on its back. Now we have different actors picking different components, and we’d argue this is potentially much worse.

“The way the File Transmission component handles file operations can be exploited to execute arbitrary code on the server, and the attacker lands with enough privilege to take over Oracle Payments entirely. Oracle scored it a 9.8. File Transmission is the component that opens connections with banks and payment systems to send formatted payment instruction files. Full takeover of that system means potential access to read, modify, or redirect financial transactions.

“What’s got our attention is the exploitation timeline. There is no public proof-of-concept code for this vulnerability. Defused observed active exploitation on their Oracle EBS honeypots over the weekend. This probably means that someone reverse-engineered Oracle’s May patch, built a working exploit, and deployed it operationally in under six weeks. That tells you something about the caliber of actor going after this and how much value they see in owning a payment processing system.

“Oracle EBS is self-hosted, so the attack surface is entirely in your hands. If your Oracle Payments File Transmission endpoints are reachable over HTTP from untrusted network segments, restrict that access immediately to trusted internal sources only. Apply the May 2026 Critical Patch Update. The affected version range is 12.2.3 through 12.2.15, nearly identical to the Cl0p campaign’s target set. And given the six-week window between patch availability and confirmed exploitation, assume compromise and hunt for indicators of unauthorized access to your payment processing infrastructure going back to late May. If you’re running these versions, treat this as an emergency, not a quarterly maintenance item.”

Since organizations are in control, it is up to organizations to patch all the things. And I recommend that organizations do so before there is an attack that comes of this.

Leave a comment »

KDDI Email System Breach Exposes Up to 14.2 Million Credentials

Posted in Commentary with tags on June 29, 2026 by itnerd

KDDI Corporation, one of Japan’s largest telecom companies, disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service providers.

The company detected the intrusion on June 17, quickly blocked the attackers, and launched an investigation. According to KDDI, the breach was caused by a vulnerability in third-party software used by its email system. The company is continuing its investigation while assessing the full impact of the incident.

“On June 17, 2026, we confirmed that some information from email services provided by various ISP operators (hereinafter referred to as “the email service”) may have been leaked to an external party in the email system (hereinafter referred to as “the System”) that we provide to Internet Service Providers (hereinafter referred to as “ISP operators”).” reads the data breach notice.

“On the same day, we modified the System to prevent further damage. We have identified the suspected location of the Unauthorized Access and implemented technical defense measures.”

Brian Higgins, Security Specialist at Comparitech had this to say:

“It looks like KDDI Corp are responding to this breach as best they can but the nature and volume of the compromised information is of considerable concern. Email is ubiquitous in modern communications so the available data points offer all manner of opportunities for malicious actors. 

Unfortunately third party and supply chain attacks are far more likely to succeed as most organisations are fairly used to protecting core networks these days, but the interconnectivity required to operate means that access devolves to those less aware of the dangers or less able to resource the necessary security protocols.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech follows with the: 

“A big breach of email accounts and passwords like this is much more serious than most data breaches. Email accounts are often what we use to log into other accounts. We use email to verify new accounts, log in, change passwords, receive one-time codes, and recover other accounts. So a breach of an email account can lead to several more accounts being hijacked. Furthermore, cybercriminals can use hacked email accounts to spread scams, phishing, and spam. And of course, all of the information stored in your emails is at risk.”

We’ll have to see how this plays out. But I expect the usual pattern of phishing, spearfishing and other targeted attacks. Because I truly expect nothing less.

Leave a comment »

MeetingTV lawsuit highlights growing risks around AI-assisted threat intelligence

Posted in Commentary with tags on June 29, 2026 by itnerd

The MeetingTV lawsuit highlights a difficult reality in cybersecurity: once a domain or service is flagged as malicious, that designation can quickly spread across dozens of security products and become incredibly hard to undo. Whether AI was involved or not, the case shows the need for security vendors to have clear processes for validating findings, correcting mistakes, and ensuring legitimate organizations aren’t caught in the fallout.

You can catch up here: MeetingTV lawsuit

Eljan Mahammadli, Head of AI Provenance, Polygraf AI

“What stands out to me here isn’t the hallucination accusation, because the filings don’t actually prove a model wrote that finding, and that uncertainty is the whole problem. When threat intelligence ships without a record of how each conclusion was reached, nobody can audit it afterward, not the researchers and definitely not the company on the receiving end. A bad attribution takes seconds to publish and spreads across hundreds of blocklists almost immediately, but reversing it takes months, if it happens at all. That asymmetry is what the industry should be worried about, whether or not AI touched the report. If we’re going to let models do attribution work, the output has to carry its own evidence chain, so a finding can be contested on the record instead of in court.”

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“The MeetingTV lawsuit should be a wake-up call: when threat intelligence is generated or enriched by AI, the stakes are no longer just about technical accuracy—they’re about business continuity and reputational harm for real companies caught in the blast radius.

This case highlights three responsibilities that security leaders and researchers can’t ignore:

  • First, AI-assisted analysis does not change the obligation to validate findings with human judgment, especially when those findings can lead to long-term blocking of a legitimate service. “Protected speech” in research doesn’t absolve us from doing the hard work of verification.
  • Second, the industry needs a clearer accountability model for distributed threat intelligence. Once a label is published, it is replicated across hundreds of feeds and controls, yet there is still no standard process—or SLA—for correcting mistakes and propagating those fixes downstream.
  • Third, we have to treat false positives in AI-era threat intel as real incidents, not minor collateral damage. For a SaaS business, being silently tagged as malicious can have the same practical impact as a sustained DDoS or a major outage, and our governance models should reflect that.

Regardless of the legal outcome, the lesson is straightforward: if we use AI in security research, we must pair it with rigorous review, transparent methodology, and fast, industry-wide remediation when we get it wrong. Without that, AI doesn’t just help us find threats—it risks becoming one.”

Consider this a warning for organizations. Review everything that and AI does or end up in court. It truly is that simple when it come to either doing the review, or defending it in court.

Leave a comment »

Iranian cyberattacks on Israel have surged since war, Israeli cyber chief says

Posted in Commentary with tags , on June 29, 2026 by itnerd

Reuters is reporting that Iranian cyberattacks on Israel have surged since the war started, following a statement from the Israeli cyber chief. Yossi Karadi, Director General of Israel’s National Cyber Directorate, told German newspaper Die Welt that in June 2025, during Israeli military operations against Iran, Israel’s authorities registered around 1,600 hostile cyber incidents.  

Commenting on this news is SOCRadar CISO, Ensar Seker:

“An increase in cyber activity during periods of military conflict is expected, but what’s important isn’t just the number of incidents, it’s the shift in targeting and intent. During geopolitical crises, we typically see a broader mix of disruptive attacks, influence operations, espionage, and opportunistic campaigns occurring simultaneously. Many of these campaigns are designed to overwhelm defenders while creating strategic uncertainty rather than achieving a single technical objective

Organizations should also recognize that nation-state cyber campaigns rarely remain confined to government targets. Critical infrastructure, defense contractors, telecommunications providers, logistics companies, healthcare organizations, and multinational enterprises with regional operations often become indirect targets or collateral victims. Even organizations with no direct involvement in the conflict may experience increased phishing activity, credential theft attempts, DDoS attacks, or attacks against their supply chain.

Another notable trend is the growing integration of cyber operations with kinetic military activity. Cyberattacks increasingly support broader strategic objectives by disrupting communications, spreading disinformation, collecting intelligence, or distracting security teams before or during physical operations. This makes rapid detection, threat intelligence, and cross-sector information sharing more important than ever.

From a defensive perspective, organizations should assume that geopolitical events can rapidly change their threat profile. Security teams should strengthen identity security, closely monitor internet-facing assets, accelerate remediation of known exploited vulnerabilities, verify offline recovery capabilities, and continuously monitor for emerging indicators associated with regional threat actors rather than relying solely on traditional perimeter defenses.”

Previously, SOCRadar researchers have published an in-depth Iran-Israel Coflict Threat Landscape Report which can be read here: https://socradar.io/resources/report/iran-israel-conflict-threat-landscape-report/

Leave a comment »

Arcova Brings Proven End-to-End Data Center Solutions to Power-Constrained Growth

Posted in Commentary with tags on June 29, 2026 by itnerd

Arcova, today announced an end-to-end data center development offering that brings engineering, cybersecurity, regulatory compliance and grid-planning coordination under one accountable team. The offering is designed to take data center programs from site selection through day-two operations, reducing the average development timeline by 18 months and eliminating $60–200M in transition costs created by fragmented vendor coordination.

Data center demand driven by AI has created a structural gap between what developers need and what the grid can deliver. Grid interconnection adds three to four years to construction timelines, transformer and transmission equipment carry lead times of 66 to 120 months, and interconnection studies can consume up to 18-27 months when conducted manually. Each handoff between separate engineering, cybersecurity, regulatory and operations firms adds cost and delay at every seam.

Arcova addresses these constraints through three integrated capabilities, applied as one program:

  • Speed to power targets the primary bottleneck: energized capacity. Rather than sequencing interconnection permitting, behind-the-meter generation options and long-lead equipment procurement after construction decisions are made, Arcova runs those workstreams in parallel across its partner ecosystem. The result is an earlier, more defensible path to power for hyperscalers, utilities and the growing class of developers sourcing capacity through behind-the-meter supply.
  • Secure-by-design engineering embeds cybersecurity and regulatory compliance into the engineering phase from the start, aligned to ISA/IEC 62443, NERC CIP and applicable federal directives. Network segmentation, identity and access governance, secure remote access and monitoring are designed into reference architecture before construction begins. At commissioning, the asset carries documented evidence of security posture and compliance, making it more attractive to investors and easier to finance, sell and operate.
  • AI-accelerated grid planning compresses the interconnection study cycle — work that can run 18–27 months under manual methods. By modeling interconnection scenarios, transmission constraints, and grid-impact analysis at machine speed, Arcova gives developers higher-confidence answers earlier on where and how capacity can come online. These analytics are decision support for Arcova’s engineers and their clients: they accelerate expert work; they do not replace the certification rigor the engineering process enforces.

Together, these capabilities enable Arcova to orchestrate a single program from site identification through energization and certification. This replaces the serial handoffs among six to eight firms that often cause multi-year delays, while ensuring complete compliance documentation and a finance-ready asset at close. Arcova serves as the single point of accountability, drawing on partners such as Young Management & Consulting for construction management and program delivery.

The offering is available now and delivered on a per-program basis, with engagements scoped to each data center program’s size, stage and power strategy. For more information, visit arcova.com/data-centers/

Leave a comment »

High-Severity Flaw in Amazon Q Enabled Credential Theft via Malicious Repositories 

Posted in Commentary with tags on June 27, 2026 by itnerd

Researchers have uncovered a high-severity vulnerability in Amazon Q Developer Extension for Visual Studio Code (VS Code), which allowed attackers to achieve arbitrary code execution and cloud credential theft by having a developer open a malicious repository. Amazon Q automatically loaded MCP server configurations from workspace files without user consent. Combined with full environment inheritance, this enabled immediate code execution.  

Rohit Valia, CEO of cybersecurity company Tumeryk, provided the following comments: 

“The Amazon Q vulnerability shows us why AI coding assistants are now a legitimate attack surface. Organizations need to treat every AI tool with environment access as a potential credential exfiltration path. They need to ensure there are AI guardrails to block access for every AI tool use unless it is an approved action with real-time Risk Scoring of the prompts and responses for continuous observability.”

AI is all over the place. Most notably it is used by developers to develop code. This needs to get a whole lot safer whether by design, forced up by the companies, or government themselves.

Leave a comment »

The new MCP specification doesn’t fix the real problem—And most enterprises don’t know what that problem is 

Posted in Commentary with tags on June 26, 2026 by itnerd

The new enterprise-ready MCP specification addresses interoperability and enterprise readiness, but the security community’s focus on the spec itself is obscuring where the actual risk lives. Most organizations that rushed MCP deployments didn’t fail at the protocol level. They failed at the permission level—granting agents far broader access than any legitimate use case required, with no governance structure to course-correct. A better spec won’t change that.

Justin Beals, CEO & Founder, Strike Graph, an AI-native GRC and compliance automation platform had this to say:

“A new spec doesn’t fix the underlying problem. Most organizations that deployed MCP servers did it as a marketing move. They turned it on and exposed full read-write API access because that was the path of least resistance. The enterprise spec raises the bar for interoperability, but the real risk has never been the protocol. It’s been the decisions people make about what agents are allowed to touch. MCP is a software feature. Treat it like one. What is the bare minimum you need to expose? Start there. If your teams complain about limited access, let them complain. Have them make the case for what they actually need. Because the organizations that got this wrong didn’t fail at the spec level. They failed at the permission level. A better spec won’t save you from that.”

Given how important that AI is to business, enterprises need to get a handle on this and do so quickly. Otherwise businesses will continue to fly in the dark when it comes to this.

Leave a comment »

« Older Entries