NerdNews

Google Cloud has launched quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS) to mitigate the risk of quantum computers breaking current encryption methods. The new feature supports two post-quantum cryptography (PQC) algorithms: FIPS 204 and FIPS 205. This move aligns with the US National Institute of Standards and Technology's (NIST) PQC standards and aims to protect against the 'Harvest Now, Decrypt Later' (HNDL) threat.

Anthropic has released Claude 3.7 Sonnet, a hybrid reasoning model that combines fast answers with step-by-step thinking for complex tasks. Early tests show it outperforming rivals, including OpenAI's ChatGPT models and China's DeepSeek, with 62% accuracy in coding tasks and up to 70% with extra test-time scaffolding.

Google DeepMind's AlphaGeometry2 AI model has achieved a gold-medal level performance in math olympiads, solving 84% of geometry problems from the last 25 years. The model uses a domain-specific formal language and a symbolic deductive engine to generate proofs, outperforming the average human gold-medalist performance.

OpenAI has expanded its Deep Research feature to all paying ChatGPT users, including Plus, Team, Edu, and Enterprise subscribers. The feature allows users to prompt ChatGPT to create in-depth reports on various subjects. Plus users get 10 Deep Research queries per month, while Pro subscribers get 120. The tool has also been improved with embedded images and better document analysis.

Two new malware variants, Fuxnet and FrostyGoop, have been discovered targeting industrial control systems, with Fuxnet used in the Russia-Ukraine war to disrupt gas, water, and sewage networks, and FrostyGoop used to shut off heat to over 600 apartment buildings in Ukraine. These discoveries highlight the increasing threat of ICS-specific malware and the blurring of lines between nation-state and criminal actors.

A massive Chinese botnet is bypassing multifactor authentication (MFA) in Microsoft 365 attacks using a technique that exploits non-interactive sign-ins, allowing attackers to gain access to sensitive data and emails. The botnet, made up of over 130,000 compromised devices, is targeting M365 accounts globally, with sectors such as financial services, healthcare, and government being particularly at risk. To mitigate the threat, organizations are advised to reassess access policies, implement conditional access policies, and review Non-Interactive Sign-In logs for unauthorized access attempts.

GitGuardian's MLOps stack includes DVC for version control, GTO for model registry, Streamlit for web apps, SkyPilot for cloud instances, and BentoML for packaging and serving NLP models. This stack enables rapid experimentation, smooth deployment, and efficient management of resources, making it ideal for ML teams.

Docker images consist of layers, which can be optimized for efficiency. Understanding how layers work leads to a more efficient method of packing images, speeding up deployments. Techniques like repacking, removing redundant data, and using better compression algorithms can improve performance.

The Open Web Application Security Project (OWASP) has released its Top 10 Non-Human Identity Risks for 2025. The list highlights the growing concern of non-human identities (NHIs) and their potential risks, including improper offboarding, secret leakage, and insecure authentication. NHIs, such as machine identities or workload identities, are becoming increasingly common in enterprises, and their security is often overlooked. The OWASP list provides a framework for organizations to identify and mitigate these risks, and GitGuardian offers solutions to help companies manage and secure their NHIs.

A Chinese government-backed group, Silver Fox, is spoofing legitimate medical software to infect hospital patients' computers with backdoors, keyloggers, and cryptominers. The malware is disguised as Philips DICOM medical image viewers and other legitimate software, and uses PowerShell commands to evade detection. The threat hunters can't confirm the exact distribution method, but note that Silver Fox has used SEO poisoning and phishing campaigns in the past.

AWS has introduced a new capability for AWS Organizations members, allowing administrators to centrally manage and restrict root-user access across multiple AWS accounts, enhancing security and governance.

Microsoft is making its Copilot AI assistant features, Voice and Think Deeper, available for free to all users. Think Deeper is powered by OpenAI's o1 model and can parse complicated queries. While free users may experience delays during peak usage, Copilot Pro subscribers will have preferred access to the latest AI models and experimental features.

Google's Gemini Code Assist, a coding tool powered by AI, is now available for free to individual developers with generous usage limits, offering 180,000 code completions per month and integration with popular IDEs like Visual Studio and GitHub.

OpenAI is rolling out a free version of its Advanced Voice mode, powered by GPT-4o mini, offering a cost-effective alternative with similar conversation pace and tone to the GPT-4o version.

Microsoft has made its Copilot Voice and Think Deeper features free with unlimited use, allowing users to have extended conversations with the AI assistant. The company had previously limited the use of these features for free users, but is now removing these limits. The move comes after Microsoft made OpenAI's o1 reasoning model free for all Copilot users last month.

Apple's Vision Pro is getting an update with Apple Intelligence and ChatGPT features, including AI writing tools, Genmoji, and Image Playground. The update also allows guest users to access the headset with limited permissions and stream what they see to the owner's iPhone or iPad.

Three years after Russia's invasion of Ukraine, Europe is looking to the country for the future of defense technology. Ukraine has made significant advancements in AI-enabled drone technology and has become a hub for Western companies and investors. The country is home to various defense tech startups, including those working on drone swarms, autonomous vehicles, and cybersecurity solutions. Europe is increasing its investment in defense tech, with a billion dollars invested in 2024, a fivefold increase since 2018.

A malware campaign called GitVenom is using hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials. The campaign has been active for at least two years and targets users globally, with a focus on Russia, Brazil, and Turkey.

IBM intends to acquire DataStax, which supports and contributes to the open source Apache Cassandra database. The acquisition aims to improve IBM's AI development studio, Watsonx.ai, and its data lake, Watsonx.data, by integrating DataStax's Cassandra database service, AstraDB, and its open source visual framework, Langflow. The deal is expected to close in the second quarter of 2025, subject to regulatory approvals.

The US Bureau of Labor Statistics predicts that AI will not negatively impact developer and DBA jobs, with a projected 17.9% increase in developer employment and 8.2% increase in DBA employment by 2033. However, jobs in the legal sector and customer service may be more at risk.