Hisense Tops Global 100-Inch and Laser TV Markets in Q3 2025

Posted in Commentary with tags on December 9, 2025 by itnerd

Hisense has once again ranked No.1 globally in the 100-inch and over TV segment with a 56.6 per cent shipment share, and in the Laser TV segment with a 68.9 per cent shipment share in Q3 2025, according to the latest data released by Omdia. The result reaffirms Hisense’s industry leadership driven by continuous innovation and a deep understanding of consumer needs.

As the originator of RGB Mini-LED technology, Hisense continues to set new standards in large-screen display technology. Backed by strong independent R&D, Hisense’s RGB Mini-LED technology delivers authentic, vivid colour like never before — powered by extraordinary brightness and precision that brings every scene to life with stunning realism and emotional depth. These innovations go beyond colour and picture quality — making technology more human, turning every moment of watching, sharing and relaxing into a richer, more emotionally connected experience for families around the world.

Hisense continues to lead the Laser TV market — as proven by the latest 2025 UST Projector Showdown results. The Hisense L9Q took the top spot across Mixed Room Use, Dedicated Theatre, and Overall Picture Quality, while the PX3-PRO was awarded No. 1 Best Value Pick and also ranked highly in picture performance.

With a collaboration with Devialet, the L9Q offers a deluxe home cinema experience with up to a 200-inch projection, 5,000 ANSI lumens, a 5,000:1 contrast ratio and IMAX Enhanced and Dolby Vision certifications — truly bringing the theatre home.

From technology to market, Hisense continues to lead the industry’s evolution toward higher quality and greater innovation. By mastering core technologies and transforming them into products that elevate global home entertainment standards, Hisense is not only shaping what people watch — but also how the world envisions the future of display.

For more information, please visit hisense-canada.com.

Leave a comment »

Guest Post – Betrayal by employees: Dark web cybercriminals selling services built on insider data

Posted in Commentary with tags on December 9, 2025 by itnerd

New findings from the dark web reveal that cybercriminals are selling insider data-backed services

Malicious employees, also known as insider threats, can cause significant harm to businesses by leaking or selling sensitive data, altering systems, or collaborating with cybercriminals to launch large-scale cyberattacks. New findings from NordStellar, a threat exposure management platform, reveal that bad actors are now advertising and selling insider data-backed services on the dark web — profiting from employees of industry giants who have decided to go rogue.

The team at NordStellar has found 35 dark web posts claiming to sell services based on insider data so far this year. Some of the services for sale on the dark web claim to have direct connections to insiders from such well-known companies as Facebook, Instagram, and Amazon.

“The majority of the posts discovered by NordStellar’s team offer various look-up services, exposing sensitive user information, such as IP addresses,  full names, email addresses, phone numbers, and even physical addresses,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Aside from violating the user’s privacy, this information can be used to launch highly targeted phishing scams or to commit fraud — or even identity theft.”

The posts reveal that look-up services can start at $500, offering the user’s phone number and linked email address. Advanced packages, which contain even more sensitive user information, such as IP addresses, physical addresses, date of birth, and other confidential details, can be purchased for $1,000 or more.

“Other popular services include account recovery and unbanning. The former can be especially damaging to the brand because users are often banned for violating the company’s policies or engaging in fraudulent activity,” says Noreika. “As a result, individuals who have been using the company’s services for scams can continue to do so, acquiring more victims and damaging the brand’s reputation in the process.”

Spotting and stopping insider threats

Noreika explains that insider threats are complex, and to safeguard against malicious employees, companies must have a comprehensive cybersecurity strategy in place. He emphasizes high observability and behavioural analysis as the two main pillars for resilience.

“The first key step is to ensure high observability into user actions — once security teams achieve visibility, they can look for anomalies in employee behavior, triggering the first alarms about potential malicious activity,” Noreika says. “Security teams should assess whether there’s any potentially dangerous patterns in activity, for example, if a user is accessing sensitive information without justification or if there are any signs of them exfiltrating that information to external sources, like their own personal devices, accounts, or third parties.”

He underscores the importance of proper network segmentation and the principle of least privilege in general to prevent users from accessing sensitive information that isn’t necessary for their work. According to Noreika, to prevent employees from sharing and downloading unauthorized files, data loss prevention tools are also required.

“Consistent monitoring is another key asset — if prior security measures failed to stop the user from retrieving and exfiltrating the data, it’s crucial to mitigate the threat before it can escalate further,” says Noreika. “Monitoring the dark web for posts mentioning the company, especially those claiming to sell services fueled by insider data, should be prioritized. Once the potential threat is spotted, security teams can inspect its validity and, if the claims turn out to be legitimate, stop the employee from doing further damage and inform affected users to be on high alert before cybercriminals can deploy their attacks.”

To effectively mitigate the damage inflicted by malicious insiders, Noreika advises companies to prepare an incident response plan in advance. The plan should outline the detection and investigation process, as well as the steps for containing the threat, eradicating the user’s access to company data and recovering systems if attackers compromise them in the process.

ABOUT NORDSTELLAR

NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. It includes solutions like dark web and data breach monitoring, helping to prevent account takeovers, session hijacking, and other threats. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com

Leave a comment »

New research breaks down where the OWASP LLM Top Ten Risks actually shows up in real architectures

Posted in Commentary with tags on December 9, 2025 by itnerd

As we’re seeing, security leaders are rapidly embedding LLMs into core product paths that read customer data, execute tools, write code, trigger workflows, and work inside real environments. But it’s becoming clear that the industry is still relying on outdated security measures to protect against a whole new set of risks. 

DryRun Security analyzed where each OWASP LLM Top Ten risk shows up in real applications, not just conceptually. The findings revealed a critical blind spot: traditional AppSec scanners fail to detect more than 80% of LLM-specific vulnerabilities. 

DryRun has released additional insights from this analysis, along with a strategic framework that maps the OWASP LLM Top Ten into real-world engineering guidance, showing: 

  • Where each risk shows up in modern LLM apps
  • Who owns each control (AppSec, platform, ML, SRE, FinOps)
  • What “good” looks like in design and SDLC
  • How AI-native, context-aware code analysis finds issues before runtime

You can find the details on this here.

Leave a comment »

Outpost24 Acquires Infinipoint

Posted in Commentary with tags on December 9, 2025 by itnerd

Outpost24 today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24’s entry into the Zero Trust Workforce Access market and enhances its identity security division, Specops, by laying the foundation for a unified approach that evaluates both the user and the device before access is granted.

As organizations advance their Zero Trust strategies, authentication alone is no longer enough. MFA and SSO confirm who the user is, but they do not validate the security of the device being used. In hybrid environments where employees, contractors, and partners rely on a mix of corporate and unmanaged devices, this gap has become a significant source of risk. Ensuring that only secure, compliant devices can access critical systems is now essential to reducing credential misuse, preventing lateral movement, and maintaining regulatory assurance.

Organizations will benefit from the combined strengths of Specops’ unrivalled authentication and Infinipoint’s device identity and posture expertise, gaining a unified, context-aware approach to workforce access. This will allow organizations to evaluate both user and device trust at the moment of access, strengthening Zero Trust adoption while improving compliance and operational efficiencies by leveraging Infinipoint’s unique self-service and auto remediation capabilities – across any device and any identity provider.

The acquisition underscores the Outpost24’s commitment to advancing its exposure management and identity security capabilities and strengthens its role in delivering end-to-end visibility and control across identities, devices, and the external attack surface.

Leave a comment »

Black Kite Introduces Product Analysis Module

Posted in Commentary with tags on December 9, 2025 by itnerd

Black Kite today announced the release of its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite delivers a more detailed view of exposure and supports better decision-making around specific products and vendor outreach. The new module delivers intelligence on software supply chain risk through deep downloadable software analysis (CPE), SaaS subdomain analysis, and SBOM analysis.

With Black Kite’s Product Analysis, teams can go one step beyond vendor analysis by assessing individual products to gain deeper insight into supply chain risks associated with third-party software, improving both the speed and accuracy of product evaluations.

The new module combines multiple intelligence sources and analysis methods to deliver clear, product-level insight into vulnerabilities, exploitability, and risk posture:

  • Downloadable Software Analysis (CPE): Maps software products to their producing vendors and calculates risk levels (low, medium, high) based on CVEs, exploits, certifications, and end-of-life status.
  • SaaS Subdomain Analysis: Identifies SaaS subdomains, associates them with the correct company, and evaluates vulnerabilities and potential exploits for each.
  • SBOM Analysis & Mapping: Analyzes open-source components and dependencies within third-party software to uncover hidden vulnerabilities and nested dependencies.

The Product Analysis module gives TPRM teams and security leaders a clear, accurate understanding of product-level risk exposure. Key benefits include:

  • More confident decisions during software evaluation and onboarding.
  • Stronger ongoing monitoring through precise insights that drive mitigation actions such as upgrades or configuration changes.
  • Compliance support for federal and regulated industries that must perform SBOM analysis and broader risk assessments in alignment with EO 14028.

Product Analysis enables TPRM teams to seamlessly evaluate the risks associated with both the software they use and the software used by their third parties, helping them prioritize mitigation actions and vendor outreach to reduce potential exposure and impact from software vulnerabilities and other risks.

To learn more, visit https://blackkite.com/solution-briefs/product-analysis-with-black-kite

Leave a comment »

TrojAI Launches Free AI Red Team Report Card to Help Organizations Identify and Mitigate AI Risks

Posted in Commentary with tags on December 9, 2025 by itnerd

TrojAI today announced the launch of its new TrojAI Red Team Report Card, a free AI security assessment designed to help organizations understand and mitigate risks in frontier and custom AI models.

As enterprises accelerate adoption of AI-powered applications and agents, the pressure to identify and reduce behavioral vulnerabilities has never been greater. The TrojAI Red Team Report Card empowers security teams to evaluate their AI model’s exposure to real-world attacks before adversaries are able to exploit weaknesses.

The free assessment leverages TrojAI Detect, an automated single-turn and multi-turn AI red teaming engine, to uncover weaknesses such as prompt injection, data leakage, jailbreaks and more. Participants receive a comprehensive, personalized report card with success rates across major AI risk categories, including jailbreak resilience, adversarial robustness and informational harms like PII exposure, insecure code generation and misinformation. Each assessment includes a one-on-one review session with TrojAI’s security team to help organizations interpret results and prioritize mitigation strategies.

The TrojAI Red Team Report Card is available today at no cost.

Leave a comment »

Forcepoint on why agentic AI matters to security

Posted in Commentary with tags on December 8, 2025 by itnerd

Today Forcepoint published its latest post in its 2026 Future Insights series: “Agentic AI: Securing a New Generation of Digital Actors.”

The blog highlights that the shift to Agentic AI, autonomous systems that can plan, decide, and act across business environments, challenges the core assumptions of current cybersecurity practices. This will require a fundamental reset in how organizations approach digital risk, as traditional, human-centric security playbooks fall short of protecting these new digital actors.
A few quick takeaways that may be helpful for anything you are working on tied to this emerging topic:

  • Agentic AI systems are not deterministic. They act like digital people but lack human intuition, ethics, and context, making traditional, rule-based security insufficient.
  • The attack surface is changing. Security teams must secure not just human-to-data interactions, but also agent-to-data and agent-to-agent interactions.
  • Chained Agent Manipulation is a new threat. An attacker can manipulate one agent in a workflow to compromise the entire downstream sequence of decisions and actions—a new form of social engineering designed for digital actors.
  • New skills and roles are required. Organizations will need dedicated AI risk exposure professionals to map data flows and evaluate reasoning chains in these complex systems.
  • Behavioral monitoring is key. Protection needs to focus on behavioral monitoring, anomaly detection, and guardrails that intervene when agents drift into unsafe territory.

This perspective can support pieces on:

  • The future of AI-driven cyber-attacks (e.g., chained manipulation)
  • The limits of traditional security in autonomous AI environments
  • Emerging CISO challenges in 2026 and beyond
  • The evolution of data security practices (e.g., DSPM/DDR)The need for new professional roles (AI Risk Exposure Professionals)

The post is available at: https://www.forcepoint.com/blog/x-labs/agentic-ai-risk.

Leave a comment »

SIOS LifeKeeper v10: Expanding Control and Streamlining HA/DR Management for System Admins

Posted in Commentary with tags on December 8, 2025 by itnerd

SIOS Technology Corp today announced the availability of LifeKeeper v10, featuring the new LifeKeeper Web Management Console (LKWMC) management console. LKWMC provides a unified, intuitive user interface across both Linux and Windows environments, giving system administrators unprecedented visibility and control while dramatically simplifying the management of complex, mission-critical high availability and disaster recovery configurations.

New in SIOS LifeKeeper v10:

  • LifeKeeper/Windows Management Console (LKWMC): Delivers simplified HA management with a consistent interface across Windows and Linux operating systems, enabling cost-saving ease-of-use for MSPs and organizations managing applications across multiple operating systems. New design includes built-in tips and tools for further streamlined integration.
  • Enhanced Disaster Recovery in Red Hat Environments: The DRBD Application Recovery Kit (ARK) for LifeKeeper now offers seamless integration with RHEL 9.6 and RHEL 10, extending 3- and 4-node disaster recovery capabilities to a wider user base.
  • DataKeeper Replication Support for RHEL 10: DataKeeper Linux delivers straightforward, cost-effective data replication and high availability on RHEL 10, along with other supported operating systems.
  • Native PowerShell support. PowerShell is now supported as a scripting language for building Generic Application Recovery Kits, offering greater flexibility and ease of automation.
  • Improved Installer Interface: A redesigned installer provides a streamlined experience, allowing users to select all required components from a single, intuitive screen.

Pricing and Availability

SIOS LifeKeeper v10 is currently generally available. SIOS software is priced by the server node and offers perpetual, subscription and consumption (cloud marketplace) options.

Leave a comment »

Recast earns 12 badges in G2’s Winter 2026 Reports 

Posted in Commentary with tags on December 8, 2025 by itnerd

Recast, a leader in modern application and endpoint management, today announced it has been awarded 12 badges in G2’s Winter 2026 Reports. The recognition from G2, the world’s largest and most trusted software marketplace, underscores the exceptional value that Recast delivers to its global customer base through its popular Right Click Tools product.

These accolades reflect Recast’s outstanding performance in customer satisfaction and product usability, driven by solutions that deliver strong ROI, streamline daily operations, and enhance security. Recast’s G2 badges span categories including enterprise configuration management, patch management, endpoint management, and more. Consistently positive reviews in these key areas emphasize Recast’s unwavering commitment to providing reliable, high-value solutions that empower IT teams to simplify systems management and reduce security vulnerabilities.

Recast’s Winter 2026 Badges include:

  • Best Meets Requirements Enterprise
  • Easiest Setup – Enterprise
  • Easiest to Do Business With
  • Easiest to Use – Enterprise
  • High Performer
  • High Performer – Enterprise
  • Leader
  • Leader – Enterprise
  • Momentum Leader
  • Most Implementable – Enterprise
  • Users Most Likely to Recommend
  • Users Most Likely to Recommend – Enterprise

Leave a comment »

Guest Post – AI agents, Christmas markets, and sneaky greetings: holiday scams targeting you

Posted in Commentary with tags on December 8, 2025 by itnerd

Addictive scrolling, which develops faster than you think, is not the only thing you should watch out for this holiday season. A Surfshark expert highlights the main online risks you can encounter while scrolling.

Unsupervised AI shopping agents

AI shopping agents are a booming trend, with Big Tech announcing AI updates that can buy the exact sweater you are searching for and even call the shop to ask if they have it in stock. The trend of using chatbots like ChatGPT or Gemini AI to assist you with shopping is also at its peak.

Tomas Stamulis, Chief Security Officer at Surfshark, says the risk arises when you trust AI shopping assistants entirely and without double-checking. “I sometimes use a chatbot to help me with shopping. However, I evaluate what online shops it offers because sometimes they can be scams, taking me to malicious websites. So, always review what AI suggests before purchasing, and never grant unlimited access to your financial details.”

Phone snatching in Christmas markets

Phone snatching, when street criminals take your mobile phone from your hands, usually unlocked, is a particularly common crime in crowded Christmas markets. A moment of your distraction can result in far-reaching consequences. According to Surfshark expert Tomas Stamulis, taking simple steps can help protect you from the damage caused by phone snatching. “Stay vigilant in public, especially in crowded or high-risk areas. Keep your phone out of sight when not in use. Use an anti-spying screen so people around you can’t easily see what you’re doing. Also, ensure “Stolen Device Protection” is active on iOS or “Theft Protection” on Android (depends on device) and your home and work addresses are correct.”

Sneaky links in Christmas greetings

People’s interest in creating Christmas greetings online and sharing them with loved ones does not go unnoticed by scammers. You probably receive those snappy interactive greetings via social media, email, and SMS. Thank the sender for goodwill, yet never click the links included in those greetings. If you did and were led to a strange site, we hope you didn’t provide any of your private information, such as your real name, surname, email address, telephone number, or home address.

Sorry, it’s too good to be true

Have you ever encountered a Christmas deal that seemed too good to be true? It probably was. Scammers create fake gift deals for popular and hard-to-find items to trick shoppers into falling for them. Mr. Stamulis advises being skeptical of Christmas deals that seem unrealistically good. “Always verify the offer by checking the retailer’s official website. If you spot something that seems like a ‘hot deal’, look closely at URLs and other text for typos or unusual characters, which are red flags.”

Gifting your personal data via public Wi-Fi

Free Wi-Fi is available at cafes, restaurants, train stations, hotels, and other public spaces for your convenience. It’s just that the number one rule for a privacy-conscious person is never to use free public Wi-Fi. Public networks are frequently exploited by hackers, who can intercept sensitive data, including account credentials, email addresses, passwords, and financial information. “Without an active VPN, using public Wi-Fi is insecure; it’s like gifting your personal data to total strangers,” points out Tomas Stamulis.

Christmas cleaning your private data will thank you for

Most people want to tie up loose ends before the New Year. Paying back debts, making peace with those you’ve argued with, and just finishing unfinished business. Review the apps you’ve accumulated over the year and get rid of those that just take up space. Surfshark conducted at least a few studies that revealed mobile apps to be extremely data-hungry and privacy-intrusive. Your private data will thank you for this Christmas cleaning.

ABOUT SURFSHARK


Surfshark is a cybersecurity company offering products including an audited VPN, certified antivirus, data leak warning system, private search engine, and a tool for generating an online identity. Recognized as a leading VPN by CNET and TechRadar, Surfshark has also been featured on the FT1000: Europe’s Fastest Growing Companies ranking. Headquartered in the Netherlands, Surfshark has offices in Lithuania and Poland. For information on Surfshark’s operations and highlights, read our Annual Wrap-up. For more research projects, visit our research hub.

Leave a comment »

« Older Entries
Newer Entries »