Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

Today’s NYT Connections Hints, Answers for July 19 #1134

Published

on

Looking for the most recent Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections: Sports Edition and Strands puzzles.


The blue group in today’s NYT Connections puzzle made me laugh. Read on for clues and today’s Connections answers.

The Times has a Connections Bot, like the one for Wordle. Go there after you play to receive a numeric score and to have the program analyze your answers. Players who are registered with the Times Games section can now nerd out by following their progress, including the number of puzzles completed, win rate, number of times they nabbed a perfect score and their win streak.

Advertisement

Read more: Hints, Tips and Strategies to Help You Win at NYT Connections Every Time

Hints for today’s Connections groups

Here are four hints for the groupings in today’s Connections puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Home repair elements.

Advertisement

Green group hint: Put together.

Blue group hint: Think Ty D Bowl.

Purple group hint: The front part of a head.

Answers for today’s Connections groups

Yellow group: Circuit components.

Advertisement

Green group: Digital coupling verbs.

Blue group: Things a toilet does.

Purple group: ____ face expressions.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

Advertisement

What are today’s Connections answers?

completed NYT Connections puzzle for July 19, 2026

The completed NYT Connections puzzle for July 19, 2026.

NYT/Screenshot by CNET

The yellow words in today’s Connections

The theme is circuit components. The four answers are breaker, fuse, relay and switch.

The green words in today’s Connections

The theme is digital coupling verbs. The four answers are connect, join, pair and sync.

Advertisement

The blue words in today’s Connections

The theme is things a toilet does. The four answers are drain, flush, refill and swirl.

The purple words in today’s Connections

The theme is  ____ face expressions. The four answers are game, long, poker and straight.

Source link

Advertisement
Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

New Windows LegacyHive zero-day gives hackers admin privileges

Published

on

Windows

A security researcher using the “Nightmare Eclipse” handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems.

Nightmare Eclipse published a proof-of-concept (PoC) exploit hours after Microsoft released its July 2026 Patch Tuesday updates, saying that it abuses a security vulnerability in the Windows User Profile Service, which has yet to receive a CVE ID for easier tracking.

However, unlike previous exploits released by NightmwareEclipse, the LegacyHive PoC has been modified to require additional credentials, making it harder for attackers to weaponize the vulnerability.

image

“The PoC requires another standard user credentials and a third username (which can be an administrator account), if the PoC is successful, it will end up mounting the target user hive in current user classes root,” the researcher said.

“The PoC was stripped down as an attempt to prevent public exploitation, the original PoC did not require additional user credential and was not limited to usrclass.dat hive, any hive could be loaded using this vulnerability but you would need some brain cells to make the PoC do it.”

Advertisement

As Will Dormann, principal vulnerability analyst at Tharros, explained after testing the LegacyHive exploit, successful exploitation would allow non-admin users to modify the classes registry hive and gain automatic code execution when the admin account logs into a compromised system.

“For example, as a novelty, we can associate .txt files to open with calc.exe,” Dormann noted. “Clever attackers or people who want to accomplish something will easily be able to figure out how to do things that are more interesting and/or don’t even require user interaction.


LegacyHive demo (Will Dormann)

One day after the PoC was released, cybersecurity expert Kevin Beaumont also confirmed that the exploit works and published LegacyHive exploitation detection queries for the Microsoft Defender for Endpoint (MDE) enterprise-grade endpoint security platform.

Advertisement

“Microsoft is aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims. Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible,” a Microsoft spokesperson told BleepingComputer today when asked for a statement regarding the LegacyHive exploit.

“Importantly, we support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public.”

In recent months, Nightmare Eclipse has disclosed zero-day exploits for multiple Windows vulnerabilities in Microsoft Defender, BitLocker, and various Windows components, including RoguePlanet, BlueHammer, RedSun, YellowKey, GreenPlasma, MiniPlasma, and UnDefend.

Microsoft fixed the GreenPlasma, MiniPlasma, and YellowKey flaws last month as part of the June 2026 Patch Tuesday updates and the RoguePlanet vulnerability in the July security updates.

Advertisement

Microsoft responded to Nightmare Eclipse’s disclosures with warnings of legal action against people engaging in “malicious activity causing real harm to our customers,” prompting cybersecurity experts to believe the company was directly threatening the security researcher.

Update July 17, 10:05 EDT: Added Microsoft statement.


article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Advertisement
Continue Reading

Tech

NYT Connections hints and answers for Sunday, July 19 (game #1134)

Published

on

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing ‘today’s game’ while others are playing ‘yesterday’s’. If you’re looking for Saturday’s puzzle instead then click here: NYT Connections hints and answers for Saturday, July 18 (game #1133).

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.

Advertisement

Source link

Advertisement
Continue Reading

Tech

Virtua Fighter Crossroads Finally Lets the Fights Speak for Themselves in New VS Battle Gameplay Footage

Published

on

Virtua Fighter Crossroads VS Battle Screenshot
SEGA and Ryu Ga Gotoku Studio just put out the first proper look at head-to-head combat in Virtua Fighter Crossroads, and the footage lands with real weight. The new VS Battle gameplay trailer, released earlier this week, shows two fighters trading blows in arenas that feel grounded and physical. Combos flow cleanly. Grabs snap into close camera angles that emphasize the struggle. Counters land with purpose. Finishers carry a sense of finality without overblown spectacle.



This is the traditional arcade mode that fans have been waiting for, and after months of story-focused announcements, many were wondering if the classic series would still be included. The answer appears to be yes, based on the footage. Crossroads is designed with Unreal Engine 5. It appears in the character faces, which are much more detailed and expressive than in prior games. The lighting reacts naturally to movement, and post-processing does not convert every punch into a flashy exhibition. As a result, the battle appears to be far more authentic than that of most modern fighters. The boxers move with weight, and their footwork is important. You must consider the distance and your position, as simply sidestepping and circling on a level plane will not enough.


Grabs, in which one combatant grabs onto another, receive special attention in Crossroads. When one fighter locks up another, the camera zooms in to show the hold and the other guy’s attempts to squirm free. It’s a minor detail, but it truly conveys the physicality of the fight, and as the bout ends, you get this nice animation that shows off the final strike. It’s not some cheap-sounding super move, because the emphasis is on timing, reads, and executing a flawless move. Ryu Ga Gotoku Studio has always stated that the competitive side is its own entity, and that remains true now. You can’t simply carry over your Story Mode stats into VS Battle because it’s purely a skill thing, and the controls have been designed with normal gamepads in mind, with a focus on simple inputs that nonetheless reward a thorough mastery of each character’s tools. It’s still all about technique, reading your opponent, and understanding your character inside and out.


The rest of the game is built on this basis, with the Story Mode following four new characters who meet in the fictional city of Vilasapara, Southeast Asia. You can explore the city, do side missions, and fight through massive multi-opponent brawls and set pieces. Old characters such as Pai Chan appear in both the tale and the competitive mode, while a new masked fighter known as the Bakunawa Killer is already regarded as a key player. The city itself has the lived-in vibe that Ryu Ga Gotoku is known for, and you can tell they spent a lot of effort making each section feel like a real place.

Virtua Fighter Crossroads VS Battle Gameplay
Crossroads is expected to be released in 2027. Platforms are still unclear, although the presentation suggests that it will be available on modern consoles and PC. There is no information yet on an exact release date. One thing we do know is that the competitive mode has received equal care and attention as the story mode.
[Source]

Advertisement

Source link

Continue Reading

Tech

Chinese Solar Company Says Its New Cell Has An Efficiency Of 35.5 Percent

Published

on

Commercial solar cells only have a conversion efficiency of around 25 percent.

Chinese company LONGi has developed a solar cell that it claims has achieved a conversion efficiency of 35.5 percent, as verified by the European Solar Test Installation, a reference laboratory for the calibration of photovoltaic (PV) devices. That’s an impressive conversion efficiency compared to what most solar cells are capable of. According to the US Energy Information Administration, the solar cells in commercially available panels are just now approaching a 25 percent efficiency. There are cells with a conversion efficiency of 50 percent, but they’re for niche uses, like solar panels for satellites. 

The company specifically developed crystalline silicon-perovskite tandem solar cells. They’re an emergent PV technology that LONGi believes is the future of solar energy. Theoretically, these cells could achieve an efficiency of 43 percent. LONGi first achieved an efficiency of 33.9 percent in November 2023 and then 34.6 in June 2024. After several more incremental increases, the company is now claiming an efficiency of 35.5 percent.

LONGi says it holds the world record for efficiency when it comes to this particular PV technology. That said, the US Department of Energy’s National Renewable Energy Laboratory developed a solar cell with an efficiency of 39.5 percent back in 2022. In the grand scheme of things, who holds the record matters very little for most people. What matters is finding a way to mass produce and commercialize cells with these efficiencies so that they can help address humanity’s energy problems. 

Advertisement

Source link

Advertisement
Continue Reading

Tech

Write 2D And 3D Games In Modern MoonBASIC

Published

on

One of the major strengths of the BASIC programming languages has always been their no-fuss setup and rich set of commands for operations that would take considerably more work in a bare-bones language like C. MoonBASIC continues this legacy with a BASIC variant optimized for both 2D and 3D game development.

Included in the package are Raylib, Box2D, and Jolt, whose functionality is exposed via over 4,200 commands in their respective namespaces. You can also download a whole IDE package based around VS Code, use it on the command line, or add it to an existing VS Code installation.

A quick glance at the ‘getting started‘ guide gives a pretty good idea of what to expect of MoonBASIC, including a range of custom language additions and support for PBR materials, dynamic lighting, and other modern game engine features.

Advertisement

Whether writing a game in BASIC was on your bingo card for this year or not, it might be worth taking a look to see whether it’s your jam. After all, if BASIC was good enough for both AI and game development in the 1980s, surely it can be used for complex games in 2026.

Source link

Advertisement
Continue Reading

Tech

Terry Callier at the Earl of Old Town Review: Better on CD Than 180 Gram Vinyl

Published

on

This is not going to be a popular review because it is one of my rare negative-leaning takes on a new release by Terry Callier, a fine, if underappreciated, folk singer with a rich style that falls somewhere between Richie Havens and Tim Buckley.

While I have no problem with the artist, the music, or even the underlying performance on Terry Callier at the Earl of Old Town (Time Traveler Records), I felt an obligation to offer some perspective on the underlying value proposition of the vinyl edition. The promotional buzz surrounding this recent Record Store Day release appeared promising:

“These 1967 live tapes—unearthed from a private archive were recorded by Joe Segal in Chicago at The Earl of Old Town Club. Showcasing Callier’s distinctive blend of folk, soul, and jazz in its purest form. His intricate guitar work, luminous voice, and spiritual depth are presented in stunning clarity, giving both longtime fans and new listeners an unfiltered glimpse into a foundational moment in American music history. Transferred from the original tapes, restored by Joe Lizzi and mastered by Matthew Lutthans at The Mastering Lab. The limited-edition 180-gram 2-LP edition includes a booklet with rare photographs and newly commissioned liner notes… “

terry-callier-at-the-earl-of-old-town-2lp

Sounds super appealing, right? Unfortunately, as is sometimes the case with archival releases, the reality is a bit different from the pre-release promotional descriptions.

Advertisement

As a lifelong Deadhead, I certainly appreciate a good audience-captured, fan-made unofficial recording. I get it. Rare recordings like this are invaluable for better appreciating an artist’s life’s work. Accordingly, I can even love a less-than-perfect archival recording if it is presented in its proper context. And therein lies the rub: Terry Callier at the Earl of Old Town is presented as “restored,” but it sounds far from that. For an album selling for upwards of $50 when you add taxes and shipping, it feels like a bit much.

terry-callier-live-back-cover

As I listened to this just-OK-quality, lo-fi, audience-sounding recording, I questioned whether it really needed to be pressed as a fancy double 180-gram audiophile vinyl set. Coupled with the relatively short performance time of approximately 58 minutes, I suspect it could have been mastered to fit on a less costly, standard-weight 140-gram single LP without a significant sacrifice in fidelity. I’ll put it this way: if Herbie Hancock and Chick Corea could issue a live album in 1978 with a 35-minute-long side, a 30-minute side in 2026 should be feasible. Just sayin’!

herbie-hancock-chick-corea-label

For example, there are warbles audible during “The Last Thing on My Mind,” indicating that the recording was damaged somehow. There are moments of distortion throughout. Mr. Callier was playing in a small club before a relative handful of patrons who are polite except when they aren’t, so there is a fair amount of talking in the background during some tunes. In short, this is a far-from-perfect document. I guess that is the “unfiltered glimpse” part of the offering noted above.

terry-callier-at-the-earl-of-old-town-cd

Terry Callier At The Earl of Old Town is currently selling for $46.02 at Amazon. Of course if you are a deep fan, you probably already own this. However if you’ve been on the fence you might be better off going for the less pricey 2CD version, which you can find on Amazon for $23.56 — although I need to point out that at 58 minutes in length, it could have been all put on a less expensive-still single CD. Alternately, you might just want to simply wait until the prices come down on both of these options.

Our Ratings

★★★★★★★★★★ Music

★★★★★★★★★★ Sound Quality

★★★★★★★★★★ Pressing Quality

Advertisement
Advertisement. Scroll to continue reading.

Where to buy:


Mark Smotroff is a deep music enthusiast / collector who has also worked in entertainment oriented marketing communications for decades supporting the likes of DTS, Sega and many others. He reviews vinyl for Analog Planet and has written for Audiophile Review, Sound+Vision, Mix, EQ, etc.  You can learn more about him at LinkedIn.

Advertisement

Source link

Continue Reading

Tech

Sunlight Turns Into Hot Air That Dries Clothes in an Hour While Using Only a Fraction of Normal Power

Published

on

Sunlight Air Heating Collector Clothes Dryer
Greenhill Forge wanted to find out whether solar air heating could handle actual laundry drying without relying on a big electric heating element. The short answer from his latest build and test is yes, and the numbers make a strong case for it. He connected an upgraded solar air collector panel directly to a standard clothes dryer. The panel supplies heated air that replaces the usual 2,400-watt electric element. In the real-world trial, a test shirt came out completely dry after one hour. The only electricity consumed during that hour went to spinning the drum. Total draw sat around 155 watts.



This corresponds to more than ten times less power as a standard electric dryer. The heating burden just evaporated, replaced by free solar energy harvested on-site. Greenhill Forge has been experimenting with solar air heating on his little rural homestead for a long time. Previously, he conducted side-by-side studies on five distinct collection designs, each measuring approximately two square meters square. The panels used insulated boxes with clear polycarbonate on top to trap heat, and dark absorber surfaces like black painted corrugated steel or dark insect netting pushed air past or through them.


BigBlue 28W Solar Panel Charger with Dual USB-C and USB-A, Portable Solar Phone Charger for Camping…
  • Advanced Performance: BigBlue 28W portable solar charger provides 20% more power from every ray, thanks to shadow-free surface design (No metal lines…
  • Upgraded Triple-Port: Dual USB-C and one USB-A ports deliver a maximum output of 5V/3A each, collectively achieving 5V/4.8A. This solar panel charger…
  • High-Efficiency & IP44 Waterproof: 28W USB solar panel phone charger converts 25.4% sunlight into free energy – industry-leading efficiency. Our…

These tests made it clear that performance varied substantially. The versions with transpired designs (in which air passes through small holes in the absorber) and many layers of black bug net screen functioned remarkably well regardless of sun angle or flow rate. When conditions were good, peak output was around 1400 to 1500 watts of useable heat, with overall collector efficiency ranging from 70 to 80 percent under full sun. This research influenced the design of the new collector for the dryer duty. They built it with a plywood frame, appropriate insulation, a black absorber surface (sheet metal or the better insect net solution), and windows. New fans were placed to double air flow over earlier generations, and they even incorporated some extra instruments like a data logger and temperature probes to get a true picture of how it was working rather than speculating.

Sunlight Air Heating Collector Clothes Dryer
Air enters the collector, gathers up heat from the sun-warmed absorber, and exits at a usable temperature. A duct then transports the air to the dryer. The only item needed on the dryer side was a modified flange that could handle warm air, and a blower fan was removed or repurposed to accomplish the job. The electric heating element was pulled out of the circuit. Temperature control was critical since clothing can easily be scalded if the air is too hot, and efficiency suffers if the air is too cold. Greenhill Forge created a custom controller using an Arduino board to fix this. It simply monitors the temperature of the air entering the dryer and changes the fan speed to keep the air at the appropriate drying temperature without requiring constant adjustment.

Sunlight Air Heating Collector Clothes Dryer
During the test run, the system maintained the heat levels exactly where they needed to be while the drum tumbling the load. 60 minutes later, the clothing were completely dry. The collector did all the hard lifting on the heat side, while the drum motor and controller required only 155 watts in total. This method avoids the losses associated with initially creating power and then converting it back to heat. A solar air collector simply absorbs heat energy and circulates it using a fan. The materials are basic and inexpensive; previous panels cost roughly $100 to construct. The improved version maintained the same down-to-earth approach while ticking boxes to improve durability and output consistency.
[Source]

Advertisement

Source link

Continue Reading

Tech

Xtra Muse at $329 Becomes the 4K Pocket Camera That Finally Makes Sense for Everyday Creators

Published

on

Xtra Muse Pocket Camera Gimbal 2026
Pocket cameras are becoming more popular in purses and everyday carry bags because they solve a real frustration. Phone footage seems OK until you play it back on a bigger screen or try to film while moving. Dedicated rigs give better outcomes, but they necessitate time, preparation, and, in many cases, a second set of hands. The Xtra Muse, priced at $329 (was $449), fills that gap without asking buyers to sacrifice features essential for vlogging and trip filming. It has a one-inch sensor, shoots 4K video at 120 fps, and uses a physical three-axis gimbal to steady shots.



The camera stands about 5 and a half inches tall and weighs between a hundred and 280 grams, depending on the setup. It’s big enough to be more than just a tiny smartphone, but not so huge that it can’t fit in your pocket with your wallet and keys. The box has a rough grip and a tiny threaded handle to prevent it from slipping out of your grasp when you need to hold it firmly. A small 2 inch touchscreen on the side allows you to switch from portrait to landscape mode with a single tap, which is useful if you’ve recorded a clip for YouTube or Instagram Reels and don’t want to worry about any of your clips needing additional cropping. The screen brightness increases to 750 nits, making it much simpler to take photos outside in bright sunshine. To be honest, the build quality is sturdy enough to withstand being flung into a purse or pocket, and it comes with a carrying case and wrist strap to keep it secure while on the go.

Sale


Xtra Muse, Vlogging Camera with 1” CMOS & 4K/120fps Videos, Pocket Camera with 3-Axis Gimbal Stabilizer…
  • Cinematic-Style Footage – Experience the power of Xtra Muse’s 1-inch CMOS sensor, capable of recording breathtaking 4K resolution videos at 120fps…
  • Ultra-Steady Shooting – No more shaky videos! Xtra Muse’s advanced 3-axis gimbal camera stabilizer ensures exceptional smoothness. Enjoy smooth…
  • Effortless Framing – Enjoy Xtra Muse’s expansive 2-inch touch screen, and switch between horizontal and vertical shooting effortlessly.


Behind a fixed f/2.0 lens with a 20mm equivalent focal length is a 1 inch CMOS sensor that gathers far more light than most phones or action cameras, making a significant difference when shooting indoors or at nightfall. You will notice less noise and greater definition in the shadows, as well as more natural-looking colors. The lens also performs a good job of blurring the background, so you can get a clean subject against a chaotic background without changing any settings. If you want to get serious about your stills, the maximum resolution is 9.4 megapixels, which is more than enough for the types of fast social posts or reference images you’d be creating while on the go. The sensor, on the other hand, significantly improves video quality, particularly when combined with the 10-bit X-Log color profile.

Advertisement


The three-axis mechanical gimbal only moves the camera head, not the body. So whether you’re walking, jogging, or scooting around on a bike or skateboard, handheld shots will be rock solid smooth, and because it’s a mechanical system, you shouldn’t see any of the nasty warping or stretching that digital stabilization can cause, so your footage will simply look really solid and stable. Slow-motion options include 4K at 120fps and 1080p at 240fps. When you slow down footage that much, it really hits home exactly how rapid (or otherwise) the action was, and the gimbal still keeps the subject right in frame, even at those super-slow rewind periods.

Xtra Muse Pocket Camera Gimbal 2026
A Master Follow mode makes face and object tracking much easier, essentially keeping a subject in your sights while the camera is mounted on a tripod or in your hands (as long as they are steady). Simply double-tap to lock onto that subject, and the system will take care of framing changes; there is no need to repeatedly pan back and forth. It’s useful if you’re recording yourself giving a lecture to the camera, or if you want to catch a pet or a child on the move without wrestling with the camera.

Xtra Muse Pocket Camera Gimbal 2026
A firmware update added support for Bluetooth mics, so you can simply pair your wireless mic straight via Bluetooth, no need for any extra gear or cables dangling from the handle, and real-time audio meters are available on the touchscreen to keep track of your levels. In terms of battery life, you can expect two to three hours of recording time depending on the resolution and functions you use, which should be sufficient for most people for a day of stop-start shooting, especially if you’re a traveler or vlogger.

Source link

Advertisement
Continue Reading

Tech

Your Face Never Leaves Your Device

Published

on

On-device age verification

Age checks are becoming law worldwide. The question is no longer whether platforms verify age, but what happens to the faces they collect — and whether they need to collect them at all.

By Ricardo Amper, Founder & CEO, Incode Technologies

More than 30 age assurance laws are now in force worldwide. The UK is enforcing the Online Safety Act’s “highly effective” age check requirement, with restrictions on under-16 access to social media planned for spring 2027.

Australia’s under-16 rules took effect in December, and the government has signaled its intent to double maximum fines to $99 million after early waves of non-compliance. Brazil’s Digital ECA became enforceable in March 2026, now half of U.S. states now mandate some form of age verification.

Advertisement

Facial age estimation has emerged as one of the most accessible ways to comply. It needs no government ID and no database lookup, which makes it workable for users of all age groups, including those with no documents to show.

In regulated markets, Incode’s data shows users choose it eight out of ten times over other age assurance methods. But it asks people for one of the things they feel least comfortable sharing: their face. And until now, nearly every implementation has worked the same way — capture the face, send it to a server, run the estimate there.

The problem with server-based age estimation

The record shows why that is a growing liability, especially for vendors relying on third party tech stack. According to the Identity Theft Resource Center’s 2025 Annual Data Breach Report, the U.S. recorded 3,322 data compromises last year — a record high and a 79% increase over five years — while supply-chain breaches doubled over the same period.

The same organization found that 63% of consumers have expressed serious concern over biometric data collection.

Advertisement

Meanwhile, the attacks are scaling faster than the defenses. Across more than 7 billion identity verifications processed on its platform, Incode has tracked the rise of agentic fraud — fraud attempts carried out with the help of AI agents.

In 2024, agentic fraud made up 3% of fraud attempts. By the first quarter of 2026 it had reached 40%, and Incode estimates it will exceed 90% within the next 18 months.

Incode’s facial age estimation and passive liveness models now run entirely on the user’s phone, tablet, or laptop – the face is never transmitted and never stored.

See how platforms can meet age assurance requirements worldwide without the user’s face leaving the user’s device.

Advertisement

See How It Works

Privacy by policy vs. privacy by architecture

The industry’s standard answer has been a privacy policy: a written promise that biometric data will be handled with care and deleted after the check happens.

A policy is a legal document. It is not a security control. It cannot stop a breach, an insider, or a compromised vendor; it can only assign responsibility afterward.

Privacy by architecture is a different proposition: build the system so the sensitive data never becomes accessible in the first place. If a face is never transmitted, it cannot be intercepted.

If it is never stored, it cannot be breached. Users do not have to trust anyone’s word. Privacy stops being a promise and becomes a fact of the architecture.

Advertisement

A $100 million commitment, in two parts

Last month, Incode Technologies, a leader in AI-powered identity verification and fraud prevention, announced a $100 million commitment to advancing privacy-preserving identity infrastructure, alongside its acquisition of Identiq, a company specializing in privacy-enhancing cryptographic solutions for peer-to-peer anti-fraud collaboration.

The funds are directed at on-device processing capabilities, continued R&D in privacy-enhancing technologies, and expanded engineering resources and global footprint.

Two weeks later, the first product was made public. On-Device Age Estimation, launched in July, the first time Incode’s proprietary models run fully on the user’s own device.

Both trace back to architectural decisions made at the company’s founding: verification driven by AI rather than by human access to biometric data, processing pushed to the user’s own device, and fraud collaboration designed to work without exposing data.

Advertisement

Part one: age checks where the face never leaves the device

On-Device Age Estimation runs two of Incode’s models directly inside the user’s phone, tablet, or laptop: facial age estimation and passive liveness detection, which confirms that a real, live person — not a photo, a deepfake, or a replayed clip — is in front of the camera. The face is analyzed locally and is not transmitted or stored.

What travels onward is the outcome: whether the user meets the platform’s required age threshold. If the check cannot be completed for any reason, the user is automatically offered another verification method selected by the platform.

Making that possible meant shrinking the models. Incode compressed both to roughly a tenth of their original size using knowledge distillation — a technique in which a compact model is trained to reproduce the judgments of a much larger, more accurate one.

The resulting models are small enough to run inside an ordinary browser or app, across a wide range of devices, with no special hardware required.

Advertisement

Because the face is analyzed on the user’s own device, there is no technical way for Incode or any client platform to access a biometric or face image. In plain terms: the user proves their age. The face stays on the device.

Why does anything reach a server at all?

An age check that is easy to cheat protects no one. What the device alone cannot fully rule out is tampering with the session itself — an injected camera feed, for example, or a manipulated device. Incode’s server-side layer analyzes session metadata — when and how the session happened, and the characteristics of the device and connection — to detect injection attacks and tampering.

That data contains no facial or biometric information; it exists for fraud detection and session integrity.

Without it, minors could appear as adults and adults as minors, and the result would be worthless for safety and compliance.

Advertisement

Those defenses carry the record of the environments they came from. For more than a decade, Incode’s models have operated in some of the most attacked environments online — banks, fintechs, healthcare, and other high-stakes services where fraudsters bring deepfakes, injection attacks, and replayed video every day.

Incode’s security layer achieves 99% spoof detection across deepfakes, injection attacks, replay attacks, and physical spoofing — the same anti-impersonation standard trusted by eight of the top ten U.S. banks — and has flagged more than 1 million face attacks across Incode’s platform in 2026.

On-Device Age Estimation is the first enterprise-ready offering to combine on-device age estimation with those defenses — a combination the company believes can reset the standard for how platforms verify age worldwide.

Part two: fighting fraud together without pooling the data

The second part of the commitment addresses a different exposure: the way institutions share fraud intelligence. Fraudsters collaborate across institutional boundaries; the institutions defending against them typically work alone, each seeing a fraction of the threat data.

Advertisement

The traditional fix — pooling customer data across institutions — solves one problem by making the other worse. Central data lakes are precisely the kind of target the breach statistics describe.

Identiq spent nearly a decade and invested more than $50 million developing patented privacy-enhancing technology that lets organizations share fraud signals without exposing customer data to any third party.

No central data lakes. No data brokerage.

Integrated into Incode’s platform, that work is projected to reach billions of verifications annually, adding network fraud intelligence to the platform’s capabilities.

Advertisement

“Every institution shared the same concern with us: how do we fight fraud together without giving up control of our customers’ data,” said Itay Levy, Co-Founder and CEO of Identiq.

“Identiq built the answer to that very question. As part of Incode, that answer is now available to every organization that deals with massive amounts of user data.”

The standard is being set now

The pressure comes from both directions: regulation keeps expanding, and users are increasingly demanding more privacy-preserving ways to meet it. Regulators, meanwhile, are actively deciding which age assurance methods count as effective — which makes this the period in which the standard gets set.

Incode’s position going into that period is a matter of record rather than roadmap: a compliance program spanning SOC 2 Type 2, ISO/IEC 27001, HIPAA Attestation of Compliance, FedRAMP Ready, the Age Check Certification Scheme (ACCS), and the Kantara IAL2 Component Services Trust Mark; more than 7 billion trust checks processed; and now a shipping product where the face never leaves the device, alongside fraud collaboration that never pools the data.

Advertisement

“We have always believed that privacy and fraud prevention are not a tradeoff, but part of the same problem — solved together or not at all,” said Ricardo Amper, Founder and CEO of Incode.

“Age checks are becoming law around the world. Our job is to do what we can so that proving your age asks as little of the user as possible.”

Try Incode’s On-Device Age Estimation

See how On-Device Age Estimation lets platforms meet age assurance requirements without the user’s face leaving the user’s device, and book a walkthrough for your team: incode.com/privacy

Sponsored and written by Incode.

Advertisement

Source link

Continue Reading

Tech

7-Zip fixes RCE flaw exploitable with malicious archives

Published

on

7-Zip

7-Zip version 26.02 was released to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files.

The vulnerability, disclosed by Lunbun researcher Landon Peng, exists in 7-Zip’s processing of XZ-compressed data.

According to an advisory from the Zero Day Initiative, specially crafted XZ data can trigger a heap-based buffer overflow, potentially allowing attackers to execute arbitrary code as the user.

image

While the developer has not published technical details about the flaw, the changes in the 26.02 source code suggest it is related to how 7-Zip tracks available space while decompressing XZ data.

The patch adds checks to ensure the decoder cannot write beyond the remaining available space in an output buffer, helping prevent a heap-based buffer overflow.

Advertisement

The advisory states that exploitation requires user interaction, such as visiting a malicious page or opening a malicious archive file.

No automatic update feature

As 7-Zip does not include an automatic update feature, users will not receive the security fix automatically. Instead, they must install it manually by downloading the latest version from the program’s official site, 7-zip.org.

Because 7-Zip is one of the most widely used archive utilities on Windows, security flaws impacting its archive features are an attractive target to threat actors.

A phishing campaign or social engineering attack could be used to distribute a malicious archive that exploits the flaw to install malware on vulnerable systems.

Advertisement

This is not far-fetched, as archive vulnerabilities, including those in 7-Zip, have been exploited in past attacks.

In early 2025, a 7-Zip vulnerability that allowed malware to bypass Windows’ Mark of the Web (MotW) security feature was exploited by Russian hackers as a zero-day.

Later that same year, a Russian hacking group exploited a WinRAR vulnerability tracked as CVE-2025-8088 via phishing attacks to install the RomCom malware.

There are currently no reports that attackers are actively exploiting this newly disclosed 7-Zip vulnerability.

Advertisement

However, users are advised to update to version 26.02 as soon as possible to reduce the risk of future attacks.


article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025