I have no context for this video—it’s from Reddit—but one of the commenters adds some context:

Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades. We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We don’t know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, it’s awesome)...

The post Friday Squid Blogging: Giant Squid Eating a Diamondback Squid appeared first on Security Boulevard.

I have no context for this video—it’s from Reddit—but one of the commenters adds some context:

Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.

With so many people carrying around cameras, we’re getting more videos of giant squid at the surface than in previous decades. We’re also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We don’t know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, it’s awesome).

When we see big (giant or colossal) healthy squid like this, it’s often because a fisher caught something else (either another squid or sometimes an antarctic toothfish). The squid is attracted to whatever was caught and they hop on the hook and go along for the ride when the target species is reeled in. There are a few colossal squid sightings similar to this from the southern ocean (but fewer people are down there, so fewer cameras, fewer videos). On the original instagram video, a bunch of people are like “Put it back! Release him!” etc, but he’s just enjoying dinner (obviously as the squid swims away at the end).

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

On Thursday, The Walt Disney Company announced a $1 billion investment in OpenAI and a three-year licensing agreement that will allow users of OpenAI’s Sora video generator to create short clips featuring more than 200 Disney, Marvel, Pixar, and Star Wars characters. It’s the first major content licensing partnership between a Hollywood studio related to the most recent version of OpenAI’s AI video platform, which drew criticism from some parts of the entertainment industry when it launched in late September.

“Technological innovation has continually shaped the evolution of entertainment, bringing with it new ways to create and share great stories with the world,” said Disney CEO Robert A. Iger in the announcement. “The rapid advancement of artificial intelligence marks an important moment for our industry, and through this collaboration with OpenAI we will thoughtfully and responsibly extend the reach of our storytelling through generative AI, while respecting and protecting creators and their works.”

The deal creates interesting bedfellows between a company that basically defined modern US copyright policy through congressional lobbying back in the 1990s and one that has argued in a submission to the UK House of Lords that useful AI models cannot be created without copyrighted material.

Read full article

Comments

© China News Service via Getty Images

Charlie Cox and Zooey Deschanel co-parent a depressed dog in a serviceable attempt to appeal to animal lovers during the festive period

It is a truth universally acknowledged, at least in my social circles, that co-parenting a dog is a bad idea. Most will tell you: shared canine custody arrangements prevent exes from moving on. It’s a logistical headache. It causes fights. It’s annoying for all involved (and then some). And apparently, in a revelation worthy of a straight-to-streaming movie, it makes dogs depressed.

Not to minimize the mental health of dogs – I’ve listened to my mother boast about our family chihuahua’s “EQ” enough to know that man’s best friend has the capacity for great emotional sensitivity. (And the ability to convey it on command – for a truly outstanding performance of doggie depression, please see Bing the bereft great dane in 2024’s The Friend.) I have no doubt that a dog like Merv, a wired-hair terrier sort played by Gus the Dog in Merv’s eponymous Amazon movie, would struggle to adjust from life in a single family unit to split homes. Whether or not the ill-advised dog-sharing arrangement can sustain a whole Christmas romcom, however, is a dubious proposition.

Continue reading...

© Photograph: Wilson Webb/Prime

© Photograph: Wilson Webb/Prime

© Photograph: Wilson Webb/Prime

Prime Video dropped an extended teaser for the fifth and final season of The Boys—based on the comic book series of the same name by Garth Ennis and Darick Robertson—during CCXP in Sao Paulo, Brazil. And it looks like we’re getting nothing less than a full-on Supe-ocalypse as an all-powerful Homelander seeks revenge on The Boys.

(Spoilers for prior seasons of The Boys and S2 of Gen V below.)

Things were not looking good for our antiheroes after the S4 finale. They managed to thwart the assassination of newly elected US President Robert Singer, but new Vought CEO/evil supe Sister Sage (Susan Heyward) essentially overthrew the election and installed Senator Steve Calhoun (David Andrews) as president. Calhoun declared martial law, and naturally, Homelander (Antony “Give Him an Emmy Already” Starr) swore loyalty as his chief enforcer. Butcher (Karl Urban) and Annie (Erin Moriarty) escaped, but the rest of The Boys were rounded up and placed in re-education—er, “Freedom”—camps.

Read full article

Comments

© YouTube/Prime Video

Amazon Prime Video has scaled back an experiment that created laughable anime dubs with generative AI.

In March, Amazon announced that its streaming service would start including “AI-aided dubbing on licensed movies and series that would not have been dubbed otherwise.” In late November, some AI-generated English and Spanish dubs of anime popped up, including dubs for the Banana Fish series and the movie No Game No Life: Zero. The dubs appear to be part of a beta launch, and users have been able to select “English (AI beta)” or “Spanish (AI beta)” as an audio language option in supported titles.

“Absolutely disrespectful”

Not everyone likes dubbed content. Some people insist on watching movies and shows in their original language to experience the media more authentically, with the passion and talent of the original actors. But you don’t need to be against dubs to see what’s wrong with the ones Prime Video tested.

Read full article

Comments

© Amazon

Have you been trying to cast Stranger Things from your phone, only to find that your TV isn’t cooperating? It’s not the TV—Netflix is to blame for this one, and it’s intentional. The streaming app has recently updated its support for Google Cast to disable the feature in most situations. You’ll need to pay for one of the company’s more expensive plans, and even then, Netflix will only cast to older TVs and streaming dongles.

The Google Cast system began appearing in apps shortly after the original Chromecast launched in 2013. Since then, Netflix users have been able to start video streams on TVs and streaming boxes from the mobile app. That was vital for streaming targets without their own remote or on-screen interface, but times change.

Today, Google has moved beyond the remote-free Chromecast experience, and most TVs have their own standalone Netflix apps. Netflix itself is also allergic to anything that would allow people to share passwords or watch in a new place. Over the last couple of weeks, Netflix updated its app to remove most casting options, mirroring a change in 2019 to kill Apple AirPlay.

Read full article

Comments

© Bloomberg

Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news

In 2016, the legendary Japanese filmmaker Hayao Miyazaki was shown a bizarre AI-generated video of a misshapen human body crawling across a floor.

Miyazaki declared himself “utterly disgusted” by the technology demo, which he considered an “insult to life itself.”

“If you really want to make creepy stuff, you can go ahead and do it,” Miyazaki said. “I would never wish to incorporate this technology into my work at all.”

Read full article

Comments

© Aurich Lawson | Getty Images

Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.

Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since.

Or have we? The move towards paid bug bounties and the rise of platforms that manage bug bounty programs for security teams has changed the reality of disclosure significantly. In certain cases, these programs require agreement to contractual restrictions. Under the status quo, that means that software companies sometimes funnel vulnerabilities into bug bounty management platforms and then condition submission on confidentiality agreements that can prohibit researchers from ever sharing their findings.

In this talk, I’ll explain how confidentiality requirements for managed bug bounty programs restrict the ability of those who attempt to report vulnerabilities to share their findings publicly, compromising the bargain at the center of the CVD process. I’ll discuss what contract law can tell us about how and when these restrictions are enforceable, and more importantly, when they aren’t, providing advice to hackers around how to understand their legal rights when submitting. Finally, I’ll call upon platforms and companies to adapt their practices to be more in line with the original bargain of coordinated vulnerability disclosure, including by banning agreements that require non-disclosure.

And this is me from 2007, talking about “responsible disclosure”:

This was a good idea—and these days it’s normal procedure—but one that was possible only because full disclosure was the norm. And it remains a good idea only as long as full disclosure is the threat.

We got our first glimpse of the much-anticipated second season of Fallout (adapted from the popular video game franchise) in August when Prime Video released an extended teaser. We now have the official trailer, with all the deadpan humor, explosions, and mutant atrocities one could hope for—including ghoulish Elvis impersonators in New Vegas.

(Spoilers for S1 below.)

As previously reported, in S1, we met Lucy MacLean (Ella Purnell), a young woman whose vault is raided by surface dwellers. The raiders kill many vault residents and kidnap her father, Hank (Kyle MacLachlan), so the sheltered Lucy sets out on a quest to find him. Life on the surface is pretty brutal, but Lucy learns fast. Along the way, she finds an ally (and love interest) in Maximus (Aaron Moten), a squire masquerading as a knight of the Brotherhood of Steel. And she runs afoul of a gunslinger and bounty hunter known as the Ghoul (Walton Goggins), a former Hollywood actor named Cooper Howard who survived the original nuclear blast, but radiation exposure turned him into, well, a ghoul.

Read full article

Comments

© YouTube/Prime Video

ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report

Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?

As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.

Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.

We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals

The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans

In episode 404 (no pun intended!) we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure’s automatic failover capabilities. ** […]

The post It’s Always DNS: Lessons from the AWS Outage appeared first on Shared Security Podcast.

The post It’s Always DNS: Lessons from the AWS Outage appeared first on Security Boulevard.

💾

As tech companies build data centers worldwide to advance artificial intelligence, vulnerable communities have been hit by blackouts and water shortages.

© Cesar Rodriguez for The New York Times

Political debates have flared across Chile over artificial intelligence. Should the nation pour billions into A.I. and risk public backlash, or risk being left behind?

Good video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers