Samsung Galaxy Z Fold7 Gains Nano Banana & VEO3 AI Integration

Posted in Commentary with tags on December 12, 2025 by itnerd

Samsung’s Galaxy Z Fold7 recently unlocked a major upgrade: seamless integration of Nano Banana and VEO3 AI features. The addition of these features brings an entirely new level of intelligence, personalization, and creative capability to the foldable experience.

With this collaboration, users get:

  • Video generation from text or images with VEO3
  • New generative features that let users create, edit, and transform content with Nano Banana
  • Smarter, faster on-device assistance with Google Gemini optimized for the Z Fold7’s dual-screen workflow.

Together, these features turn the Galaxy Z Fold7 into an ideal tool for content creators, multi-taskers and creatives alike.

Leave a comment »

2026 Industry Predictions from The Head of Information Security at Exclaimer 

Posted in Commentary with tags on December 12, 2025 by itnerd

Here’s some 2026 industry predictions from Karl Bagci, Head of Information Security at email signature management software provider, Exclaimer for your review. 

1. The major 2026 security shift most organizations aren’t prepared for

The biggest unacknowledged shift heading into 2026 is that the authentication layer is no longer the perimeter. Attackers aren’t breaking in, they’re logging in. Session hijacking, token theft, infostealer malware harvesting credentials at scale. Most organizations still treat successful authentication as proof of legitimacy. In 2026, that assumption will cost them. Continuous verification throughout a session, not just at login, is where we need to be and almost nobody’s there yet.

2. Where the shared responsibility model will fail next

The next fault line in the already strained shared-responsibility model will arise from AI features embedded in SaaS. Every vendor is bolting on AI capabilities, often using third-party models and often processing customer data in ways that aren’t transparent. The shared responsibility model assumes clear boundaries. AI blurs them completely. When your CRM’s AI assistant summarizes confidential deal notes and that data trains a model or leaks across tenants, whose responsibility is that? The contracts will say yours. The reality is you had no visibility or control.

3. How attacker behavior will escalate in 2026

The next evolution in attacker strategy will be AI-powered social engineering at scale. Today’s business email compromise (BEC) is still largely manual. Tomorrow’s is automated and personalized. AI scrapes LinkedIn, correlates with breached data, and generates contextually relevant messages for thousands of targets at once. Each one referencing real projects, real colleagues, real details. Attack quality goes up. Volume goes up. Current defenses are calibrated for neither.

4. Why compliance will have to extend beyond email

A major compliance shift is coming for regulated industries as regulators begin questioning why email is compliant, but other business channels are not. Organizations spent years building email retention, disclaimers, legal holds, and audit trails, then moved half their communication to Teams and Slack with none of that infrastructure. Financial services, legal, and healthcare all have strict requirements around communication records. The regulatory expectation is forming and extending compliance controls across all digital communication channels is no longer optional. I believe enforcement will follow.

Leave a comment »

TELUS partners with AMC-FNFAO and Ka Ni Kanichihk to bring essential connectivity to Indigenous women at risk in Manitoba

Posted in Commentary with tags on December 11, 2025 by itnerd

Today, TELUS announced the launch of its Mobility for Good for Indigenous Women at Risk program in Manitoba, in partnership with Assembly of Manitoba Chiefs – First Nations Family Advocate Office (AMC-FNFAO) and Ka Ni Kanichihk, providing wireless services to Indigenous women that may be at risk of or experiencing violence across the province. This partnership against gender-based violence aims to empower First Nations, Métis and Inuit women through access to free phones and wireless plans, helping them stay connected to their support networks, resources and emergency services. While First Nations, Métis and Inuit women and girls comprise only four per cent of the total female population in Canada, they represent 24 per cent of female homicide victims. According to the Native Women’s Association of Canada (NWAC), Manitoba has the third highest number of female homicides in Canada.

Developed in partnership with Indigenous-led organizations, Mobility for Good for Indigenous Women at Risk provides free smartphones and talk, text and data plans to Indigenous women, girls or gender diverse people, serving as a critical lifeline to Indigenous-led services and wellness resources. TELUS is proud to partner with the AMC-FNFAO and Ka Ni Kanichihk to expand this important program to Manitoba, furthering our commitment to serving at-risk Indigenous women and girls. 

AMC-FNFAO and Ka Ni Kanichihk have begun distributing smartphones and plans from TELUS to support Indigenous women in Manitoba who are at risk of or surviving violence. Since TELUS launched the program in 2021, more than 6,000 individuals have been supported through 39 partner organizations.  This program reflects TELUS’ longstanding commitment to strengthening relationships with Indigenous Peoples, including First Nations, Métis, and Inuit communities, acknowledging that our work spans many Traditional Territories and Treaty areas.

TELUS Mobility for Good for Indigenous Women at Risk is part of the TELUS Connecting for Good portfolio of programs that gives low-income seniors and families, youth aging out of care, and other individuals in need in Canada access to TELUS’ world-leading technology. To date, TELUS’ Connecting for Good and TELUS Wise programs have supported 1.5 million individuals. 

For more information on TELUS’ Reconciliation commitment, please visit telus.com/reconciliation.

Leave a comment »

Microsoft bounty program now includes any flaw impacting its services

Posted in Commentary with tags on December 11, 2025 by itnerd

 Microsoft today announced that it is expanding its bug bounty program to now include any flaw impacting its services, regardless of whether the code was written by Microsoft or not:

In an AI and cloud-first world, threat actors don’t limit themselves to specific products or services. They don’t care who owns the code they try to exploit. The same approach should apply to the security community who continue to partner with us to provide critical insights that help protect our customers.  

Security vulnerabilities often emerge at the seams where components interact or where dependencies are involved. We value research that takes this broader perspective, encompassing not only Microsoft infrastructure but also third-party dependencies, including commercial software and open-source components. 

Starting today, if a critical vulnerability has a direct and demonstrable impact to our online services, it’s eligible for a bounty award. Regardless of whether the code is owned and managed by Microsoft, a third-party, or is open source, we will do whatever it takes to remediate the issue. Our goal is to incentivize research on the highest risk areas, especially the areas that threat actors are most likely to exploit.  Where no bounty programs exists, we will recognize and award the diverse insights of the security research community wherever their expertise takes them. This includes domains and corporate infrastructure that are owned and managed by Microsoft.  

We call this approach In Scope by Default. It gives clarity to researchers and ensures that we incentivize responsible research wherever our customers may be impacted. Historically, our bounty program has had a defined scope for each eligible product or service. Our new approach expands the program to include all online services by default. It also means new services will be in scope as soon as they are released. 

 Martin Jartelius, AI Product Director at Outpost24 had this to say:

“For organizations that rely on bug bounty programs to keep themselves and their customers secure, this is an important step, as it focuses on the full attack surface of an organization. A very common mistake in security is the careless use of scope, or rather de-scoping, of what is included. As Mr. Gallagher notes, attackers do not care whether they gain access through ReactToShell or a novel vulnerability in Microsoft components. Microsoft will likely find itself paying out more bounties for a while, but the resulting security improvements will ultimately be a cost-efficient way to strengthen the organization’s overall security posture.”

This is a very good move by Microsoft as supply chain attacks are far more pervasive than they should be. Hopefully other vendors do something similar as this will make us all safer.

Leave a comment »

Kyndryl Unveils Quantum Safe Assessment Service 

Posted in Commentary with tags on December 11, 2025 by itnerd

Kyndryl today unveiled Kyndryl’s Quantum Safe Assessment service to help enterprises prepare for the emerging opportunities and security threats posed by quantum computing. The new service identifies and analyzes cryptographic risk exposure across an organization’s entire IT estate, creating a customized transformation roadmap to transition to quantum-safe security through post-quantum cryptography (PQC). This supports long-term data protection and regulatory requirements.

Kyndryl’s Quantum Safe Assessment service provides a comprehensive evaluation of an organization’s digital environment to advise, prepare, design and implement quantum-safe solutions. The assessment identifies crucial systems and third-party interfaces that are most at risk, including payment gateways, customer databases, cloud infrastructure and mainframe systems, and prioritizes them based on the sensitivity of data and timeline for quantum threats.

Kyndryl collaborates with organizations to advise them on how to define processes and adopt technologies that enable quantum-safe security. Following an initial assessment, Kyndryl Consult experts can work with organizations to create, implement and manage a clear quantum-safe strategy supported by a step-by-step roadmap and enhanced digital resilience. By improving resilience and agility, this approach makes quantum readiness more accessible to organizations at any stage of their quantum journey.

Key features and capabilities of the service include:

  • Encryption discovery: Identifies all encryption methods currently protecting services, applications, systems, networks and data layers across the enterprise by creating a Cryptographic Bill of Materials (CBOM) to understand where and how encryption is applied.
  • Risk-based classification: Evaluates which business services are most critical for protection and most vulnerable to quantum attacks based on data sensitivity and business impact.
  • Transformation roadmap: Develops a phased plan to transition to new quantum-resistant encryption standards and, ultimately, to full crypto agility.
  • Zero Trust integration: Integrates quantum readiness with Kyndryl’s Zero Trust Adoption Framework to strengthen secure identity, endpoint, network and data protection.

Despite the quantum-safe urgency, there is a significant awareness gap among customers. The 2025 Kyndryl Readiness Report found that only four percent of leaders believe quantum will be the technology with the greatest impact on their businesses in the next three years, underscoring the need for proactive preparation.

Learn more about Kyndryl’s security and resiliency services.

Leave a comment »

Sage recognized as a Leader in IDC MarketScape for AI-Enabled PSA ERP Applications

Posted in Commentary with tags on December 11, 2025 by itnerd

Sage has been named a Leader in the IDC MarketScape: Worldwide AI-Enabled PSA (Professional Services Automation) and ERP (Enterprise Resource Planning) Applications 2025–2026 Vendor Assessment . 

With AI adoption accelerating across finance and operations, organizations are looking for ways to reduce manual work and improve accuracy. Sage research shows that tasks like bank reconciliation and accessing financial insights remain time-intensive for many SMBs, with up to a quarter (24%) of workflow activities still completed manually. This is driving growing interest in AI tools that can remove admin and support faster, more confident decision-making.

These findings reinforce the growing demand for connected systems that bring Professional Services Automation (PSA) and Enterprise Resource Planning (ERP) together with AI built in – supporting faster, more efficient ways of working across both project delivery and financial management.

IDC MarketScape’s perspective on Sage
According to the IDC MarketScape, “Sage Intacct’s AI strategy spans PSA and ERP together, bringing more capabilities and functionalities. With AI enabled all along the life-cycle journey, it also incorporates intelligent time and GL anomaly detection and has an optional project intelligence for proactive portfolio health and margin analytics.”

A future driven with Agents

Sage continues to enhance its AI capabilities with a growing network of agents designed to automate routine work across finance and operations. These include agents that support close management, accounts payable, time capture and assurance, alongside the recently introduced Finance Intelligence Agent, which helps teams surface insights more quickly and act with greater confidence. 

Together, these agentic capabilities strengthen Sage Intacct’s focus on reducing admin, improving accuracy and supporting high-performance finance teams.

To find out more about Sage Intacct, click here

Leave a comment »

Akira Ransomware: Stats on Attacks, Ransoms, & Data Breaches 

Posted in Commentary with tags on December 11, 2025 by itnerd

Today, Comparitech researchers have published an in-depth study looking at the Akira ransomware gang. 

According to the findings, Akira claimed responsibility for 683 ransomware attacks this year so far. This puts it just behind Qilin (864 attacks) in terms of gang dominance. Additionally, the number of attacks in 2025 so far is already double Akira’s attack number in 2024 — 272. 

From these numbers, this research breaks down Akira ransomware attacks by sector and industry (government, healthcare, manufacturing, education, etc.), its most targeted countries, as well as its largest ransomware demands. 

Rebecca Moody, Head of Data Research at Comparitech, said: 

“If this report shows us anything about ransomware groups as a whole, it’s that they’re constantly adapting and evolving in a bid to carry out as many lucrative hacks as they can. Like many other gangs, Akira’s focus has shifted toward the manufacturing sector with manufacturers accounting for 27% of Akira’s attacks in 2025 so far. While system encryption remains key in these attacks, data theft is also present in the majority of cases. Manufacturers can ill afford downtime, which boosts a gang’s chance of receiving a payment for the decryption key but, to double-up their chances of getting a payout, gangs will also steal as much data as possible. 

Manufacturers might not be in possession of as much sensitive personal data as healthcare providers, for example, but they will often have documents that, if leaked, could have severe consequences. For example, if a new concept or design is released, it may give competitors an advantage. Or, if the manufacturer works with government agencies or defense companies, certain documents in the wrong hands could be catastrophic.”

For full details, the in-depth report can be read here: https://www.comparitech.com/news/akira-ransomware-stats-on-attacks-ransoms-data-breaches/

Leave a comment »

2026 Predictions for Document Management and AI From Foxit

Posted in Commentary with tags on December 11, 2025 by itnerd

Today I am sharing insights from DeeDee Kato, VP of Corporate Marketing at Foxit, on how document management is expected to evolve into a unified, secure ecosystem driven by advancements in AI.

Documents are the engine of modern business. They drive decisions, connect people, and capture the commitments that move organizations forward. Yet many companies still rely on fragmented tools that separate editing, signing, and storage. The result is slower progress, version confusion, and greater exposure of sensitive information to risk. The need for a more integrated, intelligent approach to document management has never been more urgent.

AI is accelerating this shift, acting as both a catalyst for transformation and a test of organization readiness. Forward-looking leaders are rethinking how information moves across their enterprises, embedding AI throughout the entire document lifecycle to turn static repositories into intelligent, connected systems. While executives are driving adoption, many end users remain hesitant. The question is no longer what AI can do–it is whether people can trust it to do it well. Ongoing concerns about data privacy, accuracy, and security continue to slow confidence across the enterprise. 

By 2026, document management will evolve into one intelligent, secure ecosystem where every step of the journey is seamlessly connected. Work will move seamlessly from creation to completion within a single, trusted system. These environments will bring structure and transparency to information management, enabling teams to accelerate their workflow while maximizing value and maintaining the highest standards of enterprise security and compliance. In the next phase, digital trust will emerge as a defining factor of success. Organizations that build clear, explainable AI into their document ecosystems will gain  the speed, clarity, and credibility needed to thrive in a world where trust has become the ultimate competitive advantage.

Leave a comment »

Malware in Motion: Animated Lures Trick Users into Infecting Their PCs

Posted in Commentary with tags on December 11, 2025 by itnerd

HP today issued its latest Threat Insights Report, revealing how attackers are refining campaigns with professional-looking animations and purchasable malware services. HP Threat Researchers warn that these campaigns mix convincing visuals, well known hosting platforms like Discord, and regularly updated malware kits to evade detection by users and detection tools. The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security, notable campaigns identified by the HP Threat Research Team include:

  • DLL sideloading slips past endpoint security scanners: Attackers impersonating the Colombian Prosecutor’s Office emailed fake legal warnings to targets. The lure directs users to a fake government website, which displays a slick auto-scroll animation guiding targets to a “one-time password”, tricking them into opening the malicious password-protected archive file.
    • The file – once opened – launches a folder that includes a hidden, maliciously modified dynamic link library (DLL). This installs PureRAT malware in the background, giving attackers full control of a victim’s device. The samples were highly evasive. On average, only 4 per cent of related samples were detected by anti-virus tools.
  • Fake Adobe update installs remote access tool: A fake Adobe-branded PDF redirects users to a fraudulent site that pretends to update their PDF reader software. A staged animation shows a spoofed installation bar that mimics Adobe. This tricks users into downloading a modified ScreenConnect executable – a legitimate remote access tool – which connects back to attacker-controlled servers, so they can hijack the compromised device.
  • Discord malware dodges Windows 11 defences: Threat actors hosted their payload on Discord to avoid building their own infrastructure and piggybacked off the positive domain reputation of Discord. Before deployment, the malware patches Windows 11’s Memory Integrity protection to bypass this security feature. The infection chain then delivers Phantom Stealer, a subscription-based infostealer sold on the hacking marketplaces with ready-made credential and financial theft features that update frequently to evade modern security tools.

Alongside the report, the HP Threat Research Team has published a blog analyzing the threat of session cookie hijacking attacks, the use of stolen credentials in intrusions and the proliferation of infostealer malware. Rather than stealing passwords or bypassing multi-factor authentication (MFA), attackers are hijacking the cookies that prove a user is already logged in, giving them instant access to sensitive systems. HP analysis of publicly reported attack data found that over half (57%) of the top malware families in Q3 2025 were information stealers, a type of malware that typically has cookie theft capabilities.By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches.The report, which examines data from July – September 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as:

  • At least 11% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
  • Archive files were the most popular delivery type (45%), seeing a 5% point rise over Q2, with attackers increasingly using malicious .tar and .z archive files to target users.
  • In Q3, 11% of threats stopped by HP Wolf Security were PDF files, growing 3% points over the previous quarter.

Please visit the Threat Research blog to view the report.

Leave a comment »

SandboxAQ and DoW CIO Partner to Strengthen U.S. Defenses Against Quantum and AI-Driven Cyber Threats

Posted in Commentary with tags on December 10, 2025 by itnerd

SandboxAQ is providing its technology and expertise to the Department of War (DoW) Chief Information Officer (CIO) to accelerate the discovery and inventory of cryptographic assets within the DoW’s environment. This is a foundational step for a managed transition to post-quantum cryptography (PQC) and supports overall cyber readiness.

Building on SandboxAQ’s successful demonstration of its advanced capabilities in quantum-resistant cryptography during a prototype project with DISA Emerging Technology’s QRC PKI program, the DoW CIO is now leveraging the company’s AQtive Guard platform for comprehensive, automated cryptographic discovery and inventory (ACDI) across its systems. This strategic move comes as organizations face increasing pressure to modernize their cybersecurity infrastructure in the face of sophisticated AI-powered attacks, a proliferation of non-human identities, and the looming threat of quantum computing. With Gartner warning that “quantum computing will render traditional cryptography unsafe by 2029,” migrating to PQC is a crucial step that agencies must urgently take as part of a broader modernization effort to secure critical systems.

AQtive Guard provides a centralized platform for managing cryptographic security, empowering organizations to efficiently discover and inventory cryptographic assets and dependencies within their environment. This agreement paves the way for other DoW agencies to access and implement AQtive Guard, enabling a foundational understanding of their cryptographic footprint across the department. AQtive Guard provides agencies with continuous visibility into cryptographic assets, enabling them to anticipate and counter emerging threats as AI adoption accelerates and systems increase in complexity.

Visit the website to learn more about SandboxAQ or book a demo here.

Leave a comment »

« Older Entries
Newer Entries »