Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Tech
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices.
The CVE-2026-20245 vulnerability is a high-severity command injection flaw in Cisco Catalyst SD-WAN Manager (vManage), Controller (vSmart), and Validator (vBond) that allows authenticated attackers to execute arbitrary commands as root by uploading a crafted file.
Cisco said the vulnerability stemmed from insufficient validation of user-supplied input and could be exploited by authenticated attackers with local access to affected devices.
When Cisco disclosed the flaw earlier this month, the company warned that it had been exploited in a limited number of attacks but did not provide any details.
Cisco only stated that successful exploitation allowed attackers to gain root privileges and that some incidents involved unauthorized configuration changes being pushed to edge devices.
The company released security updates and urged customers to upgrade to fixed software versions, stating that no workarounds were available.
New exploitation details emerge
In a report published today, Mandiant revealed that CVE-2026-20245 was exploited as a privilege-escalation vulnerability after attackers had already gained access to targeted SD-WAN devices.
According to the researchers, the intrusion began with unauthorized SD-WAN peering connections observed on a service provider’s infrastructure.
Beginning in March 2026, the threat actor established new rogue peer connections and authenticated to affected SD-WAN Manager devices using the vmanage-admin account.
Mandiant believes the rogue peering may have been created by exploiting previously disclosed Cisco SD-WAN authentication bypass zero-days, CVE-2026-20127 and CVE-2026-20182, though the exact method remains unclear.
After gaining access, the attackers changed the default admin account password, logged in to the SD-WAN Manager web interface, and extracted configuration information for edge devices, controllers, and SD-WAN templates.
Mandiant says the attackers subsequently restored the admin account to its original password after completing their activity, likely to reduce detection.
The researchers say the attackers then exploited CVE-2026-20245 through a tenant-upload feature in the SD-WAN command-line interface by uploading a malicious CSV file named “evil_tenant.csv.”
“CVE-2026-20245, a vulnerability reported to Cisco by Mandiant, exists in the command-line interface (CLI) of Cisco Catalyst SD-WAN Controllers that could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system,” explains Mandiant.
Mandiant says the malicious payload first created backups of system configuration files, including /etc/passwd and /etc/shadow, before creating a new account named “troot” with root-level privileges.
The attackers then used the Linux “su” command to switch from the compromised administrative account to the newly created root account, giving them full control over the device.
Mandiant says the attackers heavily relied on anti-forensic tactics to evade detection.
This includes backing up configuration files before modifying them and then restoring them after exploitation. They also cleaned up traces of exploitation by deleting the malicious CSV payload, removing temporary files created during the attack, and erasing evidence of the rogue root account.
The researchers also observed the execution of a validation script to confirm that all traces of the compromise had been removed from the device.
Mandiant says some rogue peering activity observed in March 2026 occurred on systems that were not vulnerable to any of the previously disclosed authentication-bypass flaws.
Cisco told the researchers that the breach did not involve CVE-2026-20182 and said it was possible the attackers used certificates stolen during a previous compromise to regain access to devices.
Mandiant has published indicators of compromise, attacker IP addresses, and guidance to help organizations determine whether they were compromised.
Organizations should collect diagnostic data from SD-WAN devices, check for signs of unauthorized peering connections, and upgrade to the latest software releases if they have not already done so.
Continue Reading
Tech
Polymarket Says Its Markets Reveal The Truth. Its Ad Strategy Was To Have Influencers Fake Wins.
from the seems-bad dept
In theory, there’s a way to build a prediction market that actually provides valuable insight on issues through the wisdom of the crowds. But that’s not at all what we have with the current crop of prediction markets, mainly Kalshi and Polymarket, which seem to have leap-frogged FanDuel and DraftKings as the deservedly hated gambling apps that pretend not to be gambling apps. While we haven’t spent too much time talking about those markets here on Techdirt, we have mentioned some examples of where they are found to be distorting information, rather than revealing deeper insights.
But, really, if your entire marketing pitch is that you’re a tool for revealing truths, it should be existentially embarrassing for it to be revealed that your advertising strategy is to have influencers blatantly fake bets to pretend they had won, when they really would have lost. It’s like the opposite of a truth market. It’s false advertising.
A piece published over the weekend by the Wall Street Journal (whose publisher actually has a deal with Polymarket) is incredibly damning, suggesting pretty clearly that Polymarket and a crew of young influencers it has hired have engaged in outright fraud that both the FTC and the CFTC would go after, if either agency were inclined to act:
In his videos, George Makihara appears to have a lucrative side hustle making bets on Polymarket.
In January, the college student posted a video that showed him winning $100,000 on a wager that President Trump would publicly say the word “McDonald’s” that month.
The bet was one of 145 that Makihara appeared to place on Polymarket’s website between January and mid-May, based on his videos—bets adding up to almost $410,000.
But none of those bets were real, according to a Wall Street Journal investigation.
The basics of the scam are pretty straightforward: Polymarket hired one of those “influencer marketing” companies to round up college kids to make social media videos showing them winning bets on Polymarket. Except, it turns out that the bets shown in those videos aren’t real. They’re faked, using a fake version of Polymarket, with the clever domain name Poiymarket (that’s a lower case i rather than an l there). And, of course, none of the influencers disclosed they were being paid by Polymarket, let alone that the bets shown in the videos were made up.
This doesn’t seem to be a one-off case of a rogue influencer either. The WSJ found over 1,100 videos by multiple creators, and determined that in 70% of the videos, no actual bets were placed, even as the videos showed the influencers winning $1.9 million. Within that, one smaller segment of the videos used faked or outdated news coverage to pretend the influencers had won about a million dollars — when, the WSJ worked it out, those same bets would actually have lost $166,000 if anyone had actually placed them.
And according to the reporting, this isn’t just a case of the marketing firm Polymarket hired going too far. The article reports that Polymarket created the fake website and required the influencers send them all their videos for approval before posting:
Creators said they send the finished videos to Polymarket for review. If a video isn’t engaging enough, or if it bears obvious signs of being faked, Polymarket will ask for the videos to be reshot, the creators said.
All of this clearly violates the FTC’s rules on disclosing paid promotion, not to mention being clearly deceptive advertising. That isn’t even mentioning that Polymarket apparently demanded that the ads target Americans, even as Polymarket isn’t supposed to be operating its prediction market in the US (even though tons of people are using it there via VPNs and proxies).
This is where the CFTC should step in. Polymarket has been doing the whole “nudge, nudge, wink, wink” thing about supposedly not targeting the US. But this report makes it clear that they absolutely are targeting the US and that it’s an important market to them. In a normal administration, the CFTC would take note of this and take action:
As of early June, it only paid clippers if at least 60% of their audience was in the U.S., according to instructional materials.
There’s also this excuse given by one of the influencers, who may be about to learn about deceptive advertising laws:
Razeen Khan, a college student in California, worked as a Polymarket creator for several months until March. He compared the videos to fast-food commercials, where food can appear more appealing than it does in real life.
“We’re depicting what actually happens,” he said. “You’re still going to buy the burger.”
This is quite the choice in what to compare things to, Razeen, because the FTC now has a few decades on the record of going after companies for representing food in ads in a deceptive manner. In 1968, there was the Campbell’s Soup case, in which the FTC dinged the soup company for placing clear marbles in the bottom of bowls so that photos of the soup made it look like there were more noodles and vegetables in the soup than there really were.
The general rule of thumb to avoid having the FTC come down on you is that if any food is shown in an ad, it has to be the actual food. Everything else around it can be faked or made to look better. But the food has to be real. Hell, there was just a case against Burger King (which appears to have settled earlier this year), alleging that the burgers it showed in commercials were bigger than what was actually sold.
So, yeah, Razeen, I’d suggest maybe talking to a lawyer before you claim that you’re just doing the same thing that you think fast food companies do… when those fast food companies know that they can face serious legal penalties for faking things. Like you appear to have done.
Of course, the real question is whether this FTC will do anything about it. On the merits, it’s about as clean a case as the agency is ever going to get — so blatant that looking the other way carries its own cost. But part of the reason Kalshi and Polymarket seem to be everywhere these days is that the Trump administration has gone to bat for both companies in their fights with state regulators — and that Donald Trump Jr. has financial links to both companies. So the agency that should be the natural enemy of a company building fake websites to run faked ads, instead answers to a White House championing that company, while the president’s son personally profits from its success.
Which is its own kind of tell. A prediction market’s entire pitch is that it surfaces the truth — that the wisdom of the crowd, with real money on the line, produces better information than anyone else can. Polymarket just demonstrated what it actually thinks of that promise: when it needed to sell itself, it didn’t trust the real numbers. It hired college kids, built a counterfeit version of its own site, and manufactured the wins. The product that’s supposed to reveal the truth couldn’t market itself without faking it.
This is the rare case clean enough to force the question. If the FTC does nothing with a fraud this obvious, it won’t be because the case is too weak. Instead, it will tell you exactly whose interests the Trump FTC thinks are worth protecting.
Filed Under: cftc, deceptive advertising, false advertising, fraud, ftc, influencers, prediction markets
Companies: polymarket
The NotePin S AI wearable, seen here on the wrist of CNET’s Katie Collins, could be really useful for my job. And it’s on sale for Prime Day.
I took over the role of CNET’s editorial leader earlier this year, and while I’ve participated in Prime Day sales as a TV reviewer and general deals editor here for (literally) decades, this is my first Prime Day as EIC. In case you’re wondering what purchases a person like me is considering this time around, here’s a sampling.
iPad 11-inch A16 ($300): My artistic daughter has been asking for an iPad and if my wife approves, I’ll likely get her this basic version, our top pick for most people. I’d also get her the Apple Pencil (on sale for $60). We’d save both of these for Christmas presents.
Belkin Portable Charger Bank ($38): My family and I always need portable chargers. Half our devices call for Lightning and the other half for USB-C. This does both and I like the built-in cables.
Plaud NotePin S AI Notetaker ($152): In my new role I take more meetings than ever, and I also have plenty of valuable face-to-face conversations in the office and beyond. I currently depend on the Otter app on my phone and Gemini+Google Meet recordings at work to take notes (with appropriate permission, of course). This AI wearable could be my “secret weapon” to consolidate everything in one place.
JBL Go 4 Bluetooth Speaker ($38): I actually bought this one a few days ago when it was $40 – still a great deal, but now even better. It’s no longer one of our best Bluetooth speakers but it’s good enough for my (other) daughter, who wants one for the beach. At this price, I won’t be too annoyed if (when?) it gets destroyed by sand and surf. And yes, I got her the pink one which I know she’ll love. We’re saving this for her birthday.
Anker Solix F2000 portable power station ($749): I own a travel trailer and upgraded to solar with an inverter, but at a recent (shady) campsite, I still had to break out my loud, annoying propane generator. Sure, I could just add more standard 12V LiPo4 batteries, but this portable power station is so much more versatile. It includes a 30A RV outlet, and the wheels make it worth the extra $50 over the Bluetti AC200L. No way my wife approves this one, but it stays on the list anyway because I’m camping tech obsessed.
The new Google Home Speaker brings Gemini and expanded smart home capabilities, and Matter hub support. Reviews highlight its more natural voice experience, though some note that audio quality doesn’t clearly surpass the older Nest Audio.
Tech
The US government wants a working quantum computer by 2028 and quantum-resistant encryption by 2031
One order directs federal agencies to work with private companies and universities to deliver a quantum computer capable of supporting scientific research by 2028. The Department of Energy has been tasked with identifying the technical benchmarks that will define the system.
Read Entire Article
Source link
from the good-deals-on-cool-stuff dept
The Ultimate AWS Data Master Class Bundle has 9 courses to get you up to speed on Amazon Web Services. The courses cover AWS, DevOPs, Kubernetes Mesosphere DC/OS, AWS Redshift, and more. It’s on sale for $40.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Filed Under: daily deal
Data governance is unglamorous work. It is also the reason most AI strategies stall before they scale.
Spending on models, platforms and use cases keeps growing. But the disciplines that make those investments effective – data quality, ownership and governance – often receive far less attention.
Part of the challenge is that data governance is neither “fun” nor “sexy.” It lacks the excitement of new technologies and the appeal of quick wins, so it is consistently deprioritized.
Latest Videos From
Yet as organizations scale their AI ambitions, governance is increasingly the factor that determines whether those efforts succeed or stall.
Head of Engineering Growth at Optima Partners.
The imbalance in attention is now starting to show. While AI adoption continues to grow, many organizations still struggle to move beyond pilot stages into enterprise-scale deployment. The gap between ambition and execution is widening, and weak data governance is often at the center of it.
The issue is not awareness. Most business leaders recognize that governance matters. The challenge is that governance demands structural decisions, cultural alignment and sustained discipline – the hard parts of the job. And, unlike a new platform or tool, its value often only becomes fully apparent when it is missing.
When governance is absent, problems don’t stay small
Weak governance rarely fails loudly at first. The problems accumulate.
Early AI initiatives often prioritize delivery, with dashboards, models and applications taking precedence over governance. Silos form, data definitions diverge and access controls become inconsistent. A common pattern: two teams – one in marketing, one in data science – train separate models against different definitions of the same metric.
Both definitions look correct in isolation. In production, the predictions conflict, neither team can explain why, and the investigation takes weeks longer than building either model did. Quality issues are patched rather than fixed, and new projects begin to rely on shaky assumptions.
As complexity grows over time, confidence in the data declines.
Data dictionaries and permission frameworks are not administrative overhead – they are what makes scalable AI possible. Building them early demands investment before visible returns but postponing that effort is far costlier.
Left unchecked, governance gaps eventually land hard, resulting in delayed projects, compliance failures and decisions made on unreliable data. At that point, organizations are forced into reactive fixes – or even total rebuilds – that are far more expensive and disruptive than addressing governance from the start.
Governance is not just compliance – it enables innovation
Regulators are placing increasing importance on accountability in how data is used. The UK’s Information Commissioner’s Office (ICO) has made it clear that organizations must be able to demonstrate control over data use, particularly as AI systems become more prevalent. Scotland’s new National AI Strategy also highlights that organizations must follow best practice in responsible AI governance aligned with OECD principles.
This has reinforced the perception that governance is primarily a compliance exercise – something important but not necessarily prioritized at the prototype stage. Effective governance is far more than that: it shapes how data flows through an organization, how decisions are made and how confidently teams can act. It defines accountability and sets the standards needed to maintain consistency at scale.
In that sense, governance is a design choice, and businesses need to make the right one to effectively scale their innovation ambitions.
Define ownership before you decide the model
Governance is not one-size-fits-all – nor it is purely a technical problem to be addressed through tools or platforms alone. In fact, the harder initial challenge is often a people and accountability one. Before designing a governance model, organizations need to define the who as much as the how. Who owns the data? Who is responsible for its quality and who decides how it should be used?
In many organizations, these responsibilities are unclear. Management is shared, and ownership is (often wrongly) assumed rather than defined. But it is only once those questions have been answered – in practice as well as on paper – that businesses can turn their attention to developing a governance model that fits their structure.
Some take a centralized approach to this, with control sitting in a single function. This can provide consistency and clarity, but the model may struggle to scale across complex organizations with diverse needs.
Others adopt a federated model, combining central standards with local ownership. This can be more flexible and scalable, but only if the business is committed to those shared standards and has defined clear roles and accountability. Without them, federated models risk furthering data fragmentation.
The key is alignment. Governance models should match how teams actually use data and AI, not how they’re assumed to operate.
A practical test: ask three different teams how they define a key business metric – revenue, active users, or customer churn. If the answers differ, the governance problem already exists. The operating model question is not how to prevent that divergence in future; it is who has the authority to resolve it now.
Governance doesn’t show up in a demo
Governance is rarely the most visible part of an AI strategy. It’s detailed, structural work that often goes overlooked, but that is precisely why it matters.
For business leaders, the challenge is to move beyond acknowledging its importance and begin making early, deliberate decisions about how it is implemented. That means defining data ownership, aligning operating models and investing in the capabilities that support long-term success.
Technology choices are reversible. Data ownership decisions compound. The governance model you design – or neglect – in the next twelve months will shape what your AI strategy can actually deliver in three years.
We’ve featured the best small business software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
An anonymous reader quotes a report from Barron’s: Walmart is signing a long-term contract to buy nuclear power for the first time ever, a promising sign that the industry’s future is supported by more than just the AI data center boom. The retail giant agreed on Tuesday to buy power from a nuclear plant in Illinois owned by Constellation Energy for its operations in the area, including its stores and a high-tech warehouse in Illinois that stores and sorts perishable food.
Walmart will buy 176 megawatts of power from the plant over a 15-year period, or enough power to serve around 150,000 homes. The Walmart deal will allow Constellation to expand the capacity of the Illinois plant by 30 megawatts, a process known as an uprate, which can involve replacing older equipment and improving efficiency. Walmart, which has pledged to eliminate net carbon emissions from its U.S. operations by 2040, will also receive the environmental attributes associated with the nuclear energy, which generates electricity without carbon emissions. Further reading: Trump Admin Announces $17.5 Billion In Loans For 10 New Large Nuclear Reactors
The iPhone 18 Pro is still a few months away, however a new leak suggests one of its biggest upgrades may already be taking shape.
According to respected Weibo leaker Setsuna Digital, Apple’s 2026 flagship is expected to receive a major camera upgrade.
Supply chain information reportedly points to noticeable hardware changes inside the phone. In addition, the leak backs up several earlier rumours. These suggest Apple is preparing a more substantial camera overhaul for the iPhone 18 Pro and iPhone 18 Pro Max that can could make the best camera phones around.
The biggest clue is the phone’s thickness. Recent dummy models have already suggested that Apple’s next Pro iPhones could be around 2mm thicker than their predecessors. Setsuna Digital now claims the camera system is the main reason why.
Exactly what’s changing remains unclear. Yet the leading theory is the addition of a variable aperture system. If accurate, it would give photographers greater control over depth of field and light intake. This change would bring the iPhone camera experience closer to dedicated cameras. It’s a feature that’s appeared on a handful of Android phones over the years, but Apple has yet to implement it on an iPhone.
There are also suggestions that Apple could pair the new hardware with an upgraded 48-megapixel sensor. However, it’s not yet known whether the company plans to increase the size of the current 1/1.28-inch main sensor.
The thicker chassis may bring benefits beyond photography too. Reports indicate Apple could use the additional space for a slightly larger battery. This could potentially improve endurance alongside the company’s expected 2nm A20 chipset. A more efficient processor combined with extra battery capacity would likely translate into longer battery life. This applies even if the design becomes marginally bulkier.
At this stage, none of the details have been officially confirmed. Apple is unlikely to discuss the iPhone 18 lineup for many months. However, the latest supply chain claims line up with previous reports. These reports point to a larger camera module and a thicker overall design.
If the leaks prove accurate, the iPhone 18 Pro could deliver one of the most meaningful camera upgrades Apple has made in years. Unlike many internal improvements, this is one that users may be able to spot the moment they pick up the phone.
OpenAI and Broadcom have unveiled Jalapeno, OpenAI’s first custom AI chip, designed primarily to handle inference for ChatGPT and other services. It’s a major step in OpenAI’s plan to “build the full stack behind its models and products,” says OpenAI. “By designing more of the stack ourselves, we can serve more intelligence with greater efficiency and keep pushing advanced AI toward broader access.” CNBC reports: The chip with Broadcom is an ASIC, which industry experts say is less flexible than Nvidia’s GPU, but is also less expensive and can be designed for specific AI tasks. OpenAI said that it designed the chip in nine months, and that it also crafted large parts of the computer system where it will be used.
The companies are calling the chip an “Intelligence Processor” and describe it as the first “AI accelerator” in a platform they’re building “to make advanced AI faster, more reliable, and more accessible to more people.” […] A physical sample of the new chip will be delivered to OpenAI on Wednesday. The companies said they’re aiming for initial deployment of the Jalapeno chips by the end of 2026, “expanding in the years ahead.”
Slate Auto says its stripped-down electric pickup will start at $24,950 before fees, with the base model’s estimated range increased from 150 to about 205 miles. The company has started taking preorders on Wednesday. “The aggressive pricing — half the average cost of a new car in the United States — puts Slate in position to capture a share of the lowest end of the new car market, which has few gas and fewer electric options these days,” reports TechCrunch. From the report: The price reveal comes more than a year after Slate Auto emerged from stealth. Since then, the company has been steadily detailing the extremely basic, transforming EV, which starts as a two-seater pickup truck, but can be modified into a five-seater SUV. The SUV version will start at $29,950, Slate said Wednesday. Slate has said the conversion can be done by professionals or by owners themselves. On Wednesday, it finally showed off some of the first of its “Slate University” how-to videos, which guide people through the steps for doing everything from the SUV conversion to adding headlight covers.
Everything else about the truck is bare, though it’s customizable. It has hand-crank windows, lacks an infotainment system, and all orders start with the same gray composite material, with no paint options, as Slate plans to let buyers order customizable wraps for the vehicle. That likely helps cut out a major cost center, as factory paint shops can run in the hundreds of millions of dollars. The company did not offer more details about the buying process. Slate has said it “won’t have traditional dealerships,” and plans to sell directly to customers, similar to other EV companies like Tesla, Rivian, and Lucid Motors.
NewsBeat6 seconds ago
Many Americans have lost money or information to scams, poll finds
Business1 minute ago
Find out which university degrees could earn you most across your lifetime
Crypto World2 minutes ago
Pi Network’s PI Barely Avoids New ATL, BTC Rebounds From Another Dip to $59K: Market Watch
-
Fashion6 days agoWeekend Open Thread: Miami – Corporette.com
-
Entertainment4 days agoRenter of Home in Anne Heche Crash Denies Settlement With Son
-
Sports2 days agoTwo goals and an assist by sheer aura: Cristiano Ronaldo just entered the World Cup chat
-
Tech3 days agoMicrosoft accidentally kills epic Outlook email threads
-
Business5 days agoSoccer-U.S. defends Iran World Cup travel restrictions, says discussions ongoing
-
Crypto World1 day ago
Bitcoin (BTC) Dips Below $62K, Ethereum (ETH) Plunges 6% Daily: Market Watch
-
Politics5 days agoAndy Burnham and the meaning of Makerfield
-
Politics7 days agoBBC Reporter Discusses Cross Party Criticism Of Trumps Iran Deal
-
Business1 day ago
Entergy settles forward sale agreements, raises $672 million in cash proceeds
-
Crypto World1 day agoSecuritize Wraps Roubini's SEC-Registered ETF as Dubai VARA Digital Security
-
NewsBeat6 days agoKeir Starmer Allies Question His Chances For No 10
-
Business5 days agoWall Street Week Ahead: Investors see Micron earnings as pulse check of AI rally momentum
-
Tech7 days agoAWS enters the context layer race with a graph that learns from agents, not manual curation
-
Crypto World5 days agoCan Charles Hoskinson Really Rescue Cardano?
-
Crypto World5 days agoHIVE shares jump as $220M AI deal speeds Bitcoin mining pivot
-
Crypto World5 days agoJake Chervinsky accuses CME of protecting derivatives monopoly
-
Entertainment5 days agoJose Alvarado Wants Taylor Swift at More Knicks Games
-
Tech4 days agoSignal’s Meredith Whittaker says AI chatbots ‘are not your friends’ and calls Copilot agents a backdoor
-
Tech3 days agoNearly 7,000 fake Amazon domains registered ahead of Prime Day 2026, researchers warn
-
Sports6 days agoFIFA World Cup 2026: Canada beat 9-men Qatar 6-0 to register first ever win | FIFA World Cup 2026
You must be logged in to post a comment Login