Elon Musk Limits Image Generation For Grok AI To Paid Subscribers…. That’s Not Good Enough

Posted in Commentary with tags on January 9, 2026 by itnerd

Earlier this week, it came to light that Grok AI which is Elon Musk’s AI chatbot was letting users create objectionable content. This predictably resulted in massive amounts of blowback from the average joe to politicians and national leaders. Elon and company didn’t seem too concerned about the blowback. But that changed today. From the BBC:

There has been a significant backlash after the chatbot honoured requests from users to digitally alter images of other people by undressing them without their consent.

But Grok is now telling people asking it to make such material that only paid subscribers would be able to do so – meaning their name and payment information must be on file.

So what Elon and company have done is monetise this feature rather than addressing the fact that this AI chatbot should never do something like this. The fact is this is not acceptable and not nearly enough is being done by Elon and company to address this. Clearly Elon does not care about the harm that his AI causes. And quite frankly he needs to be punished for this. I’d start with banning Grok and potentially Twitter along with it. He needs to face consequences for his actions. And the harsher those punishments are, the better.

1 Comment »

Forward Edge-AI Announces Global Channel Ecosystem With More Than Two Dozen New Partners

Posted in Commentary with tags on January 9, 2026 by itnerd

Forward Edge-AI today announced its global channel partner ecosystem, adding more than two dozen new partners across North America, Europe, Asia-Pacific, and the Middle East. The channel expansion supports rising demand for deployable post-quantum cybersecurity solutions as government mandates and enterprise risk timelines accelerate. 

Furthermore, The Quantum Insider has declared 2026 as the Year of Quantum Security, “a coordinated, year-long global effort focused on post-quantum cryptography, quantum resilience, and the responsible protection of quantum technologies and the intellectual property that underpins them…as quantum systems move toward operational use.”  

Forward Edge-AI’s new partners include a joint venture in Japan, value-added resellers, systems integrators, managed security service providers, and regional distributors serving defense, critical infrastructure, telecommunications, healthcare, and industrial markets. Together, they extend Forward Edge-AI’s ability to deliver post-quantum protection at scale, particularly in environments where latency, operational continuity, and regulatory compliance are critical. Channel partners such as Accrete – its joint venture partner in Japan,Aspiration, Cubic, Lumen, Microsoft, Wisecube and others are servicing international government contracts, and customers in finance, healthcare, space, manufacturing, insurance and critical infrastructure. 

Channel Expansion Addresses Immediate Post-Quantum Readiness Gaps

The channel program is centered on Isidore Quantum®, Forward Edge-AI’s plug-and-play hardware-based post-quantum encryption platform designed to secure data in transit without requiring software rewrites, PKI dependencies, or network re-architecture. The platform is a zero trust, protocol-agnostic CNSA 2.0 compliant system designed to operate across legacy and modern environments, including operational technology and constrained networks. It has attracted many channel partners because it offers 60% less TCO than similar systems with attractive pricing models for the channel.  

As governments and regulators transition from planning to execution of post-quantum cryptography, many organizations lack the internal expertise and operational capacity to deploy new cryptographic infrastructure within tight timelines. Channel partners play a critical role in bridging that gap, providing implementation, integration, and managed services aligned with customer environments.

“Post-quantum security is a primary concern of myriad governments that understand the imminent threats,” said Eric Adolphe, CEO of Forward Edge-AI. “NIST has estimated that more than 20 billion quantum resistant devices need to be deployed by 2027. Organizations are being asked to act now, but most do not have the luxury of multi-year transformation programs. Our partners are essential to delivering solutions that work immediately at scale.”

Built for High-Assurance and Regulated Environments

Unlike software-only post-quantum approaches, Isidore Quantum is delivered as a deployable hardware platform designed for high-assurance use cases, including defense, critical infrastructure, and regulated enterprise environments. The system provides quantum-resistant protection for data in motion while maintaining operational transparency for existing applications and networks.

The Isidore platform has been validated through a combination of government-led testing, operational pilots, independent third-party evaluation, and formal certification milestones. This validation has been tested across defense, telecommunications, and enterprise pilots and is designed to meet stringent performance and reliability requirements, including low latency and silent operation. Its exportable design also enables deployment across international and coalition environments where traditional cryptographic solutions face regulatory or operational barriers.

For channel partners, Forward Edge-AI supports multiple go-to-market models, including resale, managed services, and integration into existing security offerings. The program includes technical onboarding, partner enablement, and direct engineering support to ensure operational readiness.

Positioning the Channel for the Quantum Transition

Forward Edge-AI expects continued growth in partner demand as post-quantum requirements increasingly influence cybersecurity procurement decisions across both public and private sectors. The company plans to onboard additional regional partners and enable them throughout 2026.

Leave a comment »

CloudSEK Report Reveals MuddyWater’s Shift to Advanced Rust-Based Cyber Espionage 

Posted in Commentary with tags on January 9, 2026 by itnerd

 A new threat intelligence report from CloudSEK has been published. Their research team has uncovered how the MuddyWater APT group—a known state-linked threat actor—has significantly evolved its attack tooling by deploying a new Rust-based implant, which we’ve named “RustyWater.”

The report details an ongoing spear-phishing campaign targeting government, diplomatic, telecom, financial, and maritime organisations across the Middle East. What makes this campaign noteworthy is the group’s move away from its traditional PowerShell and VBS-based tools to a more stealthy, modular, and resilient Rust implant that enables long-term persistence and low-noise espionage—making detection and response far more challenging for defenders.

They break down both the technical mechanics and the broader security implications in a way that highlights why this evolution matters, especially for organisations relying on conventional security controls.

You can read the full report here:
https://www.cloudsek.com/blog/reborn-in-rust-muddywater-evolves-tooling-with-rustywater-implant

Leave a comment »

The Vibe Coding Security Gap & The New SHIELD Framework From Unit 42

Posted in Commentary with tags on January 8, 2026 by itnerd

Today, Unit 42 released new analysis on vibe coding’s hidden security risks and threats. AI-assisted “vibe coding” has officially gone mainstream with 99% of organizations now using AI agents in software development (State of Cloud Security Report 2025). But while AI-assisted coding dramatically boosts speed and productivity, it is also generating insecure code faster than security teams can review or remediate it – introducing vulnerabilities, technical debt, and real-world breach risks at an unprecedented scale.

This is a serious problem and too many organizations are ignoring long-standing industry principles such as “least privilege,” sacrificing secure development standards for speed and functionality. To compound this, the rise of Citizen Developers who lack code review literacy is accelerating the deployment of insecure code and supply chain weaknesses are being introduced at worrying rates. 

To address this, Unit 42 is introducing the SHIELD framework to reintroduce secure design into AI-assisted coding.

Read the full analysis for more details.

Leave a comment »

2025 Saw New Highs for Credential Theft, Dark Web Centered on Commercial Exchange, Ransomware and Akira and More

Posted in Commentary with tags on January 8, 2026 by itnerd

According to a just-released report by threat intelligence company SOCRadar, 2025 saw:

  • New highs for credential theft with a total of 388 million credentials were stolen from the ten most affected platforms. Facebook accounted for 93 million records, followed by Google with 67 million and Roblox with 66 million.
    • Gaming platforms were hit especially hard. Roblox, Twitch, and Epic Games together accounted for around 100 million accounts.
  • Dark Web activity centered on commercial exchange with sales accounting for 59% of observed activity, while 33% involved sharing stolen data and Hack announcements are around 5%.
    • The US appeared in nearly 20% of all forum discussions, making it the most referenced country. Public Administration led sector discussions at 13%, followed by Information and Finance at around 10% each.
  • Ransomware Activity Spread Across Groups – Akira led with 8.4% of incidents, followed by Qilin at 7.3% and Cl0p at 5.8%. No group controlled a large share of the landscape.
    • The US saw 41% of all ransomware attacks, while the United Kingdom followed with 18%. Australia, Japan, and Canada completed the top five. English-speaking countries together accounted for more than 60% of reported cases.

What Do These Numbers Mean?

These developments form a connected chain. Credentials are stolen through malware. That access is sold on Dark Web forums. Ransomware groups purchase it and use it to launch attacks. This process creates various risks for organizations on multiple fronts. Employees are targeted first through personal or work accounts. Compromised credentials then become gateways to larger incidents.

The 388 million stolen credentials represent more than isolated breaches. They serve as entry points that enable broader and more damaging attacks.

The full report covers:

The 2025 End of Year Report expands on these findings, including:

  • Stealer log distribution
  • Dark Web activity
  • Ransomware threats
  • Global phishing activity
  • And a summary of the threat landscape in 2025

To view the full report, see this link End of The Year 2025 Cyber Analysis

Leave a comment »

NordPass launches Authenticator for personal accounts

Posted in Commentary with tags on January 8, 2026 by itnerd

NordPass simplifies secure logins by including Authenticator on multiple devices in the application for personal use. The time-based one-time password (TOTP) support enables users to add an extra layer of security to their accounts with two-factor authentication, without the need to download or install additional applications. Authentication codes are synchronized within the account, letting users access them on both the mobile app or browser extension.

NordPass Authenticator stands out in the market with an added biometric layer that protects verification codes. Unlike most authentication apps, which display codes as soon as a user logs in, NordPass Authenticator requires biometric verification before revealing the security code. This true second-factor approach enhances security without compromising the user experience. Business users have already been able to access NordPass Authenticator to secure their corporate accounts. Now NordPass Authenticator is available for Premium and Family plan users.

Moreover, users will benefit from autofilling TOTP codes on any devices. This solution will bring more convenience while logging in to banking, social media, and other high-security services, browsing in incognito mode or switching between devices. 

Additionally, sharing access to accounts protected by two-factor authentication is inconvenient and often insecure – people tend to send codes through chats or SMS, which puts their accounts at risk. Moreover, relying on SMS prompts increases vulnerability to manipulation by smishing. This lack of a simple, secure way to manage and share logins protected by second factor authentication makes everyday digital tasks complicated.

With the TOTP support, NordPass functions as an authentication tool, generating two-factor codes for any credential the user has configured. For each account with two-factor authentication enabled, the user must first add its TOTP setup key to the corresponding item in the vault. Once the secret key is added, NordPass will generate the time-based codes that could be used when the service prompts for them during login.

Leave a comment »

UK invests £210M on Action Plan to Strengthen Public Sector Cybersecurity & Software Supply Chain

Posted in Commentary with tags on January 7, 2026 by itnerd

The UK has unveiled the Government Cyber Action Plan, a key element of which is the creation of a new Government Cyber Unit which will coordinate cyber risk management, improve visibility of risks across government, and oversee incident response and recovery. The Plan is backed by £210 million in funding, aimed at strengthening cybersecurity and digital resilience across government departments and public services.

The Plan reads:  “To protect our critical national infrastructure, defend public institutions and maintain public confidence in essential public services, we must achieve a radical shift in approach and a step change in pace.” Its goals:

  1. Better visibility of cyber security and resilience risk
  2. Addressing severe and complex risks
  3. Improving responsiveness to fast moving events
  4. Rapidly increasing government-wide cyber resilience

The Cyber Unit will drive progress towards these strategic objectives by working with NCSC, departments, devolved governments, and suppliers, and will lead cross-government delivery in phases:

  • By April 2027 – build a new model for government cyber
  • By April 2029 – scale and leverage this new model
  • By April 2029 and beyond – use the model to continuously improve government-wide cyber security and resilience

The Action Plan is published alongside the Cyber Security and Resilience Bill which defines expectations for suppliers and organizations providing services to government, and includes initiatives like the Software Security Ambassador Scheme to strengthen the software supply chain. 

Here’s input from cybersecurity experts on the Action Plan.

Ted Miracco, CEO, Approov (UK mobile security expert):

    “The UK government is right to invest £210 million to fix the ‘fragile foundations’ of its legacy systems. However, the plan leaves blind spots as it pushes for faster and more accessible digital services without setting concrete, mandatory rules for mobile devices or the data connections (APIs) they rely on. Currently, this plan groups mobile security under a voluntary Software Security Code of Practice and general Secure by Design goals. This is risky as the government acknowledges that ‘generative AI’ is a top-tier threat, yet it hasn’t established specific defenses for the mobile interfaces that AI tools will inevitably target next.”

Michael Bell, CEO, Suzu Labs:

    “The UK government published a cyber strategy that names the problem. They explicitly acknowledge that government cyber risk is “critically high” and legacy systems “cannot be defended by modern cyber security measures.” The new Government Cyber Unit brings centralized coordination for risk management and incident response, which addresses the fragmented responsibility that has left departments making security decisions in isolation. The four-year implementation timeline is ambitious for government, but the phased approach is realistic. What matters now is execution, specifically whether departments actually replace legacy systems and implement the security controls the strategy mandates.”

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “The plan being proposed is timely given today’s cyber threat landscape. Heightening geopolitical tensions worldwide, combined with the rapid advancement of artificial intelligence, are materially changing both the volume and sophistication of cyber attacks.

   “Threat actors continue to operate with increasingly greater capabilities, in an increasingly structured and organized space. Initial access vendors and ransomware creators now go as far as offering 24/7 customer support.  This increasingly hostile environment has shifted cyber risk from a primarily technical concern that fell on IT, into a persistent strategic pressure on governments and societies.

   “The line between the public and private sectors is also increasingly thin. Essential public services depend heavily on privately operated companies, meaning failures in one domain quickly affect the other. Treating private sector cybersecurity as a national security concern is therefore both forward-thinking and prudent.”

Approaching cybersecurity in this manner is a great move. Hopefully this is announcement that has substance behind it rather than being an announcement for show.

Leave a comment »

Hisense Debuts 116UX and XR10, Advancing RGB Mini-LED into a New Era at CES 2026

Posted in Commentary on January 7, 2026 by itnerd

Hisense, a leading brand in global consumer electronics and home appliances, unveiled the 116UXS RGB Mini-LED TV and Laser Projector XR10 at CES 2026, placing display innovation at the centre of its global showcase and highlighting its latest breakthroughs in human-centric display technology.

As the originator of RGB Mini-LED technology, Hisense introduces RGB Mini-LED evo ­— a system-level evolution that advances beyond conventional parameter-driven upgrades toward fundamental innovation in backlight architecture. Building on the traditional red, green and blue backlight structure, RGB Mini-LED evo is the industry’s first to introduce a Sky Blue-Cyan fourth LED into the Mini-LED backlight system, completing one of the most commonly missing portions of the natural light spectrum. 

With the advanced 134-bit colour control and a colour coverage exceeding 110% of BT.2020, RGB Mini-LED evo enables more faithful reproduction of skies, water and cyan-green tones, and it also delivers professional-grade colour accuracy at approximately ΔE 0.6 through enhanced system-level colour calibration. Furthermore, its optimized light-source design reduces harmful blue light by up to 80 per cent, supporting a more comfortable and natural long-term viewing experience on ultra-large screens.

The 116UXS, the first product powered by RGB Mini-LED evo, represents a decisive shift toward structure-driven display innovation — placing colour fidelity, visual comfort and real viewing experience at the centre of next-generation large-screen television design. This is where extreme performance truly meets lasting comfort.

UR8 and UR9 are Hisense’s core RGB Mini-LED TV lineups, designed to bring true RGB Mini-LED performance to more consumers through mainstream pricing and the widest size coverage.

Building on this technology leadership, Hisense takes responsibility not only to lead the category, but to scale it. UR8 and UR9 deliver flagship-level picture fundamentals — true RGB Mini-LED and AI-driven colour and scene optimization — while extending accessibility across 55-inch to 100-inch sizes, making them the best RGB Mini-LED choice for the majority of households.

For ultra-large-screen home cinema scenarios, Hisense further extends its leadership through TriChroma laser technology. Making its global debut at CES 2026, the XR10 delivers cinematic-scale visuals with high brightness, rich colour expression and stable long-term performance, offering an immersive home theatre solution for projections up to 300 inches.

Together, RGB Mini-LED for ultra-large TVs and TriChroma Laser for home cinema projection define Hisense’s large-screen display strategy, addressing both premium living-room viewing and immersive cinematic experiences. Anchored by the debut of 116UXS and XR10, this approach brings the CES 2026 theme “Innovating a Brighter Life” to life through display innovation designed to feel more natural, comfortable and relevant in everyday use.

For more information, please visit hisense-canada.com.

Leave a comment »

Logitech Lets A Certificate Expire And Hoses macOS Users In The Process…. Cue The Outrage

Posted in Commentary with tags on January 7, 2026 by itnerd

Well, I would not want to be anyone who works for Logitech right now as macOS users are really mad at them at the moment. That’s because the company let a certificate expire. That in turn broke both its Logi Options+ and G HUB configuration apps for macOS. Which in turn locked users out of configuring their Logitech devices.

You can have a look at the Logitech subreddit for yourself where the rage was on display. But if anything deserves the #EpicFail hashtag applied to it, this certainly does.

Now the good news is that Logitech has released a patch that fixes this. And the company has admitted on Reddit that it dropped the ball. The latter is a good thing as I have seen many companies dodge responsibility when they screw up like this. But my question is if you are a Logitech user, are you good with this? Leave a comment below and share your thoughts.

Leave a comment »

Ridge Security Achieves ISO/IEC 27001 Certification

Posted in Commentary with tags on January 7, 2026 by itnerd

Ridge Security today announced that it has achieved ISO/IEC 27001 certification, the globally recognized standard for information security management systems (ISMS). The certification comes ahead of the company’s upcoming RidgeBot 6.0 platform release, which introduces enterprise-scale enhancements for AWS and Windows security validation.

ISO/IEC 27001 certification provides Ridge Security with a competitive advantage by meeting these rigid requirements, helping accelerate sales cycles and supporting expansion into new global markets. Achieving this certification validates Ridge Security’s commitment to safeguarding sensitive information, continuously improving its security posture, and operating with long-term resilience and accountability.

The new certification applies to all Ridge Security products, including the company’s flagship platform, the upcoming RidgeBot 6.0, a leading agentic AI-based adversarial risk validation platform that supports continuous threat exposure management programs. It is designed for continuous security validation and risk-based vulnerability management, scanning IT environments, discovering attack surfaces and validating weaknesses using real proof-of-concept exploits with zero false-positives.

Additionally, RidgeBot can safely simulate real-world adversarial attacks. RidgeBot 6.0 integrates with AI frameworks such as RidgeGen, enabling advanced capabilities including exploit chaining, contextual reasoning, PII detection, and detailed remediation guidance. These features allow enterprises to conduct frequent, scalable testing beyond traditional manual methods.

More information on RidgeBot 6.0 is available at https://ridgesecurity.ai/ridgebot/.

Leave a comment »

« Older Entries
Newer Entries »