Archive for December 4, 2025

« Older Entries

Approov Opens New Headquarters in Edinburgh’s New Town Following Year of Rapid Growth, Investment

Posted in Commentary with tags on December 4, 2025 by itnerd

Approov today announced the official opening of its new headquarters in Edinburgh’s New Town. The move marks a significant milestone for the company following a defining year characterised by major investment, strategic partnerships, and a rapidly expanding global customer base.

The relocation to one of Edinburgh’s most iconic areas is a direct response to the company’s accelerated growth trajectory in 2025. Propelled by a recent investment round led by Maven Capital Partners, the new facility provides the necessary infrastructure to scale Approov’s technology and accommodate a growing workforce across engineering, product, sales, and customer success.

Heading into 2026, Approov plans to utilise the new space to accelerate innovation in mobile app and API security, expand its global partner ecosystem, and enhance threat-intelligence capabilities.

Leave a comment »

Forward Edge-AI wins MDA SHIELD contract, ships first PQC hardware, enters center of DoD’s quantum-security race

Posted in Commentary with tags on December 4, 2025 by itnerd

Forward Edge-AI announced today that it has been selected as one of the Prime Contractor awardees under the Missile Defense Agency’s (MDA) Scalable Homeland Innovative Enterprise Layered Defense (SHIELD) Multiple Award Agreement (MAA) contract vehicle.

Forward Edge-AI is the company behind Isidore Quantum®, the FIPS 140-3–certified hardware platform delivering the world’s first drop-in post-quantum cybersecurity solution successfully tested across air, land, sea, and space by the U.S. Army, Air Force, Navy, Space Force, and major commercial partners such as Microsoft and Lumen. The news comes one day after the company announced customers in Taiwan and a fifth patent.

The SHIELD program represents one of the Department of War’s (DoW) most ambitious modernization efforts, focused on building a next-generation, multi-domain, layered defensive architecture that can detect, track, and defeat advanced missile, hypersonic, cruise-missile, UAV, cyber, and hybrid threats across all phases of flight. The SHIELD MAA serves as a cornerstone of the emerging Golden Dome initiative, an envisioned nationwide defensive network that integrates government, commercial, and dual-use technologies to rapidly deliver new capabilities to the warfighter.

Under the SHIELD contract, Forward Edge-AI will compete for task orders in multiple advanced technology areas aligned with MDA’s Section C Work Areas, including:

Science & Technology (2.1): Advancing foundational innovations in AI, sensing, automation, and human–machine teaming to accelerate next-generation defensive concepts.

Research & Development (2.2): Developing applied R&D prototypes and breakthrough AI systems supporting multi-domain missile-defense missions.

Prototyping (2.3): Rapidly building, integrating, and iterating prototype systems that transition emerging concepts to field-ready capabilities.

Disruptive Technologies (2.5): Introducing game-changing capabilities such as autonomous AI agents, resilient sensing, and cognitive-EW techniques that counter evolving threat vectors.

Data Mining, Collection & Analysis (2.17): Applying AI-driven analytics to fuse disparate data streams, enhance threat characterization, and increase decision advantage.

Cybersecurity (2.19): Delivering secure-by-design architectures, zero-trust implementations, and threat-hunting capabilities essential to SHIELD’s multi-domain environment.

Isidore Quantum has been tested and validated in 30 pilots across the U.S. Army, Air Force, Navy, Space Force, and the private sector, achieving <0.5 millisecond latency and up to 800 Gbps throughput. The device consumes less than 9 watts of power, operates silently without fans, and is exportable under license exception.

The SHIELD IDIQ carries a $151B ceiling and a 10-year ordering period, enabling MDA and other DoW components to rapidly acquire innovative technologies that strengthen the nation’s layered defensive posture.

Forward Edge-AI’s selection reinforces the company’s position as a trusted provider of advanced AI, cyber defense, and rapid innovation solutions in direct support of national security.

Leave a comment »

Flashpoint Analysis: Critical React RCE Vulnerability Puts Digital Supply Chains at Risk 

Posted in Commentary with tags on December 4, 2025 by itnerd

Here is a new Flashpoint post that breaks down a rapidly developing security story: a critical Remote Code Execution vulnerability in React that is already drawing significant attention across the threat landscape. The post offers Flashpoint’s expert perspective on the scope of exposure and the implications for digital supply-chain security.

What Flashpoint is Seeing

  • The flaw (CVE-2025-55182) is a critical RCE vulnerability in React Server Components that allows unauthenticated remote code execution.
  • All React versions since 19.0.0 are affected, putting a massive portion of today’s web applications at risk.
  • Given React’s ubiquity, the supply-chain impact is extensive — Flashpoint notes that this vulnerability creates broad downstream exposure across organizations and vendors relying on React-based infrastructure.
  • Early signs of attacker interest are already emerging, heightening the urgency for defenders.

Impact
Flashpoint’s perspective highlights how this isn’t just a typical open-source bug — it has the potential to become a wide-scale supply-chain event, affecting enterprises, SaaS providers, and cloud-native applications. If exploited, it could lead to server compromise, data exfiltration, and large-scale operational disruption.

Here’s the analysis:
https://flashpoint.io/blog/digital-supply-chain-risk-vulnerability-react-unauthorized-remote-code-execution/

Leave a comment »

Flex raises $60M Series B equity round to scale its AI native “private bank” for high net worth business owners

Posted in Commentary with tags on December 4, 2025 by itnerd

Running a profitable middle-market business has become one of the most complex financial jobs in America, with owners often juggling more than ten disconnected systems to manage their money. Flex was created to give these high net worth owners a single place to run both their business and personal finances. 

Today, the company announced its $60 million Series B funding round led by Portage with participation from CrossLink Capital, Spice Expedition, Titanium Ventures, Wellington, Companyon Ventures, Florida Funders, FirstLook Partners, Tusk Venture Partners and others, bringing its total equity funding to $105 million.

This latest $60M equity round, followed by its $200M debt and $25M equity raise announced earlier this year, builds on a period of rapid hypergrowth. In just 12 months, Flex has grown revenue fourfold and increased annualized total payments volume from $1 billion to $3 billion across a suite of products, positioning Flex as one of the fastest-growing fintech companies at scale with best-in-class capital efficiency.

The timing aligns with Flex’s upcoming launch of Flex Elite, their new invite-only consumer card and membership, debuting today. Designed as a direct competitor to Amex Centurion, Flex Elite extends the company’s strategy to become the private bank for middle-market business owners, giving them a unified system that spans every dimension of their financial lives.

Traditional fintech platforms have focused either on micro-businesses or sophisticated enterprises. Flex serves the segment in between—the high net worth middle-market business owner generating $3 million to $100 million in revenue, collectively employing roughly 40% of American payroll. These owners are financially sophisticated and often manage their companies alongside significant personal assets, yet have no modern platform that supports the full lifecycle of their money. 

Flex is building the category-defining company solving this gap for high net worth business owners with a five-pillar strategy built around private credit, a business finance stack, a personal finance stack, payment solutions, and an ERP built for middle market businesses. These customers now use an average of four or more Flex products.

The company is building AI agents across every product pillar to streamline both its internal operations and customer experiences—like credit underwriting agents to deeply understand every business, expense agents, payment workflows, cash management agents, and back-office ERP agents into a single “motherboard” for business owners. Flex’s vision is to provide every business owner a team of high quality finance agents to run their backoffice like an enterprise. This AI-driven architecture not only improves customer experience but also drives a structurally lower cost base for Flex, enabling it to operate with a lean headcount. In turn, Flex delivers AI-powered Owner Insights, transforming the data generated from customer activity into a beautiful, intuitive experience that positions Flex as their “AI CFO.”

Supporting this foundation is the company’s private credit arm. With its agentic underwriting system, Flex can price risk with greater precision and offer a true one-stop shop for all credit needs typically underserved by traditional banks, asset managers and larger enterprise-focused fintechs. This vertically integrated capital engine creates a powerful defensibility loop: as Flex originates more volume, customers adopt more Flex financial products across their lives, making its risk models smarter, and improving its unit economics.

Flex’s Business Credit Card, which provides 60-day float on every transaction, has been a major driver of adoption, acting as the wedge into deeper financial operations. Once owners experience the benefits of the Flex Credit Card, they often go on to adopt Flex’s banking, payments, working capital, and expense management tools to replace fragmented legacy systems. This integrated model has allowed Flex to scale with high efficiency and has created a strong foundation for its expansion into personal finance.

The momentum is supported by broader market trends indicating consolidations of financial tools, simpler workflows, integrated credit, and unified visibility across business and personal lines. However, personal finance products for affluent individuals have remained largely unchanged for decades. Flex is bridging that gap with a unified system that reflects how these owners actually operate in both their business and personal lives.

With the long-term goal of building the complete financial stack for middle-market business owners across the United States Flex is capturing the full life cycle of money, offering both business and personal financial products. Flex aims to become the central platform this segment relies on to grow and transfer wealth across generations.

Leave a comment »

Contrast Security and Datadog Partner to Deliver Verified Application Runtime Threat Detection in Datadog Cloud SIEM

Posted in Commentary with tags on December 4, 2025 by itnerd

Contrast Security has announced a new integration that brings verified application runtime intelligence directly into Datadog Cloud SIEM. The integration enables Security Operations Centers (SOCs) to distinguish real application-layer exploits from background noise and then stop those attacks.  

Closing the Application Security Context Gap

Datadog’s State of Application Security report further highlights the scale of the problem, finding that although organizations face thousands of vulnerabilities, only 3% of critical vulnerabilities represent truly high-priority risks. And, according to Contrast’s Software Under Siege 2025 report, applications are attacked every 3 minutes on average, with more than 31% of viable exploits targeting weaknesses such as unsafe deserialization that perimeter tools routinely miss. 

Together, these findings underscore the urgent need for runtime visibility and high-confidence signals that separate genuine threats from the overwhelming noise of logs and low-fidelity alerts.

Many teams struggle to separate genuine application attacks from the flood of low-value alerts generated by perimeter tools. WAF alerts, for example, correlate to real exploits less than 0.25% of the time, forcing analysts to spend hours manually validating threats. Contrast ADR closes this gap by detecting and blocking attacks inside the application itself, then streaming verified alerts, including needed context, directly into Datadog Cloud SIEM as trusted triggers for automated workflows.

Verified Alerts, Automation-Ready

With this integration, joint customers can:

  • Confidently detect and respond to application-layer attacks that evade traditional tools, including untrusted deserialization and OGNL injection, which can lead to data exfiltration and ransomware.
  • Automate triage by sending verified alerts directly to your ticketing, chat, and case management systems, complete with the context developers need to investigate and respond quickly.
  • Reduce Application Layer MTTR from days to minutes by feeding verified runtime intelligence into Datadog Workflows, thereby eliminating noisy alerts and speeding up response steps, with the ability to automate them.
  • Accelerate remediation with Contrast SmartFix AI, which not only identifies the correct fix but also automatically generates pull requests, delivering ready-to-merge code changes that speed up repairs and improve productivity.

Availability

Datadog customers can find Contrast ADR in the Datadog platform. 

Leave a comment »

Stranger Things And TELUS Immersive In-Store Experience 

Posted in Commentary with tags on December 4, 2025 by itnerd

Stranger Things has begun to drop its highly anticipated final season and TELUS is transforming select stores in Toronto, Calgary, Quebec & Kelowna into immersive Upside Down experiences. Fans will step into the world of Hawkins, Indiana and discover why Stream+ is the ultimate way to watch the epic conclusion. 

What awaits you in the Upside Down:

  • Netflix prize pack: Enter to win a Stranger Things prize pack valued at $700, featuring unique merch, including a branded record player, Hawkins Tigers bomber jacket, exclusive Stranger Things holiday sweater and more.
  • Instagram-worthy photo opportunities: Come head-to-head with the Demogorgon or take a ride around Hawkins and recreate iconic scenes on the infamous bikes.
  • Stream+ savings: Learn how you can stream your favourite shows for 60% less.

Participating Locations:

  • Toronto, Eaton Centre – Dec 3
  • Calgary, Southcentre Mall – Dec 5
  • Quebec, Fairview Pointe-Claire – Dec 4
  • Kelowna, Orchard Park Mall – Dec 6
  • Activation Dates: December 3, 2025 – January 19, 2026

Leave a comment »

India Backs Down From Forcing A “Cybersecurity” Apps Onto Phones After Backlash

Posted in Commentary with tags on December 4, 2025 by itnerd

India over the last few days has been pushing tech companies like Apple and Google to install a state developed app that is meant to be enhancing security onto phones in the country and make sure that the app could not be removed. After pushback from pretty much everyone, India yesterday backed away from that effort.

If you want to go down the rabbit hole on this, here’s a story on this along with India’s “spin” on why they backed away from doing this.

Ted Miracco, CEO, Approov had this to say:

   “With most of us living and working on our mobile devices, the challenge is not just balancing security and privacy, but also balancing control of the private information between the tech giants as “gatekeepers” and government regulators, who often lack the expertise or execution to keep up with the pace of technological changes. 

  “True security cannot reside in the operating system alone because the OS can be compromised. It must be anchored in silicon, and the tech giants do facilitate security via the Secure Enclave (Apple), the Titan M2 chip (Google) and Knox Vault (from Samsung). These are separate microcomputers inside your phone with their own processor and memory that store your biometric data and encryption keys. We must ensure apps use these hardware APIs to generate keys that never leave the secure chip, and this data cannot be shared with governments, which was the overreach by the Indian government with the Sanchar Saathi app that has unfettered access to device level APIs. 

   “To roll back Big Tech without empowering “Big Brother,” we must decouple service from surveillance using both laws and source code. The legal lever involves enforcing an “Information Fiduciary” standard, which legally obligates tech companies to act in your best interest by banning them from exploiting your data for profit and effectively neutralizing their exploitative business models. The technical lever involves Self-Sovereign Identity (SSI) and Zero-Knowledge Proofs (ZKP), which ensure that while these fiduciaries can verify you are a citizen or over 18, they technically never possess your raw identity data; this means that when a government issues a subpoena or demands mass surveillance, the tech giants have no central database to hand over because the keys remain exclusively on your mobile device in the secure silicon enclave.

     “While the EU’s GDPR focuses on protecting data, the DGA (passed in 2022) focuses on restructuring who holds it – creating a regulated class of “Data Intermediaries”, as neutral third parties that legally cannot use your data for their own profit like selling ads. Instead of you fighting Facebook alone, you join a “Data Cooperative” or “Data Union” where the union holds your data in a vault and if a company wants to target you with ads, they must negotiate with your union, which can demand a fee or strict privacy guarantees. Hence, the mobile app never “owns” the data, but they can license access to it temporarily.”

George McGregor, VP, Approov follows up with this:

   “Government initiatives to reduce mobile-enabled crime through citizen-facing apps are laudable — public safety is a critical goal. But making such apps mandatory sets a troubling precedent. Which apps are installed on an individual device must always be a personal choice.

   “Security isn’t based in who publishes an app, but from how that app proves its integrity and behavior. Government apps need to be held to the same standard of provable security and transparency as any other apps.  Without strong safeguards like runtime attestation and Zero Trust principles, mandatory apps risk becoming new vectors for abuse, surveillance, or exploitation — even if well-intentioned.”

Michael Bell, CEO, Suzu Labs had this to say:

   “The problem with India’s approach wasn’t the goal of improving mobile security, it was the implementation: closed-source code, root-level access, no independent audit, and no user control. If the goal is mandatory security that doesn’t become surveillance, the framework needs to be transparent (open-source, publicly auditable), minimal (only the permissions absolutely necessary), and accountable (independent oversight, clear data access logs). The EU’s approach with GDPR and the upcoming Cyber Resilience Act comes closest to getting this right: they mandate security outcomes and transparency requirements on vendors rather than installing government software on every device, which keeps the trust relationship between users and their hardware intact.

   “The honest answer is that perfect security and perfect privacy are fundamentally in tension, and any system that claims otherwise is lying. What we can do is shift the burden: instead of governments monitoring citizens, require device manufacturers and app developers to meet security baselines, mandate transparency about data collection, and give users genuine control. The US hasn’t gotten this right at scale, though California’s CCPA and some state-level IoT security laws are moving in the right direction by regulating the ecosystem rather than surveilling the endpoint.”

This rollback is a good thing as I really had some reservations about what the Indian government was doing. Hopefully a more thoughtful approach to this app is done so that it can be rolled out with a fair amount of confidence that there are not any side effects.

Leave a comment »

Guest Post – AI Rent Algorithms: Hacking Personal Data and Privacy in the RealPage vs. New York Fight

Posted in Commentary with tags on December 4, 2025 by itnerd

By Stefanie Schappert

While most Americans were focused on family and Turkey dinners last week, the online property management platform RealPage was filing a major lawsuit against New York over the state’s upcoming ban on the company’s AI price-fixing software (set to take effect December 15th). 

From apartment rentals, luxury goods, concert tickets, and even your Uber ride, the first-of-its-kind lawsuit is expected to upend how the average consumer pays for goods and services in their everyday life – and determine whether AI pricing algorithms are here to stay. 

The AI Algorithm That Raises Your Rent

Algorithms aren’t just a tool for convenience, but can quietly control markets and manipulate people’s lives. 

The RealPage vs NY lawsuit makes that crystal clear. The company, which provides software to 80% of landlords across the US, has been at the center of a Department of Justice (DOJ) antitrust case accusing RealPage of aggregating data scraped by its AI software to set market rental rates at the expense of consumers. 

Tenant advocates say the software, which is used by a majority of landlords from the same regions, effectively fixes prices, driving rents higher and leaving renters with few options. 

Last week, the DOJ settled its 2024 case against RealPage, requiring the company to make significant changes to how it handles data, including preventing it from collecting and sharing competitively sensitive information.

The initial DOJ case and a similar suit brought by Tennessee against RealPage on behalf of nearly 30 renters (they won $142 million in damages) prompted nearly a dozen cities and states to begin enacting their own bans on AI rent-setting software in 2025.

Now, RealPage is fighting back, seeking to block New York’s ban, claiming it violates the company’s First Amendment rights. 

From a cybersecurity perspective, this is more than just a legal battle; it’s a warning about the risks of opaque AI systems. 

RealPage’s software doesn’t just calculate prices; it analyzes massive amounts of personal and financial data, turning it into leverage against the more than 110 million renters across the US. 

Imagine the algorithm reading your income, rental history, neighborhood demographics, and even past payment patterns, and then deciding exactly how much to charge you. 

That’s not just automation – it’s a system that can exploit people in ways most of us can’t see or challenge. And this is far from an isolated example. 

Airlines like Delta have been actively experimenting with AI to adjust ticket prices in real time and have announced plans to install their “AI dynamic pricing model” across the entire ticketing system next year. 

You’ve probably already noticed that flights jump in price depending on when and what time you search or book. Hotels, rideshares, and online retailers do the same, constantly tweaking prices based on demand, your location, or even your browsing behavior. 

On the surface, it’s about efficiency. But underneath, these systems are quietly turning data into power, often benefiting companies at the expense of consumers, who rarely understand how these algorithms actually work. 

The RealPage case is particularly striking because housing is a basic human need. Unlike a plane ticket or hotel stay, your rent affects your stability, your budget, and even your ability to save for the future. 

When algorithms are allowed to exploit personal data in this way, the consequences can be serious and immediate. 

AI systems are not neutral. Every dataset they consume carries the potential to harm, and without oversight, these invisible systems can silently manipulate markets, impacting people’s lives.

For anyone paying rent, booking flights, or shopping online, this is a wake-up call. 

The DOJ settlement is a step toward accountability, but it’s also a broader signal: the algorithms shaping our daily lives need scrutiny, regulation, and transparency. 

The RealPage lawsuit against New York State underscores the tension between innovation, corporate freedom, and public accountability. It is also expected to set a legal precedent for how companies will be allowed to use AI pricing algorithms moving forward.  

If RealPage succeeds, it may open the door for corporations in other industries to challenge state-level AI restrictions, from hospitality to car insurance. 

AI can make life easier, but without careful oversight, it can also turn data into a weapon against ordinary people.

As stated by then-US Deputy Attorney General Lisa Monaco last year, “Training a machine to break the law is still breaking the law.”

ABOUT THE AUTHOR

Stefanie Schappert, MSCY, CC, Senior Journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019.  She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News.  With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google.  Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines. 

Leave a comment »

Freedom Mobile Pwned By Hackers…. Customer Data Leaked

Posted in Commentary with tags , on December 4, 2025 by itnerd

I’ve been a customer of Freedom Mobile for a while now. And I’ve been critical of their security for a while as well. Today it seems that I might have been right. Bleeping Computer is reporting that they were pwned via what seems like a third party hack:

In a data breach notification published today, Freedom said it detected a breach of its customer account management platform on October 23.

“Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers,” Freedom stated.

“We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses.”

The personal and contact information exposed in the incident includes first and last names, home addresses, dates of birth, home and/or cell phone numbers, and Freedom Mobile account numbers.

Although it found no evidence that the compromised data has been misused since the breach, the wireless carrier advised affected customers to be suspicious of unexpected messages requesting their personal information or directing them to a website to provide it.

Freedom also recommends not clicking links or downloading attachments from emails or texts that seem suspicious and regularly checking their accounts for unusual activity.

Given that Freedom has had questions about its security in the past, and they aspire to be a challenger to Rogers, Bell and Telus, they really need to explain in detail what happened and what they are going to do to not only make sure that this doesn’t happen again, but they need to describe what they are going to do to improve their security going forward. I say this because the type of info that is now out there can be used for all sorts of attacks. And that is really, really, bad for Freedom Mobile customers. And what doesn’t help Freedom Mobile as this is not the first go round in terms of a data breach for them. Thus they really have a lot to answer to if they want to keep the trust of customers like me.

2 Comments »

SandboxAQ Achieves FedRAMP Ready Status, Powering Enterprise Readiness Across the Defense and Public Sector

Posted in Commentary on December 4, 2025 by itnerd

 SandboxAQ, a pioneer in AI-driven cybersecurity, today announced it has achieved Federal Risk and Authorization Management Program (FedRAMP) Ready status. Reflecting an independent third-party assessment and eligibility for FedRAMP Marketplace listing, the FedRAMP Ready designation underscores SandboxAQ’s standardized security controls consistent with the FedRAMP framework and readiness for government use.

As agencies confront the accelerating risk of AI, the 2025 AI Security Benchmark Report shows 79% of organizations already run AI in production, yet only 28% have completed a comprehensive AI risk assessment. Leaders are highly concerned about AI-enhanced cyberattacks and exposure of secrets in AI systems, and a vast majority plan to increase AI security investments imminently. To close this gap, agencies need to enable the safe, large-scale deployment of AI agents and modernize defenses for the post-quantum era. AQtive Guard provides complete visibility, assessment, and remediation of critical vulnerabilities stemming from weak encryption and the rapid proliferation of AI agents and non-human identities (NHIs).

For federal buyers, FedRAMP Ready provides a standardized way to evaluate AQtive Guard within a unified framework, helping teams move faster while aligning to federal requirements and offering an independent signal of SandboxAQ’s security posture.

As part of a broader enterprise-readiness initiative, SandboxAQ has officially received the SOC 2 Type I report for AQtive Guard and the ISO/IEC 27001 certificate covering all of SandboxAQ.

For federal programs, AQtive Guard supports modernization at scale by updating legacy cryptography across multi-environment estates, helps teams identify and prioritize cryptographic risks within enterprise security programs, and advances future-readiness by planning and coordinating steps toward post-quantum cryptography adoption.

With FedRAMP Ready in place, agencies have a standardized path to evaluate AQtive Guard for automated cryptographic discovery and inventory, cryptographic posture management, and post-quantum migration planning, helping teams modernize cryptography, reduce risk, and strengthen resilience.

For agencies ready to get started, SandboxAQ is now officially represented in the FedRAMP Marketplace, with AQtive Guard listed as FedRAMP Ready. 

Visit their website to learn more about SandboxAQ or book a demo here

Leave a comment »

« Older Entries