RWS Global is working with Box to modernise how it processes volumes of unstructured content – from production assets and operational documentation to compliance and safety material. The company, which runs and manages live events for its clients, has been working with Box to build a unified content platform that improves efficiency, strengthens governance, and ensures consistent quality across venues, productions and regions.

The company has been using new artificial intelligence (AI) features built into Box to automate and accelerate mission-critical workflows. The AI functionality is being used to streamline end-to-end, content-centric business processes directly on Box using intelligent, no-code apps, forms, document generation and workflow automation.

At the core of this transformation is Box Enterprise Advanced, which allows RWS Global to utilise intelligent content workflows, ensure secure document management, and leverage the full power of AI across creative, production and operational teams. 

Jake McCoy, chief operating officer at RWS Global, said the company started a new project with the RWS Global legal team to streamline a manual, cumbersome process which used to take days to complete and involved numerous handovers. Thanks to the AI features available in Box Enterprise Advanced, he said the processes can be strung together, creating a sleek and efficient workflow.

“The end user types in the information that needs to go into a contract via Box Doc Gen, which is then sent over to Legal for approval,” he said.

Once approved, the contract is sent out automatically and signed using Box Sign. The signed contract is then uploaded to the cloud. Given that RWS Global has contracts with thousands of performers, he said the automation of the contract approval workflow saves many hours in terms of manual processing.

The end-to-end workflow has meant that RWS Global’s contract processing time has been reduced from 20 minutes to under two minutes per contract, reducing what once took more than 8.5 workdays for 200 hires to just five hours.

Matt Terrell, director of product management – AI agents, at Box, said an enterprise AI strategy is built on a foundation that needs metadata to describe what the data actually means.

“At Box, our job and our role in the industry is to transform your content into context that later gets used by different AI tools,” he said. “Metadata is one of the fundamental building blocks to do that.”

Looking at the contract process at RWS Global, Terrell said: “I can imagine you’ll want to search all of the contracts that are above a certain value. If you have contract size as a metadata element, all of a sudden, you have a fundamental building block to query those types of things using natural language.”

For Terrell, this is an example of why metadata will become increasingly important in AI.

Box AI provides configurable AI agents, automated metadata extraction and the ability to choose or bring preferred AI models to extract insights and reduce manual work.

McCoy added: “Partnering with Box allows us to turn unstructured content into governed, AI-ready assets that help our teams make faster, more informed decisions. As our ambitions grow, this platform evolves with us, enabling us to deliver unforgettable experiences to audiences worldwide.”

Source

Researchers at Huntress Security have published data on the exploitation of a critical SolarWinds Web Help Desk (WHD) vulnerability, revealing how in at least three known incidents, attackers conducted extensive post-exploitation activity with a common set of tools, including legitimate services such as Zoho ManageEngine and Elastic

Tracked as CVE-2025-40551, the data deserialisation vulnerability was first flagged by SolarWinds on 28 January, and last week, was added to the US Cybersecurity and Infrastructure Security Agency’s (Cisa’s) Known Exploited Vulnerabilities resource, mandating that US government bodies fix it immediately.

“Threat actors are actively weaponising WHD vulnerabilities to achieve remote code execution [RCE] and deploy additional tooling in victim environments,” said the Huntress team.

The research team at Huntress – which protects multiple SolarWinds customers through its channel – found that having broken into their victim environments, the attackers took control of WHD’s service wrapper to spawn the underlying Java application, which enabled them to install a payload, which was in fact a Zoho ManageEngine remote monitoring and management (RMM) agent.

This done, the threat actor used the RMM agent to execute several Active Directory discovery commands to enumerate the environment. Shortly after this, they opened a Zoho Assist remote session which they used to install open source digital forensics and incident response tool Velociraptor.

“While Velociraptor is designed to help defenders with endpoint monitoring and artefact collection, its capabilities, such as remote command execution, file retrieval, and process execution via VQL queries, make it equally effective as a C2 [Command and Control] framework when pointed at attacker-controlled infrastructure,” said Huntress.

In the instances its team investigated, the attackers were actually using a rather outdated version of Velociraptor that itself contained a privilege escalation flaw disclosed in 2025. Moreover, the Velociraptor server infrastructure pointed back to a known Cloudflare account associated with the Warlock ransomware operation, a possible hint to the provenance of the campaign.

Alongside Velociraptor, the threat actor also downloaded Cloudflared, the command line client for Cloudflare Tunnel, likely in order to establish a second redundant means of access.

They then proceeded to execute a PowerShell script to collect system information – data such as operating system version, hardware spec, domain membership and installed hotfixes – that was exfiltrated to a legitimate Elastic Cloud instance being run as a free trial on Elastic’s software-as-a-service infrastructure.

The researchers said it was somewhat ironic that the threat actor had essentially built themselves a security information and event management service on Elastic’s infrastructure to triage their victims.

“Elastic’s own tooling, typically used by defenders for threat hunting and incident response, was repurposed as an attacker’s victim management dashboard,” they said.

“We have reported this malicious instance to Elastic as well as law enforcement, and performed victim notification and outreach to non-Huntress partners,” said the Huntress team.

Microsoft reports on further attacks

Huntress’s full write-up of its research, available to read in full here, details various other actions taken by the threat actor during the course of their intrusions. Meanwhile, in addition to these findings, Microsoft has published details of a similar multi-stage intrusion orchestrated via SolarWinds WHD, although it has not yet been able to establish whether or not the attackers exploited CVE-2025-40551 or CVE-2025-26399 – another RCE bug disclosed in September 2025 that bypassed a previously fixed flaw that in turn bypassed a third issue first flagged in 2024.

The incident investigated by Microsoft saw the attackers use the compromised WHD instance to spawn PowerShell to download and execute Zoho ManageEngine and gain control of the system, after which they conducted recon activity while setting up reverse secure shell and remote desktop protocol access to maintain their bridgehead.

Microsoft also observed the attackers creating a scheduled task to launch a QEMU virtual machine under the System account on startup, which essentially let them hide their activity in the virtualised environment. Huntress had also noted this in some instances.

On some hosts, Microsoft said the attackers also used dynamic link library sideloading to gain access to Local Security Authority Subsystem Service memory and steal more credentials.

Besides patching and isolating compromised hosts, Microsoft is advising its users to evict any RMM artefacts, particularly any associated with ManageEngine, that may have been added after exploitation, and immediately rotate credentials for all service and admin accounts accessible from WHD.

Source

Primakov/Shutterstock

xAI’s Grok, which is facing bans in some regions, might soon have access to classified military intelligence, as the Pentagon looks for AI chatbots to replace Anthropic’s Claude. As reported by Axios, Anthropic refuses to allow its chatbot to be used to assist with the development of fully autonomous weapons or the deployment of mass surveillance tools. As a result, the Pentagon has been in search of more willing partners, and seems to have found one in xAI.

While it’s unclear if Grok will be able to effectively replace Claude or how long it will take for the Pentagon to integrate the AI into its systems, Axios reports that the Pentagon is also in talks with other AI chatbot partners. For example, AI chatbots can currently be used in unclassified systems, like OpenAI’s ChatGPT and Google’s Gemini, and the U.S. Department of Defense continues to engage in talks with those players as potential replacements for Claude.

Grok will have access to classified information

bella1105/Shutterstock

While xAI made a government-specific version of Grok in 2025 for federal agencies to use, bringing Grok to classified systems in the military will be much more serious and rigorous. After all, the AI chatbot needs to meet security standards, while everything would be deployed locally. That said, if xAI becomes the second AI chatbot to actually be used by the Pentagon for classified documents, it wouldn’t mean Elon Musk or xAI would have access to sensitive data.

While xAI is currently leading the pack in the race to replace Anthropic’s Claude, Axios reports that the Pentagon is having conversations with a “sense of urgency” with OpenAI as well. A separate New York Times report says that the DoD is closer to a deal with Google than OpenAI. Depending on how these discussions go, the Pentagon could even go with all three of the other AI chatbots, as long as they meet the criteria to handle classified information.

For now, though, xAI is the only confirmed partner. Given that we’re just a few months removed from the chatbot referring to itself as “MechaHitler” and spewing hate speech, it’s more a bit concerning to imagine Grok handling classified military data. Even after that incident, Grok ranked near the bottom of the list in a Crisis Assessment and Response Evaluator (CARE) test from the team at Rosebud.

Source

Microsoft has released fixes for six newly classified zero-day common vulnerabilities and exposures (CVEs) on the second monthly Patch Tuesday of 2026, amid a release comprising more than 50 flaws that run the full gamut of Microsoft’s product suite.

Although the total number of flaws is down by about half on January’s bumper crop, it is about on par for this time of year, said Dustin Childs of Trend Micro’s Zero Day Initiative (ZDI). However, he added, the number under active attack is “extraordinarily high”.

With all six zero-days under active exploitation in the wild, and three of them already made public, Childs noted: “We’ll see if we’re on our way to another ‘hot exploit summer’ as we saw a few years ago or if this is just an aberration.”

The three “classic” zero-days are all security feature bypass (SFB) vulnerabilities, tracked variously as CVE-2026-21510 in Windows SmartScreen, CVE-2026-21514 in Microsoft Word, and CVE-2026-21513 in Internet Explorer.

The three zero-days for which exploit proofs of concept (PoCs) have not yet been made public are tracked as CVE-2026-21519, an elevation of privilege (EoP) flaw in Desktop Window Manager; CVE-2026-21525, a denial of service (DoS) flaw in Windows Remote Access Connection Manager; and finally, CVE-2026-21533, an EoP flaw in Windows Remote Desktop Services.

Seth Hoyt, senior security engineer at endpoint security platform Automox, said the flaw in Windows Shell was particularly dangerous because its effect is essentially to neutralise the important SmartScreen feature in Microsoft Defender.

“SmartScreen serves as a critical checkpoint: when you download an executable or document, it prompts you to confirm whether you trust the source. This bypass removes that checkpoint entirely,” he said. “Files from the internet execute without triggering the usual warning dialog, giving attackers a clean path to run malicious code once a user clicks a phishing link. The attack still requires user interaction, but with one less security prompt in the way, the barrier to successful exploitation drops considerably.”

Beyond patching, he advised defenders to be alert to unusual cmd.exe or PowerShell activity in the wake of a file download, or odd processes spawning from files in Downloads or temporary directories that do not have corresponding SmartScreen events logged. It is also worth applying endpoint hardening measures such as Attack Surface Reduction rules.

Hoyt added that CVE-2026-21514 works in a similar fashion and should be treated in the same terms.

Meanwhile, Jack Bicer, vulnerability research director at patch management specialist Action1, turned to the MSHTML Framework flaw in Internet Explorer, CVE-2026-21513.

“The MSHTML Framework [is] a core component used by Windows and multiple applications to render HTML content,” he said. “[CVE-2026-21513] is caused by a protection mechanism failure that allows attackers to bypass execution prompts when users interact with malicious files. A crafted file can silently bypass Windows security prompts and trigger dangerous actions with a single click.

“Exploitation occurs over the network and requires user interaction, such as opening a malicious HTML file or clicking a shortcut delivered via email, link or download. No privileges are required by the attacker,” he added.

Bicer explained that such SFB flaws significantly increase the success rate of phishing and campaigns that ultimately have impacts far beyond embarrassment for the one person who accidentally clicked on something without thinking. In enterprise environments they become a gateway to a whole host of nasties, including unauthorised code execution, malware and ransomware deployment, credential and data theft, and other compromises.

Deep dependence

Coming a month after January’s blockbuster Patch Tuesday, Cory Simpson, senior adviser to the Cyberspace Solarium Commission and a former adviser to the US Special Operations Command, said that 2026 was already off to a concerning start.

He described the situation on the ground as standing in “stark contrast” to the picture painted in Microsoft’s November 2025 Secure Future Initiative report, which hailed the idea of ‘security above all else’ as a guiding principle at Redmond.

“Patch volumes like today’s, six active zero-days, reflect the structural risk created by deep dependence on Microsoft across enterprise environments,” Simpson told Computer Weekly. “Security leadership starts with baseline hygiene and extends to resilience-by-design: diversified dependencies, reduced concentration risk, and architectures built to operate under persistent vulnerability discovery.”

Source

China is heavily investing in robots, and the quadruped models might soon become mainstream in the region. Specialized models like one that can run as fast as Usain Bolt have been grabbing headlines, but there are more general-purpose versions making their way to consumers. Some of these new releases can be used to transport lightweight loads, capture photos and videos with auto-tracking capabilities, or just be a fun companion for family time with kids.

Interestingly enough, while we have seen a push into humanoid models, which we might consider a more familiar application, it seems they have actually been outpaced by an “older” technology — the robot dog form factor. These products have started to evolve beyond the era of just being seen at trade shows as cool, distant devices, as Chinese companies are gearing up to start actually selling them.

Some examples come from startups Vita Dynamics and Dobot. Vita released a quadruped robot for under $1,500 at the end of 2025, while Dobot started pre-sales for its Rover X1 below $1,000. Both robots have similar functionality (transporting boxes, capturing videos, and acting like a dog), but with the Dobot Rover X1, users can even switch between regular legs and wheeled ones so it can adapt to more terrain, perform tricks, and work as a security guard. As the company describes it, this robot can light your path in a camp and be your “ever-vigilant sentinel.” Still, these are not the only jobs robot dogs have been doing.

Robot dogs can be used for scientific research, nature conservation, and even war

In the same way those old iPhone ads said there’s an app for everything you might need, it seems these quadruped robots are covering a wide range of applications, from consumer creature comforts to business and research. Chinese state broadcaster CCTV, for example, reported on a robot dog navigating a simulated combat course, moving through barricades and obstacles — all while providing a real-time camera feed that can help troops scout enemy positions and move under cover.

Less-scary applications are being developed too, like a six-legged robot dog that is serving as an assistant for scientific expeditions in the Antarctic. This robot can carry heavier objects on the ice without slipping or falling due to its extra legs and anti-slip “shoes.” 

Another application comes from Hong Kong, where the Environmental Protection Department is using quadruped robots to detect bird species while also monitoring trees. So the list of their potential uses continues to grow: Robot dogs are poised to patrol streets and battlefields, help preserve nature, aid scientific research, and serve as all-purpose helpers around the house. While these are just a few examples, expect more brands to commercialize these kinds of machines going forward, like Xpeng’s humanoid robot with synthetic skin, which is slated for release in 2026.

Source

Tattiliana/Shutterstock

When you’re in the market for a new electric-powered vehicle, some key things to look out for include range and charging (whether it has a standard North American Charging Standard (NACS) port or uses a proprietary charging system). And of course, like any other car purchase, you have to consider the usuals like drivability, practicality, safety, reliability (some EV models have proven to be quite unreliable), and more. But on top of all the technicalities, how good the factory-installed sound system is plays a key role in your buying decision, especially if you care about your music. 

If you prefer to blast your favorite tunes while cruising the highway to a weekend getaway spot or while going back home from work in the evening, then you shouldn’t compromise on the sound system. Otherwise, you’ll have to spend extra cash to upgrade the sound system in your new electric vehicle (EV) later on. And that’s exactly what you’d want to avoid, since while EVs are certainly cheaper to run than gas cars, they typically have a higher sticker price. 

So instead of having to buy an EV with a sound system that seems more of an afterthought, you should buy one of these models, as they come with some of the best music systems that you can find on an electric-powered vehicle. We picked these models by researching EVs with the best sound systems from different resources — you can read more about the selection process at the end of the article.

2025 Volvo EX90

The Volvo EX90 is a luxury full-size sports utility vehicle (SUV) with three rows that can seat up to seven. You can get up to 310 miles per charge on this SUV, but if you’re more interested in the sound, the EX90 will surely satiate your needs. This car is equipped with a Bose Premium Sound system with 14 speakers as standard on all trim levels. Still, there’s an optional Bowers & Wilkins sound system that’ll set you back by about $3,200 if you really want the best audio. That Bowers & Wilkins system elevates the audio with its 1,610 watts of power from a total of 25 speakers. 

The EX90 places the speakers in different areas around the cabin to optimize for the three-dimensional sound, including a tweeter on the dash, some speakers in the roof, and others in the front headrests. The system has Dolby Atmos support for a more immersive sound while you’re behind the wheel. Music should even sound better in the EX90, as it has been found to have a quiet cabin that can be mistaken for some high-end luxury brands like Rolls-Royce. The Volvo EX90 starts at $81,290 for the entry-level Plus trim; the Ultra starts at $85,640. 

But given that the Bowers & Wilkins sound is a $3,200 optional addition exclusive to the Ultra trim, you should be ready to spend a bit more to have it if you want the best audio that the EX90 can deliver from the factory. If you’d like to have the same 25-speaker Bowers & Wilkins system but in a smaller package, the Volvo ES90 sedan is the perfect alternative.

2025 Cadillac Celestiq

Although Cadillac hasn’t been a standout in the luxury segment for quite a while, the company’s 2025 Celestiq is an EV worth considering if you want to get one of the best factory-installed sound systems. Known for offering one of the best audio systems in cars, the company couldn’t possibly cut corners on this segment when it came to its first-ever Celestiq EV, especially at its price. 

For the 2025 Cadillac Celestiq, the General Motors-owned brand offers an AKG Studio Reference stereo system with Dolby Atmos support in the luxury sedan. The sound system includes 38 speakers with three amplifiers. The speakers are placed in different locations in the cabin, including the headrests, in the roof, and on the doors, and the car has been praised for its sound chops in multiple car reviews. 

However, as a competitor to models from luxury brands like Rolls-Royce and Bentley and considering the fact that it’s hand-built, the 2025 Cadillac Celestiq doesn’t come cheap. It starts at $340,000, and under the hood, it offers a dual-motor all-wheel-drive powertrain with 655 horsepower and gives up to 303 EPA-rated miles per charge from a 111 kWh battery.

2026 Mercedes-Maybach EQS 680

Mercedes has built a reputation for offering high-tech models, and in recent years, the automaker has been pushing the boundaries when it comes to dashboard screens with its dash-spanning Hyperscreen. But besides the high-tech and plush interiors, the German automaker has also built a reputation for offering some of the best sound systems in a car. The automaker typically uses Burmester for audio, and the 2026 Mercedes-Maybach EQS 680 also gets the same treatment. 

The 2026 Mercedes-Maybach EQS 680 features the very best sound system the company offers as standard. Instead of the 15-speaker Burmester 3D Surround Sound system that you get on some EV models from the German brand, like the EQS 580 4MATIC, the EQS 680 includes a more capable 4D surround sound system from Burmester. This system comes with a total of 15 speakers, with two 3D speakers placed in the ceiling and two subwoofers in the luggage area cover. 

In total, the 4D surround sound system can output 710 watts. As a 4D system, it has integrated resonators into the seats, which allows you to feel the music vibrations. Since the EQS 680 is a luxury SUV, you should be ready to dig deep into your pockets if you want to enjoy its sound, as it starts at $181,000.

2026 Porsche Taycan

By default, the sound system that you get in the Porsche Taycan without any customization is a 150-watt, 10-speaker system. Obviously, that doesn’t give you the best audio if you’re an audio buff, and the German automaker clearly knows this as it offers an optional but better 710-watt 14-speaker Bose Surround Sound System or, for even better sound, a Burmester 3D High-End Surround Sound System. 

The latter offers the very best sound in the Taycan and has a total power output of 1,455 watts. This system sports a 400-watt subwoofer and has 21 speakers in total. You get a two-way center speaker, and the other speakers are strategically placed in the Taycan, with a pair of tweeters placed in the A-pillars. 

The Burmester 3D surround system includes a special Auro 3D format, which, according to Porsche, provides an immersive 3D surround sound that makes you feel like you’re in the Belgian Galaxy Studios music hall. The 2026 Porsche Taycan starts at $105,800, but you’ll have to fork out $7,430 more for the Burmester sound system. Overall, the Taycan ranks as one of the best EVs on the market.

2026 Polestar 3

Sjoerd Van Der Wal/Getty Images

The 2026 Polestar 3 is a compact crossover that, besides its sub-four-second 0 to 60mph, has an upscale interior with one of the best factory-installed sound systems. Inside the cabin, you’ll find a 10-speaker stereo sound system by default, but like most cars on this list, you can upgrade to an even better one if you’re willing to pay a little bit extra. As an optional upgrade, the Polestar 3 offers a Bowers & Wilkins stereo sound system that delivers a total power output of 1,610 watts. 

The system features 25 speakers in total and supports the Dolby Atmos surround sound format for an immersive listening experience while cruising on the highway. This EV also includes a so-called Active road noise cancellation feature with the Bowers & Wilkins sound system, which, similar to Active Noise Cancellation (ANC) in headphones, blocks external noise to give you a serene environment to listen to your music. 

However, since you need to be aware of your surroundings while driving, it doesn’t block important sounds like car horns and sirens. The speakers are placed in different locations in the cabin, including some in each front-seat headrest. The Polestar 3 starts at $67,500, and to get the Bowers & Wilkins sound system, you’ll need to get the $5,500 Plus package.

How we selected these EVs

UKRID/Shutterstock

There are a variety of EVs on the market, and each model comes with a sound system. To compile this list, we conducted research across different websites, including manufacturer sites, to find EVs that offer solid sound systems, either as standard or as an optional upgrade. 

All the EVs we’ve discussed start at different price points, although most of them are a bit pricey compared to the average cost of an EV. But if you want to get an EV with one of the best sound systems from the factory, you should be ready to pay whatever it takes.

Source

When the world’s most widely used productivity suite becomes the preferred weapon of sophisticated state hackers, we all have a problem that transcends routine software bugs.

The recent exploitation of CVE-2026-21509 by Russia’s APT28 group, just days after Microsoft disclosed and patched it, isn’t merely another security incident to file away. It’s a flashing red warning indicator that the aggregation risk and our dependence on a default software platform is creating systemic risk in a world where spreadsheets and spyware are equally viable warfare tools.

APT28, also known as Fancy Bear, BlueDelta and Forest Blizzard, isn’t some shadowy newcomer. This unit of Russia’s GRU military intelligence has been wreaking havoc since at least 2007. They may have interfered in the 2016 US presidential election, compromised the World Anti-Doping Agency, targeted Nato, and they are credited with conducting countless operations against Ukrainian infrastructure. They’re sophisticated, relentless, and have a particular fondness for Microsoft’s ecosystem.

In recent years, they’ve exploited vulnerabilities in Microsoft Exchange, Outlook, and now Office itself. Their tradecraft isn’t opportunistic – it’s industrial-scale cyber warfare executed with military precision.

Severe Office vulnerability

Only recently we witnessed their latest attack. The timeline gives rise for concern as Microsoft issued an out-of-band patch for a high-severity Office vulnerability on 26 January.

Three days later, malicious documents exploiting that exact flaw started circulating in Ukraine. Phishing lure files appear to have been crafted within 24 hours of Microsoft disclosing the software flaw, a single day after the patch dropped.

Think about that timeline – this is an adversary that was either tipped off, had advance access, or was already weaponising the vulnerability before the patch even existed.

This is an adversary that was either tipped off, had advance access, or was already weaponising the vulnerability before the patch even existed Bill McCluggage

CVE-2026-21509 is a security feature bypass – the kind of flaw that tricks users into opening crafted Office files that deliver MiniDoor malware, designed to harvest and exfiltrate victims’ emails, along with PixyNetLoader malware, designed to implant malicious software on compromised systems.

The software flaw allows attackers to exploit the one thing Microsoft can’t patch – human trust. And in Ukraine, where hybrid warfare has transformed every inbox into a potential frontline, that trust is being systematically weaponised.

Structural problems

The problem is structural. IT professionals know that deploying patches isn’t instantaneous. They take time, albeit in some cases automated updates can be relatively quick. But in a conflict zone wrestling with bandwidth constraints, outdated systems, and limited access to enterprise-grade licensing, that vulnerability window becomes a chasm.

If Ukrainian organisations are running older Office builds because they lack resources for restrictive, subscription-based licensing, or can’t afford IT automation for patching, they’re sitting ducks. This is a strategic liability, and other nations need to understand the systemic risk they too face.

Microsoft’s patching cadence deserves further scrutiny, and this incident highlights that recognition delays matter, even outside of active conflict zones. When vulnerabilities are actively exploited before patches arrive or are installed, we’re no longer managing risk, we’re into documenting damage and incident recovery.

Delays in Microsoft patch deployment shouldn’t be inevitable – when your patch management depends on manual schedules, restricted bandwidth, or enterprise support you can’t access, that delay becomes a shooting gallery for groups like APT28.

And the Microsoft problem doesn’t end with Office. The growing dependence on Microsoft’s cloud infrastructure introduces sovereignty concerns that should alarm anyone paying attention.

Single point of failure

Recent Azure outages, whether from cyber attacks or botched updates, have demonstrated how a single point of failure implanted in Redmond can cascade globally. When national governments, critical infrastructure, and essential services run on cloud platforms controlled by one company, we’re not just talking about vendor lock-in. We’re talking about digital colonialism disguised as convenience that introduces systemic risk.

Market concentration compounds this risk. When a single platform is effectively the default across governments and corporations globally, vulnerabilities don’t fail in isolation – they fester and spread.

Licensing models and interoperability barriers that discourage diversification entrench this monoculture. The result is aggregation risk on a geopolitical scale – its bugs are potential weapons in grey-zone conflicts where every user is a potential target, and every attachment could be a trap.

This isn’t just a cyber security challenge – it’s a market structure problem. Structural risks require structural remedies. Bodies like the UK Competition and Markets Authority (CMA) and the European Commission’s Directorate-General for Competition have a clear role here, by ensuring that concentration in productivity and cloud services does not translate into national and global security vulnerabilities.

The ability to diversify and introduce real competition in secure cloud and productivity ecosystems is becoming a matter of digital sovereignty and defence resilience.

The way forward

So what’s the path forward? Microsoft must rethink vulnerability disclosure and patching for high-impact products introducing faster mitigation pathways and protective heuristics that can be deployed before formal patches are released.

Enterprises and governments need to invest in automated patch management and redundancy planning.

And regulators need to recognise that monoculture is inseparable from security risk.

The next frontier of cyber security policy isn’t just about defending networks – it’s about making markets safer by design.

Bill McCluggage was director of IT strategy and policy in the Cabinet Office and deputy government CIO from 2009 to 2012.

Source

9dream studio/Shutterstock

We may receive a commission on purchases made from links.

Apple’s MacBook lineup is widely liked for its impressive battery life, superior performance, and seamless integration with the company’s other devices. While it doesn’t include a ton of laptops, the MacBook Air and Pro models are available in a variety of configurations and have two size options each. However, when it comes to the price tag, MacBooks aren’t particularly cheap. That’s why Apple is reportedly working on a low-cost MacBook model that could take on cheap Windows laptops and Chromebooks. However, it’s yet to be officially confirmed and may take a while to arrive. So, if you are in the market today for the cheapest brand-new MacBook model, which should you go for?

The 13-inch Apple MacBook Air with the M4 chip is the cheapest MacBook you can buy new right now. Its base model with 16 GB of RAM and 256 GB of storage is available for as low as $850 on Amazon, down from its list price of $999. This price is not the lowest for the M4 MacBook Air, and it has gone down as low as $740, so you may score the MacBook even cheaper if you wait for the right moment. While you may think the MacBook Air version with the M3 and M2 chips may be cheaper, they are becoming pretty hard to come by and aren’t really available for less than $900. Here’s a look at what you can expect from the M4 MacBook Air and how it’s a great laptop for most people.

All you need to know about the 13-inch MacBook Air (M4)

Jonathan Weiss/Shutterstock

The 2025 MacBook Air is a substantial upgrade over previous generations. While that may not look like it on the surface, the M4 chip inside, according to Apple, is twice as fast as the M1 chip and can deliver 23 times faster performance than the fastest Intel-based MacBook Air models. Keep in mind, the last Intel-based MacBook Air came out just six years ago, in 2020.

Besides the impressive M4 chip, the latest MacBook Air has a new 12 MP Center Stage webcam that’s also a big upgrade over the camera found in older MacBook Air models. You also get better multi-display support, and it can support up to two 6K external displays. Additionally, there is the same beautiful Liquid Retina display, unibody aluminum chassis, and built-in Touch ID support.

Connectivity options are good, with Wi-Fi 6E and Bluetooth 5.3 support; however, port selection remains limited to two USB-C Thunderbolt ports and a 3.5mm headphone jack. Fortunately, the presence of the MagSafe port ensures you don’t block the Thunderbolt port while charging the MacBook. The M4 MacBook Air has received glowing reviews from all over, with reviewers calling it “the best laptop for most people,” praising the new camera, and highlighting its impressive performance. Unless you are doing heavy video editing or plan to play graphic-intensive games on your machine, the MacBook Air has plenty of power to keep you satisfied.

Source

Attempting to address the growingly complex and pressing needs of businesses for whom artificial intelligence (AI) innovation is moving faster than ever before, Cisco has unveiled a range of products and services that it assured will provide the infrastructure its customers need to move fast and adopt AI safely and securely, raising ambitions for secure and trusted agentic AI.

Launched at the Cisco Live 2026 Conference in Amsterdam, the new systems are said to reinforce the IT and networking behemoth’s ability to deliver networking, security, observability and sovereignty through a unified technology platform.

Yet, as stressed by Gordon Thomson, president of Cisco’s Europe, Middle East and Africa (EMEA) region, in a world defined by AI, companies run the risk of being left behind if they are not leading with AI in their operations, and that to take maximum advantage of AI, Cisco had to think differently in four different key areas, specifically time, trust, talent and technology.

Time is slipping away

“Time is one of our most precious assets. IDC estimates that by 2030, AI investments could generate $22.3tn in economic benefit. But beware: time is already slipping away, and it’s asking hard questions of us all. Are you moving fast enough? Are you still operating as you did one, two or even three years ago? If you are, then the risk is real,” said Thomson.

“We asked enterprise technology leaders about the shift they anticipated with agentic AI, and 78% of leaders said that agentic AI will significantly reshape how their industry operates over the next few years. So all industries are going to feel this tectonic shift. Few will be exempt. And 80% of leaders said agentic will be essential for survival in 2027. That is just next year,” he added.

The speed we’re moving at today is just not fast enough. The promise of AI surrounds us, but our readiness really must catch up, and it must catch up quickly Gordon Thomson, Cisco

“We all need to redefine not just our mindsets, but our organisational DNAs, because the speed we’re moving at today is just not fast enough. The promise of AI surrounds us, but our readiness really must catch up, and it must catch up quickly. The clock is ticking. Preparedness can no longer be a long-term goal. It’s an immediate imperative. None of us can operate the same way as we did last year.”

The executive revealed further findings from the Cisco AI Readiness Index, which showed that only 11% of organisations in EMEA said they were fully prepared for AI. These companies, noted Thomson, “are already watching their competitors in the rearview mirror”, and are five times more likely to turn pilots into production and 60% more likely to see measurable value from investments in AI products and services than anyone else.

A foundation of trust

Regarding trust, Thomson said this quality wasn’t just a value but a foundation – “the currency that enables progress and accelerates change”. Trust, he said, has a number of layers and levels. For example, security trust, as it was not possible to have an AI-driven economy that Cisco could not protect. AI, he emphasised, should start with safety and security.

Secondly, he pointed to innovation trust, which matters more than ever. “You can trust our innovation not just to create the next big thing, but also to ensure our ecosystem remains open. We’re backwards-compatible, and we’re ready for what comes next. We also deliver innovation that’s built with your trust requirements.”

Thirdly, there was execution trust, and then sovereign trust. The latter, which is about finding the right balance between flexibility and control, was recognised by Cisco as also being more crucial now than ever before.

Ecosystem of talent

As he continued with his address, Thomson warned that an AI-powered economy that only a few could participate in was not a resilient one. He said a key task for Cisco was to make sure that every organisation, every community and every individual could not only participate in AI, but could benefit from what it can promise.

Agentic AI doesn’t replace human potential. It unlocks human potential. Therefore, we need to build a different skillset across our talent ecosystem, because that talent will increasingly work with and alongside AI agents Gordon Thomson, Cisco

“Only this ecosystem of talent will fuel sustainable growth, competitiveness and shared prosperity, but our workforce is changing, and we need to keep up. Agentic AI is moving from concept to capability. It can reason, it can plan, it can act alongside people. But most importantly, agentic AI doesn’t replace human potential. It unlocks human potential. Therefore, we need to build a different skillset across our talent ecosystem, because that talent will increasingly work with and alongside AI agents.”

AI-ready infrastructure

Finally, addressing technology, Thomson said that with AI, the tech industry has reached a key point as regards infrastructure, compute, networks, security and monitoring, noting that the infrastructure that firms have relied on to date wasn’t built for the scale and the velocity of future workloads. The Cisco research highlighted how 62% of IT leaders expect workloads to rise by over 30% in the next two to three years, 65% said they were struggling to centralise data, and over a third were currently unable to prevent or detect AI threats.

Future tech would be different, said Thomson. “The solution isn’t about stacking tiny new products on top of each other – that just creates complexity and will slow you down. [Success] requires a platform that uses data to be more efficient, more secure and more scalable. The result is that we’re delivering AI-ready datacentres, future-proofed workplaces and digital resilience, all built in a foundation of secure global connectivity.

“Delivering these capabilities at pace is what you need to thrive. … It’s no longer just about deploying product features; it’s about delivering real business outcomes. You do that with platforms, not with products. We are working at speed because AI isn’t waiting. That convergence of time, technology, talent and trust isn’t a coincidence. These things are defining. We can turn AI into a reality. Not tomorrow, but today.”

Unified AI platform

Key platform and service launches at Cisco Live encompassed three key areas delivered as part of a unified platform, namely the Cisco Silicon One G300 switch; AgenticOps across networking, security and observability to “transform” how IT teams reduce complexity and operate efficiently at scale; and updates to the AI Defense security solution alongside advances to its secure access service edge (SASE) offering.

The G300 switch is designed to power gigawatt-scale AI clusters for training, inference and real-time agentic workloads, and is claimed to be able to maximise graphics processing unit (GPU) utilisation with a 28% improvement in job completion time, allowing users to scale out their buildout of AI clusters. The G300 offers Intelligent Collective Networking, and is said to deliver a 33% increase in network utilisation and a 28% improvement in job completion time versus non-optimised traffic. G300-powered systems are being designed for AI network builders – hyperscalers, neoclouds, sovereign private deployments, service providers, and now enterprises.

To address the diverse requirements of AI environments, Cisco has updated its Nexus One platform with a unified management plane to bring together silicon, systems, optics, software and programmable intelligence as a single integrated solution.

The Unified Fabric of Nexus One is said to allow customers to deploy fast and adapt their networks as demands shift, even across multiple sites. The Cisco N9000 systems serve as the common hardware for a diverse set of fabrics, including Nexus Hyperfabric, with a unified management plane to centralise operations. Application programming interface (API)-driven automation and customisation are built-in.

The AgenticOps innovations will span the Cisco portfolio and are designed to help automate, scale and simplify AI-era IT operations. The system draws on cross‑domain telemetry across Cisco Networking, Security Cloud Control, Cisco Nexus One and Splunk, among other applications. These capabilities include tools, skills and platform enhancements across networking, security and observability.

With native Splunk platform integration coming in March, customers will be able to analyse network telemetry directly where data resides, without having to move it to external platforms. This is an essential capability for sovereign cloud deployments and compliance-sensitive environments where data locality is paramount.

In the security domain, the AI Defense enhancements are the biggest-ever updates to the product, bringing AI supply chain governance and runtime protections to agentic tool use. This is claimed to reduce the risk of compromise or manipulation. AI-driven SASE advancements to include intent-aware inspection of agentic AI interactions and tool requests, evaluating the “why” and “how” of agentic traffic to ward off novel threats.

Source

We may receive a commission on purchases made from links.

Choosing the right 3D printer is the most important choice when setting up a 3D printing station, but without having a stable surface to store it on, tools to maintain and clean it, and filament, it would be a rough ride. 3D printers are noisy and need to be operated in well-ventilated areas, so having a dedicated space for a 3D printing project is essential.

Costco has some great products that are essential in setting up a full 3D printing station, which comes from one retailer, and means less time sourcing the right gear and more time 3D printing. The centerpiece is a multi-color 3D printer supported by heavy-duty shelving, vibration control, quality filament, and practical tools for cleanup, finishing, and maintenance. Putting these products together makes for a solid and scalable 3D printing workstation with plenty of space for more printers and storage.

This includes buying the 3D printer from Costco, which can be cheaper than Amazon, depending on the kind of 3D printer you’re looking for. The Creality K2 Combo is user-friendly and not too big, making it a good entry point for those new to the hobby. It’s a great setup for experienced 3D printing enthusiasts too, making sure no space is wasted and is fit for purpose.

Costco 3D printer options

Every home 3D printing setup starts with a 3D printer. Apologies for the sudden shock. Costco typically stocks models designed for ease of use, which also bring some cool features like enclosures, automatic print bed levelling, and error detection. At the time of writing, all of the Costco 3D printers on sale have enclosures, which help regulate temperatures and allow the 3D printer to control the properties of the filament being used. This also helps print consistency, reduces noise, and gives better control when working with tougher filament materials.

Some 3D printers also come with multi-filament systems that allow multiple spools of filament to be loaded at the same time, reducing the need for manual hot swapping during longer projects. Built-in cameras are becoming quite common in 3D printers now, as it allows users to leave their printer to do its job while keeping an eye on the project remotely. It can also double as a print failure detection device. This pauses projects when a print failure occurs, so a user can resolve the issue and carry on with the project.

It’s a win-win for everyone. Beginners benefit from a simple, guided setup, pre-tuned profiles, and safety-focused features out of the box to ease their way into the essential rules of 3D printing. Experienced users benefit from tough metal frames, faster XY axis and nozzle, and support for filaments that require higher temperatures to use. That means more fun projects to experiment with.

Shelves

A 3D printer’s performance is strongly influenced by the surface it rests on, and Costco sells a three-tier modular wire shelving unit for about $65. By placing the printer on the top shelf for easy access, the other two shelves will be great for storing filament and finished projects. Each shelf is rated for 150 pounds and is 23 x 13 inches, with each rack standing at 30 inches. Shelves can be seated every inch on the frame, so there’s plenty of flexibility for storing bigger projects and adding more 3D printers, filament connectors, and filament dryers down the line.

It’s going to be a good idea to fix the racking against a solid wall to keep it from shaking whilst printing. A few off-wall saddle brackets from Amazon or your local hardware store will do the trick. To have more access to the back of the 3D printing station without moving it, mount the saddle brackets on a desired width of wood, with the wood screwed into the wall.  

Polymaker filaments are great for high-speed printing

Filament quality plays a significant role in print reliability and surface finish, and PLA is the easiest type of filament to work with. Costco is appealing to most by selling some basic colors of Polymaker PLA Pro for $59.99 and fun color filament rolls for $69.99. They’re designed for everyday printing, work well with any FDM 3D printer, and are the most commonly used material for projects.

Users have the choice of basic colors of black, white, blue, and red with the core colors pack or celestial purple, starlight Neptune, silk gold, and marble white with the fun colors pack. Of course, users can buy both packs and experiment with different color options, which is half the fun of so many 3D printing projects.

When preparing your STL file and looking at slicer settings (the software used to prepare a 3D file to then send to the printer), there will be a world of options. You can get the most out of PLA filament rolls by making sure your 3D model is standing up or on its most stable point, enable “ironing” for a smoother finish, and enabling auto-supports to make sure nothing is being printed on thin air. Also, opting for a slower print time means better accuracy and tensile strength, too.

Essential 3D print cleanup and finishing tools

3D printing can get very messy quickly, especially when you’re printing with multiple colors. 3D printers will need to purge the remaining color inside the nozzle before moving over to a new filament, resulting in dreaded filament poop. Most 3D printers have a tray for this, but that can fill up quickly, which is where the Fanttik X200 Mix cordless vacuum comes in handy.

It’s compact enough to store on a 3D print station and has enough power to clean up filament snips and poop from fans, vents, and electronics without taking the printer apart. Then, instead of keeping different tools stored on the 3D printing station, you can get a multitool to help save some space. Plus, it’s handy to have on hand in a pocket.

Costco sells CAT’s two-piece deluxe multitool set for $41.99, and it has everything needed for a 3D printing station. You can trim filament for loading, remove supports, and smooth rough edges during post-processing of your printed project. It combines cutting, gripping, and filing tools into a single kit to make life easier. Why take up more room on a shiny new 3D printer station with more tools when a printed Star Wars Stormtrooper helmet can take their place instead?

Source