Error message

  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /home/cay45lq1/public_html/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /home/cay45lq1/public_html/includes/menu.inc).

Technology

New forum topics

Lions vs. Bears Livestream: How to Watch NFL Week 16 Today

CNET News - 8 hours 57 min ago
Want to watch Detroit play Chicago? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.
Categories: Technology

Eagles vs. Commanders Livestream: How to Watch NFL Week 16 Today

CNET News - 8 hours 57 min ago
Want to watch Philadelphia play Washington? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.
Categories: Technology

Browns vs. Bengals: How to Watch NFL Week 16 Today

CNET News - 8 hours 57 min ago
Cincinnati look to keep alive their fading playoff hopes.
Categories: Technology

Rams vs. Jets: How to Watch NFL Week 16 Today

CNET News - 8 hours 57 min ago
Los Angeles look to make it four wins in a row as they head to MetLife Stadium.
Categories: Technology

Add These 10 Quality Sci-Fi Movies to Your Prime Video Watch List

CNET News - 8 hours 57 min ago
Prime Video has the sci-fi entertainment you've been looking for.
Categories: Technology

Best VPN for Chromebooks

CNET News - 9 hours 5 min ago
Chromebook VPNs add an extra layer of privacy while browsing the web or unblocking streaming content.
Categories: Technology

Open source machine learning systems are highly vulnerable to security threats

TechRadar News - 9 hours 28 min ago
  • MLflow identified as most vulnerable open-source ML platform
  • Directory traversal flaws allow unauthorized file access in Weave
  • ZenML Cloud's access control issues enable privilege escalation risks

Recent analysis of the security landscape of machine learning (ML) frameworks has revealed ML software is subject to more security vulnerabilities than more mature categories like DevOps or Web servers.

The growing adoption of machine learning across industries highlights the critical need to secure ML systems, as vulnerabilities can lead to unauthorized access, data breaches, and compromised operations.

The report from JFrog claims ML projects such as MLflow have seen an increase in critical vulnerabilities. Over the last few months, JFrog has uncovered 22 vulnerabilities across 15 open source ML projects. Among these vulnerabilities, two categories stand out: threats targeting server-side components and risks of privilege escalation within ML frameworks.

Critical vulnerabilities in ML frameworks

The vulnerabilities identified by JFrog affect key components often used in ML workflows, which could allow attackers to exploit tools which are often trusted by ML practitioners for their flexibility, to gain unauthorized access to sensitive files or to elevate privileges within ML environments.

One of the highlighted vulnerabilities involves Weave, a popular toolkit from Weights & Biases (W&B), which aids in tracking and visualizing ML model metrics. The WANDB Weave Directory Traversal vulnerability (CVE-2024-7340) enables low-privileged users to access arbitrary files across the filesystem.

This flaw arises due to improper input validation when handling file paths, potentially allowing attackers to view sensitive files that could include admin API keys or other privileged information. Such a breach could lead to privilege escalation, giving attackers unauthorized access to resources and compromising the security of the entire ML pipeline.

ZenML, an MLOps pipeline management tool, is also affected by a critical vulnerability that compromises its access control systems. This flaw allows attackers with minimal access privileges to elevate their permissions within ZenML Cloud, a managed deployment of ZenML, thereby accessing restricted information, including confidential secrets or model files.

The access control issue in ZenML exposes the system to significant risks, as escalated privileges could enable an attacker to manipulate ML pipelines, tamper with model data, or access sensitive operational data, potentially impacting production environments reliant on these pipelines.

Another serious vulnerability, known as the Deep Lake Command Injection (CVE-2024-6507), was found in the Deep Lake database - a data storage solution optimized for AI applications. This vulnerability permits attackers to execute arbitrary commands by exploiting how Deep Lake handles external dataset imports.

Due to improper command sanitization, an attacker could potentially achieve remote code execution, compromising the security of both the database and any connected applications.

A notable vulnerability was also found in Vanna AI, a tool designed for natural language SQL query generation and visualization. The Vanna.AI Prompt Injection (CVE-2024-5565) allows attackers to inject malicious code into SQL prompts, which the tool subsequently processes. This vulnerability, which could lead to remote code execution, allows malicious actors to target Vanna AI’s SQL-to-graph visualization feature to manipulate visualizations, execute SQL injections, or exfiltrate data.

Mage.AI, an MLOps tool for managing data pipelines, has been found to have multiple vulnerabilities, including unauthorized shell access, arbitrary file leaks, and weak path traversal checks.

These issues allow attackers to gain control over data pipelines, expose sensitive configurations, or even execute malicious commands. The combination of these vulnerabilities presents a high risk of privilege escalation and data integrity breaches, compromising the security and stability of ML pipelines.

By gaining admin access to ML databases or registries, attackers can embed malicious code in models, leading to backdoors that activate upon model load. This can compromise downstream processes as the models are utilized by various teams and CI/CD pipelines. The attackers can also exfiltrate sensitive data or conduct model poisoning attacks to degrade model performance or manipulate outputs.

JFrog’s findings highlight an operational gap in MLOps security. Many organizations lack robust integration of AI/ML security practices with broader cybersecurity strategies, leaving potential blind spots. As ML and AI continue to drive significant industry advancements, safeguarding the frameworks, datasets, and models that fuel these innovations becomes paramount.

You might also like
Categories: Technology

Best Internet Providers in New Mexico

CNET News - 9 hours 28 min ago
While you won't easily get access to fiber internet in New Mexico, there are several other options to choose from.
Categories: Technology

Best Mattresses For Back Pain in 2024

CNET News - 10 hours 16 min ago
Our sleep experts have put decades of experience to the test and found the best mattresses to address back pain.
Categories: Technology

L’Oreal Professionnel AirLight Pro Review: Faster, Lighter, and Repairable

WIRED Top Stories - 10 hours 25 min ago
L'Oréal's first professional hair dryer combines infrared light, wind, and heat to drastically reduce your drying time.
Categories: Technology

Premier League Soccer: Livestream Tottenham vs. Liverpool From Anywhere

CNET News - 10 hours 27 min ago
Liverpool look to get back to winning ways as they travel to north London.
Categories: Technology

7 Ways to Ditch Food Guilt During Holiday Meals and Embrace Joy

CNET News - 10 hours 27 min ago
If you feel guilty eating your favorite foods, here's how to enjoy them without the guilt.
Categories: Technology

Leaders pushing for AI investment are gaining competitive advantages

TechRadar News - 10 hours 29 min ago
  • AI investment drives competitive advantage and innovation, report claims
  • Dedicated AI leadership accelerates organizational efficiency
  • Business executives see AI as a long-term asset

AI is reshaping the business landscape, and companies committed to AI investment are likely to reap sustained rewards, new research has claimed.

A report from Unisys reveals as businesses establish structured AI strategies, backed by leadership and a long-term vision, they strengthen their position in an increasingly competitive environment.

AI is expected to be a permanent component of several companies’ strategic roadmap as 93% of executives favor the use of AI to stay ahead of the competition.

Time savings with Chief AI Officers?

Elsewhere, the report claimed 89% of brand executives anticipate their organization’s AI use will rise over the next year, with this growing enthusiasm suggesting businesses recognize AI’s potential to drive efficiency, innovation, and competitive differentiation.

The presence of dedicated AI leadership has proven to accelerate benefits, as 86% of companies with a Chief AI Officer reported substantial time savings.

Moreover, the competitive advantages are evident for companies that approach AI investment strategically. 30% of organizations that have invested in AI as a core component of their business strategy report a noticeable competitive edge.

Executives also recognize AI as a long-term asset, not just a trend. With nearly three-quarters of surveyed executives viewing AI as a reliable source of information, many are committed to sustaining AI’s role in business beyond immediate projects.

The study also indicates 60% of organizations expect to diversify their AI investments across various projects in the coming years, ensuring that AI becomes embedded in different facets of their operations, rather than being limited to isolated use cases.

“As Executives are seeking insights for ROI on AI investments, they should consider AI is designed to help problem-solve — from mundane tasks to complex challenges," said Brett Barton Vice President and Global AI Practice Leader at Unisys.

“This allows organizations to maximize the impact, especially when there is a targeted business challenge. With the right strategy, use case and focus, organizations that deploy AI will thrive."

You might also like
Categories: Technology

9 Best French Presses (2024): Plastic, Glass, Stainless Steel, Travel

WIRED Top Stories - 10 hours 53 min ago
The humble French press is affordable, effective, and hard to mess up. Here are our favorites to make your morning cup of coffee.
Categories: Technology

New leak says if your iPhone can run iOS 18, it should be able to run iOS 19 too

TechRadar News - 11 hours 27 min ago
  • The same iPhones on iOS 18 may also get iOS 19
  • One iPad model set to be dropped with iPadOS 19
  • Expect official news sometime in June 2025

This year's launch of iOS 18 has brought a host of new features and functions to millions of iPhones, and a new leak suggests the same handsets that can run iOS 18 are going to be eligible for an upgrade to iOS 19 as well.

According to the usually reliable iPhoneSoft (via 9to5Mac), handsets as far back as the iPhone XS and iPhone XR, launched in 2018, are going to be able to get next year's software update. iOS 18, meanwhile, dropped support for the iPhone X and the iPhone 8, which both launched in 2017.

There is a caveat though: not all the new iOS 19 features will be available on all iPhones. This is something we're already used to of course, because recent handsets have the necessary processing power to handle Apple Intelligence, while others don't.

So far we've not heard too much about the upgrades iOS 19 is going to bring along with it, though apparently Apple is planning a ChatGPT-style update for Siri. At the moment of course, you can use ChatGPT inside Siri for more advanced AI conversations.

iPads and launch schedule

The 10.2-inch iPad 7 from 2019 could be missing out (Image credit: Future)

However, the same report says one iPad model will be left behind when iPadOS 19 rolls out. Apparently the 7th-gen entry-level iPad, which launched in 2019 and runs on an Apple A10 chip, won't be compatible.

The new minimum requirement for iPadOS 19 is said to be an A12 chip, which means every other iPad should get the software update. We can expect a similar set of new features to iOS 19, with a few tweaks and extras to account for the tablet form factor.

If Apple sticks to its usual schedule, then the first we'll officially hear about iOS 19 and iPadOS 19 will be at the WWDC (Worldwide Developers Conference) 2025, most likely happening sometime in June. After that, we should get a beta testing period, before a full public release in September 2025.

The new software updates will of course run on the iPhone 17 series, plus whatever new iPads Apple decides to bring out this year. We could well get the 11-generation iPad before 2025 is out, as well as a new 8th-generation iPad Pro.

You might also like
Categories: Technology

How to Change the Default Search Engine in Google Chrome

WIRED Top Stories - 11 hours 27 min ago
Just because you use Chrome doesn’t mean you have to use Google. Learn how to invite Bing, DuckDuckGo, Brave, or even ChatGPT into your omnibox.
Categories: Technology

The Universe Is Teeming With Complex Organic Molecules

WIRED Top Stories - 11 hours 57 min ago
Wherever astronomers look, they see life’s raw materials—and hints at answers to one of the great mysteries of science.
Categories: Technology

European data centers are having to delay carbon reduction goals and rethink sustainability plans

TechRadar News - 12 hours 49 min ago
  • Carbon reduction timelines keep shifting forward for European data centers
  • Report claims commercial viability comes first as environmental goals are secondary
  • Aggreko suggests need for strategic partnerships between companies and energy providers

Data centers are some of the largest energy consumers in Europe, and are facing unique challenges in achieving net zero goals.

A recent survey by Aggreko found volatile energy costs and grid instability are prompting data center operators to rethink their timelines for carbon reduction.

Of the executives surveyed, over 90% have adjusted their net zero targets, with half of those extending their timelines due to these persistent energy-related challenges.

Decentralized energy solutions are gaining traction

For many data centers, achieving sustainability goals requires balancing environmental targets with economic feasibility, especially as energy prices continue to rise.

In response to these energy challenges, data centers are increasingly adopting decentralized energy solutions to mitigate grid dependence and improve resilience. The report claims 87% of European executives are already implementing some form of decentralised energy, with 54% planning to expand these systems.

The move toward decentralization allows data centers to maintain operational stability while reducing reliance on traditional grid energy, which is often unpredictable and expensive. However, even with decentralized systems in place, data center leaders are cautious about fully committing to ambitious decarbonization timelines given current economic constraints.

The situation is dicey for company executives, as despite the urgency of environmental goals, cost and commercial viability remain the top priorities for data center executives. Only 12% of CEOs ranked speed of decarbonization as their primary objective, while the majority prioritize reducing energy costs and achieving a commercial advantage.

As data centers operate on tight profit margins, any investment in sustainable practices must demonstrate a clear return on investment. For many in the sector, this balancing act between sustainability and financial stability is proving complex, with limited capital available for large-scale green initiatives.

A key risk identified in the report is the role of supply chains in delaying the energy transition. Almost half of the executives surveyed see supply chain issues as a significant barrier, with 21% ranking it as their top concern.

As supply chain disruptions persist, securing the technology and resources needed for sustainable upgrades has become a formidable challenge. This uncertainty adds another layer of difficulty to achieving net zero, particularly as data centers attempt to source low-carbon energy options.

To navigate these challenges, Aggreko recommends strategic partnerships between companies and energy providers. By collaborating with energy experts, data centers can better assess options like energy-as-a-service models and power purchase agreements that offer flexible, lower-risk alternatives to traditional energy procurement. These partnerships enable data centers to explore innovative energy strategies without overcommitting financially, a crucial approach for achieving both short- and long-term sustainability goals.

Though current conditions make it difficult to achieve rapid decarbonization, the report suggests that data centers remain committed to sustainability. With 80% of CEOs planning to increase investment in energy solutions, even if only incrementally, there is optimism for continued progress. By adopting a balanced approach that aligns with economic realities, data centers can move towards a sustainable future while managing the operational demands of today’s market.

You might also like
Categories: Technology

Cloud Gaming on the PlayStation Portal Isn’t the Exciting Step Forward We’d Hoped for

WIRED Top Stories - 12 hours 57 min ago
A software update was supposed to free up the PS Portal from its reliance on the PS5 and add a world of streamable games to its appeal. In practice, it does nothing of the sort.
Categories: Technology

Everything new on Netflix in January 2025

TechRadar News - 13 hours 57 min ago

Well, it's here: the year 2025, and a new year calls for more movies and shows arriving across the best streaming services, starting with Netflix. This past year has been an eventful one for Netflix with the releases of Rebel Ridge, miniseries Griselda, and of course One Day joining the library of the best Netflix shows and best Netflix movies – and it's only going to get better.

January 1 is packed with a blend of movies including fun family favorites and romance stories, but it's compelling dramas like Lion (2016), Interstellar (2014), and Dallas Buyers Club (2013) that top the list of new Netflix titles. In addition to the usual list of new arrivals, Netflix is also ushering in new original shows, starting with Selling the City on January 3 and as a major fan of Selling Sunset, I'll be sat.

Everything new on Netflix in January 2025

Arriving on January 1

13 Going on 30 (movie)
3 Ninjas: Kick Back
(movie)
Apollo 13
(movie)
Blended
(movie)
Bruce Almighty
(movie)
Colombiana
(movie)
Dallas Buyers Club
(movie)
Dr. Seuss' The Cat in the Hat
(movie)
Dr. Seuss' The Lorax
(movie)
Erin Brockovich
(movie)
Hotel Transylvania
(movie)
Hotel Transylvania 2
(movie)
I Know What You Did Last Summer
(movie)
Inception
(movie)
Interstellar
(movie)
Little Fockers
(movie)
Love Actually
(movie)
The Love Scam
(Netflix original movie)
Meet the Fockers (movie)
Meet the Parents
(movie)
Melancholia
(movie)
Missing You
(Netflix original series)
The Net (movie)
Notting Hill
(movie)
Number 24
(Netflix original movie)
Out of Africa (movie)
Rush Hour
(movie)
Rush Hour 2
(movie)
Rush Hour 3
(movie)
Schindler's List
(movie)
Scooby-Doo
(movie)
Scooby-Doo 2: Monsters Unleashed
(movie)
Spider-Man
(movie)
Spider-Man 2
(movie)
Spider-Man 3
(movie)

Arriving on January 2

Cunk on Life (TV show)
Stranded with my Mother-in-Law season 2 (Netflix original series)

Arriving on January 3

Bandidos season 2 (Netflix original series)
Love Is Blind: Germany (Netflix original series)
Shafted (Netflix original series)
Selling The City (Netflix original series)
Umjolo: My Beginning, My End! (Netflix original movie)
Wallace & Gromit: Vengeance Most Fowl (Netflix original movie)

Arriving on January 4

When the Stars Gossip (Netflix original series)

Arriving on January 6

My Happy Marriage season 2 (Netflix original series)
WWE Raw: 2025 (Netflix live event)

Arriving on January 7

The Breakthrough (Netflix original series)
Gabriel Iglesias: Legend of Fluffy (Netflix comedy special)
The Graham Norton Show: Best Bits: Week of December 31, 2024 (TV show)
Jerry Springer: Fights, Camera, Action (Netflix original documentary)
Younger seasons 1-7 (TV show)

Arriving on January 8

Dubai Bling season 3 (Netflix original series)
Hound's Hill (Netflix original series)
I AM A KILLER season 6 (Netflix original documentary)
Subteran (Netflix original series)

Arriving on January 9

American Primeval (Netflix original series)
Asura (Netflix original series)
I am Ilary (Netflix original series)
Lion (movie)
The Upshaws
part 6 (Netflix original series)

Arriving on January 10

Ad Vitam (Netflix original movie)
Alpha Males season 3 (Netflix original series)
Love Is Blind: Germany (Netflix original series)

Arriving on January 11

SAKAMOTO DAYS (Netflix original series)

Arriving on January 13

The Walking Dead: The Ones Who Live season 1 (TV show)

Arriving on January 14

Ari Shaffir: America’s Sweetheart (Netflix comedy special)
Single’s Inferno season 4 (Netflix original series)

Arriving on January 15

Hereditary (movie)
Krapopolis
season 1 (TV show)
Public Disorder (Netflix original series)

Arriving on January 16

XO, Kitty season 2 (Netflix original series)

Arriving on January 17

Back in Action (Netflix original movie)
Love Is Blind: Germany (Netflix original series)
Young, Famous & African season 3 (Netflix original series)

Arriving on January 18

SAKAMOTO DAYS (Netflix original series)

Arriving on January 21

The Graham Norton Show: Best Bits: Week of January 10, 2025 (TV show)

Arriving on January 22

W.A.G.s to Riches (Netflix original series)

Arriving on January 23

NCIS seasons 1-5 (TV show)
The Night Agent season 2 (Netflix original series)

Arriving on January 24

The Sand Castle (Netflix original movie)

Arriving on January 25

SAKAMOTO DAYS (Netflix original series)

Arriving on January 26

You Hurt My Feelings (movie)

Arriving on January 28

The Graham Norton Show: Best Bits: Week of January 17, 2025 (TV show)
Liza Treyger: Night Owl (Netflix comedy special)

Arriving on January 29

Six Nations: Full Contact season 2 (Netflix original series)

Arriving on January 30

Mo season 2 (Netflix original series)
The Recruit season 2 (Netflix original series)
The Seven Deadly Sins: Four Knights of the Apocalypse season 2 (Netflix original series)

Arriving on January 31

Lucca's World (Netflix original movie)
The Snow Girl season 2 (Netflix original series)

You might also like
Categories: Technology

Pages

Subscribe to The Vortex aggregator - Technology