By Adarsh Verma In an omnichannel landscape, a brand kit is an efficiency engine. While you can operate without…
The post Build an Omnichannel Brand Kit: A 6-Step Strategy Guide appeared first on Fossbytes.

Source:: Fossbytes

By Rachit Agarwal Perplexity Health connects your lab results, prescriptions, and wearable data in one place, giving you health answers that are backed by real medical sources.
The post Perplexity unveils Perplexity Health, an AI tool to transform your scattered medical data into health insights appeared first on Digital Trends.

Source:: Digital Trends

The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala.

The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala, known for multiple destructive wiping, data theft and data leak attacks, was reportedly able to compromise. But CISA said the defensive principles of its recommendations can be applied to any endpoint management software.

Top issue: phishing resistance

The CISA advice is certainly “timely and appropriate,” said Johannes Ullrich, dean of research at the SANS Institute. “In my opinion, the top issue is implementing phishing-resistant authentication” to protect logins.

“This problem goes beyond the specific issue of mobile device management and is something IT leaders need to prioritize,” he pointed out. “While multi-factor authentication does solve many problems, not all MFA technologies are phishing-resistant. In particular, for cloud-based solutions, which are usually accessible to everybody, solid phishing-resistant authentication is a must-have.”

Organizations must also be careful when enrolling personal devices into corporate-managed endpoint solutions, he added. Only company-owned devices should be enrolled, to avoid disrupting personal devices, and enrolled devices should be dedicated to company business.

Hardening endpoint management systems

CISA advises IT leaders to:

use principles of least privilege access when designing administrative roles for endpoint management systems. For Intune systems, there is role-based access control limiting what actions a role can take, what users the actions are applied to, and which devices are covered;

enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene. Intune users and others can take advantage of Microsoft Entra ID capabilities including conditional access, MFA, risk signals, and privileged access controls to block unauthorized access to Intune;

configure access policies to require multi-admin approval for accessing and making changes to endpoint management systems.

CISA also points Intune admins to these Microsoft documents: Best practices for securing Microsoft Intune; Use Access policies to implement Multi Admin Approval, Configure Microsoft Intune for increased security; Role-based access control (RBAC) with Microsoft Intune and Plan a Privileged Identity Management deployment.

Michael Smith, field CTO at DigiCert, noted that while the CISA warning applies specifically to Microsoft Intune, there are many similar products that run as an administrator on endpoints. These need  escalated privileges because they make changes on the endpoint, which makes them powerful tools for IT. However, he added, that also makes them a target. Any compromise of these products could lead to compromise of the endpoints they manage.

The power to create ‘irreversible damage’

Stryker said the March 11 attack caused disruption to its order processing, manufacturing and shipping. However, Handala claims it was also able to remotely wipe thousands of employee devices.

In a March 15 update Stryker said all connected, digital and life-saving technologies used by customers remain safe to use. “This event was contained to Stryker’s internal Microsoft environment, and as a result it did not affect any of our products—connected or otherwise,” the statement said. No ransomware or malware was deployed, the company added.

In the Stryker incident, attackers hijacked a tool that companies trust every day, and used it to shut down operations on a global scale, commented Ismael Valenzuela, vice-president of threat intelligence at Arctic Wolf. “By abusing Microsoft Intune, they were able to remotely wipe more than 200,000 devices across 79 countries. The lesson is clear: no single login should ever have the power to cause irreversible damage,” he said.

“Destructive administrative operations like device wipes, mass policy changes, or tenant‑wide updates must require multiple approvals,” he added. “No one session, credential, or role should be able to take destructive action at scale without independent authorization. Organizations should immediately lock down endpoint management tools by tightly limiting admin access, enforcing multi‑party approvals, and continuously monitoring privileged activity so trusted platforms don’t become single points of failure.”

Endpoint management a high-value target

Robert Beggs, head of Canadian incident response firm Digital Defence, said endpoint management systems have always been high-value targets because they are universally trusted and push configurations, scripts, and remote actions across an entire IT network. 

“Although the Stryker incident speaks to exploits of the Microsoft Intune application, similar products have been targeted in the past, including SolarWinds Orion (2020), Kaseya VSA (2021), and the Microsoft Exchange management interface (2021),” he pointed out.  “All of these attacks demonstrate that malicious actors recognize the value of attacking controls with the keys to the kingdom, rather than going after individual systems.”

He said that the following defenses against this kind of attack are frequently cited by experts: Employ least-privilege access and dual approval for major actions, ensure that strong identity controls are in place, employ micro segmentation and monitor for unusual administrative actions.

Monitoring for administrative activity is especially critical with these types of attacks, Beggs added  “Look for activities such as admin actions after hours, or from unusual locations or IP addresses,” he said. “Validate the creation of new admin roles or elevated privileges. And baseline normal admin activities so that you can identify admins performing tasks that they usually don’t do.”

Because endpoint management systems can push changes to thousands of devices at once, an unexpected script deployment could create new configuration profiles or execute unexpected actions to disable defenses or deploy malicious content, he noted. Signs of compromise include disabling of MFA, removal of security controls, removal of monitoring tools, changes to network access controls, and altered logging settings.

“The most important question is, how quickly can you identify these actions,” he said, “and are you prepared to recover?”

Two Handala sites seized

On Thursday, researchers at Flashpoint confirmed that the FBI had seized two Handala websites used for propaganda and releasing stolen data. One site now carries a statement saying the domain had been seized under a US court order. Flashpoint believes Handala is associated with the Iranian regime, and is not an independent actor.

This article originally appeared on CSOonline.

Source:: Computer World

By Cristian Dina Ten days after founder Jay Graber stepped aside as CEO, the decentralised social platform has disclosed a $100 million Series B led by Bain Capital Crypto, a round that closed last April but was never announced. The timing tells its own story. There is a quiet irony in the fact that the person who built […] This story continues at The Next Web

Source:: The Next Web

By Ana-Maria Stanciuc Here is one way the AI data economy works in practice in 2026: a DoorDash courier straps on a body camera, washes at least five dishes, holds each one up to the lens for a few seconds, and earns a few dollars. That footage, mundane, specific, reproducible at scale, is exactly what AI and robotics […] This story continues at The Next Web

Source:: The Next Web

Music giant BMG has filed a lawsuit against Anthropic, the company behind the popular chatbot Claude, alleging it trained its AI models using copyrighted song lyrics from artists such as the Rolling Stones, Bruno Mars, and Ariana Grande.

“Anthropic’s practice of training AI models on copyrighted works from torrent sites is in direct violation of the standards required of all responsible actors,” a BMG spokesperson said in a statement quoted by Reuters.

The lawsuit details 493 instances of copyright infringement, which could prove costly for Anthropic if the company is found liable in court.

Last year, Anthropic chose to pay $1.5 billion in damages to a group of authors who filed a similar lawsuit against the company in 2024.

Source:: Computer World

By Hisan Kidwai KRAFTON has just rolled out the BGMI 4.3 update, and it’s easily one of the biggest…
The post BGMI 4.3 Update Changes Everything: New UI, Cricket Teams, and More appeared first on Fossbytes.

Source:: Fossbytes

By Paulo Vargas Hydrogen never worked in cars, but researchers in Norway have built a drone that runs on it, swapping batteries for a fuel cell to handle long-range jobs like power line inspections.
The post Hydrogen fuel cars never caught on, but it just might produce next-gen long range drones appeared first on Digital Trends.

Source:: Digital Trends

By Hisan Kidwai If you live alone in a big city, you know the headache of coming home from…
The post Philips OneChef Launched in India With 33 Cooking Functions at ₹19,995 appeared first on Fossbytes.

Source:: Fossbytes

By Paulo Vargas The FBI confirms it’s buying location data on Americans again, using data brokers to access movement history without a warrant, as lawmakers push to close a growing legal gap.
The post The FBI is buying location data on Americans, here’s what it means appeared first on Digital Trends.

Source:: Digital Trends

The United Kingdom is may introduce labeling requirements for AI-generated content as part of a broader review of copyright law, Reuters reports. The aim is to make it easier for consumers to identify material created by AI and protect them against threats such as deepfakes and disinformation.

At the same time, the government emphasized that the rules would need to be designed so as not to slow development in the rapidly growing AI sector.

According to Technology Minister Liz Kendall, the government will also review the risks associated with digital copies of people created without consent, how creators can gain greater control over the use of their works online, and how creative industries can receive fairer compensation.

The UK currently has the world’s third-largest AI industry after the US and China. According to Kendall, the sector is growing about 23 times faster than the rest of the British economy.

Source:: Computer World

By Omair Khaliq Sultan The Sennheiser HD 660S2 has been on my radar as a recommendation for anyone looking to step up from the HD 650, and at $419.81 it’s now $260 off its $679.95 list price. That’s a 38% cut on what is arguably Sennheiser’s most accomplished open-back headphone in this range, and it brings it into a […] The post The Sennheiser HD 660S2 is 38% off, and it’s the audiophile headphone upgrade I’d recommend without hesitation appeared first on Digital Trends.

Source:: Digital Trends

By Ana-Maria Stanciuc Meta’s Creator Fast Track programme guarantees three months of pay for established creators willing to build a following on Facebook, after the company paid out a record $3 billion to creators in 2025. Facebook has a creator problem that three billion monthly users cannot solve. The platform is enormous, but the creators who drive the […] This story continues at The Next Web

Source:: The Next Web

With a 60% surge in App Store submissions as developers embrace vibe coding and AI-assisted development tools, Apple’s App Store team has identified an emerging security challenge: what happens when an app you download later evolves into something fundamentally different — without Apple having a chance to review those changes. 

Vibe coding the new attack surface

Let’s say you install a simple chess app, only to discover later that it has updated itself into something different, or that it’s downloaded external code that modifies or adds to what it does after installation. Some experts already expect as much as 30% of new security exposures to be generated by hastily made vibe-coded apps. That might turn into an even bigger risk as Apple is forced to support app sideloading in some markets.

Theoretical threat?

The deeper risk is that legitimate‑seeming apps could introduce unverified, remotely delivered code after installation. This is a known malware pattern; one historic example is XcodeGhost, a compromised version of Apple’s Xcode development environment that infected apps built with it. More recently, CovertLabs identified 198 iOS AI apps leaking user chat history and private data. Even today, news of the DarkSword iOS exploit shows that hackers see Apple’s platforms as high-value targets, which means any potential security flaw will be explored and, if possible, exploited.

Apple protects

Apple’s latest response to this threat appears in an updated set of App Store guidelines first noted by The Information. Reportedly, Apple is pushing back on “vibe coding” platforms such as Replit and Vibecode, arguing that they violate long‑standing rules prohibiting apps from running code that can alter how other apps behave. 

The aim isn’t to inhibit vibe coding per se, MacRumors tells us; Apple particularly objects to tools that display newly created apps inside an embedded web view within the app. 

Instead, Apple wants these previews opened in an external browser, which prevents app‑within‑app execution that could circumvent review. I imagine the move to open in an external browser would also place that app behavior in the more protected Safari sandbox security, which restricts what such apps can do to your system. Some functions might fail, but permissions would remain secure.

Dynamic code and threat delivery

It’s tempting to think the concern is that these apps could bypass Apple’s commission structure. But Apple itself says the motivation is security — preventing apps from fundamentally changing their behavior without review.

“Vibe-coding” tools allow users to write, generate, or modify code dynamically in‑app; in doing so, they create a scenario where apps built using them can evolve into something different after installation. While this is useful for education and experimentation, it also creates a series of potential security vulnerabilities. For instance, if a malicious actor compromised a vibe‑coding platform, they could push harmful updates to apps developed within it.

Apple’s developer guidelines already try to address this issue:

“Apps should be self‑contained in their bundles and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach or allow students to test executable code may, in limited circumstances, download code, provided that such code is not used for other purposes and is fully viewable and editable by the user.”

To my mind, the intent is to mitigate against Trojan‑horse‑style attacks that might be enabled by unreviewed code execution.

Apple’s App Store cannot become a backdoor

In the end, despite the fact that Apple does now support GenAI-boosted workflows in Xcode, it does not want the App Store to become a conduit for the distribution of apps that can fetch or execute unreviewed code after approval. After all, if every app did this, the value of app curation is itself reduced. While it might be that other app marketplaces choose to allow such flexibility (good luck with that), Apple has no intention of permitting the App Store to serve that role.

In November, Apple strengthened its App Review guidelines with a new rule to prevent app impersonation. “You cannot use another developer’s icon, brand, or product name in your app’s icon or name without approval,” that rule said. 

Apple’s concern is that dynamic code‑generation tools make it easier for developers (or attackers) to build, deploy, and ship copycat apps or apps that can be updated using unknown tools, frameworks, or remote code after installation. Generative AI (genAI) further accelerates this risk by making it trivial to produce complex code quickly. This is certainly contributing to the roughly 2.28 million apps now available at the App Store, which is up by 160,000 from the year before.

Fear, uncertainty, doubt — and opportunity

The threat the App Store team wants to protect us from is a natural extension of the proliferating AI-driven challenges we are already experiencing in our lives. Just as we now scrutinize AI‑generated images of world leaders in coffee shops for tell‑tale signs of extra fingers, we may soon need to question whether the apps on our devices are truly what they claim to be. Plus, of course, as criminals identify common code signatures in vibe‑generated apps, they may yet identify attractive new attack surfaces no one else has come across yet.

That’s not hyperbole — we know we live in interesting times. There is no doubt that when it comes to apps doing things on our digital devices that contain so much of our own personal data, it’s far better to play safe and deploy tactically than move fast and break more of the few remaining things we have left.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Source:: Computer World

By Ana-Maria Stanciuc The New York digital comics platform is combining its 300,000-title library with INKR’s AI localisation engine, and bringing in new leadership to execute the expansion. The problem with getting manga into the hands of readers outside Japan is not demand. Manga is the fastest-growing category in American book publishing; global interest has been building for […] This story continues at The Next Web

Source:: The Next Web

By Rachit Agarwal Your phone screen may look perfectly uniform, but tiny flickering hotspots concentrate energy and could shorten its lifespan, according to researchers at the University of Michigan.
The post Researchers spot a nanoscale anomaly that can ruin your phone or TV’s OLED screen appeared first on Digital Trends.

Source:: Digital Trends

By Hisan Kidwai Over the years, OPPO’s A series has delivered some great value phones for price-conscious buyers. Keeping…
The post OPPO A6s 5G Launched in India With 6,500mAh Battery and 45W Charging appeared first on Fossbytes.

Source:: Fossbytes

By Paulo Vargas Nike and Apple’s Powerbeats Pro 2 combine bold design with fitness tracking, long battery life, and workout-ready durability, aiming to replace multiple devices with a single, high-performance pair of earbuds.
The post Nike and Apple made an uber-flashy Power Beats Pro 2 Ultimate earbuds appeared first on Digital Trends.

Source:: Digital Trends

By Hisan Kidwai Cybersecurity in 2026 is one of the most pressing issues since everything we interact with is…
The post HP Study Finds Many Indian SMBs Still Ignore Printer Security Risks appeared first on Fossbytes.

Source:: Fossbytes

By Shikhar Mehrotra Apple brings smarter software and premium materials. Sony brings longer battery, hi-res wireless audio, and $100 in savings. Which flagship headphone actually deserves your money?
The post AirPods Max 2 vs. Sony WH-1000XM6: Should you get the $549 or $449 flagship headphone? appeared first on Digital Trends.

Source:: Digital Trends