Archive for May 28, 2026

CrowdStrike Details Takedown of Glassworm

Posted in Commentary with tags , , on May 28, 2026 by itnerd

CrowdStrike, Google, and the Shadowserver Foundation said they disrupted the Glassworm botnet, a global threat targeting developers and open-source software ecosystems through supply chain attacks. CrowdStrike said the coordinated takedown simultaneously disabled all four of the botnet’s C2 channels, preventing communications with infected systems and delivery of additional malware payloads.

You can find out more by reading CrowdStrike’s writeup here: https://www.crowdstrike.com/en-us/blog/inside-crowdstrike-takedown-of-a-developer-targeting-botnet/

Liquibase VP Ryan McCurdy offers perspective:

   “Glassworm is a reminder that ungoverned automation can quickly become a privileged attack path. Once attackers compromise developer tooling, poison repositories, or steal CI/CD credentials, the pipeline stops being background infrastructure and starts acting like a privileged identity. That is what makes these attacks so dangerous. The answer is not less automation. It is more standardized, governed automation, so the workflows developers and pipelines already rely on are consistent, controlled, and harder to abuse.”

Honestly, while this is to be celebrated, it’s also time for organizations to look at themselves and retool themselves so that automation is not an attack path. Otherwise bad things will happen.

Leave a comment »

Sage Intacct expands trusted automation across core finance workflows

Posted in Commentary with tags on May 28, 2026 by itnerd

Sage today announced new and enhanced capabilities in Sage Intacct designed to help finance teams accelerate operations, strengthen control and extend AI capabilities across finance operations.

The latest updates expand automation across receivables, accounts payable, purchasing and SaaS analytics, while introducing new ways for customers and partners to extend AI capabilities through Sage Intacct AI Gateway. Together, the updates help finance teams reduce manual work, improve visibility and move faster with greater confidence by embedding trusted AI and automation directly into day-to-day finance workflows with the transparency, control and accountability finance teams require.

As finance teams face growing pressure to improve cash flow, accelerate decision-making and operate with greater agility, many still rely on disconnected systems and manual processes that slow execution and limit visibility. Gartner research found that 88% of CFOs rank finance staff productivity among their top priorities in 2026, reflecting growing pressure to automate workflows, shorten cycles and control costs. Sage Intacct’s latest updates are designed to support this shift by embedding trusted automation across receivables, payables, purchasing and finance analytics workflows.

Advancing high-performance finance through automation, control and AI extensibility
The latest update expands customizable workflow automation across receivables and purchasing, with AI-powered enhancements in accounts payables and SaaS analytics, helping finance teams reduce manual effort and improve visibility across day-to-day operations.

The release also introduces new ways for customers and partners to extend the value of Sage Intacct by using the Model Context Protocol (MCP), an open standard for bridging AI solutions with business systems, to securely connect financial data to AI tools. This helps organizations adapt workflows more easily while maintaining defined permissions, approvals and operational controls.

What’s new in Sage Intacct May 2026:

Cash Intelligence: Payment Reminders
Helping accounts receivable and finance teams manage customer follow-ups, Payments Reminders proactively surfaces customers with open or overdue invoices in a single view. Teams can send one-click or bulk payment reminder emails using a default template, helping create more consistent outreach and reduce manual follow-up.

Available through an Early Adopter program globally.

AP Automation: 3-Way Matching
Reducing manual reconciliation and helping preserve oversight and control, 3-Way Matching uses AI-driven automation to link invoices, purchase orders and receipts, compare prices, quantities and totals, and flag line-level discrepancies for review before payment.

Generally available globally. 

Custom Approvals in Purchasing
Helping organizations manage purchasing approvals more flexibly, Custom Approvals in Purchasing enables teams to define multi-condition approval rules using transaction fields such as vendor, amount, department, location and category. This helps route transactions to the right approver and align controls with operational workflows.

Available through an Early Adopter program globally.

Sage Intacct AI Gateway
Helping customers and partners extend trusted AI across finance workflows, Sage Intacct AI Gateway enables tailored AI solutions to connect directly with Sage Intacct using REST APIs and using the Model Context Protocol (MCP) standard. This allows Sage Intacct data to be combined with external applications and AI services while operating within defined roles, permissions and workflow controls.

Generally available in the US, UK, Canada, Australia and South Africa.

SaaS Intelligence 2.0
Helping SaaS finance leaders gain deeper visibility into revenue performance, SaaS Intelligence 2.0 delivers enhanced AI-powered insights across forecasting, cohort analysis, customer segmentation and Annual Recurring Revenue and Monthly Recurring Revenue tracking. Interactive dashboards help organizations identify churn, retention and expansion trends more easily.

Available through an Early Adopter program in the US, UK, Canada, Australia and South Africa.

Leave a comment »

ESET Research APT Report: China-aligned groups spy in Venezuela and the Gulf, target AI robotics in S. Korea

Posted in Commentary with tags on May 28, 2026 by itnerd

ESET Research has released its latest APT Activity Report, which highlights activities of select APT groups that were documented by ESET researchers from October 2025 through March 2026. During the monitored time frame, China-aligned threat actors remained highly active worldwide, conducting espionage campaigns shaped in part by geopolitical developments affecting Beijing’s economic and security interests. Following the US military operation in Venezuela and amid continuing instability in the Gulf region, ESET spotted signs that China-aligned groups were being mobilized to improve Beijing’s visibility into maritime, energy, and political developments abroad. North Korea-aligned Andariel attacked a company that appears to be involved in the nuclear power industry.

China-aligned FamousSparrow targeted a Venezuelan governmental entity connected to maritime affairs, likely to monitor the resilience of oil shipments after the US intervention. There, ESET also noticed SteppeDriver, another China-aligned APT group targeting a Syrian governmental network, activity that may reflect both Chinese commercial interest in Syria’s reconstruction projects and security concerns surrounding Uyghur fighters present in that country. China-aligned UNC5221’s SPAWN malware family targeted governmental entities in Cambodia and Panama, as well as an AI and robotics company in South Korea. The latter targeting South Korea aligns with Beijing’s enduring interest in strategic technologies prioritized under the Made in China 2025 industrial development policy.

The war in Iran that began in late February 2026 was the defining event for Iran-aligned activity during this period. Paradoxically, the conflict coincided with a decline in activity from established Iran-aligned APT groups in ESET telemetry, most likely because internet restrictions imposed by the Iranian regime hindered their ability to operate effectively. At the same time, this environment appears to have favored the mobilization of proxy and hacktivist actors targeting Israel, the United States, and other states seen as hostile to Tehran. ESET Research also documented an unusual spike in activity against Israeli targets that it could not confidently link to previously known groups. Two unattributed activity clusters, Rusty Boots and MoKhargosh, demonstrated both espionage capabilities and destructive potential against Israel – including deployment of a bootkit-style wiper while retaining destructive tooling for later use.

ESET Research also found a defense company in the United Arab Emirates being compromised, and Arabic-speaking users being targeted with Android spyware. It was possibly aimed at journalists or open-source intelligence practitioners since the name of attacker’s Telegram channel was likely inspired by Live Universal Awareness Map (Liveuamap), a legitimate, well-known OSINT platform dedicated to mapping military incidents worldwide.

North Korea-aligned threat actors remained active on several fronts. Multiple groups continued targeting developers and the cryptocurrency ecosystem with social engineering schemes that can yield both direct financial gain and opportunities for software supply-chain compromise. ESET also uncovered the reemergence of the Andariel group in attacks against South Korea, where the group deployed TigerRAT and attempted to spread Rook ransomware within an engineering company that appears to manufacture equipment relevant to liquid hydrogen handling and the nuclear power industry – technologies that are obviously of interest to Pyongyang’s ballistic and nuclear ambitions.

Russia-aligned threat actors continued to focus overwhelmingly on Ukraine and entities connected to that country’s defense efforts. Sednit deployed its Covenant and BeardShell implants against Ukrainian military personnel, drone manufacturers, and organizations involved in drone research and development, while also targeting logistics and transportation companies outside Ukraine. Sandworm intensified destructive activity over the winter, deploying several new wipers in Ukraine against governmental and private sector targets. Particularly notable was a December 2025 data destruction incident affecting a Polish energy company, which ESET attributed to Sandworm with medium confidence.

ESET products protect our customers’ systems from the malicious activities described in this released report. Intelligence shared here is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers, who prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups. These threat intelligence analyses, known as ESET APT Reports, assist organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks.

More information about ESET APT Reports, which deliver high-quality, strategic, actionable, and tactical cybersecurity threat intelligence, is available on the ESET Threat Intelligence page.

For more details about the mentioned and other APT groups’ activities, read the full APT Activity Report, “Conflict-informed espionage: Monitoring oil shipments, targeting drone makers,” on WeLiveSecurity.com

Leave a comment »

New data from 800k U.S. job postings challenges developer assumptions about what employers actually hire for

Posted in Commentary with tags on May 28, 2026 by itnerd

As layoffs reshape tech and AI dominates the conversation, new research from Oxylabs reveals that what developers think employers want doesn’t match what job postings actually show.

Oxylabs analyzed more than 800,000 U.S. job postings (January 2025–March 2026) requiring at least one programming language. Unlike survey-based rankings, this reflects real hiring behavior at scale. 

Key findings:

  • SQL is nearly as in-demand as Python (45% vs. 46% of postings), despite developers routinely dismissing it as “not a real language”. SQL beats Python as the No. 1 requirement in 38 states, Python leads in just 12.
  • The Python and SQL duo is the most requested skill, appearing in 1 in 5 tech job postings, far ahead of any other pairing.
  • Apple is hiring while others cut. Its Q1 2026 job postings jumped 9 times the 2025 quarterly average, with software engineering and AI/ML roles having the biggest spikes.
  • Foundational skills still dominate. Despite the AI-driven shift, the top most-requested languages are established tools (Python, SQL, Java, JavaScript).

The full report breaks down demand by role (backend vs. frontend vs. DevOps vs. data science), industry, and U.S. state – useful context for developers assessing their career options in an uncertain market.

Please read the full report here 

Leave a comment »

OVHcloud announces new Premier 2027 hardware for Managed VMware vSphere

Posted in Commentary with tags on May 28, 2026 by itnerd

OVHcloud announces new Premier 2027 hardware for its Managed VMware vSphere solution. Available in the OVHcloud Private Cloud universe, Managed VMware vSphere is designed for enterprise grade environments to support the most critical use cases: cloud migration, disaster recovery, enterprise application hosting and application modernization. 

The Premier 2027 server range has been designed to provide new VMware environments and seamlessly scale out existing ones, with enhanced performance, scalability and flexibility.

With more compute resources, featuring up to 40% more CPU cores (compared to previous Premier generation) leveraging 5th generation Intel Xeon Scalable processors (code name Emerald Rapids) the Premier 2027 hardware comes with up to 1.5 TB of memory per host for memory intensive applications. To match these new hardware capabilities, the 2027 generation hardware is equipped with high performance NVMe drives and up to 50 Gbps private bandwidth included for improved data throughput. 

Offering better performance to address the most demanding workloads, the Premier 2027 hardware line comes with better granularity on cores and a range of choices to meet all use cases while benefiting from OVHcloud’s best performance/price ratio. 

Premier 2027 hardware is available now in France, including in Canada, the SecNumCloud 3.2 Region, and Europe. Deployment in the US is expected soon.

Resources 

Leave a comment »

UK Surveillance Levels Exposed

Posted in Commentary with tags on May 28, 2026 by itnerd

Britain has become one of the most watched nations on Earth. According to a 2021 British Security Industry Association report, approximately 21 million CCTV cameras now operate across the country,  yet what’s far less understood is the dramatic variation in who’s watching whom, and with what technology.

To find out, Comparitech filed Freedom of Information requests with all 380 UK councils and 48 police forces, mapping exactly which parts of the country are under the heaviest surveillance. The research doesn’t stop at camera counts as it reveals which councils and forces have quietly adopted facial recognition technology (FRT) and automatic number plate recognition (ANPR)  and benchmarks UK surveillance levels against major cities around the world.

Key findings include:

  • Britain is home to seven of the world’s 20 most surveilled places, putting UK towns and cities in the same league as authoritarian regimes
  • A single London police force operates 31,000+ cameras, a surveillance network bigger than some entire countries
  • One East London council alone has over 3,000 cameras making it the highest of any council in the UK
  • A Northern England council has quietly built the UK’s biggest facial recognition network with 120 cameras that can scan and identify faces in real time
  • One UK police force monitors residents at a rate of nearly 49 cameras per 1,000 people
  • Council camera coverage peaks in one UK country, reaching 3.6 cameras per 1,000 people

Additionally, Rebecca Moody, Head of Data Research at Comparitech has provided her insights on the findings:

“The report highlights a clear imbalance in the levels of surveillance across the UK. While some councils have opted for widespread camera systems, others have steered clear — and, as we found, this has little (if anything) to do with crime rates.

From a privacy perspective, what’s also concerning is the use of real-time systems, such as ANPR and facial recognition. While they’re in place for certain tasks, e.g. to monitor cars for traffic violations and to seek out persons of interest, they ultimately subject all citizens to mass surveillance. And, as we note, there’s also a worrying risk of “mission creep”, whereby these systems are promoted as helping X but, after a while, they’re also used to combat Y, and then Z, until, before we know it, their use is extensive and widespread. Essentially, once a system is installed under the guise of combating a certain crime, it can be easily rolled out into other areas. For example, ANPR was introduced as an anti-terrorism tool but has quickly become a key system to help with traffic enforcement.”

You can find more here: https://www.comparitech.com/news/watching-you-funded-by-you-number-of-cctv-cameras-by-uk-council-police-force/

Leave a comment »

Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs

Posted in Commentary with tags on May 28, 2026 by itnerd

SafeBreach Labs has uncovered a new one-click sandbox escape technique in Windows 11 that allows an attacker to achieve escalated code execution and arbitrary write from a low-integrity process with nothing more than a single user click.

The research shows how multiple legitimate Windows features can be chained together to achieve arbitrary write outside the sandbox, including COM objects, toast notifications, Snipping Tool URI handlers, Microsoft Teams, and Chromium’s remote debugging functionality. The attack requires only a single user click on a spoofed notification and does not rely on dropping traditional malware or third-party tools.

The SafeBreach Labs team is available to discuss:

  • How undocumented COM AppID flags allowed low-integrity processes to launch medium-integrity server processes.
  • The abuse of Windows notifications and URI handlers to execute attacker-controlled actions outside the sandbox boundary.
  • How Microsoft Teams and Chromium debugging functionality were leveraged to achieve arbitrary write using only native Windows applications.
  • Why chaining together legitimate operating system components creates dangerous attack paths that are difficult for defenders to detect.

Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs: https://www.safebreach.com/blog/click-or-trick-cve-2025-59199-escaping-the-sandbox-with-windows-uris/

Leave a comment »

Guest Post: Claude Coding Addiction And Why It Can Lead to Startup Burnout

Posted in Commentary on May 28, 2026 by itnerd

By Mohamed Yousuf, CEO – Smart Workforce AI

You can’t live with them, and you can’t live without them. That’s the conundrum many startup founders face when it comes to technical experts like an experienced CTO or principal engineer. The skills those experts bring can get the startup on track much faster, but the salaries they demand can cause an unmanageable financial drain.

Claude Code seems to provide a solution to the conundrum. It provides founders with technical expertise at a fraction of the cost of an engineer, but bringing Claude Code into the environment also introduces risks that can sink a startup.

How Claude Code can get founders off track

Claude Code is the kind of thing founders used to dream about as they attempted to bootstrap their way to viability. Budgets were extremely tight, but founders knew they needed to hire an expert in areas like sales, marketing, or software development to move the dream forward. Finding a way to get that work done well and on the cheap was a game-changer.

By giving startups the ability to run multiple agents on multiple fronts, Claude Code unlocks a lot of doors. One agent can work on research, another on software development, and another on DevOps; the list can go on and on.

But there is a problem with unleashing Claude Code in this way. While the platform offers a lot of value for a low cost, what you get is never perfect. Unlike the human expert with the capability to run things for you, Claude Code needs your constant attention. Rather than delegating and moving on, you find yourself going back and forth with the agents endlessly. 

For those with founder perfectionism, tapping into Claude Code can easily lead to burnout.

I experienced this firsthand. As I spent more time with Claude Code, I spent more time doing a lot of things on my own rather than delegating them to my team. I found myself wasting time on projects someone else could handle and shifting my focus away from bigger, more important things.

How founders can keep Claude Code from becoming a distraction

The key to using Claude Code optimally is knowing when to stop. Generally, that means leveraging its capabilities to get your startup off the launch pad. Once the business starts to produce, it’s time to shift AI to a different role.

Claude Code works well in the early phases of the startup process because cash flow is a challenge. Whereas in the past, founders might have turned to offshore outsourcing to make staff affordable — or give away equity in the company — now they can work with AI to build their dream business. But using AI agents as your staff is not a long-term solution.

I highly recommend that you reduce your reliance on Claude Code once you start to make revenue. There may be a time in the future, as AI becomes more intelligent and better able to understand your vision, when you can continue scaling with a full AI team. At this time, however, AI should be seen as a tech amplifier, not a human replacement.

Once a startup begins generating revenue, scale back on Claude Code and start using AI alongside subject matter experts. This will allow you to catapult your business forward with a leaner workforce.

How founders can keep Claude Code from becoming a liability

When I first started using Claude Code, it dramatically increased my efficiency and productivity. It unlocked a lot of tasks I had been dependent on others for and gave me the ability to do things the way I wanted, when I wanted. Suddenly, I could draft email copy, update marketing websites, code any software project that came to mind, and run my own sales outreach campaigns by just connecting Claude to my Google Workspace.

In reality, however, I hadn’t gained access to a coding expert. I could do more with Claude Code than I could on my own, but I was still only working with a junior developer who lacked the experience to consider the overall context and process. Having that type of “person” on your staff might work for an early-phase startup, but you don’t want to rely on that type of resource long-term.

Limiting your reliance on Claude Code limits your liability. Ultimately, you need to adopt a human-in-the-loop approach that can certify that its output will integrate, scale, and stand up to real-world challenges.

Claude Code is addictive because it gets things done quickly, which is not common for startups in their early phases. But founders must remember that startup success isn’t about getting things done. Rather, it’s about building value. Claude Code can help with that, but ultimately it needs to become a tool for those pursuing long-term business success and not just quick coding.

– Mohamed Yousuf is the CEO and founder of Smart Workforce AI, a workforce intelligence platform focused on transforming how shift-based industries operate in an AI-driven world. His background is rooted in building and scaling technology-driven systems that address structural inefficiencies in workforce planning, scheduling, and labor utilization across sectors, including healthcare, hospitality, retail, and manufacturing. Through Smart Workforce AI, Mohamed focuses on moving organizations away from rigid, approval-heavy scheduling models and toward intelligent, adaptive systems that balance operational needs with greater employee autonomy.

Leave a comment »