Kategorie

Apple in recent years has opened Apple Developer Centers in Cupertino, CA, Shanghai, Singapore, and Bengaluru to allow developers to meet, exchange ideas or get help from trained staffers.

It is now clear a new developer center will open in Europe, specifically in the German capital of Berlin, later this year. “Europe is home to an extraordinary community of developers who build apps that connect people, encourage creativity, and drive innovation,” says Susan Prescott, Apple’s vice president of Worldwide Developer Relations, said in a statement.

Developers will be able to receive support for their apps, regardless of whether they are built for iOS, iPadOS, macOS, tvOS, macOS, or watchOS.

The announcement comes just a few days before the company’s big Worldwide Developer Conference (WWDC) gets under way.

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.  [...]

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery. Swati Khandelwalhttp://www.blogger.com/profile/[email protected]

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]

Apple’s latest Safari privacy campaign is more than pre-WWDC marketing. It is an early signal of how the company plans to frame artificial intelligence (AI): as something that only works if users trust the platform behind it.

The week before WWDC is often significant, as Apple tends to make announcements it simply can’t fit into the keynote itself. This year’s first pre-show reveal is a new campaign focused on privacy that shows how much more private Safari is than rival browsers; there’s even a highly entertaining video that makes the point.

Privacy on Safari

Apple has been building privacy protections into Safari for years. The browser protects you from malicious scripts that might attempt to access passwords or credit card information. Safari also tells you what data an extension wants to access and can restrict access to match your settings. It blocks third-party cookies by default, detects and removes trackers, and has measures in place to prevent data companies from identifying — and following — you through device characteristics. 

That’s even before Apple’s powerful Private Browsing mode, which includes meaningful protections. The company has put together a page packed with resources to explain the privacy protections it has in place across its platforms.

Privacy is critical to Apple — not only because the company regards it as a human right, but because it correctly recognizes that to make new generations of sensor-laden technologies it must ensure privacy is protected. Without privacy and trust, people won’t use the technology.

Trust is the product, not you

The truth is that people are becoming increasingly concerned about how the digital devices we depend on for convenience are now being used for different kinds of surveillance, and we need to be convinced that our personal data is protected. We do not want every aspect of our life to become fodder to feed a digital dystopia, even as we still want the positive solutions technology promises.

Think about the Apple Watch. Consider the data it gathers: distance walked, calories burned, and more — it’s a rich trove of personally identifiable data that no one really wants to share with others without consent. Apple Watch is not the only Apple device that is gathering information, even your web browser captures a great deal of it. Hence, the focus on Safari in Apple’s new campaign.

Privacy will become an even greater concern as AI spreads. Data brokering services already make extensive use of AI to analyze and identify patterns in the online data they harvest. AI deployed without strong privacy protections poses serious risks to the way we live, while the consolidation of AI ownership in the hands of a few companies risks creating dangerous imbalances of power. That’s the context in which private data needs to be protected, making privacy an essential component of a positive tech-augmented future. 

Why the AI era raises the stakes

Apple’s focus on privacy is far from new; it has been consistent in this work for many years. Competitors often accuse Apple of hypocrisy, but the company has been arguing for privacy’s importance for more than a decade. Others have adopted some of the same principles, though not all of them — and while Apple may sometimes use privacy as a moat for its own products and services, that does not diminish its value.

It’s with all this in mind that I consider Apple’s latest privacy ad campaign and its rollout just before WWDC, where it is expected to introduce new AI services. That Apple’s new privacy campaign seems not to have made the final cut for the show tells me the company has much more to discuss on the topic, particularly around Apple Intelligence.

What Safari’s signals suggest

When Apple introduces its new AI features at WWDC it will do so while celebrating the privacy built into them. The current privacy ad campaign will be part of an overall push as the company explains that its ecosystem can run third-party AI services while also offering its own bespoke Apple Intelligence AI to do really useful things in complete privacy.

This isn’t just a competitive moat, it’s a realistic assessment in practice. It shows that Apple understands that in the age of AI, privacy matters more than ever. As AI becomes central to everyday digital experiences, privacy is no longer optional — and Apple is prepared to make the case to support it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and follow The Core.

Asana has launched an AI personal assistant that can track various data sources to alerts users when a work project runs into problems and recommends next actions.

It’s one of a range of product announcements made Thursday at the company’s Work Innovation Summit in London, including updates to its existing AI teammates product. These follow Asana’s recent acquisition of AI workflow automation software vendor StackAI for $75 million.

Asana Dash is described as an “AI chief of staff” that can help users stay up to date on work projects by accessing information in Asana as well as across email, calendar and team messaging apps, said Arnab Bose, Asana’s chief product officer. “Keeping people in their ‘zone of genius’ and hooking up all of these unstructured signals to the structure of Asana — that’s what Dash does best,” said Bose.

The AI assistant can access the same Asana project information as the user, and can flag when problems occur that could push a project off-track. Dash can then act to address problems, such as posting messages within Asana on behalf of the user or directing an AI teammate to take action. (Dash will ask the user before making any changes.)

“Asana is building on recent acquisitions, and earlier investment in a graph database focused on human connections — the Asana Work Graph — and its position within a well-integrated flow of work to deliver to each worker an executive assistant rooted in the context of their job,” said Wayne Kurtzman, IDC research vice president.    

The Dash personal assistant is enabled by an expanded Asana work graph — the data model related to work carried out by teams in the application. Asana has in the past been more focused on tasks, projects, portfolios, and goals, said Bose, but the work graph now includes new sources of data, linking to employee calendars and accessing meeting transcripts, for instance, alongside other documents and databases.

There are also updates to the AI teammates feature — collaborative AI agents that multiple human coworkers can interact with — which are now more powerful, said Bose. This includes additional skills and integrations with third-party apps such as Gmail, Slack, Outlook, Figma, and Canva.

As for the StackAI acquisition, Bose said it allows Asana to extend the reach of AI agents into a variety of business apps more easily and reliably, building ] on Asana’s “system of action” function. The latter tracks work carried out across an organization, he said, and can automate the complex processes that make up many enterprise workflows. 

“If you look at StackAI’s website, the thing that they are really, really great at is building these complex, multi-step processes,” said Bose. The aim is to combine StackAI’s agent builder with integration expertise agents already available in Asana. 

“So, the idea is when an AI teammate or Dash recommends the next best action, they will be able to choose downstream actions based on the portfolio of approved workflows that you’ve built out in StackAI.”

Overall, the announcements help Asana provide a platform that combines agents and workflow automation with AI assistance that aids humans to work more effectively, said Bose.

“Our terminology for this is a ‘human-agent operating system,’ because automation, I feel, is a little reductive in the sense that there are some things that are fully automated, but a lot that you’d want a human being and an AI agent to coordinate on and align on,” he said.

Asana did not immediately respond to a request for pricing and availability details for Dash.

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMOSwati Khandelwalhttp://www.blogger.com/profile/[email protected]

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was [email protected]

Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload.

A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic.

Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]

French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]

Google has released new tools that allow developers to run agentic AI workflows locally using Gemma 4 12B, a 12-billion-parameter model from Google DeepMind.

In a blog post, the company said the model, combined with the Google AI Edge stack, can be used to build and test applications on everyday machines. The model-runtime combination supports capabilities such as autonomous data processing, visual insight generation, webpage creation, and tool use.

The release includes Google AI Edge Gallery for macOS, where developers can use Gemma 4 12B to generate and run scripts for tasks such as data analysis. Google also said its Eloquent voice dictation and editing app now runs fully on-device on macOS, with support for local transcription and voice-driven text editing.

Google has also expanded LiteRT-LM, its lightweight command-line tool for running language models locally, with a new serve command. The company said this allows the CLI to act as a local LLM server and lets developers connect Gemma 4 12B to standard tools, SDKs, and frameworks through a local endpoint.

“Your data stays on your device while maintaining reliable responsiveness, utility, and cost efficiency,” the company said in the blog post.

The announcement comes as enterprises are looking beyond large, general-purpose models for some AI workloads. Gartner predicted that by 2027, organizations will use small, task-specific AI models at least three times more than general-purpose large language models, citing demand for more contextualized and cost-effective AI systems.

Challenges to overcome

But running agents on employee devices brings a number of problems. Companies must work within the limits of endpoint hardware, which can restrict the size of models that run effectively and the number of model instances that can operate at one time.

“While the AI can now fit on a laptop, enterprise IT infrastructure is largely unprepared to manage it,” said Rishi Padhi, principal analyst at Gartner. “Even highly optimized models like the Gemma 4 12B require around 16GB of unified memory or VRAM to run alongside standard applications. Many standard-issue enterprise laptops lack the memory bandwidth and NPUs/GPUs required for fluid, multi-turn agentic execution.”

Anand Joshi, AI analyst at TechInsights, said local deployment also changes the nature of the workloads. On a PC, search may mean finding information across internal folders and files. In a data center, the same function could involve searching the internet or querying a large database such as SQL.

“The framework for local deployment of agentic AI is different from that of a data center,” Joshi said. “The models are smaller; you can run only one instance of a large model at a time. You are limited by memory, CPU, and so on.”

Security and governance are also likely to become bigger concerns as AI agents move closer to enterprise endpoints. Agentic AI is designed to take actions, creating new security risks when local models are given access to employee files or allowed to interact directly with applications and scripts.

“Sandboxing these agents without breaking their utility is still a major operational challenge,” Padhi added. “And all this while enterprises need to audit AI usage for compliance and security. When inference happens entirely offline, capturing logs, tracking model drift, and ensuring employees are using the approved, compliant ways for a model becomes incredibly difficult.”

The cost tradeoff

Running AI agents locally could reduce some cloud inference costs, but the savings may be offset in the near term by higher spending on endpoint hardware and management.

“First and foremost, it is an OpEx-to-CapEx shift, as it shifts that financial burden by forcing accelerated hardware refresh cycles for premium PCs or edge devices,” Padhi said. “It would require buying expensive, high-memory laptops for employees at a time when memflation in the hardware industry is already driving up end-user average selling prices for laptops.”

Many enterprises refreshed PCs in 2025 to support Windows 11, but at that point, most AI inference still ran in the cloud, and the case for on-device AI remained unclear, Padhi said.

Enterprises may therefore move cautiously, buying AI-capable PCs only where local inference has a clear business case.

Over time, however, on-device AI could make enterprise AI spending more predictable by reducing exposure to variable cloud inference bills. The tradeoff is that companies may face a higher baseline cost for equipping and managing employees’ devices.

Complementing cloud AI

For enterprises, local AI is unlikely to replace cloud-based AI outright. Analysts said local AI is more likely to be used for workloads that benefit from endpoint processing, especially when applications must operate offline or when privacy and response times are critical.

“For local agentic AI to proliferate, the use cases on edge will have to complement data center/cloud use cases,” Joshi said. “I don’t expect local agentic AI to replace cloud AI, but it has potential to take a slice away from the cloud, and models like Gemma are significant steps towards enabling that.”

The market, Joshi added, is still determining where local AI fits best. “I estimate that use cases that require privacy or have strict latency needs will move to local node first, with further migration of others in the next 2-3 years,” he said.

Padhi said model placement will depend on the privacy requirements of a workload, the computing power it needs, and where the relevant data resides. Tasks such as code generation or analysis of local files could increasingly run on employee devices, while enterprise-wide RAG systems and more complex AI workflows are likely to remain cloud-based.

The article originally appeared on InfoWorld.

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing Swati Khandelwalhttp://www.blogger.com/profile/[email protected]