Kategorie

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]

Apple’s latest Safari privacy campaign is more than pre-WWDC marketing. It is an early signal of how the company plans to frame artificial intelligence (AI): as something that only works if users trust the platform behind it.

The week before WWDC is often significant, as Apple tends to make announcements it simply can’t fit into the keynote itself. This year’s first pre-show reveal is a new campaign focused on privacy that shows how much more private Safari is than rival browsers; there’s even a highly entertaining video that makes the point.

Privacy on Safari

Apple has been building privacy protections into Safari for years. The browser protects you from malicious scripts that might attempt to access passwords or credit card information. Safari also tells you what data an extension wants to access and can restrict access to match your settings. It blocks third-party cookies by default, detects and removes trackers, and has measures in place to prevent data companies from identifying — and following — you through device characteristics. 

That’s even before Apple’s powerful Private Browsing mode, which includes meaningful protections. The company has put together a page packed with resources to explain the privacy protections it has in place across its platforms.

Privacy is critical to Apple — not only because the company regards it as a human right, but because it correctly recognizes that to make new generations of sensor-laden technologies it must ensure privacy is protected. Without privacy and trust, people won’t use the technology.

Trust is the product, not you

The truth is that people are becoming increasingly concerned about how the digital devices we depend on for convenience are now being used for different kinds of surveillance, and we need to be convinced that our personal data is protected. We do not want every aspect of our life to become fodder to feed a digital dystopia, even as we still want the positive solutions technology promises.

Think about the Apple Watch. Consider the data it gathers: distance walked, calories burned, and more — it’s a rich trove of personally identifiable data that no one really wants to share with others without consent. Apple Watch is not the only Apple device that is gathering information, even your web browser captures a great deal of it. Hence, the focus on Safari in Apple’s new campaign.

Privacy will become an even greater concern as AI spreads. Data brokering services already make extensive use of AI to analyze and identify patterns in the online data they harvest. AI deployed without strong privacy protections poses serious risks to the way we live, while the consolidation of AI ownership in the hands of a few companies risks creating dangerous imbalances of power. That’s the context in which private data needs to be protected, making privacy an essential component of a positive tech-augmented future. 

Why the AI era raises the stakes

Apple’s focus on privacy is far from new; it has been consistent in this work for many years. Competitors often accuse Apple of hypocrisy, but the company has been arguing for privacy’s importance for more than a decade. Others have adopted some of the same principles, though not all of them — and while Apple may sometimes use privacy as a moat for its own products and services, that does not diminish its value.

It’s with all this in mind that I consider Apple’s latest privacy ad campaign and its rollout just before WWDC, where it is expected to introduce new AI services. That Apple’s new privacy campaign seems not to have made the final cut for the show tells me the company has much more to discuss on the topic, particularly around Apple Intelligence.

What Safari’s signals suggest

When Apple introduces its new AI features at WWDC it will do so while celebrating the privacy built into them. The current privacy ad campaign will be part of an overall push as the company explains that its ecosystem can run third-party AI services while also offering its own bespoke Apple Intelligence AI to do really useful things in complete privacy.

This isn’t just a competitive moat, it’s a realistic assessment in practice. It shows that Apple understands that in the age of AI, privacy matters more than ever. As AI becomes central to everyday digital experiences, privacy is no longer optional — and Apple is prepared to make the case to support it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and follow The Core.

Asana has launched an AI personal assistant that can track various data sources to alerts users when a work project runs into problems and recommends next actions.

It’s one of a range of product announcements made Thursday at the company’s Work Innovation Summit in London, including updates to its existing AI teammates product. These follow Asana’s recent acquisition of AI workflow automation software vendor StackAI for $75 million.

Asana Dash is described as an “AI chief of staff” that can help users stay up to date on work projects by accessing information in Asana as well as across email, calendar and team messaging apps, said Arnab Bose, Asana’s chief product officer. “Keeping people in their ‘zone of genius’ and hooking up all of these unstructured signals to the structure of Asana — that’s what Dash does best,” said Bose.

The AI assistant can access the same Asana project information as the user, and can flag when problems occur that could push a project off-track. Dash can then act to address problems, such as posting messages within Asana on behalf of the user or directing an AI teammate to take action. (Dash will ask the user before making any changes.)

“Asana is building on recent acquisitions, and earlier investment in a graph database focused on human connections — the Asana Work Graph — and its position within a well-integrated flow of work to deliver to each worker an executive assistant rooted in the context of their job,” said Wayne Kurtzman, IDC research vice president.    

The Dash personal assistant is enabled by an expanded Asana work graph — the data model related to work carried out by teams in the application. Asana has in the past been more focused on tasks, projects, portfolios, and goals, said Bose, but the work graph now includes new sources of data, linking to employee calendars and accessing meeting transcripts, for instance, alongside other documents and databases.

There are also updates to the AI teammates feature — collaborative AI agents that multiple human coworkers can interact with — which are now more powerful, said Bose. This includes additional skills and integrations with third-party apps such as Gmail, Slack, Outlook, Figma, and Canva.

As for the StackAI acquisition, Bose said it allows Asana to extend the reach of AI agents into a variety of business apps more easily and reliably, building ] on Asana’s “system of action” function. The latter tracks work carried out across an organization, he said, and can automate the complex processes that make up many enterprise workflows. 

“If you look at StackAI’s website, the thing that they are really, really great at is building these complex, multi-step processes,” said Bose. The aim is to combine StackAI’s agent builder with integration expertise agents already available in Asana. 

“So, the idea is when an AI teammate or Dash recommends the next best action, they will be able to choose downstream actions based on the portfolio of approved workflows that you’ve built out in StackAI.”

Overall, the announcements help Asana provide a platform that combines agents and workflow automation with AI assistance that aids humans to work more effectively, said Bose.

“Our terminology for this is a ‘human-agent operating system,’ because automation, I feel, is a little reductive in the sense that there are some things that are fully automated, but a lot that you’d want a human being and an AI agent to coordinate on and align on,” he said.

Asana did not immediately respond to a request for pricing and availability details for Dash.

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload.

A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic.

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]

French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]

Google has released new tools that allow developers to run agentic AI workflows locally using Gemma 4 12B, a 12-billion-parameter model from Google DeepMind.

In a blog post, the company said the model, combined with the Google AI Edge stack, can be used to build and test applications on everyday machines. The model-runtime combination supports capabilities such as autonomous data processing, visual insight generation, webpage creation, and tool use.

The release includes Google AI Edge Gallery for macOS, where developers can use Gemma 4 12B to generate and run scripts for tasks such as data analysis. Google also said its Eloquent voice dictation and editing app now runs fully on-device on macOS, with support for local transcription and voice-driven text editing.

Google has also expanded LiteRT-LM, its lightweight command-line tool for running language models locally, with a new serve command. The company said this allows the CLI to act as a local LLM server and lets developers connect Gemma 4 12B to standard tools, SDKs, and frameworks through a local endpoint.

“Your data stays on your device while maintaining reliable responsiveness, utility, and cost efficiency,” the company said in the blog post.

The announcement comes as enterprises are looking beyond large, general-purpose models for some AI workloads. Gartner predicted that by 2027, organizations will use small, task-specific AI models at least three times more than general-purpose large language models, citing demand for more contextualized and cost-effective AI systems.

Challenges to overcome

But running agents on employee devices brings a number of problems. Companies must work within the limits of endpoint hardware, which can restrict the size of models that run effectively and the number of model instances that can operate at one time.

“While the AI can now fit on a laptop, enterprise IT infrastructure is largely unprepared to manage it,” said Rishi Padhi, principal analyst at Gartner. “Even highly optimized models like the Gemma 4 12B require around 16GB of unified memory or VRAM to run alongside standard applications. Many standard-issue enterprise laptops lack the memory bandwidth and NPUs/GPUs required for fluid, multi-turn agentic execution.”

Anand Joshi, AI analyst at TechInsights, said local deployment also changes the nature of the workloads. On a PC, search may mean finding information across internal folders and files. In a data center, the same function could involve searching the internet or querying a large database such as SQL.

“The framework for local deployment of agentic AI is different from that of a data center,” Joshi said. “The models are smaller; you can run only one instance of a large model at a time. You are limited by memory, CPU, and so on.”

Security and governance are also likely to become bigger concerns as AI agents move closer to enterprise endpoints. Agentic AI is designed to take actions, creating new security risks when local models are given access to employee files or allowed to interact directly with applications and scripts.

“Sandboxing these agents without breaking their utility is still a major operational challenge,” Padhi added. “And all this while enterprises need to audit AI usage for compliance and security. When inference happens entirely offline, capturing logs, tracking model drift, and ensuring employees are using the approved, compliant ways for a model becomes incredibly difficult.”

The cost tradeoff

Running AI agents locally could reduce some cloud inference costs, but the savings may be offset in the near term by higher spending on endpoint hardware and management.

“First and foremost, it is an OpEx-to-CapEx shift, as it shifts that financial burden by forcing accelerated hardware refresh cycles for premium PCs or edge devices,” Padhi said. “It would require buying expensive, high-memory laptops for employees at a time when memflation in the hardware industry is already driving up end-user average selling prices for laptops.”

Many enterprises refreshed PCs in 2025 to support Windows 11, but at that point, most AI inference still ran in the cloud, and the case for on-device AI remained unclear, Padhi said.

Enterprises may therefore move cautiously, buying AI-capable PCs only where local inference has a clear business case.

Over time, however, on-device AI could make enterprise AI spending more predictable by reducing exposure to variable cloud inference bills. The tradeoff is that companies may face a higher baseline cost for equipping and managing employees’ devices.

Complementing cloud AI

For enterprises, local AI is unlikely to replace cloud-based AI outright. Analysts said local AI is more likely to be used for workloads that benefit from endpoint processing, especially when applications must operate offline or when privacy and response times are critical.

“For local agentic AI to proliferate, the use cases on edge will have to complement data center/cloud use cases,” Joshi said. “I don’t expect local agentic AI to replace cloud AI, but it has potential to take a slice away from the cloud, and models like Gemma are significant steps towards enabling that.”

The market, Joshi added, is still determining where local AI fits best. “I estimate that use cases that require privacy or have strict latency needs will move to local node first, with further migration of others in the next 2-3 years,” he said.

Padhi said model placement will depend on the privacy requirements of a workload, the computing power it needs, and where the relevant data resides. Tasks such as code generation or analysis of local files could increasingly run on employee devices, while enterprise-wide RAG systems and more complex AI workflows are likely to remain cloud-based.

The article originally appeared on InfoWorld.

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab: Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A report released Wednesday by Boston Consulting Group (BCG) indicates that many organizations are having difficulty converting efficiency gains that are AI-driven into any sort of measurable value.

The fourth edition of the consultancy’s annual Global AI at Work Survey reveals 42% of frontline employees who use AI on a regular basis save upwards of a full day each week; however, 66% are not given guidance on what to do with time they save, and “more than half don’t redirect it to strategic work.”

The report, AI at Work: Strategy Matters More Than Tools, is based on a global survey of 11,749 employees in 14 markets, from industries ranging from financial services to the healthcare sector.

David Martin, global leader of people and organization work at BCG, and the report’s lead author, said via email that the number of employees lacking the required guidance is surprising, “but it also tracks with what we see in many AI transformations. Companies have moved quickly to give people tools, but many have not yet redesigned the work around those tools.”

Saved time, he added, does not automatically become value. If a frontline employee saves a few hours a week, but has no direction on whether to use that time for customer service, quality improvement, innovation, or faster execution, “that value can simply leak out of the organization”

The fix is for leaders to change the scoreboard, Martin said: “Don’t just measure AI adoption or hours saved. Decide where that time should go, measure whether it is being reinvested, and give managers clear guidance on how to help teams use it. This is where AI transformation becomes a management challenge, not just a technology rollout.”

In fact, said Vinciane Beauchene, a managing director and partner at BCG and one of the report’s five co-authors, “the first wave of AI focused on individual productivity. The coming wave will need to transform collective work.”

“Everyone is talking about AI replacing work,” she said, “but it is in fact really about rethinking the human value-add inside.”

A managerial revolution underway

According to Beauchene, “this is the role of leaders. Our survey reveals a true managerial revolution in the age of AI; 65% of managers and leaders now believe agents will take over at least half of their job in the next three years, and frontline workers see their jobs evolving towards more managing and directing AI.”

A BCG release stated that the survey also highlights the continued emergence and maturity of AI agents, with 30% of respondents saying that agents are already integrated into workflows, more than double the number from last year’s report (13%).

Other key findings revealed that AI adoption among frontline workers has surged, with 74% saying they now use it daily or a few times a week, which is up 23 percentage points from a year ago. In addition, six out of 10 people believe that, within the next three years, AI agents could do at least half of their jobs.

And a survey slideshow released by the company pointed out, “the AI ‘honeymoon’ won’t last unless leaders bring strategic clarity driving sustained impact AI’s novelty and cognitive stretch fuel enjoyment early on. But sustained joy comes from strategic clarity. Employees thrive when the direction is real and the message reaches them with strong CEO involvement.”

Strategic clarity is a key differentiator

The report suggests that CEOs take a holistic approach to AI transformations by focusing on business outcomes as opposed to AI usage, investing in “redesigning work end-to-end, not in more tools,” placing people at the heart of that redesign, and governing AI not as a one-off program, but as a moving target.

Overall, BCG says that strategic clarity, “more broadly emerges from the survey as the most crucial differentiator in sustaining AI’s impact over time as organizations are moving past simply implementing AI tools in use case deployment initiatives.”

Increasingly, it adds, “the focus is shifting to redesigning end-to-end workflows and processes to reimagine functions, as well as to building and innovating new business models and products to drive growth, which have nearly doubled year-over-year.”

Global leader of BCG’s tech build and design unit BCG X Sylvain Duranton, also a report co-author, added, “employees don’t push back on AI intensity; they thrive when the strategy is clear, the direction is real, and the message reaches them.”

He added, “Business value and employee enjoyment aren’t trade-offs. The organizations capturing the greatest business value are the same ones where employees enjoy work the most.”

Despite the opportunity, the report notes that only one-third of frontline employees say that leadership’s communications about AI are clear, and only 28% “see a strong connection between what leaders say and what the organization actually does.”

However, Martin said, management can’t deal with this situation on its own. “CIOs have a critical role, but this is not a problem they can solve alone, and I would not frame it as something IT created by itself,” he noted.

Many organizations, he said, “started with the natural first step of getting tools into people’s hands safely and at scale. That was necessary, but it is not sufficient.”

The next phase “has to be much more cross-functional,” he said. “CIOs should help set the technology foundation, governance, data model, and measurement systems, but they also have an important role in creating strategic clarity. Employees need to understand why the organization is using AI, where it is meant to create value, and how it should change the work.”

Martin pointed out that CIOs should also pay close attention to cognitive load, especially on technology teams, as those teams are often the heaviest AI users.

“This means they may be among the most exposed to the mental strain that can come with reviewing outputs, managing AI tools, and keeping up with constant change,” he observed. The biggest gains come when technology strategy, workforce strategy, and employee experience move together. If AI remains only an IT program, companies will “undercapture” the value.

New expectations

The abundance of AI activity is also having another effect, in that 60% of respondents say the bar for work that counts as ‘good enough’ is now higher.

That, said Martin, is because AI is changing expectations. “If a tool can produce a first draft, summarize research, generate options, or automate a routine task, then ‘good enough’ moves up the value chain,” he said. “People are being asked to spend less time producing basic output and more time exercising judgment like checking quality, improving the answer, making decisions, and applying context.”

While that can be a good thing, he said, because it can make work more interesting and more valuable, “it also explains why employees are feeling more mental strain. The work that remains is often more complex. Leaders need to recognize that AI does not just make people faster, it changes what excellence looks like. That means companies need to update training, performance expectations, and management support accordingly.”

This article originally appeared on CIO.com.

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]