The IT Nerd

Why CVSS Scores Don’t Always Reflect an Exploit’s Actual Severity

Posted in Commentary with tags Hacked on February 4, 2026 by itnerd

Today we’re covering Operation Neusploit, the advanced cyberespionage campaign identified by Zscaler ThreatLabz attributed with confidence to the Russia-linked APT28 (A.K.A. Fancy Bear) threat group, we’re sharing this perspective on its 7.8 score.

Neusploit weaponizes CVE-2026-21509, a Microsoft Office zero-day security bypass vulnerablity, to target government and executive organizations in Ukraine, Slovakia, and Romania. It uses native language social engineering ploys to launch multi-stage infection chains that begin by monitoring login events and forwarding emails to attackers. A dropper then downloads further malicious implants and a post-exploitation framework for command and control as well as lateral movement.

Given the campaign’s potential impact, some have questioned the vuln’s 7.8 Common Vulnerability Scoring System (CVSS) score vs. a higher one.

Sunil Gottumukkala, CEO of Averlon, explained:

“A 7.8 CVSS score for this vulnerability is based on the prerequisites needed for exploitation: #1 the payload (in this case the specially crafted office file) to be delivered locally, and #2 the local user to open it. It cannot be exploited without end user interaction at that early and specific point in time.

“However, scoring that single specific slice of the exploit chain fails to capture just how effective modern, highly targeted social engineering has become, especially with AI. In campaigns like this, overcoming the user interaction prerequisite is becoming straightforward, and that initial foothold becomes the first step in a sophisticated attack chain that can quickly expand before organizations are able to patch.”

This is a big hint that the scoring of vulnerabilities needs a rethink to reflect the modern reality of cybersecurity. But I for one do not thing that this will happen anytime soon.

Leave a comment »

AI is a top growth tactic in 2026 for Canadian sales teams

Posted in Commentary with tags Salesforce on February 4, 2026 by itnerd

With mounting concerns that AI is producing more ‘workslop’ than ROI, the pressure is on for Canadian businesses to turn AI into revenue and productivity gains in 2026.

Salesforce’s 7th Edition State of Sales Report reveals AI and AI agents rank as the #1 growth tactic for 2026 shaping Canada’s sales industry. Based on a survey of 4,050 sales professionals – including 250 respondents in Canada – the report finds that top performers are 1.7x more likely to use AI agents than struggling teams. Not only this, nearly 9 in 10 global sellers plan to use AI agents by 2027 to close a growing capacity gap.

Key Canadian findings include:

49% of sales representatives view cold outreach as the worst part of their job, and 47% say they lack the bandwidth to do it.
Only 18% of Canadian sales reps’ workweek is dedicated to prospecting clients – one of the primary, revenue-driving functions of sales teams.
88% of Canadian sellers using AI agents say this technology is critical for meeting business demands.

Leave a comment »

New SystemBC Botnet Malware Research Finds Novel Variant & 10K Unique Infected IPs Part of Family

Posted in Commentary with tags Silent Push on February 4, 2026 by itnerd

Silent Push has revealed its analysts have identified more than 10,000 unique infected IP addresses as part of the SystemBC botnet malware family, which is used in ransomware attacks and as a SOCKS5 proxy network.

Silent Push’s analysis shows SystemBC infections are globally distributed at scale, with the highest concentration of infected IP addresses observed in the US, followed by Germany, France, Singapore, and India.

Silent Push identified SystemBC infections within sensitive infrastructure, including compromised IP addresses hosting government websites in Burkina Faso and Vietnam.

The research uncovers a previously undocumented SystemBC variant written in Perl, indicating continued development activity and ongoing evolution of the malware family.

You can read the analysis here: https://www.silentpush.com/blog/systembc

Leave a comment »

Marlabs AgilityAI Transforms AI Adoption into Successful Business Outcomes

Posted in Commentary with tags Marlabs on February 3, 2026 by itnerd

Marlabs today announced the launch of Marlabs AgilityAI, a Full Lifecycle Enterprise AI Transformation Suite. In a market saturated with fragmented tools and stalled experiments, AgilityAI offers a unified engine designed to do one thing: move enterprises from isolated AI pilots to sustainable, governed business capabilities.

The launch arrives as businesses face a specific crisis: “AI pilot fatigue.” The recent State of AI in Business 2025 study from MIT finds that while $40 billion has flowed into generative AI pilots, 95% of AI pilots fail to deliver significant impact on P&L. Companies are stuck between the pressure to innovate and the reality of failing projects.

Marlabs AgilityAI is not just a platform; it is a comprehensive framework for transformation. It addresses the core points-of-failure by providing a framework to align AI to business value, pre-built accelerators to reduce implementation time, and the operational models to deploy AI confidently.

What is AgilityAI?

Marlabs AgilityAI integrates three essential components into one seamless delivery model:

Strategic Discovery Framework: Identifies high-value use cases and filters out hype
Agentic AI Catalog: A library of proprietary, pre-built, and business-validated accelerators that speed up development
Comprehensive Governance Model: Ensures security, data integrity, and scalable operational implementation and control

Leading Global Enterprises Trust Marlabs

Over thirty Fortune 500 companies already trust Marlabs to navigate complex transformations, such as a major stock exchange that harnessed Agentic AI to improve productivity, a global pharmaceutical giant that developed an AI-powered optimized clinical trial operations, and a leading North American telecom provider that streamlined fragmented data systems. These industry leaders are confident in Marlabs’ ability to scale AI initiatives that now drive measurable business value rather than just theoretical experiments.

Marlabs was recently named as a “Contender” in the ISG Provider Lens™ Generative AI Services 2025 Global Report, and as a “Major Contender” in Everest Group’s 2025 Data and AI Services for Mid-Market Enterprises PEAK Matrix® Assessment.

Three Core Values for the Enterprise

Marlabs AgilityAI was engineered to solve the specific friction points of enterprise adoption:

Quick, Low-Risk Validation

Using the AgilityAI “Catalog of Accelerators,” Marlabs teams do not start from a blank page. By leveraging pre-tested models and proven frameworks, the suite reduces the time-to-value for Proofs of Concept (POCs) by 50%. This allows companies to test ideas rapidly and inexpensively, validating viability before committing significant budget.

Practical, Proven ROI

AgilityAI rejects the “AI for AI’s sake” approach. The suite includes a rigorous ROI-filtering mechanism that prioritizes practical, scalable applications over theoretical experiments. It also includes cost-control innovations like PromptRouter®, which automatically routes tasks to the most cost-effective Large Language Model (LLM) to reduce licensing costs by more than 50%.

Organizational Strategy & Evolution

True transformation requires more than software; it requires a cultural shift. AgilityAI is designed as a “Build-to-Run” model. It helps clients establish the internal roles, data foundations, and oversight committees necessary to evolve the whole organization, ensuring AI becomes a sustainable core function like Finance or HR.

Availability

The Marlabs AgilityAI Full Lifecycle Enterprise AI Transformation Suite is available immediately for organizations looking to operationalize their AI strategy. For more information, visit Marlabs AgilityAI or book a meeting with a Marlabs AI expert today.

Leave a comment »

Sage X3 brings real-time, AI-driven intelligence to help mid-sized businesses act faster

Posted in Commentary with tags Sage on February 3, 2026 by itnerd

Sage today announced new AI-powered enhancements to Sage X3. The new capabilities give product-centric organizations clearer visibility across finance, sales, and supply chain operations, allowing teams to respond faster as conditions change.

Mid-sized businesses are operating in a near-constant state of change. Ongoing supply chain disruption, new compliance demands, and tighter resources mean finance and sales teams are expected to respond faster than ever. At the same time, businesses are generating more data than they know what to do with, and too often that information doesn’t translate into timely action in the systems people use every day.

According to McKinsey’s 2025 State of AI report, 88% of organizations now use AI in at least one part of their business. However, most are still at an early stage when it comes to using AI to actively support decision-making and day-to-day operations. While 62% are experimenting with AI agents, only 23% have managed to scale them in at least one area, highlighting a gap between ambition and real-world impact.

Sage is changing this by bringing contextual AI directly into Sage X3 workflows. By connecting insight and action across finance, sales and supply chain operations, Sage X3 helps teams spot risks earlier, reduce manual intervention, and make more confident decisions as conditions change.

Delivering more responsive, connected operations

Sage X3 is designed for mid-sized, product-centric businesses managing complex operations across multiple sites, regions, and regulatory environments. By combining conversational AI, intelligent automation, and connected operational insight within the ERP experience, Sage helps organizations improve visibility, reduce friction, and respond more effectively as conditions change.

Sage Copilot for X3 introduces a more natural way for teams to interact with their business data, while new agent-driven sales intelligence capabilities continuously monitor activity across orders, inventory, and customer demand. These agents proactively surface risks and opportunities as they emerge, helping teams act earlier rather than reacting after issues escalate.

What’s new in Sage X3

Sage Copilot for X3 with Sales Intelligence Agent – Sage Copilot brings conversational interaction directly into Sage X3, allowing users to ask natural language questions and receive immediate, contextual insights. The new Sales Intelligence Agent proactively alerts teams to risks such as overdue orders, delayed shipments or declining customer demand, enabling faster intervention and better customer outcomes.

Available globally

AI-powered Accounts Payable Automation – Expanded AP automation reduces manual invoice processing through AI-driven document capture, classification, and vendor matching. By minimizing errors and accelerating approvals, finance teams can improve accuracy, strengthen compliance and shorten month-end cycles.

Available globally

Sage Supply Chain Intelligence – New connected supply chain capabilities provide real-time visibility from purchase order creation through to delivery, enabling closer collaboration with suppliers and earlier identification of fulfilment risks. This helps organizations reduce stock-outs, improve reliability, and protect customer commitments.

Available to early adopters in the US.

Sage Business Reporting – Bringing real-time Sage X3 data directly into Excel, Sage Business Reporting enables faster, self-service analysis without reliance on IT. AI-assisted insights help teams build accurate, flexible reports that support quicker, more informed decisions.

Available globally

Sage X3 Builder and platform enhancements – Sage X3 Builder now includes new AI-assisted capabilities that help partners and customers tailor Sage X3 more quickly. These updates simplify configuration, reduce time to value, improve total cost of ownership and lower the learning curve for teams extending the platform.

Available globally

To find out more, visit Sage X3.

Leave a comment »

Samsung Has Picks to Elevate Super Bowl Hosting

Posted in Commentary with tags Samsung on February 3, 2026 by itnerd

With the Super Bowl around the corner, Samsung is sharing some products that could elevate hosting for everyone!

For the busy host – With the Galaxy Tab S11 Ultra, hosting doesn’t have to mean missing a single play or the halftime show. Thanks to seamless multitasking across apps, you can stream the game, follow a recipe, and prep crowd-pleasing snacks all at once, all on an immersive 14.6-inch Dynamic AMOLED 2X display that keeps everything front and center.

For the hardcore fan – Between the edge-of-your-seat gameplay and Bad Bunny’s highly anticipated performance, it’s bound to be a heart-pounding night. The Galaxy Watch8 or Galaxy Ring lets fans track exactly how intense the action gets, bringing a new layer of insight to game day excitement.

For those on-the-go – Super Bowl Sunday is a full-day event. Whether you’re running out to grab pizza during halftime or stepping away briefly, Galaxy Buds3 FE with ANC ensure you don’t miss a moment, keeping the game’s energy with you wherever you are.

For the Instagrammers – Game day moments deserve instant replays. With Galaxy S25 Ultra’s pro-grade camera and AI-powered editing, fans can capture touchdown celebrations, halftime reactions, and snack spreads, then share everything on social before the next drive even starts.

Have a look at samsung.ca for more ideas.

Leave a comment »

DryRun Security Introduces the DeepScan Agent for Rapid, Full-Codebase Security

Posted in Commentary with tags DryRun Security on February 3, 2026 by itnerd

DryRun Security, the industry’s first AI-native, code security intelligence company, today announced the DeepScan Agent, a new AI-powered capability that delivers full-repository application security reviews in a few hours. The DeepScan Agent provides developers and security teams with senior-level security expertise across entire repositories, without the cost and operational drag of traditional assessments.

AI-enabled software teams ship more code than ever and security struggles to keep pace. Full repository security reviews are typically infrequent, expensive, and slow, often requiring outside consultants or pulling senior engineers off roadmap work. At the same time, traditional static application security testing (SAST) tools generate thousands of alerts that teams must manually triage, which are often inaccurate, leaving real risks either unfound or buried in noise.

Human-grade security reviews, at machine speed

The DryRun Security DeepScan Agent analyzes entire repositories in hours, building a deep understanding of workflows, data relationships, identity, dependencies, and trust boundaries across the application.

This full-repo context allows the DeepScan Agent to surface issues that require application-level reasoning, including:

Authorization and authentication flaws
Complex IDORs and multi-tenant isolation failures
Business logic vulnerabilities
Secrets exposure buried in large codebases
Server-side request forgery (SSRF) and internal trust-boundary bypasses

Rather than producing volumes of low-value findings, the DeepScan Agent delivers a focused set of issues ranked by risk, with clear explanations and remediation guidance engineers can act on immediately.

Beyond traditional SAST pattern-based scanning

The DryRun Security DeepScan Agent is intent-first, reasoning about what the code does, how it can fail, and the real-world exploitability of those failures.

This enables security teams to move from scanning artifacts to true code security intelligence, translating raw code signals into actionable, contextual insight across the entire application.

Strengthening security across the development lifecycle

The DeepScan Agent is designed to run whenever teams need fast, full-repository confidence: before major releases, after large refactors, during acquisitions, or when leadership asks, “Are we exposed?”

The application context DeepScan builds also strengthens DryRun Security’s pull request analysis agent, allowing risk to be evaluated based across the whole application.

Availability

The DeepScan Agent is available today to DryRun Security customers and trial users.

To see the DeepScan Agent in action, request a demo.

Leave a comment »

Guest Post – Cybersecurity experts warn: Run Moltbook only in secure, isolated environments

Posted in Commentary on February 3, 2026 by itnerd

By Karolis Arbaciauskas, head of product at NordPass

Moltbook, an AI-exclusive social media platform launched just days ago and dubbed the “Reddit for AI agents,” has exploded in popularity online. Within its first week, Moltbook attracted over 1.5 million registered AI agents and more than a million human spectators watching the agents interact with each other, sparking countless posts across human social networks.

The project originated with OpenClaw, an open-source AI agent created by Peter Steinberger that runs locally on a user’s machine. The software allows bots to use a computer and internet services just as a human would. Building on this, entrepreneur Matt Schlicht developed his own OpenClaw agent, named Clawd Clawderberg, and tasked it with coding, moderating, and managing the entire Moltbook platform. Now most moltbots on the platform run on OpenClaw.

Cybersecurity professionals warn that this setup is terribly insecure and creates massive security vulnerabilities. However, most agree that it’s impossible to suppress public curiosity and discourage experimentation. Instead, they are calling for caution and offering some safety tips.

Karolis Arbaciauskas, head of product at the cybersecurity company NordPass, comments:

“Moltbook and OpenClaw have attracted tech-savvy tinkerers with unprecedented opportunities for experimentation because these tools have virtually no built-in security restrictions but have broad access to users’ computers, apps, and accounts. For example, you can connect to your OpenClaw bot through a messaging app to interact with it while you’re away. It can remember your conversations, read and write files on your computer, browse the web, build applications, and even consult other bots on Moltbook for advice on how to do it best.

“While it’s exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure. Therefore, please run Moltbook and your personal bots only in secure, isolated environments.

“Do not give your AI agents access to your real accounts. Instead, create disposable alternatives for them to use. Do not let them use your main browser, especially if you store passwords on it. You should also be cautious with enabling autofill because it creates the risk of the agent having permanent remote access to your credentials. If you want an agent to build something autonomously and anticipate it may need to purchase software or rent server space, link it to a disposable payment card.

“Avoid running Moltbook or OpenClaw agents on your personal or work computers. These AI agents are unpredictable and highly vulnerable to prompt injection attacks. This means if your agent processes an email, document, or webpage containing a hidden malicious instruction, it will likely execute that command in addition to its original task. For example, it could be instructed to send all the credentials, personal data, and payment card information it has access to directly to an attacker.

“The risk isn’t limited to hackers with malicious intent. AI agents could leak users’ data unintentionally. And this is just the tip of the iceberg. Cybersecurity researchers have already identified critical flaws in Moltbook, including an unsecured database that could allow unauthorized users to take control of any AI agent on the site.

“It would not be surprising if threat actors, trolls, and scammers have already found their way onto Moltbook and launched bots tasked with conning other AI agents into cryptocurrency schemes or luring them into hidden prompt injections.

“That’s why it is best to buy a separate, dedicated machine and use disposable accounts for any experimentation. It is also advisable to use encryption and a private mesh network as well as to try to harden your bot against prompt injections.”

Leave a comment »

Hisense Wins 58 awards at CES 2026

Posted in Commentary with tags Hisense on February 3, 2026 by itnerd

Hisense was recognized with a total of 58 industry awards at CES 2026, highlighting its continued leadership across display technologies and smart home appliances.

Hisense’s performance at CES 2026 was further underscored by four CES Innovation Awards, demonstrating both the depth and diversity of its innovation portfolio. Among the winners, the 163 MX RGBY Micro-LED television received the CES 2026 Innovation Award – Best Innovation. In addition, 116UXS RGB Mini-LED TV and Laser Projector XR10 were named CES 2026 Innovation Award Honourees, further validating Hisense’s leadership across both advanced display technologies and smart home solutions.

Flagship Display Innovations Set New Benchmarks

In displays, Hisense showcased its latest breakthroughs led by the global debut of the 116UXS RGB Mini-LED TV, the first product powered by the new RGB Mini-LED evo platform. Representing a system-level evolution in large-screen display technology, RGB Mini-LED evo enhances colour performance and viewing comfort through a newly expanded light spectrum.

As the flagship highlight of Hisense’s CES lineup, 116UXS received widespread recognition from leading global technology and lifestyle media, earning multiple Best of CES, Best TV of CES, Editors’ Picks and Standout honours from leading global technology and lifestyle media, including Android Headlines, CNET, Tom’s Guide, TechRadar, T3 and others. The product was also recognized as a CES 2026 Innovation Award Honouree, further affirming its technological significance.

Alongside 116UXS, the 163 MX also received extensive Best of CES recognition from multiple international media outlets, further reinforcing Hisense’s leadership in ultra-large and premium display technologies.

In addition, Hisense’s UR9 RGB Mini-LED TV earned multiple Best of CES and Editors’ Picks honours from professional AV and technology media, strengthening Hisense’s RGB Mini-LED TV portfolio beyond its flagship offerings.

Hisense further expanded its large-screen ecosystem with the global debut of the Laser Projector XR10, which received multiple Best of CES, Editors’ Picks and CES Innovation Award Honouree recognitions from professional AV and technology media. Together, RGB Mini-LED TVs and TriChroma Laser projectors demonstrate Hisense’s comprehensive large-screen display strategy, spanning premium living-room viewing and dedicated home cinema environments.

Smart Home and White Goods Innovation Drive Global Momentum

Beyond displays, several white goods — including PureFit refrigerators and wine cabinets, Slide In Smart Induction Range and dehumidifier products — were recognized with Best of CES and TWICE Picks 2026 awards from industry and trade publications, reflecting Hisense’s growing strength across kitchen and laundry ecosystems.

Reinforcing its long-term growth momentum, Hisense recently received authoritative recognition from Euromonitor International. According to Euromonitor International (Consumer Appliances 2026 Edition), Hisense Group achieved the fastest growth rate among the global TOP 10 home laundry appliance companies from 2021 to 2025, validating its accelerating global competitiveness in the white goods sector.

Looking ahead, Hisense remains committed to advancing display and home appliance technologies through continuous system-level innovation, delivering smarter, more immersive and more human-centric experiences to consumers worldwide.

For more information, please visit hisense-canada.com.

Leave a comment »

Levelplay Releases Combat Liquid HUD and Combat Liquid SE All-in-One Coolers

Posted in Commentary with tags Levelplay on February 3, 2026 by itnerd

Levelplay has announced the launch of its latest all-in-one (AIO) CPU cooling solutions, the Combat Liquid HUD and Combat Liquid SE, expanding the Combat Liquid family with performance-driven cooling and real-time system visibility. Designed for gamers and PC enthusiasts who demand immediate access to live CPU data, the Combat Liquid 360 HUD features an integrated digital display on the pump cap that presents critical system information at a glance, while delivering high-efficiency thermal performance for modern high-core processors.

More Than Just a Display

The Combat Liquid 360 HUD is more than a high-performance CPU cooler — it’s a real-time command center for your system. At the heart of the cooler is a 2.6″ circular digital display, transforming the pump cap into a mission-ready HUD that delivers live system intelligence at a glance. The display provides real-time readouts including CPU temperature, usage rate, power draw, and clock speeds, allowing users to monitor performance instantly without relying on on-screen software overlays. Simply update the driver from https://levelplaytech.com/drivers-manuals/ and unlock full access to the HUD’s real-time system monitoring features.

Combat Liquid SE Series

Building on Combat’s core cooling architecture, the Combat Liquid 240 SE and 360 SE models offer the same proven pump and radiator performance in a streamlined design, delivering reliable thermal headroom with a clean, minimalist aesthetic. Together, the Combat Liquid HUD and SE series provide scalable cooling solutions for a wide range of PC builds, from performance-focused gaming systems to high-end content creation rigs.

Precision Cooling, Simplified

Both the Combat Liquid HUD and Combat Liquid SE coolers feature a rigid all-in-one fan design that integrates three 120mm cooling fans into a single unified frame. Pre-installed from the factory, this design minimizes cable clutter, simplifies installation, and ensures maximum airflow is directed precisely where it matters most, through the radiator. Paired with synchronized ARGB lighting, the integrated fan assembly delivers consistent cooling performance while keeping your build clean, organized, and visually striking.

Designed for modern platforms, the Combat Liquid HUD and SE series support the latest processors, including Intel® LGA 1700 and LGA 1851 CPUs, as well as AMD® AM4 and AM5 sockets. Each cooler ships with all required mounting hardware for straightforward installation, allowing users to get up and running quickly. Whether you choose the data-driven Combat Liquid HUD or the streamlined Combat Liquid SE, both solutions deliver reliable thermal performance, reduced noise, and a refined build experience for high-performance PC systems.

To learn more about Combat Liquid HUD & Combat Liquid SE coolers, please visit: http://levelplaytech.com

Pricing

HUD 360mm Black: $99.99

HUD 360mm White: $99.99

SE 360mm Black: $79.99

SE 360mm White: $79.99

SE 240mm Black: $69.99

SE 240mm White: $69.99

Leave a comment »