Nikon Releases New Firmware Update 5.30 for Z 9 Flagship Professional Mirrorless Camera

Posted in Commentary with tags on December 16, 2025 by itnerd

Today, Nikon Canada Inc. is pleased to announce the release of firmware version 5.3 for the full-frame/FX-format flagship mirrorless camera, the Nikon Z 9. This free firmware is now available for download and adds improvements across the board to further enhance the capabilities of Nikon’s top-of-the-line mirrorless camera.

The new firmware adds multiple focus enhancements, starting with a significant improvement in subject acquisition, tracking and stability for fast-moving subjects such as athletes. The advanced subject detection created with Nikon’s deep learning technology now works in other focus modes, making it easier to track the intended subject reliably in either single point or dynamic AF modes. Subject detection can now quickly be toggled on/off using a custom function button, if desired. The firmware also adds a new in-camera focus limiter, which allows the user to restrict the focus range to specific distances.

Improvements have also been made in the Auto Capture function, with a new AF standby position, and other operability and performance updates like face detection. The Z 9 now gives users the ultimate and most intelligent remote camera setup, without the need for any third-party triggering devices. This offers an extreme advantage for those shooting wildlife or professional sports with limited access.

Firmware version 5.3 adds support for Flexible Colour Picture Control that allows users to easily craft their own unique looks using NX Studio, Nikon’s image browsing, processing, and editing desktop software. This new feature offers greater creative freedom by enabling intuitive adjustments to parameters such as colour hue, brightness, and contrast using tools like Colour Blender and Colour Grading. Settings configured in NX Studio can then be saved to a memory card and loaded onto the camera as Custom Picture Controls for shooting.

These settings are reflected in the live view display, allowing users to preview results in real time, reducing the need for post-processing.

Additional Improvements to Operability and Functionality

  • Focusing is now possible with the maximum aperture in live view.
  • A magnification option of [400%] has been added to [Zoom on/off] available for Custom Settings.
  • Use of an external microphone (wired/wireless) is now possible when recording voice memos.
  • Extended the dimensions of focus areas available with [Wide-area AF (C1)] and [Wide-area AF (C2)] AF-area modes.
  • Added [Flat Monochrome] and [Deep Tone Monochrome] Picture Controls. 
  • Added [USB streaming (UVC/UAC)] to [USB] in the [NETWORK MENU]. 
  • Changed the specifications for uninterrupted video output to HDMI devices such as external monitors when recording ended.
  • The headphone volume level can now be adjusted in the “i” menu during video recording.

Z 9 owners can visit the Nikon download centre to get the new firmware for free. Nikon will continuously meet users’ needs through firmware updates that expand the functionality of its cameras.

Leave a comment »

New SantaStealer malware steals data from browsers, crypto wallets 

Posted in Commentary with tags on December 16, 2025 by itnerd

Santa apparently doesn’t just bring presents. I say that because a new malware-as-a-service information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.

Commenting on this is Ensar Seker, CISO at SOCRadar:

“SantaStealer is another reminder of how the threat landscape is evolving into a criminal SaaS economy. What’s particularly concerning is the move toward memory-only operations; this significantly lowers the detection footprint, bypassing traditional AV and EDR tools. The pricing tiers and marketing model mimic legitimate software services, further lowering the barrier to entry for cybercriminals. Attribution to a Russian-speaking developer, rebranding from BluelineStealer, and the use of Telegram for distribution all point to an increasingly professionalized cybercrime ecosystem. Organizations should prioritize behavioral monitoring and memory analysis as part of their defense-in-depth strategy.”

This is yet another case of the bad guys evolving faster than the good guys being able to keep up. That’s something that needs to change, and quickly.

Leave a comment »

RegScale Donates Open-Source OSCAL Hub to the OSCAL Foundation

Posted in Commentary with tags on December 16, 2025 by itnerd

 RegScale, the leader in Continuous Controls Monitoring (CCM), today launched the OSCAL Hub, an open-source industry platform that will help accelerate the approval of security authorizations (Authority to Operate (ATO) for government regulators, federal agencies, cloud service providers, and other organizations using the Open Security Controls Assessment Language (OSCAL) standardized framework for information systems. The OSCAL Hub was unveiled this week at OSCAL Plugfest, a hands-on event bringing together OSCAL practitioners, industry, regulators, and the broader community to collaborate on real-world technical challenges and workstreams.  

Federal agencies and contractors spend thousands of hours on manual compliance work. As cyber threats to national security escalate in speed and sophistication, the need to automate cybersecurity risk management has become a priority across the public and private sectors to speed innovative technology solutions into production to support government missions and citizen services.  

To meet this mission need, the OSCAL Hub was created as a free, open-source, and comprehensive platform for security compliance teams working with OSCAL documents. It enables government regulators and any Authorizing Officials to review and approve packages, and industry technology providers to submit their Risk Management Framework (RMF) documents in an OSCAL format—resulting in up to 85 percent time savings, due to machine-readable artifacts that can be reviewed and audited with automated approaches. 

RegScale also announced today that it is donating the OSCAL Hub source code as both free and open source to the OSCAL Foundation to advance the use of the application in the community, across both commercial and federal applications.  

The OSCAL Hub features templates and visual tools and can be run as a modern web application for supporting simple, rapid, and robust authorization processes and content sharing.  It can be deployed to Google Cloud, Azure, AWS, locally, or even as a command line tool inside of customer data pipelines. The OSCAL Hub allows: 

  • Federal Agencies to maintain RMF packages and their associated ATOs 
  • Technology vendors to share component definitions for easy ingestion into their OSCAL tooling 
  • Regulators to publish and share OSCAL catalogs and profiles that can serve as a foundation for modern GRC tooling 
  • Security Engineers to validate OSCAL in CI/CD pipelines, convert between formats automatically, and integrate into workflows via REST APIs 
  • AOs to review validated packages and track conditions of approval and Plans of Action and Milestones (POAMs) over time 

Learn more about the OSCAL Hub here or access the Hub in this link.  

Leave a comment »

ESET Threat Report: AI-driven attacks on the rise; NFC threats increase and evolve in sophistication

Posted in Commentary with tags on December 16, 2025 by itnerd

ESET Research has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from June through November 2025.  AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock – the first known AI-driven ransomware, capable of generating malicious scripts on the fly. While AI is still mainly used for crafting convincing phishing and scam content, PromptLock – and the handful of other AI-driven threats identified to this day – signal a new era of threats. 

On the ransomware scene, victim numbers surpassed 2024 totals well before year’s end, with ESET Research projections pointing to a 40% year-over-year increase. Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer Warlock introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators.

On the mobile platform, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemetry and several notable upgrades and campaigns observed in H2 2025. NGate  – a pioneer among NFC threats, first discovered by ESET– received an upgrade in the form of contact stealing, likely laying the groundwork for future attacks. RatOn, entirely new malware on the NFC fraud scene, brought a rare fusion of remote access trojan (RAT) capabilities and NFC relay attacks, showing cybercriminals’ determination to pursue new attack avenues. RatOn was distributed through fake Google Play pages and ads mimicking an adult version of TikTok, and a digital bank ID service.  PhantomCard – new NGate-based malware adapted to the Brazilian market – was seen in multiple campaigns in Brazil in H2 2025.

Furthermore, after its global disruption in May, the Lumma Stealer infostealer managed to briefly resurface – twice – but its glory days are most likely over. Detections plummeted by 86% in H2 2025 compared to the first half of the year, and a significant distribution vector of Lumma Stealer – the HTML/FakeCaptcha trojan, used in ClickFix attacks – nearly vanished from ESET telemetry.

Meanwhile, CloudEyE, also known as GuLoader, surged into prominence, skyrocketing almost thirtyfold according to ESET telemetry. Distributed via malicious email campaigns, this malware-as-a-service downloader and cryptor is used to deploy other malware, including ransomware, as well as infostealer juggernauts such as Rescoms, Formbook, and Agent Tesla. Poland was most affected by this threat, with 32% of CloudEyE attack attempts in H2 2025 detected here.

For more information, check out the ESET Threat Report H2 2025 on WeLiveSecurity.com

Leave a comment »

Guest Post –  From Autonomous AI to Personal Health Data Snatching: Cyber Threats That Will Define 2026

Posted in Commentary with tags on December 16, 2025 by itnerd

This year, even the biggest corporations and governmental institutions, including the US, were not immune to hacks. According to Cyble’s latest Global Cybersecurity Report 2025, almost 15,000 incidents related to data breaches and leaks were reported.

2026 will be marked with even more breaches, as AI tools enable hackers to target thousands with a single click, cybersecurity experts warn.

​Looking back in 2025, one of the biggest hacks happened to the Australian airline Quantas. Hackers exposed data of 5 million customers, including names, birth dates, email addresses, and a few months ago started selling it on the dark web. There were many more similar cases involving companies like Oracle, Volvo, and SK Telecom, which led to data leaks or frozen business operations.

​In the summer, security researchers uncovered the biggest data breach in history that exposed 16 billion passwords, including those from Apple, Facebook, Google, Telegram, and many more. Some attacks affected governmental institutions, where, recently, the US Congressional Budget Office was hacked. According to Cyble’s report, government institutions were the Top 3 in the overall threat activity.

​Cybercriminals also targeted users directly. Recently, more than 120,000 cameras were hacked for so-called “sexploitation” footage in South Korea.

​According to experts at Planet VPN, a free virtual private network (VPN) provider, this year, a significant portion of attacks were amplified by AI tools. Konstantin Levinzon, co-founder and CEO of the company, says this trend will pose even bigger risks in 2026.

​”Even though AI improves our daily lives and strengthens cybersecurity, it is also widely used by hackers. Now, even those without technical expertise can buy tools on the dark web that target thousands of users with a single click. The rise of AI-powered tools will amplify all kinds of attacks, including phishing scams, ransomware, and exploiting vulnerabilities, and can even create attacks on its own,” Levinzon says.

Prediction 1: AI cybercriminals

Up until now, AI has been just a tool for cybercriminals, allowing them to organise and speed up attacks, he says. However, with rising agentic AI capabilities, AI will inevitably start attacking autonomously.

In its recent report, Anthropic has already described a hacking campaign that carried out around 80-90% part of the operation on its own using the company’s Claude tools.

“AI tools will scan for weaknesses and exploit zero-day flaws – security gaps that are unknown to vendors – without a human touching a keyboard. As our homes, workplaces, and infrastructure are increasingly run by AI, any security gap becomes a potential attack vector. We will almost certainly see such autonomous attacks next year,” Levinzon says.

Prediction 2: Hyper-realistic deepfakes

Deepfakes – AI-generated fake videos, audio files, or images used to impersonate people – are becoming a headache for banks and other businesses, as they allow bypassing online verification. Recently, an insurance company, sensing a lucrative opportunity, even started offering coverage for incidents where AI deepfakes cause reputational harm for companies.

Individual users are also at risk, Levinzon emphasizes. The FBI has recently warned users that criminals are generating fake images of kidnapping and using them for scams. According to Levinzon, the real rising threat is fake video-generated content.

“In 2025, video generators such as OpenAI’s Sora showed how easy it is to create highly realistic videos, and cybercriminals will use them to their advantage. As a result, banks and other financial institutions will likely take precautions to enhance their security measures to protect video verification processes. Regulations will likely follow quickly. For users, this may mean additional steps to confirm their identity,” he says.

Prediction 3: Digital body snatching

​Millions of smartwatches, rings, AI wearables, and even new mattresses come equipped with large amounts of sensors that collect everything – from your location, to heart rate data, and stress levels. As the number of these sensors increases, they become attractive targets for cybercriminals, experts say.

​According to Levinzon, once hackers get access to a smartwatch or any device, they can exfiltrate data easily, especially if the devices are not purely secured. Such data can also be gathered via cloud or app data leaks, exploiting Bluetooth attacks, and more.

​”Potential wearable hacks, deepfakes, and autonomous AI systems mean that next year, users will need to take extra steps and security measures. Aside from staying vigilant, we also recommend enabling two-factor authentication, updating software regularly, and using a VPN, which adds an essential layer of defence against hackers,” Levinzon says.

Leave a comment »

kini mobile partners with TELUS to launch Pinoy Plans for Filipino-Canadian market

Posted in Commentary with tags on December 16, 2025 by itnerd

kini mobile has partnered with TELUS to launch Made for Pinoys, new 5G-powered prepaid mobile plans for the Filipino-Canadian market. Built on TELUS’ award-winning 5G network, these cost effective plans allow customers to maintain both Philippine and Canadian mobile services on a single device, while addressing the unique connectivity needs of Filipino residents, international students, temporary foreign workers and  travelers who spend time in both countries.

Built around the everyday needs of Filipinos who work, live, study or travel in Canada, the plans help kababayans stay closely connected to home with family and friends, giving them a sense of home while building their lives in Canada. 

The prepaid kini Pinoy Plans offer full control with no contracts, credit checks, or billing surprises. Key features include:

  • 1 plan, 2 numbers: Maintain both Philippine and Canadian numbers
  • Free international calls and texts: International long distance calls to 20 destinations including the Philippines, plus unlimited SMS/MMS
  • GCash cashbacks: Earn GCash cashback every time when you hit the spending goal
  • Data appreciation rewards: Bonus data and exclusive perks for loyal customers
  • Pinoy customer support: Filipino representatives who understand your needs

The kini Pinoy Plans powered by TELUS are now available as both eSIM and Physical SIM through kini mobile’s retail locations in Canada, www.kinimobile.com, and with its partner agencies and retailers in the Philippines. 

Leave a comment »

700Credit data breach impacts 5.8 million vehicle dealership customers

Posted in Commentary with tags on December 16, 2025 by itnerd

700Credit, a U.S.-based financial services and fintech company, will begin to notify more than 5.8 million people that their personal information has been exposed in a data breach incident. The data breach occurred after a threat actor breached a third-party API. 

Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say: 

“Car dealerships collect a lot of sensitive personal information when someone buys a car, especially if they finance it.  In the wrong hands, that info could easily be used to open up other lines of credit in car buyers’ names. Sign up for the free credit monitoring that 700Credit is offering and keep an eye on your credit report to be safe.

What’s notable is that 700Credit says this attack occurred through one of its partners, which had access to an API that granted access to customer info. This underlines why vendors like 700Credit can’t take security for granted even when dealing with its own customers. If one of those customers is compromised, they shouldn’t be able to access data from other client accounts as hackers did in this attack.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy adds this:

“Any individuals affected by the breach need to stay alert for any new accounts being opened up in their name. The information stolen includes four of the basic bits of information you need to open a new account. If at all possible, I would definitely take advantage of the credit monitoring and identity protection being offered to victims.”

This highlights the threat posed by supply chain attacks. Because the bad guys don’t have to pwn you directly in order for you to get pwned.

1 Comment »

Critical Local Privilege Escalation Uncovered in JumpCloud Agent

Posted in Commentary with tags on December 16, 2025 by itnerd

Researchers have uncovered a critical vulnerability in the JumpCloud Remote Assist for Windows agent that allows low-privileged local users to exploit insecure file operations—arbitrary file write/delete—performed by the agent running as NT AUTHORITY\SYSTEM within the user’s temporary directory. This vulnerability is immediately exploitable to achieve Local Privilege Escalation (LPE) or cause a Denial of Service (DoS).

More details can be found here: https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-34352-in-jumpcloud-agent/

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This vulnerability is “eye candy” for threat actors as it offers an approach to obtain privileged access over MS Windows devices at scale covering over 180,000 enterprises. Threat actors prefer to use privileged access capabilities, given the flexibility for using administrative access to change system configurations and monetize the data harvested with a low probability of detection. 

Enterprises have an opportunity to upgrade their privileged user management (PAM) system capabilities beyond password vaulting to include continuous validation of activity compared with an established pattern that operates in real time. Continuous validation capabilities can be built or bought as products today. Most PAM providers don’t offer continuous validation yet, but will in the near future. A mature PAM capability will reduce the risk of this threat tactic and vulnerability having a significant impact on an enterprise.” 

This highlights the need to keep up with threats like these. Because until a PAM solution does some sort of continuous validation that can be trusted, humans will have to make sure that this isn’t an avenue that the bad guys can use to get into an organization.

Leave a comment »

Safe Software recognized as Niche Player in 2025 Gartner Magic Quadrant

Posted in Commentary with tags on December 15, 2025 by itnerd

Safe Software has once again been recognized in the 2025 Gartner® Magic Quadrant™ for Data Integration Tools, marking the sixth consecutive year the company has been included in this prestigious report.

Safe Software’s FME Platform has evolved well beyond its geospatial roots to become the only All-Data, Any-AI Integration Platform, empowering organizations worldwide to connect all data, applications, and AI technologies anywhere, at any scale, and with complete flexibility.

With a community of more than 200,000 enthusiastic users and 25,000+ organizations in over 125 countries, FME continues to redefine data integration by delivering a no-code enterprise solution that unifies data movement, automation, and AI connectivity.

Safe Software continues to set itself apart through its customer-obsessed approach, ongoing investment in innovation, and commitment to freedom of choice, whether deploying on-premises, in the cloud, or both. The company’s vision of empowering users to harness data for smarter, faster decisions remains at the heart of its success.

To learn more about how the FME Platform can elevate your business with seamless data and AI integration, visit fme.safe.com.

Read the full 2025 Gartner® Magic Quadrant™ for Data Integration Tools report here.

Leave a comment »

Peel Offers Up Some Gift Ideas For iPhone And Apple Watch Users

Posted in Commentary with tags on December 15, 2025 by itnerd

Here’s some gift ideas from Peel who make what the company says are the world’s thinnest phone cases and accessories for minimalists.

iPhone Cases

iPhone 17 Pro Super Thin Case 

Stay sleek and effortlessly functional with our Original Super Thin Case. Engineered at only 0.02 inches thin for an almost invisible look & feel.

iPhone 17 Pro Magnetic Case 

MagSafe-ready from the inside out, with Peel’s signature slim silhouette.

iPhone 17 Pro Active Case

Protection that respects your phone’s design – Peel’s Active Case shields your device without stealing the spotlight.

Chargers + Portable Monitor:

Qi2 3-in-1 Folding Wireless Charging Stand

The Qi2 3-in-1 Wireless Charging Stand charges your iPhone, earbuds, and Apple Watch simultaneously with one power source. Compact, collapsible, and lightweight design for easy travel and desk organization.

Thin 5,000mAh Wireless Charging Power Bank

The Thin Wireless Charging Power Bank keeps your phone sleek and lightweight, making it easy to hold while on the go. The extra strong magnetic grip ensures an optimal charge and secure attachment to your phone for worry-free power.

Thin Wall Charger

Whether you’re a frequent traveler or just need a reliable charger that doesn’t take up space, and has a minimalist design, this charger is designed to meet your fast charging needs.

Apple Watch Charger

Housed in durable aluminum with sleek rounded corners, this thin and lightweight Apple Watch Charger magnetically charges your Apple Watch with 3W of power.

16″ Portable Monitor

Experience unparalleled versatility with CODi’s 16-inch portable monitor. Perfect for on-the-go professionals, this sleek and lightweight display offers stunning resolution, seamless connectivity, and an ultra-thin design.

Leave a comment »

« Older Entries
Newer Entries »