Archive for October 15, 2025

« Older Entries

MANGO Pwned Via A Third Party Breach

Posted in Commentary with tags on October 15, 2025 by itnerd

Spanish fashion retailer MANGO has notified its customers of a data breach in which one of its external marketing services vendors suffered unauthorized access to certain customer data.

Roger Grimes, CISO Advisor at cybersecurity company KnowBe4, provided the following comments:

“Even the limited leak of only some personally identifying information can be of use to scammers. The hackers could craft a phishing message related to MANGO, and because the potential victim does have some sort of existing relationship with MANGO, any well-crafted phishing message is more likely to be successful than if it were some broad, generic type of phishing campaign. Every bit of information you give a scammer about someone can be used to craft a more realistic phishing message.”

“As an impacted customer, I’m concerned with not only my stolen information being used against me in some way, but also, if I want to remain a MANGO customer, in being reassured it won’t happen again. Has MANGO been able to figure out how it happened at the marketing supplier? Was it social engineering (very likely), unpatched software or firmware, or some other type of hacking attack? Because if they don’t know how the compromise happened, they can’t as easily take steps to ensure it won’t happen again. As a customer, I want to be reassured that MANGO knows how the hack of my information happened and what steps they have taken to make sure it doesn’t happen again.”

Re

Leave a comment »

F5 Has Apparently Been Pwned By The Chinese

Posted in Commentary with tags on October 15, 2025 by itnerd

F5 has disclosed that it was the target of a state-sponsored cyberattack, likely linked to Chinese threat actors, with attackers exfiltrating files that included BIG-IP source code and vulnerability information.

It’s unclear how long the hackers maintained access, but the company confirmed that they stole source code, vulnerability data, and some configuration and implementation details for a limited number of customers.

“Through this access, certain files were exfiltrated, some of which contained certain portions of the Company’s BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP,” the company states.

Despite this critical exposure of undisclosed flaws, F5 says there’s no evidence that the attackers leveraged the information in actual attacks, such as exploiting the undisclosed flaw against systems. The company also states that it has not seen evidence that the private information has been disclosed.

F5 claims that the threat actors’ access to the BIG-IP environment did not compromise its software supply chain or result in any suspicious code modifications.

This includes its platforms that contain customer data, such as its CRM, financial, support case management, or iHealth systems. Furthermore, other products and platforms managed by the company are not compromised, including NGINX, F5 Distributed Cloud Services, or Silverline systems’ source code.

Will Baxter, Field CISO, Team Cymru had this comment:

“This is another reminder that the modern attack surface extends deep into the software development lifecycle. Threat groups targeting source code repositories and build environments are seeking long-term intelligence value—understanding how security controls operate from the inside. Visibility into outbound connections, threat actor command-and-control infrastructure, and unusual data exfiltration patterns is key to identifying this activity early. Combining external threat intelligence with internal telemetry gives defenders the context needed to detect and contain these advanced intrusions.”

If I were a F5 customer, I’d be kind of nervous right now. Because there’s no telling what this threat actor can do with the data that they stole. Other than the fact that whatever they do with that data, it won’t be good for anyone.

UPDATE: Cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann offers up this comment:

“This is the first stage of a supply chain campaign designed to compromise trust in digital infrastructure. Rogue nation-state actors consistently show us how successful and well-resourced they are. Once adversaries gain access at the application layer, they’re not just stealing data but embedding themselves for command and control. F5 customers must immediately enhance detection and response at the application layer through ADR. Supply chain attacks have become the preferred tactic of modern cyber warfare. We need to start treating third-party risk as a national security issue.”

Leave a comment »

Video call app Huddle01 exposes user IPs, emails tied to crypto wallet addresses

Posted in Commentary with tags on October 15, 2025 by itnerd

The Cybernews research team has recently discovered that a decentralized video call app, Huddle01, was leaking real-time user logs through an exposed instance of Kafka Broker. No authentication, no encryption, or other access controls were used to protect the data, meaning that any third party could access it.

The exposed data included:

  • Usernames (sometimes real names);
  • Email addresses;
  • Crypto wallet addresses (Huddle01 supports a wide array of wallets that operate on different blockchains (Bitcoin, Ethereum, etc.);
  • Detailed activity data: which users joined specific calls, participants in each call, country, time, date, duration of the calls, etc.
  • Other identifiers.

The leak was discovered on August 26th, 2025. Cybernews responsibly disclosed the data leak to the company. However, it did not respond to the initial disclosure and subsequent attempts. After one month, the exposed server remained accessible. It’s unclear how many other third parties might have accessed the data.

For more information on this, here’s the full report:

https://cybernews.com/security/video-call-app-huddle01-leaks-sensitive-user-data

1 Comment »

KAYAK brings Conversational AI powered by ChatGPT to the world of travel

Posted in Commentary with tags on October 15, 2025 by itnerd

KAYAK, the world’s leading travel search engine, today launched AI Mode, a natural-language search experience that combines KAYAK’s data with ChatGPT to deliver smarter, contextual results, right from the home page. KAYAK is the first major travel site to let users plan complete trips by typing questions directly into a search box.

How to Use AI Mode

  • Click the “AI Mode” icon on KAYAK from your desktop or mobile browser to get started.
  • Type travel-related questions the way you’d say them to another person.
  • Get real-time results as KAYAK compares the latest information and prices from hundreds of travel providers.
  • Discover, compare, and book flights, hotels and cars—all in one place.

Travel Demand Heats Up for the Holidays
The debut of KAYAK AI Mode comes at the perfect moment for holiday travel planning, as KAYAK data shows that mid-October through early November is the prime window for scoring the best holiday travel deals.

Prompt your Way to Holiday Savings with KAYAK
To help the AI-curious, KAYAK suggests these festive, holiday-themed prompts to reveal instantly actionable trip ideas – whether it’s a snow-globe-worthy village or a New Year’s Eve bash. Try one in AI Mode or come up with your own to see where it takes you:

  • NYC hotels within a half mile of Rockefeller Center for one night, Dec. 23rd
  • Cheapest Caribbean destinations for a 7-day trip
  • Rent a car from ORD with room for 6 people + lots of Christmas presents and payment at pickup
  • Flights from BOS to London for 2 adults, 2 kids, and a baby, Dec. 20 – Dec. 27
  • How much would Kevin McCallister’s New York experience cost?
  • I want to party for NYE – where should I go?
  • You’re in a Hallmark movie. Find me a quintessential winter village for under $600 for flight and hotel.

For tips on writing the best travel prompts, visit KAYAK’s blog.

Leave a comment »

WestJet and TELUS unite rewards programs

Posted in Commentary with tags on October 15, 2025 by itnerd

WestJet and TELUS, two of Canada’s most trusted and iconic brands, have linked their loyalty programs to deliver industry-leading value and flexibility to their members. Starting today, WestJet Rewards and TELUS Rewards members who link their accounts can earn, transfer and redeem points across the programs, unlocking exclusive travel and connectivity benefits. They will also automatically receive WestJet seat selection vouchers and TELUS Roaming Passes, helping them travel comfortably and stay connected. 

The linked loyalty platforms means members who link their accounts can:

  • earn WestJet points on their TELUS bills;
  • redeem WestJet points towards their TELUS services and the TELUS Rewards catalogue; and 
  • convert their TELUS Rewards points into WestJet points, unlocking flights, vacation packages and more through the new WestJet Rewards eStore.

As an added bonus, members who link their accounts before November 30, 2025 will receive a free entry into a contest to win an all-inclusive WestJet vacation for two to Mexico.

Both TELUS and WestJet launched transformed rewards programs in 2025, redefining customer loyalty with enhanced member recognition and value. TELUS unveiled the most comprehensive transformation of TELUS Rewards in the program’s history, now engaging customers from coast-to-coast with a revolutionary tier-based system that rewards customers based on the number of products and services they have, unlocking elevated status and exclusive perks at every level. WestJet announced the most significant enhancements to WestJet Rewards in the program’s 15-year history, making it easier than ever for members to earn and redeem points and save on flights, vacations or enhanced travel experiences.

Currently, WestJet Rewards members can enjoy WestJet Wi-Fi, presented by TELUS, delivering high-speed internet on more than 100 of WestJet’s narrowbody fleet, letting guests stream video, work and stay connected. By the end of 2025, WestJet expects the entire narrowbody fleet in scope will be outfitted with this fast and free Wi-Fi.

WestJet Rewards and TELUS Rewards members can link their accounts today at either westjet.com/telusrewards or telus.com/my-rewards. For full contest terms and conditions please click here.

Leave a comment »

Saviynt Unveils Major AI Capabilities for Identity Security

Posted in Commentary with tags on October 15, 2025 by itnerd

Saviynt, the leader in AI-powered identity security solutions, today unveiled groundbreaking advancements to its platform that redefine how enterprises manage and secure identities in the AI era. These new enhancements address two of the most pressing challenges facing enterprises today: the inability to onboard and govern all applications; and the lack of secure management for all identities – human and non-human, including AI agents.

Saviynt’s new AI-driven capabilities address these long standing challenges by accelerating and simplifying application onboarding, enabling all apps to be managed from a single, unified identity security platform, and extending Identity Security Posture Management (ISPM) to include every identity – human, non-human and AI agent – to help organizations strengthen their overall security posture.

Onboard All Applications with Agentic AI

Comprehensive application onboarding has long been one of the biggest roadblocks to realizing the full value of an identity security program. In fact, a Ponemon study found that 49% of organizations don’t even track how many disconnected apps they have – creating dangerous visibility gaps and expanding the attack surface.

Saviynt’s new Agentic AI Onboarding for Applications solves this challenge by harnessing agentic AI to accelerate and simplify the integration of both connected and disconnected applications across hybrid environments. The result is that every application – no matter where it resides – can now be seamlessly onboarded, governed, and secured under a single identity platform.

Secure All Identities — Human, Non-Human, and AI

As artificial intelligence transforms how enterprises operate, identity ecosystems are expanding at an unprecedented pace. Non-human identities and AI agents now outnumber human identities by more than 82 to 1, underscoring their explosive growth and the urgent need for stronger governance and control.

While AI agents are fueling major productivity gains, they also introduce a new class of identities that widens the attack surface. Most organizations lack the visibility and oversight to manage them effectively, leaving hidden risks across critical systems.

Saviynt is addressing this challenge head-on by extending its Identity Security Posture Management (ISPM) capabilities to cover all identities – human, non-human, and AI. These enhancements empower enterprises to confidently adopt AI while maintaining full visibility, governance, and compliance.

New capabilities include:

  • Identity Security Posture Management (ISPM) for AI Agents: Provides comprehensive visibility, governance, and audit readiness for AI agents and their core components – such as MCP servers and tools – through simplified discovery, prioritized risk insights, and integrated access maps enriched with signals from leading security solutions like CrowdStrike.
  • ISPM for Non-Human Identities (NHI): Enhanced NHI capabilities now include a unified inventory for all NHIs, their access policies, and detected violations, with support for one-click remediation.

Built for an AI-Driven Future

Together, these AI-driven capabilities enable unified identity security across all environments, simplifying application onboarding and extending protection to every identity.

Saviynt’s AI-powered platform seamlessly integrates identity governance, application governance, privileged access management, and security posture management for all identities. With the addition of AI-native capabilities, organizations can proactively reduce risk, accelerate decision-making, and enhance operational agility.

By unifying human and non-human identity security under a single platform, Saviynt empowers enterprises to achieve true Zero Trust at scale and ensure continuous compliance in today’s AI-driven world.

For more information on Saviynt’s AI-powered identity security platform, read the new blog. Saviynt will also showcase these new capabilities during its 2025 UNLOCK Roadshow, taking place in six cities around the world over the next two months.

Leave a comment »

OpenText Unlocks the Power of Secure Information Management

Posted in Commentary with tags on October 15, 2025 by itnerd

 OpenText today announced the release of Cloud Editions (CE) 25.4, introducing innovations that help organizations securely unlock the value of their  information and put AI to work with industry-specific, use-case-driven solutions.

With CE 25.4, customers can move from “Content in Context” to “AI in Context,” putting trusted data at the center of their AI strategy. With enriched and governed enterprise data in various OpenText platforms, organizations can accelerate AI readiness and benefit from operational productivity. CE 25.4 helps customers discover hidden data, transform raw content into intelligence, and curate information with business context.

Trusted AI-Ready Data

CE 25.4 recognizes that AI depends on three critical types of data:

  • Human-generated content: Structured data and unstructured data such as files, emails, images, texts, and audio created by users.
  • Machine-generated content: Log files from IT monitoring, security systems, network operations, endpoints, QA testing, and more.
  • Content between organizations: Data from B2B integrations, supplier networks, and commerce flows.

According to IDC, 90% of the world’s content resides behind enterprise firewalls and this private data is essential for deploying effective AI. In fact, 89% of CIOs say their AI strategy hinges on robust information management according to OpenText’s recent survey. Connecting all three types of data into AI-led cross-functional workflows is the competitive advantage OpenText can bring customers — ensuring private intellectual property remains secure, is governed by the right permission settings, and is ready to fuel powerful AI outcomes.

New AI in Context Innovations with CE 25.4

With OpenText’s latest release, customers can gain access to a suite of enhancements designed around three principles:

  • AI Ready: Tools and services to uncover hidden data, enrich it with business context, and prepare it for AI consumption.
  • AI in Context: Functional role specific AI solutions built on curated, governed data that meet industry standards.
  • Secure, Governed, Compliant: Advanced protection for sensitive data, identities, and endpoints, with intelligent threat detection and behavioral analysis.

CE 25.4 introduces new Aviator capabilities across a wide range of specific business roles including:

  • Policy & Compliance Management: Automatically identify and update non-compliant documents, behaviors, or trade transactions.
  • Document Classification and Management: Auto-tag and store documents according to business context. Archive and dispose of documents per records retention rules.
  • Service Management: Enhance service quality and reduce resolution times.
  • Quality Control Management: Generate QA scripts and automate testing of user stories.
  • Text-to-Code Conversion: Enable non-technical users to query databases.
  • Audit Preparation: Accelerate audit readiness by identifying gaps in documentation.
  • Anomaly Detection: Spot unexpected changes in supply chain transactions that signal business issues.
  • Carbon Emission Calculations: Help clients reduce emissions by aggregating data across trading partners and systems.

New Advisory & Support Services

To help customers maximize the value of CE 25.4, OpenText is launching a comprehensive suite of services:

Upgrade to CE 25.4 Today

OpenText Cloud Editions 25.4 is available now. Customers are encouraged to upgrade to take advantage of the latest innovations and prepare their organizations for the future of AI.

Engage Our Experts

To learn more about CE 25.4 visit here and see how OpenText can help your organization become AI-ready. Contact our advisory team today.

Leave a comment »

Epson Holiday Gifts: High-Tech, Eco-Friendly & Perfect for Everyone on your list 

Posted in Commentary with tags on October 15, 2025 by itnerd

This holiday season is all about intentional gift-giving. From practical, eco-friendly picks to smart home tech that makes life easier, Epson’s curated gift guide blends sustainability with convenience, offering thoughtful options for premium gifting.

And with select models on sale during Black Friday and throughout December, there’s no better time for Canadians to get a head start on their holiday shopping.

The Epson EcoTank ET-2980 Wireless All-in-One Colour Supertank Printer (MSRP: $399.99 CAD)  

Designed for easy use, the ET-2980 is perfect for busy homes with a variety of printing needs.  With Epson’s innovative cartridge-free EcoTank technology, families can print thousands of pages in black and colour without worrying about expensive, wasteful ink refills, which is useful when printing anything from end-of-year reports to holiday cards.

EcoTank ET-4950 Wireless All-in-One Colour Supertank Printer (MSRP: $599.99 CAD)

For the ultimate home office upgrade, gift yourself the ET-4950. This printer has a sleek and sophisticated design and comes with enough ink to last up to 3 years . This model offers advanced productivity features like auto duplex printing, copying and scanning, helpful for both students and professionals alike.

Epson FastFoto FF-680W Wireless High-speed Photo Scanning System (MSRP: $849.99)

The sentimental family member is always one of the hardest people to shop for. The Epson FastFoto FF-6680W photo scanner is the perfect gift to help them embrace their nostalgic side. In addition to quicky scanning and digitizing old photographs, users can enjoy the Epson FastFoto app, providing the ability to add voice and text over their photos, or create slideshows, right from their smartphone.

Leave a comment »

EnGenius Launches ECC500: Scalable 8MP AI Surveillance with Advanced Face & License Plate Recognition

Posted in Commentary with tags on October 15, 2025 by itnerd

EnGenius Technologies is pleased to announce the release of the ECC500 AI Surveillance Camera, a powerful 8-megapixel solution engineered to deliver enterprise-class scalability, high-performance recognition, and next-generation AI intelligence. The ECC500 is designed to help organizations achieve faster, smarter, and more flexible security across complex environments.

Equipped with advanced on-device and Cloud AI, the ECC500 leverages transformer-based deep learning models that go beyond traditional vision analytics. This allows the camera to understand faces, license plates, and objects with greater accuracy and context awareness — even in challenging conditions. Its high-performance edge inference ensures real-time recognition without depending on external servers, while the cloud-native design guarantees seamless scaling.

Face Tracking with EnGenius Cloud Timeline

With ECC500 integrated into the EnGenius Surveillance Cloud, organizations gain powerful face tracking capabilities. The cloud timeline function enables security teams to:

  • Identify exactly when and where a person appeared
  • Correlate appearances across multiple cameras and locations
  • Build a chronological path of movement for investigation or auditing purposes

This feature streamlines complex investigations by eliminating guesswork, empowering users to rapidly track and verify activities with precision.

License Plate Recognition for Smarter Traffic Enforcement

The ECC500’s LPR capability transforms how governments and municipalities can manage urban safety. By capturing and recognizing license plates in real-time, ECC500 supports:

  • Automated traffic violation enforcement (e.g., speeding, illegal parking, restricted zone access)
  • Improved traffic flow monitoring through automated data collection
  • Enhanced public safety with accurate identification of suspect or unauthorized vehicles

With ECC500, law enforcement agencies and city planners gain a scalable, cloud-managed solution for smarter traffic governance and road safety.

Cloud-Powered Scalability

Through the EnGenius Surveillance Cloud, organizations can:

  • Search faces or license plates across entire deployments in seconds
  • Remotely view and manage video streams anytime, anywhere
  • Scale from small to enterprise-wide networks effortlessly, with centralized cloud management and elastic performance

The ECC500 AI Surveillance Camera will be available from EnGenius authorized resellers and distribution partners by November 2025. For additional product specifications and purchasing information, visit: ECC500

Leave a comment »

LinkedIn’s Top Startups 2025: The Canadian companies defining the future of work

Posted in Commentary with tags on October 15, 2025 by itnerd

Today, LinkedIn released its annual Top Startups list, spotlighting the 15 Canadian companies redefining innovation across AI, tech, health, and finance. These fastest-growing startups are creating jobs, attracting top talent, and shaping the country’s next wave of growth.  

Nearly 70 per cent of this year’s honorees are new to the list, underscoring how quickly Canada’s startup landscape is evolving. From AI copilots and fintech disruptors to health tech breakthroughs, these companies reflect the country’s rapid renewal and the new frontiers of opportunity for Canadian professionals.  

Top 15 Canadian Startups 2025:   

  1. Pine 
  2. Hiive 
  3. Manmade 
  4. Vosyn 
  5. Motion (Creative Analytics) 
  6. Beautifi 
  7. PostGrid 
  8. Orchestry 
  9. Quandri 
  10. Orennia 
  11. Tali AI 
  12. Waabi 
  13. Cozey Canada 
  14. Traferox Technologies Inc. 
  15. Alli Therapy 

Methodology 

LinkedIn’s methodology is based on growth and demand — two key attributes that are synonymous with successful startups. We look at unique LinkedIn data across four pillars:

  • Employment growth: Percentage headcount increase over methodology time frame, which must be a minimum of 10%, over the methodology time period
  • Engagement: Non-employee views and follows of the company’s LinkedIn page, as well as how many non-employees are viewing employees at that startup. 
  • Job interest: Rate at which people are viewing and applying to jobs at the company, including both paid and unpaid postings. 
  • Attraction of top talent: How many employees the startup has recruited away from any global LinkedIn Top Company, as a percentage of the startup’s total workforce. Data is normalized across all eligible startups.

The methodology time frame is July 1, 2024 through June 30, 2025. 

Leave a comment »

« Older Entries