What the Oracle vulnerability says about today’s patching problem

Posted in Commentary with tags , on July 17, 2026 by itnerd

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite (EBS) financial application. The directive to repeat states that as mandated by Binding Operational Directive (BOD) 26-04, this needs to be patched by tomorrow. AKA Saturday.

Ted Miracco, Approov (https://www.linkedin.com/in/tedmiracco)

“Organizations continue to struggle to patch critical vulnerabilities quickly because enterprise resource planning (ERP) platforms like Oracle and SAP are highly customized and deeply interwoven with other business applications. Patching them isn’t like updating a web browser; a single database update can break custom API integrations, halting payroll, shipping, or manufacturing.

“The window for ‘safe testing’ no longer exists for edge-facing systems. In the past, organizations had 30 to 90 days to test and deploy patches before exploits were widely weaponized. Today, threat actors reverse-engineer patches and deploy exploits within days or even hours.

“To better prioritize and respond to these types of threats, security teams must implement strict Web Application Firewall (WAF) rules, sever internet exposure, or place vulnerable assets behind a Zero Trust Network Access (ZTNA) gateway until patches can be safely tested. When patches can be deployed to a staging environment, tested automatically, and instantly rolled back if they fail, emergency deployments become a low-risk routine rather than a weekend crisis.”

Damon Small, Board Member, Xcape, Inc. (https://www.linkedin.com/in/damon-small-7400501)

“Deploying a patch on a single computer may seem like a trivial task, but doing it across an enterprise that may have hundreds, or even thousands, of servers is daunting.  That said, we have seen incidents where a patched vulnerability is exploited months after it was resolved.  As an industry, we must strike a balance between operational readiness and patching fatigue.

The first open source vulnerability scanner was released in 1995.  Since then, vulnerability management has remained the least sexy, yet the most important, directive in cyber security.  Frankly, as an industry, we struggle to update software quickly, and this fact will become more problematic as the time between vulnerabilities being discovered and them being actively exploited continues to shrink.

Security leaders should first and foremost ensure that their organizations have accurate software and hardware inventories. You cannot defend what you can’t see. Additionally, as ‘silent’ or no-reboot patching becomes an industry standard, automatic updates may follow.”

Donald McFarlane, Advisory Board Member, Xcape, Inc. (https://www.linkedin.com/in/dmcfarlane)

“Organizations rarely fail to patch because they lack another alert: they struggle when they lack reliable asset inventories, clear ownership, tested maintenance paths, or the authority to interrupt business-critical systems and processes. In today’s machine-scale, machine-speed adversarial environment, IT organizations must deploy critical security patches far more quickly.  When immediate patching is not possible, leaders must prioritize vulnerabilities based on active exploitation, internet exposure, mission impact and potential blast radius, not severity scores alone.  They should know in advance who owns each critical system, how it can be isolated, and how emergency changes can be made safely.  

“Patching is not the finish line: organizations must determine whether an adversary arrived before the fix was applied. Find material exposure before an adversary does, fix it, and prove the risk actually went down.”

Kevin Surace, CEO, Token (https://www.linkedin.com/in/ksurace)

“Patching is rarely as simple as installing an update. Critical enterprise applications are often deeply connected to financial systems, databases, customized workflows, and third-party software, so teams fear that an untested patch could interrupt essential operations. 

“The deeper problem is that many organizations do not have an accurate, continuously updated inventory of their systems. They may not know which servers are exposed to the internet, which versions are running, who owns them, or whether a patch was successfully applied.

“In this case, Oracle released the patch in May, exploitation was observed by late June, and more than 1,000 Oracle E Business Suite systems were still exposed to the internet in July. That is not primarily a technology failure. It is a failure of ownership, visibility, testing capacity, and executive accountability.

“Urgent federal patching orders and extremely short remediation deadlines are becoming more visible, but this particular action was not technically a standalone Emergency Directive. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog under Binding Operational Directive 26 04 and required remediation within three days.

“The significance is the deadline. CISA is effectively telling agencies that once exploitation is confirmed, the traditional patching cycle is no longer acceptable. Attackers are weaponizing vulnerabilities faster, while many organizations are still operating through monthly maintenance windows, lengthy approval processes, and manual asset reviews.

“These directives also reveal an uncomfortable truth: too many organizations still need an external government deadline to force action on vulnerabilities that vendors have already patched.

“Security leaders should prioritize vulnerabilities based on actual exploitation, internet exposure, business importance, and the potential impact of compromise, not simply on the severity score. A vulnerability that is being actively exploited against an exposed financial system should move immediately ahead of a higher scoring flaw on an isolated test machine.

“Every critical system needs a named business owner, a technical owner, a tested emergency patching procedure, and a clearly defined authority capable of accepting the operational risk of patching or the security risk of delaying it. When exploitation is confirmed, teams should be able to patch, isolate, restrict network access, or temporarily remove a system from service without waiting through days of meetings.

“Organizations should also assume that patching may come too late. Organizations must review logs for evidence of earlier exploitation, rotate potentially exposed credentials, inspect connected systems, and protect privileged access with hardware based biometric assured identity.

“Biometric assured identity would not prevent an unauthenticated Oracle software exploit such as this one. It can, however, stop attackers from turning stolen administrator credentials into broader access after the initial compromise. Patching closes the software vulnerability. Biometric assured identity helps contain what attackers can do next.”

Steven Swift, Managing Director, Suzu Labs (https://www.linkedin.com/in/steven-swift-5238956a)

“Patching is a big thankless task, and it rarely gets the resourcing it would require to actually patch all the things quickly. In order to have any chance at keeping up with patching, organizations need to implement solutions to automate both patching and vulnerability scanning.

“A lot of organizations are hesitant to patch immediately, because there have been enough issues with bad patches being released over the years, that the risk of patching slowly is preferred over the risk of patching fast and breaking things.

“Patching automation is great for those systems which are consistently deployed across the organization. However, the applications that are only on a few systems are those least likely to have automated patching. This would be fine, except for that there tends to be a lot of applications that fall into this category. Practically, that means staff can patch the vast majority of things consistently and in a timely manner, and still always have a long tail of vulnerabilities that are more challenging to fix.

“This is compounded when ownership is split between different teams. Especially so when organizational priorities are split. If teams are under pressure to hit tight deadlines, the last thing they want to do is spend time fixing/patching things that don’t directly assist in that goal. This results in a lot of vulnerability management teams spending much of their time providing reports on what needs patching, to teams that will get to it when they get to it.

“As for what leadership can do to better prioritize and respond to new vulnerabilities? A big part of is keeping metrics so that the work being done isn’t invisible anymore. If the team is consistently patching 90% of all published CVEs in a timely manner, and yet all that leadership sees are reports showing the remaining 10%, it can look like the team just isn’t doing much patching when the opposite is true.

“Track stale vulnerabilities in the organization, and prioritize those. Stale can be older than 30, 90, or 365 days for example. Depending on how mature existing processes are. Once all of the stale vulnerabilities are remediated, build automation to handle as much repeatable work as is possible. Provide developers with vulnerability feedback as early in the process as you can, as it costs much less time and money to fix code early on, than it does after release.”

While it is beyond time to patch all the things, organizations need rethink how they go about keeping their environments safe. Because patching is clearly not enough.

FIFA World Cup Fraud Campaigns, an Analysis

Posted in Commentary with tags on July 17, 2026 by itnerd

The SOCRadar threat research unit (STRU) has published an in-depth analysis of fraud campaigns associated with the 2026 FIFA World Cup. With the final coming up this Sunday, SOCRadar has tracked the fraud ecosystem between April and July, spanning the counterfeit merchandise stores, FIFA portal impersonation, and ticketing/betting infrastructure. 

Interestingly, rather than peaking during the tournament’s biggest matches such as earlier this week’s semi-finals, fraud activity peaked before kickoff, as operators activated infrastructure that had been prepared weeks in advance. 

Key findings of this research include: 

  • The FIFA portal impersonation cluster, linked to the GHOST STADIUM phishing-kit lineage, now spans 850+ domains – nearly triple the 300+ publicly reported in May. STRU reconstructed the kit’s evolution through the developers’ own Chinese-language code comments, including a documented bug fix and an OPSEC migration between two generations – effectively the threat actor’s own development log.
  • 79% of domains observed at the activity peak were registered within the previous 30 days. Operators quietly bought infrastructure in May and activated it at the tournament’s opening.
  • The betting network hacked nothing. It legally purchased expired domains – a defunct US staffing agency, a French artisan site – for their retained SEO authority, a supply chain that is legal, frictionless, and largely beyond the reach of technical controls.
  • Counterfeit storefronts burned through domains in under five days and used deliberately modest 22-30% discounts, calibrated to look like a plausible promotion rather than a scam.
  • STRU also disproved three of its own most striking leads – a shared Telegram bot token, an identical registrant hash, a common template – all artifacts of shared infrastructure, not shared operators. A transparency point that sets the research apart from typical vendor reporting.
  • Defender takeaway with legs beyond the World Cup: for event-driven fraud, the critical monitoring window is before the event begins – directly applicable to the 2028 Olympics and every future major event.

For full details on SOCRadar’s findings, the research can be read here: https://socradar.io/blog/fifa-world-cup-2026-fraud-campaigns/

Trojanized Zoom/WebEx installers expose a growing trust problem

Posted in Commentary with tags , on July 17, 2026 by itnerd

Researchers are tracking a campaign distributing trojanized Zoom and WebEx installers to steal credentials and other sensitive data. The culprit, not that it matters, are Russians. This serves as a reminder that attackers are increasingly weaponizing trusted business software instead of relying on traditional phishing lures.

You get get more info here: https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/

Donald McFarlane, Advisory Board Member, Xcape, Inc.

“Trust is part of the attack surface: attackers do not need to invent unfamiliar lures when they can impersonate the applications, people and workflows that employees already trust.

“AI continues to raise the quality and scale of such attacks. Adversaries can produce more convincing phishing, deepfakes, counterfeit interfaces and customized malware far faster than before, and security programs must therefore assume that even careful users will sometimes be deceived. The answer is not more training alone, but stronger controls around software provenance, managed installation, application execution, identity, endpoint behavior and unusual network activity. 

“Organizations should design systems so that a convincing fake cannot easily become a compromise, and so that blast radii are limited.”

Kevin Surace, CEO, Token (https://www.linkedin.com/in/ksurace)

“Attackers impersonate applications such as Zoom and Webex because employees already recognize, trust, and routinely install them. A familiar product removes much of the hesitation that an unknown application would create and makes the malicious download appear to be part of normal business activity.

“The attackers do not need to invent a compelling new story. They simply borrow the reputation, branding, and expected behavior of software the victim already uses.

“User trust has become one of the attacker’s most effective tools. The victim is not persuaded to run something that looks malicious, but rather something that appears necessary and legitimate. This is why employee awareness alone cannot solve the problem. Attackers only need one employee to trust the wrong installer once, and increasingly convincing websites, messages, and software packages make that mistake difficult to eliminate completely.

“Organizations should prevent employees from installing unauthorized software and distribute approved applications through controlled enterprise software portals. Application allowlisting, code signing verification, endpoint detection, restricted scripting tools, browser download controls, network segmentation, and automatic isolation of suspicious systems can help stop the malware before it becomes established.

“Organizations must also protect the identities and accounts the malware is designed to steal. Hardware based biometric assured identity makes stolen passwords and authentication codes useless because access still requires the registered physical device, the authorized user’s fingerprint, proximity to the computer, and a cryptographic request from the legitimate domain.

“Biometric assured identity does not replace endpoint security or prevent someone from downloading malware. It ensures that even when malware captures credentials, attackers cannot simply reuse them from another device to enter protected applications, cloud services, or corporate networks.”

Jacob Krell, Sr. Director, Secure AI Solutions & Cybersecurity, Suzu Labs (https://www.linkedin.com/in/jacob-krell)

“The shift to hybrid work changed how business software gets installed. Five years ago, IT deployed conferencing and collaboration tools through managed packages. Now employees download Zoom, WebEx, and remote administration tools themselves five minutes before a meeting or a support session, with no oversight and no verification beyond ‘does the website look right.’ 

UAT-11795 is exploiting that behavioral shift across multiple categories, from conferencing platforms to database clients to developer utilities. A trojanized installer works because the real software actually installs and runs. The user joins their meeting, opens their database, never suspects a thing. Meanwhile, endpoint security has improved at catching novel binaries, so attackers wrapped their payload inside software the endpoint already expects to see.

“User trust has become just the first domino in these attacks. The security stack trusts these applications too. EDR tools baseline their behavior and suppress alerts on their process activity. Firewalls allow their traffic patterns. Allowlists include their binary names.

“When attackers wrap malware inside a WebEx or Zoom installer, they inherit trust at every layer simultaneously, from the human, the endpoint agent, the network policy, and the application control rules. Enterprise business software sits at the intersection of human trust and automated trust. Attackers are picking targets where those compound.

“Organizations should restrict where software installs come from. If users can only install applications through a managed catalog like Intune or SCCM, a trojanized installer from a random URL never executes. That’s the prevention layer most orgs skip because it creates friction with end users.

“For detection, publisher code signature verification on installers is the first check. UAT-11795 used NSIS to package their payload, so the installer carries no legitimate vendor signature. Most orgs enforce signature checks on running executables but not on the installers that put them there.

“Process lineage monitoring is the backstop. Conferencing software spawning Python interpreters, database tools creating scheduled tasks with random suffixes, those are process tree anomalies that EDR can catch if the detection rules exist. I’ve seen environments where broad filename matching on the allowlist lets anything that looks like a business app sail through unchecked.”

This should serve as a warning that only trusted apps, as in trusted from your organization, are the only ones that need to be installed. All others should be discarded like the garbage that they are.

Cyberattack on Japanese refrigerated logistics provider disrupts restaurants

Posted in Commentary with tags on July 17, 2026 by itnerd

A cyberattack on Nichirei Logistics Group, Japan’s largest refrigerated logistics provider, has disrupted food deliveries to restaurants, retailers, and food manufacturers across the country.

The company, which serves approximately 5,000 customers through a network of 140 refrigerated distribution centers, confirmed hackers breached its servers and shut down key systems to contain the incident.

The disruption has affected all 1,300+ KFC Japan restaurants, with the chain warning of ingredient shortages, limited menus, shorter operating hours and potential temporary closures. KFC has also suspended online ordering through its website and mobile app.

Other businesses reporting delivery delays or product shortages include Hotto Motto, Yayoi Ken, Kura Sushi, retailer Aeon and frozen food manufacturer TableMark.

Phil Wylie, Senior Consultant & Evangelist, Suzu Labs:

“This incident highlights how cyberattacks against operational technology and logistics providers can have immediate real-world consequences. While many organizations focus on protecting customer data, attacks that disrupt the availability of critical business systems can be just as damaging. In this case, the ripple effects extended from a single refrigerated logistics provider to thousands of restaurants, retailers, and food manufacturers that depend on timely deliveries.

 “Organizations should view this as a reminder that cybersecurity risk extends beyond their own environment. Critical third-party providers should be evaluated not only for their security posture, but also for their operational resilience and recovery capabilities. Business continuity planning should include scenarios where key suppliers become unavailable due to a cyber incident, with contingency plans for alternate suppliers, manual processes, and inventory management.

 “As attackers increasingly target supply chains to maximize disruption, resilience has become just as important as prevention. The organizations that recover the fastest are those that have already planned for the possibility that a critical partner will be temporarily offline.”

Donald McFarlane, Advisory Board Member, Xcape, Inc.:

“This incident is another reminder of the importance of supply-chain dependencies, and how cyber risk can cascade from one logistics provider into thousands of businesses and their customers.  Had the disruption been broader, the consequences could have extended far beyond limited menus.  Critical infrastructure security must follow a simple discipline: find material exposure before an adversary does, fix it, and prove the risk actually went down.”

If you are part of a supply chain, or even if you are not, you need to prepare yourself as the attackers are coming for you. And you it is a matter of when not if they arrive.

Researchers finds ChatGPT-5.5 completed full simulated cyberattack chain

Posted in Commentary with tags on July 17, 2026 by itnerd

A new report from Cato Networks found that OpenAI’s ChatGPT-5.5 successfully completed a full, multi-stage simulated cyberattack against a corporate network without human intervention. According to the report, ChatGPT-5.5 is the first publicly available AI model Cato tested to autonomously execute the entire attack chain in a controlled environment.

The model completed the 32-step attack in two of 10 attempts, carrying out reconnaissance, privilege escalation, lateral movement and data exfiltration.

Cato said the testing was conducted in a controlled environment designed to evaluate AI cyber capabilities rather than real-world systems.

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

“I’ve been using LLMs to complete complex offensive security challenges for over a year. The capability has been here.

“Cato’s “agentic attacker” is a full offensive stack, an agent platform, MCP-enabled tooling, and structured operational guidance, with GPT-5.5 as the reasoning layer. Their own researchers say the improvements across six scenarios came from better harness engineering while the model stayed the same.

“Two out of ten is the full-chain success rate with the agent handling planning and execution autonomously after a single prompt. A human operator stepping in at a handful of critical decision points in that 32-step chain would push that rate much higher. When I run LLM-driven offensive workflows, the model rarely fails on the individual steps. It fails on choosing which step to take next. That’s exactly the kind of error a practitioner fixes in seconds.

“Organizations should be preparing for continuous automated offensive pressure. An attacker running these workflows around the clock doesn’t need a high success rate when they have unlimited attempts. Each new model generation lowers the expertise needed to build an effective harness, and a black market for prebuilt offensive stacks is coming. Less-skilled operators will buy attack capabilities that required years of training a short time ago.”

What organizations need to do is to prepare themselves for LLM’s to attack them. The failure to not do so means that they will get pwned at some point.

AWS CloudFront outage leaves websites unreachable for users

Posted in Commentary with tags , on July 16, 2026 by itnerd

It has been reported that Amazon Web Services (AWS) is experiencing another outage after a CloudFront issue began throwing 5xx errors, knocking a string of websites and online services offline across multiple regions.

Full story here: https://www.theregister.com/off-prem/2026/07/16/aws-cloudfront-outage-serves-errors-instead-of-websites/5272421 

Commenting on this story is Mayur Upadhyaya, CEO of APIContext:

“The AWS CloudFront incident isn’t noteworthy because a critical cloud provider experienced an outage. Every infrastructure provider will have operational incidents. The more concerning trend is that we’re increasingly consolidating around a small number of providers because they’re the most convenient and economically attractive choice.That consolidation changes the nature of operational risk. A fault that might once have affected a handful of organizations can now impact thousands simultaneously because so many businesses depend on the same infrastructure.We’re seeing the same pattern across cloud platforms, identity providers, AI foundation models and DNS. As digital infrastructure centralizes, the blast radius of individual failures grows.This isn’t an argument against consolidation. The operational and economic benefits are enormous. But it does change the resilience conversation. Organisations need to understand not only whether a supplier is reliable, but how much of their business depends on that supplier, what the failure modes look like, and how critical workflows behave when those dependencies degrade. The question isn’t whether outages will happen. It’s whether your most important transactions continue to work when they do.”

Resillance has to be the number one game when it comes to keeping websites up. Because if you don’t service your customer, someone else will.

Why Microsoft’s record Patch Tuesday is just the beginning

Posted in Commentary with tags on July 16, 2026 by itnerd

Microsoft’s record Patch Tuesday isn’t just a milestone – experts say it won’t hold the record for long. This explains why AI is accelerating both software development and vulnerability discovery, why security teams are facing a growing prioritization challenge rather than simply a patching problem, and why organizations will need to rethink traditional approaches to patch management as vulnerability volumes continue to climb.

John Strand, Owner, Black Hills Information Security (https://www.linkedin.com/in/john-strand-a1b4b62)

“I think we’re just in the beginning stages of the crush of vulnerabilities that’s going to come from vendors across the industry. The Copilot vulnerability with a 9.6 CVSS score is one that many organizations could easily overlook, but the bigger issue is that this pace isn’t slowing down. Microsoft has one of the most mature and automated patching ecosystems in the world, and even then organizations struggle to keep up. Most vendors aren’t anywhere near that level of maturity, which means security teams are going to be increasingly overwhelmed trying to patch AI-related vulnerabilities across dozens of different products.”

Seemant Sehgal, Founder & CEO, BreachLock (https://www.linkedin.com/in/s-sehgal)

“Six hundred vulnerabilities in a single patch cycle is not a backlog problem, it is a prioritization crisis waiting to happen.

“The CVE count is noise unless you map it against what you are actually running, what is reachable from outside your perimeter, and whether there is confirmed exploitation in the wild, because the actively exploited zero-days in Active Directory and SharePoint deserve your engineers this week, not your ticketing system next quarter. Patch management that treats a record-breaking advisory like a queue to be worked through sequentially will lose, and it will lose to adversaries who read the same bulletin and go straight to the vulnerabilities that matter.”

Jacob Krell, Sr. Director, Secure AI Solutions & Cybersecurity, Suzu Labs (https://www.linkedin.com/in/jacob-krell)

“622 is the biggest Patch Tuesday on record. It won’t hold the record long, because AI is inflating both sides of the vulnerability equation, generating more code that introduces more bugs while scanning existing codebases faster and turning up what humans missed. Microsoft told customers to expect rising volumes from its AI scanning tools, and the trajectory already proves it, June broke the all-time record at 206, July tripled it. Adobe moved to twice-monthly security releases for the same reason.

“That volume changes how patching has to work. The manual process of reading every advisory, scoring by CVSS, and testing in a lab was built for monthly batches of 60, and at 622 it breaks before lunch. What still works is triaging by active exploitation, so the two zero-days in Active Directory Federation Services and SharePoint (CVE-2026-56155, CVE-2026-56164) go first because attackers are already using them to escalate privileges. Anything on CISA’s Known Exploited Vulnerabilities list goes next, then filter by your own attack surface, whether the service is internet-facing, whether the vulnerability chains with existing exposure, and whether it touches identity infrastructure.

“Counting CVEs tells you volume, not risk, and the tools most organizations rely on to tell the difference are failing. Microsoft’s own exploitability index rated this month’s SharePoint zero-day as “exploitation less likely” the same month it landed on CISA’s KEV list as actively exploited. AI models can already produce working proof-of-concept exploits for vulnerabilities that traditional frameworks score as low-priority, which means the scoring systems were calibrated for a human-speed world that no longer exists. Organizations need to match machine-speed discovery with machine-speed defense, because the patch count will keep climbing whether they’re ready or not.”

Patching is one avenue towards addressing this. But organizations need to take a more holistic approach in terms of addressing vulnerabilities in their environment. And the sooner the better.

Recast Responds to Customer Needs for Rapid Patching with New Product Bundle

Posted in Commentary with tags on July 16, 2026 by itnerd

Recast today announced a new bundled offering that brings together Right Click Tools, Right Click Tools Patching, and Warranty Insights. The bundle was developed in response to the need for a more practical way to accelerate patching, close update gaps, and gain clearer visibility into Microsoft Intune, Configuration Manager, and hybrid environments. As AI accelerates vulnerability research and discovery, IT organizations face increasing pressure to keep applications secure. They need capabilities that help them move from awareness to action without adding more disconnected workflows.

AI is changing how security vulnerabilities are detected

With the rise of AI, both security professionals and threat actors can identify vulnerabilities faster than ever. In fact, Recast’s proprietary database tracked a 341% increase in Common Vulnerabilities and Exposures (CVEs) in the first half of 2026, from 477 in Q1 to 2,102 in Q2. That shift is compressing the time organizations have to assess exposure, prioritize fixes, and deploy updates across their environments. In response to this change, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD 26-04) in June that requires federal agencies to prioritize patching efforts based on risk.

For IT teams already managing large application portfolios in Configuration Manager, Intune, or both, patching has become a complex, ongoing task rather than a weekly or monthly requirement. Not only must these teams be able to keep third-party and custom applications patched, but they also need to determine that their efforts truly are reducing risk.

The new Recast bundle connects endpoint actions, third-party patching, and hardware lifecycle visibility in a single offering designed to help teams work faster and with more control.

  • Right Click Tools helps administrators identify and remediate endpoint issues quickly from familiar workflows within Configuration Manager, Intune, or both.
  • Right Click Tools Patching reduces manual update work with a catalog of nearly 6,500 applications and custom patching capabilities that support policy-driven patch management. Reporting and validation help teams understand coverage, track patch status, and confirm successful deployments.
  • Warranty Insights helps administrators identify devices approaching warranty expiration, plan refresh activities, and reduce hardware lifecycle risk.

Together, these capabilities enable organizations to shift from reactive endpoint management to more consistent endpoint control.

“Customers are telling us that patching has become a very different challenge than it was just a few years ago,” said Will Teevan, CEO, Recast. “They need to respond faster, prove impact, and keep applications and devices secure without adding more manual work. We created this bundle to bring the capabilities customers consistently ask for into one practical offering built around the workflows they already use.”

TWO WEEKS LEFT to nominate your local footy hub for the LG Match Day Hero tech upgrade

Posted in Commentary with tags on July 16, 2026 by itnerd

With the tournament down to the finals, community spaces continue to flow with fan excitement.  

With only two weeks left in LG Canada’s Match Day Heroes contest (closing July 26), there’s still time for Canadians to create a truly local legacy by nominating their community footy hubs for a chance to win a $10,000 LG tech upgrade. The contest is spotlighting the spaces that have brought footy fans together — from pubs and restaurants to local clubs and backyards — and gives Canadians the opportunity to bring the legacy of the tournament closer to home. 

Rooted in LG’s Life’s Good brand promise, Match Day Heroes celebrates the connection and sense of belonging that sport can inspire. By shining a spotlight on  — four small businesses through a video series featuring Nganda African Street FoodLiberty Village MarketEste es Colombia, and Amigos da Dundas, LG is recognizing the people and spaces that create meaningful shared experiences during match day. 

Through the Match Day Heroes campaign, LG is inviting fans across the country to nominate their favourite local footy hub for a chance to win the ultimate LG tech upgrade — valued at up to $10,000. 

Two weeks left. It’s a small window to say thank you to the places that made this tournament feel like yours

Please find full contest details on LG Canada’s Sponsorship page at LG.ca.

Hisense Creates More Inclusive FIFA World Cup 2026 Experiences for Fans Across All 16 Host Cities

Posted in Commentary with tags on July 16, 2026 by itnerd

Hisense is partnering with FIFA and KultureCity to help deliver a more inclusive matchday experience for fans with sensory sensitivities across all 16 FIFA World Cup 2026TM host cities.

For millions of football fans, the energy of a FIFA World Cup 2026TM match comes from the roar of the crowd and the thrill of the stadium. However, for fans with sensory sensitivities, including some individuals with autism and other sensory processing needs, these sights and sounds can become overwhelming, making it difficult to fully enjoy the experience.

To help remove these barriers, Hisense-branded mobile sensory vehicles are stationed outside stadium entrances across all host cities alongside dedicated sensory rooms in stadium commercial exhibition areas throughout the tournament. These calm and welcoming spaces give fans a place to pause, reset and manage sensory stimulation, with premium Hisense displays providing calming ambient visuals that help create a more relaxing environment.

By combining technology, accessibility support and community engagement, Hisense is helping create a FIFA World Cup 2026TM experience where more fans can feel included and connected. The initiative reflects Hisense’s long-term ESG commitment to using innovation to create more accessible and meaningful experiences for communities worldwide — bringing its vision of “Innovating a Brighter Life” to life through moments that bring people together.

See how Hisense is helping every fan feel part of the game here: