We may earn a commission from links on this page.

Youth culture moves fast. New slang is created and abandoned in days, whole communities organize around a blurry photograph, jokes become memes, memes become rituals, and everything might is abandoned before you even notice it exists. It's like to trying to study a snowflake: Once you can look at it, it's already melted. So it is this week, as I take a look a new lexicon of brain-rot slang (that might not really be slang), a meme format based on threatening to eat your Uber driver, and the performative disappointment of youth. Plus, as a reminder that we still still share something, a video about humanity's never-ending fascination with digging holes.

What do "Kevin," "gurt," and "IKIAB" mean?

I cover slang a lot in this column and keep a running glossary of Gen Z and Gen A words, but I'm not sure what to make of "Kevin," "gurt," "IKIAB," and countless other slang terms born in the past couple of weeks. To many young people, anything bad can be described as Kevin, and the word gurt means something like "smart but dangerous" and IKIAB is an acronym for "Imma keep it a buck," which means "I'm telling the truth." But maybe they don't mean anything.

All these new words are part of the quickly evolving world of brain-rot memes, and they straddle a line between self-aware parody of slang and actual slang. IKIAB was coined a few weeks ago by TikTok user @xznthos, who declared it was new slang that everyone would now use. Gurt was invented and defined a few days later, and Kevin a few days after that. This led to making up slang words becoming a meme format in brain-rot videos, with all kinds of people declaring that all kinds of words now mean all kinds of things. But do they? Is slang really slang just because someone says it is and a lot of people see the video?

Taking it a step further, a writer at Daily Dot asked Google Search’s generative AI Overview to define nonsense phrases like “banana slurp” and “cyclops vibing," and it answered that banana slurp "could potentially be a misinterpretation of ‘that’s bananas’ or ‘she/he went bananas,’ which both mean something is crazy, wild, or extremely agitated," and that cyclops vibing "essentially suggests that a person is enjoying themselves and in a good place, even if they are depicted with a somewhat intimidating or unusual image like a cyclops.”

So you don't even need a person to have ever used a word or phrase for it to have a definition (at least to a computer), so when is a word slang and when is it nonsense? That's the kind of question only a total stork smoother would ask.

What is the "I'm so hungry I could eat..." trend?

The "I'm so hungry I could eat..." trend is way easier to understand than brain-rot slang. It's a form of prank video where you secretly record someone's reaction to you saying, "I'm so hungry I could eat X," with X being whatever is likely to get the biggest reaction.

It started with videos of parents saying "I'm so hungry I could eat a kid" to their kids, which is adorable:

Then dog owners started threatening to eat their dogs:

Then things started getting stranger, like this video where someone threatens to eat their Uber driver.

But the height of the trend is saying you're so hungry they could eat a random, specific person from their victim's past. Like an old classmate who might have been dangerous:

or their first boyfriend:

or their coke dealer from the 90s.

What is the Hiccup Cult?

If your child has just joined The Hiccup Cult, don't worry. It's not a cult like The People's Temple; it's just a random TikTok thing with no real meaning. A few weeks ago, TikToker @annesstinkysock posted a video where they pointed out that the character Hiccup from How to Train Your Dragon is kind of funny-looking, and that she'd changed her profile picture to an image of Hiccup. That's it. That's the whole origin story. For some reason no one can explain, this video was spat out to millions of TikTok users, thousands (maybe hundreds of thousands) of whom changed their own profile pictures to Hiccup. Many of them started following each other, and a cult was born. To join, you just have to change your profile picture to Hiccup and you're in.

TikTok cults aren't new. There have been a ton of them revolving around a picture of a hamster, or Dragon Ball character Goku, or minions. It's the kind of thing that will be forgotten quickly, but maybe it provides some sense of belonging for the 12 seconds it exists.

"Rejection cakes" take over the internet

It's the time of year when high school seniors are crossing their fingers and receiving their acceptance or rejection emails from the colleges they applied to. As you'd probably expect, social media is filled with videos of over-achievers crying happy tears because they were accepted at Harvard, Boston College, or all four of the Ivy League schools they applied to. As you'd probably expect, it's getting ridiculous. Just check out how elaborate this video is for getting into UT Austin:

Good for her and all, but I mean, it's UT Austin? Anyway, I'm more interested in the people who won't be choosing between Yale and Dartmouth this fall. The trend for the rest of us, the also-rans and the almost-made-its, this year is rejection cakes. Videos like this one:

and this one:

are providing a much-needed counter-narrative to all the terrible success some people experience. I think there's something more valuable in performative displays of resilience than displays of pride, because we can't all get into Stanford, but we can all eat cake. Anyway, If you'd like to look at young people who have had their hopes dashed early instead of having them dashed when they graduate from their dream college there's a bunch of videos here.

Viral video of the week: A Video About Digging A Hole

A lot of youth culture these days lives up to the "brain-rot" name, but there's always a yin to the yang, like this week's viral video, "A Video About Digging a Hole." This video will not rot anyone's brain. In it, YouTuber Jacob Geller goes deep into the subject of holes. People, particularly younger people, have always been fascinated with holes, and Geller's video examines the cultural and symbolic power of the simple hole in the ground, finding connections between Louis Sachar's classic young adult novel Holes, Minecraft's constant digging and tunneling, 2025's unexpected blockbuster video game A Game About Digging a Hole, and way more hole-based media. This video is worth the watch just for the section on The Kola Superdeep Borehole—the deepest hole humans have ever dug.

from Lifehacker https://ift.tt/NKPOWwo

AI video generators are rapidly improving and becoming more widely available, with Google's Veo 2 now built into the Gemini app for anyone paying for a Google One AI Premium plan. Like OpenAI's Sora, Runway, Adobe's Firefly, and others, Veo 2 enables you to create a professional-looking video from nothing more than a text prompt.

With Veo 2 now available to paying users, it seems like a good opportunity to test these different AI video generators against each other, and compare their strengths and weaknesses—and to assess where we're at with AI video in general. We keep being told that these tools will transform movie-making, or at least fill the internet with AI slop, but are they actually practically useful?

Microsoft seems to think so, having used it in a recent ad. However, only parts of the clip were AI-made—shots with quick cuts and limited motion, where hallucinations are less likely to happen or be noticed.

For the purposes of this guide I'm going to take a look at Google Veo 2 and put it up against Sora, Runway, and Firefly. Other video generators are available, but these are four of the most prominent: They all cost money to access (starting from $20 a month), so you'll need to sign up for a month at least to play around with them.

Bouncing balls

If you're as old as I am, you'll remember an incredible ad Sony made to promote its new 1080p Bravia televisions in 2005 (above). More than 100,000 bouncy balls were dropped on the steep streets of San Francisco while the cameras rolled, and it was a compelling watch (the behind-the-scenes story is pretty fun, too).

This is a real challenge for AI, involving a lot of physics and movement. The prompt I used was: "Thousands of individual, brightly colored balls bouncing down a steep, sunny street in San Francisco, in slow-motion. The camera moves carefully down the street as the balls bounce downwards, passing trees and parked cars."

The Google Veo 2 attempt isn't bad. There's some weird physics going on here, but it looks reasonably natural, and could work as a short clip if you're not looking too closely. The background elements are well-rendered, and the instructions in my original prompt were followed pretty closely.

Sora seems confused about the scene it's supposed to be rendering. There are colored balls for sure, but they move as a confusing mush, and defy gravity. The pace of the video is OK, even if it's going in the opposite direction to the one I requested, and the background parts of the video look fine on the whole.

Runway gets the vibes pretty close, if you compare it to the original Sony clip, but again, there are several problems: The balls aren't at all consistent, the movement isn't what I asked for, and it looks as though there's an alien watching from a window in the top right corner. The street does look pretty cool though.

Firefly is probably the worst of the bunch, here. Most of the balls are stationary, and those that are moving aren't very well-rendered. The street looks OK but it's nothing special—there's definitely a retro video game feel to it. As with the Sora clip, the camera is taking me up the street when I really wanted to go down.

"Jurassic Park" scene

If AI is going to replace the actual people who make movies, then it needs to be able to create scenes as powerful as the "welcome to Jurassic Park" one in Spielberg's 1993 movie: the moment where Richard Attenborough as John Hammond reveals the dinosaurs to his visitors for the first time (above).

I was curious to see what AI would make of the scene. The prompt was: "At the top of a hill, two paleontologists slowly stagger along through the grass. As they do so the camera pulls back for a wider shot, revealing a wide clearing and a lake below. There are dinosaurs slowly walking through the lake and the trees."

The clip from Google Veo 2 looks pretty good. The camera isn't really moving in the way I described, and the paleontologists aren't really staggering (and they're not on a hill either), but the scenery looks good and the dinosaurs look OK. It's rather generic overall, but it's a decent effort.

Sora goes a little bit crazy with this prompt. The camera movements are jerky and don't follow the instructions I made, and the dinosaurs look like weird shape-shifting creatures. The best I can say about this effort is that all the elements I described are included, and the surrounding scenery is reasonably well done.

As for Runway, it's probably the closest to what I wanted when it comes to the camera movements and the overall feel of the scene. The lake and the dinosaurs look realistic enough, but it's by no means a perfect rendering—where does the red-shirted paleontologist disappear to?

It's another poor effort from Firefly. I'm not sure it knows what paleontologists are, and the dinosaurs are very small. The lake and the surrounding forest are done to an OK standard, though, even if there's a noticeable AI sheen to everything in the frame. The camera movements have been translated well here.

"The Living Daylights" scene

One more: the memorable Bond and Kara border-crossing scene in The Living Daylights, where they scoot down a snowy mountain on a cello case (above). I don't need to hire Timothy Dalton or Maryam d'Abo, learn how to operate a camera, or travel to Austria, because AI can make the whole scene for me.

The prompt for this one was: "A man and a woman in winter clothing are sliding down a snow-covered road on a cello case. There is a barrier on the road, and as they reach it, both characters duck under it."

Google Veo 2 manages this pretty well, everything considered—the scene looks mostly realistic and fun, and that does look a bit like a cello case. We do have to ignore the two people going through the road barrier as if it isn't there, but at least there is a barrier there (something the other AI models couldn't grasp).

Over to Sora, and again, it's not terrible. OK, that's not really a cello case, and surely the two people would be facing forward, but the snowy road and the surrounding trees look good—it's an immersive scene. Where's my road barrier, Sora? I want to see these people ducking under it.

As for Runway, whatever videos it was trained on, they sure weren't videos of people riding cello cases down mountains. The people are blending into each other, elements in the shot are shifting shape, and it just looks weird. The snowy scenery and the actual live snow effect do look good, though.

Who knows what Adobe Firefly is thinking here. The physics in this one make absolutely no sense, the characters aren't consistent, and there's no road barrier to duck under. It's actually unsettling to watch. We do get a snowy road, a cello case, and two people in the clip, however.

There's no clear winner

I think the Veo 2 videos impressed me most overall, though Runway seems good for realism more often than not. Across the board we have a lot of problems with physics, realism, and prompt interpretation. These are all clearly AI videos, with numerous weird quirks and inconsistencies.

Now, I wasn't expecting these AI generators to get anywhere near the quality of professional ads or movies: It's just not possible to recreate those scenes with only a text prompt and a few minutes of time and effort. I'm not trying to take a cheap shot at these tools, which are obviously very clever, but rather point out some of the fundamental issues with AI video.

These balls aren't bouncing. Credit: Adobe Firefly/Lifehacker

With more careful work and expertise, I could probably get something that looked a lot better, and clearly these video generators are going to improve over time. Who knows what they'll be able to produce in five or 10 years? If you check out the showcased videos on these platforms, you can see that great results are possible.

Personally, though, I'm not convinced these AI tools will ever fully replace traditional film work, no matter how well they're trained. To get something like the Sony ad in AI, you'd have to write reams and reams of incredibly detailed prompts, and even then you might not get what you wanted. Would AI think up the frog jumping out of the drain? Results are quick and easy, sure, but you're offloading most of the creative decisions to AI. These videos feel computer-generated.

One of these people is about to disappear. Credit: Runway/Lifehacker

AI doesn't really know how a ball bounces, or what a dinosaur looks like, or which way people should face as they slide down a snowy road on a cello case. It approximates and calculates based on all the videos it's previously seen, and those shortcomings show up a lot more in video than they do with images or text. You'll notice most AI videos, including the examples above, don't include elements that come in and out of shot, because the AI is likely to forget what they look like if they're not visible.

And I haven't even had space here to cover the copyright issues or the energy cost to the planet. No doubt we'll see an increasing number of AI-made ads and shorts as time goes on and the technology improves, but it's worth going back to the famous warning in Jurassic Park: Being so preoccupied with whether we can do it, we don't stop to think about whether we should.

Disclosure: Lifehacker’s parent company, Ziff Davis, filed a lawsuit against OpenAI in April, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.

from Lifehacker https://ift.tt/7WnsTC5

GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.

GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering detailed insights into potential cybercrime connections. It also draws from BreachDirectory.org and ProxyNova databases, providing extensive access to breached data, including plain-text and hashed passwords associated with usernames. For investigators who need reliable results without unnecessary complexity, GoSearch fits the bill.

GoSearch builds on the foundation laid by Sherlock, a well-known open-source tool for searching usernames. GoSearch steps in as a faster, more reliable alternative, written in Go rather than Python, which brings a noticeable speed boost.

Beyond performance, GoSearch addresses several of Sherlock’s core weaknesses. Sherlock struggles with accuracy. It often reports usernames that don’t exist (false positives) while also missing many that do (false negatives). These false negatives are particularly frustrating, as they can cause users to overlook valuable leads or insights.

GoSearch aims to fix this. It flags uncertain results in yellow, giving users a clear visual cue for links that might be inaccurate. This reduces noise and helps investigators focus on credible results.

Depending on user demand, GoSearch’s developers are considering new features, such as toggles to show only confirmed results or prioritize false-negative detection.

GoSearch is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!

from Help Net Security https://ift.tt/ZRzc1av

Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organizations globally. A Veeam report reveals that while the percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, the threat remains substantial.

This decrease is attributed to improved preparation and resilience practices, as well as increased collaboration between IT and security teams. However, as ransomware attacks from both established groups and “lone wolf” actors proliferate, organizations must adopt proactive cyber resilience strategies to mitigate risks and recover more swiftly and effectively from incidents.

“Organizations are improving their defenses against cyber-attacks, yet 7 out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%. Our latest findings clearly indicate that the threat of ransomware will continue to challenge organizations throughout 2025 and beyond,” said Anand Eswaran, CEO of Veeam.

Data exfiltration attacks grow

In 2024, coordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance.

The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organization’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information—like personal data, financial records, or intellectual property—and transferring it outside the organization.

Along with this shift toward data exfiltration — as well as toward double extortion that combines both encryption to restrict access and publication of sensitive exfiltrated data — there has also been a reduction in dwell time, the time between compromise and launching the attack, with many attacks occurring in just a matter of hours.

Organizations with weak cybersecurity measures are particularly vulnerable, as threat actors exploit vulnerabilities, often within hours.

Ransomware payments are decreasing

The total value of ransomware payments fell in 2024, with 36% of affected organizations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasizing the importance of robust recovery strategies.

Victims are increasingly hesitant to pay ransoms because they can’t trust attackers to release their data. Organizations have also proactively improved their own incident response plans, including through the use of immutable backups.

New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organizations to strengthen their defenses rather than capitulate to attackers.

Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defenses against ransomware.

While organizations are allocating more resources to security and recovery efforts, there remains a significant gap in investment relative to the growing threat landscape.

Overall, organizations tend to devote slightly more resources to security (31% of IT budget on average) rather than recovery (28% on average), which suggests a potential vulnerability in building up proactive resilience.

Backup recovery builds resilience

Organizations that prioritize data resilience can recover from attacks up to seven times faster and experience significantly lower data loss rates. These successful organizations share several common attributes, including backup and recovery strategies, proactive security measures, and incident response plans. The report highlights the shift from reactive security to proactive cyber resilience strategies to address the challenges of ransomware.

Findings from the report also encouraged organizations to adopt the 3-2-1-1-0 data resilience rule, ensuring that backups are immutable and free from malware before restoration.

Pre-attack confidence among ransomware victims often doesn’t reflect reality, as 69% believed they were prepared before being attacked, while their confidence plummeted by over 20% afterward, revealing significant gaps in planning. While 98% of respondents had a ransomware playbook, less than half of organizations had key technical elements included, such as backup verifications and frequencies (44%) and a pre-defined “chain of command” (30%).

Notably, CIOs experienced a 30% decline in their preparedness rating post-attack, compared to a 15% drop for CISOs, suggesting that CISOs have a clearer grasp of their organization’s security posture. These findings show the value of organizational alignment in cyber resilience, with regular training and exercises essential for a coordinated response during and after an attack.

Veeam surveyed 1,300 organizations to gauge how CISOs, security professionals, and IT leaders are recovering from cyber threats.

from Help Net Security https://ift.tt/ZejKRr1

Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the Datadog State of DevSecOps 2025 report.

14% of Java services still contain at least one vulnerability

By analyzing a dataset of applications to identify known third-party vulnerabilities, it was found that 15% of services are vulnerable to known-exploited vulnerabilities, affecting 30% of organizations.

They are particularly prevalent among Java services, with 44% of applications containing a known-exploited vulnerability. The average number of applications with a known-exploited vulnerability among the other services in the report (Go, Python, .NET, PHP, Ruby and JavaScript) was only 2%.

In fact, 14% of Java services still contain at least one vulnerability, even when considering only high-impact vulnerabilities such as known remote code execution (RCE) issues like Log4Shell, Spring4Shell, and other commonly exploited attack vectors.

In addition to being more likely to contain high-impact vulnerabilities, Java applications are also patched more slowly than those from other programming ecosystems. Applications from the Java-based Apache Maven ecosystem took 62 days on average for library fixes, compared to 46 days for those in the .NET-based ecosystem and 19 days for applications built using npm packages, which are JavaScript-based.

88% of organizations received untargeted malicious HTTP requests, such as to /backup.sql, scanning for potentially exposed sensitive files or API routes.

To better understand the severity of a vulnerability, Datadog developed a prioritization algorithm that factored in runtime context to its Common Vulnerability Scoring System (CVSS) base score.

Adding in runtime context provided factors about a vulnerability—for example, whether the vulnerability was running in a production environment, or if the application in which the vulnerability was found was exposed to the internet—that CVSS did not take into account. This helped to reduce noise and identify the issues that are most urgent. After runtime context was applied, it was found that only 18% of vulnerabilities with a critical CVSS score—less than one in five—were still considered critical.

Attackers continue to target the software supply chain

Researchers identified thousands of malicious PyPI and npm libraries—some of these packages were malicious by nature and attempted to mimic a legitimate package (for instance, passports-js mimicking the legitimate passport library), a technique known as typosquatting. Others were active takeovers of popular, legitimate dependencies (such as Ultralytics, Solana web3.js, and lottie-player). These techniques are used both by state-sponsored actors and cybercriminals.

One of the most common causes of data breaches is long-lived credentials. Last year, 63% of organizations used a form of long-lived credential at least once to authenticate GitHub Actions pipelines. This year, that number dropped to 58%, a positive sign that organizations are slowly improving their credential management processes.

Across all programming languages, dependencies are months behind their latest major update. And those that are less frequently deployed are more likely to be using out-of-date libraries—dependencies in services that are deployed less than once a month are 47% more outdated than those deployed daily. This is an issue for developers as outdated libraries can increase the likelihood that a dependency contains unpatched, exploitable vulnerabilities.

“The report found that security engineers are wasting a lot of time on vulnerabilities that aren’t necessarily all that severe,” said Andrew Krug, Head of Security Advocacy at Datadog. “The massive amount of noise security teams have to deal with is a major issue because it distracts from prioritizing the really critical vulnerabilities. If defenders are able to spend less time triaging issues, they can reduce their organizations’ attack surface all the faster. Focusing on easily exploitable vulnerabilities that are running in production environments for publicly exposed applications will yield the greatest real-world improvements in security posture.”

from Help Net Security https://ift.tt/jElXGgU

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors.

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week.

54% of tech hiring managers expect layoffs in 2025
54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to a new study by General Assembly.

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution.

The legal blind spot of shadow IT
Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts.

Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024.

Review: Artificial Intelligence for Cybersecurity
Artificial Intelligence for Cybersecurity is a practical guide to how AI and machine learning are changing the way we defend digital systems.

Attackers phish OAuth codes, take over Microsoft 365 accounts
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts.

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others).

SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in live GitHub repositories and solving cybersecurity challenges, to browsing the web or executing custom workflows.

Coaching AI agents: Why your next security hire might be an algorithm
Security teams are drowning in alerts. The sheer volume of threats, suspicious activity, and false positives makes it nearly impossible for analysts to investigate everything effectively. Enter agentic AI, capable of completing hundreds of tasks simultaneously without tiring.

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
Hawk Eye is an open-source tool that helps find sensitive data before it leaks.

When confusion becomes a weapon: How cybercriminals exploit economic turmoil
We’ve entered a dangerous feedback loop where financial instability doesn’t just shake the market; it shakes our ability to make clear decisions.

2025 Data Breach Investigations Report: Third-party breaches double
The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%, according to Verizon’s 2025 Data Breach Investigations Report.

Cybercriminals blend AI and social engineering to bypass detection
Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense.

Why CISOs are watching the GenAI supply chain shift closely
In supply chain operations, GenAI is gaining traction. But according to Logility’s Supply Chain Horizons 2025 report, many security leaders remain uneasy about what that means for data protection, legacy tech, and trust in automation.

Phishing emails delivering infostealers surge 84%
Cybercriminals continued to shift to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined, according to IBM.

Cyber threats now a daily reality for one in three businesses
Businesses are losing out on an average of $98.5 million a year as a consequence of cyber threats, fraud, regulatory hurdles and operational inefficiencies, according to research from FIS and Oxford Economics.

A new era of cyber threats is approaching for the energy sector
Cyber threats targeting the energy sector come in many forms, including state-sponsored actors seeking to disrupt national infrastructure, cybercriminals motivated by profit, and insiders intentionally causing damage.

Cybersecurity jobs available right now: April 23, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

The dark side of YouTube: Malicious links, phishing, and deepfakes
With billions of users, YouTube has become a tempting target for cybercriminals.

Top must-visit companies at RSAC 2025
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies you won’t want to miss.

Email authentication simplified: How PowerDMARC makes DMARC effortless
PowerDMARC helps organizations roll out DMARC the right way. They aim to make the setup simple, even for complex environments.

Skyhawk Security brings preemptive cloud app defense to RSAC 2025
Skyhawk Security is adding new protection for custom-built cloud applications. The company announced the update to its AI-powered Autonomous Purple Team for RSAC 2025 Conference, which starts April 28 in San Francisco.

Exposed and unaware: The state of enterprise security in 2025
The Edgescan 2025 Vulnerability Statistics Report offers a data-rich snapshot of the global cybersecurity landscape, drawing from thousands of assessments and penetration tests conducted in 2024.

New infosec products of the week: April 25, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode.

from Help Net Security https://ift.tt/gULlncB

I thought it was just me, a non-native English speaker, who loved watching everything with subtitles on. But clearly, it's not. Based on a recent survey, more than 50% of US viewers watch content with the subtitles on. And there are many reasons why. Sometimes you want to watch something on a low volume in bed, and sometimes it's just too hard to understand what a character is saying. Or, you could be watching with cheap TV speakers that make your audio hard to hear.

Netflix is starting to understand this, and so for people who don't necessarily need to see sound effects in their subtitles, is adding a new dialogue-only subtitles mode. This mode removes text-descriptions for sound effects, speakers, and more.

And don't worry: The CC or Closed Captions option will still be there, so you can pick that if you need subtitles for more than just dialogue. It will tell you when a song is playing, when someone makes some noise, or even if there's a change in setting.

How to switch to dialogue-only subtitles on Netflix

This will be a gradual rollout, and Netflix is starting with the latest (and final) season of You, as well as the Tom Hardy film Havoc.

We don't yet know if Netflix will go on to roll out dialogue-only subs for all existing content, but the company is promising that every new Netflix Original, in every language, will have dialogue-only subtitles. So Netflix isn't limiting this to only English. For example, you'll find dialogue-only subtitles in German as well.

Credit: Netflix

To switch over to dialogue only subs, start streaming your supported content, and then head over to the Subtitles section. Here, choose English (or your language of choice) in the Audio section, and then select English in the Subtitles section as well. To maintain subs for more than just dialogue, choose English (CC).

And that's all there is to it. You're now watching with subtitles that only show the dialogue. It's just you and the characters.

from Lifehacker https://ift.tt/WX27phk