Scott Stephenson’s take on: Meta’s AI hires/cuts, Google’s latest data center spend, and OpenAI’s new Atlas browser

Posted in Commentary with tags on November 7, 2025 by itnerd

This episode of The Scott Stephenson AI Show pulls Meta’s AI hires/cuts, Google’s latest data center spend, and OpenAI’s new Atlas browser into one discussion and explains the PR and business logic behind each move. Scott also highlights the OpenAI “we solved hard math problems” flap and why that kind of claim gets them in trouble. It’s useful context if you are writing AI strategy, big tech capex, or AI security/UI.

You can watch this episode here:

Leave a comment »

Skylink Launches the World’s Smallest Side-Mount Garage Door Opener

Posted in Commentary with tags on November 7, 2025 by itnerd

Engineered for performance and designed for convenience, Skylink has introduced a compact side-mount garage door opener that will change the way homeowners think about space.

As the world’s smallest model of its kind, the new Side Mount Garage Door Opener (SMO) delivers quiet power and smart connectivity without sacrificing valuable ceiling room. With a sleek, space-saving design and smart home integration, it redefines convenience without compromising strength or safety.

Built for modern living, the SMO offers a powerful DC motor, soft start and stop technology and built-in LED lighting to illuminate the garage without additional fixtures. With Wi-Fi connectivity and compatibility with Amazon Alexa, homeowners can open, close and monitor their garage door from anywhere using the Orbit app.

Additional safety and convenience features include:

  • Ultra-quiet motor that minimizes vibration and noise, perfect for attached garages or homes with living space above.
  • Automatic safety reversal system that stops and reverses the door when an obstruction is detected.
  • Battery backup compatibility for reliable operation during power outages.
    Easy DIY installation with step-by-step guidance designed for the everyday homeowner.
  • Compact side-mount design that frees up valuable overhead storage and creates a cleaner aesthetic.
  • With a legacy of innovation in connected home technology, Skylink continues to blend engineering precision with user-focused design – ensuring its products not only work smarter but fit seamlessly into everyday life.

Currently priced at $449, it’s now available at major retailers including RONA, Best Buy, Home Depot, Home Hardware, Costco, Amazon and through Skylink’s website.

For more information, visit https://www.skylinkhome.com/.

Leave a comment »

Guest Post: Cybersecurity Tips for the Holidays From Fortra

Posted in Commentary with tags on November 7, 2025 by itnerd

By John Wilson, Senior Fellow, Threat Research at Fortra

1. Holiday Job Scams  

The holiday season often brings a surge in temporary and remote job listings — and scammers are taking advantage of those looking for work. They pose as recruiters from well-known companies, send fake job offers to collect personal information, and demand upfront payments for “training” or “equipment.” They are even incorporating AI, making scams increasingly difficult to identify. 

Before accepting any offer, verify the opportunity directly through the company’s official website or HR department. Legitimate employers will never ask for money or sensitive data during the hiring process. A few red flags: No company is going to hire you without an interview no matter how qualified you may be for the position. Scam job offerings almost always mention a minimum age requirement. This is so they have an excuse to ask for a photo of your ID. Finally, look to see who sent the message and who it was sent to. A lot of scam texts and emails will come from a strange phone number or email address, and many scammers will send messages to numerous recipients at the same time. 

2. Gift Card Scams 

The use of gift cards during the holiday season ramps up, and so does the attackers’ exploitation of them. Attackers can send their victims emails claiming they’ve won a gift card or received a gift. These may even be customized with AI generated images and tend to impersonate popular retailer brands to increase the authenticity of the fake gift card. But to claim it, they’ll say you must give your personal information or pay a shipping fee first.  

If you receive a message like this, remember that legitimate companies will not ask you for payment to receive a gift card.  

3. Fake Shopping Websites and Ads 

Fake websites, such as phishing sites or phishing, remain a top threat for consumers conducting their holiday shopping online. Cybercriminals often create ‘eCommerce’ websites optimized for search engines and offer goods at below market prices to entice consumers into making a purchase. These sites may even be shared on social media platforms and circulate around as fake enticing ads to lure as many victims as possible.  

When you hand over your payment details by shopping on these sites, the hackers record them and use them to commit identity fraud and fraudulent purchases later. 

4. Always Use Secure Payment Methods 

Never use a debit card online and avoid other payment methods that don’t provide adequate fraud protection when conducting your holiday online shopping. Credit cards tend to be a safer option against fraud, and services such as Apple Pay or Google Pay are generally more secure than entering your card information directly. Some credit card issuers enable you to create virtual card numbers to use on a single website. This is helpful because the card number can’t be used by a scammer to clone your credit card or to purchase from some other website. 

This could protect you from fraud, impersonation, and reduce the likelihood of an attacker compromising your bank accounts.  

5. Travel Scams 

The holiday season is the season of travel, and scammers are always on the lookout for ways to take advantage of these vacation plans. Victims can receive phishing emails offering discounted travel deals and offers that impersonate legitimate online travel service providers. Booking travel plans through these fake malicious sites can compromise your sensitive personal information and even lead to financial losses.  

Always verify the legitimacy of websites by navigating to the service provider’s website directly instead of using suspicious links embedded in emails, use secure payment methods to protect your personal information, and remember – if a deal is too good to be true, it likely is.  

Leave a comment »

Sage announces Finance Intelligence Agent to power high-performance finance teams

Posted in Commentary with tags on November 6, 2025 by itnerd

Sage today introduced the Sage Intacct Finance Intelligence Agent. The Finance Intelligence Agent is part of Sage’s growing network of AI agents transforming the role of the CFO, from supporting the business to leading it.

This launch sets a new benchmark for high-performance finance and marks a pivotal step toward autonomous operations and insights. By supporting CFOs with AI-powered agents, Sage helps organisations get continuous accounting, trust, and insights, delivering speed, accuracy, and clarity, while reducing manual efforts and reporting.

Historically, finance teams often needed to hunt for reports, review dashboards, and sometimes export and manipulate data in spreadsheets to get answers and make recommendations – a process that could take minutes to hours depending on the complexity of the task. The Finance Intelligence Agent represents the next evolution of AI in finance, acting as an intelligence layer that routes natural language questions to the right AI Agents and financial data sources, coordinates their responses, and composes a final, actionable answer – in seconds. By eliminating the need to run reports or analyse data externally, it simplifies decision-making and accelerates outcomes.

A growing network of Sage AI Agents

The addition of the Finance Intelligence Agent builds on the existing suite of Sage Intacct AI Agents designed to support finance teams across workflows:

  • Close Agent: Keeps close tasks on track, flags issues early and provides full visibility in one workspace.
  • AP Agent: Automates bill processes, PO matching, and duplicate checks, allowing teams to review and approve with confidence.
  • Assurance Agent: Catches errors at entry, stopping mistakes before they post and eliminating downstream rework.
  • Time Agent: Automates project time capture, freeing staff from manual entry and maximising billing and estimating accuracy.

These agents are built on Sage’s unified platform – where applications, workflows, and data come together – and powered by Sage AI, which delivers purpose-built, domain-specific AI services. Acting as behind-the-scenes specialists, they operate within permission boundaries, whether surfaced through Sage Copilot or embedded into product workflows.

Sage AI Agents strengthen Sage Intacct as one of the industry’s leading and most trusted platforms for CFOs. Built by finance teams, Sage Intacct’s AI Agents deliver automation that is practical, transparent, and tailored to how they work, helping organisations meet today’s pressures head-on.

Empowering finance teams

Sage Intacct AI Agents relieve pressure on teams that spend too much time on manual processes and chasing data. By automating tasks like drafting bills, matching transactions, guiding close activities, and flagging errors before they escalate, these Agents help finance teams operate with greater speed, accuracy, and confidence.

They connect insights and actions across finance operations, enabling CFOs and their teams to focus on strategy and growth. Together, the Agents streamline core workflows and advance continuous accounting, delivering trusted insights while reducing manual effort and reporting overhead.

Meeting the pressure on finance

According to McKinsey, technologies can fully automate 42% of finance activities and mostly automate a further 19%. Sage data shows how this potential is being realised in practice, with AI processing 45 million bills, flagging 190 million anomalies, and processing 3.2 billion transactions annually. Customers are saving an estimated 50 million hours annually.

Availability and next steps

Unlike general-purpose AI tools that require extensive customization, Sage Intacct’s finance-first AI Agents work out of the box, delivering fast results with minimal setup.

Whether accessed through Sage Copilot or embedded into workflows, with the autonomy of agents, finance teams get faster results.

The Finance Intelligence Agent is available in December to Early Adopters on Sage Intacct across the US and the UK.

Leave a comment »

REALLY Weak Passwords Contributed To The Louvre Break In

Posted in Commentary with tags on November 6, 2025 by itnerd

From the “what were they thinking” department comes the news that the Louvre, which was burglarized on October 19, had used the weak password LOUVRE for its core security systems according documents obtained by the French newspaper Libération.

Like seriously?

Darren James, Senior Product Manager at identity management and authentication solutions provider Specops Software provided the following comments:

“Even though the audit that found this easily guessable password was from 11 years ago, it’s still something we hear a lot about today.

“The password problem isn’t just a technical issue, it’s a human behavior challenge that’s extremely difficult to correct. Passwords, and IT security in general, are often seen as one of those annoying things that stop users from getting on with their day-to-day work. They have to remember so many these days, both for their jobs and personal lives, that they tend to take the easy route: choosing easily guessable words, reusing the same password across multiple systems, or following predictable patterns. And when everything falls apart, their defense is often, “Well, I never thought it would happen to me!”

“So, what can companies do to improve this? They should take the advice of ANSSI (France), NIST (USA), and the NCSC (UK) and change their approach to passwords:

  • Move away from complexity with lots of different character types. That only encourages predictable patterns. Instead, switch to longer passphrases.
  • Block words that relate to your organization. This is a good use of AI; ask your favorite LLM to generate a list of 1,000 words related to your company.
  • Block passwords that are already breached. If they’re out there on the dark web, why would you let someone use them?
  • Remove password expiry. It doesn’t help, as users just make small changes to their regular password (for example, Summer2024 to Summer2025).
  • If you do remove expiry, remember that people still often reuse their passwords. Make sure you have a solution that can continuously check your users’ passwords against a constantly updated database. That way, when they do get leaked, you can act quickly.

“And finally, help your users. When they need to change or reset their password, give them the means to do it securely, and use a reset solution that provides helpful feedback.”

This is a case study as to how not use passwords. Though there’s more in the report that highlights other failures that contributed to the thieves being able to pull off this heist. Talk about a #fail.

Leave a comment »

Warning from Canadian Centre for Cyber Security says that critical infrastructure is vulnerable

Posted in Commentary with tags on November 6, 2025 by itnerd

Late last week, the Canadian Centre for Cyber Security shared a warning stating that hacktivists are targeting critical infrastructure through internet-exposed industrial control systems (ICS).

In recent weeks, the Cyber Centre and the Royal Canadian Mounted Police have received multiple reports of incidents involving internet-accessible ICS. One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community. Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.

While individual organizations may not be direct targets of adversaries, they may become victims of opportunity as hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation.

Exposed ICS components, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA) systems, Safety Instrumented Systems (SIS), Building Management Systems (BMS), and Industrial Internet of Things (IIoT) devices, pose significant risks to organizations, their clients, and the broader Canadian public.

 Grayson Milbourne, Security Intelligence Director, OpenText Cybersecurity had this to say:

“The Cyber Centre’s alert underscores a cross-border reality: both Canadian and U.S. critical infrastructure operators are connecting legacy industrial control systems to the internet without the right access safeguards. These systems weren’t designed with modern authentication in mind, and that’s exactly where attackers are getting in.

Cybersecurity for critical infrastructure has to start with identity. When every user, device, and connection is verified, organizations can limit who touches sensitive systems and quickly spot when something’s wrong. That means implementing strong identity and access management, continuous monitoring, and strict network segmentation to close the gaps hacktivists exploit.”

This warning illustrates the fact that critical infrastructure needs to move to a place where it isn’t a target for threat actors. Right now critical infrastructure is low hanging fruit for threat actors. And that isn’t a good place to be as it can have catastrophic results for all of us.

Leave a comment »

Flashpoint Serves Up An Analysis Of LockBit 5.0

Posted in Commentary with tags on November 6, 2025 by itnerd

On the back of Flashpoint’s report last week on the Evolution of Data Extortion, I wanted surface a blog post that is just live this morning from the Flashpoint team about LockBit 5.0 Analysis.

It’s a deep dive into the latest evolution of the dominant Ransomware-as-a-Service (RaaS) group. Flashpoint’s analysis confirms its key innovation is a refined modular two-stage deployment model designed to maximize evasion, modularity, and EDR bypass.

The blog post is here:  https://flashpoint.io/blog/lockbit-5-0-analysis-technical-deep-dive-into-the-raas-giants-latest-upgrade/.

Leave a comment »

Guest Post – AI Goes Rogue: Google Report Reveals Malicious LLMs Fuel Next-Gen Cyberattacks

Posted in Commentary with tags on November 6, 2025 by itnerd

By Stefanie Schappert

The Google Threat Intelligence Group published an updated report on Wednesday highlighting a critical shift in the cyber-threat landscape – and it’s all about AI. 

This “just-in-time” AI malware marks what Google is calling a “new operational phase of AI abuse.” Moreover, it’s already being actively used by low-level cybercriminals and nation-state actors alike.  

Google makes it clear that attackers have moved from using AI as a simple productivity tool to creating the first-of-its-kind adaptive malware that weaponizes large language models (LLMs) to dynamically generate scripts, obfuscate their own code, and adapt on the fly.

Don’t get it wrong, attackers are still using artificial intelligence to generate basic and yet hard-to-detect phishing lures for social engineering attacks. But adding to their arsenal are built-to-go modular, self-mutating tools that can evade conventional defenses. 

As Google puts it: “These tools can leverage AI models to create malicious functions on demand, rather than hard-coding them into the malware. While still nascent, this represents a significant step toward more autonomous and adaptive malware.” 

And while the research indicates that some of these novel AI techniques are still in the experimental stage, they are a surefire harbinger of things to come. 

What also makes this evolution particularly worrying is the lowered barrier to entry. Google found that underground marketplaces are offering multifunctional AI toolkits for phishing, malware development, and vulnerability research, so even less-sophisticated actors can tap into the toolset.

Meanwhile, nation-state groups, such as Russia, North Korea, Iran, and China, have already figured out how to leverage AI tools across the full attack lifecycle, from reconnaissance and initial compromise to maintaining a persistent presence, moving laterally through the target network, and developing command-and-control capabilities and data exfiltration.

In effect, defenders must now prepare for an era of adaptive and autonomous malware and AI tools that learn, evolve, and evade in real-time, creating new challenges for this generation of cyber defenders, who must learn to combat self-rewriting code, AI-generated attack chains, and an underground AI toolkit economy.  

Traditional static signature defenses will soon become ineffective, leaving already burnt-out CISOs scrambling to quickly pivot to anomaly-based detection, model-aware threat intelligence, and real-time behavioural monitoring.

Furthermore, AI-enabled tooling will almost certainly raise attackers’ success rates; not because every attack is flawless, but because automation, real-time adaptation, and hyper-personalised lures will massively widen the attack surface.

And let’s not forget the trickle-down effect that these AI-driven cyberattacks will have on the average person. 

What happens when AI, which can already ingest a person’s public posts, bios, photos, and leaked data to mimic their language, references, and relationships, begins to tailor its attack strategy against its target in real-time? 

AI-fueled scams, phishing emails, fake websites, and voice or video deepfakes will sound and look far more convincing than ever before, putting personal finances, privacy, and even digital identity at greater risk.

The result? An era where cyber deception feels authentic, the line between real and fake blurs, and the average person is exposed to attacks that feel real, personal, and nearly impossible to detect.

ABOUT THE AUTHOR

Stefanie Schappert, MSCY, CC, Senior Journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019.  She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News.  With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google.  Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines. 

Leave a comment »

EnGenius Releases Broadband Outdoor EOC620 Mobile CPE 

Posted in Commentary with tags on November 6, 2025 by itnerd

EnGenius Technologies has announced the release of the EOC620, the newest addition to its Broadband Outdoor EOC series. Specifically designed for mobile deployments and remote site applications, the EOC620 extends the EOC series beyond traditional fixed installations to support transportation and other dynamic environments where continuous wireless connectivity is critical.

Wireless Connectivity Challenges in Mobile Environments

Transportation and logistics companies face significant challenges in maintaining reliable wireless connectivity while vehicles are in motion. Existing solutions often struggle with outdoor durability, signal stability during rapid movement, and flexible antenna configuration for diverse vehicle platforms. The EOC620 addresses these gaps with enterprise-grade performance optimized for on-the-move applications.

Advanced Mobile CPE for Transportation and Remote Operations

The EOC620 is designed specifically for mobile and remote environments where continuous connectivity is critical. Ideal for transportation fleets, public transportation systems, and commercial vehicle operations, the EOC620 delivers 5GHz radio performance with the durability and flexibility needed for on-the-move deployments. The device features 26 dBm transmit power, IP67 weatherproof construction, and SMA connectors for flexible antenna configuration—enabling operators to deploy reliable wireless solutions in their most challenging scenarios.

Unified Management Across the EOC Series

The EOC620 integrates with the same management platform as other EOC models, enabling operators to manage their entire network—from backbone to last-mile to mobile deployments—through a single centralized system. SkyPoint NMS and SkyConnect mobile app provide consistent tools for deployment, monitoring, and fleet management across all EOC products.

Extended EOC Series Capabilities

EOC620 complements the existing EOC portfolio:

  • EOC655: High capacity backhaul backbone for enterprise and ISP core networks
  • EOC600/610: Cost-effective last-mile CPE for fixed urban and rural coverage
  • EOC620: Enterprise-grade mobile CPE for transportation and remote applications

Key Features and Capabilities

  • Single 5GHz radio with up to 1,200 Mbps link capacity, supporting up to 16 devices in PtMP setups
  • 26 dBm transmit power for reliable long-range coverage in motion
  • IP67 weatherproof and dustproof housing for extreme environmental durability
  • SMA connectors enabling flexible external antenna configuration for diverse vehicle platforms
  • Intelligent RF management with automatic channel selection and dynamic data rate adjustment to maintain stability during vehicle movement
  • 802.11ax Wi-Fi 6 technology with MU-MIMO for enhanced multi-device support
  • SkyPoint NMS and SkyConnect mobile app for centralized management and easy on-site deployment
  • AES-256 encryption for secure data transmission

The EO620 will be available from EnGenius authorized resellers and distribution partners by November 2025. For additional product specifications and purchasing information, visit: EOC620

Leave a comment »

‘Minecraft’, ‘qwerty’, and ‘India@123’ among 2025’s most common passwords 

Posted in Commentary with tags on November 6, 2025 by itnerd

Comparitech researchers have published a new study, finding that the 100 most common passwords in 2025 are ‘123456’, ‘admin’, and ‘password’. 

For this analysis, Comparitech researchers aggregated more than 2 billion real account passwords leaked on data breach forums in 2025. Using that data, they amassed a list of the most-used passwords — including a couple interesting ones!

While this is a fun list to read through, these findings show exactly why password security really matters. Modern password cracking programs make short work of weak passwords, and common passwords like in this list are easily guessed. By using these passwords, people are putting themselves and their organizations at an extremely high risk. 

Here’s the research for your review: https://www.comparitech.com/news/minecraft-qwerty-and-india123-among-2025s-most-common-passwords-report/

Leave a comment »

« Older Entries
Newer Entries »