Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Technology. Show all posts
trending news
AI cybersecurity Emerging tech news Generative AI latest news News Technology Technology News trending news

Generative AI in Cybersecurity: A Double-Edged Sword

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge of aligning strategic priorities between cybersecurity leaders and company boards.

The Role of AI in Cybersecurity

According to the latest Splunk CISO Report, cyberattacks are becoming more frequent and sophisticated. Yet, 41% of security leaders believe that the requirements for protection are becoming easier to manage, thanks to advancements in AI. Many CISOs are increasingly relying on AI to:

  • Identify risks (39%)
  • Analyze threat intelligence (39%)
  • Detect and prioritize threats (35%)

However, GenAI is a double-edged sword. While it enhances threat detection and protection, attackers are also leveraging AI to boost their efforts. For instance:

  • 32% of attackers use AI to make attacks more effective.
  • 28% use AI to increase the volume of attacks.
  • 23% use AI to develop entirely new types of threats.

This has led to growing concerns among security professionals, with 36% of CISOs citing AI-powered attacks as their biggest worry, followed by cyber extortion (24%) and data breaches (23%).

Challenges and Opportunities in Cybersecurity

One of the major challenges is the gap in budget expectations. Only 29% of CISOs feel they have sufficient funding to secure their organizations, compared to 41% of board members who believe their budgets are adequate. Additionally, 64% of CISOs attribute the cyberattacks their firms experience to a lack of support.

Despite these challenges, there is hope. A vast majority of cybersecurity experts (86%) believe that AI can help attract entry-level talent to address the skills shortage, while 65% say AI enables seasoned professionals to work more productively. Collaboration between security teams and other departments is also improving:

  • 91% of organizations are increasing security training for legal and compliance staff.
  • 90% are enhancing training for security teams.

To strengthen cyber defenses, experts emphasize the importance of foundational practices:

  1. Strong Passwords and MFA: Poor password security is linked to 80% of data breaches. Companies are encouraged to use password managers and enforce robust password policies.
  2. Regular Cybersecurity Training: Educating employees on risk management and security practices, such as using antivirus software and maintaining firewalls, can significantly reduce vulnerabilities.
  3. Third-Party Vendor Assessments: Organizations must evaluate third-party vendors for security risks, as breaches through these channels can expose even the most secure systems.

Generative AI is reshaping the cybersecurity landscape, offering both opportunities and challenges. While it enhances threat detection and operational efficiency, it also empowers attackers to launch more sophisticated and frequent attacks. To navigate this evolving landscape, organizations must align strategic priorities, invest in AI-driven solutions, and reinforce foundational cybersecurity practices. By doing so, they can better protect their systems and data in an increasingly complex threat environment.

Read more »
WordPress
Hacking Internet Plugins Technology Website WordPress

Hackers Exploit WordPress Sites to Attack Mac and Windows Users


According to security experts, threat actors are abusing out-of-date versions of WordPress and plug-ins to modify thousands of sites to trap visitors into downloading and installing malware.

In a conversation with cybersecurity news portal TechCrunch, Simon Wijckmans, founder and CEO of the web security company c/side, said the hacking campaign is still “very much live”.

Spray and pray campaign

The hackers aim to distribute malware to loot passwords and sensitive data from Mac and Windows users. According to c/side, a few hacked websites rank among the most popular ones on the internet. Reporting on the company’s findings, Himanshu Anand believes it is a “widespread and very commercialized attack” and told TechCrunch the campaign is a “spray and pray” cyber attack targeting website visitors instead of a specific group or a person.

After the hacked WordPress sites load in a user’s browser, the content immediately turns to show a false Chrome browser update page, asking the website visitor (user) to download and install an update to access the website, researchers believe. 

Users tricked via fake sites

When a visitor agrees to the update, the compromised website will ask the user to download a harmful malware file disguised as the update, depending on whether the visitor is a Mac or Windows user. Researchers have informed Automattic (the company) that makes and distributes Wordpress.com about the attack campaign and sent a list of harmful domains. 

According to TechCrunch, Megan Fox, spokesperson for Automattic, did not comment at the time of press. Later, Automattic clarified that the security of third-party plugins is the responsibility of WordPress developers.

“There are specific guidelines that plugin authors must consult and adhere to ensure the overall quality of their plugins and the safety of their users,” Ms Fox told TechCrunch. “Authors have access to a Plugin Handbook which covers numerous security topics, including best practices and managing plugin security,” she added. 

C/side has traced over 10,000 sites that may have been a target of this hacking campaign. The company found malicious scripts on various domains by crawling the internet, using a reverse DNS lookup to find domains and sites linked with few IP addresses which exposed a wider number of domains hosting malicious scripts. TechCrunch has not confirmed claims of C/side’s data, but it did find a WordPress site showing malicious content earlier this week.

Read more »
Technology
AlphaFold Artificial Inteligence clinical trials drug discovery Isomorphic Labs protein prediction Technology

AI-Designed Drugs by DeepMind Expected to Enter Clinical Trials This Year

 

Isomorphic Labs, a Google DeepMind spinoff, is set to see its AI-designed drugs enter clinical trials this year, according to Nobel Prize-winning CEO Demis Hassabis.

“We’ll hopefully have some AI-designed drugs in clinical trials by the end of the year,” Hassabis shared during a panel at the World Economic Forum in Davos. “That’s the plan.”

The company aims to drastically reduce the drug discovery timeline from years to mere weeks or months, leveraging breakthroughs in artificial intelligence. Hassabis, along with DeepMind scientist John Jumper and a US professor, was awarded the 2024 Nobel Prize in Chemistry for their innovative work in predicting protein structures.

While AI's ability to analyze vast data sets holds promise for speeding up drug development, a December report by Bloomberg Intelligence highlighted a cautious adoption of the technology by major pharmaceutical companies. The report, led by analyst Andrew Galler, noted that initial data for clinical candidates has been mixed.

Despite this, partnerships between tech firms and pharmaceutical companies are growing. In 2023, Isomorphic Labs entered into strategic research collaborations with Eli Lilly & Co. and Novartis AG.

Founded in 2021 to commercialize DeepMind’s AI in drug discovery, Isomorphic Labs builds on the success of AlphaFold, DeepMind’s revolutionary tool for predicting protein patterns. Since its launch in 2018, AlphaFold has evolved to its third iteration, now capable of modeling a wide range of molecular structures, including DNA and RNA, and predicting their interactions.
Read more »
Threat Landscape
Artificial Intelligence Crypto Hack Quantum computing Technology Threat Landscape

A Looming Threat to Crypto Keys: The Risk of a Quantum Hack

 


 The Quantum Computing Threat to Cryptocurrency Security

The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears is its ability to break the private keys safeguarding cryptocurrency wallets.

While this threat is genuine, it is unlikely to materialize overnight. It is, however, crucial to examine the current state of quantum computing in terms of commercial capabilities and assess its potential to pose a real danger to cryptocurrency security.

Before delving into the risks, it’s essential to understand the basics of quantum computing. Unlike classical computers, which process information using bits (either 0 or 1), quantum computers rely on quantum bits, or qubits. Qubits leverage the principles of quantum mechanics to exist in multiple states simultaneously (0, 1, or both 0 and 1, thanks to the phenomenon of superposition).

Quantum Computing Risks: Shor’s Algorithm

One of the primary risks posed by quantum computing stems from Shor’s algorithm, which allows quantum computers to factor large integers exponentially faster than classical algorithms. The security of several cryptographic systems, including RSA, relies on the difficulty of factoring large composite numbers. For instance, RSA-2048, a widely used cryptographic key size, underpins the private keys used to sign and authorize cryptocurrency transactions.

Breaking RSA-2048 with today’s classical computers, even using massive clusters of processors, would take billions of years. To illustrate, a successful attempt to crack RSA-768 (a 768-bit number) in 2009 required years of effort and hundreds of clustered machines. The computational difficulty grows exponentially with key size, making RSA-2048 virtually unbreakable within any human timescale—at least for now.

Commercial quantum computing offerings, such as IBM Q System One, Google Sycamore, Rigetti Aspen-9, and AWS Braket, are available today for those with the resources to use them. However, the number of qubits these systems offer remains limited — typically only a few dozen. This is far from sufficient to break even moderately sized cryptographic keys within any realistic timeframe. Breaking RSA-2048 would require millions of years with current quantum systems.

Beyond insufficient qubit capacity, today’s quantum computers face challenges in qubit stability, error correction, and scalability. Additionally, their operation depends on extreme conditions. Qubits are highly sensitive to electromagnetic disturbances, necessitating cryogenic temperatures and advanced magnetic shielding for stability.

Future Projections and the Quantum Threat

Unlike classical computing, quantum computing lacks a clear equivalent of Moore’s Law to predict how quickly its power will grow. Google’s Hartmut Neven proposed a “Neven’s Law” suggesting double-exponential growth in quantum computing power, but this model has yet to consistently hold up in practice beyond research and development milestones.

Hypothetically, achieving double-exponential growth to reach the approximately 20 million physical qubits needed to crack RSA-2048 could take another four years. However, this projection assumes breakthroughs in addressing error correction, qubit stability, and scalability—all formidable challenges in their own right.

While quantum computing poses a theoretical threat to cryptocurrency and other cryptographic systems, significant technical hurdles must be overcome before it becomes a tangible risk. Current commercial offerings remain far from capable of cracking RSA-2048 or similar key sizes. However, as research progresses, it is crucial for industries reliant on cryptographic security to explore quantum-resistant algorithms to stay ahead of potential threats.

Read more »
Technology
Cloud Security Cryptojacking Cybersecurity Threats Google Cloud MFA Raccoon Stealer Ransomware Technology

TRIPLESTRENGTH Targets Cloud for Cryptojacking, On-Premises Systems for Ransomware Attacks

 

Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations.

"This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," Google Cloud noted in its 11th Threat Horizons Report.

TRIPLESTRENGTH employs a three-pronged attack strategy: unauthorized cryptocurrency mining, ransomware deployment, and offering cloud platform access—spanning services like Google Cloud, AWS, Azure, Linode, OVHCloud, and Digital Ocean—to other attackers. The group's primary entry methods involve stolen credentials and cookies, often sourced from Raccoon Stealer logs. Compromised environments are used to create compute resources for mining cryptocurrency using tools like the unMiner application and the unMineable mining pool, optimized for both CPU and GPU algorithms.

Interestingly, TRIPLESTRENGTH has concentrated its ransomware efforts on on-premises systems, deploying lockers such as Phobos, RCRU64, and LokiLocker.

"In Telegram channels focused on hacking, actors linked to TRIPLESTRENGTH have posted advertisements for RCRU64 ransomware-as-a-service and also solicited partners to collaborate in ransomware and blackmail operations," Google Cloud disclosed.

One notable incident in May 2024 involved initial access through Remote Desktop Protocol (RDP), followed by lateral movement and antivirus evasion to execute ransomware across several systems. TRIPLESTRENGTH also regularly advertises access to compromised servers on Telegram, targeting hosting providers and cloud platforms.

To counteract such threats, Google has introduced multi-factor authentication (MFA) and improved logging for detecting sensitive billing actions.

"A single stolen credential can initiate a chain reaction, granting attackers access to applications and data, both on-premises and in the cloud," Google warned. 

"This access can be further exploited to compromise infrastructure through remote access services, manipulate MFA, and establish a trusted presence for subsequent social engineering attacks."
Read more »
TON
Blockchain Crypto Cyberattacks CyberCrime Cybersecurity CyberThreat Digital Privacy Technology Telegram TON

Telegram's TON Blockchain Embarks on US Growth Mission

 



A foundation, closely associated with Telegram, called the Open Network (TON), is pursuing ambitious expansion in the United States. A strategic move like this comes amid the expectation that Donald Trump's upcoming administration will be able to offer a more favourable regulatory environment. The TON Foundation is proud to announce a pivotal leadership transition: Manuel "Manny" Stotz, an experienced investor and blockchain advocate, has been selected as President of the organisation. 

There is a new chapter in the foundation's journey to accelerate global adoption of the blockchain, emphasising expanded operations in the United States as part of a strategic expansion plan. In a statement released by a spokesperson for the TON Foundation to Cointelegraph on January 14, a spokesperson confirmed to the Cointelegraph that the US will become one of the most important markets for TON under the Trump Administration. 

The TON Foundation has recently appointed Manuel Stotz, one of the world's leading digital asset investors, as its new president. The foundation will be able to expand its operations in the U.S. market with Stotz, the founder of Kingsway Capital Partners. Stotz stated that the U.S. would soon become a global crypto centre specialising in innovation. Steve Yun, who will remain a board member, will resign from the presidency, and he will be taking over the CEO role. 

In light of the trend that a new president in the US is expected to provide a more favourable environment for cryptocurrency, this shift reflects this expectation. It is expected that his administration will address some of the most important regulatory issues on the day of his inauguration, which is scheduled for January 20, among crypto supporters. Among the concerns is how digital assets are treated by banks, with many in the crypto sector hoping that a change will happen in the rules regarding whether they will be accounted for as liabilities. 

In addition to the issue of “de-banking,” which has impacted many crypto firms in the U.S., another issue that may be addressed is the issue of blockchain technology and its prospects. It has been Stotz's honour to serve as a board member of the TON Foundation since it was founded in Switzerland in 2023. With his new role at the TON Foundation, he will replace Steve Yun, who remains on the board. Stotz is a major investor in the digital asset industry and is the founder of Kingsway Capital Partners, an investment management firm. 

There have been over 50 projects backed by the firm, among them Animoca Brands, Blockchain.com, CoinDCX, Toncoin, Genesis Digital Assets, and others. In the TON Foundation's opinion, the changing regulatory environment in the United States offers new opportunities for blockchain technology. Notably, several industry participants are optimistic about the incoming administration's pro-crypto stance, which includes plans for creating a national Bitcoin reserve and promoting blockchain-based economic reform. 

As President-elect Trump has also indicated his desire to advance the field by appointing influential figures, such as Paul Atkins and David Sacks, to key positions in the sector, it is anticipated that these developments will lead to a surge in blockchain and artificial intelligence innovation. TON Foundation president Stotz believes that these developments may signify a turning point for the industry as a whole, and he believes that the US is an important market for accelerating blockchain adoption worldwide.

A decentralised project called TON is closely related to Telegram's TON blockchain, which was developed by the messenger and then turned into a decentralised project. The Toncoin token allows the network to provide 950 million Telegram users with services such as in-app payments and games, and with Stotz's leadership, TON plans to increase its user base and integrate blockchain-based solutions into everyday applications under Stotz's leadership. 

The main objective of the fund is to use Telegram's vast global audience to promote the widespread adoption of blockchain technologies. With the TON Foundation, which is dedicated to supporting the development of the TON blockchain, Telegram's 950 million users will have access to crypto services through Telegram's platform. In 2023, Telegram formalised the foundation in Switzerland, a year after a 2020 settlement with the SEC ended Telegram's earlier fundraising efforts. 

It was announced in December 2024 that the foundation would be expanding to Abu Dhabi following the ADGM's distributed ledger technology framework. This move is intended to provide legal backing for decentralised projects throughout the MENA and APAC regions, with a target of reaching 500 million users by 2028. In the crypto industry, the return of Trump to power could be considered a turning point in the market as a result. He has announced that cryptocurrencies will be treated differently in the United States of America than they were in the past, which could result in more blockchain projects coming into the country in the future and increased innovation in decentralised technologies. 

Despite this change in leadership at the TON Foundation, the organisation continues to adhere to its mission and values even during this transition and continues to follow through with its objectives. As a board member of the foundation, Steve Yun provides ongoing leadership and direction and Manny Stotz plays a pivotal role in helping to make it a place for growth, collaboration, and innovation in the future. TON anticipates milestones to be achieved in the US over the coming months, which will further enhance the company's reputation as one of the leading blockchain companies in the world.

Read more »
Technology
AI Promt AI tools Generative AI Technology

Common AI Promt Mistakes And How To Avoid Them

 

If you are running a business in 2025, you're probably already using generative AI in some capacity. GenAI tools and chatbots, such as ChatGPT and Google Gemini, have become indispensable in a variety of cases, ranging from content production to business planning. 

It's no surprise that more than 60% of businesses believe GenAI to be one of their top goals over the next two years. Furthermore, 87 percent of businesses are piloting or have already implemented generative AI tools in some way. 

But there is a catch. The quality of your inputs determines how well generative AI tools perform. Effective prompting can deliver you accurate AI outputs that meet your requirements, whereas ineffective prompting can take you down the wrong path. 

If you've been struggling to maximise the potential of AI technologies, it's time to rethink the cues you're employing. In this article, we'll look at the most common mistakes people make when asking AI tools questions, as well as how to avoid them. 

What are AI prompts? 

Prompts are queries or commands you give to generative AI tools such as ChatGPT or Claude. They are the inputs you utilise to communicate with AI models and instruct them on what to perform (or generate). AI models develop content based on the prompts you give them. 

The more contextual and specific the questions, the more accurate the AI responds. For example, if you're looking for strategies to increase client loyalty, you can utilise the following generative AI prompt: "What are some cost-effective strategies to improve customer loyalty for a small business?” 

Common AI prompt mistakes 

Being too vague: Neither artificial intelligence nor humans can read minds. You may have a clear image of the problem you're attempting to solve, including limits, items you've explored or done, and potential objections. But, unless you ask a very specific inquiry, neither your human friends nor your AI assistance will be able to pull those images from your thoughts. When asking for assistance, be specific and complete. 

Not being clear about the format: Would you prefer a list, a discussion, or a table? Do you want a comparison of factors or a detailed dive into the issues? The mistake happens when you ask a question but do not instruct the AI on how you want the response to be presented. This mistake isn't just about style and punctuation; it's about how the information is digested and improved for your final consumption. As with the first item on this list, be specific. Tell the AI what you're looking for and what you'll need to receive an answer. 

Not knowing when to take a step back: Sometimes AI cannot solve the problem or give the level of quality required. Fundamentally, an AI is a tool, and one tool cannot accomplish everything. Know when to hold 'em and when to fold them. Know when it's time to go back to a search engine, check forums, or create your own answers. There is a point of diminishing returns, and identifying it will save you time and frustration. 

How to write prompts successfully 

  • Use prompts that are specific, clear, and thorough. 
  • Remember that the AI is simply a program, not a magical oracle. 
  • Iterate and refine your queries by asking increasingly better questions.
  • Keep the prompt on topic. Specify details that provide context for your enquiries.
Read more »
Technology
Artificial Intelligence Cybersecurity Threats Post-Quantum Encryption Quantum computing Technology

Quantum Computing: A Rising Challenge Beyond the AI Spotlight

 

Artificial intelligence (AI) often dominates headlines, stirring fascination and fears of a machine-controlled dystopia. With daily interactions through virtual assistants, social media algorithms, and self-driving cars, AI feels familiar, thanks to decades of science fiction embedding it into popular culture. Yet, lurking beneath the AI buzz is a less familiar but potentially more disruptive force: quantum computing.

Quantum computing, unlike AI, is shrouded in scientific complexity and public obscurity. While AI benefits from widespread cultural familiarity, quantum mechanics remains an enigmatic topic, rarely explored in blockbuster movies or bestselling novels. Despite its low profile, quantum computing harbors transformative—and potentially hazardous—capabilities.

Quantum computers excel at solving problems beyond the scope of today's classical computers. For example, in 2019, Google’s quantum computer completed a computation in just over three minutes—a task that would take a classical supercomputer approximately 10,000 years. This unprecedented speed holds the promise to revolutionize fields such as healthcare, logistics, and scientific research. However, it also poses profound risks, particularly in cybersecurity.

The most immediate threat of quantum computing lies in its ability to undermine existing encryption systems. Public-key cryptography, which safeguards online transactions and personal data, relies on mathematical problems that are nearly impossible for classical computers to solve. Quantum computers, however, could crack these codes in moments, potentially exposing sensitive information worldwide.

Many experts warn of a “cryptographic apocalypse” if organizations fail to adopt quantum-resistant encryption. Governments and businesses are beginning to recognize the urgency. The World Economic Forum has called for proactive measures, emphasizing the need to prepare for the quantum era before it is too late. Despite these warnings, the public conversation remains focused on AI, leaving the risks of quantum computing underappreciated.

The race to counter the quantum threat has begun. Leading tech companies like Google and Apple are developing post-quantum encryption protocols to secure their systems. Governments are crafting strategies for transitioning to quantum-safe encryption, but timelines vary. Experts predict that quantum computers capable of breaking current encryption may emerge within 5 to 30 years. Regardless of the timeline, the shift to quantum-resistant systems will be both complex and costly.

While AI captivates the world with its promise and peril, quantum computing remains an under-discussed yet formidable security challenge. Its technical intricacy and lack of cultural presence have kept it in the shadows, but its potential to disrupt digital security demands immediate attention. As society marvels at AI-driven futures, it must not overlook the silent revolution of quantum computing—an unseen threat that could redefine our technological landscape if unaddressed.
Read more »
Technology
Blender Mixer Cyberattacks CyberCrime Cybersecurity CyberThreat Russian Crypto Technology

Three Russian Nationals Charged with Money Laundering via Crypto-Mixing Services

 


The U.S. Department of Justice (DOJ) has charged three Russian nationals with money laundering for operating two sanctioned cryptocurrency mixing services, Blender.io and Sinbad.io. A federal grand jury in Georgia indicted Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov for their alleged involvement in these operations. 

Roman Vitalyevich Ostapenko, 45, and Alexander Evgenievich Oleynik, 44, were arrested on December 1, 2024. Anton Vyachlavovich Tarasov, 32, remains at large. The DOJ alleges that the trio operated both Blender.io and Sinbad.io, with Sinbad.io considered the successor to Blender.io. Charges filed include:
  • Roman Ostapenko: Conspiracy to commit money laundering and two counts of operating an unlicensed money transmission business.
  • Alexander Oleynik and Anton Tarasov: One count each of conspiracy to commit money laundering and operating an unlicensed money transmission business.
Sinbad.io’s Role in Cybercrime 
 
In November 2023, the FBI seized Sinbad.io following its alleged use by cybercriminal groups, notably the Lazarus Group, a North Korean state-sponsored hacking organization. The U.S. Department of the Treasury identified Sinbad.io as a preferred platform for laundering stolen cryptocurrency. Authorities claim Sinbad.io was used to process significant sums of illicit funds, including portions of the $600 million stolen from Axie Infinity in March 2022 and the $100 million taken from Horizon Bridge. 
 
Blender.io became the first cryptocurrency mixer sanctioned by the U.S. Treasury in May 2022. The service was accused of aiding North Korean hackers in laundering stolen cryptocurrency. Authorities from multiple jurisdictions have since dismantled the infrastructure supporting these services. Despite assurances from Blender.io's operators that they would not retain user data or transaction logs, the service was implicated in concealing illicit transactions. Although Blender.io reportedly ceased operations in 2018, Sinbad.io began operations shortly after, continuing similar activities. 

Ongoing Investigation and Legal Proceedings 
 
The U.S. Attorney's Office for the Northern District of Georgia is leading the prosecution. Details regarding the locations of Ostapenko and Oleynik's arrests or potential extradition remain undisclosed. An arrest warrant has been issued for Tarasov, who is still at large. 
 
“These mixers were allegedly operated by the defendants to enable state-sponsored hackers and other cybercriminals to profit from crimes that threaten public safety and national security,” stated Brent Wible, Principal Deputy Assistant Attorney General in the DOJ's Criminal Division. The investigation remains ongoing as authorities work to locate Tarasov and further dismantle networks facilitating cybercrime.
Read more »
WhatsApp
AI bots Artificial Intelligence Meta Technology WhatsApp

Meta's AI Bots on WhatsApp Spark Privacy and Usability Concerns




WhatsApp, the world's most widely used messaging app, is celebrated for its simplicity, privacy, and user-friendly design. However, upcoming changes could drastically reshape the app. Meta, WhatsApp's parent company, is testing a new feature: AI bots. While some view this as a groundbreaking innovation, others question its necessity and raise concerns about privacy, clutter, and added complexity. 
 
Meta is introducing a new "AI" tab in WhatsApp, currently in beta testing for Android users. This feature will allow users to interact with AI-powered chatbots on various topics. These bots include both third-party models and Meta’s in-house virtual assistant, "Meta AI." To make room for this update, the existing "Communities" tab will merge with the "Chats" section, with the AI tab taking its place. Although Meta presents this as an upgrade, many users feel it disrupts WhatsApp's clean and straightforward design. 
 
Meta’s strategy seems focused on expanding its AI ecosystem across its platforms—Instagram, Facebook, and now WhatsApp. By introducing AI bots, Meta aims to boost user engagement and explore new revenue opportunities. However, this shift risks undermining WhatsApp’s core values of simplicity and secure communication. The addition of AI could clutter the interface and complicate user experience. 

Key Concerns Among Users 
 
1. Loss of Simplicity: WhatsApp’s minimalistic design has been central to its popularity. Adding AI features could make the app feel overloaded and detract from its primary function as a messaging platform. 
 
2. Privacy and Security Risks: Known for its end-to-end encryption, WhatsApp prioritizes user privacy. Introducing AI bots raises questions about data security and how Meta will prevent misuse of these bots. 
 
3. Unwanted Features: Many users believe AI bots are unnecessary for a messaging app. Unlike optional AI tools on platforms like ChatGPT or Google Gemini, Meta's integration feels forced.
 
4. Cluttered Interface: Replacing the "Communities" tab with the AI tab consumes valuable space, potentially disrupting how users navigate the app. 

The Bigger Picture 

Meta may eventually allow users to create custom AI bots within WhatsApp, a feature already available on Instagram. However, this could introduce significant risks. Poorly moderated bots might spread harmful or misleading content, threatening user trust and safety. 

WhatsApp users value its security and simplicity. While some might welcome AI bots, most prefer such features to remain optional and unobtrusive. Since the AI bot feature is still in testing, it’s unclear whether Meta will implement it globally. Many hope WhatsApp will stay true to its core strengths—simplicity, privacy, and reliability—rather than adopting features that could alienate its loyal user base. Will this AI integration enhance the platform or compromise its identity? Only time will tell.
Read more »
Technology
Artificial Intelligence ChatGPT CyberCrime CyberThreat Cyersecurity GitHub Shadow AI Technology

Ensuring Governance and Control Over Shadow AI

 


AI has become almost ubiquitous in software development, as a GitHub survey shows, 92 per cent of developers in the United States use artificial intelligence as part of their everyday coding. This has led many individuals to participate in what is termed “shadow AI,” which involves leveraging the technology without the knowledge or approval of their organization’s Information Technology department and/or Chief Information Security Officer (CISO). 

This has increased their productivity. In light of this, it should not come as a surprise to learn that motivated employees will seek out the technology that can maximize their value potential as well as minimize repetitive tasks that interfere with more creative, challenging endeavours. It is not uncommon for companies to be curious about new technologies, especially those that can be used to make work easier and more efficient, such as artificial intelligence (AI) and automation tools. 

Despite the increasing amount of ingenuity, some companies remain reluctant to adopt technology at their first, or even second, glances. Nevertheless, resisting change does not necessarily mean employees will stop secretly using AI in a non-technical way, especially since tools such as Microsoft Copilot, ChatGPT, and Claude make these technologies more accessible to non-technical employees.

Known as shadow AI, shadow AI is a growing phenomenon that has gained popularity across many different sectors. There is a concept known as shadow AI, which is the use of artificial intelligence tools or systems without the official approval or oversight of the organization's information technology or security department. These tools are often adopted to solve immediate problems or boost efficiency within an organization. 

If these tools are not properly governed, they can lead to data breaches, legal violations, or regulatory non-compliance, which could pose significant risks to businesses. When Shadow AI is not properly managed, it can introduce vulnerabilities into users' infrastructure that can lead to unauthorized access to sensitive data. In a world where artificial intelligence is becoming increasingly ubiquitous, organizations should take proactive measures to make sure their operations are protected. 

Shadow generative AI poses specific and substantial risks to an organization's integrity and security, and poses significant threats to both of them. A non-regulated use of artificial intelligence can lead to decisions and actions that could undermine regulatory and corporate compliance. Particularly in industries with very strict data handling protocols, such as finance and healthcare, where strict data handling protocols are essential. 

As a result of the bias inherent in the training data, generative AI models can perpetuate these biases, generate outputs that breach copyrights, or generate code that violates licensing agreements. The untested code may cause the software to become unstable or error-prone, which can increase maintenance costs and cause operational disruptions. In addition, such code may contain undetected malicious elements, which increases the risk of data breach and system downtime, as well.

It is important to recognize that the mismanagement of Artificial Intelligence interactions in customer-facing applications can result in regulatory non-compliance, reputational damage, as well as ethical concerns, particularly when the outputs adversely impact the customer experience. Consequently, organization leaders must ensure that their organizations are protected from unintended and adverse consequences when utilizing generative AI by implementing robust governance measures to mitigate these risks. 

In recent years, AI technology, including generative and conversational AI, has seen incredible growth in popularity, leading to widespread grassroots adoption of these technologies. The accessibility of consumer-facing AI tools, which require little to no technical expertise, combined with a lack of formal AI governance, has enabled employees to utilize unvetted AI solutions, The 2025 CX Trends Report highlights a 250% year-over-year increase in shadow AI usage in some industries, exposing organizations to heightened risks related to data security, compliance, and business ethics. 

There are many reasons why employees turn to shadow AI for personal or team productivity enhancement because they are dissatisfied with their existing tools, because of the ease of access, and because they want to enhance the ability to accomplish specific tasks. In the future, this gap will grow as CX Traditionalists delay the development of AI solutions due to limitations in budget, a lack of knowledge, or an inability to get internal support from their teams. 

As a result, CX Trendsetters are taking steps to address this challenge by adopting approved artificial intelligence solutions like AI agents and customer experience automation, as well as ensuring the appropriate oversight and governance are in place. Identifying AI Implementations: CISOs and security teams, must determine who will be introducing AI throughout the software development lifecycle (SDLC), assess their security expertise, and evaluate the steps taken to minimize risks associated with AI deployment. 

In training programs, it is important to raise awareness among developers of the importance and potential of AI-assisted code as well as develop their skills to address these vulnerabilities. To identify vulnerable phases of the software development life cycle, the security team needs to analyze each phase of the SDLC and identify if any are vulnerable to unauthorized uses of AI. 

Fostering a Security-First Culture: By promoting a proactive protection mindset, organizations can reduce the need for reactive fixes by emphasizing the importance of securing their systems from the onset, thereby saving time and money. In addition to encouraging developers to prioritize safety and transparency over convenience, a robust security-first culture, backed by regular training, encourages a commitment to security. 

CISOs are responsible for identifying and managing risks associated with new tools and respecting decisions made based on thorough evaluations. This approach builds trust, ensures tools are properly vetted before deployment, and safeguards the company's reputation. Incentivizing Success: There is great value in having developers who contribute to bringing AI usage into compliance with their organizations. 

For this reason, these individuals should be promoted, challenged, and given measurable benchmarks to demonstrate their security skills and practices. As organizations reward these efforts, they create a culture in which AI deployment is considered a critical, marketable skill that can be acquired and maintained. If these strategies are implemented effectively, a CISO and development teams can collaborate to manage AI risks the right way, ensuring faster, safer, and more effective software production while avoiding the pitfalls caused by shadow AI. 

As an alternative to setting up sensitive alerts to make sure that confidential data isn't accidentally leaked, it is also possible to set up tools using artificial intelligence, for example, to help detect when a model of artificial intelligence incorrectly inputs or processes personal data, financial information, or other proprietary information. 

It is possible to identify and mitigate security breaches in real-time by providing real-time alerts in real-time, and by enabling management to reduce these breaches before they escalate into a full-blown security incident, adding a layer of security protection, in this way. 

When an API strategy is executed well, it is possible to give employees the freedom to use GenAI tools productively while safeguarding the company's data, ensuring that AI usage is aligned with internal policies, and protecting the company from fraud. To increase innovation and productivity, one must strike a balance between securing control and ensuring that security is not compromised.
Read more »
web3 technology
Blockchain Technology decentralized apps Technology TikTok web3 technology

How Trust Can Drive Web3 Adoption and Growth

 




Web3 technology promises to transform the internet, making it decentralized, secure, and transparent. However, many people hesitate to adopt it due to a lack of trust in the technology. Building this trust requires clear explanations, user-friendly experiences, and a solid infrastructure.  


Social Media: A Gateway to Web3  

Platforms like TikTok have become key tools for introducing users to Web3. For example, Hamster Kombat, a cryptocurrency-based game, attracted over 300 million players using TikTok. The platform made it easy for users to learn about the game by sharing tutorials, guides, and strategies, building trust among new players.  

Similarly, SonicX, a popular tap-to-earn game, onboarded over two million users through TikTok. The team behind the game, Sonic SVM, simplified the process for users by creating automatic wallets and removing transaction fees, making it feel like a traditional app. These efforts demonstrate how social media can act as a bridge between Web2 and Web3, helping more people understand and use these technologies.  


Why Strong Infrastructure Matters  

While social media helps with onboarding, a dependable Web3 infrastructure is essential for long-term success. Powerloom, for example, offers a decentralized network of over 5,300 nodes that collect and update blockchain data in real time. This ensures that decentralized applications (dApps) and smart contracts always operate with accurate information. By eliminating outdated data risks, Powerloom strengthens user confidence in Web3 platforms.  


Blockchain and dApps: Trust-Building Tools  

At its core, blockchain technology ensures security and transparency. It uses decentralized networks and cryptography to prevent tampering with data. This builds trust, as users can rely on the integrity of the system.  

Decentralized applications (dApps) also play a vital role. Take Uniswap, for instance. Its open-source code is accessible to anyone for verification, and regular security audits ensure its reliability. Users can trade or add liquidity without needing approval, reinforcing the trustworthiness of the platform.  


Reputation Through Tokenization  

Tokenization brings another layer of trust by rewarding users with reputation tokens for positive actions. These tokens serve as a record of reliability and contributions, discouraging malicious activity. In decentralized marketplaces, they enable peer-to-peer reviews without depending on centralized authorities, making the system fairer and more transparent.  

Web3 technology has immense potential, but its adoption depends on trust. Social media, combined with secure infrastructure, transparent dApps, and reputation systems, can make this next phase of the internet more accessible and trustworthy. By focusing on these elements, Web3 can achieve its vision of a decentralized and user-driven digital world.  


Read more »
Technology
Artificial Intelligence Blockchain Developers Healthcare Marketing Technology

AI and Blockchain: Shaping the Future of Personalization and Security

 

The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user data remains secure. 

Why Personalization and Security Are Essential 

A global survey conducted in the third quarter of 2024 revealed that 64% of consumers prefer to engage with companies that offer personalized experiences. Simultaneously, 53% of respondents expressed significant concerns about data privacy. These findings highlight a critical balance: users desire tailored interactions but are equally cautious about how their data is managed. The integration of AI and blockchain offers innovative solutions to address both personalization and privacy concerns. 

AI has seamlessly integrated into daily life, with tools like ChatGPT becoming indispensable across industries. A notable advancement in AI is the adoption of Common Crawl's customized blockchain. This system securely stores vast datasets used by AI models, enhancing data transparency and security. Blockchain’s immutable nature ensures data integrity, making it ideal for managing the extensive data required to train AI systems in applications like ChatGPT. 

The combined power of AI and blockchain is already transforming sectors like marketing and healthcare, where personalization and data privacy are paramount.

  • Marketing: Tools such as AURA by AdEx allow businesses to analyze user activity on blockchain platforms like Ethereum. By studying transaction data, AURA helps companies implement personalized marketing strategies. For instance, users frequently interacting with decentralized exchanges (DEXs) or moving assets across blockchains can receive tailored marketing content aligned with their behavior.
  • Healthcare: Blockchain technology is being used to store medical records securely, enabling AI systems to develop personalized treatment plans. This approach allows healthcare professionals to offer customized recommendations for nutrition, medication, and therapies while safeguarding sensitive patient data from unauthorized access.
Enhancing Data Security 

Despite AI's transformative capabilities, data privacy has been a longstanding concern. Earlier AI tools, such as previous versions of ChatGPT, stored user data to refine models without clear consent, raising privacy issues. However, the industry is evolving with the introduction of privacy-centric tools like Sentinel and Scribe. These platforms employ advanced encryption to protect user data, ensuring that information remains secure—even from large technology companies like Google and Microsoft. 
 
The future holds immense potential for developers leveraging AI and blockchain technologies. These innovations not only enhance user experiences through personalized interactions but also address critical privacy challenges that have persisted within the tech industry. As AI and blockchain continue to evolve, industries such as marketing, healthcare, and beyond can expect more powerful tools that prioritize customization and data security. By embracing these technologies, businesses can create engaging, secure digital environments that meet users' growing demands for personalization and privacy.
Read more »
Trump
Facebook Instagram Meta Social Media Technology Trump

Meta Removes Independent Fact Checkers, Replaces With "Community Notes"


Meta to remove fact-checkers

Meta is dumping independent fact-checkers on Instagram and Facebook, similar to what X (earlier Twitter) did, replacing them with “community notes” where users’ comments decide the accuracy of a post.

On Tuesday, Mark Zuckerberg in a video said third-party moderators were "too politically biased" and it was "time to get back to our roots around free expression".

Tech executives are trying to build better relations with the new US President Donald Trump who will take oath this month, the new move is a step in that direction.  

Republican Party and Meta

The Republican party and Trump have called out Meta for its fact-checking policies, stressing it censors right-wing voices on its platform.

After the new policy was announced, Trump said in a news conference he was pleased with Meta’s decision to have  "come a long way".

Online anti-hate speech activists expressed disappointment with the shift, claiming it was motivated by a desire to align with Trump.

“Zuckerberg's announcement is a blatant attempt to cozy up to the incoming Trump administration – with harmful implications. Claiming to avoid "censorship" is a political move to avoid taking responsibility for hate and disinformation that platforms encourage and facilitate,” said Ava Lee of Global Witness. This organization sees itself as trying to bring big tech like Meta accountable.

Copying X

The present fact-checking program of Meta was introduced in 2016, it sends posts that seem false or misleading to independent fact-checking organizations to judge their credibility. 

Posts marked as misleading have labels attached to them, giving users more information, and move down in viewers’ social media feeds. This will now be replaced by community notes, starting in the US. Meta has no “immediate plans” to remove third-party fact-checkers in the EU or the UK.

The new community notes move has been copied from platform X, which was started after Elon Musk bought Twitter. 

It includes people with opposing opinions agreeing on notes that provide insight or explanation to disputed posts. 

We will allow more speech by lifting restrictions on some topics that are part of mainstream discourse and focusing our enforcement on illegal and high-severity violations. We will take a more personalized approach to political content, so that people who want to see more of it in their feeds can.

Read more »
Technology
Passkey passkey authentication Passkey Security Passwordless Passwordless Authentication Technology

Passkeys: The Future of Secure and Seamless Online Authentication

 


Passwords have been a cornerstone of digital security for decades, but managing them has grown increasingly complex. Even with the help of password managers, users face the challenge of creating and remembering countless unique, complex passwords. The days of reusing simple combinations like "p455w0rd123" are long gone, as cyber threats continue to evolve. In response, the tech industry is embracing a more secure and user-friendly solution: passkeys.

What Are Passkeys?

Passkeys are a modern, passwordless authentication method designed to simplify and strengthen online security. Introduced by Apple in 2022 and widely supported by tech giants like Google, Microsoft, and the FIDO Alliance, passkeys leverage cryptographic technology for secure logins. They function using a pair of cryptographic keys:
  • Public Key: Stored with the website or app you're logging into.
  • Private Key: Securely stored on your device and never shared with external services.

This system allows users to authenticate using biometric data—such as facial recognition, fingerprints— or a PIN, eliminating the need for traditional passwords and providing a more seamless, secure login experience.

How Passkeys Improve Security and Convenience

Passkeys offer numerous advantages over traditional password-based systems:
  • Enhanced Security: Since the private key never leaves your device and biometric data is not shared with apps or websites, the risk of data breaches and credential theft is drastically reduced.
  • Phishing Protection: Passkeys are immune to phishing attacks because the authentication process doesn’t involve typing anything that could be intercepted.
  • Cross-Device Accessibility: Users can authenticate on new devices without manually syncing credentials. For example, logging into a Google account on a laptop is possible if a smartphone with the passkey is nearby, thanks to Bluetooth-based proximity authentication. A new passkey can also be generated directly on the new device without transferring the original key.
  • No Need for Password Syncing: Passkeys eliminate the hassle of syncing passwords across devices, offering a unified and straightforward login process.

System Requirements for Passkey Usage

To start using passkeys, devices and software must meet certain requirements:
  • Operating Systems: Windows 10 or later, macOS Ventura or later, and ChromeOS 109 or newer.
  • Mobile Devices: iOS 16+, iPadOS 16+, or Android 9+.
  • Supported Browsers: Google Chrome 109+, Safari 16+, or Microsoft Edge 109+.
Passkeys are now widely supported across desktop and mobile platforms, with adoption rates averaging around 85%, reflecting strong industry momentum toward passwordless security.

Expanding Adoption of Passkeys

Many prominent websites and applications have integrated passkey support, marking a shift toward mainstream adoption. Notable platforms include:
  • Google: Offers passkey login options across its services.
  • PayPal: Allows secure, password-free payments using passkeys.
  • TikTok and eBay: Support passkey authentication for improved account security.
  • Microsoft: Launched passkey support for consumer accounts on World Password Day 2024, with plans to expand across mobile applications.
For a comprehensive list of passkey-compatible services, users can visit passkeys.io.

A New Era of Digital Security

The shift from traditional passwords to passkeys marks a significant advancement in cybersecurity. By combining ease of use with robust protection, passkeys promise a future where users no longer need to juggle complex passwords. Instead, they can enjoy a safer, faster, and more intuitive way to access their digital lives.

As technology continues to evolve, passkeys stand out as a critical innovation that could redefine how we secure our online identities—offering both peace of mind and convenience in an increasingly digital world.
Read more »
Technology
EU’s Digital Market Act News Social Media Technology

The Digital Markets Act (DMA): A Game Changer for Tech Companies


The Digital Markets Act (DMA) is poised to reshape the European digital landscape. This pioneering legislation by the European Union seeks to curb the dominance of tech giants, foster competition, and create a fairer digital marketplace for consumers and businesses alike. By enforcing strict regulations on major players like Google, Apple, and Meta, the DMA aims to dismantle monopolistic practices and ensure greater choice and transparency.

The DMA targets the "gatekeepers" of the digital economy—large companies that control access to critical digital services. By requiring these firms to unbundle tightly integrated ecosystems, the act provides smaller players an opportunity to thrive.

For instance, companies will no longer be able to self-preference their own products in search rankings or restrict users from installing third-party apps. These changes promise to unlock innovation and drive competition across the digital ecosystem.

Google’s longstanding practice of integrating services such as Maps, Calendar, and Docs with its search engine has faced criticism for sidelining competitors. Under the DMA, Google must separate these services, starting with Maps.

While these integrations have offered users convenience, they have limited market access for alternatives like HERE WeGo and OpenStreetMap. The new regulations could disrupt Google’s user experience but pave the way for smaller mapping solutions to gain traction.

Apple faces significant challenges under the DMA. The legislation mandates opening its App Store to competing platforms, potentially allowing alternative app marketplaces to operate on iOS devices. This could disrupt Apple’s revenue streams and force the company to rethink its tightly controlled ecosystem.

Apple’s adherence to the DMA will redefine its approach to user experience while creating opportunities for developers to access a broader audience.

For consumers, the DMA promises long-term benefits by increasing choice and reducing dependency on dominant players. Initially, the transition may seem inconvenient, but the diversity it fosters will lead to a more innovative digital economy.

The DMA’s implications extend beyond Europe. It sets a precedent for how governments worldwide might regulate tech giants. Countries like the United States and India are closely watching its impact, potentially adopting similar frameworks to tackle monopolistic practices.

The Digital Markets Act is more than just a European regulation — it’s a bold step towards a competitive and equitable digital future. By leveling the playing field, it challenges global tech giants to innovate responsibly while empowering smaller businesses and consumers alike.
Read more »
UPI
Banking Digital Arrest Jumped Deposit Scam SBI Scam Technology UPI

Banking Fraud: Jumped Deposit Scam Targets UPI Users


Users of the unified payments interface (UPI) are the victims of a recent cyber fraud known as the "jumped deposit scam." First, scammers persuade victims by making a modest, unsolicited deposit into their bank accounts. 

How does it operate? 

A scammer uses UPI to transfer a tiny sum to the victim's bank account. After that, they ask for a larger withdrawal right away. The victim might quickly verify their bank account amount due to this sudden deposit. The victim must input their personal identification number (PIN) to access their bank details, and the stolen withdrawal is authorized. The difference money is stolen by fraudsters.

The Hindu reports, “Scammers exploit the recipient’s curiosity over an unsolicited deposit to access their funds.”

The public was previously warned by the Tamil Nadu Cyber Crime Police to exercise caution when dealing with such unforeseen deposits. It noted that the latest scam was the subject of numerous complaints to the National Cyber Crime Reporting Portal.

What to do?

There are two methods UPI customers can use to guard against jumped deposit scams. 

Since withdrawal requests expire after a certain amount of time, wait 15 to 30 minutes after noticing an unexpected transaction in your bank account before checking your balance. Try carefully entering an incorrect PIN number to reject the prior transaction if you don't have time to wait a few minutes. 

Additionally, to confirm the legitimacy, notify your bank if you discover an unexpected or sudden credit in your account. Scam victims need to file a complaint with the cybercrime portal or the closest police station.

Banking attacks on the rise

The State Bank of India recently highlighted several cybercrimes, including digital arrests and fake customs claims, in light of the rise in cybercrimes. To safeguard themselves, the bank advised its clients to report shady calls and confirm any unexpected financial requests. 

It explained scams like "digital arrests," where scammers pretend to be law enforcement officers and threaten to question you about fictitious criminal conduct. For easy chores, some scammers may offer large quantities of money as payment. After that, they might request a security deposit.
Read more »
Technology
Blockchain Economy Finance Innovation Jordan Technology

Jordan Approves Blockchain Technology to Boost Innovation


As part of its initiatives to enhance public services and modernize government processes, Jordan has approved the 2025 Blockchain Technology Policy. The Jordanian Council of Ministers unveiled a new policy to improve service delivery to citizens, cut expenses, and streamline administrative procedures. 

This strategy is an integral part of Jordan's broader goal for digital transformation and economic modernization, which also involves promoting startup growth and developing skills linked to blockchain. 

About Jordan’s blockchain technology policy

The 2025 Blockchain Technology Policy aims to revolutionize public administration by integrating blockchain technology into government operations. According to officials, the objective is to decrease delays in governmental workflows, automate procedures, and validate transactions instantly.

The policy places a high priority on preserving citizens' data. The government intends to employ blockchain's secure infrastructure to protect data privacy and boost public trust in governmental organizations.

Key features

The policy is going to assist startups using blockchain technology. This involves developing chances for businesses and providing workers with the skills required to succeed in blockchain-related industries.

Jordan intends to make government transactions more efficient and accessible to citizens and businesses by leveraging blockchain's capacity to record and verify data instantaneously.

In addition, the blockchain's distributed architecture will generate records that cannot be changed, assuring improved accuracy in government reporting and decreasing errors.

Authorities think it will result in improved oversight of government services.

Impact on economy and infrastructure

Jordan has recently expressed an increased interest in blockchain and Bitcoin. In 2022, Jordan saw an increase in crypto activity as citizens sought solutions to unemployment and other concerns, showing blockchain's ability to address economic issues.

Jordan's blockchain program is part of a broader regional trend of using emerging technologies to enhance government operations.

Syria, for example, revealed plans to regulate Bitcoin [BTC] and automate its currency to stabilize its financial sector and draw foreign investment. In the UAE, Dubai has permitted the expansion of blockchain-based payment systems, while Abu Dhabi has established a legal framework for decentralized solutions.

These initiatives indicate a growing interest in blockchain as a solution to economic and administrative difficulties in the Middle East.

Read more »
Technology
Bitcoin Blockchain Cyberattacks Cyberhackers Cybersecurity CyberThreat Quantum Resistance Solana Technology

Solana Pioneers Quantum Resistance in Blockchain Technology

 


There is no denying that Solana, one of the fastest-growing blockchain networks, has introduced a groundbreaking security feature called the Winternitz Vault. This feature will protect digital assets from quantum computing threats while maintaining the platform's high performance. Solana intends to address the challenges posed by quantum computing proactively to safeguard its users' funds and ensure the longevity of its blockchain infrastructure. 

With the help of a decades-old cryptographic technique, Solana has developed a quantum-resistant vault that uses this technique to protect users' funds from quantum computer attacks. As part of the solution, known as the Solana Winternitz Vault, new keys are generated for every transaction as part of a hash-based signature system. 

The company introduced a system called the "Solana Winternitz Vault" that protects user funds from quantum threats. The vault utilises a hash-based signature system that generates new keys for every transaction, making it highly secure. The chief scientist at Zeus Network, Dean Little, who is also a cryptography researcher, elaborated in a GitHub post that this approach complicates quantum computing and makes it harder for quantum computers to orchestrate coordinated attacks on public keys that are exposed during transactions, diminishing their ability to execute coordinated attacks. Since the vault exists in the current version as an optional feature, rather than as part of the network security upgrade, no fork is in sight. 

As a result, users will need to actively store their funds in Winternitz Vaults instead of regular Solana Wallets if they wish to ensure that their funds remain quantum-proof. Even though the quantum-resistant vault is an optional feature rather than a system-wide requirement, it is important to note that it is still an optional feature. For this enhanced security to be realised, users need to choose to store their funds in the Winternitz Vault rather than the standard Solana wallet. 

The vault's operation includes creating a split-and-refund account system to ensure secure fund transfers while protecting residual balances. The Winternitz Vault, a quantum-resistant solution developed by Solana developers, has been implemented to counter this risk and is based on a cryptographic technique dating back decades. 

As a result of the vault's hash-based signature system, which generates new keys with each transaction, quantum computers are less likely to be able to crack the cryptographic keys because the vault employs a hash-based signature system. Using the Winternitz One-Time Signatures protocol, this vault creates 32 private key scalars that are hashed 256 times. It does not store the entire public key but only its hash for verification purposes. 

It is important to note that every time a transaction is carried out, the vault creates a new set of keys, so no hacker can predict or steal a key before it is used. Solana's Winternitz Vault sets a new benchmark for blockchain security in the face of quantum computing, allowing users to take advantage of the optional tools necessary to protect their digital assets against future threats. 

By implementing this forward-looking strategy, Solana reinforces its commitment to innovation and security that it has always displayed, placing it as a market leader in the blockchain space as quantum computing continues to develop, providing blockchain networks like Solana the flexibility to adapt to new challenges as they arise. It is Solana's goal to stay abreast of such advancements, ensuring its users can be assured that their digital assets can be safeguarded with confidence, regardless of future technological advances. 

Nonetheless, Cornell University researchers have found that breaking an elliptic curve cryptographic key with 160 bits would require approximately 1,000 qubits, which is far more than is currently available. The blockchain industry is still pushing forward despite this. In its beta stage, QAN, for example, claimed it had achieved "quantum hardness," and other protocols have quietly improved their cryptographic foundations. 

In recent years, quantum computing power has been predicted to grow exponentially – a phenomenon known as Neven's Law – and some experts believe that this will happen in the future. This forecast has driven more blockchain developers to implement quantum-resistant solutions, even though full-scale quantum computers are still years or decades away from seriously threatening the current cryptographic standards for coins, tokens, and other applications. Considering quantum resistance as an extra feature for many crypto projects may seem overkill, but Web3 developers are known for always being two steps ahead of the game.

Read more »
Subscribe to: Posts (Atom)