Archive for June 25, 2026

Gaslight malware shows attackers are beginning to target AI-powered security analysis

Posted in Commentary with tags on June 25, 2026 by itnerd

The newly discovered Gaslight malware for macOS highlights an emerging shift in attacker tradecraft: instead of only evading traditional security tools, threat actors are beginning to manipulate AI-assisted analysis itself. By embedding prompt injection techniques designed to mislead or halt LLM-powered malware analysis, attackers are testing how much security teams rely on AI during incident response. As AI becomes more deeply integrated into defensive workflows, organizations will need to treat AI systems as another attack surface, requiring validation, oversight, and resilience against manipulation.

You can find out more details here: New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“Gaslight is a glimpse of where AI‑aware malware is headed—and a reminder that securing the data plane now matters as much as securing endpoints and sandboxes.

This Rust‑based macOS implant doesn’t just steal data and maintain a Telegram‑based C2 channel; it also embeds prompt‑injection content specifically designed to confuse LLM‑assisted analysis pipelines, flooding them with fabricated “system failure” messages to get automated triage to abort or mis‑report. In other words, the malware is actively targeting the AI tools defenders rely on, trying to shape what those systems “see” and how they respond.

For organizations, this means two things. AI‑assisted security workflows need explicit defenses against adversarial content, with clear separation between untrusted artifact data and trusted system messages. And because attackers are gaining more ways to mislead or bypass detection, enterprises must assume that traditional controls will be defeated more often—and ensure they have strong, contextual protection for sensitive data across email, SaaS apps, collaboration tools, and AI systems, so that even when malware slips through or “gaslights” the tools, the blast radius for critical information stays small.”

That should bust any myth that macOS is immune from malware. But realistically, you need to protect every device all the time regardless of OS. Otherwise bad things will happen.

UPDATE: Toghrul Tahirov, Head of AI Governance, Polygraf AI adds this:

“Gaslight is not a sandbox evasion technique. It is a social engineering attack aimed at an AI analyst.

The implant is standard North Korean tradecraft: Telegram C2, Python infostealer, Keychain harvesting. I am specifically amazed that what SentinelOne found is embedded inside it. There are 38 fabricated system messages engineered to convince an LLM-assisted triage agent that its own session is collapsing. They have thought this out! Fake token expiry. Fake OOM kills. Bogus injection warnings. Not to hide from the agent. To make it quit before finishing the job.

We don’t see any architectural separation. A fabricated system message and a real one that look identical to the model. That is not a prompt engineering problem. It is a fundamental design constraint, and adversaries are figuring out how to weaponize it against defenders. And see how fast they are productizing it.

The moment you put an AI agent into your pipeline, that agent becomes a part of your attack surface. Gaslight is the first field sample that treats it explicitly as one.

One can not just handle this sort of issue with a more capable model. Enforcement and security has to happen at the input boundary, kind of stand alone proxy environment, before untrusted content reaches the reasoning layer. That is the problem Polygraf’s AI Behavioral Control Plane addresses.”

Leave a comment »

Safe Software Appoints Nabil Lodey as Its First EMEA Senior Executive

Posted in Commentary with tags on June 25, 2026 by itnerd

Safe Software today announced the appointment of Nabil Lodey as VP EMEA, where he will drive growth in the company’s presence and customer base across the region. His appointment builds directly on Safe’s operational expansion into the UK and Ireland, announced in June 2025.

Nabil joins Safe from 1Spatial, a long-standing Safe partner and FME reseller, where he served as Managing Director for the UK and Ireland. He brings a deep, first-hand understanding of Safe’s business and of the FME Platform, having worked closely with the technology and its customer base. That familiarity positions him to further accelerate Safe’s regional expansion plan while deepening the company’s commitment to support clients and partners across Europe through local expertise and presence.

An experienced technology leader, Nabil brings more than a decade of experience building and scaling data and geospatial software businesses. He has held chief executive and senior leadership roles across the sector, with a consistent track record of driving rapid growth, building high-performing teams, and delivering strong commercial outcomes. He began his career in the Royal Navy, holds a degree in Economics from Queen Mary, University of London, and is a Sloan Fellow of London Business School.

Nabil joins a strengthened leadership team that has recently welcomed Judd Lee as Chief Financial Officer and Vanessa Ribreau as Chief People Officer. Safe’s global user conference, the Peak of Data and AI, takes place March 9-11, 2027, at the QEII Centre in London, UK. For more information, visit peakofdataintegration.com

Leave a comment »

Nearly half of Canadian business leaders stuck in AI experimentation without meaningful ROI, BDO finds

Posted in Commentary with tags on June 25, 2026 by itnerd

As Canada moves to close its national AI adoption gap, new research from BDO Canada finds nearly half (46%) of Canadian business leaders are experimenting with AI without achieving meaningful ROI.

Only 18% are actively embedding AI into workflows and operations, according to BDO Canada’s AI Vision Report: Past the pilot to the agentic future of work. BDO says the findings point to a second-stage challenge for Canadian organizations: identifying the readiness gaps that limit value, then building the governance, workforce capability and operating discipline needed to scale AI responsibly. For business leaders, this is a movement away from number of pilots, to whether those efforts are improving decisions, managing risk and creating measurable value.

AI Vision Report: Past the pilot to the agentic future of work explores how organizations can move beyond isolated AI pilots toward governed, enterprise-wide adoption. It outlines how leaders can connect AI initiatives to clear business outcomes, accountable decision-making, and measurable value as AI moves from stand-alone productivity tools into more integrated, multi-step workflows.

The report also found that 27% of Canadian business leaders believe AI will have minimal impact on their organization over the next four years–a finding BDO says may point to a visibility gap as AI becomes increasingly embedded into enterprise software, workflows and decision-support systems.

From adoption to responsible scale

BDO says organizations need to scale AI in a way that creates measurable value, manages risk and helps people adapt to new ways of working.

The findings come as businesses begin preparing for agentic AI systems that can support multi-step work, coordinate information across platforms and move teams toward more integrated workflows.

As these capabilities become more common, BDO says organizations will need to treat AI as an operating-model change, not simply a technology deployment. Scaling safely and effectively will require clear governance, ownership, workforce enablement, adoption planning and measurement tied to business outcomes.

According to Gartner, by 2028, one-third of enterprise software applications are expected to include agentic AI capabilities, up from less than 1% in 2024. BDO says this shift will put greater pressure on organizations to build the foundations for responsible scale now, including governance, workforce fluency, workflow integration, and measurement tied to business outcomes.

Informed by BDO’s own AI adoption journey

BDO’s perspective is informed by its own AI adoption journey across its national firm, including the firm’s Client Zero approach to testing, learning, and scaling AI responsibly within its own operations. Through investment in workforce enablement, governed experimentation, workflow integration, and responsible AI practices, BDO has developed practical lessons that inform its work with clients.  

Read BDO Canada’s AI Vision Report: Past the pilot to the agentic future of work.

About the report
AI Vision Report: Past the pilot to the agentic future of work is a BDO Canada report examining how Canadian organizations can move from AI experimentation to responsible, enterprise-wide adoption. The report draws on survey of 520 Canadian business leaders who are members of the Angus Reid Forum commissioned by BDO Canada, along with BDO’s experience helping clients connect AI initiatives to business outcomes, governance, workforce readiness and measurable value.

Leave a comment »

Mirage2FA phish kit targeting M365 users with obfuscated HTML, stealing MFA codes 

Posted in Commentary with tags on June 25, 2026 by itnerd

Fortra Intelligence and Research Experts (FIRE) this morning published their analysis of Mirage2FA, a newly discovered Microsoft 365 phishing kit that tricks users into sharing login details and MFA codes. Targeted businesses could experience account takeover, fraudulent payment redirection, data theft, unauthorized access to sensitive documents, and more as a result of an attack.

Mirage2FA uses short-lived HTML smuggling and obfuscated Javascript-loaders in a single phishing workflow, helping it evade detection. It is yet another example of a growing number of phishing campaigns using multiple tactics to successfully bypass 2FA/MFA workflows.

Details here: https://www.fortra.com/blog/mirage2fa-obfuscated-html-loader-delivers-microsoft-365-mfa-phishing-kit

Leave a comment »

Kyndryl Report: AI adoption accelerates as workforce readiness becomes the ROI difference maker

Posted in Commentary with tags on June 25, 2026 by itnerd

Kyndryl today announced the release of its second annual People Readiness Report, a global study of 1,100 senior business and technology leaders across eight countries, revealing a notable drop in workforce AI readiness and a widening gap between AI expectations and execution.

The report illustrates what leaders are doing right to ride the AI surge, and that AI success is not driven solely by different strategies, use cases or technologies – it’s driven by whether organizations redesign work and manage those changes throughout their organizations. The data also shows that trust in AI can be built through deliberate operating model and governance changes.

The findings come as companies accelerate AI adoption and invest heavily to realize value at scale. “Worldwide spending on AI is forecast to total $2.52 trillion in 2026, a 44% increase year-over-year, according to Gartner®, Inc., a business and technology insights company.”

According to the study:

  • 57% say AI is embedded in core business processes or deployed broadly across the enterprise; last year, 35% said AI was fully integrated across their organizations.
  • Only 32% have achieved at least one of their top two AI goals; just 11% have achieved both.

The study identifies a Pacesetters group, the 9% of organizations that have done three things: they redesign roles around AI, implement change management so the workforce understands its new operating model and has guardrails in place, and have built workforce readiness. These three behaviors are the operational foundations that consistently distinguish the organizations achieving the strongest results from AI. As they do these things, at each stage they are building the important governance frameworks. Pacesetters are roughly twice as likely to have fully implemented every governance dimension measured.

Pacesetters are:

  • 1.5 times more likely to achieve AI-related revenue growth.
  • 1.6 times more likely to report better innovation for products and services.

Business leaders consistently rank workforce readiness among the most challenging aspects of AI adoption:

  • Just 23% of organizations think their workforces are fully ready for AI, a six-point drop from last year.
  • And 79% agree that the speed of AI will outpace their organizations’ workforce, governance and operating models.

The risk of falling behind is increasing as more organizations adopt autonomous AI agents.

  • 81% of organizations expect AI agents to make impactful decisions for their organizations within the next year, but today just 25% completely trust AI systems operating without human oversight.

Readying workforces for AI-enabled workplaces

The report identifies actions that organizations are taking to get their workforces ready for an AI-enabled workplace:

  • Redesigning roles for the future: 61% say their organizations have already redesigned roles, and 24% are creating new roles focused on AI management.
  • Addressing skills gaps: Half of leaders (52%) say it has become more challenging to find employees with the right skills to advance their AI strategy, and a third have fully implemented training programs focused on helping employees effectively collaborate with AI tools.
  • Building trust through governance: A third of organizations (33%) claim they have clear policies on which decisions AI can and can’t make, and 27% are using a registry and monitoring capabilities for all their AI systems. Organizations with stronger governance assert their workforces trust more in AI strategy and execution, and high-trust organizations are significantly more likely to report transformative outcomes from their AI investments.

Learn more about People Readiness.

*Gartner Press Release, Gartner Says Worldwide AI Spending Will Total $2.5 Trillion in 2026, 15 January 2026. GARTNER is a trademark of Gartner, Inc. and/or its affiliates.

Leave a comment »

Sage helps manufacturers and distributors make faster, more informed decisions with AI built for confidence, accountability and control

Posted in Commentary with tags on June 25, 2026 by itnerd

Sage today announced the latest enhancements to Sage X3, designed to help manufacturers and distributors make faster, more confident decisions through AI and operational intelligence.

Building on Sage’s vision for AI announced at Sage Future earlier this year, the latest Sage X3 enhancements bring AI-powered insight, cloud innovation and advanced manufacturing intelligence into the workflows businesses use every day. Together, these capabilities give organizations greater visibility across operations, helping them identify risks earlier and respond more quickly as demand, supply chains and compliance requirements evolve. At the same time, they provide the control and oversight required to make confident decisions in complex operational environments.

Turning operational data into confident action

Manufacturers and distributors generate vast amounts of data across inventory, purchasing, production, finance and supply chains. Yet turning that information into timely action remains a challenge, particularly when confidence in AI-generated outputs remains low.

The latest Sage X3 enhancements help address this challenge by combining AI, cloud delivery, connected compliance and advanced manufacturing planning capabilities within a single business management solution. Together, these capabilities help organizations improve visibility, reduce manual work and make more informed decisions while maintaining the control and oversight required to manage complex operations.

Sage Copilot capabilities help teams identify risks and opportunities earlier, surface relevant operational insights and make more informed decisions across sales, finance, inventory and operations. Built into existing workflows, these capabilities give users practical AI support in the flow of work, while keeping people in control of decisions, approvals and actions.

Alongside new AI-powered capabilities, Sage X3 continues to help businesses modernize core operations. Sage-managed SaaS delivery reduces the burden of infrastructure management, updates and security, while AI-powered e-invoicing helps streamline compliance and improve efficiency. Enhanced manufacturing planning capabilities, delivered through Sage’s partnership ecosystem, help organizations improve resource utilization and respond more effectively to changing demand.

What’s new in Sage X3

  • Enhanced production visibility through Lynq – Helping manufacturers improve visibility across production, optimize resources and respond more effectively to changing demand and operational requirements.

Available in the US, Canada, South Africa, Australia and UK – soon to be released globally

  • Platform enhancements – Strengthening performance, security, user experience and extensibility to help customers and partners support more connected, resilient operations.

Generally available globally

  • Sage X3 SaaS – Helping businesses modernize operations while reducing IT complexity through Sage-managed infrastructure, updates and security. Customers benefit from a more predictable cloud experience, helping reduce administrative overhead while ensuring access to the latest innovations and platform enhancements.

Available in the UK and US – soon to be released globally

  • AI-powered e-invoicing in France – Helping businesses reduce manual processing, improve accuracy and prepare for evolving compliance requirements through connected digital workflows powered by Sage Platform.

Generally available in France

For more information visit the Sage X3 product page.

Leave a comment »

78% of Security Teams Experience Critical False Negatives From Automated Scanning Tools Says Colbalt

Posted in Commentary with tags on June 25, 2026 by itnerd

Cobalt has announced the findings of its second annual Cobalt AI and Pentesting Pulse Report 2026. The research, which evaluated 455 cybersecurity professionals, revealed that the percentage of organizations that rely entirely on AI automation for testing needs plummeted from 29% to 9% from last year, with 47% now preferring a hybrid testing model. 

The 22 point surge in support for the hybrid model, where human expertise supports AI testing, stems directly from the 78% of organizations that experienced fully automated scanning tools missing critical vulnerabilities and returning false negatives. Despite these gaps, security teams show an increasing willingness to automate testing for non-critical assets, with the share favoring automation for low-risk environments rising 22 points to 47%.

You can read the research here: https://resource.cobalt.io/ai-pentesting-pulse-report-2026-tyd

Leave a comment »

Canada is Winning for Canadians

Posted in Commentary with tags on June 25, 2026 by itnerd

Canada’s success at the FIFA World Cup 2026™ is turning into savings for people wanting to upgrade their television.

With Canada advancing to the Round of 32 for the first time ever, Hisense Canada’s Win With Canada promotion has kicked up to a $600 rebate for people who buy qualifying Hisense products. If Team Canada wins this match and moves on to the Round of 16, Canadians who participated in the promotion are eligible receive up to $1,000 cashback on their purchase — and to match Canada’s success Hisense is extending the promotion to apply to qualifying Hisense products purchased by June 27th.

The promotion allows Canadians who purchase eligible Hisense televisions, laser TVs and select refrigerators to earn cashback tied directly to Team Canada’s performance at the FIFA World Cup 2026™. What began as a guaranteed $150 rebate has steadily increased as Canada has advanced through key tournament milestones — $200 when Canada scored its first goal, $400 when it won its first match, and now $600 for advancing beyond the group stage.

The Win With Canada promotion is part of Hisense Canada’s broader celebration of FIFA World Cup 2026™, a tournament that has Canada co-hosting matches for the first time and bringing unprecedented excitement to soccer fans across the country.

For more information, please visit winwithcanada.ca

About Win With Canada

Win With Canada is a Hisense Canada promotion that rewards consumers when Team Canada succeeds at FIFA World Cup 2026™. Purchasers of eligible Hisense televisions, Laser TVs and select refrigerators can qualify for cashback rebates tied to Team Canada’s tournament performance, with a maximum potential rebate of $1,000. Product must be purchased before June 23rd to qualify.

Consumers can visit WinWithCanada.ca for complete contest rules, eligibility details and cashback redemption information.

Leave a comment »