As technology advances, the volume of data being generated daily has reached unprecedented levels. In 2024 alone, people are expected to create over 147 zettabytes of data. This rapid growth presents major challenges for businesses in terms of processing, transferring, and safeguarding vast amounts of information efficiently.

Traditional data processing occurs in centralized locations like data centers, but as the demand for real-time insights increases, edge computing is emerging as a game-changer. By handling data closer to its source — such as factories or remote locations, edge computing minimizes delays, enhances efficiency, and enables faster decision-making. However, its widespread adoption also introduces new security risks that organizations must address.

Why Edge Computing Matters

Edge computing reduces the reliance on centralized data centers by allowing devices to process data locally. This approach improves operational speed, reduces network congestion, and enhances overall efficiency. In industries like manufacturing, logistics, and healthcare, edge computing enables real-time monitoring and automation, helping businesses streamline processes and respond to changes instantly.

For example, a UK port leveraging a private 5G network has successfully integrated IoT sensors, AI-driven logistics, and autonomous vehicles to enhance operational efficiency. These advancements allow for better tracking of assets, improved environmental monitoring, and seamless automation of critical tasks, positioning the port as an industry leader.

The Role of 5G in Strengthening Security

While edge computing offers numerous advantages, its effectiveness relies on a robust network. This is where 5G comes into play. The high-speed, low-latency connectivity provided by 5G enables real-time data processing, improvises security features, and supports large-scale deployments of IoT devices.

However, the expansion of connected devices also increases vulnerability to cyber threats. Securing these devices requires a multi-layered approach, including:

1. Strong authentication methods to verify users and devices

2. Data encryption to protect information during transmission and storage

3. Regular software updates to address emerging security threats

4. Network segmentation to limit access and contain potential breaches

Integrating these measures into a 5G-powered edge network ensures that businesses not only benefit from increased speed and efficiency but also maintain a secure digital environment.

Preparing for 5G and Edge Integration

To fully leverage edge computing and 5G, businesses must take proactive steps to modernize their infrastructure. This includes:

1. Upgrading Existing Technology: Implementing the latest networking solutions, such as software-defined WANs (SD-WANs), enhances agility and efficiency.

2. Strengthening Security Policies: Establishing strict cybersecurity protocols and continuous monitoring systems can help detect and prevent threats.

3. Adopting Smarter Tech Solutions: Businesses should invest in advanced IoT solutions, AI-driven analytics, and smart automation to maximize the benefits of edge computing.

4. Anticipating Future Innovations: Staying ahead of technological advancements helps businesses adapt quickly and maintain a competitive edge.

5. Embracing Disruptive Technologies: Organizations that adopt augmented reality, virtual reality, and other emerging tech can create innovative solutions that redefine industry standards.

The transition to 5G-powered edge computing is not just about efficiency — it’s about security and sustainability. Businesses that invest in modernizing their infrastructure and implementing robust security measures will not only optimize their operations but also ensure long-term success in an increasingly digital world.

The Ministry of Finance, under Nirmala Sitharaman’s leadership, has issued a directive prohibiting employees from using artificial intelligence (AI) tools such as ChatGPT and DeepSeek for official work. The decision comes over concerns about data security as these AI-powered platforms process and store information externally, potentially putting confidential government data at risk.  

Why Has the Finance Ministry Banned AI Tools?  

AI chatbots and virtual assistants have gained popularity for their ability to generate text, answer questions, and assist with tasks. However, since these tools rely on cloud-based processing, there is a risk that sensitive government information could be exposed or accessed by unauthorized parties.  

The ministry’s concern is that official documents, financial records, and policy decisions could unintentionally be shared with external AI systems, making them vulnerable to cyber threats or misuse. By restricting their use, the government aims to safeguard national data and prevent potential security breaches.  

Public Reactions and Social Media Buzz

The announcement quickly sparked discussions online, with many users sharing humorous takes on the decision. Some questioned how government employees would manage their workload without AI assistance, while others speculated whether Indian AI tools like Ola Krutrim might be an approved alternative.  

A few of the popular reactions included:  

1. "How will they complete work on time now?" 

2. "So, only Ola Krutrim is allowed?"  

3. "The Finance Ministry is switching back to traditional methods."  

4. "India should develop its own AI instead of relying on foreign tools."  

India’s Position in the Global AI Race

With AI development accelerating worldwide, several countries are striving to build their own advanced models. China’s DeepSeek has emerged as a major competitor to OpenAI’s ChatGPT and Google’s Gemini, increasing the competition in the field.  

The U.S. has imposed trade restrictions on Chinese AI technology, leading to growing tensions in the tech industry. Meanwhile, India has yet to launch an AI model capable of competing globally, but the government’s interest in regulating AI suggests that future developments could be on the horizon.  

While the Finance Ministry’s move prioritizes data security, it also raises questions about efficiency. AI tools help streamline work processes, and their restriction could lead to slower operations in certain departments.  

Experts suggest that India should focus on developing AI models that are secure and optimized for government use, ensuring that innovation continues without compromising confidential information.  

For now, the Finance Ministry’s stance reinforces the need for careful regulation of AI technologies, ensuring that security remains a top priority in government operations.

The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according to Abnormal Security. The attacks aim to get access to corporate mail accounts for sending emails to more victims inside a company or launch money motivated campaigns such as business e-mail compromise (BEC), where the money is directly sent to the attackers’ accounts. 

Fake Microsoft ADFS login pages 

ADFS from Microsoft is a verification mechanism that enables users to log in once and access multiple apps/services, saving the troubles of entering credentials repeatedly. 

ADFS is generally used by large businesses, as it offers single sign-on (SSO) for internal and cloud-based apps. 

The threat actors send emails to victims spoofing their company's IT team, asking them to sign in to update their security configurations or accept latest policies. 

How victims are trapped

When victims click on the embedded button, it takes them to a phishing site that looks same as their company's authentic ADFS sign-in page. After this, the fake page asks the victim to put their username, password, and other MFA code and baits then into allowing the push notifications.

The phishing page asks the victim to enter their username, password, and the MFA code or tricks them into approving the push notification.

What do the experts say

The security report by Abnormal suggests, "The phishing templates also include forms designed to capture the specific second factor required to authenticate the targets account, based on the organization's configured MFA settings.” Additionally, "Abnormal observed templates targeting multiple commonly used MFA mechanisms, including Microsoft Authenticator, Duo Security, and SMS verification."

After the victim gives all the info, they are sent to the real sign-in page to avoid suspicious and make it look like an authentic process. 

However, the threat actors immediately jump to loot the stolen info to sign into the victim's account, steal important data, make new email filter rules, and try lateral phishing. 

According to Abnormal, the threat actors used Private Internet Access VPN to hide their location and allocate an IP address with greater proximity to the organization.  

Checking email language

Earlier, it was easier to spot irregularities in an e-mail, all it took was one glance. As Gen AI models use flawless grammar,  it is almost impossible to find errors in your mail copy, 

Analyze the Language of the Email Carefully

In the past, one quick skim was enough to recognize something is off with an email, typically the incorrect grammar and laughable typos being the giveaways. Since scammers now use generative AI language models, most phishing messages have flawless grammar.

But there is hope. It is easier to identify Gen AI text, and keep an eye out for an unnatural flow of sentences, if everything seems to be too perfect, chances are it’s AI.

Red flags are everywhere, even mails

Though AI has made it difficult for users to find phishing scams, they show some classic behavior. The same tips apply to detect phishing emails.

In most cases, scammers mimic businesses and wish you won’t notice. For instance, instead of an official “info@members.hotstar.com” email ID, you may notice something like “info@members.hotstar-support.com.” You may also get unrequested links or attachments, which are a huge tell. URLs (mismatched) having subtle typos or extra words/letters are comparatively difficult to notice but a huge ti-off that you are on a malicious website or interacting with a fake business.

Beware of Deepfake video scams

The biggest issue these days is combating deepfakes, which are also difficult to spot. 

The attacker makes realistic video clips using photo and video prompts and uses video calling like Zoom or FaceTime to trap potential victims (especially elders and senior citizens) to give away sensitive data. 

One may think that only old people may fall for deepfakes, but due to their sophistication, even experts fall prey to them. One famous incident happened in Hong Kong, where scammers deepfake a company CFO and looted HK$200 million (roughly $25 million).

AI is advancing, and becoming stronger every day. It is a double-edged sword, both a blessing and a curse. One should tread the ethical lines carefully and hope they don’t fall to the dark side of AI.

Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear that the chatbot’s data practices could pose security risks, leading to its removal from Italian app stores.  

Why Did Italy Ban DeepSeek?  

The main reason behind the ban is DeepSeek’s lack of transparency regarding its data collection policies. Italian regulators reached out to the company with concerns over whether it was handling user information in a way that aligns with European privacy laws. However, DeepSeek’s response was deemed “totally insufficient,” raising even more doubts about its operations.  

Garante stated that DeepSeek denied having a presence in Italy and claimed that European regulations did not apply to it. Despite this, authorities believe that the company’s AI assistant has been accessible to Italian users, making it subject to the region’s data protection rules. To address these concerns, Italy has launched an official investigation into DeepSeek’s activities.  

Growing Concerns Over AI and Data Security  

DeepSeek is an advanced AI chatbot developed by a Chinese startup, positioned as a competitor to OpenAI’s ChatGPT and Google’s Gemini. With over 10 million downloads worldwide, it is considered a strong contender in the AI market. However, its expansion into Western countries has sparked concerns about how user data might be used.  

Italy is not the only country scrutinizing DeepSeek’s data practices. Authorities in France, South Korea, and Ireland have also launched investigations, highlighting global concerns about AI-driven data collection. Many governments fear that personal data gathered by AI chatbots could be misused for surveillance or other security threats.  

This is not the first time Italy has taken action against an AI company. In 2023, Garante temporarily blocked OpenAI’s ChatGPT over privacy issues. OpenAI was later fined €15 million after being accused of using personal data to train its AI without proper consent.  

Impact on the AI and Tech Industry

The crackdown on DeepSeek comes at a time when AI technology is shaping global markets. Just this week, concerns over China’s growing influence in AI led to a significant drop in the U.S. stock market. The NASDAQ 100 index lost $1 trillion in value, with AI chipmaker Nvidia alone suffering a $600 million loss.  

While DeepSeek has been removed from Italian app stores, users who downloaded it before the ban can still access the chatbot. Additionally, its web-based version remains functional, raising questions about how regulators will enforce the restriction effectively.  

As AI continues to make new advancements, countries are becoming more cautious about companies that fail to meet privacy and security standards. With multiple nations now investigating DeepSeek, its future in Western markets remains uncertain.

Scareware aka Tech Support Scam

One infamous example is the “tech support scam,” where a fake warning tells the user their device is infected with malware and they need to reach out to contact support number (fake) or install fake anti-malware software to restore the system and clean up things. Over the years, users have noticed a few Microsoft IT support fraud pop-ups.

Realizing the threat, Microsoft is combating the issue with its new Scareware Blockers feature in Edge, which was first rolled out in November last year at the Ignite conference.

Defender SmartScreen, a feature that saves Edge users from scams, starts after a malicious site is caught and added to its index of abusive web pages to protect users globally.

AI-powered Edge scareware blocker

The new AI-powered Edge scareware blocker by Microsoft “offers extra protection by detecting signs of scareware scams in real-time using a local machine learning model,” says Bleeping Computer.

Talking about Scareware, Microsoft says, “The blocker adds a new, first line of defense to help protect the users exposed to a new scam if it attempts to open a full-screen page.” “Scareware blocker uses a machine learning model that runs on the local computer,” it further adds.

Once the blocker catches a scam page, it informs users and allows them to continue using the webpage if they trust the website. 

Activating Scareware Blocker

Before activating the blocker, the user needs to install the Microsoft Edge beta version. The version installs along with the main release variant of Edge, easing the user’s headache of co-mingling the versions. If the user is on a managed system, they should make sure previews are enabled admin. 

"After making sure you have the latest updates, you should see the scareware blocker preview listed under "Privacy Search and Services,'" Microsoft says. Talking about reporting the scam site from users’ end for the blocker to work, Microsoft says it helps them “make the feature more reliable to catch the real scams. 

Beyond just blocking individual scam outbreaks” their Digital Crimes Unit “goes even further to target the cybercrime supply chain directly.”

January 27 marked a pivotal day for the artificial intelligence (AI) industry, with two major developments reshaping its future. First, Nvidia, the global leader in AI chips, suffered a historic loss of $589 billion in market value in a single day—the largest one-day loss ever recorded by a company. Second, DeepSeek, a Chinese AI developer, surged to the top of Apple’s App Store, surpassing ChatGPT. What makes DeepSeek’s success remarkable is not just its rapid rise but its ability to achieve high-performance AI with significantly fewer resources, challenging the industry’s reliance on expensive infrastructure.

DeepSeek’s Innovative Approach to AI Development

Unlike many AI companies that rely on costly, high-performance chips from Nvidia, DeepSeek has developed a powerful AI model using far fewer resources. This unexpected efficiency disrupts the long-held belief that AI breakthroughs require billions of dollars in investment and vast computing power. While companies like OpenAI and Anthropic have focused on expensive computing infrastructure, DeepSeek has proven that AI models can be both cost-effective and highly capable.

DeepSeek’s AI models perform at a level comparable to some of the most advanced Western systems, yet they require significantly less computational power. This approach could democratize AI development, enabling smaller companies, universities, and independent researchers to innovate without needing massive financial backing. If widely adopted, it could reduce the dominance of a few tech giants and foster a more inclusive AI ecosystem.

Implications for the AI Industry

DeepSeek’s success could prompt a strategic shift in the AI industry. Some companies may emulate its focus on efficiency, while others may continue investing in resource-intensive models. Additionally, DeepSeek’s open-source nature adds an intriguing dimension to its impact. Unlike OpenAI, which keeps its models proprietary, DeepSeek allows its AI to be downloaded and modified by researchers and developers worldwide. This openness could accelerate AI advancements but also raises concerns about potential misuse, as open-source AI can be repurposed for unethical applications.

Another significant benefit of DeepSeek’s approach is its potential to reduce the environmental impact of AI development. Training AI models typically consumes vast amounts of energy, often through large data centers. DeepSeek’s efficiency makes AI development more sustainable by lowering energy consumption and resource usage.

However, DeepSeek’s rise also brings challenges. As a Chinese company, it faces scrutiny over data privacy, security, and censorship. Like other AI developers, DeepSeek must navigate issues related to copyright and the ethical use of data. While its approach is innovative, it still grapples with industry-wide challenges that have plagued AI development in the past.

A More Competitive AI Landscape

DeepSeek’s emergence signals the start of a new era in the AI industry. Rather than a few dominant players controlling AI development, we could see a more competitive market with diverse solutions tailored to specific needs. This shift could benefit consumers and businesses alike, as increased competition often leads to better technology at lower prices.

However, it remains unclear whether other AI companies will adopt DeepSeek’s model or continue relying on resource-intensive strategies. Regardless, DeepSeek has already challenged conventional thinking about AI development, proving that innovation isn’t always about spending more—it’s about working smarter.

DeepSeek’s rapid rise and innovative approach have disrupted the AI industry, challenging the status quo and opening new possibilities for AI development. By demonstrating that high-performance AI can be achieved with fewer resources, DeepSeek has paved the way for a more inclusive and sustainable future. As the industry evolves, its impact will likely inspire further innovation, fostering a competitive landscape that benefits everyone.

In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a distant dream but a rapidly emerging reality, thanks to the revolutionary impact of artificial intelligence (AI). Personalized learning, once a buzzword, has become a game-changer, with AI at the forefront of this transformation. In this blog, we’ll explore how AI is driving the personalized learning revolution, its benefits and challenges, and what the future holds for this exciting frontier in education.

Personalized learning is an educational approach that tailors teaching and learning experiences to meet the unique needs, strengths, and interests of each student. Unlike traditional one-size-fits-all methods, personalized learning aims to provide a customized educational experience that accommodates diverse learning styles, paces, and preferences. The goal is to enhance student engagement and achievement by addressing individual characteristics such as academic abilities, prior knowledge, and personal interests.

The Role of AI in Personalized Learning

AI is playing a pivotal role in making personalized learning a reality. Here’s how:

• Adaptive Learning Platforms: These platforms use AI to dynamically adjust educational content based on a student’s performance, learning style, and pace. By analyzing how students interact with the material, adaptive systems can modify task difficulty and provide tailored resources to meet individual needs. This ensures a personalized learning experience that evolves as students progress.
• Analyzing Student Performance and Behavior: AI-driven analytics processes vast amounts of data on student behavior, performance, and engagement to identify patterns and trends. These insights help educators pinpoint areas where students excel or struggle, enabling timely interventions and support.

Benefits of AI-Driven Personalized Learning

The integration of AI into personalized learning offers numerous advantages:

1. Enhanced Student Engagement: AI-powered personalized learning makes education more relevant and engaging by adapting content to individual interests and needs. This approach fosters a deeper connection to the subject matter and keeps students motivated.
2. Improved Learning Outcomes: Studies have shown that personalized learning tools lead to higher test scores and better grades. By addressing individual academic gaps, AI ensures that students master concepts more effectively.
3. Efficient Use of Resources: AI streamlines lesson planning and focuses on areas where students need the most support. By automating repetitive tasks and providing actionable insights, AI helps educators manage their time and resources more effectively.

Challenges and Considerations

While AI-driven personalized learning holds immense potential, it also presents several challenges:

1. Data Privacy and Security: Protecting student data is a critical concern. Schools and technology providers must implement robust security measures and transparent data policies to safeguard sensitive information.
2. Equity and Access: Ensuring equal access to AI-powered tools is essential to prevent widening educational disparities. Efforts must be made to provide all students with the necessary devices and internet connectivity.
3. Teacher Training and Integration: Educators need comprehensive training to effectively use AI tools in the classroom. Ongoing support and resources are crucial to help teachers integrate these technologies into their lesson plans.

AI is revolutionizing education by enabling personalized learning experiences that cater to each student’s unique needs and pace. By enhancing engagement, improving outcomes, and optimizing resource use, AI is shaping the future of education. However, as we embrace these advancements, it is essential to address challenges such as data privacy, equitable access, and teacher training. With the right approach, AI-powered personalized learning has the potential to transform education and unlock new opportunities for students worldwide.

The financial sector is facing a sharp increase in cyber threats, with investment firms, such as asset managers, hedge funds, and private equity firms, becoming prime targets for ransomware, AI-driven attacks, and data breaches. These firms rely heavily on uninterrupted access to trading platforms and sensitive financial data, making cyber resilience essential to prevent operational disruptions and reputational damage. A successful cyberattack can lead to severe financial losses and a decline in investor confidence, underscoring the importance of robust cybersecurity measures.

As regulatory requirements tighten, investment firms must stay ahead of evolving cyber risks. In the UK, the upcoming Cyber Resilience and Security Bill, set to be introduced in 2025, will impose stricter cybersecurity obligations on financial institutions. Additionally, while the European Union’s Digital Operational Resilience Act (DORA) is not directly applicable to UK firms, it will impact those operating within the EU market. Financial regulators, including the Bank of England, the Financial Conduct Authority (FCA), and the Prudential Regulation Authority, are emphasizing cyber resilience as a critical component of financial stability.

The Growing Complexity of Cyber Threats

The rise of artificial intelligence has further complicated the cybersecurity landscape. AI-powered tools are making cyberattacks more sophisticated and difficult to detect. For instance, voice cloning technology allows attackers to impersonate executives or colleagues, deceiving employees into granting unauthorized access or transferring large sums of money. Similarly, generative AI tools are being leveraged to craft highly convincing phishing emails that lack traditional red flags like poor grammar and spelling errors, making them far more effective.

As AI-driven cyber threats grow, investment firms must integrate AI-powered security solutions to defend against these evolving attack methods. However, many investment firms face challenges in building and maintaining effective cybersecurity frameworks on their own. This is where partnering with managed security services providers (MSSPs) can offer a strategic advantage. Companies like Linedata provide specialized cybersecurity solutions tailored for financial services firms, including AI-driven threat detection, 24/7 security monitoring, incident response planning, and employee training.

Why Investment Firms Are Prime Targets

Investment firms are increasingly attractive targets for cybercriminals due to their high-value transactions and relatively weaker security compared to major banks. Large financial institutions have heavily invested in cyber resilience, making it harder for hackers to breach their systems. As a result, attackers are shifting their focus to investment firms, which may not have the same level of cybersecurity investment. Without robust security measures, these firms face increased risks of operational paralysis and significant financial losses.

To address these challenges, investment firms must prioritize:

1. Strengthening Cyber Defenses: Implementing advanced security measures, such as multi-factor authentication (MFA), encryption, and endpoint protection.
2. Rapid Incident Response: Developing and regularly testing incident response plans to ensure quick recovery from cyberattacks.
3. Business Continuity Planning: Ensuring continuity of operations during and after a cyber incident to minimize disruptions.

By adopting these proactive strategies, investment firms can enhance their cyber resilience and protect their financial assets, sensitive client data, and investor confidence.

As cyber risks continue to escalate, investment firms must take decisive action to reinforce their cybersecurity posture. By investing in robust cyber resilience strategies, adopting AI-driven security measures, and partnering with industry experts, firms can safeguard their operations and maintain trust in an increasingly digital financial landscape. The combination of regulatory compliance, advanced technology, and strategic partnerships will be key to navigating the complex and ever-evolving world of cyber threats.

Cryptojacking, the unauthorized exploitation of an organization’s computing resources to mine cryptocurrency, has emerged as a significant yet often overlooked cybersecurity threat. Unlike ransomware, which overtly disrupts operations, cryptojacking operates covertly, leading to substantial financial and operational impacts. In 2023, cryptojacking attacks surged by 659%, totaling 1.1 billion incidents, according to SonicWall’s 2024 Cyber Threat Report.

This dramatic increase underscores the growing appeal of cryptojacking among cybercriminals. The financial implications for businesses are severe. Research indicates that for every dollar’s worth of cryptocurrency mined illicitly, companies incur approximately USD 53 in cloud service costs. This disparity highlights the hidden expenses organizations face when their systems are compromised for unauthorized mining activities.

How Cryptojacking Works and Its Impact

Attackers employ various methods to infiltrate systems, including:

• Drive-by Downloads: Compromised websites automatically download mining scripts onto visitors’ devices.
• Phishing Emails: Trick users into installing malware that enables cryptojacking.
• Exploiting Vulnerabilities: Targeting unpatched software to gain unauthorized access.

The rise of containerized environments has also provided new avenues for attackers. For example, cybercriminals can embed mining scripts within public repository images or target exposed Docker APIs to deploy cryptojacking malware.

Beyond financial losses, cryptojacking degrades system performance by overutilizing CPU and GPU resources. This leads to slower operations, reduced productivity, and increased energy consumption. Over time, the strain on hardware can cause overheating and potential equipment failure. Additionally, compromised systems are more vulnerable to further security breaches, as attackers can leverage their access to escalate attacks.

Combating Cryptojacking: Proactive Measures

To defend against cryptojacking, organizations must implement proactive security measures. Key strategies include:

1. Endpoint Protection Tools: Deploy solutions that monitor for unusual resource usage, such as sudden spikes in CPU or GPU activity, which may indicate cryptojacking.
2. Network Traffic Analysis: Analyze network traffic for connections to known cryptocurrency mining pools, which are often used by attackers to process mined coins.
3. Cloud Monitoring Solutions: Utilize cloud-based tools to detect unauthorized mining activities in cloud environments, where cryptojacking is increasingly prevalent.
4. Regular Testing and Validation: Simulate cryptojacking attacks to identify vulnerabilities and strengthen defenses before actual threats materialize.

Organizations should also prioritize employee training to recognize phishing attempts and other common attack vectors. Regularly updating and patching software can close vulnerabilities that attackers exploit to infiltrate systems. Additionally, implementing robust access controls and monitoring for unusual user activity can help prevent unauthorized access.

The surge in cryptojacking attacks highlights the growing sophistication of cybercriminals and the need for organizations to adopt comprehensive cybersecurity measures. While cryptojacking may not be as visibly disruptive as ransomware, its financial and operational impacts can be equally devastating. By deploying advanced detection tools, analyzing network traffic, and regularly testing defenses, businesses can mitigate the risks posed by cryptojacking and protect their computing resources from unauthorized exploitation. As cyber threats continue to evolve, proactive and adaptive security strategies will be essential to safeguarding organizational assets and maintaining operational efficiency.

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge of aligning strategic priorities between cybersecurity leaders and company boards.

The Role of AI in Cybersecurity

According to the latest Splunk CISO Report, cyberattacks are becoming more frequent and sophisticated. Yet, 41% of security leaders believe that the requirements for protection are becoming easier to manage, thanks to advancements in AI. Many CISOs are increasingly relying on AI to:

• Identify risks (39%)
• Analyze threat intelligence (39%)
• Detect and prioritize threats (35%)

However, GenAI is a double-edged sword. While it enhances threat detection and protection, attackers are also leveraging AI to boost their efforts. For instance:

• 32% of attackers use AI to make attacks more effective.
• 28% use AI to increase the volume of attacks.
• 23% use AI to develop entirely new types of threats.

This has led to growing concerns among security professionals, with 36% of CISOs citing AI-powered attacks as their biggest worry, followed by cyber extortion (24%) and data breaches (23%).

Challenges and Opportunities in Cybersecurity

One of the major challenges is the gap in budget expectations. Only 29% of CISOs feel they have sufficient funding to secure their organizations, compared to 41% of board members who believe their budgets are adequate. Additionally, 64% of CISOs attribute the cyberattacks their firms experience to a lack of support.

Despite these challenges, there is hope. A vast majority of cybersecurity experts (86%) believe that AI can help attract entry-level talent to address the skills shortage, while 65% say AI enables seasoned professionals to work more productively. Collaboration between security teams and other departments is also improving:

• 91% of organizations are increasing security training for legal and compliance staff.
• 90% are enhancing training for security teams.

To strengthen cyber defenses, experts emphasize the importance of foundational practices:

1. Strong Passwords and MFA: Poor password security is linked to 80% of data breaches. Companies are encouraged to use password managers and enforce robust password policies.
2. Regular Cybersecurity Training: Educating employees on risk management and security practices, such as using antivirus software and maintaining firewalls, can significantly reduce vulnerabilities.
3. Third-Party Vendor Assessments: Organizations must evaluate third-party vendors for security risks, as breaches through these channels can expose even the most secure systems.

Generative AI is reshaping the cybersecurity landscape, offering both opportunities and challenges. While it enhances threat detection and operational efficiency, it also empowers attackers to launch more sophisticated and frequent attacks. To navigate this evolving landscape, organizations must align strategic priorities, invest in AI-driven solutions, and reinforce foundational cybersecurity practices. By doing so, they can better protect their systems and data in an increasingly complex threat environment.

In a conversation with cybersecurity news portal TechCrunch, Simon Wijckmans, founder and CEO of the web security company c/side, said the hacking campaign is still “very much live”.

Spray and pray campaign

The hackers aim to distribute malware to loot passwords and sensitive data from Mac and Windows users. According to c/side, a few hacked websites rank among the most popular ones on the internet. Reporting on the company’s findings, Himanshu Anand believes it is a “widespread and very commercialized attack” and told TechCrunch the campaign is a “spray and pray” cyber attack targeting website visitors instead of a specific group or a person.

After the hacked WordPress sites load in a user’s browser, the content immediately turns to show a false Chrome browser update page, asking the website visitor (user) to download and install an update to access the website, researchers believe. 

Users tricked via fake sites

When a visitor agrees to the update, the compromised website will ask the user to download a harmful malware file disguised as the update, depending on whether the visitor is a Mac or Windows user. Researchers have informed Automattic (the company) that makes and distributes Wordpress.com about the attack campaign and sent a list of harmful domains. 

According to TechCrunch, Megan Fox, spokesperson for Automattic, did not comment at the time of press. Later, Automattic clarified that the security of third-party plugins is the responsibility of WordPress developers.

“There are specific guidelines that plugin authors must consult and adhere to ensure the overall quality of their plugins and the safety of their users,” Ms Fox told TechCrunch. “Authors have access to a Plugin Handbook which covers numerous security topics, including best practices and managing plugin security,” she added. 

C/side has traced over 10,000 sites that may have been a target of this hacking campaign. The company found malicious scripts on various domains by crawling the internet, using a reverse DNS lookup to find domains and sites linked with few IP addresses which exposed a wider number of domains hosting malicious scripts. TechCrunch has not confirmed claims of C/side’s data, but it did find a WordPress site showing malicious content earlier this week.

The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears is its ability to break the private keys safeguarding cryptocurrency wallets.

While this threat is genuine, it is unlikely to materialize overnight. It is, however, crucial to examine the current state of quantum computing in terms of commercial capabilities and assess its potential to pose a real danger to cryptocurrency security.

Before delving into the risks, it’s essential to understand the basics of quantum computing. Unlike classical computers, which process information using bits (either 0 or 1), quantum computers rely on quantum bits, or qubits. Qubits leverage the principles of quantum mechanics to exist in multiple states simultaneously (0, 1, or both 0 and 1, thanks to the phenomenon of superposition).

Quantum Computing Risks: Shor’s Algorithm

One of the primary risks posed by quantum computing stems from Shor’s algorithm, which allows quantum computers to factor large integers exponentially faster than classical algorithms. The security of several cryptographic systems, including RSA, relies on the difficulty of factoring large composite numbers. For instance, RSA-2048, a widely used cryptographic key size, underpins the private keys used to sign and authorize cryptocurrency transactions.

Breaking RSA-2048 with today’s classical computers, even using massive clusters of processors, would take billions of years. To illustrate, a successful attempt to crack RSA-768 (a 768-bit number) in 2009 required years of effort and hundreds of clustered machines. The computational difficulty grows exponentially with key size, making RSA-2048 virtually unbreakable within any human timescale—at least for now.

Commercial quantum computing offerings, such as IBM Q System One, Google Sycamore, Rigetti Aspen-9, and AWS Braket, are available today for those with the resources to use them. However, the number of qubits these systems offer remains limited — typically only a few dozen. This is far from sufficient to break even moderately sized cryptographic keys within any realistic timeframe. Breaking RSA-2048 would require millions of years with current quantum systems.

Beyond insufficient qubit capacity, today’s quantum computers face challenges in qubit stability, error correction, and scalability. Additionally, their operation depends on extreme conditions. Qubits are highly sensitive to electromagnetic disturbances, necessitating cryogenic temperatures and advanced magnetic shielding for stability.

Future Projections and the Quantum Threat

Unlike classical computing, quantum computing lacks a clear equivalent of Moore’s Law to predict how quickly its power will grow. Google’s Hartmut Neven proposed a “Neven’s Law” suggesting double-exponential growth in quantum computing power, but this model has yet to consistently hold up in practice beyond research and development milestones.

Hypothetically, achieving double-exponential growth to reach the approximately 20 million physical qubits needed to crack RSA-2048 could take another four years. However, this projection assumes breakthroughs in addressing error correction, qubit stability, and scalability—all formidable challenges in their own right.

While quantum computing poses a theoretical threat to cryptocurrency and other cryptographic systems, significant technical hurdles must be overcome before it becomes a tangible risk. Current commercial offerings remain far from capable of cracking RSA-2048 or similar key sizes. However, as research progresses, it is crucial for industries reliant on cryptographic security to explore quantum-resistant algorithms to stay ahead of potential threats.