The picture, taken with Paul Thomas Anderson at this year’s Oscar nominee lunch, recalls the eerie image that closes Kubrick’s 1980 horror classic

Frankenstein director Guillermo del Toro’s “jazz hands” pose in the Oscar nominee luncheon photo was part of his and fellow director Paul Thomas Anderson’s attempt to recreate the celebrated group shot, featuring Jack Nicholson, that appears at the ending of The Shining.

Del Toro responded to a post – in which he and Anderson had been inserted into the image from the 1980 horror film directed by Stanley Kubrick – by saying: “[Y]ou got it! PTA and I said: Let’s do the Shining pose and we tried.”

Continue reading...

© Photograph: Richard Harbaugh/The Academy

© Photograph: Richard Harbaugh/The Academy

© Photograph: Richard Harbaugh/The Academy

Brazil president to receive unprecedented honour at opening night of procession with a giant effigy of him

He is a giant of Brazilian politics and soon he will become a giant of Brazilian carnival too: a 22-metre metal figurine, to be precise.

Luiz Inácio Lula da Silva, who rose from rural poverty to become his country’s first working class president, is to receive an unprecedented tribute at the opening night of Rio’s annual carnival procession on Sunday.

Continue reading...

© Photograph: Alan Lima/The Guardian

© Photograph: Alan Lima/The Guardian

© Photograph: Alan Lima/The Guardian

When Apple's Vision Pro mixed reality headset launched in February 2024, users were frustrated at the lack of a proper YouTube app—a significant disappointment given the device's focus on video content consumption, and YouTube's strong library of immersive VR and 360 videos. That complaint continued through the release of the second-generation Vision Pro last year, including in our review.

Now, two years later, an official YouTube app from Google has launched on the Vision Pro's app store. It's not just a port of the iPad app, either—it has panels arranged spatially in front of the user as you'd expect, and it supports 3D videos, as well as 360- and 180-degree ones.

YouTube's App Store listing says users can watch "every video on YouTube" (there's a screenshot of a special interface for Shorts vertical videos, for example) and that they get "the full signed-in experience" with watch history and so on.

Read full article

Comments

© YouTube

Protesters are enjoying greater freedom of expression since Nicolás Maduro’s downfall despite lack of regime change

Protesters have taken to the streets of cities across Venezuela in the latest sign of an embryonic political shift after Nicolás Maduro’s recent downfall.

Student demonstrators gathered on the campus of the Central University of Venezuela in Caracas on Thursday to demand the release of all of the country’s political prisoners, the return of exiled activists and a full transition to democracy. “Who are we? Venezuela! What do we want? Freedom!” they shouted.

Continue reading...

© Photograph: Maxwell Briceno/Reuters

© Photograph: Maxwell Briceno/Reuters

© Photograph: Maxwell Briceno/Reuters

Warning: this video contains footage that may be distressing to some viewers.

In October 2025, 122 people were killed in what would become Rio’s deadliest police operation. ‘Operation Containment’ was designed to arrest members of one of Brazil's most powerful organised crime groups, the Red Command.

Three months after the police raid many questions still remain, but the Guardian's investigation found that at least one person killed was not a gang member. Police chiefs and conservative politicians have hailed it as a historic blow to organised crime but activists, security experts, the families of the dead, and even Brazil’s president, Luiz Inácio Lula da Silva, have called a disastrous and futile massacre.

A team of journalists across the Guardian has pieced together police body-camera footage, satellite imagery and pictures and video posted to social media to get the clearest picture to date of what happened that day.

• Rio’s bloodiest day: the untold story of Brazil’s most deadly police raid

Continue reading...

© Photograph: Composit

© Photograph: Composit

© Photograph: Composit

Apple's 2026 has already brought us the AirTag 2 and a new Creator Studio app subscription aimed at independent content creators, but nothing so far for the company's main product families.

That could change soon, according to reporting from Bloomberg's Mark Gurman. New versions of Apple's low-end iPhone, the basic iPad and iPad Air, and the higher-end MacBook Pros are said to be coming "imminently," "soon," and "shortly," respectively, ahead of planned updates later in the year for the iPad mini, Studio Display, and other Mac models.

Here's what we think we know about the hardware that's coming.

Read full article

Comments

© Samuel Axon

In 2018, we lamented as Nintendo officially replaced the Virtual Console—its long-running line of downloadable classic games on the Wii and Wii U—with time-limited access to a set of games through a paid Nintendo Switch Online subscription. Now, Hamster Corporation is doing what Nintendo no longer will by offering downloadable versions of retro console games for direct individual purchase on the Switch 2.

As part of today's Nintendo Direct Partner Showcase, Hamster announced a new Console Archives line of emulated classics available for download starting today on the Switch 2 and next week on the PlayStation 5 (sorry, Xbox and OG Switch fans). So far that lineup only includes the original PlayStation snowboarding title Cool Boarders for $12 and the NES action platformer Ninja Gaiden II: The Dark Sword of Chaos for $8, but Hamster promises more obscure games, including Doraemon and Sonic Wings Special, will be available in the future.

If the name Hamster Corporation sounds familiar, it's because the company is behind the Arcade Archive series, which has repackaged individual arcade games for purchase and emulated play on modern consoles since 2014. That effort, which celebrated its 500th release in December, even includes some of Nintendo's classic arcade titles, which the Switch-maker never officially released on the original Virtual Console.

Read full article

Comments

© Hamster Corp.

If you know anything about the history of id Software, you know how 1992's Wolfenstein 3D helped establish the company's leadership in the burgeoning first-person shooter genre, leading directly to subsequent hits like Doom and Quake. But only the serious id Software nerds remember Catacomb 3D, id's first-person adventure game that directly preceded and inspired work on Wolfenstein 3D.

Now, nearly 35 years after Catacomb 3D's initial release, id co-founder John Romero brought the company's founding members together for an informative retrospective video on the creation of the oft-forgotten game. But the pioneering game—which included mouse support, color-coded keys, and shooting walls to find secrets—almost ended up being a gimmicky dead end for the company.

Texture maps and "undo" animation

Catacomb 3D was a follow-up to id's earlier Catacomb, which was a simplified clone of the popular arcade hit Gauntlet. As such, the 3D game still has some of that "quarter eater" mentality that was not very fashionable in PC gaming at the time, as John Carmack remembered.

Read full article

Comments

© id Software

Apple's new Creator Studio subscription bundle officially launches today, offering access to a wide range of updated professional apps for an all-or-nothing price of $12.99 a month or $129 a year. Teachers and students can get the same apps for $2.99 a month, or $29.99 a year.

The bundle includes either access to or enhanced features for a total of 10 Apple apps, though the base versions of several of these are available for free to all Mac and iPad owners:

• Final Cut Pro
• Logic Pro
• Pixelmator Pro
• Keynote, Pages, and Numbers
• Freeform
• Motion, Compressor, and MainStage (Mac only)

When companies introduce a subscription-based model for long-standing apps with an established user base, they often shift exclusively to a subscription model, offering continuous updates in return for a more consistent revenue stream. But these aren't always popular with subscription-fatigued users, who have seen virtually all major paid software shift to a subscription model in the last 10 or 15 years, and who in recent years have had to deal with prices that are continuously being ratcheted upward.

Read full article

Comments

© Andrew Cunningham

Ingram Micro, one of the world’s largest IT distributors, has confirmed that sensitive personal data was leaked following a ransomware attack that disrupted its operations last year. The Ingram Micro data breach incident, which paralysed the company’s logistics systems for nearly a week in July 2025, has now been linked to the theft of files containing employee and applicant information, affecting more than 42,000 individuals. The Ingram Micro data breach came to light through a mandatory filing with U.S. authorities, which revealed that 42,521 people were impacted, including five residents of the state of Maine. According to the company, the attackers accessed internal file repositories between July 2 and July 3, 2025, during an external system breach involving hacking. However, the breach was only discovered several months later, on December 26, 2025.

Ransomware Attack Led to Extended Disruption

The data exposure follows a ransomware attack that caused widespread operational disruption at Ingram Micro in July 2025. At the time, the company’s logistics were reportedly paralysed for about a week, affecting its ability to process and distribute products. While the immediate impact of Ingram Micro data breach on operations was known, it has now emerged that the attackers also exfiltrated sensitive files during the same period. In a notice sent to affected individuals, Ingram Micro said it detected a cybersecurity incident involving some of its internal systems on July 3, 2025. The company launched an investigation into the nature and scope of the issue and determined that an unauthorised third party had taken certain files from internal repositories over a two-day window.

Ingram Micro Data Breach: Personal and Employment Data Stolen

The compromised files included employment and job applicant records, containing a wide range of personal information. According to the Ingram Micro data breach notification, the stolen data may include names, contact information, dates of birth, and government-issued identification numbers such as Social Security numbers, driver’s licence numbers, and passport numbers. In addition, certain employment-related information, including work evaluations and application documents, was also accessed. The company noted that the types of affected personal information varied by individual. Ingram Micro employs approximately 23,500 people worldwide, and the breach affected both current and former employees, as well as job applicants. Ingram Micro said it took steps to contain and remediate the unauthorised activity as soon as the incident was detected. These measures included proactively taking certain systems offline and implementing additional security controls. The company also engaged leading cybersecurity experts to assist with its investigation and notified law enforcement. As part of its response to the Ingram Micro data breach, the company conducted a detailed review of the affected files to understand their contents. It was only after completing this review that Ingram Micro confirmed that some of the files contained personal information about individuals.

Support Offered to Affected Individuals

Ingram Micro is notifying impacted individuals and encouraging them to take steps to protect their personal information. Under U.S. law, affected individuals are entitled to one free credit report annually from each of the three nationwide consumer reporting agencies. The company has also arranged to provide complimentary credit monitoring and identity protection services for two years. In its notification, Ingram Micro urged people to remain vigilant by reviewing their account statements and monitoring their credit reports. The company included guidance on how to register for the free protection services and additional steps to reduce the risk of identity theft. For further assistance, Ingram Micro has set up a dedicated call centre for questions related to the breach. The company said it regrets any inconvenience caused and is working to address concerns raised by those affected.

Broader Implications for Corporate Cybersecurity

The incident highlights the growing risks organisations face from ransomware attacks that not only disrupt operations but also result in data theft. The delay between the occurrence of the breach in July and its discovery in December emphasizes the challenges companies face in detecting and containing sophisticated cyber intrusions. For large enterprises like Ingram Micro, which play a central role in global IT supply chains, the consequences of such attacks can extend beyond immediate operational losses. The exposure of sensitive employee and applicant data adds a long-term dimension to the impact, increasing the risk of identity theft and fraud for those affected. As investigations continue, the ransomware attack on Ingram Micro serves as a reminder of the importance of strong cybersecurity controls, continuous monitoring, and timely incident response to limit both operational disruption and data loss.

The Canadian Investment Regulatory Organization (CIRO) has confirmed that it detected a cybersecurity threat earlier this month and took immediate steps to contain the situation. The CIRO cybersecurity incident, first identified on August 11, 2025, prompted CIRO to proactively shut down parts of its IT environment to protect its systems and data while an investigation was launched. The CIRO is the national self-regulatory body overseeing all investment dealers, mutual fund dealers, and trading activity across Canada’s debt and equity markets. CIRO’s mandate includes protecting investors, ensuring efficient and consistent regulation, and strengthening public trust in financial regulation and the professionals who manage Canadians’ investments. In a public update issued from Toronto on August 18, CIRO said critical regulatory and surveillance functions remained operational throughout the disruption. The organization also reassured the public that its real-time equity market surveillance operations are continuing as normal and that there is currently no active threat within its systems. CIRO added a clear warning to the public: “CIRO will never contact you about this event with an unsolicited call or email asking for your personal or financial information.”

CIRO Cybersecurity Incident: What Happened

According to organization, the CIRO cybersecurity incident was detected on August 11, 2025. As a precautionary measure, the organization temporarily shut down some of its systems to ensure their safety and immediately began a technical and forensic investigation. “Throughout this time, critical functions remained available,” CIRO stated, emphasizing that its core regulatory responsibilities were not disrupted. It later confirmed, “We are confident that the incident is contained and that there is no active threat in CIRO’s environment.” CIRO is working with both internal teams and external cybersecurity and legal experts, as well as law enforcement authorities, to determine the nature and full scope of the breach.

Personal Information Affected at CIRO

On August 17, preliminary investigative findings indicated that some personal information had been impacted. The affected data relates to certain member firms and their registered employees. CIRO acknowledged the seriousness of this development, stating, “Given the high standard of security that CIRO expects of both itself and its members, we are deeply concerned about this, and know our members will be too.” The organization said its immediate priority is to identify which individual registrants may have been affected. Once that process is complete, CIRO will notify impacted individuals directly and provide appropriate risk mitigation services. Further updates are expected as the investigation progresses.

Are Investors Impacted?

CIRO stressed that Canadians’ investments are not at risk as a result of the CIRO cybersecurity incident. The regulator clarified that it only holds limited investor data, obtained through its member compliance and oversight functions. “It is important to note that Canadians’ investments are not at risk. CIRO only receives information about a sample of investors through its member compliance functions,” the organization said. However, CIRO acknowledged that some investor information may have been impacted. If the investigation confirms that any investor data was affected, those individuals will be notified directly and offered risk mitigation services.

What CIRO Is Doing Now

In response to the breach, CIRO has engaged both internal and external experts to carry out a full technical and forensic investigation. The regulator said the incident has been successfully contained and that additional system and data security measures have already been implemented. “We engaged internal and external experts to perform a technical and forensic investigation to identify the nature and scope of the event,” CIRO said. “As previously shared, the incident has been successfully contained, and additional system and data security measures have been implemented to enhance our existing cyber security protections.” CIRO also expressed regret over the CIRO cybersecurity incident and committed to ongoing transparency. “We deeply regret this has happened and remain committed to providing further updates on this page as we learn more.”

Key Takeaways

• CIRO detected a cybersecurity threat on August 11, 2025, and shut down some systems as a precaution.
• The CIRO cybersecurity incident is contained, and there is no active threat in CIRO’s environment.
• Some personal and registration information linked to member firms and registered employees was affected.
• Some investor information may have been impacted, but Canadians’ investments are not at risk.
• Impacted individuals will be notified directly and offered risk mitigation services.
• CIRO will never contact individuals with unsolicited calls or emails seeking personal or financial information.

As the investigation continues, CIRO says it will release more details in due course and provide direct notifications to anyone confirmed to be affected.

Democrats demanded information from seven top U.S. oil companies about any meetings with the Trump administration regarding plans to control Venezuela’s oil industry.

© Adriana Loureiro Fernandez for The New York Times

It’s hard right now to be a progressive Democrat in the heart of America’s tech industry.

© Eric Lee for The New York Times

Deepfakes of Venezuela’s ousted president, Nicolás Maduro, flooded the internet after his capture, in a new collision of breaking news and artificial intelligence.

Most of the reserves in the country are extra-heavy oil that’s tough to extract and generates more greenhouse gases.

© Adriana Loureiro Fernandez for The New York Times

The administration has downplayed concerns — from mass job losses, to a potential financial bubble — as President Trump cheers soaring stock prices and faster growth.

© Scott Ball for The New York Times

Military brinkmanship between President Trump and Nicolás Maduro of Venezuela has led to an increase in electronic warfare in the region.

© Alejandro Cegarra for The New York Times

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

In November 2024, researchers at the security firm Qurium published an investigation into “Doppelganger,” a disinformation network that promotes pro-Russian narratives and infiltrates Europe’s media landscape by pushing fake news through a network of cloned websites.

Doppelganger campaigns use specialized links that bounce the visitor’s browser through a long series of domains before the fake news content is served. Qurium found Doppelganger relies on a sophisticated “domain cloaking” service, a technology that allows websites to present different content to search engines compared to what regular visitors see. The use of cloaking services helps the disinformation sites remain online longer than they otherwise would, while ensuring that only the targeted audience gets to view the intended content.

Qurium discovered that Doppelganger’s cloaking service also promoted online dating sites, and shared much of the same infrastructure with VexTrio, which is thought to be the oldest malicious traffic distribution system (TDS) in existence. While TDSs are commonly used by legitimate advertising networks to manage traffic from disparate sources and to track who or what is behind each click, VexTrio’s TDS largely manages web traffic from victims of phishing, malware, and social engineering scams.

BREAKING BAD

Digging deeper, Qurium noticed Doppelganger’s cloaking service used an Internet provider in Switzerland as the first entry point in a chain of domain redirections. They also noticed the same infrastructure hosted a pair of co-branded affiliate marketing services that were driving traffic to sketchy adult dating sites: LosPollos[.]com and TacoLoco[.]co.

The LosPollos ad network incorporates many elements and references from the hit series “Breaking Bad,” mirroring the fictional “Los Pollos Hermanos” restaurant chain that served as a money laundering operation for a violent methamphetamine cartel.

Affiliates who sign up with LosPollos are given JavaScript-heavy “smartlinks” that drive traffic into the VexTrio TDS, which in turn distributes the traffic among a variety of advertising partners, including dating services, sweepstakes offers, bait-and-switch mobile apps, financial scams and malware download sites.

LosPollos affiliates typically stitch these smart links into WordPress websites that have been hacked via known vulnerabilities, and those affiliates will earn a small commission each time an Internet user referred by any of their hacked sites falls for one of these lures.

According to Qurium, TacoLoco is a traffic monetization network that uses deceptive tactics to trick Internet users into enabling “push notifications,” a cross-platform browser standard that allows websites to show pop-up messages which appear outside of the browser. For example, on Microsoft Windows systems these notifications typically show up in the bottom right corner of the screen — just above the system clock.

In the case of VexTrio and TacoLoco, the notification approval requests themselves are deceptive — disguised as “CAPTCHA” challenges designed to distinguish automated bot traffic from real visitors. For years, VexTrio and its partners have successfully tricked countless users into enabling these site notifications, which are then used to continuously pepper the victim’s device with a variety of phony virus alerts and misleading pop-up messages.

According to a December 2024 annual report from GoDaddy, nearly 40 percent of compromised websites in 2024 redirected visitors to VexTrio via LosPollos smartlinks.

ADSPRO AND TEKNOLOGY

On November 14, 2024, Qurium published research to support its findings that LosPollos and TacoLoco were services operated by Adspro Group, a company registered in the Czech Republic and Russia, and that Adspro runs its infrastructure at the Swiss hosting providers C41 and Teknology SA.

Qurium noted the LosPollos and TacoLoco sites state that their content is copyrighted by ByteCore AG and SkyForge Digital AG, both Swiss firms that are run by the owner of Teknology SA, Giulio Vitorrio Leonardo Cerutti. Further investigation revealed LosPollos and TacoLoco were apps developed by a company called Holacode, which lists Cerutti as its CEO.

The apps marketed by Holacode include numerous VPN services, as well as one called Spamshield that claims to stop unwanted push notifications. But in January, Infoblox said they tested the app on their own mobile devices, and found it hides the user’s notifications, and then after 24 hours stops hiding them and demands payment. Spamshield subsequently changed its developer name from Holacode to ApLabz, although Infoblox noted that the Terms of Service for several of the rebranded ApLabz apps still referenced Holacode in their terms of service.

Incredibly, Cerutti threatened to sue me for defamation before I’d even uttered his name or sent him a request for comment (Cerutti sent the unsolicited legal threat back in January after his company and my name were merely tagged in an Infoblox post on LinkedIn about VexTrio).

Asked to comment on the findings by Qurium and Infoblox, Cerutti vehemently denied being associated with VexTrio. Cerutti asserted that his companies all strictly adhere to the regulations of the countries in which they operate, and that they have been completely transparent about all of their operations.

“We are a group operating in the advertising and marketing space, with an affiliate network program,” Cerutti responded. “I am not [going] to say we are perfect, but I strongly declare we have no connection with VexTrio at all.”

“Unfortunately, as a big player in this space we also get to deal with plenty of publisher fraud, sketchy traffic, fake clicks, bots, hacked, listed and resold publisher accounts, etc, etc.,” Cerutti continued. “We bleed lots of money to such malpractices and conduct regular internal screenings and audits in a constant battle to remove bad traffic sources. It is also a highly competitive space, where some upstarts will often play dirty against more established mainstream players like us.”

Working with Qurium, researchers at the security firm Infoblox released details about VexTrio’s infrastructure to their industry partners. Just four days after Qurium published its findings, LosPollos announced it was suspending its push monetization service. Less than a month later, Adspro had rebranded to Aimed Global.

A REVEALING PIVOT

In March 2025, researchers at GoDaddy chronicled how DollyWay — a malware strain that has consistently redirected victims to VexTrio throughout its eight years of activity — suddenly stopped doing that on November 20, 2024. Virtually overnight, DollyWay and several other malware families that had previously used VexTrio began pushing their traffic through another TDS called Help TDS.

Digging further into historical DNS records and the unique code scripts used by the Help TDS, Infoblox determined it has long enjoyed an exclusive relationship with VexTrio (at least until LosPollos ended its push monetization service in November).

In a report released today, Infoblox said an exhaustive analysis of the JavaScript code, website lures, smartlinks and DNS patterns used by VexTrio and Help TDS linked them with at least four other TDS operators (not counting TacoLoco). Those four entities — Partners House, BroPush, RichAds and RexPush — are all Russia-based push monetization programs that pay affiliates to drive signups for a variety of schemes, but mostly online dating services.

“As Los Pollos push monetization ended, we’ve seen an increase in fake CAPTCHAs that drive user acceptance of push notifications, particularly from Partners House,” the Infoblox report reads. “The relationship of these commercial entities remains a mystery; while they are certainly long-time partners redirecting traffic to one another, and they all have a Russian nexus, there is no overt common ownership.”

Renee Burton, vice president of threat intelligence at Infoblox, said the security industry generally treats the deceptive methods used by VexTrio and other malicious TDSs as a kind of legally grey area that is mostly associated with less dangerous security threats, such as adware and scareware.

But Burton argues that this view is myopic, and helps perpetuate a dark adtech industry that also pushes plenty of straight-up malware, noting that hundreds of thousands of compromised websites around the world every year redirect victims to the tangled web of VexTrio and VexTrio-affiliate TDSs.

“These TDSs are a nefarious threat, because they’re the ones you can connect to the delivery of things like information stealers and scams that cost consumers billions of dollars a year,” Burton said. “From a larger strategic perspective, my takeaway is that Russian organized crime has control of malicious adtech, and these are just some of the many groups involved.”

WHAT CAN YOU DO?

As KrebsOnSecurity warned way back in 2020, it’s a good idea to be very sparing in approving notifications when browsing the Web. In many cases these notifications are benign, but as we’ve seen there are numerous dodgy firms that are paying site owners to install their notification scripts, and then reselling that communications pathway to scammers and online hucksters.

If you’d like to prevent sites from ever presenting notification requests, all of the major browser makers let you do this — either across the board or on a per-website basis. While it is true that blocking notifications entirely can break the functionality of some websites, doing this for any devices you manage on behalf of your less tech-savvy friends or family members might end up saving everyone a lot of headache down the road.

To modify site notification settings in Mozilla Firefox, navigate to Settings, Privacy & Security, Permissions, and click the “Settings” tab next to “Notifications.” That page will display any notifications already permitted and allow you to edit or delete any entries. Tick the box next to “Block new requests asking to allow notifications” to stop them altogether.

In Google Chrome, click the icon with the three dots to the right of the address bar, scroll all the way down to Settings, Privacy and Security, Site Settings, and Notifications. Select the “Don’t allow sites to send notifications” button if you want to banish notification requests forever.

In Apple’s Safari browser, go to Settings, Websites, and click on Notifications in the sidebar. Uncheck the option to “allow websites to ask for permission to send notifications” if you wish to turn off notification requests entirely.