Kategorie

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. [...]

Microsoft has fixed a known bug that breaks the 'Print to PDF' feature on Windows 11 24H2 systems after installing the April 2025 preview update. [...]

More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. [...]

If you're managing industrial networks, critical manufacturing systems, or infrastructure that demands tight security, you'll want to sit down for this one. MICROSENS NMP Web+, a popular network management platform, is in the spotlight after researchers discovered several critical vulnerabilities that essentially gift-wrap your systems for attackers. This isn't just a fix-it-whenever-you-can scenario. We're staring at vulnerabilities with CVSS v4 scores as high as 9.3''serious problems that require immediate attention.

Since its introduction in 2021, Apple has always seen Declarative Device Management (DDM) as the future for device management on its platforms.

At this year’s WWDC, it told us that future has arrived, making DDM the primary framework with which to manage Apple devices and officially confirming plans to deprecate legacy MDM software commands. Bottom line: the transition to the more powerful DDM system is mandatory.

Some of the top-level DDM changes announced at last month’s developer’s event include:

• DDM support across all Apple’s platforms, including iOS 26, macOS 26, iPadOS 26, tvOS26, visionOS26.
• DDM’s ability to configure update deferrals, set enforcement deadlines, and to define the window in which updates must take place.
• Status channel reporting in Apple’s DDM support, which means devices will report compliance with DDM requests automatically, reducing server-side load.

Underpinning the system is an idea that makes devices fundamentally more autonomous while also making them intrinsically more secure. It turns out the best way to securely manage endpoints is to help them do a better job of managing themselves. It also makes the user experience simpler, bringing the convenience of enterprise-scale protection in a consumer-friendly way.

The philosophy of Declarative Device Management (DDM)

It’s helpful to anyone who uses a managed device to understand the philosophy behind DDM — principally, that it empowers both the device and the end user and does so by simplifying the device management interaction and forcing the device itself to protect itself. More autonomous devices are more resilient devices.

Take a simple software update. MDM might inform a device that it should upgrade and then poll the device frequently to see whether the upgrade has taken place. While it might eventually be done, the device is pretty dumb in the interaction, and users, network access, or other obstacles could get in the way each time the request is made. 

With DDM (and forgive this slightly unnuanced layman’s articulation), the device is instructed to upgrade and will then be required to do so by a specific time. Then, rather than polling the device to nag it to conduct the upgrade, the device itself is forced to regularly report back on whether it has achieved the desired upgraded state. In this model, the device is made aware that it should upgrade and will upgrade itself at the first possible opportunity.

There are several advantages — management is more effective, network demands are reduced, and IT has a much better overview across the state of the corporate fleet. DDM is also more secure, as the onus of reporting turns to the device, which, in conjunction with improvements in identity and zero-trust, means IT enjoys a far more accurate picture of events, and devices become less likely to become attack vectors.

What difference does it make?

Apple’s growing cohort of device management partners (Jamf to Kandji, Mosyle, Fleet, Hexnode, Addigy and beyond) already understood Apple’s intention to move toward DDM, which means they are already introducing support for the improved DDM features Apple plans.

That means users who do migrate to DDM will get access to related enhancements Apple introduced at WWDC, such as version pinning for App Store apps alongside existing software update management. With a nod to the flourishing device management market, Apple is also introducing tools to make it easier to migrate devices between different MDM providers.

All these device management features are being enabled by Apple Business Manager (ABM) and Apple School Manager (ASM), both of which are critical to Apple’s enterprise push, and both of which have been improved drastically to enable new device management features. Organizations can actually prevent personal Apple IDs from signing into corporate-owned devices, even during setup, for example. 

Apple also introduced some new capabilities to help manage devices. These included new APIs to manage new attributes; one useful addition is support for users to request temporary privileges upgrades via their device management system. IT also gains better insight into AppleCare, Managed Apple IDs, and on-device authentication, which in itself promises highly secure yet-friction free device management. We’ve looked at some of these improvements previously. You should also find updates from your chosen device management service provider, which might be of help.

Defense is the sum of all the parts

When combined with enhancements to DDM, you’ll have a system that can securely distribute security, as well as autonomy, to endpoint devices. This effectively supersedes old perimeter defenses by transforming them into a networked, more intelligent system of equally well-defended nodes working together to maintain resilience. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Elon Musk-funded xAI is skipping Grok 3.5 and releasing Grok 4 after Independence Day in the United States. [...]

If you're a Linux admin or happen to be neck-deep in infosec, here's something worth your immediate attention: a critical security hole in Google Chrome'' CVE-2025-6554 ''has been patched. Trust me, this one isn't just a ''check the box'' type of update; it's as real as it gets.

Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. [...]

As tech hiring has slowed to a near standstill, organizations have begun using generative AI (genAI) to screen hiring prospects — or replace entry-level employees — and some are even using the technology to interview job candidates. The result is a topsy-turvy job market that has made finding work in IT more difficult than ever.

In April, employer hiring fell to its slowest pace in more than a decade, excluding the early months of the COVID-19 pandemic in 2020.

Job cuts in the tech industry and at federal government agencies have led the way in layoffs in recent job market reports, driven by economic pressure, programmatic firings and AI-driven shifts in workforce needs, according to outplacement firm Challenger, Gray & Christmas.

So it’s not surprising that many organizations are taking a wait-and-see approach to hiring, especially as they wait to see how AI may be able to replace some billets. A recent Brookings Institute report on genAI found that the more highly skilled a tech worker is, the more vulnerable they are to having their jobs supplemented by technology.

Global staffing firm Robert Half recently surveyed nearly 1,000 U.S. workers, including 144 in tech, and found that 35% of tech workers say the biggest challenge of job hunting is finding a role that matches their skills. Another 30% of those surveyed said they struggled with preparing for a job interview, compared to just 22% of other job seekers. And nearly one-in-five tech job seekers find if difficult to draft job applications that stand out.

With that backdrop, Computerworld interviewed George Denlinger, operational president of Robert Half, for insights into how to use genAI to assist in finding and landing a tech job.

How can you craft an application to stand out using genAI? “Candidates can use these tools to catch spelling and grammar errors, identify industry-specific language and formatting, and help translate technical achievements into clear, impact-driven statements tailored to the role. When used thoughtfully, genAI helps elevate your application without losing the authenticity of your experience.”

What successes are people seeing using the technology in their job searches? “People who find success from using genAI in their job searches use it thoughtfully and strategically. At the outset of the process, AI can help streamline repetitive tasks, such as researching companies, narrowing their job searches, tailoring and customizing application materials, and optimizing professional social media accounts like LinkedIn. We’ve also seen candidates leverage genAI to identify companies that use specific tech stacks aligned with their skills and experience.

“I also know of job seekers who have found success using genAI to prepare for interviews. There are tools that can help candidates anticipate common and role-specific questions, simulate realistic interview scenarios, and organize their responses. Practicing in this way not only sharpens communication but also helps candidates feel more focused, articulate, and confident going into their interviews.

What mistakes do people make when using genAI in their job searches? “We are seeing AI tools used during interviews in ways that could raise ethical concerns, such as using genAI in real time to receive support during the [job interview] conversation. Employers are becoming increasingly aware of this type of usage and will likely remove such candidates from consideration.

“Another common mistake we see in job searches today is relying too heavily on genAI to craft application materials, especially resumes. Some candidates are copying job descriptions or AI-recommended terms word-for-word into their resumes, without any real knowledge of them. This may result in candidates being unable to explain or expand on the qualifications listed, creating a disconnect during interviews. It can even lead to individuals landing roles based on inflated or misrepresented skills, only to find themselves unprepared for the responsibilities and expectations of the job.

“While misrepresenting experience has never been acceptable, genAI has made it easier to do so.”

What’s the right way to use genAI in a job search, including creating an application and resume? “GenAI is best used as a support tool in the job search process and not as a replacement for your personal insight and experience. It can help with identifying relevant keywords, structuring your resume, and drafting content, but the final product should include the human touch. Most employers can recognize AI-generated responses, so the better way to connect is by genuinely expressing your character and interest in the role and company.

“As more applicants rely on AI to help generate materials, personalization is more important than ever. Employers want to see how you’ve applied your skills in real-world scenarios: the systems you’ve built, the teams you’ve led, the solutions you’ve brought, and the skills you’re continuing to build. They’re looking for traits that can’t always be captured by a generic, AI-polished resume. Use genAI to help with structure and clarity, but make sure your own contributions and voice come through.”

Are people relying too much on AI for job searches now and, if so, why is that bad? “There needs to be a thoughtful balance when using AI throughout the job search process. While genAI is becoming a common tool for applicants, human interaction remains essential. Building professional connections or leveraging referrals continues to be one of the most effective ways to land a role.

“And while not everyone is misusing AI, all job seekers should be mindful of not becoming overly reliant on it. The goal is to enhance your application, not to let AI take over the parts that should reflect your own experience and personality — which are often things employers need to see when staffing a role.

“AI can be a powerful asset for a job search, but it’s the human touch that will set candidates apart, especially as it can’t replicate interpersonal skills, creativity, leadership, or adaptability. Further, the overuse of genAI tools is often noticeable to hiring managers. Research from Robert Half found that 82% of hiring managers say they can tell when a candidate has used AI to generate their application materials. This highlights a growing awareness among employers and a need for job seekers to use these tools thoughtfully.”

How can they find a job that aligns with their skills? Are courses and certifications the right way to prepare for that? “To find a tech job that aligns with their skills, job seekers should start by identifying their strengths and matching them to roles in demand. This applies not only to positions within the tech sector, but also to tech-driven roles across industries like finance and healthcare. GenAI can be a helpful starting point for curating a list of potential roles based on an applicant’s skills and interests, but I recommend exploring broadly and not limiting the search to one industry or job title.

“Courses and certifications can be valuable, especially in rapidly evolving areas, but they’re most impactful when paired with hands-on experience. This might include personal projects, internships, hackathons, or contributing to open-source work. Hiring managers continue to look for candidates who can demonstrate both what they’ve learned and how they’ve applied those skills in the field.

“Ultimately, today’s tech landscape requires adaptability and a commitment to continuous learning. Professionals who embrace digital transformation and proactively build skills in emerging technologies that help drive productivity and ROI will stand out.”

Losing your phone is one of the most stressful predicaments of modern-day life. We’ve all been there: You pat your pocket, swiftly scan every surface in sight — then suddenly feel your heart drop at the realization that your Android device and all of its contents (including, potentially, all sorts of sensitive company-connected materials) are no longer in your control.

There’s certainly no scenario in which losing your phone is a good thing. (Understatement of the century, I realize.) But with the advanced and just recently upgraded phone-finding system now built into Android at the operating system level, seeking out and then managing a missing device is more manageable than ever. And despite what some security suite services may try to convince you, you don’t need any third-party software to do it.

Android’s native Find Hub system (formerly known as Find My Device) can precisely pinpoint any Android device — phone, tablet, watch, you name it. It also works with an expanding series of special AirTag-like trackers that can be attached to keys, briefcases, and other important items. It’ll show you any compatible device’s exact location on an interactive map and — when relevant — give you tools to remotely ring it, lock it, or wipe it entirely and send all of its data to the digital beyond.

Best of all? You have to do shockingly little to get it up and running. It’s mostly just a matter of confirming that the system is active and then remembering how to tap into it if and when the need ever arises.

So take a few minutes now to learn the ins and outs of the Google Find Hub network and what it takes for your devices to be discoverable. Then, if you ever have that heart-dropping moment, your phone will be 100% ready — and so will you.

[Get Googley goodness in your inbox with my free Android Intelligence newsletter. Three new things to know and try each Friday!]

Google Find Hub, part I: Preparation

Most reasonably recent Android phones should be actively enrolled in Google’s Find Hub network by default, but there are a few critical settings that are worth double-checking to confirm everything’s connected.

First, head into the Location section of your Android device’s system settings and make sure the toggle at the top of the screen is turned on. If it isn’t, Android won’t be able to access your phone’s GPS and thus won’t be able to perform any Find-Hub-related location functions.

The Android “Use location” toggle is a critical foundation for Google’s Find Hub network to function.

JR Raphael, IDG

Next, search your system settings for find and tap on the section labeled “Find Hub.” Tap that, then make sure the “Allow device to be located” toggle on the screen that comes up next is activated. And last but not least, tap “Find your offline devices” and consider which of the available options seems most suitable for you and your future finding purposes.

You’ve got all sorts of options for how your Android device can connect to Google’s Find Hub network.

JR Raphael, Foundry

Got it? Good. Now, let’s break down what your options are when that dreaded “lost phone” nightmare becomes a reality.

Google Find Hub, part II: Action

The best part about Google’s Find Hub system alongside Android is that, with both being Google products, everything’s easily accessible from almost anywhere. If you ever can’t find your phone, choose the most convenient option and go, go, go:

1. Use the Find Hub Android app on another phone or tablet

If you have an Android tablet — or even a secondary phone, for either business or personal purposes — you can install the Find Hub Android app on it and allow it to see and manage any other devices associated with your sign-in. In fact, go ahead and do that on all your active Android devices this minute so the app will be there and ready in case you ever need it. As long as you’re signed into the same Google account on the secondary device as you are on your primary phone, finding your phone will be as simple as opening the app, confirming your Google password, and then selecting your phone from the list on the app’s main screen.

The official Find Hub app is an incredibly easy way to track down any device associated with your Google account.

JR Raphael, Foundry

From there, you’ll see your phone’s last known location on a zoomable map. And you’ll be able to ring it — for a full five minutes at a time, even if it’s set to silent — and optionally lock it or erase it as needed.

No secondary Android device? No problem: If you have a colleague, friend, or family member with an Android phone or tablet nearby, kindly ask them to install the Find Hub app onto their device. Open it and find the option to sign in as a guest. Type in your Google account credentials, and then take a deep breath: Everything you need to find your phone will be right at your fingertips.

(Side note: The Find Hub Android app is strictly about finding a device — nothing more. It doesn’t actually have to be on your device in order for the device itself to be discoverable.)

2. Pull up Android’s Find Hub website in a browser

If you don’t have another Android device handy, you can still get to Android’s Find Hub function from any web browser — on a laptop or desktop computer or even an iPhone or iPad.

The main Android Find Hub site is at google.com/android/find. It’s basically identical to what you’ll get in the Find Hub Android app:

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?quality=50&strip=all 1902w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=300%2C141&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=768%2C361&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=1024%2C481&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=1536%2C721&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=1240%2C582&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=150%2C70&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=854%2C401&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=640%2C300&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/06/google-find-hub-web.jpg?resize=444%2C208&quality=50&strip=all 444w" width="1024" height="481" sizes="(max-width: 1024px) 100vw, 1024px">Google’s Find Hub website puts all your device tracking data at your fingertips in any browser, on any type of device.

JR Raphael, Foundry

You can also find an alternate version of the Android Find Hub function within Google’s My Account site. That site provides the same basic info but seems to go back further in your device history — so if you’re looking for a device you haven’t used in a while and that device doesn’t come up on the main Google Find Hub site, you might give it a whirl to see if it shows up there.

And that, my friend, is all there is to it. Consider yourself protected — and you know what? Go get yourself a cookie. You’ve earned it.

Want even more Googley knowledge? Come check out my free Android Intelligence newsletter to get three new things to know and try in your inbox every Friday.

Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. [...]

Apple’s many AI setbacks are now forcing the company to look at Anthropic and OpenAI for help powering its Siri voice assistant technology, according to a Bloomberg report.

The company has been building out its own AI technology called Apple Intelligence that it intends to use in Siri, but has also reached out to companies to develop alternatives that could be used instead.

Apple previously centered its AI-powered Siri around its home-grown technology. But over the past year or so it has  faced a variety of leadership and technological challenges developing Apple Intelligence, which is based on in-house foundation models. 

The more personalized Siri technology with more personalized AI-driven features is now due in 2026, according to a statement by Apple to Daring Fireball in March. But it was originally showcased last year and expected to be in users’ hands by now.

Siri already integrates technology from OpenAI’s ChatGPT and it is unusual for Apple to turn to outside vendors to build core features for its products.

A previous Bloomberg report in March said Apple did not provide the resources needed for the company to develop an AI-powered Siri. Apple had not focused on AI until OpenAI’s ChatGPT changed the tech landscape in late 2022, which set Apple (and other companies) scrambling.

AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...]

Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. [...]

Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. [...]

The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. [...]

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. [...]

In a stunning 99–1 rebuke, the US Senate on Tuesday torched President Donald J. Trump’s push for a 10-year ban on state AI regulations, yanking the controversial provision from his so-called “Big Beautiful Bill.”

The lopsided vote delivered a sharp slap to Silicon Valley’s dream of dodging local oversight over the fast-evolving technology.

The proposed measure stated that “no State or political subdivision thereof may enforce any law or regulation regulating artificial intelligence models, artificial intelligence systems, or automated decision systems.”

Sen. Ted Cruz, (R-TX), and tech companies like Google, OpenAI, Microsoft, Meta, and Amazon had supported a moratorium on state rules to prevent what they consider a fragmented regulatory landscape — arguing it would slow AI adoption and complicate nationwide deployment. Congressional backers had argued that a regulatory ban would give the US a competitive edge over China because there were be fewer hurdles. They have also compared the restriction on state regulations to the Internet Tax Freedom Act, which helped the early internet grow.

But there are key differences, according to Travis Hall, director for state engagement for the nonprofit Center for Democracy & Technology (CDT), which last month joined others in signing a letter in opposition to the move. The groups warned that removing AI protections would leave Americans vulnerable to current and emerging AI risks.

The 1990s internet needed unity to thrive, Hall said in reference to the Internet Tax Freedom Act, while AI is a diverse set of tailored technologies — meaning varied regulations won’t splinter it. Hall’s comments came in an earlier interview with Computerworld.

On Tuesday, Alexandra Reeve Givens, the CDT’s president and CEO, said the overwhelming vote to strike the AI moratorium from the budget bill reflects just how unpopular it is among voters and state leaders of both parties. “Americans deserve sensible guardrails as AI develops, and if Congress isn’t prepared to step up to the plate, it shouldn’t prevent states from addressing the challenge,” she said. “We hope that after such a resounding rebuke, Congressional leaders understand that it’s time for them to start treating AI harms with the seriousness they deserve.”

Sen. Marsha Blackburn, (R-TN), and Sen. Maria Cantwell, (D-WA), had criticized Congress for inaction on AI deepfakes, discrimination and online privacy issues, saying states have been forced to fill the gap. That prompted praise for Blackburn from an unlikely ally: Sen. Bernie Sanders (I-VT), who praised her for “leading the charge” to protect states’ rights to regulate AI.

In a failed attempt to rescue the ban, GOP lawmakers tied federal funding for rural broadband projects to AI regulation, allowing subsidies only for states that eased their rules and cut the regulatory moratorium from 10 years to five. That did little to mollify critics, however.

The proposed moratorium was a double-edged sword, according to Abhivyakti Sengar, a research director with the Everest Group. “On one hand, it aims to prevent a fragmented regulatory environment that could stifle innovation; on the other hand, it risks creating a regulatory vacuum, leaving critical decisions about AI governance in the hands of private entities without sufficient oversight,” she had said in an earlier interview.

State and local lawmakers, along with AI safety advocates, had sharply criticized the effort, calling it a favor to an industry seeking to avoid accountability. Led by former Trump press secretary and now Arkansas Gov. Sarah Huckabee Sanders, most GOP governors sent a letter to Congress opposing it.

Red and blue states alike — including Arkansas, Kentucky, and Montana — have passed bills governing the public sector’s AI procurement and use. Several states, including Colorado, Illinois, and Utah, have consumer protection and civil rights laws governing AI or automated decision systems. This year alone, about two-thirds of US states have proposed or enacted more than 500 laws governing AI technology.

Trump’s budget bill, which mainly consists of spending cuts and tax breaks, was narrowly passed by the Senate in a 51-50 vote with Vice President J.D. Vance breaking the tie. Three Republicans opposed the bill — Sens. Thom Tillis of North Carolina, Susan Collins of Maine, and Rand Paul of Kentucky. The measure now goes back to the US House of Representatives.

On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week. [...]

The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. [...]