Vanta Introduces Agentic Trust Platform

Posted in Commentary with tags on November 18, 2025 by itnerd

Vanta today unveiled a number of new products that redefine how enterprises earn and prove trust at scale. Powered by intelligent automation, Vanta’s industry-first Agentic Trust Platform helps teams understand their environment, anticipate what’s next, and automate workflows across compliance, risk, and security assessments.

According to Vanta’s 2025 State of Trust, 72% of business and IT leaders say overall risk is at an all-time high, yet nearly two-thirds spend more time posturing than protecting their organization. This highlights the need to adopt AI in ways that enhance security and decrease busywork.

Vanta’s Agentic Trust Platform brings new industry-defining capabilities including:

  • Vanta AI Agent 2.0: At the intelligent core of the Vanta Agentic Trust Platform, it acts as a 24/7 GRC engineer that understands an organization’s environment – anticipating what’s next, providing proactive, personalized guidance, and keeping compliance in sync.
  • Organizations Center: Organizations Center gives CISOs complete visibility across business units, products, and geographies with AI-powered scoping and audit workflows that simplify the audit process across complex enterprises.
  • Risk Graph: The Vanta Risk Graph turns fragmented risk data into a real-time, actionable map that shows how organizations’ risks connect and spread, pinpoints high-impact issues, and guides action before they escalate.
  • Customer Commitments: Customer Commitments maps customer obligations to the right controls and automates follow-through, ensuring every promise is tracked, met, and transparently communicated.

Vanta AI Agent 2.0 orchestrates trust workflows

Launched in July, the Vanta AI Agent saves customers an average of four hours per week by automating evidence collection and streamlining policy management.

With the launch of the Vanta AI Agent 2.0, it’s evolving into a dynamic 24/7 GRC engineer with complete program awareness and understanding. Powered by context and memory, the Vanta AI Agent 2.0 can expose program gaps, provide proactive, personalized guidance, and even take coordinated actions on critical work.

The Vanta AI Agent can now:

  • Accelerate audit preparation: Automatically collects and validates evidence, eliminating one of the most time-consuming and error-prone parts of audit prep. Asking the agent to help with various elements of audit prep such as identifying updates for a new framework, drafting policies for an office expansion, or recommending privacy adjustments for EU operations generates actionable, tailored responses in seconds.
  • Automate security questionnaires: Takes the first pass at questionnaires – filling in verified answers, surfacing gaps before they slow reviews, and giving teams ready-to-share responses to close deals faster.
  • Review and monitor vendors: Streamlines vendor oversight from discovery and due diligence through continuous monitoring, surfacing high-priority alerts so teams can focus where it matters most.

The Vanta AI Agent 2.0 will be available in the coming months.

Enterprise-grade visibility and control

As companies grow, so does the complexity of their compliance and risk programs with new products, acquisitions and regions introducing additional compliance frameworks and siloed information. Designed for CISOs and GRC leaders, Organizations Center connects multiple Vanta organizations into a single view while maintaining separation where needed. Along with Organizations Center, new enterprise capabilities will allow businesses to:

  • Define scopes across an organization: Defines scope by business unit, product line, geography, or acquisition. Vanta updates automatically as systems, personnel, or vendors change – keeping compliance current without manual effort.
  • Manage auditor requests: Simplifies audit collaboration by managing auditor requests, internal reviews, and evidence evaluation directly in Vanta or through the API.
  • Unify overlapping frameworks: Groups related controls into common requirements with mapped evidence, policies, and risks.

Risk Graph unifies risk management

In a connected business environment, even a single vendor vulnerability or internal misconfiguration can ripple across supply chains. According to Forrester, organizations are expanding their ecosystems of third-party relationships, creating interconnected risk exposure that traditional approaches struggle to manage.

Vanta’s Risk Graph creates a single source of truth for risks across the organization, turning disconnected alerts into a connected map that shows relationships across risks and how they spread throughout an environment. By combining signals from a company’s internal risk environment with third-party insights on vendors and flagging risks as they surface, Vanta’s Risk Graph enables teams to prioritize the highest-impact risks and trigger automated workflows from the Vanta AI Agent. The result is that teams can see not just what the risks are, but how they connect and where to act first.

The Vanta Risk Graph will be available in early 2026.

Customer Commitments keeps customer promises

Once a deal is signed, keeping up with promises made to customers is essential to maintaining trust and driving renewals. But many organizations struggle to manage these promises, especially custom obligations like breach notification SLAs or subprocessor updates. When an incident or vulnerability occurs, teams scramble to identify who they made commitments to – delaying responses and risking broken promises.

Customer Commitments is the only intelligent compliance solution that centralizes, tracks and acts on every promise an organization has made. It sends alerts if commitments are at risk, automates workflows to act on triggered commitments, maps commitments to relevant controls, and keeps customers informed through the Trust Center with verified, transparent updates.

Customer Commitments is in preview and will be available next year.

VantaCon 2025: Agentic Trust Platform

Vanta will debut and demo its Agentic Trust Platform tomorrow, November 19 at 9:30am PT at VantaCon 2025: AI is Rewriting Trust. Speakers from Anthropic, Snowflake, 1Password, Clay, Sierra, Golden State Warriors, Golden State Valkyries, Ramp, Duolingo and more will explore how AI is transforming trust, risk and compliance. To register for the livestream of the product keynote, visit https://www.vanta.com/vantacon.

Leave a comment »

Guest Post: The “qwerty123” is out: “admin” is Canada’s top password in 2025

Posted in Commentary with tags on November 18, 2025 by itnerd

NordPass, together with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary. 

Most common passwords in Canada

Below are the top 20 most common passwords in Canada. The full list of global passwords and those from other countries covered by this research is available here.

  1. admin
  2. 123456
  3. gallant123
  4. password
  5. 1hateyou
  6. 12345678
  7. 123456789
  8. ZZZzzz111
  9. 12345
  10. Password
  11. stinky124
  12. Cutie121
  13. Password1
  14. pelletier123
  15. winners1
  16. wowme234
  17. 123four56
  18. 12345678910
  19. imstupid
  20. 1234567890

Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, Canadians seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate Canada’s top 20 list.

This year, “admin” is the most common password in Canada, replacing last year’s top choice, “qwerty123,” while “123456” ranks second. However, different variations of the word “password” take up as many as three spots in Canada’s top 20 most common passwords list. Different numeric combinations take up six spots.

Researchers also point out that sports-related terms (e.g., “hockey”) are being replaced by swear words in some countries. But Canadians are too polite for that. Their top 20 lists for both last year and this year contain no profanities.

Global trends 

Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.

Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”

The word “password” remains one of the most popular passwords worldwide. It’s used both in English form and in local languages in nearly every country we studied — from Slovak “heslo” and Finnish “salasana” to French “motdepasse” and Spanish “contraseña.” 

“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Karolis Arbaciauskas, head of product at NordPass.

The myth of the “digital native”

Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.

“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.

Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers. 

Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”

The full list is available here.

Password safety tips

According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:

  • Create strong random passwords or passphrases. Passwords should be at least 20 characters long and consist of a random combination of numbers, letters, and special characters. 
  • Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.
  • Review your passwords. Make sure to regularly check the health of your passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.
  • Use a password manager. It can help you generate, store, review, and safely manage all your passwords, ensuring they’re well protected, difficult to crack, and easily available when you need them.
  • Turn on multi-factor authentication (MFA). It adds an extra layer of security. MFA helps keep hackers out even if a password gets breached.

Research methodology

This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specializing in research of cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed for passwords exposed from  September 2024 to September 2025, with statistically aggregated data extracted. No personal data was acquired or purchased for this research.

Leave a comment »

Guest Post: US shopping apps collect more data than Chinese or Canadian rivals

Posted in Commentary with tags on November 18, 2025 by itnerd

As shoppers gear up for the holiday season, Surfshark investigated the data collection practices of the 10 most popular shopping apps in the US, finding that US-based apps tend to collect more data compared to their counterparts in China and Canada. For example, Amazon collects 25 unique data types out of 35, but among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types.

“Scrolling through tempting deals on Temu, Shein, Amazon, and other shopping apps is a Black Friday tradition for many. However, before downloading any shopping app, people should consider whether they are truly willing to trade their privacy for a discount,” says Miguel Fornes, Information Security Manager at Surfshark. “Many shopping apps collect far more data than people realize, and this extends beyond purchase history. Some apps can even gather sensitive information such as political views, racial background, or biometric and health data.”

The Amazon shopping app is the most privacy-intrusive. It collects 25 unique data types out of 35, Walmart and Costco each collect 23, and Whatnot — another US-based app — collects 20. Among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types, followed by Temu with 17, Aliexpress with 16, and Shein with 15. The Canadian app, Shop, collects 19 data types, which places it on par with the most data-collecting Chinese app.

All the analyzed apps collect information such as email address, name, payment information, physical address, user ID, search history, and product interaction. The majority of these apps also gather device IDs (except for Temu), phone numbers (except for Shein), photos or videos (except for Shop), and location data (except for Shein). Additionally, most of this collected data is directly linked to individual users, enabling these apps to build comprehensive user profiles, which raises privacy concerns. 

Some of the data collected by these shopping apps is surprising and even bizarre. For instance, Amazon and Walmart collect sensitive information — which could include political opinions, racial or ethnic background, biometric data, genetic information, sexual orientation, disability status, or pregnancy details. Whatnot and Alibaba collect users’ contacts, such as contact lists from a user’s phone or address book. In addition, Amazon, Walmart, Whatnot, and Alibaba collect users’ voice or sound recordings.

According to Fornes, these abusive data collection practices can be very dangerous if an app is breached and information about a person is leaked. First, leaked bank account information and purchase history can lead to unauthorized charges, identity theft, and significant financial loss. Second, leaked sensitive information – especially sensitive data like political views or health data – can damage your reputation and financial standing, as health data rarely changes and may be used by insurance and healthcare companies. Finally, all this leaked data might fuel subsequent highly personalized phishing campaigns. Therefore, Fornes advises:

  • Don’t download apps you don’t need. If you only shop on Amazon occasionally, accessing their website through a browser is more private than keeping the app installed. Besides, you may improve your battery or device health by offloading those.
  • Grant permissions selectively. Only allow access to data essential and directly relevant to the app’s functionality.
  • Revoke unnecessary permissions. Regularly review and revoke permissions you have granted. For example, go to settings, apps, app name, permissions on iOS, and change them. Remember the app will still work as intended after removing unnecessary permissions, but just triggering some informational notifications.
  • Read the Privacy Policy and opt out of data sharing. Understand what data the app collects, how it’s used, and with whom it’s shared. Many apps offer options to limit data collection for advertising purposes. Look for these settings.
  • Strengthen your account security. Use strong, unique passwords; enable two-factor authentication (2FA); consider having a dedicated virtual debit card or escrow payment methods (such as PayPal) for such apps or shopping at less-trusted sites.

 For the complete research material behind this study, visit here.

Leave a comment »

Amazon alum launch Albatross with $12.5m to rediscover shopping 

Posted in Commentary with tags on November 18, 2025 by itnerd

Every click online tells a story. Yet the systems behind most of the internet still treat users as static profiles, recycling yesterday’s data to predict tomorrow’s intent. Albatross, a Zurich-based AI company founded by former Amazon AI leaders, has raised $12.5 million in new funding to rewrite that logic with the world’s first platform for real-time product and content discovery – one that learns, reasons, and adapts as users interact.

The round was led by MMC Ventures with participation from Redalpine, Daphni, and strategic angels, bringing Albatross’s total funding to $16 million, following a $3.5 million foundation round in September 2024 led by Redalpine. The company’s platform is already serving billions of live events and tens of millions of predictions each month across marketplaces, retail, and travel platforms worldwide, processing approximately a hundred million products and tens of millions of end users.

Founded in 2024 by Dr Kevin Kahn and Dr Matteo Ruffini, both former Amazon AI leaders, alongside serial entrepreneur Johan Boissard, Albatross is tackling what the team sees as a fundamental gap in the AI revolution. While much of the industry focuses on large language models that generate content, Albatross is building the second pillar of AI: understanding how users perceive and interact with content in real time. It is built on transformer-based architecture with sequential embedding models trained directly on live events.

Traditional recommendation systems look backward, using batch-trained models that rely on popularity, similarity, or user history. They struggle to capture what really matters: what a person is doing right now. In contrast, Albatross replaces these legacy systems with AI that learns continuously from live behavior, updating in milliseconds as users browse, search, and explore without any manual intervention or retraining. Notably, until now no platform could adapt instantly to changes in user behavior. Albatross is the first to do this.

Albatross’s two flagship products – the Real-Time Discovery Feed and Multimodal Search. The Discovery Feed dynamically curates inspiring products and content in real time, while the Multimodal Search engine refines results based on evolving intent, even bridging in-store and online journeys through contextual and image input. The platform operates with enterprise-grade reliability at virtually zero latency.

Early pilots have shown triple-digit uplifts in engagement and product discovery. Integration takes less than seven weeks from signature to deployment, and the platform operates with enterprise-grade reliability, handling billions of data points. The company’s research on cold-start discovery, presented at RecSys 2025, now powers its production platform at scale.

As content and commerce continue to explode, discovery is becoming the defining challenge of the digital economy. Albatross’s goal is to make digital experiences adaptive – transforming the way people find what inspires them, in real time.

Leave a comment »

Canada’s innovation performance continues to decline at a time of unprecedented change

Posted in Commentary with tags on November 18, 2025 by itnerd

Canada continues to fall further behind peers in key measures of science, technology, and innovation performance. A new report from the Council of Canadian Academies (CCA) details the daunting challenges facing Canada that could ultimately threaten the country’s economic prosperity and standard of living.

A high-performing science, technology, and innovation ecosystem is essential to the well-being of all people in Canada and the country’s ability to compete on a global stage. In the context of a worsening productivity crisis, a fraught relationship with its largest trading partner, stubbornly low private sector R&D spending, and lagging technology adoption across the economy—reversing Canada’s weak innovation performance is more urgent than ever.

Canada lacks effective approaches to support the development and commercialization of the most promising technologies that could bolster national competitiveness and provide greater overall economic and societal benefits. Without an enhanced emphasis on technology adoption, access to domestic risk capital, and tailored interventions to grow areas of strength, Canada’s innovation ecosystem will likely continue to underperform. As a result, the nation’s ability to deliver quality public healthcare and education, job opportunities, and affordable housing will be jeopardized.

Commissioned by Innovation, Science and Economic Development Canada (ISED), The State of Science, Technology, and Innovation in Canada 2025 provides a comprehensive, data-driven analysis of Canada’s strengths and weaknesses in science, technology, and innovation and how we compare internationally.

Key Findings:

  • R&D spending is lagging. Canada’s R&D intensity has declined since 2000, while peer countries have increased their investments. Business and government R&D spending are both far below the OECD average.
  • Canada’s higher education sector is a rare bright spot. Canadian universities continue to produce world-class talent and research, with high levels of international collaboration and impact. However, this competitive edge is at risk and Canadian post-secondary institutions often struggle to support the transfer of technologies to new companies.
  • Aggressive AI adoption could transform Canada’s science, technology, and innovation ecosystem. Canada has played a leading role in the development of AI but is losing ground in adoption and commercialization.
  • Despite strengths in research, Canada struggles to translate discoveries into commercial success. The country lacks large, innovative firms and faces persistent barriers in scaling startups and retaining intellectual property.
  • Decision-makers in Canada must navigate complex and fast-moving circumstances despite incomplete and dated frameworks and metrics for critical performance indicators. The innovation ecosystem is dynamic and can shift rapidly, requiring more agile and ever-evolving interventions; up-to-date insights are essential to calibrate these interventions.

Leave a comment »

Zoho One, the Operating System for Business, fuses powerful AI with a reimagined user interface to elevate the future of work

Posted in Commentary with tags on November 18, 2025 by itnerd

Zoho Corporation, a leading global technology company, today announced numerous enhancements to Zoho One, its all-in-one business software platform, featuring an evolution in the user experience that facilitates easy and secure collaboration. The new Zoho One offers a seamless experience across its 50 applications, putting the user and context at the core.

Originally launched in 2017 as a first-of-its-kind suite allowing businesses to run every aspect of their organization, today, Zoho One includes over 50 applications and serves over 75,000 customers worldwide, with an average of more than 22 apps used per customer. The software platform stands out for its privacy, security, and trust, underpinned by Zoho’s ownership of the entire technology stack. End-to-end control, coupled with deep integrations, ensures consistent reliability and compliance, equipping organizations with a competitive edge through seamless, intelligent operations.

Zoho One’s new features offer unification across three domains: Experience, Integrations, and Intelligence.

Experience – removing boundaries between apps

Zoho One’s new UX offers a connected, context-aware user experience:

  • Spaces bring easier access to your everyday apps. Apps within Zoho One are grouped into Spaces across the top toolbar, and each serves a distinct purpose. Personal includes apps unique to the individual, including personal productivity software. Organization includes tools for company-wide communication (Forums, Town Hall, Ideas, and more). There are also function-specific spaces grouped by Department (HR, Marketing, Finance, and more). All of these spaces can be customized to better serve employees’ needs. The Spaces toolbar also includes a centralized search bar from which users can quickly search across the entire Zoho One ecosystem as well as automate actions within task-based workflows, without having to switch apps.
  • Action Panel and Quick Navigation keep employees informed and on task. The highly customizable Action Panel provides the user access to their full day with one click, no matter which Zoho app they’re in. Add from a variety of app sources to build a panel that easily shows upcoming meetings, uncompleted tasks, scheduled Cliq messages or emails, and more.
  • Dashboard and Boards remove boundaries between apps. Zoho One’s expanded dashboard consolidates data from all connected apps, even third party, into a single location that can be personalized using pre-existing or custom widgets. Users can exercise control over the entire software suite from this centralized hub, including support for additional dashboards from specific apps.
  • A new approach to workplace collaboration. Today’s announcement includes the addition of Vani to Zoho One, offering an all-in-one, visual-first intelligent virtual space. With Vani, Zoho One users can brainstorm, plan, and innovate together – across things like flowcharts, whiteboards, diagrams, mind mapping, and video calling.

Integrations – delivered natively

When anchored by Zoho One, a company’s tech stack benefits from the software’s security features like smart offboarding, easy management of employee devices, and support for encryption keys. Furthering security is Zoho’s native integration, reducing entry points for potential breaches and streamlining anomaly detection, and Zoho Directory, providing admins a secure platform for workforce identity and access management, included as part of Zoho One.

Zoho One offers native integration with Zoho apps and third-party software. Various types of integrations are supported:

  • Unified integrations. Zoho One delivers native integration between other Zoho solutions and third-party software. These can be monitored and configured from an integrations panel within Zoho One. Users can also create integration flows and monitor their usage.
  • Foundational integrations. Zoho One offers a Unified Portal, a customizable space where users can consolidate all of their application-specific portals, allowing for control over multiple apps from a single screen. The Unified Portal support all third-party software portals, even those from custom apps.
  • Pragmatic integrations. Important support tasks, such as domain verification, can be configured with their corresponding integrations, ensuring the proper authentications take place.
  • Outcome-based integrations. Workflows that extend across many steps often require multiple apps, and Zoho One allows for the proper integrations along the way. One example is Zoho One’s new Smart Offboarding tool: From within a single workflow, employees can easily transfer department ownership to a new department head, manage employee device data from a single menu, and decide what happens to a user’s application data to ensure no loss of access.

Intelligence – unified and contextual

Zoho’s AI assistant, Zia, is now prominently featured across all of Zoho One.

  • Intelligence aggregated. Zia can aggregate and contextualize data from multiple platforms—such as Google Workspace or third-party apps—into a single, actionable answer. This federated intelligence enables organizations to make faster, more informed decisions, eliminating data silos and enhancing productivity.
  • Hub for intelligence. Zoho’s intelligent content management system, Zia Hubs, has its own dedicated space within Zoho One alongside pre-created, dedicated workflows that automatically bring more utility to company data. Now, executed contracts from Zoho Sign and recorded Zoho Meetings conversations both automatically go into Zia Hubs folders, allowing contract details and relevant conversational details to be surfaced in a Zia Search.
  • Integrated and Contextual intelligenceAsk Zia is easily accessible within the bottom toolbar, allowing fast, prompt-based searches, pulling relevant data across multiple Zoho apps to provide a full picture of a user’s schedule, unfinished tasks, or the latest action items from a meeting. Given the broad set of apps that are deeply integrated into Zoho One, Ask Zia can also deliver highly contextual intelligence to guide decision-making.

More Functionality, More Apps, The Same Price

Despite the addition of these new features and Vani, Zoho’s visual collaboration platform, pricing for Zoho One remains at $37 per month per user. Zoho One is immediately available globally.

Leave a comment »

Hammerspace Recognized for Third Consecutive Year as “Editors’ Choice” in 2025 HPCwire Readers’ and Editors’ Choice Awards

Posted in Commentary with tags on November 18, 2025 by itnerd

Hammerspace, has been recognized among the “Editors’ Choice: Top 5 New Products or Technologies to Watch” for its outstanding efforts and accomplishments in HPC and AI, in the 22nd edition of the HPCwire Readers’ Choice Awards, presented at the 2025 International Conference for High Performance Computing, Networking, Storage, and Analysis (SC25), in St. Louis, Missouri.

This honor marks the third consecutive year Hammerspace has been recognized with an Editors’ Choice award by HPCwire. In 2024, Hammerspace was selected as “Editors’ Choice: Top 5 Vendors to Watch,” and in 2023, it was awarded “Top Five New Products or Technology” for its outstanding achievements and innovation. Winners of the Editor’s Choice awards are selected by a panel of HPCwire editors and thought leaders in HPC and constitute prestigious recognition from the HPC community.

Hammerspace’s Data Platform unifies unstructured enterprise data across diverse storage architectures, geographies, and protocols, enabling organizations to convert raw data into AI-ready intelligence with unprecedented speed. As a result, organizations achieve AI-driven outcomes faster, driving innovation and competitive advantage.

Traditional AI storage infrastructure requires moving or duplicating massive datasets to specialized silos, creating fragmentation between users, applications and storage systems. Hammerspace eliminates this challenge by providing a single global namespace that spans on-premises and cloud resources. By leveraging existing infrastructure and scaling seamlessly with growing needs, the platform delivers a robust foundation for the intersection of classical HPC and new AI workflows, including training, inference, Retrieval-Augmented Generation (RAG), complex agentic workflows and the emerging era of physical AI.

To schedule a meeting with Hammerspace executives during SC25, click here.

Leave a comment »

Datadobi Introduces Advanced Storage Optimizer to Transform Data Visibility and Cost Management

Posted in Commentary with tags on November 18, 2025 by itnerd

 Datadobi, the global leader in unstructured data management, today unveiled Advanced Storage Optimizer, a solution designed to take the guesswork out of managing enterprise storage. The new solution delivers visibility into cost-reducing opportunities, empowering enterprises to maximize efficiency and reduce storage spend. 

Advanced Storage Optimizer is available in StorageMAP 7.4, the latest release of Datadobi’s platform. It provides new levels of visibility into cost-reduction opportunities by identifying suboptimal use of storage tiers and enabling users to model scenarios before migrations. It also identifies ageing and unused data, suggesting options to reduce costs, including what to archive, along with reports that can be shared with stakeholders. By removing irrelevant data before a migration and continuously monitoring storage environments, Storage Optimizer ensures systems remain efficient and cost-effective over time.

The latest release of StorageMAP also introduces enhanced support for Microsoft Azure Blob archiving and new automated reporting features that simplify operations and integrate seamlessly with enterprise systems. These enhancements enable organizations to streamline data management, reinforce governance, and unlock greater business value from their storage environments.

In StorageMAP 7.4, reporting becomes smarter and more flexible. Teams can schedule reports at user‑defined intervals and receive them automatically in formats tailored to their needs, PowerPoint decks for executive stakeholders, and tabular outputs for programmatic analysis. Results can be distributed via email in a true “set‑and‑forget” fashion, ensuring insights are shared consistently and StorageMAP data flows effortlessly into broader enterprise workflows

Leave a comment »

 2025 Holiday Threat Assessment From Flashpoint

Posted in Commentary with tags on November 18, 2025 by itnerd


The 2025 holiday shopping season is expected to bring record retail spending, with US sales projected to surpass $1 trillion USD for the first time. At the same time, this surge in online activity and spending creates a lucrative environment for financially motivated threat actors. 

As cybercriminals intensify their efforts to exploit the holiday season, Flashpoint shares the top cyber and physical threats that people can expect this holiday season:

QR Code Fraud

  • The core technique involves creating convincing fake QR codes, often leveraging readily available public QR code generators that redirect victims to malicious sites.

Gift Card Draining

  • The widespread popularity of gift cards has made them a prime target for organized financial crime, specifically for financially motivated organized fraud groups. 
  • The process is highly organized: first, they lift and reseal the protective sticker to obtain the PIN and card number. Then, the fraud operators leverage specialized software to monitor the card’s status. The moment a consumer purchases and activates the card at the register, the funds are instantly drained.

Phishing and Social Engineering

  • Flashpoint expects threat actors to deploy highly tailored phishing emails and text messages designed to steal sensitive information such as login credentials and financial details from unsuspecting retail employees and shoppers.

Crowds and Physical Violence 

  • While the digital domain encapsulates most of the threats in the 2025 holiday season, large holiday events and public gatherings—such as Black Friday doorbusters and the Macy’s Thanksgiving Day Parade in New York City and various European Christmas markets or Hanukkah events—may become targets, as global social and political tensions remain heightened.

A full blog post has been published on the topic:

Flashpoint’s 2025 Holiday Threat Assessment

Leave a comment »

Microsoft Entra Invitations Hijacked in Surge of TOAD Phishing Attacks

Posted in Commentary with tags on November 17, 2025 by itnerd

A newly identified phishing campaign is exploiting Microsoft Entra tenant invitation functionality to orchestrate TOAD (Telephone-Oriented Attack Delivery) attacks against unsuspecting users. Commenting on this is Ensar Seker, CISO at SOCRadar:

“This campaign is a prime example of how attackers increasingly repurpose legitimate cloud-native features for malicious purposes. By abusing Microsoft Entra’s guest invitation system, the threat actors bypass traditional email filters and exploit trust users place in official Microsoft-branded messages. Because the Entra invitations are often whitelisted and routed through Microsoft’s infrastructure, they have higher deliverability and lower suspicion thresholds.

TOAD phishing attacks differ from traditional credential harvesting because they rely on inducing the user to take offline action usually by calling a phone number. In this case, embedding the phone number within a trusted Microsoft invitation gives the scam an air of legitimacy. Once the victim initiates the call, attackers may request remote access, payment details, or PII under the guise of “fixing” an account issue or refunding a charge.

What makes this campaign particularly dangerous is the convergence of:

  • Trusted delivery mechanisms (Microsoft Entra infrastructure)
  • Minimal technical indicators (no malicious attachment or link to analyze)
  • Social pressure (urgent account issues prompting a phone call)

Traditional email filtering, sandboxing, and EDR tools are less effective here because the initial “payload” is human interaction, not code execution.

Organizations should monitor and audit their Microsoft Entra guest invitation logs for anomalous behaviors such as spikes in external invitations, use of unusual messaging language, or repeated invitations to consumer domains. Security awareness training should explicitly cover TOAD threats and the misuse of trusted platforms to initiate phone-based social engineering.

This is part of a broader trend in adversary-in-the-middle techniques that blend cloud abuse, social engineering, and trust manipulation. It underlines the need for zero trust policies even within SaaS environments, continuous behavioral monitoring, and adaptive email filtering models that account for intent, not just indicators.”

This is a pretty interesting, and not in a good way, attack as it is difficult to defend against. This means that defences will have to be devised quickly or this could easily spiral out of control.

Leave a comment »

« Older Entries
Newer Entries »