The article Botim adds IBAN wallets for wider access appeared first on Arabian Post.

The campaign highlights a shift in botnet use from crude denial-of-service activity towards stealthier pre-intrusion work, where hijacked routers and network-attached storage appliances act as relay points between attackers and intended targets. Security analysts say the malware helps operators conceal their true location, distribute scanning tasks across many infected nodes and extend their reach inside poorly defended networks.

The botnet is built around two branches. A C-based version targets legacy routers using long-known vulnerabilities, while a more capable Go-based “Standard” branch has been observed on NAS devices. The router-focused variant has been linked to devices built around RTL819X-series chips, a hardware generation widely used between 2012 and 2015, leaving many units outside normal support cycles and unlikely to receive fresh security patches.

The affected devices include older D-Link models such as DIR-850L and DIR-818LW, along with other routers exposed to vulnerabilities including CVE-2013-3307 and CVE-2016-5681. A NAS-targeting sample has also been associated with CVE-2025-11837. The age of some flaws underlines the persistence of security debt in home and small-office networking equipment, where devices can remain connected for years after vendor support ends.

Telemetry examined by threat researchers indicates the infection base is concentrated in East and Southeast Asia, with South Korea accounting for nearly half of observed infections and China for close to one-third. Smaller shares have been identified in Sweden, Malaysia and Singapore. The geographic pattern does not necessarily show attacker origin, but it does point to clusters of exposed equipment that can be repurposed as proxy infrastructure.

AryStinger’s infected machines are referred to as “executors”, reflecting their role in carrying out instructions issued by command-and-control servers. Once active, a node can perform internal and external scanning, identify services, execute system commands, forward traffic and assist in tunnelling. The botnet can split large scanning jobs into smaller units and distribute them among compromised devices, allowing attackers to gather information at scale while reducing the visibility of any single node.

The Go-based NAS branch appears more advanced. It includes capabilities for IP and DNS scanning, command execution and payload handling in Go, Java and Python. It also integrates open-source reconnaissance and penetration-testing utilities, a pattern that has become common in intrusion campaigns because attackers can blend legitimate tools with malicious workflows and reduce the need for custom malware at every stage.

The most serious risk lies in what AryStinger enables before a visible breach occurs. By mapping exposed services, probing intranets and relaying traffic through trusted-looking residential or small-business devices, attackers can prepare later operations while making attribution and blocking more difficult. Compromised routers also sit at a sensitive position in the network path, raising the risk of DNS tampering, browsing hijacking and silent monitoring of inbound and outbound traffic.

The campaign fits a broader trend in which routers, firewalls, cameras and NAS systems have become attractive assets for both criminal operators and state-linked groups. Such devices often run lightweight Linux-based systems, face the public internet, receive less monitoring than servers or laptops and are protected by weak passwords or outdated firmware. Once compromised, they can serve as proxy nodes, staging points, data-transfer relays or launchpads for additional intrusion activity.

Botnets built from edge devices have drawn growing attention since several operations showed how residential and small-office equipment can be used to mask espionage, credential theft and scanning activity. The value of such infrastructure lies not only in scale, but in deniability: traffic routed through a consumer router or small business gateway can appear less suspicious than traffic from a known hosting provider or rented virtual server.

Mitigation is difficult where devices are obsolete. Firmware updates remain the first defence where vendors still provide them, but end-of-life equipment often requires replacement rather than patching. Administrators and users are being urged to disable remote management, change default credentials, restrict exposed services, monitor unusual DNS or outbound connections and remove unsupported routers from production networks.

For enterprises, the discovery reinforces the need to treat branch routers, NAS appliances and unmanaged edge devices as part of the attack surface rather than background infrastructure. Asset inventories, network segmentation and anomaly detection can help identify compromised devices before they become footholds for deeper intrusion.

AryStinger’s scale is modest compared with the largest IoT botnets, but its design makes it significant. Its emphasis on scanning, relay and tunnelling shows how attackers are using neglected hardware not merely to create noise, but to build quieter infrastructure for the early stages of cyber operations.

The article AryStinger turns old routers into stealth proxies appeared first on Arabian Post.

Arabian Post Staff -Dubai

The article MGX weighs DayOne data centre push appeared first on Arabian Post.

The article Qatar gas blast tests energy recovery appeared first on Arabian Post.

The article DIFC moves to sharpen AI data rules appeared first on Arabian Post.

The Shinjuku-based company is consolidating digital asset operations under a “Neo Crypto Business” pillar, alongside its “Neo Media Entertainment Business”, as it seeks to become one of Japan’s most prominent corporate holders of XRP. The strategy builds on a board-approved plan to acquire ¥2.5 billion worth of XRP in stages and on wider crypto-related assets that have grown into a far larger balance-sheet priority.

The move marks a notable evolution for Gumi, which built its reputation on mobile gaming titles before expanding into Web3 investments, blockchain funds and digital asset management. The company’s latest approach treats XRP not only as a treasury asset but also as a functional tool for cross-border liquidity, infrastructure services, fund participation and yield generation.

Gumi’s XRP push is closely tied to its relationship with SBI Holdings, one of the most influential backers of Ripple-linked businesses in Japan. SBI has maintained a long-running partnership with Ripple and has supported XRP-related payment, remittance and tokenisation initiatives. Gumi has also invested alongside SBI in Evernorth, a US-based XRP treasury business that has sought to build a large institutional vehicle around the token.

The company’s strategy reflects a wider shift among listed firms experimenting with digital assets as part of treasury management. Earlier corporate crypto allocations were largely centred on Bitcoin as a store-of-value asset. Gumi’s approach is more operational, with XRP framed around payments utility, liquidity networks and active asset management rather than simple price appreciation.

Gumi has already disclosed a ¥1 billion Bitcoin purchase and has explored staking-based yield through blockchain networks. Its XRP plan is designed to diversify that exposure and connect the company to a token ecosystem that has a stronger payments narrative, especially in markets where Ripple-linked infrastructure has institutional support.

The company’s crypto asset balances expanded during the last financial year, aided by both direct holdings and fund-related exposure. Management has indicated that returns from the crypto business have become a meaningful part of earnings, although market volatility remains a clear risk. Crypto-linked gains can lift quarterly results sharply, but price declines can also create valuation pressure and impairments.

XRP was trading near $1.14 on Saturday, leaving the token well below the peaks reached during earlier market rallies. That price level underlines both the opportunity and the risk behind Gumi’s strategy. A larger XRP position could amplify gains if institutional demand strengthens, but it also exposes the company to swings in a market still shaped by regulatory shifts, liquidity cycles and broader investor sentiment toward digital assets.

Gumi’s restructuring also comes as Japan’s digital asset sector becomes more structured around licensed exchanges, tokenised securities, stablecoins and institutional custody. The regulatory environment has encouraged some companies to treat crypto assets as part of formal financial strategy rather than speculative side projects. That has created space for listed firms to pursue blockchain-linked revenue models while remaining under closer investor scrutiny.

The company’s plan includes node operations, asset management and fund participation, areas that could allow it to earn revenue from infrastructure and financial services rather than depending solely on token prices. A covered-call strategy has also been discussed as part of efforts to generate premium income while holding XRP, although such strategies carry risks if markets move sharply or liquidity conditions deteriorate.

The Evernorth connection gives Gumi exposure to a larger institutional XRP build-out. Evernorth has raised commitments from major digital asset and financial investors and has outlined plans to use XRP in treasury management, liquidity provisioning and decentralised finance activity. Its proposed public-market structure is designed to give investors regulated exposure to XRP without requiring them to hold tokens directly.

For Gumi, the gamble is that XRP’s role in settlement and liquidity infrastructure will expand as financial institutions test faster alternatives to legacy cross-border payment systems. Ripple and its partners have long promoted XRP as a bridge asset for international transfers, though adoption has varied by corridor, regulation and institutional appetite.

Arabian Post – Crypto News Network

The article Gumi sharpens XRP treasury push appeared first on Arabian Post.

The shares changed hands through block deals on the National Stock Exchange, with the transaction executed at ₹1,730 a share. The deal involved about 44.9 lakh shares, with private equity investor ChrysCapital, through its affiliate Sepia Investments, and Anchor Partners selling part of their holdings. ADIA bought 39,130 shares, while other buyers included Aberdeen Group, Factory Mutual Insurance Company, HDFC Mutual Fund, Kotak Mahindra Mutual Fund, Ashoka WhiteOak and other funds.

Corona Remedies’ shares rose nearly 3 per cent after the transaction, trading around ₹1,840 on the NSE, as the market read the entry of large domestic and overseas institutions as a vote of confidence in the company’s branded formulations business. The block deal valued the stake at a premium to the company’s public issue price band of ₹1,008-₹1,062 a share in December 2025, underlining the strong post-listing performance of the stock.

Sepia Investments sold 43.28 lakh shares, equal to about 7.07 per cent of Corona Remedies’ equity, for around ₹748.9 crore. Anchor Partners offloaded 1.61 lakh shares, or 0.26 per cent, for about ₹28 crore. Sepia’s stake fell to 12.69 per cent from 19.76 per cent after the sale, while the wider ownership base brought more institutional depth to the company’s shareholder register.

The transaction is also a partial exit for early financial investors who backed Corona Remedies before its public listing. For buyers, the attraction lies in a domestic formulations franchise with established brands across women’s healthcare, cardio-diabeto, pain management, urology and other therapeutic categories. The company has positioned itself in segments with higher repeat prescription potential and relatively stronger pricing resilience than low-margin commodity generics.

Corona Remedies reported revenue growth of about 17 per cent in the financial year ended March 2026, while profit after tax rose about 33 per cent. Its full-year revenue crossed ₹1,400 crore, supported by growth in chronic and sub-chronic therapies, brand-led marketing and wider distribution. The company’s earlier public offer was entirely an offer for sale, meaning the proceeds went to existing shareholders rather than to the company.

The drugmaker was ranked among the top 30 pharmaceutical companies in the domestic pharmaceutical market by sales before its listing. Women’s healthcare is one of its strongest verticals, followed by cardio-diabeto, pain management and urology. Its brand portfolio includes products targeted at specialist doctors, a strategy that has helped it command higher prescription visibility in selected therapies.

The stake purchase comes at a time when pharmaceutical companies with strong domestic franchises are drawing investor interest. Companies focused on branded formulations have benefited from rising healthcare consumption, deeper insurance penetration, higher diagnosis rates for chronic conditions and stronger prescription volumes in urban and semi-urban markets. The domestic pharmaceutical market has also been less exposed to some of the pricing and regulatory volatility faced by export-heavy generic drugmakers.

ADIA’s participation fits a broader pattern of Gulf sovereign capital seeking exposure to healthcare, pharmaceuticals, financial services, infrastructure and consumer platforms across growth markets. The Abu Dhabi fund has built a diversified global portfolio and has been active in private equity, listed equities, real estate and alternatives. Its entry into Corona Remedies, though modest in percentage terms, adds to institutional interest in healthcare businesses with predictable cash flows and long-term demand visibility.

For Corona Remedies, the deal improves public float quality and may support market liquidity. Greater institutional ownership can also bring closer scrutiny of margins, product concentration, compliance, capital allocation and future acquisition strategy. The company’s next phase will be measured against its ability to maintain growth while protecting profitability in a market where promotional expenses, field-force productivity and doctor engagement remain critical.

The transaction also highlights how block deals have become an important route for private equity funds to monetise stakes after listings. Rather than waiting for gradual market sales, large shareholders can exit or pare exposure through negotiated exchange transactions that allow institutional buyers to acquire sizeable positions in a single trading window. Such deals can reduce overhang when executed cleanly, though they also put focus on valuation sustainability after the initial market response.

The article ADIA joins Corona Remedies block deal appeared first on Arabian Post.

The article IPA deepens leadership training with Harvard appeared first on Arabian Post.

The fix, released as Beats Firmware Update 1B211 on June 16, addresses CVE-2025-20701, a high-severity vulnerability tied to Bluetooth audio code used in the earbuds. The flaw affected Beats Studio Buds, a 2021 wireless earbud model sold under Apple’s Beats brand, and centred on how a Bluetooth audio device could be paired without the user’s consent under certain conditions.

The vulnerability did not require physical possession of the earbuds. An attacker would need to be within Bluetooth range and the device would need to be in a state where it was not yet paired and actively seeking pairing requests. That narrowed the window for exploitation, but the potential impact was significant because the microphone could be accessed without the user authorising the connection.

Apple said the issue involved open-source code and that Apple software was among the affected projects. The CVE entry was assigned by a third party. The vulnerability has been credited to Dennis Heinze and Frieder Steinmetz of ERNW GmbH, a Germany-based security consultancy that has examined weaknesses in Bluetooth audio chipsets and headphone firmware.

The flaw is linked to the Airoha Bluetooth audio software development kit, which is used in audio chips found in a range of wireless earbuds and headphones. Security researchers have warned that weaknesses in such components can spread across multiple consumer products because manufacturers often rely on shared chipset platforms, firmware modules and vendor-supplied software stacks.

CVE-2025-20701 has been described as an incorrect authorisation weakness that could permit unauthorised pairing of a Bluetooth audio device. In practical terms, the vulnerability sits at the point where convenience features, such as rapid or automatic pairing, intersect with authentication controls. If a device accepts a connection request without properly verifying the other side, an attacker can gain a foothold that should not be available.

The Beats update is being delivered automatically when the earbuds are paired with, and within Bluetooth range of, an iPhone, iPad or Mac. Users can check the installed firmware version through Bluetooth settings by selecting the information button next to the connected Beats Studio Buds. Owners using Android devices can update through the Beats app, provided the earbuds are paired and connected.

The episode underlines a wider security problem facing connected accessories. Earbuds, smartwatches, trackers and other peripherals are no longer passive add-ons. They contain microphones, radios, processors, memory and firmware that interact closely with phones and computers. A weakness in an accessory can therefore become a privacy risk even when the main handset or laptop remains fully patched.

Bluetooth’s short range can create a false sense of safety. Attacks usually require proximity, but the environments in which wireless earbuds are used — offices, airports, cafés, trains, conferences and classrooms — often place potential attackers close to targets. A flaw that can be triggered without user interaction is especially concerning because the victim may receive no obvious warning that a connection attempt has occurred.

Apple’s decision to publish a security note for a Beats firmware update also reflects a shift in how major technology companies handle accessory-level vulnerabilities. Firmware patches for headphones historically attracted less attention than updates for phones, laptops or browsers. That distinction is becoming harder to justify as audio wearables handle calls, voice assistants, dictation and workplace communications.

There is no indication from Apple that the Beats Studio Buds flaw has been exploited in attacks against users. The company generally limits technical detail until patches are available, a practice intended to reduce the risk of copycat attacks before users can update their devices. The advisory, however, makes clear that the issue was serious enough to warrant a dedicated firmware release.

The broader supply-chain dimension is also important. When a flaw originates in a chipset vendor’s software or reference implementation, each device maker must test, package and distribute a product-specific update. That process can leave users exposed for varying periods depending on how quickly brands support older models and how reliably consumers receive firmware updates.

The article Apple closes Beats microphone security gap appeared first on Arabian Post.

The fix, released as Beats Firmware Update 1B211 on June 16, addresses CVE-2025-20701, a high-severity vulnerability tied to Bluetooth audio code used in the earbuds. The flaw affected Beats Studio Buds, a 2021 wireless earbud model sold under Apple’s Beats brand, and centred on how a Bluetooth audio device could be paired without the user’s consent under certain conditions.

The vulnerability did not require physical possession of the earbuds. An attacker would need to be within Bluetooth range and the device would need to be in a state where it was not yet paired and actively seeking pairing requests. That narrowed the window for exploitation, but the potential impact was significant because the microphone could be accessed without the user authorising the connection.

Apple said the issue involved open-source code and that Apple software was among the affected projects. The CVE entry was assigned by a third party. The vulnerability has been credited to Dennis Heinze and Frieder Steinmetz of ERNW GmbH, a Germany-based security consultancy that has examined weaknesses in Bluetooth audio chipsets and headphone firmware.

The flaw is linked to the Airoha Bluetooth audio software development kit, which is used in audio chips found in a range of wireless earbuds and headphones. Security researchers have warned that weaknesses in such components can spread across multiple consumer products because manufacturers often rely on shared chipset platforms, firmware modules and vendor-supplied software stacks.

CVE-2025-20701 has been described as an incorrect authorisation weakness that could permit unauthorised pairing of a Bluetooth audio device. In practical terms, the vulnerability sits at the point where convenience features, such as rapid or automatic pairing, intersect with authentication controls. If a device accepts a connection request without properly verifying the other side, an attacker can gain a foothold that should not be available.

The Beats update is being delivered automatically when the earbuds are paired with, and within Bluetooth range of, an iPhone, iPad or Mac. Users can check the installed firmware version through Bluetooth settings by selecting the information button next to the connected Beats Studio Buds. Owners using Android devices can update through the Beats app, provided the earbuds are paired and connected.

The episode underlines a wider security problem facing connected accessories. Earbuds, smartwatches, trackers and other peripherals are no longer passive add-ons. They contain microphones, radios, processors, memory and firmware that interact closely with phones and computers. A weakness in an accessory can therefore become a privacy risk even when the main handset or laptop remains fully patched.

Bluetooth’s short range can create a false sense of safety. Attacks usually require proximity, but the environments in which wireless earbuds are used — offices, airports, cafés, trains, conferences and classrooms — often place potential attackers close to targets. A flaw that can be triggered without user interaction is especially concerning because the victim may receive no obvious warning that a connection attempt has occurred.

Apple’s decision to publish a security note for a Beats firmware update also reflects a shift in how major technology companies handle accessory-level vulnerabilities. Firmware patches for headphones historically attracted less attention than updates for phones, laptops or browsers. That distinction is becoming harder to justify as audio wearables handle calls, voice assistants, dictation and workplace communications.

There is no indication from Apple that the Beats Studio Buds flaw has been exploited in attacks against users. The company generally limits technical detail until patches are available, a practice intended to reduce the risk of copycat attacks before users can update their devices. The advisory, however, makes clear that the issue was serious enough to warrant a dedicated firmware release.

The broader supply-chain dimension is also important. When a flaw originates in a chipset vendor’s software or reference implementation, each device maker must test, package and distribute a product-specific update. That process can leave users exposed for varying periods depending on how quickly brands support older models and how reliably consumers receive firmware updates.

The article Apple closes Beats microphone security gap appeared first on Arabian Post.

By Arun Srivastava

The Bharatiya Janata Party’s (BJP) strategy of fracturing regional parties serves as a quaternary-track political manoeuvre designed to secure long-term constitutional dominance, dismantle the opposition architecture INDIA bloc, give a shape to its long cherished desire to create Bharat free of active opposition and finally, consolidating its position in 2029 and sweeping the Lok Sabha election. It is a three year programme piloted by Narendra Modi-Amit Shah duo to facilitate the process of One National One Party goal and the establishment of Hindu Rashtra.

Splitting regional parties is a highly calculated, multi-layered political strategy rather than a simplistic action. The immediate goal is often to secure a two-thirds legislative majority for constitutional amendments for enabling passage of the delimitation bill during the next parliamentary session. For ensuring the constitutional amendment, the ruling NDA requires a two-thirds majority (360 seats out of 540) in the Lok Sabha. Modi government had tried to have the bill through in the last session, but it fell of majority support.

The push to split parties and consolidate power is also inextricably linked to Narendra Modi’s attempts to pass a Delimitation Bill ahead of 2029LokSabha polls.. Consolidating numbers would help Modi to give a shape to his plan to easily push through redrawn electoral maps that fundamentally alter India’s parliamentary math.

Poaching regional leaders would provide instant grassroots organizational machinery to BJP, but the possibility could not be ruled out that Shah’s action may prove to be counter-productive and harm the BJP and Modi’s design. Delimitation will increase seats in northern states where the BJP possesses a strong footprint, while reduce the relative electoral weight of southern and regional strongholds.

Controlling the legislative process ensures the boundary redrawing aligns with the party’s long-term national electoral map optimization. The INDIA bloc relies heavily on strong regional parties to anchor specific states and defeat the BJP locally. By fracturing these regional entities, the BJP isolates the Congress party, depriving it of crucial coalition partners, shared vote banks, and localized organizational machinery. Splits trigger intense internal infighting over party names and election symbols, forcing opposition leaders to focus on survival rather than mounting a unified national campaign.

The Delimitation Bill, 2026 is highly controversial because it proposes a massive overhaul of India’s electoral map by expanding the Lok Sabha from 543 to 850 seats and changing how parliamentary constituencies are calculated. Modi government had introduced a three-bill package in a special parliamentary session to operationalize the 33% women’s quota, which was legally tied to a new delimitation exercise. The opposition, along with several region

The parties, opposed the move, leading to the bill falling 54 votes short of the required majority. The delimitation bill would widen the “North-South” Divide. Southern states, which have successfully curbed population growth, feared that a population-based redistribution of seats would drastically diminish their political representation in favour of more populous northern states. Their apprehension was genuine and rationale. By inflating the Lok Sabha to roughly 850 seats, the government aimed to ensure no state lost its absolute number of seats, but at the same time it would create an unwieldy legislative chamber without addressing the underlying federal concerns.

It was purely a political move of BJP. It is a major power in northern India, by virtually by crippling the Congress in the states. With increased number of seats, BJP would emerge as the ruling party. It would not have to bother for support from the southern states. Despite its defeat, the bill remains the epicentre of a fierce debate on Indian federalism. The fear that seat reallocation will permanently shift political power from South India to North India will come true. Because the North’s population grew exponentially faster over the last 50 years, a purely population-based seat allocation would drastically increase the number of MPs from northern states (like Uttar Pradesh and Bihar).

Though BJP and RSS talk of one country, this move of the saffron ecosystem will split India between North and South. The INDIA bloc had accused BJP of forcing through a radical, potentially unfair restructuring of constituencies. The bill sought to grant Parliament the direct authority to decide which census to use for redrawing boundaries, stripping away the fixed constitutional timelines that ensured institutional neutrality. Splitting the Nationalist Congress Party (NCP) and Shiv Sena (SS) would yield immaterial gains for the BJP as it is already in power in Maharashtra. A dozen Lok Sabha members of these parties, deserting their parent parties, would not have much significance in the state. But their support is essential at national level. They will help BJP-RSS accomplish their long-drawn mission. The Maha Vikas Aghadi (MVA) is yet to come out of the psychological shock it suffered in June 2022 when Eknath Shinde led a major rebellion within the Shiv Sena.

In Bengal too, the rebellion by the TMC parliamentarians does not have so much of relevance. BJP is already in power and it will continue to rule for next five years. While the rebels are using the BJP for getting state protection and enjoying power, the BJP is encouraging them to desert TMC with an eye on smooth passage of the Delimitation bill. The number of the deserters is not small; around 20 MPs are in line. Nonetheless the national BJP gains from the Trinamool Congress MPs desertions by breaking Mamata Banerjee’s regional dominance in West Bengal, weakening anti-BJP opposition coalitions at the national level, and boosting its own parliamentary strength and organizational footprint in eastern India. Bolstering its parliamentary numbers makes it easier for the national BJP to get pass crucial bills and legislative reforms where it previously required broader opposition consensus.

By engineering splits or exploiting existing fractures (such as the DMK distancing itself from Congress), the BJP creates mutual distrust among opposition parties, effectively destroying the united front they presented in earlier parliamentary sessions. There is no doubt that a successful delimitation exercise could structurally redesign the composition of the Lok Sabha—potentially benefiting saffron ecosystem. Weakening regional players would prove to be boon for the BJP as it would either co-opt the regional leaders or consolidate its own grassroots presence in states where regional parties once held monopolies.

These desertions will help the BJP in not only having its contentious Delimitation Bill passed in the next session of parliament, but also smooth passage of highly contentious, stalled legislation, like One Nation, One Election (simultaneous national and state polls), and the Uniform Civil Code (UCC). By splintering the key regional pillars of the opposition, the BJP effectively dilutes the collective bargaining and voting power of the INDIA alliance inside Parliament.

Rather than confronting entire regional blocks, this strategy involves “salami slicing” the opposition.“Salami slicing” of the opposition is a political strategy where a dominant or ruling party gradually weakens, divides, and eliminates opposition forces piece by piece—one thin “slice” at a time—rather than launching a single, massive crackdown. By taking small, incremental steps, the ruling power avoids triggering a massive public backlash, a unified resistance, or international condemnation. By the time the opposition realizes what is happening, they are already completely neutralized. Saffron ecosystem has already been resorting to Salami Slicing, in future it would further intensify it for having an effectively complete control.

Political analysts and commentators view this BJP’s strategy of engineering splits and absorbing leaders from regional parties as a definitive push toward an “Virodh-mukt Bharat” (opposition-free) political order. This will also lead to erosion of federal power. Yet another aspect of this move is; by systematically weakening regional satraps, the BJP seeks to replace India’s highly fragmented, multi-party coalition system with a centralized, dominant-party system. When Modi introduced the phrase “Congress-mukt Bharat” in 2014, it was framed as ridding India of dynastic politics, but his latest move aims at finishing the regional political power centres. BJP’s top leadership has frequently critiqued regionalism, arguing that regional parties prioritize caste-based, and dynastic interests over national development.

Modi’s delimitation and seat-expansion proposals are rooted in the RSS’s longstanding ideological goals. The RSS has historically advocated for population-based representation and restructuring India’s political geography. The push to link delimitation with the 2011 Census and a massive expansion of the Lok Sabha (up to 850 seats) is strongly supported by the RSS. It has also echoed the Modi administration’s legislative “guarantees” regarding the redrawing of constituencies. The Modi government argued that population-based delimitation restores “one person, one vote, one value” after 50 years of freeze. However, the opposition sees it as unfair to the southern and eastern states that fared better in implementing the government’s population control policies. (IPA Service)

The article BJP Top Brass’s Three-Year Plan To Achieve ‘One-Party, One-Nation’ Goal appeared first on Latest India news, analysis and reports on Newspack by India Press Agency).

The article BJP Top Brass’s Three-Year Plan To Achieve ‘One-Party, One-Nation’ Goal appeared first on Arabian Post.

The article Tehran suspends Hormuz fees as talks open appeared first on Arabian Post.

The article Amanat tightens grip on Gulf rehabilitation care appeared first on Arabian Post.

The issue, tracked as VU#457458 and made public on June 18, 2026, affects multiple UEFI applications signed by hardware and firmware vendors. The weakness does not rely on breaking encryption or stealing signing keys. Instead, it turns legitimate signed tools into attack instruments when those tools expose powerful pre-boot functions without adequate restrictions.

The risk centres on the trust model behind Secure Boot, a firmware security mechanism designed to ensure that only approved software runs during system startup. If a vulnerable application is signed by a certificate already trusted by a device, an attacker with sufficient access may be able to load it and use its functions to bypass Secure Boot policy. That could allow malicious code to execute before the operating system, endpoint protection tools and ordinary logging mechanisms are active.

The vulnerable applications include UEFI shell tools and boot-related components associated with several vendor ecosystems. Listed examples include applications tied to Acer, Acer Emdoor, ASUS, ECS, Getac, GIGABYTE, Toshiba, Uniwill, Maingear, Schenker and Maibenben, with exposed functions such as memory modification, variable dumping and firmware variable setting. One Acer-linked GRUB2 component is also identified in the affected list through its insmod functionality.

The discovery underlines a persistent supply-chain problem in firmware security: a signed binary can remain dangerous even when the signature is valid. Secure Boot checks whether a component is trusted, but a valid signature does not guarantee that the component cannot be abused. Where a signed pre-boot utility can manipulate memory, change non-volatile variables or load raw drivers, it can become a bridge from authorised execution to unauthorised control.

The attack resembles a “bring your own vulnerable driver” technique, adapted to the firmware layer. Such attacks have long troubled operating-system security, where adversaries introduce a legitimate but flawed signed driver to gain elevated privileges. At the UEFI level, the stakes are higher because successful compromise occurs before the operating system takes control.

The impact is limited to systems that trust the specific vendor certificate linked to the affected application. That qualification is important: the issue does not automatically expose every Secure Boot-enabled machine. However, enterprise fleets often contain mixed hardware, older firmware packages, recovery media and vendor utilities, making exposure difficult to rule out without checking DBX status and firmware inventories.

A successful exploit would require administrative privileges or physical access, but that threshold may not reassure high-risk organisations. Attackers who already have administrator-level access often seek persistence that survives reboot, reinstallation or conventional incident response. Firmware-level compromise can support that objective by allowing unsigned or malicious kernel components to load before normal security controls begin monitoring the system.

The recommended mitigation is to install vendor firmware and software updates and then update and verify the UEFI DBX, the revocation database used to block known unsafe boot components. Once the affected hashes or signatures are added to DBX, the vulnerable binaries should no longer execute during the boot process on protected systems.

The operational challenge is that DBX updates can be sensitive. Administrators must confirm that bootloaders, recovery images and deployment tools are compatible before revoking older components. A poorly sequenced update can cause boot failures, especially on systems using customised Linux boot chains, legacy recovery media or older signed utilities.

Vendor responses vary. GIGABYTE is listed as affected and has indicated it will remove a signed efiflash. efi component from BIOS update packages and restrict parameters that could be used through an EFI shell to bypass Secure Boot. AMD has said the identified impacted products have reached end of security support and declined to issue a CVE ID under its end-of-support policy. AMI, Intel and Supermicro are listed as not affected, while several major vendors remain in unknown status pending public statements.

The disclosure follows wider scrutiny of Secure Boot revocation practices after earlier vulnerabilities showed how outdated signed boot components could remain trusted for long periods. That pattern has pushed firmware security teams to treat DBX management as a continuing control rather than a one-off patching exercise.

For large organisations, the practical response is likely to involve three parallel tasks: identifying machines that trust affected certificates, ensuring firmware and bootloaders are current, and confirming that DBX updates have been applied successfully. Asset visibility will be central because vulnerable UEFI applications may be present in firmware packages, service partitions, recovery environments or administrator toolkits rather than installed operating-system software.

The episode also highlights a governance gap in the UEFI ecosystem. Hardware makers, firmware suppliers, operating-system vendors and security researchers all share responsibility for the trust chain, but revocation depends on coordinated updates reaching devices that may remain in service for years. As devices age and vendor support ends, signed pre-boot utilities can become difficult to revoke without disrupting compatibility.

The article Firmware trust gap widens over UEFI flaw appeared first on Arabian Post.

The Dubai Gold and Commodities Exchange will introduce its Gold Spot T+0 Contract on Monday, 22 June, positioning the emirate as one of the few global centres offering exchange-based same-day settlement for physical bullion. The product is being presented as the GCC’s first regulated spot gold contract with T+0 settlement, a structure intended to reduce operational delays that remain common in over-the-counter bullion trading.

The contract is based on 1kg UAE Good Delivery gold and will be settled in UAE dirhams. Trades will be cleared through Dubai Commodities Clearing Corporation, the exchange’s clearing arm, while physical delivery will be routed through approved vault infrastructure. The model brings execution, central counterparty clearing and delivery into a single regulated framework, offering traders a more transparent alternative to bilateral settlement arrangements.

The launch comes as Dubai seeks to deepen its role in the international bullion trade, linking producers, refiners, banks, wholesalers and jewellery markets across Asia, Africa and Europe. The UAE has become one of the world’s largest physical gold trading hubs, supported by refining capacity, vaulting infrastructure, low-tax bullion trading, air connectivity and a large wholesale market centred on Dubai.

The new contract addresses three specific demands from market participants: faster settlement, greater price certainty and reduced operational friction. Same-day settlement allows participants to deploy capital more efficiently by shortening the time between trade execution and delivery. It can also reduce exposure to counterparty and price movement risks during the settlement window, particularly during periods of high volatility.

Ahmed Bin Sulayem, chairman and chief executive of DGCX, said Dubai’s gold market required faster and more transparent settlement tools as bullion flows expanded between East and West. “By bringing exchange trading, central clearing, and same-day physical settlement together within a regulated framework, we are providing market participants with greater certainty, improved efficiency, and direct access to physical delivery,” he said.

The contract is aimed at bullion dealers, refineries, brokers, clearing members and institutional participants rather than casual retail buyers. Its design gives physical traders a mechanism to match exchange-level price discovery with actual delivery, a feature that is particularly relevant for firms managing refinery output, wholesale inventory, hedging requirements or short-term liquidity needs.

DGCX said the product strengthens Dubai’s market infrastructure by creating a more robust benchmark for physical gold in the UAE. That objective has gained importance as global bullion trading becomes more sensitive to settlement speed, vault location and regulatory oversight. Exchanges and financial centres in Asia and the Middle East are competing to capture more physical gold flows as demand patterns shift eastward.

Gold markets have been shaped by strong investment demand, central bank buying and persistent geopolitical uncertainty. Global gold demand crossed 5,000 tonnes in 2025 for the first time, while gold-backed exchange-traded funds and bar-and-coin purchases rose sharply. Central banks remained large buyers, although the pace moderated from the exceptional levels recorded over the previous three years.

High prices have altered behaviour across the industry. Investment demand has strengthened, but jewellery consumption in several major markets has faced pressure as buyers adjust to elevated prices. For trade hubs such as Dubai, the changing mix of demand has increased the need for efficient wholesale, vaulting and settlement systems that can serve both physical and financial market participants.

The UAE’s foreign trade in precious metals reached nearly AED625 billion in 2024, up 27 per cent from the previous year, underlining the scale of the market that Dubai is attempting to serve with deeper exchange infrastructure. Gold passing through the UAE market has also supported a wider ecosystem of refiners, logistics providers, vault operators, brokers, banks and jewellery wholesalers.

DGCX has been expanding its precious metals suite as part of a broader effort to reinforce its role in regulated commodity trading. Its market activity grew in 2025, with total traded volumes rising 30 per cent year-on-year to 2,048,556 lots. The total value of contracts traded reached $46.96 billion, while average daily volumes rose to 7,940 lots and average open interest stood at 13,015 lots.

Arabian Post – Crypto News Network

The article DGCX sets same-day benchmark for gold trading appeared first on Arabian Post.

The operation centred on a Rust-based clipboard hijacker, known in cybercrime circles as a clipper, that monitors copied wallet addresses and silently replaces them with addresses controlled by the attacker. The malware was built for Windows and macOS and was hidden inside tools marketed to crypto traders and online gamblers seeking quick gains through Solana and Pump. fun sniper bots, Aviator predictors and crash-game prediction software.

The campaign marks a shift from conventional malware delivery towards a broader reputation-building strategy. Instead of relying only on hidden payloads or phishing lures, the actor created a public-facing ecosystem designed to withstand casual scrutiny. Victims checking GitHub stars, SourceForge downloads, YouTube tutorials, news-style promotional posts or VirusTotal comments could find what appeared to be signs of legitimacy.

Check Point Research traced the activity to a single threat actor using a WordPress phishing site as the main hub. The site directed visitors to GitHub, SourceForge and YouTube pages carrying the same branding and download links. A Telegram contact using the handle @JoseCmanXD appeared across parts of the network, helping connect the website, videos and promotional material.

The malicious files were promoted as software that could automate trading or predict betting outcomes. Such themes are frequently used to target users already prepared to install unverified tools, disable security warnings or overlook suspicious behaviour in the hope of financial advantage. The campaign’s likely victim pool included crypto holders, meme-coin traders and online gambling users.

On GitHub, at least six accounts appeared to promote or distribute the software, with some repositories showing inflated engagement. One repository displayed 146 stars and 62 forks, figures that would ordinarily suggest community interest. The accounts identified in the operation included Decryptor-j, crash-predictor1, roblox-script1, hack-scripts and stake-mines. GitHub downloads linked to the known accounts exceeded 5,000, including more than 1,250 downloads of a macOS version of Aviator Predictor.

SourceForge activity showed a larger distortion. The relevant projects displayed 44,485 downloads, but 37,460 were attributed to Android devices despite the actor offering only Windows and macOS versions. That mismatch points to artificial traffic generation, possibly through an Android device farm used to inflate download counters and create false credibility.

The YouTube element added another layer of social proof. A dedicated channel with more than 91,000 subscribers promoted the tools through tutorial-style videos using AI-generated narrators. View counts showed unusual spikes rather than steady organic growth, while comment sections carried highly positive responses that appeared coordinated. Some comments from likely real users complained that the promoted tools did not work as advertised.

The malware itself is technically straightforward but effective. On Windows, victims downloaded ZIP archives containing multiple files, though the main execution path led to a. NET loader that launched a Rust-built executable. The payload copied itself into the user’s application data folder and created a startup shortcut, allowing it to run automatically after login. Once active, it continuously scanned the clipboard for wallet address formats and swapped matches with attacker-controlled addresses drawn from embedded lists.

The macOS version followed the same objective, targeting users who believed they were installing trading or prediction tools. Because crypto transfers are irreversible and wallet addresses are long strings that many users verify only partially, clipboard hijacking can succeed even when a victim believes the transaction details have been checked.

The operation also sought to manipulate security reputation systems. Some malware samples received benign votes and favourable comments on VirusTotal, reducing the chance that wary users would treat low detection scores as suspicious. That tactic raises concern for security teams that depend partly on crowdsourced reputation signals when triaging files.

The use of promotional posts on legitimate news websites and press-release networks further broadened the campaign’s reach. Several such posts appear to have been published on the same day, April 27, 2026, before many were removed. Their purpose was to place malicious tools beside trusted content and search-indexed pages, strengthening the illusion that the software had public validation.

Arabian Post – Crypto News Network

The article Fake trust network pushes crypto-stealing clipper appeared first on Arabian Post.

By T N Ashok

On a humid June morning in India’s capital, the birthday wishes began arriving before sunrise. Students posted videos on Instagram. Party workers unfurled banners across small towns. Political allies issued carefully worded messages of solidarity. Critics, never far behind, reminded the nation of his electoral defeats, his verbal missteps and the privilege of his birth.

Few politicians in contemporary India provoke reactions as sharply divided as Rahul Gandhi. To supporters, he is the last national leader capable of challenging Prime Minister Narendra Modi and the Bharatiya Janata Party’s formidable political machine. To detractors, he remains an accidental politician, a fourth-generation dynast whose surname opened doors that would remain shut to almost everyone else.

Yet after two decades in public life, Gandhi has outlasted countless predictions of his political demise. At 56, he remains perhaps the most recognizable opposition figure in India and, despite repeated setbacks, one of the few politicians with a conceivable path to the prime ministership. The caricature and the reality, as often happens in politics, are not quite the same.

Rahul Gandhi entered politics carrying a burden few politicians have known. He was born into one of the most powerful political lineages and yet has to struggle to defeat the BJP. He was born in 1970 to Rajiv Gandhi and Sonia Gandhi, grandson of Prime Minister Indira Gandhi and great-grandson of India’s first Prime Minister, Jawaharlal Nehru.

The family lineage is inseparable from the story of modern India itself. Nehru guided the newly independent nation for seventeen years. Indira Gandhi centralized power and dominated Indian politics for decades. Rajiv Gandhi became prime minister after his mother’s assassination in 1984. Both Indira and Rajiv would later be assassinated.

The violence profoundly shaped Rahul Gandhi’s life. Unlike many political heirs who eagerly embrace public attention, Gandhi spent much of his youth shielded from it. Security concerns dictated his schooling. Friends recall a reserved young man more comfortable in small circles than on public stages.

He studied at institutions linked to Delhi University and later abroad, eventually working briefly in the private sector before returning to India. Politics was less a choice than an inheritance.

When Gandhi entered electoral politics in 2004, winning from the family stronghold of Amethi in Uttar Pradesh, many assumed the succession plan was obvious. The Congress Party, once India’s natural party of government, expected its young prince eventually to reclaim the throne.

Reality proved more complicated. Gandhi initially appeared uncomfortable with the rituals of Indian politics. His speeches often lacked the sharpness of seasoned campaigners. Interviews sometimes became fodder for ridicule. Television studios and social media users dissected his mistakes with unusual intensity.

For years, political opponents successfully portrayed him as inexperienced, entitled and disconnected from ordinary Indians. The image stuck. It became one of the most effective political caricatures in modern Indian politics.

Yet colleagues who worked closely with him described a different figure: intensely curious, deeply interested in organizational reform and surprisingly persistent despite public setbacks. The contradiction would define much of his career.

Judged solely by election results, Gandhi’s record appears uneven. But there is success hidden behind his failures. The Congress-led coalition won national elections in 2004 and 2009, though those victories were generally attributed to Sonia Gandhi and Prime Minister Manmohan Singh rather than Rahul.

The real tests came later. The crushing defeats of 2014 and 2019 transformed him into the face of Congress’s decline. Narendra Modi’s rise reshaped Indian politics, turning the BJP into the dominant national force and reducing Congress to a shadow of its former self.

Many politicians would have disappeared after such defeats. Gandhi did not. Instead, he gradually reinvented himself. His most significant political achievement may not have been an election at all but a journey.

In 2022, Gandhi launched the Bharat Jodo Yatra, a cross-country march spanning thousands of kilometres. Critics initially dismissed it as political theatre. Yet as images emerged of him walking through villages, cities and remote regions, the march began altering public perceptions. It showcased a politician willing to engage directly with citizens rather than relying solely on rallies and television appearances.

A second nationwide march followed. The yatras helped transform Gandhi from a reluctant politician into a more confident public figure. Even some critics acknowledged the change.

Unlike many Indian political leaders, Gandhi’s personal life remains largely private. He has never married. Like Vajpayee the orator and Modi the PR man , he is a reclusive politician who is also a bachelor like them. So NO baggage.

The subject periodically becomes a national obsession, generating speculation that he rarely addresses. Supporters argue that his bachelor status frees him from accusations of promoting immediate family interests. Critics counter that it reveals little about his political abilities. In truth, the fascination says more about India than it does about Gandhi.

In a political culture where family networks often determine careers, the absence of a spouse and children makes him an unusual figure. His closest political relationship remains with his sister, Priyanka Gandhi Vadra, whose campaigning skills have frequently drawn comparisons with their grandmother, Indira Gandhi.

Together, they represent the latest generation of one of the world’s most enduring political dynasties. The youthful duo captures the imagination of GEN Z and millennials. The productive force of Indian society and nation building. Perhaps the most surprising development of recent years has been Gandhi’s growing appeal among younger voters. India is a young nation. Hundreds of millions of citizens are under forty.

Many have no memory of Congress dominance. They grew up during the Modi era and encountered Gandhi primarily through digital platforms rather than traditional party structures. His social media presence has evolved significantly. Videos of unscripted interactions with students, workers, delivery personnel and small entrepreneurs often circulate widely online.

He speaks a language that resonates with parts of Generation Z: inequality, unemployment, concentration of wealth and democratic accountability. Whether that online popularity translates into votes remains uncertain. But it has given Gandhi something he lacked for much of his career: a direct connection with younger Indians unmediated by television channels or party organizations.

Any profile of Rahul Gandhi ultimately returns to Narendra Modi. His biggest challenge is to break the Modi Magic, The Charisma, The bubble that Modi has created. He has to find ways to prick the bubble to replace it with himself.

The two men represent contrasting political stories. Modi rose from modest beginnings to become India’s most dominant political figure in decades. Gandhi inherited a legacy that many Indians admire and many others resent. Modi projects authority and certainty. Gandhi often projects introspection and questioning. Modi’s supporters celebrate decisive leadership. Gandhi’s supporters argue that democracy requires a robust opposition capable of challenging concentrated power.

The asymmetry between them remains vast. Modi leads a party that has expanded its footprint across much of India. Gandhi leads a Congress Party still struggling to recover organizational strength lost over a decade. Yet politics has a way of changing unexpectedly. Few believed Congress could return to power after earlier periods of decline. Few predicted the BJP’s extraordinary rise thirty years ago. History rarely moves in straight lines.

Can He Become Prime Minister?: The question follows Gandhi everywhere. The answer is neither impossible nor imminent. For Gandhi to become prime minister, several conditions would need to align. Congress would need to continue rebuilding. Opposition parties would need to cooperate. Regional leaders would need to accept a national coalition framework. Most importantly, voters would need to decide they want an alternative to the BJP.

Those are substantial hurdles. But Gandhi possesses advantages that few opposition leaders enjoy. His national recognition is unmatched outside Modi. His party, despite its weakness, remains India’s only opposition organization with a truly nationwide legacy. His surname continues to evoke loyalty among millions even as it generates skepticism among others.

Political careers are often judged too quickly. The young man once mocked as an unwilling heir has become a resilient opposition leader. The politician repeatedly written off has repeatedly returned. Whether Rahul Gandhi eventually reaches the prime minister’s office remains one of the central unanswered questions of Indian politics.

For now, on his birthday, he occupies a more familiar position: neither triumphant or defeated, neither fully embraced nor fully rejected. Just still standing. And in a democracy as vast and unpredictable as India, that alone can be a remarkable political achievement. (IPA Service)

The article The Twists And Turns In Rahul Gandhi’s 22 Year Old Political Journey appeared first on Latest India news, analysis and reports on Newspack by India Press Agency).

The article The Twists And Turns In Rahul Gandhi’s 22 Year Old Political Journey appeared first on Arabian Post.

The article UAE sets firm age bar for social platforms appeared first on Arabian Post.

The article MENA dealmakers brace for slower rebound appeared first on Arabian Post.

By R. Suryamurthy

India’s economy is supposedly doing remarkably well. Growth remains among the fastest in the world. Stock markets continue to flirt with record highs. Billionaires are multiplying. Airports are expanding. Bullet trains are advancing. Defence exports are reaching new milestones. The nation is speaking confidently about becoming a $10 trillion economy and a developed country by 2047.

Yet somewhere between these grand ambitions and glittering statistics, another India exists. It is the India of shrinking grocery baskets, rising electricity bills, stagnant wages, disappearing job opportunities and relentless economic anxiety.

This India does not feature prominently in government presentations, corporate earnings calls or investor conferences. But it is India that most citizens inhabit.

And for them, the economy feels less like a boom and more like a slow-moving recession. Not a technical recession measured by GDP contractions. A household recession is measured by declining purchasing power. A recession of aspirations. A recession of dignity. A recession in which people are working harder merely to stand still.

The latest diplomatic thaw between the United States and Iran is being hailed as a victory for stability. Markets have responded positively. Oil traders anticipate lower risk premiums. Shipping companies expect fewer disruptions in the Gulf.

But if there is one lesson ordinary Indians have learned over the past few years, it is that global crises arrive quickly while relief arrives slowly. When tensions escalated in West Asia, fuel prices rose. Transportation costs climbed. Fertiliser became more expensive. Food inflation accelerated. Electricity costs increased. Every stage of the supply chain passed costs downward until they finally landed where they always do—on the shoulders of the consumer.

Now that peace appears to be returning, nobody is promising that those costs will fall with equal speed. That asymmetry defines modern economics. Prices rise like rockets and descend like feathers. Profits are privatised. Pain is socialised. The same pattern is visible across sectors.

When commodity prices increase, companies raise prices immediately. When commodity prices fall, they discover fresh reasons to maintain margins. Consumers are expected to understand market realities during difficult times, but rarely receive equivalent consideration when conditions improve.

The burden of adjustment is remarkably one-sided. The consumer absorbs inflation. The worker absorbs productivity pressures. The taxpayer absorbs subsidies. The citizen absorbs uncertainty. Everyone else has mechanisms to hedge risk. The common man has none.

This reality becomes even more uncomfortable when viewed through the lens of climate change. India is entering an era in which the weather itself is becoming a source of economic instability.

For decades, economists treated climate as a background condition. Rain arrived. Temperatures fluctuated. Agriculture adapted. Markets adjusted. That assumption no longer holds.

Heatwaves now arrive with frightening regularity. Monsoons have become increasingly erratic. Floods and droughts often occur within the same season. Reservoir levels, crop yields, electricity demand and food prices are becoming more volatile.

What was once considered an environmental challenge is rapidly becoming an economic one. And once again, the burden falls disproportionately on those least capable of carrying it.

The wealthy experience heat differently. They retreat into climate-controlled homes, offices and vehicles. The poor experience heat physically. The delivery rider crossing a city under a blazing sun experiences climate change differently from the executive tracking temperatures from an air-conditioned office. The construction worker labouring on exposed concrete experiences climate change differently from the investor purchasing shares in cooling-equipment manufacturers.

One person’s inconvenience is another person’s survival challenge. This inequality is becoming one of the defining features of modern India. The country is witnessing extraordinary wealth creation alongside growing economic insecurity. That contradiction is becoming impossible to ignore.

Official statistics may show moderation in inflation. Yet anyone visiting a local market knows that food prices remain stubbornly high. Healthcare costs continue rising. Education expenses keep climbing. Housing has become unaffordable in many urban centres. Electricity consumption required merely to remain comfortable during summer is creating a new category of household expenditure.

Meanwhile, wage growth remains uneven. This is especially true for younger Indians. No demographic should be more optimistic about the future than the youth of a rapidly growing economy.

Instead, many young Indians find themselves trapped between expensive education, uncertain employment and rising living costs. Degrees are multiplying faster than opportunities. Expectations are rising faster than incomes. Qualifications are increasing faster than job creation.

The result is a generation that often appears educated but economically insecure. That insecurity carries consequences extending far beyond economics. A society’s stability ultimately depends not on how wealthy its richest citizens become but on whether ordinary people believe their future will be better than their present.

That belief is becoming harder to sustain. The middle class, once viewed as India’s greatest success story, increasingly finds itself squeezed from both directions. It pays taxes but receives limited subsidies. It earns too much to qualify for assistance yet too little to feel secure.

It is expected to finance healthcare, education, housing, retirement and increasingly climate adaptation from its own resources. Every new shock—whether geopolitical, climatic or economic—extracts another layer of savings. For many families, financial planning has been replaced by financial firefighting.

The deeper problem is that policymakers continue to treat these crises as isolated events. Inflation is discussed separately from climate. Climate is discussed separately from employment. Employment is discussed separately from energy. Energy is discussed separately from geopolitics. In reality, they have become inseparable.

A conflict in the Gulf affects fuel costs. Fuel costs affect transportation. Transportation affects food prices. Food prices affect inflation. Inflation affects household consumption. Consumption affects growth. Growth affects employment. Employment affects social stability. Everything is connected. Yet policy frameworks often remain fragmented.

India’s greatest challenge in the coming decade may not be achieving rapid growth. It may be ensuring that growth remains meaningful for ordinary citizens. Economic success cannot be measured solely by aggregate indicators.

GDP does not reveal whether families are reducing protein consumption. Stock indices do not reveal whether young graduates are finding stable jobs. Corporate earnings do not reveal whether households can afford air-conditioning during increasingly dangerous summers.

National wealth does not automatically translate into household security. The distinction matters. Because citizens do not experience economies in aggregate. They experience them individually. Through salaries. Through bills. Through rents. Through school fees. Through grocery purchases. Through fuel receipts. Through medical expenses. Through the constant calculation of whether the next month will be manageable.

The danger facing India is not economic collapse. The danger is something more subtle. A gradual normalisation of insecurity. A society in which citizens become accustomed to paying more for less. A society where every external shock is accepted as inevitable. A society where resilience becomes a euphemism for endurance. That is not resilience. That is resignation.

The forthcoming Iran-US agreement may lower tensions. The monsoon may eventually recover. Inflation may moderate. Markets may celebrate. But unless those improvements translate into tangible relief for households, the underlying discontent will remain.

Because ultimately, nations are not judged by the comfort of their elites, the optimism of their investors or the ambitions of their policymakers. They are judged by whether ordinary people can live with dignity, security and hope.

And today, despite all the triumphalism surrounding India’s rise, millions of Indians are asking a simple question that remains unanswered: If the economy is doing so well, why does everyday life feel so difficult? (IPA Service)

The article The Great Dichotomy Of The Growing Indian Economy Haunts Millions appeared first on Latest India news, analysis and reports on Newspack by India Press Agency).

The article The Great Dichotomy Of The Growing Indian Economy Haunts Millions appeared first on Arabian Post.

The article Investcorp backs Metra’s regional technology expansion appeared first on Arabian Post.

Arabian Post Staff -Dubai

The article Aramco weighs sulphur stake sale to raise cash appeared first on Arabian Post.

The campaign, tracked as GitBait, has been active for nearly three years and has impersonated at least a dozen banks and financial services providers. Its operators have used more than 100 GitHub Pages-hosted domains and repository structures to publish cloned landing pages under directory paths such as support, cancellation and mobile-banking variants, enabling them to keep parts of the network alive even when individual pages are removed.

The operation reflects a broader shift in financial phishing, where attackers are moving away from stand-alone malicious infrastructure and leaning on trusted cloud and developer platforms that already carry encryption, availability and reputational cover. GitHub Pages, a free static website hosting service, gives each page a github. io address and HTTPS protection, making crude blocklist-based defences less effective when victims are directed through text messages, email or chat apps.

At the centre of the campaign is a reusable phishing kit with an internal selector panel. Operators can choose the institution they want to mimic and generate a matching landing page, allowing the same infrastructure to serve multiple brands. The cloned pages are designed for both desktop and mobile users, reflecting the way banking customers in Mexico increasingly move between app-based and browser-based access.

Victims are typically taken through a staged process that begins with a trust-building imitation of a bank page and then moves into forms requesting credentials, card numbers, customer IDs and other sensitive fields. Some versions display a fake verification or waiting screen after submission, a tactic that keeps the user on the page and reduces suspicion while the information is transmitted elsewhere.

The most notable feature of GitBait is its serverless collection method. Instead of sending stolen data to a conventional command-and-control server, obfuscated JavaScript embedded in the phishing pages intercepts form submissions and pushes the data through the SheetBest API into attacker-controlled Google Sheets. This approach gives the operators a ready-made storage and viewing system without maintaining their own back-end infrastructure.

At least one variant used Telegram bot infrastructure as an alternative exfiltration channel, with hardcoded tokens and chat identifiers embedded in the page code. That suggests the operators have maintained backup routes for collecting data and have adjusted their workflow over time as hosting and detection pressures changed.

Repository activity linked to the operation points to organised maintenance rather than one-off abuse. Multiple operator accounts appear to have contributed to page deployment, brand template updates and infrastructure changes. Commit histories show work continuing over extended periods, indicating a campaign managed with the discipline of a repeatable fraud operation.

The use of crafted Open Graph preview tags added another layer of deception. When malicious links were shared through messaging platforms, the preview could display the name, logo or visual language of a targeted financial institution, increasing the likelihood that a customer would tap through without scrutinising the github. io address.

The phishing pages do not exploit a vulnerability in GitHub Pages. They abuse a legitimate publishing feature by placing deceptive content on a trusted platform. That distinction matters for defenders, because the risk lies less in software compromise and more in the speed with which attackers can create, modify and reissue pages that borrow the credibility of widely used services.

The case also highlights the limits of traditional brand-protection methods. Takedown requests can remove individual repositories, but modular hosting and duplicated page structures allow operators to relaunch quickly. Financial institutions now need continuous monitoring for naming patterns that combine their brands with support, cancellation, verification or mobile-banking terms, especially on free hosting and code-sharing platforms.

Security teams are being urged to watch for unexpected outbound browser traffic to api. sheetbest. com from banking-session contexts, as well as suspicious form submissions from pages outside authorised domains. Behavioural detection, transaction alerts, device fingerprinting and stronger customer authentication can help reduce losses when credentials have already been captured.

For customers, the warning signs remain familiar but harder to spot. A banking page reached through a message link, a request for full card details, or a demand to re-enter online-banking credentials outside a bank’s official app or domain should be treated as suspicious. The presence of HTTPS or a recognisable logo is no longer enough to establish trust.

The article GitBait phishing ring targets Mexican bank users appeared first on Arabian Post.

By K Raveendran

The US-Iran deal marks a genuine easing of one of the most dangerous geopolitical shocks to hit the energy market, but it should not be mistaken for a reset button. The immediate risk of a military breakdown has declined, and that matters for every stakeholder: Washington, Tehran, Gulf producers, Asian importers, shipping insurers and consuming economies already battling inflation. Yet the oil market that existed before the war cannot simply be restored by diplomatic signature. The risk premium has not vanished. It has changed its structure, moving from the visible fear of missiles, mines and naval confrontation to the less dramatic but equally consequential uncertainties of compliance, sequencing and trust.

Before the war, oil prices were already showing a downward tendency. Slowing demand growth, stronger non-OPEC supply, the gradual cooling of speculative positioning and concerns over the durability of consumption in China and Europe had all placed pressure on crude. That bearish environment has not disappeared, but it has been overlaid by a new political memory. Traders, refiners and governments have now priced in the fact that the Strait of Hormuz can again become a pressure point at short notice. That experience has value in the market, and value in oil markets usually translates into a premium.

The most optimistic reading is that the deal opens the way for flows through Hormuz to recover more strongly than many had expected. If sanctions relief proceeds and the ceasefire holds, volumes could rise towards 14 million barrels per day by January, supported by the return of Iranian exports, greater confidence among shipowners and a gradual retreat of the geopolitical premium. That would be a major improvement from the wartime disruption and would ease pressure on import-dependent economies. It would also reduce the urgency of emergency stock releases, shipping escorts and costly rerouting. But even this constructive scenario does not imply a return to pre-war pricing. It implies a transition from acute crisis pricing to conditional normalisation.

The distinction is important. Markets do not only price today’s physical barrels; they price the probability that tomorrow’s barrels may not arrive. A ceasefire can lower the probability of immediate disruption, but it cannot erase the fact that the region remains crowded with unresolved flashpoints. Lebanon remains one of them. Any escalation involving Iranian-aligned actors, Israel, or Western military assets could quickly test the understanding behind the deal. Even if Tehran and Washington intend to hold the line, regional allies and proxies may not interpret restraint in the same way. Energy markets are particularly sensitive to such ambiguity because a small perceived threat to chokepoint supply can have an outsized impact on price expectations.

Sequencing is another weakness. The deal may be positive in principle, but its durability depends on who moves first, how quickly sanctions are lifted, how nuclear-related commitments are verified, and how maritime guarantees are monitored. If Iran expects immediate economic relief while Washington expects staged compliance, friction is inevitable. If shipowners and insurers believe legal waivers are reversible, they will move cautiously. If banks fear secondary penalties, oil trade will resume more slowly than the political language suggests. Physical flows can recover only when the commercial ecosystem around them feels protected. Tankers, letters of credit, insurance cover, port access and refinery procurement decisions all require confidence that the arrangement will survive beyond the next diplomatic dispute.

That is why the market response is likely to be uneven. The first phase is relief. Prices fall from panic levels as traders remove the most extreme war scenarios. The second phase is scepticism. Buyers ask whether barrels can actually move, whether sanctions waivers are enforceable, whether insurance costs fall, and whether Gulf shipping lanes are secure enough for normal scheduling. The third phase is adjustment. If cargoes move consistently and political messaging remains disciplined, the premium compresses further. But compression is not elimination. The war has created a new baseline of caution.

For Gulf producers, the deal is both stabilising and complicated. It lowers the risk of a regional conflict that could damage infrastructure and trade routes, but it also brings additional Iranian supply into a market already attentive to balance. If Iranian exports rise quickly, other producers may need to calibrate output more carefully to avoid a renewed price slide. The pre-war downward tendency in crude prices could reassert itself if demand remains soft and inventories rebuild. But because the market is no longer operating in a clean macroeconomic frame, every bearish signal will be filtered through geopolitical risk. That makes price formation more volatile than before.

For Asian economies, particularly large importers like India, the deal offers breathing space rather than comfort. Lower risk of immediate conflict helps inflation management, external balances and currency stability. Refiners gain optionality if Iranian grades become more available. Freight and insurance costs may ease. But governments will be reluctant to assume that the Hormuz risk has permanently receded. Strategic reserves, diversified sourcing and long-term supply contracts will remain central policy tools. The lesson of the crisis is not merely that diplomacy can reopen flows; it is that dependence on a narrow maritime corridor remains a structural vulnerability.

For Iran, the economic upside is clear. Access to oil revenue, banking channels and transport services could provide relief after prolonged pressure. But the political bargain is demanding. Tehran will need to show enough compliance to keep the deal alive while avoiding the domestic perception that it has conceded under pressure. Washington faces a parallel problem. It must convince allies, markets and domestic critics that sanctions relief does not reward escalation and that nuclear restrictions are credible. Both sides therefore have incentives to claim victory, but not necessarily the same understanding of what victory means. That gap is where future disputes may emerge.

The consensus that oil will not return to pre-war levels rests on this altered psychology. The market has learned that military risk in the Gulf can escalate faster than diplomacy can contain it. It has also learned that the legal and commercial plumbing of sanctions relief is slower than political announcements. Even if flows recover sharply by January, the memory of disruption will remain embedded in freight rates, inventory strategy and hedging behaviour. The market may stop pricing war, but it will continue pricing relapse.

The most credible outlook is therefore neither a full peace dividend nor a renewed crisis premium. It is a middle path: prices ease from wartime extremes, Iranian supply gradually returns, Hormuz traffic improves, and the largest shock scenarios fade. At the same time, a residual premium persists because the ceasefire is exposed to regional escalation, implementation disputes and mutual suspicion. Oil can fall from fear, but it cannot yet fall back into innocence. (IPA Service)

The article Oil’s Peace Dividend Is Real But No Return To Pre-War Situation appeared first on Latest India news, analysis and reports on Newspack by India Press Agency).

The article Oil’s Peace Dividend Is Real But No Return To Pre-War Situation appeared first on Arabian Post.

Dubai returned 23 rescued sea turtles to the Arabian Gulf, including a one-flipper survivor named Foxy whose release marked a fresh milestone in the emirate’s two-decade marine conservation effort.

The release, staged from the Dubai coastline ahead of World Sea Turtle Day on June 16, brought together 22 green turtles and one hawksbill turtle after months of rehabilitation. Foxy, a green turtle that had lost a front flipper, drew particular attention after recovering from serious injury and being fitted with a satellite tracker to monitor her movements in open water.

The Dubai Turtle Rehabilitation Project, operating since 2004, has now rescued, treated and returned more than 2,350 turtles to the wild. The programme’s latest release also pushed the number of satellite-tracked turtles past 100, strengthening a database used to study migration routes, survival rates and habitat use across the Arabian Gulf and adjoining waters.

Foxy was found off Ras Al Khaimah in January 2025 after a fisherman spotted her in distress. Sheikh Fahim Bin Sultan Bin Khalid Al Qasimi, an ambassador for the rehabilitation project, helped move the injured turtle to Dubai for treatment. Veterinary teams later carried out surgery and supervised a recovery that stretched over 17 months, during which Foxy regained the strength and swimming capacity needed for release.

Her return to the sea has given conservation teams a rare opportunity to track how an amputee turtle adapts in the wild. Earlier tracking work by the project has shown that rehabilitated turtles, including some with amputated flippers, can resume natural movement patterns if released after careful medical assessment and conditioning. The risks remain significant, with boat strikes, fishing gear, plastic ingestion and habitat pressure among the main causes of injury and death.

The turtles passed through a phased recovery process that begins with stabilisation and medical treatment, including examinations, surgery where required, antibiotics, feeding support and water-quality monitoring. Once stronger, the animals are moved to the Turtle Rehabilitation Sanctuary at Jumeirah Al Naseem, a sea-fed lagoon designed to help them rebuild stamina and natural behaviour before release.

The sanctuary’s shallow waters, sea access and sheltered features allow weakened turtles to regain buoyancy control and feeding instincts under supervision. The project also uses the site for public education, bringing residents, visitors and schoolchildren into contact with rescued turtles while explaining the pressures facing marine life in the region.

The latest group included animals affected by serious injuries and illness, including flipper trauma, plastic-related complications and suspected vessel impacts. Conservation teams timed the release around tide and weather conditions, a standard step intended to reduce stress and give the turtles the best chance of moving safely into deeper water.

The hawksbill turtle in the group carried added conservation significance. Hawksbills are native to the region and are listed as critically endangered, with nesting populations under pressure from coastal development, illegal trade, marine pollution and climate-linked changes to beach conditions. Green turtles, though more widely distributed, also face long-term threats from fishing activity, habitat loss, egg predation, coastal lighting and ocean warming.

Dubai’s turtle rehabilitation effort has grown from a rescue response into a wider conservation and research platform. Its work involves hotel-based marine specialists, veterinary partners and government environmental authorities, with treatment often beginning after members of the public, fishermen or coastal operators report injured animals.

The project’s long-term value lies not only in individual rescues but also in the information gathered after release. Satellite tags provide data on where rehabilitated turtles travel, how long they survive after treatment and which marine areas they use for feeding and migration. Those findings can support wider protection measures, particularly in a busy Gulf environment where shipping, construction, fishing and tourism overlap with important marine habitats.

Foxy’s case also underscores the role of rapid reporting. Turtles found weak, entangled or floating abnormally can deteriorate quickly if left untreated. Conservation workers have repeatedly urged the public not to push distressed turtles back to sea immediately, but to alert trained teams so the animals can be assessed, stabilised and treated.

via Greenlogue.com

____________________________________

This article first appeared on Greenlogue.com and is brought to you by Hyphen Digital Network

The article Foxy leads Dubai turtle return to sea appeared first on Arabian Post.

The Arab tourism market is poised to play a defining role in the future growth of Kerala tourism – particularly in driving progress across Ayurveda tourism, medical tourism, luxury travel, and the souvenir industry.

Kerala Minister for Tourism, Culture and Cinema unveiled the official logo of the Indo Arab Connect 2026, India’s biggest-ever GCC and West Asia tourism summit, to be held in Kochi during the first week of September 2026.

Organised by the Indo-Arab Tourism and Hospitality Alliance in association with Tourism India Media Group, Kerala Tourism, leading industry associations, and airline partners, Indo Arab Connect 2026 is designed to be a transformational platform connecting India’s finest tourism offerings directly to the Arab world’s most influential travel buyers.

The summit, to be inaugurated by Chief Minister V.D. Satheesan, will be attended by Tourism ministers from multiple Indian states, ambassadors and high commissioners from approximately ten countries, and senior tourism officials from across South Asia.

The centrepiece of the summit is a large-scale B2B networking meet, bringing together 200+ qualified Arab tour operators from Saudi Arabia, UAE, Oman, Qatar, Bahrain, Kuwait, Egypt, Jordan and Iran under one roof.

This will be followed by nine days of familiarisation during which GCC and West Asian delegates will travel across Kerala’s three tourism regions, experiencing first-hand the state’s Ayurveda, wellness, luxury, and cultural offerings.

Indo Arab Connect 2026 will host over 300 exhibitors from across South Asia – including state tourism departments, the tourism ministries of Sri Lanka and Maldives, luxury hotels and resorts, specialty hospitals, multi-specialty Ayurveda centres, tour operators, and airline and airport companies. The event will also draw over 500 tour operators, travel agents, and MICE professionals from across India during the two-day expo and seminar.

Speaking about the summit, Ravisankar K.V., Chief Coordinator of the Indo-Arab Tourism and Hospitality Alliance and CEO of Tourism India Group, said the event has been designed to give Arab tour operators – who already contribute significantly to Kerala’s international tourism – direct exposure to Kerala’s finest Ayurveda, medical tourism, and luxury experiences. The initiative aims to attract nearly three lakh additional visitors from the Arab world in the near future, contributing more than Rs. 25,000 crore to Kerala’s economy.

“This is the first time in India that a large-scale, dedicated tourism summit of this scale has been organised exclusively targeting the Arab tourism market. Ambassadors and industry representatives from nine Arab nations, along with tourism ministers and senior officials from various Indian states, have confirmed their willingness to participate,” Ravisankar added.

Arab tourists consistently figure among the top ten foreign visitor groups to Kerala. The GCC nations – particularly Saudi Arabia, Oman and the UAE – alongside West Asian countries such as Egypt, Jordan and Iran, are among Kerala’s leading international source markets.

The article Indo-Arab tourism summit in Kochi appeared first on Arabian Post.

The plugins, listed under seven vendor accounts, were presented as coding assistants, code reviewers, bug finders, unit-test generators and Git commit-message tools. They invoked services familiar to developers using artificial intelligence inside IDEs, including OpenAI, DeepSeek and SiliconFlow. Combined marketplace download figures for the identified plugins were close to 70,000, with DeepSeek AI Assist and CodeGPT AI Assistant accounting for more than 53,000 of those downloads.

The campaign is notable because the malicious behaviour did not depend on a visibly broken or suspicious tool. The plugins offered chat, code review, bug detection, commit-message generation and test writing, giving users little reason to suspect that a credential-harvesting routine was running behind the settings panel. The theft was triggered when a developer pasted an API key into the plugin configuration and clicked Apply, a normal step for “bring your own key” AI tools.

Technical analysis found that the plugins used a shared codebase repackaged under different names and identifiers. Once a key was saved, the settings handler passed it to a hardcoded endpoint at 39.107.60[.]51 over unencrypted HTTP. The request included a static authentication value embedded in the plugin code, while the payload contained the user’s provider secret. That meant the key left the workstation before the developer had any indication that it was being sent anywhere other than the selected AI service.

The earliest known listing in the cluster appeared on 31 October 2025, when DeepSeek Junit Test was released. Other plugins followed through November, December, January, February and April, before a jump in June, when CodeGPT AI Assistant was released on 9 June and DeepSeek AI Assist on 10 June. Their download counts rose far above most earlier entries, although marketplace figures cannot be treated as a precise count of unique victims because downloads and ratings can be inflated.

The identified plugins include DeepSeek Junit Test, DeepSeek Git Commit, DeepSeek FindBugs, DeepSeek AI Chat, DeepSeek Dev AI, DeepSeek AI Coding, AI FindBugs, AI Git Commitor, AI Coder Review, DeepSeek Coder AI, AI Coder Assistant, DeepSeek Code Review, CodeGPT AI Assistant, DeepSeek AI Assist and Coding Simple Tool. Vendor accounts linked to the listings included CodePilot, StackSmith, CodeCrafter, CodeWeaver, JetCode, DailyCode and ZenCoder.

The attackers also appear to have built a paid tier into the operation. After payment through a donation wall, the remote server could return an API key to the user’s plugin, which would then use that key for model calls. The origin of those returned credentials has not been established, but the design raises the possibility of a two-sided abuse model in which credentials taken from one group of developers are reused or resold to another.

The incident underlines a widening security problem around AI-assisted development. IDE plugins sit inside environments that often contain proprietary code, project files, cloud credentials, tokens and build-system access. JetBrains’ Marketplace guidance says plugins run with the same access rights as the IDE, can connect to the internet, can interact with files and are not isolated through fine-grained permissions or sandboxing. Marketplace moderation combines automatic checks and review, but the case shows how a small exfiltration routine can be hidden inside a tool that otherwise behaves as advertised.

The risk is not limited to immediate billing abuse on AI platforms. A stolen API key can reveal usage patterns, expose application workflows, enable unauthorised model calls and create unexpected costs for the key owner. Where organisations use central accounts, a compromised key may also blur audit trails, making it harder to distinguish legitimate developer activity from attacker-driven consumption.

The article JetBrains plugin scam puts AI keys at risk appeared first on Arabian Post.

The June security update covers NeMo Framework versions from 0.0 through 2.7.2, with users advised to move to version 2.7.3 or later. The flaws are tracked as CVE-2026-24155, CVE-2026-24252 and CVE-2026-24228, each carrying a CVSS v3.1 base score of 7.8, placing them in the high-severity category. The bulletin marks the issue as important for all platforms, while two of the three weaknesses specifically affect Linux deployments.

The most operationally sensitive of the three is CVE-2026-24252, an OS command-injection weakness in NeMo for Linux. Such flaws matter because they can allow an attacker to pass crafted input to an application in a way that triggers unintended system commands. In shared AI infrastructure, where researchers, engineers and automated workloads may use the same GPU servers, a local low-privileged foothold can become a route to broader compromise.

CVE-2026-24155 is a code-injection vulnerability affecting NeMo Framework across all platforms. A successful exploit could lead to code execution, privilege escalation, information disclosure and data tampering. CVE-2026-24228 affects NeMo Framework on Linux and involves deserialisation of untrusted data, a class of vulnerability that has long been considered dangerous in machine-learning and software supply-chain environments because model files, checkpoints and intermediate artefacts often move between systems and teams.

NVIDIA credited Moomi Chen with reporting CVE-2026-24155 and CVE-2026-24252, while CVE-2026-24228 was credited to Tyler Zars working with Trend Micro’s Zero Day Initiative. The company’s update directs users to obtain the fixed version from the official NeMo repository and evaluate risk in line with their own configuration, reflecting the varied ways in which the framework is used across enterprise, academic and cloud environments.

NeMo is a widely used open-source framework for building, customising and deploying generative AI models. It supports work on large language models, multimodal systems, speech recognition, text-to-speech and other AI workloads. Its role in training and fine-tuning pipelines makes flaws in the framework more significant than ordinary application bugs, because AI development environments often hold model weights, training data, proprietary prompts, credentials, experiment logs and access to expensive compute resources.

The vulnerabilities arrive as organisations are moving from experimental AI deployments to production systems. That shift has increased scrutiny of model-development tooling, not only the models themselves. Security teams are focusing more closely on the software layers around AI pipelines, including Python packages, model checkpoints, dataset-processing scripts, notebook environments, orchestration systems and inference servers. NeMo sits within that broader risk landscape, where a weakness in development tooling can affect downstream production systems if compromised code or artefacts are promoted through a pipeline.

The attack requirements in the advisory indicate local access, low privileges and no user interaction. That profile does not describe an internet-wide remote bug, but it remains serious in multi-user and containerised AI environments. Many organisations consolidate training workloads on central GPU clusters, where a compromised user account, vulnerable notebook, exposed development container or poisoned internal workload could provide the access needed to attempt exploitation.

Security teams are expected to prioritise patching systems that run NeMo on shared Linux hosts, research clusters, model-training platforms and environments where untrusted or externally sourced model artefacts are handled. The fixed version also matters for teams that build custom containers around NeMo, since updating the source repository alone may not protect running workloads unless base images, dependency locks and deployment pipelines are rebuilt.

The disclosure follows a pattern of rising attention to AI framework security. Earlier vulnerabilities affecting model-loading, checkpoint handling and deserialisation across AI libraries showed how development tools can become an entry point for code execution. The NeMo bulletin reinforces a central lesson for enterprises adopting generative AI: model governance is incomplete without conventional software security controls, including dependency tracking, least-privilege access, code review, container isolation and rapid patch management.

For NVIDIA, the update comes at a time when its AI software stack is becoming more central to enterprise adoption of accelerated computing. The company’s hardware dominance has been matched by a growing set of frameworks, libraries and model tools designed to make AI development easier across cloud, on-premises and hybrid infrastructure. That broader software footprint also expands the security responsibilities around developer tooling.

Organisations running NeMo should identify affected installations, confirm whether versions up to 2.7.2 are present, update to 2.7.3 or later, rebuild dependent containers and review access controls on shared AI infrastructure. Teams handling third-party checkpoints, plug-ins, scripts or experimental model artefacts should apply additional caution, particularly where Linux-based training systems are shared across projects.

The article NVIDIA plugs NeMo flaws affecting AI pipelines appeared first on Arabian Post.

The move places artificial intelligence, cyber-physical security, critical infrastructure resilience, predictive risk management and next-generation fire protection at the centre of the Riyadh event, scheduled for 16–18 November 2026 at Riyadh Front Exhibition & Conference Center. Organisers expect the eighth edition to be the largest in the event’s history, with more than 25,000 visitors and over 500 exhibitors from across security, safety, fire and emergency services.

The Future Security Summit Advisory Committee includes representatives linked to the Royal Commission for AlUla, the Ministry of Municipalities and Housing, the International Civil Aviation Organization, Dubai Airports, IFPO MENASA, King Salman International Airport and specialist security consultancies. Its remit is to frame discussions on protecting public spaces, aviation systems, smart-city infrastructure, major events, logistics corridors and digital environments where physical and cyber risks increasingly overlap.

The Fire Protection & Technology Summit Advisory Committee brings together specialists from Saudi Aramco, Red Sea Global, Qiddiya City, King Fahd International Airport, AECOM, the National Water Company, NEOM and other fire and life-safety organisations. The committee’s work is expected to shape sessions on performance-based fire engineering, detection and suppression technology, emergency response, code compliance and protection of large-scale developments.

Riham Sedik, exhibition director of Intersec Saudi Arabia, said the committees bring together professionals with decades of operational, strategic and technical experience across security, emergency management, fire protection and resilience. Their role, she said, would help ensure that the summits address real operational challenges while giving delegates practical insight into the technologies, frameworks and leadership strategies shaping the sectors.

The advisory structure reflects a wider shift in the region’s risk environment. Saudi Arabia’s infrastructure pipeline spans tourism, aviation, energy, logistics, entertainment and urban development, with projects such as Red Sea Global, Qiddiya, NEOM, Diriyah and AlUla placing new demands on safety, security and business-continuity planning. The country is also preparing for Expo 2030 in Riyadh, the 2034 FIFA World Cup and the annual Hajj pilgrimage, each requiring layered security, crowd management, emergency response and transport coordination.

Yusuf Hasan, senior aviation security adviser at the International Civil Aviation Organization and a member of the Future Security Summit Advisory Committee, has identified the management of rapid growth while preserving secure, resilient and trusted environments as a key challenge for the region. He said artificial intelligence was accelerating the move from reactive protection to predictive, intelligence-led security through stronger threat detection, analytics and automation.

That emphasis is likely to feature prominently in the Future Security Summit, where themes include command-and-control systems, personal data protection, industrial control-system cybersecurity, crisis and emergency management, critical-infrastructure protection and protection of mega-events. The agenda also points to the increasing relevance of cyber-physical convergence, as airports, energy assets, real estate developments and public venues rely on connected surveillance, access-control, communications and building-management platforms.

Fire protection is moving through a similar transition. Dr Reginald D. Freeman, executive director for fire and emergency medical services at NEOM and a member of the fire summit committee, has said the sector is shifting from traditional code compliance towards risk-informed, performance-based fire engineering. He said the complexity of modern mega-projects required more sophisticated fire and life-safety approaches, with greater emphasis on anticipating risk and strengthening resilience rather than simply responding after incidents occur.

Market indicators underline the commercial stakes behind the conference agenda. Saudi Arabia’s security market is projected to reach about $3.4 billion by 2030, supported by demand for integrated physical security, cybersecurity, surveillance, access control and command-and-control solutions. The country’s fire and safety equipment market is projected to expand to about $7.1 billion by 2032 as construction, industrial development, regulatory enforcement and smart-building systems increase spending on prevention, detection and suppression technologies.

Intersec Saudi Arabia’s 2026 expansion follows the relocation of the event to Riyadh Front Exhibition & Conference Center and a planned 40 per cent increase in exhibition space. Organisers have positioned the show across five core sectors: commercial and perimeter security, homeland security and policing, cybersecurity, fire and rescue, and safety and health. The two CPD-certified conference streams are expected to convene more than 110 experts, policymakers and industry leaders.

The article Intersec Saudi panels set resilience and fire agenda appeared first on Arabian Post.

The article Doha conference puts AI at Islamic finance centre appeared first on Arabian Post.

The jump, flagged at an IBPC Dubai logistics session, reflects a wider disruption in maritime corridors linked to Middle East tensions, fuel-cost volatility, security-risk surcharges and capacity constraints. Paras Shahdadpuri, Governor of IBPC Dubai and Chairman of Nikai Group, said the disruption had tested businesses while reinforcing confidence in the UAE’s ability to respond effectively. “Freight rates have risen from $1,000 to $7,000, putting pressure on businesses, but the speed of response here has helped maintain confidence in uncertain times,” he said.

The impact is being felt most sharply by businesses with thin margins or long replenishment cycles. Consumer electronics, appliances, automotive parts, food products, textiles, building materials and pharmaceutical consignments are among the categories most exposed to higher freight, delayed vessel schedules and tighter booking windows. Importers face a difficult choice: absorb added costs, renegotiate supply contracts, delay shipments or pass part of the burden to consumers.

Dubai’s response has centred on route diversification, customs facilitation and closer coordination among ports, logistics operators, carriers and government agencies. The Green Corridor linking Dubai and Oman has become a critical pressure valve, allowing cargo arriving through Omani ports and airports to move overland through streamlined procedures. Customs declarations through the corridor rose from about 12,000 in March to nearly 100,000 in April, while the value of goods moved increased from Dh1 billion to more than Dh8 billion.

The corridor has helped sustain flows for containers destined for Jebel Ali, goods entering the local market and re-export cargo bound for other destinations. More than 100,000 TEUs have already moved through Green Corridor initiatives, underlining how quickly shippers have adapted to alternative supply routes. Food security shipments and refrigerated cargo movements have remained stable, a key benchmark for a market dependent on uninterrupted imports.

Freight inflation is not confined to the UAE lane. Global container benchmarks have moved higher as peak-season demand started earlier than usual and conflict risk reshaped vessel deployment. The World Container Index climbed to $3,549 per 40ft container in mid-June, while Asia-Europe and transpacific routes also recorded rate increases. Fuel costs, insurance premiums and route deviations have widened the gap between contracted and spot-market pricing.

The UAE’s logistics model has so far avoided the deeper breakdown seen during earlier global supply-chain shocks. Jebel Ali remains central to regional trade, while Fujairah, Khor Fakkan and Omani gateways have gained strategic importance as alternative access points. Cargo owners are mixing sea, land and air solutions to balance cost against reliability, making multimodal logistics a boardroom issue rather than a back-office procurement function.

The pressure comes at a sensitive time for India-UAE trade, which has expanded under the Comprehensive Economic Partnership Agreement that entered into force in 2022. Bilateral trade reached $101.25 billion in FY2025-26, with the UAE ranking as India’s third-largest trading partner and second-largest export destination. Higher freight costs risk eroding some of the tariff and market-access gains achieved through the pact, particularly for mid-sized exporters and distributors operating on fixed price commitments.

Business groups say the crisis is accelerating changes that were already under way. Importers are adding supplier options in Southeast Asia and the GCC, splitting shipments across ports, increasing buffer stocks for critical items and using digital tracking tools to manage delays. Logistics providers are offering blended products that combine ocean freight, bonded trucking and air cargo, while retailers are reviewing inventory cycles before the next seasonal demand peak.

The strain is also prompting fresh attention to contract design. More companies are inserting freight-adjustment clauses, separating shipping costs from product pricing and seeking clearer force-majeure language for geopolitical disruption. For smaller traders, the biggest challenge is cash flow: a container that once required a modest upfront freight payment can now tie up several times more capital before goods even reach the warehouse.

The article Asia-UAE freight shock squeezes Gulf importers appeared first on Arabian Post.

The digital-asset infrastructure group says its Crypto-as-a-Service platform can give eligible banks, fintechs and crypto businesses a way to keep offering wallet, custody and trading functions across Europe without building a full regulated stack before the deadline. The proposal is aimed at firms that can meet onboarding, customer due-diligence and operational standards, but either lack a Markets in Crypto-Assets licence or are still awaiting a final decision from a national supervisor.

BitGo Europe GmbH, based in Frankfurt, received its MiCA licence from Germany’s Federal Financial Supervisory Authority in May 2025. Its current European permissions cover transfer services, custody and administration, qualified crypto custody, exchange of crypto assets for money or other crypto assets, order execution and reception and transmission of orders on behalf of clients.

The timing has given BitGo a commercial opening. MiCA, agreed in 2023 and phased in from 2024, is replacing a patchwork of national crypto regimes with a common rulebook covering authorisation, governance, capital, safeguarding, market abuse and consumer disclosure. Existing providers that relied on national registrations before 30 December 2024 were allowed temporary relief in some jurisdictions, but that grandfathering ends across Europe on 1 July. Providers without authorisation are expected to stop serving EU clients and execute wind-down plans, including client notices and asset transfers to authorised firms or self-hosted wallets.

BitGo’s model is designed to make migration less disruptive. Its platform uses APIs and webhooks to let a client company embed crypto functions into its own interface while BitGo Europe provides regulated infrastructure behind the scenes. The package includes know-your-customer flows, multi-asset wallets, qualified custody, SEPA on- and off-ramps, trading, settlement, policy controls and customer-asset insurance coverage of up to $250m.

Chief Executive Mike Belshe has framed the offer as a route for firms that already operate wallets but do not yet hold their own MiCA licence. “All of your clients can be onboarded and have sub-accounts inside of BitGo,” he said, while stressing that the client company would still handle customer support and products. The structure means the end user may remain with the familiar brand, while assets are placed in segregated custody under a licensed provider.

The pitch also reflects the new balance of power in Europe’s crypto market. Larger groups that have secured licences, including Coinbase, Kraken, Crypto. com, OKX and Bitstamp, can continue to compete under the passporting system. Smaller exchanges, wallet providers and brokerages face a narrower set of choices: obtain approval, restrict services, sell or migrate customers to a licensed platform.

Regulators have signalled limited tolerance for last-minute fixes. France’s market watchdog warned firms that unlicensed activity after the deadline could trigger blacklisting and legal action. Earlier checks in France showed that, among about 90 locally registered companies without a MiCA licence, roughly 30 per cent had applied, 40 per cent were not seeking authorisation and 30 per cent had not clearly set out their plans. That pattern suggests a compliance gap that infrastructure providers are trying to fill.

The uncertainty is not confined to smaller operators. Binance, the world’s largest crypto exchange by trading volume, has been pursuing a MiCA licence in Greece and has said it will update users before 30 June. Its position has become a test case for whether Europe’s new framework can combine uniform market access with consistent supervision by national regulators.

For BitGo, the opportunity is both regulatory and strategic. The company listed in New York in January after raising $212.8m in its initial public offering, and its European expansion adds a recurring infrastructure business at a point when custody, staking and trading revenues are tied to market cycles. A CaaS model could deepen ties with regulated financial institutions that want crypto exposure without taking on the full compliance burden.

Arabian Post – Crypto News Network

The article BitGo opens MiCA route for strained crypto firms appeared first on Arabian Post.

The move lifted UNI to about $3.60, extending a sharp weekly advance and making it one of the strongest performers among larger crypto assets. Bitcoin traded near $65,000–$66,000, little changed after a choppy rebound, while traders shifted capital toward tokens with clearer narratives around exchange revenue, tokenisation and on-chain trading infrastructure.

Standard Chartered’s call placed a $100 target on UNI by the end of 2030, implying a dramatic rise from levels around $2.50 when the forecast was framed. The bank’s staged path envisages UNI at $6.50 by the end of 2026, then $20 in 2027, $40 in 2028 and $65 in 2029, before reaching the end-decade target. The thesis rests on expectations that tokenised assets used in decentralised finance will expand sharply and that Uniswap will remain a core venue for their trading.

The rally came as altcoins drew attention away from bitcoin. Hyperliquid’s HYPE traded near record territory after touching above $76, with its year-to-date gain approaching 200 per cent. Solana also benefited from the broader bid for networks and tokens tied to trading activity, faster settlement and institutional experimentation. The rotation suggested that risk appetite had not vanished from crypto markets, but had become more selective after weeks of pressure on bitcoin and ether-linked funds.

Bitcoin’s hesitation reflected a more cautious macro backdrop. The Federal Reserve’s June 16-17 meeting marked Kevin Warsh’s first as chair, with investors expecting no immediate change in interest rates but watching for any shift in language on inflation, balance-sheet policy and rate projections. Warsh took office in May after confirmation by the US Senate and was selected as chair of the Federal Open Market Committee, giving the meeting added weight for global risk assets.

Oil provided a counterweight to inflation concerns. Brent crude fell below $80 a barrel, touching levels not seen for more than three months, after developments around a US-Iran framework raised expectations of improved supply flows through the Strait of Hormuz and a possible easing of sanctions pressure on Iranian exports. Lower energy prices tend to help growth-sensitive assets, but crypto traders remained wary of the Fed’s tone because higher-for-longer policy would keep pressure on speculative markets.

The UNI move also reflects a shift in how investors are valuing decentralised exchanges. For years, UNI traded largely as a governance token with limited direct economic linkage to Uniswap’s trading volumes. That changed after fee-switch and burn proposals gained traction, offering a route for protocol activity to influence token supply. Uniswap v4, launched in January 2025, added “hooks” that allow developers to customise liquidity pools, fees and trading logic, strengthening the case that the protocol could function as programmable market infrastructure rather than a simple swap venue.

The tokenisation narrative has added another layer. Citi’s latest industry work places tokenised assets at a $5.5 trillion base case by 2030, with a higher scenario near $8 trillion. Much of that activity is expected to begin with public securities, treasuries, collateral and private-market instruments, rather than purely crypto-native assets. For decentralised exchanges, the question is whether those assets will trade on open blockchain rails or remain inside bank-controlled platforms.

That distinction is central to the Uniswap thesis. A bank-led tokenisation boom could validate blockchain settlement without sending meaningful liquidity to open DeFi venues. Conversely, if tokenised money-market funds, equities, credit instruments and collateral move into composable on-chain markets, Uniswap and similar platforms could capture more trading activity. Standard Chartered’s forecast leans toward the latter outcome, but execution, regulation and institutional comfort remain significant uncertainties.

Risks remain substantial. UNI is still far below the highs reached during the previous crypto cycle, and a 2030 target does little to protect traders from near-term volatility. DeFi protocols also face competition from centralised exchanges, app-specific chains, perpetual futures platforms and bank-built settlement networks. Tokenised assets may carry legal rights, custody structures and redemption terms that differ sharply from ordinary crypto tokens, making liquidity and investor protection harder to assess.

Arabian Post – Crypto News Network

The article Uniswap rally revives altcoin appetite appeared first on Arabian Post.

The article Dubizzle backs Tern for rent payment push appeared first on Arabian Post.

The article Nolan brings Odyssey spotlight to Mumbai appeared first on Arabian Post.

The article SteamOS opens the door to Intel Arc appeared first on Arabian Post.

The article SteamOS opens the door to Intel Arc appeared first on Arabian Post.

The article Riyadh Air gains US flight approval appeared first on Arabian Post.

The article Iran fund pledge tests US deal diplomacy appeared first on Arabian Post.

Lehmann Hotel und Gaststätten Holding GmbH is leveraging an innovative Capital Roadshow for digitized profit participation rights—a modern investment vehicle—as it begins its Taco Bell rollout in Bavaria, Germany. In collaboration with Iqoniko and Van Sterling, the group is establishing a model that provides both professional and retail investors access to an extraordinary expansion journey.

Bavaria, Germany as the Starting Point for a New Growth Story

The planned rollout of Taco Bell in Bavaria, Germany is set to become one of the most compelling expansion projects in the German quick-service restaurant sector. Behind the initiative is Lehmann Hotel und Gaststätten Holding GmbH, which, together with Iqoniko and Van Sterling Capital, is breaking new ground in financing, investor relations, and growth strategies.

This goes beyond the simple introduction of a globally successful restaurant brand. Instead, it is an innovative model that combines operational expansion with modern capital market instruments, opening access to an exceptional investment opportunity for private investors.

Iqoniko Organizes the First Capital Roadshows for Lehmann Hotel und Gaststätten Holding GmbH

Under an exclusive mandate, Iqoniko is managing the strategic capital market communications and overseeing the organization and execution of Lehmann Hotel und Gaststätten Holding GmbH’s first Capital Roadshows in Germany.

The roadshows aim to provide investors with a transparent insight into the company’s expansion strategy, planned site development, and long-term growth prospects. Simultaneously, it offers both professional and retail investors the opportunity to engage with the project at an early stage.

Dave Persico, founder and Managing Partner of Iqoniko, views this collaboration as a significant milestone: “Taco Bell in Bavaria is much more than just a franchise rollout—it is a unique growth story. We are proud to facilitate this project alongside Lehmann Hotel und Gaststätten Holding GmbH and Van Sterling. Our collaboration with Van Sterling is defined by innovation, the highest standards of professionalism, and the courage to take new paths. Together, we are creating the conditions that allow retail investors to participate in this exciting expansion.”

This initiative exemplifies a new approach to corporate finance, where attractive growth projects are no longer reserved exclusively for institutional investors.

Van Sterling Structures the Investment Solution

Van Sterling Capital plays a central role in this project. The company is managing the structuring of the investment solution, bringing its extensive expertise in asset management, capital markets, and alternative investment models to the table.

The goal is to create a professional and transparent structure that meets both the requirements of modern capital markets and the expectations of private and professional investors, placing the expansion of Taco Bell in Bavaria on a sustainable, long-term foundation.

Intokia: The Digital Platform for Modern Profit Participation Rights

Intokia is Van Sterling Capital’s digital investment platform, tasked with efficiently managing the subscription and administration of digitized profit participation rights (Genussrechte/Genussscheine).

Via the Intokia platform, investors can subscribe to digital profit participation rights directly and entirely online. The platform combines modern technology with proven participation models, enabling an efficient, transparent, and user-friendly investment process. By digitizing the entire subscription and administration flow, a direct connection is forged between the issuer and the investor, simplifying administrative processes and significantly increasing accessibility for investors.

Exclusive Access for Retail Investors

The Capital Roadshows, facilitated by Iqoniko, mark the debut of this new form of investor outreach. For the first time, retail investors have the opportunity to gain comprehensive information about the growth strategy of Lehmann Hotel und Gaststätten Holding GmbH and the planned expansion of the Taco Bell network in Bavaria.

Through the investment solution structured by Van Sterling and the digital platform Intokia, participants can invest directly in the company’s growth strategy via digital profit participation rights. This creates an entry point that, in similar growth projects, has often been reserved for institutional investors.

More Than Just a Franchise Rollout

The planned Taco Bell rollout is far more than the introduction of another restaurant brand to the German market. It stands as an example of a new generation of growth projects where operational excellence, modern capital market communication, and digital investment solutions go hand in hand.

While Lehmann Hotel und Gaststätten Holding GmbH drives the operational development of Taco Bell in Bavaria, Iqoniko provides the capital market access, Van Sterling structures the investment solution, and Intokia provides the digital infrastructure for the subscription and administration of the profit participation rights. Together, they are building an ecosystem that combines the dynamics of an international restaurant brand with innovative forms of participation, opening new perspectives for investors.

The Beginning of a New Investment Culture

The cooperation between Lehmann Hotel und Gaststätten Holding GmbH, Iqoniko, and Van Sterling Capital could serve as a blueprint for the future of SME growth financing in Germany. With the company group’s first Capital Roadshows, the professional investment structure provided by Van Sterling, and the digital subscription platform Intokia, a model is emerging that places transparency, digitalization, and investor accessibility at the forefront.

For the partners involved, this is only the beginning. The fusion of gastronomy, capital markets, asset management, and digital participation technology demonstrates how modern growth financing can look in the future—and offers private investors the chance to become part of an extraordinary expansion story.

The article Taco Bell Coming to Germany appeared first on Arabian Post.

Elon Musk’s personal fortune of $1.3 trillion exposes a flaw in one of investing’s most widely accepted ideas.

The financial advice industry has for decades championed diversification as the answer to almost every investment challenge. Build a broad portfolio, spread risk, own the market and stay patient.

Indeed, it’s sensible advice and, for many investors, entirely appropriate.

Yet diversification has gradually evolved from a risk-management tool into something approaching an ideology.

Musk’s wealth highlights why that distinction matters.

Nobody builds one of the largest fortunes in history through maximum diversification, or reaches the top of the global rich list by owning tiny positions in thousands of companies.

Wealth on Musk’s scale is created through concentration: identifying a small number of transformative opportunities and committing significant capital to them.

Tesla alone provides a case study. Investors who treated the company as a marginal position within a highly diversified portfolio enjoyed some upside. Investors who recognised its potential early and built meaningful exposure experienced something entirely different.

The same principle applies across modern business history. Jeff Bezos concentrated around Amazon, Mark Zuckerberg on Facebook, Jensen Huang on Nvidia, and Larry Ellison focused on Oracle.

 As such, we can see that concentration has been responsible for many of the largest fortunes ever created.

Wall Street rarely focuses on this reality because the risks are obvious. Concentration can produce spectacular failures alongside spectacular successes.

For every Musk, there are countless entrepreneurs, executives and investors whose high-conviction bets ended badly.

The observation, however, does not strengthen the case for blanket diversification. It simply demonstrates that concentration without insight is dangerous.

The more interesting question is whether investors have become too comfortable accepting average outcomes.

The rise of passive investing has transformed markets. Low-cost index funds have given millions of people access to wealth creation opportunities that previous generations could only dream about. Yet the success of passive investing has also encouraged the idea that owning everything is somehow superior to making judgments about where future growth is likely to come from.

Many portfolios now contain exposure to hundreds or even thousands of companies. Investors own the disruptors and the disrupted. The leaders and the laggards. Businesses transforming industries and businesses struggling to survive them.

 Such portfolios are designed to capture market returns.

Market returns are not the same as exceptional returns.

The distinction is important because many investors claim to seek above-average outcomes while structuring portfolios specifically designed to deliver average ones.

Musk’s success should not be interpreted as an argument against diversification. It should be viewed as a challenge to the industry’s tendency to confuse diversification with strategy.

Diversification is not an investment thesis. It does not identify opportunities. It does not determine where future growth will emerge. It simply reduces the consequences of being wrong.

Investors still need a view. They still need conviction. They still need to decide which technologies, industries, and structural trends are likely to shape the next decade.

AI is an obvious example. Investors who recognised its potential before it became the dominant market narrative benefited disproportionately. Similar opportunities have emerged repeatedly over the last 30 years, from e-commerce and cloud computing to smartphones and cybersecurity.

The investors who generated the strongest returns were rarely those with the broadest portfolios. They were typically those with the strongest convictions about where the world was heading.

This doesn’t mean placing all available capital into a handful of stocks. A binary choice between concentration and diversification misses the point entirely.

The more effective approach is what I call smart diversification…and it begins with conviction.

Investors identify the sectors, technologies and businesses they believe will drive future growth and allocate capital accordingly.

At the same time, they maintain sufficient diversification to ensure that a mistake, an unexpected regulatory shift, or a technological disruption does not permanently impair their financial future.

In other words, portfolios should be concentrated enough for good decisions to matter and diversified enough for bad decisions to be survivable.

This balance is increasingly absent from investment discussions. Much of the industry focuses on avoiding losses. Far less attention is given to capturing outsized gains.

Musk’s wealth is a reminder that creating wealth and preserving wealth are related but distinct objectives. Diversification excels at the latter. Concentration often drives the former.

Investors who understand the difference are likely to build stronger portfolios than those who treat diversification as an end in itself.

The lesson from Elon Musk is not that diversification is wrong, rather that diversification without conviction is unlikely to produce extraordinary results.

Smart diversification offers a better answer: enough concentration to benefit from being right, enough diversification to survive being wrong.By Nigel Green, deVere Group CEO and Founder

Elon Musk’s personal fortune of $1.3 trillion exposes a flaw in one of investing’s most widely accepted ideas.

The financial advice industry has for decades championed diversification as the answer to almost every investment challenge. Build a broad portfolio, spread risk, own the market and stay patient.

Indeed, it’s sensible advice and, for many investors, entirely appropriate.

Yet diversification has gradually evolved from a risk-management tool into something approaching an ideology.

Musk’s wealth highlights why that distinction matters.

Nobody builds one of the largest fortunes in history through maximum diversification, or reaches the top of the global rich list by owning tiny positions in thousands of companies.

Wealth on Musk’s scale is created through concentration: identifying a small number of transformative opportunities and committing significant capital to them.

Tesla alone provides a case study. Investors who treated the company as a marginal position within a highly diversified portfolio enjoyed some upside. Investors who recognised its potential early and built meaningful exposure experienced something entirely different.

The same principle applies across modern business history. Jeff Bezos concentrated around Amazon, Mark Zuckerberg on Facebook, Jensen Huang on Nvidia, and Larry Ellison focused on Oracle.

 As such, we can see that concentration has been responsible for many of the largest fortunes ever created.

Wall Street rarely focuses on this reality because the risks are obvious. Concentration can produce spectacular failures alongside spectacular successes.

For every Musk, there are countless entrepreneurs, executives and investors whose high-conviction bets ended badly.

The observation, however, does not strengthen the case for blanket diversification. It simply demonstrates that concentration without insight is dangerous.

The more interesting question is whether investors have become too comfortable accepting average outcomes.

The rise of passive investing has transformed markets. Low-cost index funds have given millions of people access to wealth creation opportunities that previous generations could only dream about. Yet the success of passive investing has also encouraged the idea that owning everything is somehow superior to making judgments about where future growth is likely to come from.

Many portfolios now contain exposure to hundreds or even thousands of companies. Investors own the disruptors and the disrupted. The leaders and the laggards. Businesses transforming industries and businesses struggling to survive them.

 Such portfolios are designed to capture market returns.

Market returns are not the same as exceptional returns.

The distinction is important because many investors claim to seek above-average outcomes while structuring portfolios specifically designed to deliver average ones.

Musk’s success should not be interpreted as an argument against diversification. It should be viewed as a challenge to the industry’s tendency to confuse diversification with strategy.

Diversification is not an investment thesis. It does not identify opportunities. It does not determine where future growth will emerge. It simply reduces the consequences of being wrong.

Investors still need a view. They still need conviction. They still need to decide which technologies, industries, and structural trends are likely to shape the next decade.

AI is an obvious example. Investors who recognised its potential before it became the dominant market narrative benefited disproportionately. Similar opportunities have emerged repeatedly over the last 30 years, from e-commerce and cloud computing to smartphones and cybersecurity.

The investors who generated the strongest returns were rarely those with the broadest portfolios. They were typically those with the strongest convictions about where the world was heading.

This doesn’t mean placing all available capital into a handful of stocks. A binary choice between concentration and diversification misses the point entirely.

The more effective approach is what I call smart diversification…and it begins with conviction.

Investors identify the sectors, technologies and businesses they believe will drive future growth and allocate capital accordingly.

At the same time, they maintain sufficient diversification to ensure that a mistake, an unexpected regulatory shift, or a technological disruption does not permanently impair their financial future.

In other words, portfolios should be concentrated enough for good decisions to matter and diversified enough for bad decisions to be survivable.

This balance is increasingly absent from investment discussions. Much of the industry focuses on avoiding losses. Far less attention is given to capturing outsized gains.

Musk’s wealth is a reminder that creating wealth and preserving wealth are related but distinct objectives. Diversification excels at the latter. Concentration often drives the former.

Investors who understand the difference are likely to build stronger portfolios than those who treat diversification as an end in itself.

The lesson from Elon Musk is not that diversification is wrong, rather that diversification without conviction is unlikely to produce extraordinary results.

Smart diversification offers a better answer: enough concentration to benefit from being right, enough diversification to survive being wrong.

Nigel Green is deVere CEO and Founder

The article Elon Musk proves financial advisors wrong appeared first on Arabian Post.

The agreement, announced on 16 June, sets out a framework for Tether to work with DMCC on blockchain-based communication and payment infrastructure, advisory support for tokenisation, crypto payments and digital asset settlements. It also creates a pathway for the two organisations to become ecosystem partners across relevant events, publications and member-facing channels.

The move links Tether with a business district that hosts more than 26,000 member companies, including more than 4,000 technology firms. DMCC, which oversees one of Dubai’s main commodities and enterprise hubs, has been positioning its Crypto Centre as a bridge between physical trade, financial services and Web3 infrastructure.

Under the MoU, Tether is expected to engage with DMCC’s member network through education programmes, industry events, hackathons and knowledge-sharing sessions. The initiative is also designed to explore potential member benefits and practical business applications for digital settlement tools, rather than limiting cooperation to policy-level engagement.

Ahmed Bin Sulayem, DMCC’s Executive Chairman and Chief Executive Officer, said global trade was entering an era in which payments, financial infrastructure and asset ownership were moving onto “digital rails”. He said stablecoins were already processing trillions of dollars in transaction value, while tokenisation was beginning to reshape how real-world assets are financed and transferred across borders.

Paolo Ardoino, Tether’s Chief Executive Officer, said the UAE was shaping how digital asset infrastructure is adopted in global markets and connected with “real economic activity”. He said the collaboration with DMCC would focus on practical blockchain use cases, including tokenisation, education and tools that widen participation in digital markets.

The partnership comes as Dubai sharpens its role as a regulated centre for virtual assets. The emirate’s Virtual Assets Regulatory Authority oversees virtual asset activity across Dubai’s mainland and free zones, excluding the Dubai International Financial Centre, while the Central Bank’s Payment Token Services Regulation has set national rules for stablecoins used as payment instruments.

DMCC has already deepened its engagement with regulators and market participants on tokenised trade. Its earlier agreement with the Dubai Virtual Assets Regulatory Authority focused on tokenised commodities, industry data and policy development, with an emphasis on gold, diamonds and other real-world assets that can be represented digitally under controlled frameworks.

Tether’s entry into this layer of Dubai’s commercial ecosystem is significant because USDT remains the dominant dollar-linked stablecoin used by crypto exchanges, traders and payment intermediaries. Stablecoins are designed to maintain a steady value against fiat currencies and are increasingly being tested for cross-border settlement, treasury management and digital commerce.

The company’s latest reserve figures underline its scale. Tether reported first-quarter net profit of $1.04bn, total assets of about $191.7bn and liabilities of about $183.5bn, with an excess reserve buffer of $8.23bn. Its reserves remain heavily exposed to US Treasury instruments, alongside holdings in gold and bitcoin.

That scale also brings scrutiny. Tether publishes quarterly attestations of reserves, but those are not the same as a full financial audit. Regulators and central bankers have warned that stablecoins can pose risks around liquidity, consumer protection, illicit finance and market fragmentation if oversight differs sharply across jurisdictions.

For Dubai, the DMCC-Tether MoU fits a broader strategy to connect commodities, capital and technology. The emirate has sought to attract exchanges, custodians, fintech platforms and blockchain developers while building rules intended to reassure institutions that digital asset activity can be conducted under formal supervision.

The immediate impact is likely to be educational and exploratory rather than a direct launch of new financial products. The wording of the MoU points to workshops, advisory engagement, hackathons and potential ecosystem benefits, leaving commercial deployment subject to regulatory approvals, business demand and risk controls.

Arabian Post – Crypto News Network

The article DMCC and Tether advance Dubai tokenisation push appeared first on Arabian Post.

The restriction, issued through the Ministry of Electronics and Information Technology under Section 69A of the Information Technology Act, 2000, follows complaints that groups on the messaging platform were being used to sell, advertise or fabricate claims about leaked question papers. A separate direction requires Telegram to disable, within the country, the editing of already published messages until June 30, a feature investigators say has been exploited to alter posts after publication and mislead candidates about when alleged leak material first appeared.

The National Testing Agency, which conducts NEET-UG, welcomed the move and said the intervention was intended to protect candidates from fraud, impersonation and misinformation before the retest. The agency has also opened an online reporting mechanism for claims linked to fake paper leaks, suspicious social-media groups and attempts to contact candidates with offers of access to the examination paper.

The June 21 test follows the cancellation of the May 3 NEET-UG examination, which affected more than 2.2 million medical aspirants. The original test was annulled after allegations of a question-paper leak and organised cheating led to widening investigations, student protests and criticism of examination governance. The re-examination has become a test of the authorities’ ability to restore confidence in a high-stakes admission system that determines access to medical colleges.

Officials involved in the crackdown have focused on Telegram because of its large channels, rapid forwarding systems and privacy-oriented architecture, which have made it attractive both to legitimate users and to networks selling purported exam material. Investigators have examined groups that allegedly claimed to possess NEET papers, sought payments from anxious candidates and used screenshots of edited posts to suggest advance access to confidential material.

The role of message editing has drawn particular scrutiny. Authorities say some posts were modified after circulation to create the impression that a question paper, answer key or inside information had been available before the examination. That method can fuel panic even where no genuine paper leak has occurred, because altered timestamps and viral screenshots are difficult for candidates and parents to verify quickly.

Cybercrime teams, including the Indian Cyber Crime Coordination Centre, Bihar Police and the Ahmedabad Cyber Cell, have been involved in action against suspected digital fraud networks. Gujarat cyber officials have also arrested two people accused of promising access to NEET papers, underlining that the threat extends beyond one platform and includes paid deception, impersonation and panic-driven extortion.

The government’s decision marks one of the most visible temporary app restrictions since the sweeping blocks imposed on Chinese-linked apps in 2020, though this order is narrower in duration and linked to an examination-security objective. Telecom operators are expected to comply with blocking directions, while app-store availability and platform-level functionality may vary as implementation proceeds.

Telegram has not issued a detailed public response to the order. The platform has faced scrutiny in several countries over alleged misuse by fraud groups, piracy networks and extremist channels, even as it remains widely used for education, business updates, news distribution and community communication.

Civil-liberties groups have criticised the measure as disproportionate, saying a temporary shutdown penalises ordinary users and small businesses that rely on Telegram while leaving deeper vulnerabilities in examination management unresolved. They have called for publication of the blocking order, the reasons cited by the authorities and details of why channel-specific enforcement was judged insufficient.

The article Telegram curb targets NEET fraud networks appeared first on Arabian Post.

By Asad Mirza

The framework peace agreement between the United States and Iran has reduced the immediate risk of a wider regional war. Yet the accord leaves unresolved the central issues that have fuelled four decades of confrontation, making its long-term survival far from assured.

The announcement of a framework peace agreement between the United States and Iran marks one of the most significant diplomatic developments in West Asia in decades. After months of direct military confrontation that disrupted global energy markets, threatened maritime security in the Strait of Hormuz and raised fears of a regional conflagration, Washington and Tehran have chosen negotiation over continued escalation. Yet history suggests that signing a peace framework is considerably easier than implementing one.

While both sides have declared victory, the agreement remains less a comprehensive peace treaty than a political understanding designed to halt hostilities and create space for further negotiations. Whether it ultimately succeeds will depend not only on American and Iranian commitments but also on Israel’s posture, domestic political opposition in both countries, and unresolved questions surrounding Iran’s nuclear programme.

President Donald Trump has presented the agreement as evidence that his administration successfully combined military pressure with diplomacy. He has repeatedly emphasised that the Strait of Hormuz would reopen fully, restoring confidence in global energy markets. The reopening of one of the world’s most important maritime chokepoints has already eased concerns over oil supplies and shipping costs. Indian Prime Minister Narendra Modi has welcomed the agreement, expressing hope that peace and stability would return to West Asia – a region of enormous strategic importance for India’s energy security and expatriate population. However, beyond these immediate gains lies a much more complicated strategic picture. The American position represents a noticeable evolution rather than an outright policy reversal.

For years, successive US administrations insisted that Iran must completely dismantle its nuclear capabilities before meaningful sanctions relief could occur. The present framework appears considerably more pragmatic. Rather than demanding immediate resolution of every contentious issue, Washington has accepted a phased process in which military hostilities end first, while negotiations continue over nuclear verification, sanctions and regional security. This reflects strategic realities.

The recent conflict demonstrated that although American military superiority remains overwhelming, sustaining a prolonged regional war carries significant economic and political costs. Disruptions in the Strait of Hormuz affected global oil markets, while continued military operations risked drawing additional regional actors into the conflict.

Equally important are domestic political considerations. President Trump entered office promising to avoid prolonged overseas wars. Although his administration justified military operations as necessary responses to Iranian actions, public support for an extended conflict remained uncertain. The peace framework therefore allows Washington to claim both military strength and diplomatic success.

Nevertheless, skepticism exists within Republican circles. Some conservatives argue that any sanctions relief could provide Tehran with resources to rebuild its military capabilities. Others question whether Iran can be trusted to comply with future nuclear obligations given previous disputes over international inspections.

Iran’s leadership also portrays the agreement as a victory. Tehran argues that it resisted overwhelming American and Israeli military pressure without surrendering its core strategic objectives. Iranian officials have repeatedly maintained that the country will not abandon peaceful nuclear technology or compromise its sovereignty under coercion.

The reported framework appears to support part of that narrative. Rather than requiring immediate dismantlement of Iran’s nuclear infrastructure, negotiations on enrichment and uranium stockpiles have been deferred to subsequent talks. This allows Iranian leaders to tell domestic audiences that fundamental national interests remain protected while sanctions relief becomes possible through future negotiations. Yet Iran faces its own internal constraints.

Hard-line factions remain deeply suspicious of Washington after decades of sanctions, covert operations and diplomatic breakdowns. Many Iranian conservatives continue to cite the collapse of the 2015 nuclear agreement after the United States withdrew from it during Trump’s first presidency as evidence that American commitments cannot be trusted. Consequently, Tehran is likely to insist upon stronger guarantees before making irreversible concessions regarding uranium enrichment or international inspections.

History casts a long shadow over every US-Iran negotiation. Since the 1979 Iranian Revolution, relations have been characterised by mutual distrust, sanctions, proxy conflicts and periodic military confrontations. Every major diplomatic breakthrough has eventually unravelled under competing domestic politics and shifting strategic priorities.

The Joint Comprehensive Plan of Action (JCPOA) of 2015 initially demonstrated that sustained diplomacy could constrain Iran’s nuclear activities. However, Washington’s withdrawal from the agreement in 2018 fundamentally damaged Iranian confidence in American reliability. Tehran subsequently expanded uranium enrichment while Washington intensified sanctions, creating the cycle that ultimately contributed to the latest confrontation. This historical experience explains why today’s negotiations remain cautious. Neither side wishes to repeat previous failures.

The most significant weakness of the present framework is that it postpones rather than resolves the central nuclear dispute. Reports indicate that Iran’s stockpile of highly enriched uranium remains one of the principal issues awaiting negotiation. Washington continues to demand verified reductions in enrichment capability alongside intrusive international monitoring. Tehran insists that peaceful nuclear enrichment remains its sovereign right under international law. This creates what many analysts describe as an “indivisibility problem.” Neither side can easily compromise on an issue viewed as fundamental to national security.

For Washington, preventing an Iranian nuclear weapon remains non-negotiable. For Tehran, maintaining an indigenous nuclear programme has become closely tied to national prestige and strategic independence. Until these competing objectives are reconciled, the peace agreement rests on fragile foundations.

Even perfect US-Iran cooperation would not automatically stabilise the region. Israel has made clear that its security concerns extend beyond any bilateral American-Iranian understanding. Israeli leaders remain focused on Hezbollah, Iranian regional influence and missile capabilities. Reports indicate that Israeli military operations in Lebanon remain outside the framework agreement, creating the possibility that renewed fighting could undermine broader diplomacy.

Similarly, Iran’s relationships with regional partners – including Hezbollah and other allied groups – remain largely untouched by the current framework. Unless these broader regional security issues are eventually incorporated into future negotiations, new crises could emerge even if Washington and Tehran maintain direct dialogue.

Despite these challenges, there are reasons to believe the agreement may prove more durable than previous efforts. Both governments have experienced the enormous costs of direct conflict. Economic disruption, military expenditures and international diplomatic pressure have created incentives for restraint that did not exist during earlier periods of confrontation.

Furthermore, the agreement appears deliberately incremental. Rather than attempting to solve every issue simultaneously, negotiators have prioritised ending active hostilities before addressing more politically difficult questions. This sequencing may increase the likelihood of gradual progress.

Ultimately, the framework agreement should be viewed not as the conclusion of the crisis but as the beginning of an exceptionally complex diplomatic process.

Its success depends upon sustained political will, rigorous verification mechanisms, credible implementation of reciprocal commitments and careful management of regional tensions. Domestic opponents in both Washington and Tehran remain capable of derailing negotiations, while unresolved nuclear issues continue to pose the greatest long-term challenge.

The agreement has undoubtedly reduced the immediate danger of war and restored hope for regional stability. Yet history warns against excessive optimism. American and Iranian relations have repeatedly oscillated between diplomacy and confrontation, with trust remaining the rarest commodity.

Whether this agreement survives will depend less on the signatures placed upon it than on whether both governments can overcome decades of accumulated suspicion and demonstrate that negotiated compromise serves their national interests better than perpetual confrontation. Only then can this ceasefire evolve into a lasting peace. (IPA Service)

The article Can The US-Iran Peace Deal End Decades Of Hostility In West Asia? appeared first on Latest India news, analysis and reports on Newspack by India Press Agency).

The article Can The US-Iran Peace Deal End Decades Of Hostility In West Asia? appeared first on Arabian Post.

Nearly half the world’s children are living under at least three overlapping climate threats, with heat, drought and storms pushing risks to health, schooling and survival into the daily lives of about 1.1 billion children, UNICEF findings show.

The Children’s Climate Risk Report 2026 maps exposure to eight common hazards: coastal floods, drought, extreme heat, fires, heatwaves, river floods, sand and dust storms, and tropical storms. It finds that almost every child is exposed to at least one of these hazards, while more than 4 million children face as many as six overlapping threats. The figures mark a shift from measuring climate danger as isolated disasters to tracking compounding pressures hitting the same communities at the same time.

Drought, extreme heat and heatwaves are the most widespread combination, affecting more than 296 million children. A second large cluster, combining drought, extreme heat and tropical storms, affects more than 115 million. The pattern is especially damaging because each hazard can worsen the next: drought undermines crops and water supplies, heat strains young bodies and learning capacity, and storms can destroy schools, clinics, roads and bridges already weakened by poverty.

Children are more vulnerable than adults because their bodies regulate temperature less efficiently, they breathe more air relative to body weight, and they depend on functioning public services. The report links climate exposure with gaps in health care, education, nutrition, water, sanitation, child protection and social protection, making clear that geography alone does not determine risk.

The Sahel is among the hardest-hit regions, with more than 4 million children exposed to the combined threat of heatwaves, extreme heat and sand and dust storms. Bangladesh, Myanmar and Pakistan are identified as places where children face some of the highest levels of multiple climate hazards. Somalia, Madagascar, Myanmar, Cambodia and Pakistan rank among the most vulnerable when exposure is assessed alongside children’s access to essential services.

The pressure is not confined to low-income settings. More than 6 million children in Italy are exposed to prolonged heatwaves and drought, underlining how climate risks now cut across income groups even as poorer countries carry weaker buffers. Wealthier states may have greater capacity to adapt, but heat-stressed classrooms, water restrictions and damaged infrastructure still disrupt children’s lives.

Global figures show the scale of each hazard. Around 1.8 billion children are exposed to agricultural or meteorological drought, threatening food security and livelihoods. About 1.5 billion are exposed to heatwaves that are becoming more frequent, longer-lasting or more severe, and 1.2 billion are exposed to extreme heat conditions. Tropical storms affect 662 million children; river flooding affects about 337 million; coastal flooding reaches 33 million; frequent and severe fires affect 206 million; and sand and dust storms affect 123 million.

Climate-sensitive health threats add another layer. Around 1 billion children live in areas exposed to malaria, a disease whose transmission is influenced by temperature and rainfall, while detectable air pollutants affect an estimated 2.3 billion children. The overlap between climate hazards and health risks raises the prospect of cascading crises, where a flooded clinic, polluted air, contaminated water and a closed school compound the impact of a single season.

Education has become one of the clearest warning signals. At least 242 million students in 85 countries had schooling disrupted by extreme climate events in 2024, including heatwaves, tropical cyclones, storms, floods and droughts. Lost school days can widen learning gaps, increase dropout risks and expose children to child labour, early marriage or unsafe migration where household incomes collapse after disasters.

“The lives of children continue to be upended by the impact of heatwaves, wildfires, droughts, and floods,” UNICEF Executive Director Catherine Russell said. “Half of the world’s children are now living with at least three overlapping climate threats shaping their daily lives.”

via Greenlogue.com

____________________________________

This article first appeared on Greenlogue.com and is brought to you by Hyphen Digital Network

The article Climate hazards converge on 1.1 billion children appeared first on Arabian Post.

The incident affected OptinMonster, TrustPulse and PushEngage, products operated under the Awesome Motive umbrella and embedded on sites for pop-ups, lead generation, social proof alerts and push notifications. The compromise did not arrive through a normal plugin update. Instead, malicious code was appended to legitimate front-end scripts delivered through vendor-controlled content delivery network endpoints, meaning fully patched websites could still have loaded the poisoned files.

The injected script was designed to stay quiet for ordinary visitors. It activated only when a logged-in WordPress administrator loaded an affected page, then used that session to collect valid security tokens and make requests that looked like legitimate administrative actions. Once triggered, it attempted to create a new administrator account, install a self-hiding plugin and transmit credentials and site details to an attacker-controlled lookalike domain, tidio. cc, which mimicked the legitimate tidio. com brand.

The fixed operator account identified in the campaign was developerapi1 using the email customer1usx@gmail. com, while most observed attempts used randomised devxxxxxx administrator identities. The backdoor plugin rotated names, including “Content Delivery Helper” and “Database Optimizer”, and was built to hide from plugin lists, user lists, update checks and common dashboard views. It also exposed a web shell capable of running server commands and a separate code-execution endpoint.

The exposure window varied across products. Malicious code was seen in OptinMonster and TrustPulse script files late on June 12 UTC and was removed within a short window, while PushEngage’s affected scripts were served for several hours on June 12 and continued from some CDN edge locations into June 14. The companies have since said the altered files were removed, CDN caches purged and credentials rotated, but those steps do not remove backdoors already planted on customer websites.

OptinMonster has more than 1 million active WordPress installations, while PushEngage lists more than 9,000 active installations. OptinMonster’s own marketing says more than 1.2 million users rely on the service. WordPress remains the dominant content management system, powering about 41.5 per cent of all websites and 59.3 per cent of sites whose content management system can be identified, making plugin supply-chain incidents unusually wide in reach.

Vendor notices attributed the breach to an attacker gaining access to a marketing website server through a known vulnerability in UpdraftPlus, a backup and migration plugin, and then finding a CDN API key on that server. They said application servers, source code repositories and customer-data systems were hosted separately and showed no evidence of access. Security researchers have treated the initial entry point as still needing full corroboration, while agreeing that the critical abuse path was control over scripts delivered from trusted CDN locations.

The UpdraftPlus issue cited in the notices is tracked as CVE-2026-10795 and affects versions up to and including 1.26.4 in specific circumstances involving UpdraftCentral connections. It allows unauthenticated attackers to run remote procedure calls as a connected administrator, potentially uploading and activating malicious plugins. The flaw has been patched, but its appearance in the same chronology highlights the layered risk created when a plugin, a marketing site and a CDN key intersect.

Firewall telemetry from protected sites showed 271 blocked exploitation attempts across 13 websites over about 36 hours on June 14 and 15, from 81 unique IP addresses. Most attempts used the WordPress REST users endpoint, matching the payload’s effort to create an administrator account under cover of a genuine admin session.

The article WordPress plugin hijack plants hidden backdoors appeared first on Arabian Post.

The bug, tracked as CVE-2026-53435, affects Jenkins 2.567 and earlier and Jenkins LTS 2.555.2 and earlier. Fixed versions, Jenkins 2.568 and LTS 2.555.3, were issued on 10 June as part of a wider security update covering several core vulnerabilities. The flaw has been scored 8.8 on the CVSS 3.1 scale, placing it in the high-severity range.

The issue centres on how Jenkins processes attacker-controlled config. xml submissions. Jenkins uses XStream serialisation to load and save configuration and build data, guarded by a custom class filter intended to block unsafe deserialisation. The weakness allows an attacker to make Jenkins deserialise types from Jenkins core or installed plugins in a context that can later be reached through the Stapler web framework used for HTTP request handling.

That distinction matters for defenders. This is not a simple unauthenticated internet worm scenario based on the public advisory. The attacker needs Overall/Read permission and must either have a user account or hold permissions that allow a POST to config. xml, such as Item/Configure, View/Configure or Agent/Configure. Many development environments, however, grant broad read or configuration rights to engineering teams, contractors, service accounts and automation tools, widening the practical exposure.

Threat-intelligence accounts and security monitoring reports began flagging exploitation attempts against exposed Jenkins instances around 15 June. Honeypot activity described by researchers showed automated probing for Jenkins endpoints and attempts to plant malicious configuration data. Public proof-of-concept code also appeared after the advisory, accelerating the window in which defenders had to identify and patch affected controllers.

Successful exploitation could have consequences beyond a single build server. Jenkins often holds credentials, deployment keys, source-code access tokens and links to container registries, cloud environments and production release systems. A compromised controller can therefore become a staging point for supply-chain attacks, secret theft or tampering with build and deployment workflows, particularly in organisations that rely on automated release gates and shared administrative accounts.

The most serious path identified in the advisory involves user impersonation. Once an attacker can send HTTP requests as another user, the Script Console becomes a critical risk if the impersonated identity has administrative-level access. Jenkins’ Script Console can run Groovy code on the controller, making it a powerful administrative tool and a dangerous post-exploitation target.

A second impact is file access on the controller. Research examining the flaw showed exploit chains aimed first at predictable Unix files such as /etc/passwd, then at SSH keys, Jenkins credentials files and other secrets stored under the Jenkins home directory. Even when code execution is not achieved, file disclosure can give attackers enough material to move into source repositories, cloud accounts or internal services.

The June 10 update also addressed open-redirect flaws, a queue-item permission issue, limited user-profile information disclosure, stored cross-site scripting affecting node offline descriptions and a separate weakness involving plaintext secrets in configuration submissions. Although CVE-2026-53435 drew the strongest attention, defenders are being urged to treat the full advisory as a core platform update rather than a single-bug patch.

Security teams running Jenkins should prioritise version checks across all controllers, including development, staging and legacy build systems. Internet-facing instances carry the highest risk, but internal Jenkins servers are also attractive because attackers who already have a foothold often search for CI/CD platforms to obtain credentials and expand access.

Immediate containment steps include upgrading to Jenkins 2.568 or LTS 2.555.3, restricting access to controllers through VPNs or allow-listed networks, reviewing accounts with Overall/Read and configuration rights, and auditing Script Console use. Administrators should also review view, item and agent configuration changes made since 10 June, especially unexpected config. xml updates, newly created views, unusual HTTP POST activity and requests for sensitive files under the Jenkins home path.

The article Jenkins attacks expose CI pipeline risk appeared first on Arabian Post.

The campaign, tracked as SearchJack, shows how ordinary-looking browser tools can turn search traffic into affiliate revenue while giving users little practical visibility into who handles their queries. The extensions were presented as satellite imagery tools, map services, news readers, productivity aids and search helpers, but shared a common technical pattern: they used Chrome’s settings override mechanism to make their own search route the browser default.

Security researchers who mapped the operation identified 22 publishers and at least eight monetisation brokers linked through tracking parameters inside final Yahoo search redirect URLs. The affected extensions include high-install items such as PerfecTab Search, Quick Search Tool and Better Search, each listed at about 100,000 users, along with NewTab. Search at about 70,000 users and several map, video, menu and navigation-themed tools with smaller user bases.

The issue matters because search queries can reveal health concerns, financial worries, workplace activity, travel plans, political interests and login destinations. Once routed through third-party middleware, those queries may be logged alongside IP addresses, device identifiers and other technical data. The same control over traffic also creates an escalation risk: operators that can redirect search requests can later point users towards phishing pages, credential-harvesting sites or malicious downloads without needing to push a visible extension update.

The SearchJack findings underline a broader weakness in the browser-extension economy. Many extensions do not need broad permissions to change a user’s search path. Some in the campaign were minimal “shell” extensions, containing little beyond a manifest file and a default-search instruction. That simplicity can help them appear low-risk in static review because they may lack background scripts, content scripts or intrusive permission prompts.

Other extensions appeared to add just enough visible functionality to justify installation. Map viewers, video libraries and search-switching interfaces can make a product look useful while the main commercial activity happens through hidden redirect chains. Search Toggler, one of the named extensions, was flagged for a routing design in which user queries passed through operator middleware even when the interface suggested a choice of search engine.

Chrome’s documentation allows extensions to override selected settings, including search behaviour, but the Chrome Web Store’s policy framework places responsibility on developers to avoid misleading behaviour and respect user expectations. Users are also normally asked to confirm search-engine changes when an extension alters the default search setting. SearchJack raises questions over whether confirmation prompts and listing disclosures are enough when the commercial routing layer is buried behind technical parameters.

Checks of named Chrome Web Store listings show why the problem is difficult for users to judge. PerfecTab Search, listed with about 100,000 users, describes itself as a default search extension and states that it does not collect or use user data. Better Search, also listed with about 100,000 users, discloses handling personally identifiable information, web history, user activity and website content, while promoting Yahoo-powered results from the address bar.

The operation also highlights the role of brokers. Affiliate identifiers such as trp, infospace, flowsurf, adk, becovi, imageadvan, mnet, fc and dcola were linked to the search flows. This broker-led model means individual extensions can be removed or replaced while revenue relationships and hosted-search pathways continue elsewhere. For platform operators, that makes enforcement against single listings less effective than action against account clusters, domains and partner identifiers.

The article Chrome search hijack exposes 758,000 users appeared first on Arabian Post.

The article Dubai courts UK investors with London business pitch appeared first on Arabian Post.

The first batch was received by officials of the Army’s Southern Command in Nashik, Maharashtra. The delivery forms part of a 217-drone contract, with the company aiming to supply the remaining 176 units by August 2026. The schedule gives Drogo Aerospace a tight execution window at a time when demand for tactical drones is rising across reconnaissance, border monitoring and battlefield support roles.

The JK 250e drones have been developed and built by Drogo Aerospace for surveillance, reconnaissance and other military missions. The platform can fly for up to three hours on a single charge, giving field units extended aerial coverage without depending on conventional runway infrastructure. The drone’s role is centred on intelligence gathering and real-time observation, areas that have become central to ground operations as armies adapt to a battlefield shaped by low-cost aerial systems, loitering munitions and sensor-driven targeting.

Drogo Aerospace founder and chief executive Yeshwanth Bonthu said the delivery validates the company’s technology base, manufacturing capability and commitment to national security. The company is now working on indigenous loitering munitions, long-endurance UAVs, AI-powered aerial intelligence platforms, advanced surveillance systems and reconnaissance products aimed at future operational requirements.

The order also marks a transition point for the company, formerly known as Drogo Drones Pvt Ltd. Its rebranding as Drogo Aerospace reflects a broader move beyond conventional drone manufacturing into defence, aviation, unmanned systems, satellite-linked platforms and aerospace technologies. Headquartered in Madhapur, Hyderabad, the firm has positioned itself as a next-generation unmanned systems developer at a time when procurement policy is opening more space for private manufacturers and specialised start-ups.

The company is setting up a 100,000-square-foot drone manufacturing facility at Maheshwaram in Telangana’s Ranga Reddy district. The state government has allotted about 4.5 acres to the firm within the Electronics Manufacturing Cluster for the project. The facility is expected to generate around 500 additional jobs, adding to an existing workforce of about 300. The investment is designed to support scale production as defence orders move from prototypes and limited trials to larger supply commitments.

The delivery comes as the armed forces are accelerating induction of drones for tactical and operational roles. Planned domestic military drone orders may exceed $2 billion this year, with deliveries expected over 18 to 24 months. More than 600 drone and component companies now operate in the country, including over 100 focused on defence applications. The sector includes large industrial groups as well as specialist start-ups developing reconnaissance platforms, logistics drones, loitering munitions, precision-strike systems and critical components.

Battlefield developments over the past three years have sharpened the focus on unmanned systems. The war in Ukraine demonstrated how inexpensive drones can alter artillery targeting, logistics interdiction and frontline surveillance. Conflicts in West Asia have further highlighted the value of layered air defence, counter-drone technology and rapid intelligence cycles. Along the northern and western frontiers, persistent surveillance has become a core requirement for ground formations operating across difficult terrain and extended lines of control.

The Ministry of Defence has also widened support for smaller firms through innovation challenges and procurement pathways aimed at turning prototypes into deployable systems. Under the iDEX framework, hundreds of start-ups, MSMEs and individual innovators have entered the defence innovation ecosystem since 2018. Dozens of prototypes have received procurement clearance, and contracts worth thousands of crores have moved from concept development into acquisition. This has helped shorten the distance between battlefield requirements and production-ready technology.

For Drogo Aerospace, execution of the JK 250e order will test its ability to deliver at scale while maintaining quality and mission reliability. Military drone contracts require not only airframe performance but also secure communications, rugged field handling, dependable batteries, payload integration, training, maintenance support and spare availability. The Army’s experience with the first batch is likely to shape follow-on acceptance, deployment tempo and confidence in the remaining units due by August.

The article Drogo delivery lifts Army drone capacity appeared first on Arabian Post.

The claim, attributed to an online actor using the handle SHADOWBYT3$, centres on data allegedly connected to TINYpulse, an employee engagement and feedback platform associated with WebMD Health Services. The material is said to include workforce survey records, corporate email addresses, staff names, internal analytics, exported reports, workplace feedback, payment-related PDFs and W-9 tax forms. The allegation has not been confirmed by Nintendo or TINYpulse, and the available material does not prove whether Nintendo’s own systems were breached.

The incident claim surfaced on cybercrime channels with a deadline tied to mid-June, escalating pressure on the Kyoto-headquartered gaming group at a time when the company is managing heightened investor scrutiny around its console cycle. The actor’s post said the dataset contained reports from 2016 through 2026 and threatened disclosure if payment was not made. Security researchers who reviewed samples said parts of the material appeared consistent with internal employee engagement records, though the full dataset and method of access remain unverified.

The most sensitive element of the claim is not game source code or unreleased product material, but human resources information. Employee sentiment surveys and feedback platforms can contain candid remarks about management, morale, workloads and internal culture. Even where such systems are designed to support anonymous or confidential input, exported reports, metadata, email fields and administrator dashboards may create pathways to identify individuals if controls fail or data is mishandled.

The threat actor’s own language suggested the alleged target may have been data stored in or exported from TINYpulse rather than Nintendo’s core network. That distinction is significant. A direct breach of Nintendo infrastructure would raise questions about corporate defences, while a compromise through an HR technology vendor would place the case within the wider pattern of third-party cyber risk affecting large companies that outsource specialist workforce, payroll, collaboration and analytics functions.

Nintendo had not publicly confirmed the alleged incident at the time of writing. The company would be expected to conduct forensic checks, review vendor access logs, identify affected jurisdictions and determine whether employee or contractor notification obligations are triggered. TINYpulse or its parent organisation may also face questions about data segregation, authentication, administrator access, export controls and the retention period for older employee feedback records.

The alleged dataset size is modest compared with large entertainment industry leaks, but cybersecurity specialists generally treat HR records as high-risk because they can enable phishing, identity theft, social engineering and reputational pressure. W-9 forms may contain taxpayer identification details. Bank statement PDFs, if genuine, would raise the sensitivity of the incident further. Internal feedback and performance-related files can also expose private workplace grievances or management concerns that were never intended for public release.

The claim follows a shift in cyber extortion tactics away from disruptive encryption alone towards data theft and publication threats. Criminal groups increasingly target business applications holding sensitive but non-public information, especially where access to a vendor or cloud service can affect several clients. HR, payroll, legal, procurement and customer-support platforms are valuable because they often contain structured personal data, internal communications and documents that companies are under pressure to protect.

For Nintendo, the immediate commercial risk appears limited because there is no confirmed indication that consumer accounts, payment systems, live services, game development repositories or Switch 2 operations were affected. The reputational risk, however, could be material if the claim is validated, particularly for staff whose private feedback or financial documents may have been exposed. The company has historically been aggressive in protecting intellectual property, but workforce data incidents require a different response centred on privacy, notification and employee support.

Nintendo has dealt with cyber-related controversies before. In 2020, unauthorised access involving Nintendo Network ID credentials ultimately affected about 300,000 accounts, prompting password resets and changes to login options. A separate wave of development material leaks around the same period became known in gaming communities as the “gigaleak”, although that involved a different category of historic technical and product files.

The article Nintendo breach claim puts HR data at risk appeared first on Arabian Post.

The token’s sideways move followed a modest recovery of about 4 per cent over the past week, a gain that stood out against a cautious wider cryptocurrency market. Bitcoin and Ether also traded firmer, but investor conviction remained fragile after sharp swings across risk assets and thinner liquidity in several major digital tokens.

Market sentiment indicators have moved into unusually negative territory for XRP. One widely tracked measure of trader positioning showed average 30-day returns for active XRP holders deeply underwater, with losses at levels last seen during the late-2020 stress period. Such readings do not guarantee a rally, but they have often appeared near moments when forced selling eased and short-term rebounds developed.

The latest phase of fear has been amplified by weak price structure. XRP remains far below the levels reached during last year’s rally and has struggled to hold gains above key moving averages. Technical traders are watching the $1.18 to $1.20 area as near-term support, while resistance around $1.29 and then the mid-$1.30s could determine whether the bounce extends or fades into another consolidation phase.

Liquidity has become a central concern. Order-book depth on major venues has thinned from earlier cycle peaks, making XRP more vulnerable to sharp intraday moves when leveraged positions are unwound. That cuts both ways: a negative headline can trigger outsized selling, while crowded bearish positioning can produce abrupt recoveries if spot buyers return.

The backdrop is mixed rather than uniformly bullish. The Ripple-linked token has benefited from a clearer legal environment after the long-running securities case over XRP sales was formally brought to an end last year, leaving a $125 million penalty and restrictions tied to institutional sales in place. That outcome removed one of the largest overhangs for secondary-market trading, though it did not erase regulatory scrutiny around token issuance and institutional distribution.

Institutional interest has also helped cushion sentiment. XRP-linked exchange-traded products have continued to attract attention from asset managers and trading firms, creating a channel for regulated exposure that was largely absent during earlier cycles. Supporters argue that this has broadened the investor base beyond retail traders, while sceptics note that inflows can soften but not fully offset macro-driven selling when liquidity retreats across crypto markets.

Network developments have added another layer to the debate. The XRP Ledger’s version 3.2.0 software release has shifted the core server branding from rippled to xrpld and introduced infrastructure changes aimed at improving node efficiency. The update is not a consumer-facing catalyst, but it matters for validators, developers and service providers that rely on stable network operations.

For traders, the immediate question is whether negative crowd sentiment has reached exhaustion. Crypto markets frequently move against the most crowded view, and XRP has a history of sharp rallies after periods of intense doubt. Yet those rebounds have usually required more than pessimism alone. Stronger spot demand, improved liquidity and broader risk appetite have all played a role.

Broader conditions remain unsettled. Digital assets have been affected by shifting expectations for interest rates, volatile technology shares and uncertainty over institutional portfolio flows. Bitcoin’s recovery from its early-June lows has helped steady sentiment, but the market has not returned to the momentum seen during earlier bullish phases.

XRP’s supporters continue to point to its established settlement narrative, long operating history and developer ecosystem. Critics counter that adoption claims have often run ahead of measurable usage, and that token performance remains heavily dependent on speculative flows rather than network revenue or clear cash-flow fundamentals.

That tension is likely to define XRP trading in the days ahead. A sustained move above the upper end of the current range could force short sellers to cover and invite momentum buyers back into the market. Failure to hold support near $1.18 would weaken the rebound argument and expose the token to another test of lower levels.

The article XRP steadies as extreme fear fuels rebound hopes appeared first on Arabian Post.

The Stock Trading Carnival runs from 15 June to 4 July 2026 and is positioned as the third edition of the exchange’s Global Capital Gala series. The campaign allows eligible users to share rewards by inviting friends to trade stocks, taking part in trading activities and entering incentives aimed at first-time stock traders on the platform.

The Panama City-announced initiative gives users access to high-profile names including Nvidia, Micron, Samsung and SK Hynix, placing the campaign directly within the artificial intelligence and semiconductor investment theme that has dominated market activity this year. The inclusion of memory-chip leaders reflects strong demand for high-bandwidth memory, data-centre infrastructure and AI-linked computing capacity, areas that have pushed chip and storage stocks sharply higher.

BingX is presenting the campaign as part of a wider push beyond digital assets into traditional finance products. Its TradFi offering already covers more than 100 assets across commodities, foreign exchange, stocks and indices, with the company saying traditional-finance trading reached half of total platform volume at its peak during the first quarter. The exchange has also said peak daily TradFi volume has exceeded $2bn.

The move shows how crypto exchanges are trying to retain users who want exposure to equities, commodities and macro assets without shifting between brokerage and digital-asset accounts. The promise of near round-the-clock access remains one of the main selling points, particularly for users outside the trading hours of major stock exchanges.

Pablo Monti, a BingX spokesperson, said stock trading had become a key pillar of the company’s multi-asset strategy, reflecting demand from users seeking broader exposure beyond crypto. He said BingX TradFi was designed to make global markets easier to access while keeping the flexibility and user experience associated with the exchange.

The launch comes during a broader industry race to package traditional assets for crypto-native traders. Tokenised equities and stock-linked products have moved from niche experiments to a major competitive front, with exchanges and blockchain infrastructure firms testing models that track listed shares, private-company valuations or equity indices.

That expansion also brings regulatory and market-structure questions. Tokenised securities remain subject to securities rules when they represent stocks, bonds or similar instruments, even if ownership is recorded on a blockchain. Regulators have drawn distinctions between issuer-sponsored tokens, custodial models backed by underlying securities, and synthetic products that provide price exposure without the same ownership rights.

Mainstream market operators are also entering the field. Nasdaq has received approval for trading and settlement of certain tokenised securities, initially covering major liquid stocks and exchange-traded funds, while other exchange groups have explored blockchain-based settlement systems. That puts crypto platforms under pressure to show that their equity-linked products have clear backing, transparent terms and adequate investor protections.

BingX has been building its profile through several overlapping initiatives. The company, founded in 2018, says it serves more than 40m users worldwide and ranks among the leading global crypto derivatives exchanges. It has promoted copy trading, spot trading, futures and AI-powered tools as part of a broader effort to become a trading hub rather than a pure crypto venue.

Its first-quarter update highlighted more than 5m users of BingX AI products and 57m queries handled by its AI suite. The company has also used sports sponsorships to raise visibility, including its role as principal partner of Chelsea FC since 2024 and as the first official crypto exchange partner of Scuderia Ferrari HP in 2026.

The stock campaign follows other product pushes, including zero-fee TradFi futures and pre-IPO access initiatives. Those areas can attract traders looking for early exposure to high-demand companies, but they also carry risks around liquidity, pricing, leverage and whether instruments are directly backed by assets.

The article BingX expands stock trading push with carnival appeared first on Arabian Post.

The operation, tracked as Velvet Ant and labelled Operation Highland by investigators, exposed a high-risk tactic in cyber espionage: rather than relying only on conventional malware, the intruders replaced trusted OpenSSH binaries and Pluggable Authentication Modules with altered versions that could steal credentials, log commands and allow unauthorised entry.

The earliest forensic traces date to 2016, indicating an intrusion that persisted across years of system operation, security reviews and containment efforts. The targeted environment had no direct internet connectivity, a design meant to limit exposure, but the attackers built a staged path through internet-facing systems and then moved through connected corporate infrastructure to reach the restricted segment.

The case underscores a growing weakness in critical infrastructure defence. Many operators focus heavily on perimeter controls, endpoint alerts and patching, while authentication components, network appliances and legacy systems may receive less scrutiny. Velvet Ant appears to have exploited that gap by embedding access into the login process itself, making normal administrative activity difficult to distinguish from hostile surveillance.

Investigators found that the attackers first compromised public-facing servers and deployed a modified version of GS-Netcat, an encrypted reverse-shell tool. The binary was disguised as a legitimate system utility and configured to survive reboots through system startup mechanisms. A separate SOCKS5 proxy written in Perl helped route traffic through compromised hosts and support lateral movement.

The intrusion then used web infrastructure as a bridge. Nginx configurations were altered, and FastCGI wrappers were chained to execute commands on back-end systems. One custom tool, named to resemble a routine uptime utility, established SSH connections into the restricted network after receiving parameters through HTTP requests. This allowed the attackers to reach hosts that were not directly exposed online.

The most damaging stage involved control of the authentication layer. PAM sits beneath many Linux login flows, including SSH sessions, and OpenSSH provides the remote access channel used by administrators across server estates. By altering both, Velvet Ant gained visibility into logins and commands while preserving an appearance of normal operations.

Nine variants of a backdoored pam_unix. so module were identified. Some accepted a hardcoded backdoor password, bypassing normal checks. Others captured legitimate usernames and passwords as users logged in. Several versions appeared to have been compiled in different environments, suggesting a structured build process rather than an improvised intrusion.

The OpenSSH modifications were equally intrusive. Altered ssh, sshd and scp binaries captured credentials, recorded shell commands and stored logs in hidden directories. Some versions included a custom flag allowing the operator to disable its own logging, reducing the risk that investigators would later reconstruct attacker actions from the compromised tools. In some cases, timestamps were manipulated to make malicious files resemble older system artefacts.

The operation also showed why password resets and session termination may fail when attackers control the component that validates credentials. Resetting passwords before removing the malicious PAM and OpenSSH binaries could simply feed new secrets back to the intruder. That placed defenders in a difficult position: removing the backdoor was necessary, but replacing authentication components incorrectly could lock administrators out of live systems.

The remediation effort required careful host-by-host profiling because the environment contained multiple Linux distributions and versions. Systems without internet access could not pull clean packages directly from trusted repositories, while critical production requirements limited downtime. Replacement components had to be tested, moved into the restricted network through controlled channels and validated immediately after deployment.

Velvet Ant has been associated with earlier campaigns targeting infrastructure that sits outside routine monitoring. A 2024 case involved legacy F5 BIG-IP appliances used for persistence, while another involved exploitation of a Cisco NX-OS command-injection flaw affecting Nexus switches after attackers obtained administrator-level access. The pattern points to a preference for trusted network and system components that defenders may treat as stable background infrastructure.

The article Velvet Ant hid inside Linux login stack appeared first on Arabian Post.

The article AMAALA opens with Four Seasons coastal debut appeared first on Arabian Post.