Vanessa May

Optus Service Interruption Affects Emergency Triple Zero Calls Nationwide in Australia

Vanessa May on September 20, 2025

We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Brief Overview

Optus network outage affected emergency Triple Zero calls in South Australia, Northern Territory, and Western Australia.
Around 600 customers were impacted, and three fatalities are associated with the event.
Optus is performing welfare checks and has initiated an investigation.
Optus CEO Stephen Rue has issued an apology for the outage.
Authorities are conducting investigations and a report will be compiled for the State Coroner.
ACCAN advocates for enhanced reliability in emergency calling systems.

Impact of Optus Network Outage on Emergency Services

An unforeseen network outage from Optus has significantly hindered its capacity to handle Triple Zero calls in South Australia, Northern Territory, and Western Australia. The event, which transpired during a network upgrade, affected around 600 customers and has sadly been connected to three deaths. This unfortunate incident emphasizes the essential need for dependable emergency services.

Optus network problem affects emergency calls

Welfare Checks by Optus

In the aftermath of the outage, Optus has commenced welfare checks on households that tried to make calls during the incident. To date, three cases have been reported where individuals tragically lost their lives. These welfare checks are ongoing as Optus seeks to understand the full scope of the impact.

Apology from the CEO and Investigation Commitment

Optus CEO Stephen Rue conveyed sincere regret over the incident, mentioning that the company is conducting an urgent investigation to reveal the truth. Rue offered a sincere apology to the customers affected and expressed condolences to the families who suffered losses, characterizing the event as utterly unacceptable.

Investigations by Authorities

Authorities, including SA Police, are carrying out their own investigations into the incident. A report is anticipated to be compiled for the State Coroner to determine the circumstances surrounding the fatalities in South Australia due to the outage.

Repeated Failures and Consequences

This incident represents the latest in a succession of failures by telecommunications companies in Australia regarding the handling of emergency calls. Previously, Optus and its subsidiaries encountered a $12 million fine for similar issues, while Telstra was penalized with a $3 million fine for a Triple Zero outage. Customers of TPG Telecom also experienced temporary disconnections during a network decommissioning.

ACCAN’s Call for Improvement

The Australian Communications Consumer Action Network (ACCAN) has labeled the situation a tragedy, underscoring the vital necessity for dependable emergency services access. ACCAN CEO Carol Bennett expressed dismay over recurring failures, advocating for enhancements to ensure that Australians can rely on their calls to Triple Zero to connect reliably.

Conclusion

The Optus network incident highlights the crucial requirement for consistent emergency service connectivity, with tragic repercussions stemming from the outage. Both Optus and the relevant authorities are actively probing the situation, while consumer advocates are pushing for better safeguards to avert future occurrences.

Q: What triggered the Optus outage?

A: The outage was caused by a network failure during an upgrade, affecting the ability to make emergency calls.

Q: How many customers experienced the impact?

A: Approximately 600 customers in South Australia, Northern Territory, and Western Australia faced difficulties connecting to Triple Zero services.

Q: What steps is Optus taking in response?

A: Optus is performing welfare checks on the impacted households and has started an investigation into the occurrence.

Q: Has a similar incident occurred previously?

A: Yes, there have been prior incidents where Optus and other telcos failed to connect emergency calls, leading to penalties.

Q: What actions are the authorities taking?

A: SA Police and other relevant authorities are conducting investigations and will prepare a report for the State Coroner.

Q: What has been ACCAN’s response to the incident?

A: ACCAN has referred to the incident as a tragedy and emphasized the necessity for reliable emergency service access.

Q: What penalties have been previously imposed on telcos for similar incidents?

A: Optus has been fined $12 million, and Telstra was fined $3 million for failures related to Triple Zero calls.

Actor Authentication Tokens Provided Worldwide Admin Access Throughout Azure Entra ID Tenants

Vanessa May on September 19, 2025

Severe Azure Entra ID Flaw Uncovered

Brief Overview

A severe flaw in Microsoft Entra ID was uncovered, impacting global admin access throughout Azure tenants.
The issue related to the handling of legacy authentication tokens and was resolved by Microsoft.
Actor tokens enabled cross-tenant access, circumventing security protocols like Conditional Access.
The outdated Azure AD Graph API’s interface lacked adequate validation and logging for audits.
This vulnerability could spread across organizations due to Azure B2B guest accounts.

Unveiling a Severe Vulnerability

A researcher from the Netherlands, Dirk-jan Mollema, disclosed a serious flaw in Microsoft Entra ID, potentially granting attackers the ability to compromise global admin access across all Azure tenants globally. This discovery represents a pivotal moment in cybersecurity, emphasizing the threats related to legacy authentication token handling.

Grasping the Vulnerability

The vulnerability, identified by Mollema in July 2023, consisted of undocumented impersonation tokens and a defect in the Azure Active Directory Graph API. These tokens, essential for communication among backend services, evaded security protocols like Conditional Access, leading to possible exploitation.

Azure Entra ID flaw with global admin access

Effects on Global Admins and Organizations

This flaw allowed attackers to authenticate as any user, including Global Admins, across various tenants. Such superuser accounts are vital for managing Entra ID tenants, and their compromise could result in severe security breaches, including the establishment of new identities and permissions.

The outdated Azure AD Graph API lacked thorough audit logging, complicating administrators’ efforts to identify suspicious activities. This vulnerability broadened access to Microsoft 365 and Azure, creating further security risks.

Risk of Propagation and Organizational Trust

The potential for widespread propagation of the vulnerability was concerning. Organizations employing Azure business-to-business guest accounts could inadvertently enable cross-tenant attacks, as attackers could mimic guest users in their native tenants.

“The information necessary to compromise most tenants worldwide could have been collected in a matter of minutes using a single Actor token,” Mollema remarked.

Conclusion

The identification of this critical vulnerability highlights the necessity for strong security protocols and frequent audits of legacy systems. Although Microsoft has rectified the problem, this event serves as a clear reminder of the constantly changing landscape of cybersecurity threats.

Questions & Answers

Q: What was the main problem with the vulnerability?

A: The issue arose from flaws in handling legacy authentication tokens, permitting cross-tenant access without appropriate validation.

Q: How did Microsoft address the vulnerability?

A: Microsoft implemented a patch to rectify the vulnerability, resolving issues related to legacy tokens and the Azure AD Graph API to avert further exploitation.

Q: What dangers did the vulnerability pose to organizations?

A: It posed threats of unauthorized access to global admin accounts, potential data breaches, and the risk of undermining organizational trust relationships.

Q: What steps can organizations take to safeguard against similar vulnerabilities in the future?

A: Organizations should consistently update their systems, perform security audits, and reduce reliance on legacy interfaces to lessen vulnerability exposure.

“Initial npm Worm ‘Shai-Hulud’ Creates Havoc in Supply Chain Assault”

Vanessa May on September 18, 2025

Inaugural npm Worm ‘Shai-Hulud’ Creates Havoc in Supply Chain Attack

Brief Overview

The first npm worm termed ‘Shai-Hulud’ targets the JavaScript package registry.
The worm is capable of self-replication and retrieves sensitive information using the TruffleHog utility.
Approximately 180 npm packages have been reported as compromised during the assault.
Companies such as Crowdstrike and others quickly intervened to address the threat.
Developers are encouraged to inspect for suspicious repositories and change their secrets.
npm and GitHub, both under Microsoft, are collaborating to eliminate the malware.

The inaugural npm worm "Shai-Hulud" launched during a supply chain assault

Comprehending the Attack

A recent assault on npm, the node package manager, has introduced the first malware exhibiting self-replicating worm characteristics within the JavaScript software registry. Dubbed ‘Shai-Hulud’, this harmful software has caused considerable disruption by siphoning secrets, environment variables, and cloud keys via the open-source TruffleHog tool. A public repository named Shai-Hulud has been established to archive these pilfered secrets.

Technical Specifications of Shai-Hulud

The malware attains persistence through the injection of a GitHub Actions workflow file identified as github/workflows/shai-hulud-workflow.yml, employing a base64-encoded bash script. This enables the malware to transmit repository secrets to a command-and-control (C2) server, enhancing its utility for cybercriminals.

Consequences and Reaction

Security agencies have indicated that the malicious update impacted the @ctrl/tinycolor package, which records 2.2 million downloads weekly. Overall, the attack compromised nearly 180 packages, affecting various maintainers. Crowdstrike and other security providers have acted swiftly to purge the compromised packages and rotate keys in public registries, safeguarding customer interests.

Links to Prior Attacks

Researchers have associated this initiative with the recent s1ngularity attack against nx npm packages, which also entailed credential exfiltration. This points to a more extensive trend of supply chain assaults targeting npm and connected ecosystems. npm and GitHub, owned by Microsoft, are diligently working to eradicate the malware and fortify the platform’s security.

The Etymology of ‘Shai-Hulud’

The term ‘Shai-Hulud’ finds its origins in Frank Herbert’s science fiction realm Dune, where it denotes the colossal sandworms indigenous to the desert planet Arrakis. This literary nod hints at a deliberate design behind the worm, possibly reflecting the attackers’ sophistication and strategic planning.

Conclusion

The rise of the ‘Shai-Hulud’ worm signifies a new era in supply chain attacks on npm. With its self-replicating abilities and threat to sensitive data exfiltration, it presents a considerable danger to developers and organizations that depend on the JavaScript software registry. Proactive interventions by security firms and platform operators are essential in mitigating these risks and safeguarding the ecosystem.

Q: What is the ‘Shai-Hulud’ worm?

A: ‘Shai-Hulud’ is the inaugural self-replicating worm within the npm ecosystem targeting the JavaScript software registry for sensitive data exfiltration.

Q: How does the worm function?

A: It achieves persistence through a GitHub Actions workflow file and utilizes a base64-encoded bash script to extract secrets to a command-and-control server.

Q: How many packages were impacted by the assault?

A: About 180 npm packages experienced compromise, affecting various maintainers along with popular packages such as @ctrl/tinycolor.

Q: What measures are being undertaken to counter the threat?

A: Security vendors, including Crowdstrike, have eliminated compromised packages and rotated keys. Microsoft-owned npm and GitHub are working on removing the malware from their platform.

Q: What steps should developers take to ensure their safety?

A: Developers are urged to examine for any suspicious repositories named Shai-Hulud and rotate any compromised secrets.

Q: Is this attack connected to previous occurrences?

A: Indeed, it has been associated with the s1ngularity attack on nx npm packages, indicating a trend in supply chain assaults.

Q: What is the significance behind the name ‘Shai-Hulud’?

A: The name originates from the Dune universe, potentially implying the intent and complexity of the attackers.

Spotify’s Free Tier Redesigned: Improved Control, Personalization, and Exciting Updates

Vanessa May on September 17, 2025

Quick Overview

Spotify upgrades its free tier with new features for enhanced control and customization.
Users can now search, play, and share any song immediately without needing a Premium account.
Customized playlist covers and daylist functions bring character and mood-driven music curation.
Discover Weekly and Release Radar playlists are now accessible to free-tier users.
Real-time lyrics feature boosts music interaction by enabling sharing on social networks.
Updates are available in Australia at no additional cost.

Improved Control and Customization

Spotify has launched a worldwide update to its free tier, simplifying music discovery and enjoyment through improved control and customization choices. This update introduces various features that were once exclusive to Premium users, closing the divide between free and paid experiences.

Easy Search & Play

With the latest update, free-tier users can quickly search and play tracks instantly, creating a more fluid experience. Whether it’s a trending song or a friend’s suggestion, enjoy listening without limitations.

Share & Enjoy with Friends

Spotify now enables users to simply click and listen to tracks shared by friends or posted by artists on social media, keeping them connected with the newest releases and suggestions.

Playlists: A Personalized Musical Experience

Creating and Curating Playlists

Forming playlists is more straightforward than ever, with Spotify’s algorithm recommending songs that fit your mood. This assists users in effortlessly uncovering new artists and genres.

Personalized Playlist Covers

Users can now customize their playlists with unique cover art directly within the Spotify mobile app, making their music library more distinctive and personal.

Daylist Feature

The daylist feature creates playlists tailored to your listening patterns throughout the day, offering mood-specific music that can be stored for later enjoyment.

Exploring New Music

Discover Weekly and Release Radar

Spotify’s Discover Weekly and Release Radar playlists are now available for free users, offering tailored suggestions and the latest tracks from followed artists.

Real-Time Lyrics

The lyrics feature allows users to view real-time lyrics, augmenting the listening experience and enabling them to share their favorite lines on social media channels.

Importance for Australian Users

These updates are accessible without any changes to pricing, making Spotify’s free tier an appealing choice for music lovers in Australia. Users can enjoy enhanced features simply by updating their Spotify app.

Spotify continues to dedicate resources to making its platform a lively space for music fans and creators, ensuring a rich auditory experience for all users.

Conclusion

The new updates to Spotify’s free tier provide a more engaging and personalized experience for users in Australia. With features like immediate track play, custom playlists, and real-time lyrics, Spotify enhances music exploration and enjoyment without extra costs.

Q: What new features are part of Spotify’s free tier update?

A: The update includes immediate track play, custom playlist covers, daylists, Discover Weekly, Release Radar, and the ability to share real-time lyrics.

Q: How does the daylist feature function?

A: The daylist feature curates playlists that adapt according to your listening habits and mood throughout the day, providing tailored musical selections.

Q: Are free users entitled to personalized recommendations?

A: Yes, free users can utilize Discover Weekly and Release Radar playlists, which offer personalized music suggestions and new releases.

Q: How can users make their playlists unique?

A: Users can make playlists unique by adding custom cover art using Spotify’s mobile app.

Q: Are there any extra fees for these new features?

A: No, these features are available free of additional costs for users on the free tier in Australia.

Q: How do I access real-time lyrics?

A: Access real-time lyrics by swiping up in the Now Playing View, which allows users to share lyrics on social media.

Q: Will these updates require a new version of the app?

A: Yes, users should ensure their Spotify app is updated to the latest version to make use of these features.

Q: Where can I find additional information regarding Spotify’s updates?

A: More details are available on Spotify’s website.

Penske, proprietor of Rolling Stone and Billboard, files lawsuit against Google regarding AI-generated content summaries.

Vanessa May on September 16, 2025

Brief Overview

Penske Media, which owns Rolling Stone, Billboard, and Variety, has filed a lawsuit against Google.
The legal action disputes Google’s employment of AI-generated summaries derived from publishers’ materials.
Penske asserts that Google’s AI Overviews lead to decreased site traffic and income.
Google argues that its AI functionalities improve user engagement and content exploration.
This lawsuit underscores the persistent friction between publishers and tech behemoths regarding AI application.

Details of the Lawsuit

Penske Media files lawsuit against Google over AI content use

Penske Media, a well-known family-operated media enterprise, has commenced legal action against Google. The lawsuit, filed in Washington, D.C., asserts that Google’s AI-generated summaries draw on publishers’ content without authorization, consequently diminishing traffic to their websites.

Consequences of Google’s AI Overviews

The “AI Overviews” feature from Google, prominently placed at the top of search result pages, has faced criticism from news organizations for redirecting traffic and impacting advertising and subscription income. Penske contends that Google’s preeminence in the search sector permits it to enforce these terms on publishers.

Google’s Defense Against the Claims

In its defense, Google maintains that AI Overviews enhance user experience by allowing greater content access. The corporation asserts that these features offer more pathways for discovering content instead of hindering it.

Industry Feedback and Antitrust Ruling

Despite some dissatisfaction from publishers, a recent court decision ruled in favor of Google regarding antitrust matters concerning its Chrome browser. The News/Media Alliance, representing various publishers, conveyed its discontent, claiming that Google’s market leverage enables it to circumvent fair practices.

Comparison with Other AI Licensing Practices

While entities like OpenAI have entered into licensing agreements with leading publications, Google has been more hesitant to embrace such measures. This has intensified discussions surrounding equitable use and remuneration in the AI domain.

Conclusion

The lawsuit initiated by Penske Media against Google highlights the increasing discord between media organizations and tech firms concerning AI implementation. As AI innovations progress, the equilibrium between advancement and the rights of content creators remains a contentious topic.

Q: What primary concern does Penske Media have with Google?

A: Penske Media claims that Google’s AI-generated summaries utilize its content without permission, leading to a decline in website traffic and revenue.

Q: How does Google defend its AI Overviews?

A: Google contends that AI Overviews enhance user experience and create more opportunities for discovering content.

Q: What recent legal decision impacted Google’s business?

A: A judge ruled that Google is not required to divest its Chrome browser, a ruling related to antitrust issues.

Q: How are other companies dealing with AI content usage?

A: Several companies, such as OpenAI, have established licensing agreements with publishers, a practice that Google has not extensively pursued.

Security Company Strikes Jackpot as Cybercriminals Self-Monitor

Vanessa May on September 13, 2025

Quick Read

Huntress acquired valuable information from a cybercriminal who had implemented their endpoint security software.
The security operations center (SOC) compiled data on the cybercriminal’s equipment and techniques in just 84 minutes.
Essential data was retrieved from browsing history, process activities, and malware files.
Multiple harmful toolkits, including Evilginx, were recognized.
Ethical factors were weighed in disseminating results to the community.

Cybersecurity Milestone: How Huntress Discovered a Cybercriminal’s Activities

Security firm strikes telemetry jackpot as cybercrim self-monitors

Unintentional Insights from a Cybercriminal

By having an active cybercriminal install Huntress’ endpoint security solution, the security provider was granted a unique chance. Within 84 minutes, Huntress’ SOC gathered crucial insights regarding the cybercriminal’s operations, including their tools and workflows.

The Power of Telemetry

The gathered data mainly came from the cybercriminal’s browsing history, but also encompassed process activities, device information, Windows event logs, and malware files. This thorough data stream permitted Huntress to comprehend the malicious actor’s strategies.

Identified Malicious Toolkits

Huntress detected various toolkits on the offender’s device, such as the Evilginx attack framework. These instruments were employed for reconnaissance, data exfiltration, and social engineering. Furthermore, the cybercriminal endeavored to mask their activities using residential proxy services.

Ethical Considerations in Sharing Findings

As they disseminated their findings, Huntress confronted ethical considerations. The organization sought to balance privacy responsibilities with the necessity to deliver actionable information to the cybersecurity sector. Their insights were shared to enhance defensive strategies against comparable threats.

Summary

Huntress’ unpredicted engagement with a cybercriminal yielded insightful revelations into the techniques and tools utilized in cyberattacks. The comprehensive telemetry data collected aided in uncovering the extensive operations of the threat actor, furnishing the cybersecurity community with knowledge to fortify defense tactics.

Q: How did Huntress gain access to the cybercriminal’s data?

A: The cybercriminal unknowingly implemented Huntress’ endpoint protection agent, enabling the security team to supervise activities on the device.

Q: What types of information were collected?

A: Collected information encompassed browsing history, process executions, machine attributes, Windows event logs, and malware files.

Q: What were the ethical challenges Huntress faced?

A: Huntress had to consider privacy obligations while sharing information that could assist in defending against similar threats.

Q: What was the purpose of sharing Huntress’ findings?

A: Through sharing insights, Huntress intended to enrich the wider community’s understanding of cybercriminal strategies and enhance security measures.

ALDI Introduces Cost-Effective Solar and Battery Solutions, Enhancing Access to Renewable Energy

Vanessa May on September 11, 2025

ALDI’s Solar Initiative: Advancing Affordable Green Energy

Quick Overview

ALDI Australia is enhancing its solar initiative by offering budget-friendly solar and battery solutions.
Collaboration with Tempo facilitates access to these solutions for residents along the eastern coastline.
Two primary options presented: A$6,999 for a 10kWh battery and A$8,499 for a 20kWh battery.
Included features are high-quality parts, blackout security, and a convenient mobile application.
Installations are set to begin in November 2025.

ALDI offers affordable solar and battery options, improving access to renewable energy in Australia.

ALDI’s Solar Goals for Australia

ALDI Australia is making significant strides in the renewable energy landscape by broadening its ALDI Solar initiative. This program, a partnership with the well-known Tempo, seeks to enhance the availability of solar energy for Australians living on the eastern coastline. The initiative provides streamlined solar and battery solutions that reflect ALDI’s dedication to providing remarkable value beyond its grocery offerings.

Offered Solutions

The ALDI Solar initiative presents two thorough packages designed to meet varying household energy requirements. The A$6,999 option includes a 6.6kW solar panel system, a 5.5kW hybrid inverter, and a 10kWh battery. For those in need of increased energy storage, the A$8,499 option offers the same solar system and inverter but upgrades the battery capacity to 20kWh.

Essential Features of ALDI Solar Packages

High-Quality Components

Each package includes premium components, such as N-type TOPCon solar panels and Lithium Iron Phosphate batteries, ensuring durability and effectiveness.

Emergency Backup

During a power failure, the emergency power circuit of the systems keeps vital appliances functional, providing reassurance to homeowners.

Setup and Monitoring

A detailed online platform aids customers in monitoring their installation journey. Moreover, the ALDI Solar app grants real-time information on energy production, usage, and battery health.

Quality Assurance and Guarantee

ALDI provides long-term assurance with a 10-year warranty for both the battery and inverter. The solar panels also come with a 25-year performance guarantee, demonstrating ALDI’s confidence in its products.

Conclusion

ALDI’s venture into solar energy solutions marks a crucial development for renewable energy accessibility in Australia. By providing affordable, top-quality solar packages, ALDI is assisting Australians in reducing their energy expenses while positively impacting the environment. With installations scheduled to start in November 2025, the initiative is set to make a meaningful difference.

Questions & Answers

Q: Who is collaborating with ALDI for the solar initiative?

A: ALDI has teamed up with Tempo, a well-established Australian-owned firm, to realize their solar solutions.

Q: What distinguishes the two solar packages?

A: The key difference is the battery capacity; the A$6,999 package comes with a 10kWh battery, whereas the A$8,499 package features a 20kWh battery.

Q: Are these solar packages accessible nationwide?

A: At present, the packages are available in select postcodes throughout Sydney, Newcastle, Wollongong, Melbourne, Brisbane, the Gold Coast, the Sunshine Coast, and the ACT.

Q: How can customers keep track of their solar system’s performance?

A: Customers can utilize the ALDI Solar app to receive live updates on energy production, consumption, and battery health.

Q: What type of warranty accompanies the solar packages?

A: The initiative includes a 10-year warranty for the battery and inverter, along with a 25-year performance guarantee on the solar panels.

Apple’s Elegant iPhone Air Might Be a Design Success

Vanessa May on September 11, 2025

Apple Reveals Its Sleekest iPhone Ever: The iPhone Air

Quick Overview

Apple debuts the iPhone Air, its sleekest device to date.
The iPhone Air boasts a 5.6-mm thickness and promises “all-day battery life”.
The updated iPhone range comprises Air, 17, 17 Pro, and 17 Pro Max.
Market responses are mixed due to worries over AI progress and pricing concerns.
The iPhone Air is equipped with the A19 Pro chip and new bespoke communication components.
Even though it’s entering the AI field later than others, Apple aims to impress with innovative design and capabilities.

Apple’s Newest Breakthrough: The iPhone Air

Apple CEO Tim Cook embodied the vision of Steve Jobs as he presented the iPhone Air, representing the most significant update in Apple’s offerings over the last eight years. The announcement, made at Apple’s Cupertino headquarters, underscored the company’s dedication to design and usability.

Slim iPhone Air could represent a design success for Apple

Design and Specifications

The iPhone Air’s aesthetics reflect Apple’s ongoing commitment to innovation. With its slender 5.6-mm body, it surpasses Samsung’s S25 Edge in thinness. The new layout accommodates components the size of postage stamps, reinforcing Apple’s assertion of “all-day battery life”.

Varied Market Responses

While many were fascinated by the iPhone Air’s design and technological upgrades, reactions in the market varied. Apprehensions regarding AI features and price stability amid tariffs have made some investors cautious. Nevertheless, the rollout of the A19 Pro chip and specialized chips for AI applications may narrow the gap in AI capabilities.

Consumer and Expert Views

Consumers and technology fans reacted positively, with the Air’s titanium casing and ceramic shield glass receiving commendations. Gaurav Chaudhary, a leading tech YouTuber, remarked on the excitement during the unveiling. Analysts predict that the iPhone Air’s distinctive features will inspire upgrades and boost sales during the holiday season.

Conclusion

The iPhone Air has established a new benchmark for Apple’s design and innovation. In spite of some market hesitancy, the device’s advanced functionalities and stylish design are expected to draw a broad range of consumers. Apple maintains a vital presence in the tech sector, with its most recent release reinforcing its reputation for quality and design superiority.

Q: What stands out as the most significant feature of the iPhone Air?

A: The most significant feature is its sleek profile, measuring only 5.6 mm, which makes it the thinnest iPhone ever.

Q: How does the battery life of the iPhone Air compare?

A: Apple asserts that the iPhone Air delivers “all-day battery life”, owing to its compact yet efficient circuitry.

Q: What primary worries exist concerning the iPhone Air?

A: Concerns revolve around Apple’s delay in AI development and possible pricing challenges resulting from tariffs.

Q: Where does the iPhone Air stand within Apple’s general product lineup?

A: The iPhone Air is situated in the middle of the lineup, balancing cost-effectiveness with advanced features.

Q: How did the tech community respond to the iPhone Air?

A: The tech community, including analysts and YouTubers, applauded its design and capabilities, though some raised concerns regarding its single-camera configuration.

Q: Is eSIM technology available on the iPhone Air?

A: Yes, it includes eSIM technology, although its implementation may differ by region due to regulatory limitations.

Grant Thornton Optimizes 60TB of Microsoft 365 Data with Veeam

Vanessa May on September 10, 2025

Grant Thornton Australia Boosts Data Resilience with Veeam

Quick Overview

In the past year, Grant Thornton Australia has merged 60TB of data using Veeam.
This initiative aims to improve data resilience and tackle cyber threats.
Implementation includes Microsoft 365, Salesforce CRM, and Azure-based Veeam Data Cloud Vault.
Emphasis on minimizing hardware usage and enhancing ransomware defenses.
Plans ahead involve integrating artificial intelligence technologies.

Boosting Data Resilience

During the Gartner Symposium 2025 on the Gold Coast, Mark Holmes, head of IT operations at Grant Thornton Australia, revealed the company’s strategic transition to Veeam’s Data Cloud. Over the last year, Grant Thornton has optimized its backup and disaster recovery operations, consolidating 60 terabytes of data, aiming to strengthen data resilience against escalating cyber threats.

Grant Thornton merges 60TB of Microsoft 365 data with Veeam

Strategic Goals

Holmes, who joined the organization a year prior, underscored the significance of data resilience and ransomware protection. The IT department, which supports 1,700 staff and oversees 3,500 mailboxes, originally launched Veeam Data Cloud for Microsoft 365. Within six months, they successfully backed up 60 terabytes of data, a figure anticipated to increase.

Expanding Backup Scope

In addition to Microsoft 365, the team broadened backup coverage to encompass Grant Thornton’s Salesforce CRM and the Microsoft identity and access management stack, Entra. More than 15,000 identity objects have been secured, further protecting the organization’s digital assets.

Cloud Strategy and Ransomware Defense

Aligned with Grant Thornton’s IT strategy to lessen hardware reliance, the firm committed to Veeam’s Azure-based cloud storage solution, Data Cloud Vault. This plan offers robust ransomware defense, ensuring that systems are recoverable in disaster situations.

Future Aspirations: Welcoming AI

Grant Thornton’s investment in backup technology paves the way for embracing artificial intelligence technologies, especially agentic AI. Holmes aims to maintain a strong Microsoft 365 environment as the firm readies itself for future technological advancements.

Conclusion

Grant Thornton Australia has markedly enhanced its data management capabilities by merging 60TB of data using Veeam solutions. The company’s strategic emphasis on cloud-based backup, ransomware protection, and prospective AI integration highlights its dedication to data resilience and innovation.

Q&A

Q: Why did Grant Thornton Australia select Veeam?

A: Veeam was selected for its strong backup and disaster recovery features, which enhance data resilience and provide effective ransomware protection.

Q: Which systems are included in this backup strategy?

A: The strategy includes Microsoft 365, Salesforce CRM, and the Microsoft identity and access management stack, Entra.

Q: How does the cloud strategy benefit Grant Thornton?

A: The cloud strategy diminishes hardware dependence, provides scalable storage options, and improves defenses against cyber threats.

Q: What are Grant Thornton’s future technological objectives?

A: The firm intends to integrate artificial intelligence technologies, focusing on agentic AI to enhance operational efficiencies.

Extensive npm Supply Chain Compromise Disclosed in Complex Phishing Scheme

Vanessa May on September 9, 2025

Quick Overview

A major phishing scheme on npm has jeopardized JavaScript packages with 2.7 billion downloads every week.
The fraudulent emails appeared to come from “support@npmjs.help,” tricking developers into updating their 2FA credentials.
Security firm Aikido discovered that the harmful code could capture cryptocurrency and web3 transactions in web browsers.
This breach follows a similar incident involving the Nx package in August, revealing thousands of corporate secrets.

Phishing Attack Affects npm Developers

Recently, a complex phishing attack has focused on npm developers, marking one of the largest compromises in the supply chain to date. This attack featured deceptive emails that appeared to be sent by “support@npmjs.help,” prompting developers to refresh their two-factor authentication credentials. Tragically, one developer, Josh “qix” Junon, was deceived by this scheme, leading to the compromise of at least 18 well-known npm packages, which are downloaded approximately 2.7 billion times each week.

Phishing attack results in vast npm supply chain breach

Example of npmjs.help phishing message

Marsup

Consequences of the Malicious Code

Security provider Aikido examined the malicious code and disclosed that it could function on a website’s client, covertly seizing crypto and web3 actions within browsers. The code alters wallet interactions and rewrites payment destinations, channeling funds and authorizations to accounts controlled by the attacker without any noticeable indications for the user. Although clean-up measures are in place, other developers continue to be vulnerable to attacks from the perpetrator.

Prior Attacks and Continuing Risks

This event comes in the wake of an attack on the Nx package in late August, known as “s1ngularity,” which took advantage of a flawed workflow to inject executable code into pull request titles. The npm security vendor Socket stated that artificial intelligence command line tools were exploited for local file system scans during this attack, resulting in the leakage and public disclosure of thousands of corporate secrets from over 1700 users on GitHub.

Conclusion

The npm supply chain breach highlights the necessity for developers to stay alert against phishing schemes and various cybersecurity threats. This event, along with earlier breaches, underscores the fragility of widely-used software tools and the potential for malicious individuals to misuse them for significant advantages.

Questions & Answers

Q: What exactly is npm?

A: npm refers to Node Package Manager, a repository that consists of over 2 million reusable code items utilized in JavaScript development.

Q: How did the phishing attack happen?

A: Developers received phishing emails from “support@npmjs.help” crafted to appear legitimate, requesting them to refresh their two-factor authentication credentials.

Q: What was the primary effect of the breach?

A: The breach led to the compromise of at least 18 popular npm packages, impacting approximately 2.7 billion weekly downloads.

Q: What is the functionality of the malicious code?

A: The code seizes crypto and web3 activities, modifies wallet interactions, and reroutes funds to accounts controlled by the attacker without user knowledge.

Q: Are developers still facing risks?

A: Yes, despite cleanup actions, other developers might still be targeted by the unidentified threat actor.

Q: What was the s1ngularity attack?

A: The s1ngularity attack involved exploiting a vulnerable process in the Nx package, resulting in the exposure of thousands of corporate secrets on GitHub.