Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

India Considers Separate AI Regulatory Framework as Government Signals Policy Shift

  The Indian government is considering a law to govern artificial intelligence (AI) systems, signaling a shift from its previous approach of...

All the recent news you need to know

WhatsApp Appoints CRED Founder Kunal Shah as New Global Head

 

In a landmark move for the global tech industry, WhatsApp announced in June 2026 that its long-serving head Will Cathcart will step down, with Indian fintech founder Kunal Shah appointed as his successor. This transition marks the first time an Indian entrepreneur will lead one of the world's largest messaging platforms, which boasts over three billion monthly active users. The announcement coincides with Meta's substantial $900 million investment in Shah's credit-card rewards platform, CRED, valuing the fintech company at $4.5 billion. 

Will Cathcart has led WhatsApp since 2019, overseeing a period of rapid expansion and navigating complex challenges around encryption, misinformation, and regulatory scrutiny across multiple continents. During his seven-year tenure, the platform evolved from a simple messaging app into a comprehensive communication ecosystem with business tools, payments integration, and enhanced privacy features. 

Cathcart will not depart Meta entirely; instead, he transitions to a newly created division focused on developing next-generation consumer products using artificial intelligence technologies. Meta CEO Mark Zuckerberg expressed enthusiasm about continuing close collaboration with Cathcart in this innovative capacity, signaling the company's strategic pivot toward AI-driven product development. 

Kunal Shah, 42, is no stranger to building successful technology ventures, having previously co-founded FreeCharge—an online recharge platform acquired by Snapdeal in 2015—before launching CRED in 2018. CRED quickly became one of India's most prominent fintech platforms, offering a members-only credit-card payment and rewards service that recently achieved its first profitable quarter in 2026. 

As part of this leadership transition, Shah will relocate from Bengaluru to Meta's headquarters in Menlo Park, California, stepping away from day-to-day operations at CRED while remaining a shareholder. Miten Sampat, who has led strategy and finance at CRED since 2020, assumes the role of interim CEO. 

The $900 million investment secures Meta a 20 percent minority stake in CRED, reflecting the tech giant's confidence in Shah's vision and India's digital payments ecosystem. Shah emphasized on social media that Meta's investment does not grant access to CRED member data, maintaining the platform's privacy commitments. 

This deal positions Meta deeper into India's fintech landscape while leveraging Shah's expertise in building trusted, user-centric platforms—a critical asset as WhatsApp continues expanding its payment and business services globally. The timing underscores Meta's broader strategy of integrating financial services within its social and communication products, with Shah's appointment expected to accelerate WhatsApp's monetization efforts in emerging markets.

BeyondTrust Patches Four Vulnerabilities in Remote Support and PRA

 




BeyondTrust has released security updates to remediate four vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, including two Critical authentication bypass flaws that could allow attackers to gain unauthorized access to vulnerable appliances under specific deployment configurations. The products are commonly used by organizations to deliver remote technical support and manage privileged access to enterprise systems, making them attractive targets because they often provide administrative access to critical IT environments.

The most severe issues originate within the products' authentication mechanisms, which verify user identities before granting access. Because the vulnerabilities can be triggered before the authentication process is completed, successful exploitation may allow attackers to bypass an important security control without first supplying valid credentials.

One of the Critical vulnerabilities, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and affects both BeyondTrust Remote Support and Privileged Remote Access. According to the advisory, the flaw stems from improper validation of authentication data within the authentication subsystem. Under specific authentication configurations, a network-positioned attacker could bypass access controls and obtain unauthorized access to the appliance, including accounts with elevated privileges.

BeyondTrust also addressed CVE-2026-40139, another Critical vulnerability assigned a CVSS score of 9.2 that impacts Remote Support. The issue results from improper processing of authentication requests and could enable an unauthenticated remote attacker to circumvent authentication controls and gain unauthorized access to affected appliances, including privileged accounts. Similar to CVE-2026-40138, exploitation depends on a particular authentication configuration being enabled, meaning the exposure varies according to how affected environments are deployed.

In addition to the authentication bypass flaws, the company disclosed CVE-2026-40140, a High-severity vulnerability with a CVSS score of 8.7 affecting the network communication subsystem. The issue arises from insufficient validation of client-supplied input and could allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition, disrupting the availability of vulnerable appliances rather than providing direct access to them.

The fourth vulnerability, CVE-2026-40141, received a CVSS score of 8.5 and affects web application components within both Remote Support and Privileged Remote Access. Caused by inadequate validation of user-supplied input, the flaw could enable an authenticated user with limited privileges to access resources or information beyond their intended authorization. BeyondTrust noted that exploitation of this vulnerability is limited to accounts that already possess specific permissions.

The company said the vulnerabilities were identified during ongoing internal security assessments with assistance from publicly available artificial intelligence models, including Anthropic Claude Opus 4.8, alongside BeyondTrust's proprietary security research tooling. The use of AI-supported analysis reflects a growing trend of incorporating large language models into vulnerability research to assist security teams in identifying potential weaknesses alongside conventional testing techniques.

According to BeyondTrust, the most severe vulnerabilities could allow authentication bypass and unauthorized access when affected systems are configured in specific ways. The remaining flaws could result in service disruption, unintended access to data, or expanded privileges for authenticated users under defined conditions, potentially affecting the confidentiality, availability, and integrity of vulnerable systems.

The vulnerabilities have been resolved in Remote Support version 25.3.3 and later and Privileged Remote Access version 25.3.3 and later. Organizations running version 25.3.2 or earlier of either product are advised to upgrade to the latest available release to mitigate the disclosed risks.

BeyondTrust stated that it has not observed evidence of the newly disclosed vulnerabilities being exploited in the wild. Nevertheless, the company noted that its Remote Support and Privileged Remote Access products have previously been targeted by threat actors. Earlier vulnerabilities, including CVE-2024-12356 and CVE-2026-1731, were exploited to deploy web shells and backdoors on compromised appliances, demonstrating the continued interest of attackers in enterprise remote access infrastructure. Given that history and the privileged role these products play within enterprise environments, organizations are encouraged to apply the available security updates promptly to reduce their exposure to potential attacks.

Flipper Zero Firmware Continues With New Community Rules


Flipper Devices said it will continue the development of the Flipper Zero firmware, with more reliance on community contributions and a smaller internal team.

New devices 

The announcement came after Flipper decided on building new devices such as Flipper One open Linux platform, where the organization shifted to the community’s help to finish development.

Besides this, Flipper also launched a Buy Bar device for people with Attention Deficit Hyperactivity Disorder (ADHD) to reduce interruptions, which will be open for sale on July 14 in the US, U.K, Canada, and Europe.

Limited production 

Flipper Devices said that the genuine firmware for the Flipper Zero portable pen-testing device will still continue, but full-time feature production ends now.

The first major stable release- Flipper Zero Firmware 1.0, was announced in September last year, after three years of development. The latest stable launch is variant 1.4.3, out since December last year.

By then, the company felt that the firmware was matured, with APIs and a stable SDK and all features implemented safely.

Backlash from community

Recently, the team hinted that firmware development was shut down, resulting in strong backlash from people. “We've seen the strong reaction from the community over the idea that we've stopped developing the Flipper Zero firmware,” Flipper said in a blog post. "We want to address this and let you know that we've heard all your feedback and have decided to rethink our approach to maintaining the project and engaging with the community," Flipper added.

Flipper's response

To address the concerns, Flipper has made a new technique for the project that depends on closer communication with supporters to keep firmware development in process.

The project will continue with a few resources and in a new way to communicate with the community, such as:

  • Interactions will only happen via GitHub Discussions, where new requests may be voted too.
  • Flipper Zero requests will be seen weekly.
  • Community pull requests will be considered with strict review guidelines.
  • Firmware modifications to require compulsory integration and regression analysis, and will be open to the community. 

“We're moving all requests from the Flipper Zero community to GitHub Discussions. Now you can 🤚 vote for feature requests that really matter, so we can see what the community actually wants and prioritize them,” Flipper said.

Five Eyes Warn AI-Powered Cyberattacks Could Outpace Defenses Within Months


 

A Five Eyes intelligence alliance has issued an urgent warning, warning that advanced artificial intelligence could soon allow cyberattacks capable of overwhelming government and enterprise defenses. They urge companies to strengthen their cybersecurity before these threats become reality. 

The alliance, comprising the United States, the United Kingdom, Canada, Australia, and New Zealand, announced on Monday that frontier artificial intelligence models are expected to transform offensive and defensive cyber operations in the coming months, rather than years, according to the alliance. According to the agencies, rapidly advancing artificial intelligence capabilities are lowering the barriers to cybercrime by facilitating faster, more sophisticated attacks. 

Several recent U.S. restrictions on foreign access to Anthropic's most advanced AI systems were prompted by concerns about their cybersecurity capabilities. This warning comes amid growing concern over the security implications of next-generation AI models. It was requested by intelligence partners that governments and businesses strengthen their cyber resilience immediately. 

There are several recommended measures, including patching known software vulnerabilities, modernizing legacy infrastructure, enforcing stricter access controls, and investing in proactive security monitoring. In addition to acknowledging the trend of threat actors adopting artificial intelligence to accelerate cyber operations, the alliance also stressed that this technology can significantly strengthen defenses.

Security tools powered by artificial intelligence can be used to identify vulnerabilities earlier, detect suspicious activity in real-time, improve software quality, and respond to incidents more quickly. According to cybersecurity experts, the warning is of particular significance to small and medium-sized companies, which may lack the resources and mature security programs found in large corporations. 

AI-driven attacks are likely to present the greatest risk to organizations with outdated systems and weak security controls as they become more accessible. Furthermore, the statement highlights the growing debate on AI governance. The debate between governments and industry continues, however experts contend that regulatory efforts have not kept pace with the rapid development of frontier AI models. 

echnology leaders and security researchers have recently called for a more transparent and scientifically based approach to artificial intelligence risk assessment while ensuring defensive security capabilities continue to advance. A Five Eyes warning emphasizes that artificial intelligence is rapidly transforming the cyber threat landscape. 

Organizations that are proactive in strengthening their security posture and integrating artificial intelligence into their defense systems will have greater success defending themselves against the next generation of cyber threats. The Five Eyes warning reflects a growing consensus that artificial intelligence is transforming cyber threat landscapes at a historic pace. 

Organizations with a strong resilience strategy, modernized security infrastructure, and responsible adoption of AI-driven defenses will be better prepared to deal with the next generation of cyber threats as offensive capabilities evolve.

Proxy Servers Power More Than Cybersecurity, Emerging as a Backbone for AI and Digital Businesses

 

Proxy servers are commonly linked with cybersecurity and online privacy, with much of the public conversation focusing on their association with cybercrime. However, beyond these concerns, proxy servers have become an essential part of modern business operations, research activities and emerging technologies, particularly artificial intelligence (AI).

According to Proxyway's annual market report, which has tracked the commercial proxy server industry since 2019, proxy servers play a much larger role in the digital economy than many people realise.

Proxy servers are computers that allow users to access the internet through a different internet connection. By routing traffic through another device, users can obtain a different IP address, making it appear as though they are browsing from another location or internet service provider.

Although they share similarities with virtual private networks (VPNs), proxy servers differ in one important way. Businesses often operate multiple proxy servers simultaneously instead of relying on a single connection, enabling them to collect publicly available web data on a much larger scale, subject to the policies of individual websites.

Beyond cybersecurity, proxy servers have become a key part of legitimate commercial operations. A well-established industry now provides proxy services to businesses across the globe while working towards responsible self-regulation. Several leading providers generate significant annual revenues by offering enterprises tools for large-scale web access and data collection.

Proxyway surveyed 13 major proxy service providers and found that e-commerce remains the biggest area of demand. Businesses use proxy servers to monitor competitors' product listings and pricing, build price comparison platforms, analyse customer reviews to understand market sentiment and support other commercial intelligence activities.

Proxy servers are also used to detect counterfeit products across online marketplaces and verify that digital advertisements appear in the intended locations.

In the travel industry, proxy technology enables online travel agencies and hotel booking platforms to compare prices and secure competitive deals. Digital marketers rely on proxies to track search engine rankings across different locations, while cybersecurity professionals use them to identify malicious applications online. Researchers and academic institutions also depend on proxy networks to gather extensive datasets, including studies examining media representation of women in workplaces.

Supporting AI development

Proxy servers are increasingly becoming an important component of the AI ecosystem.

They help facilitate access to the vast volumes of web data needed to train and update large language models. As AI systems continue to evolve through regular retraining, proxy infrastructure supports ongoing data collection efforts.

The report also highlights the growing role of proxy servers in agentic AI, where autonomous AI systems perform tasks on behalf of users.

For several proxy providers, AI-focused clients now represent a substantial share of their customer base. One major industry participant has reported strong year-on-year growth driven partly by rising demand from AI companies, with annualised recurring revenue increasing significantly and further expansion expected, according to the report.

Industry experts stress that proxy servers themselves are neutral technologies whose impact depends on how they are used. Their applications range from cybersecurity investigations and academic research to commercial operations and AI development.

Many established providers have adopted measures to ensure responsible usage. Residential proxy networks are built by obtaining users' consent and offering compensation to participants who contribute their internet connections.

Providers also conduct customer verification, with some requiring identity documents and video-based authentication. Many restrict access to high-risk websites, including government and financial institutions, while continuously monitoring their networks for misuse.

Several companies have also come together under the Ethical Web Data Collection Initiative, a consortium that aims to promote responsible data collection practices, strengthen public confidence and encourage sustainable industry standards.

While debates continue around AI training practices and the use of publicly available web data, proxy servers remain an important part of the internet's infrastructure, quietly supporting many digital services that people use every day.

Sovereign File Architecture Gains Importance as Enterprises Rethink Cloud Data Control

 

Cloud computing changed enterprise IT by enabling organizations to achieve significant storage scalability and cost savings. Companies quickly embraced the idea of storing data in the cloud because of its flexibility and accessibility. However, because information remains on physical servers, companies are discovering that data is stored in a specific location subject to local legislation. 

This led to the concept of sovereign file architecture, one of the strategies by which organizations seek to store information considering jurisdiction as a critical factor. The data storage strategy is now focused on achieving file sovereignty and residency rather than convenience. Data sovereignty differs from privacy in that the former concerns the primary authority that possesses the right to store and access information, while the latter relates to its geographic location. 

While the early cloud computing innovators placed their data with the most accessible and cost-effective infrastructure, there was little information on where exactly it was stored. This created a sovereignty gap, as the organizations had limited insight into who could access the information and the applicable legal frameworks. At the same time, there are more data residency and sovereignty risks today as countries impose strict regulations and trade barriers while dealing with cybersecurity threats and geopolitical tensions. 

Data residency is a crucial consideration for many organizations, particularly those dealing with sensitive data and operating at a multinational level. Disasters, government restrictions, or geopolitical tensions may render some servers inaccessible, thus necessitating the need to store data in different jurisdictions. Enterprises are now prioritizing storage solutions that give them the most control by allowing them to migrate or place their information as they see fit. 

These factors are driving companies to adopt sovereign file architecture, which is designed to decouple file management from storage. By doing so, organizations satisfy the need to store data in several jurisdictions and maintain flexibility regarding where to store sensitive or non-sensitive information. Enterprises can also utilize a hybrid strategy consisting of private and public storage methods, thus balancing costs and file security. 

Sovereign file architecture allows organizations to remain compliant with the increasingly stringent data residency and sovereignty laws enforced by governments worldwide. Consequently, there is now a growing preference for sovereign file architectures over other options when considering factors such as transparency, legal protection, and control.

Featured