DIGITAL LIFE

Forget santa, HP warns hackers are coming for your cookies

HP Threat Research(threatresearch.ext.hp.com) just issued a new security report detailing a growing trend by attackers towards hijacking session cookies as an alternative means to tried-and-true credential theft. The reason hackers are finding a bigger appetite for sessions cookies is because today's hybrid work environment has led to changes that make stealing cookies more appealing than the old way of doing things.

Citing its 2025 Work Relationship Index, HP says one in five employees now work flexibly across office, home, and mobile environments. Meanwhile, enterprises are increasingly moving their core infrastructures to the cloud for the convenience of managing IT chores with a web browser, rather than utilizing on-premise domain controllers. This has led to a change in the way threat attackers breach organizations.

"Rather than steal credentials, attackers are now increasingly focusing on stealing authentication cookies. In this type of attack, a threat actor no longer needs to steal credentials or bypass MFA. Instead, they simply need the browser cookie that proves the target user (e.g. a system administrator) is logged in. Once they have it, they effectively have the privileges and access of that user," HP says.

This doesn't mean MFA (multi-factor authentication) is no longer important. HP notes that despite the draw of warm cookies, bad old fashioned credential theft is still popular. It's also preventable with MFA. However, organizations would be wide to also assess the risks inherent with today's hybrid work environments.

Whenever a user logs into a system, an authentication session is opened for that user and is used to keep the login active while interacting with the system. There are different ways of storing an open authentication system, such as locally on the user's device. However, storing sessions in the form of a cookie "is standard practice and used by most web applications," as it negates the need for manual session management. Therein lies the risk.

"If an attacker can obtain the authentication cookie, they can take over the active session and gain unauthorized access to a system. This gives the attacker the same access to the system as the initial user. So, if the user is a Microsoft Entra administrator, the attacker can gain critical permissions to an entire organization. In such a case, the attacker could weaken or bypass security controls, gain elevated privileges, or set up a persistent backdoor," HP warns.

Even worse, MFA offers absolutely no protection against this type of attack, since the threat actor has taken over the active session. And according to HP's data, token theft is the most common technique employed by hackers to bypass MFA and infiltrate Microsoft 365 services.

How is this done, though? HP says threat actors are using information stealers to swipe session cookies.

"Attackers infect an endpoint with malware that is capable of either directly taking over a session and injecting commands, or exfiltrating relevant active cookies from the system to an attacker-controlled server," HP explains.

HP's report goes on to highlight notable documented incidents of session cookie theft, including one that impacted Electronic Arts and resulted in hackers stealing 780GB of data. It also outlines preventative steps organizations can take, such as binding active sessions to a specific context, reducing how long sessions are active before needing to be validated again, and requiring re-authorization for sensitive actions such as adding a new administrator or changing passwords.

https://threatresearch.ext.hp.com/tracing-the-rise-of-breaches-involving-session-cookie-theft/

mundophone

 

CES 2026

Displace Pro TV 2: first TV with native AI to be revealed at CES. features gesture interaction and high personalization

There's another innovative novelty promised for the 2026 edition of the Consumer Electronics Show, which begins on January 6th. Displace, which calls itself the world's first company to launch a wireless television, returns to Las Vegas with another innovation. The technology company promises to show, among other things, the Pro TV 2, which it presents as "the first television with native artificial intelligence".

The Pro TV 2 features a 65-inch 4K OLED screen, with twice the brightness of the Pro TV 1, voice assistant features, and dedicated native NPUs and TPUs, which will allow for local AI processing, voice and gesture control, and more personalized content.

The company also emphasizes the privacy concerns associated with the design of the entire concept, noting that the local processing of operations and Displace's proprietary browser-based operating system ensure that all confidential user data always remains on the device.

In this new TV, whenever a video is paused, the TV displays relevant products from the scene, based on the user's personal preferences.

The user can also search for content using their voice and interact with the TV through gestures, without needing to use the remote control. Computer vision recognizes the user's face and gestures.

One of the demonstrations you'll see at CES is the ability to configure media sources of your choice (text-based news sites) and ask the TV to automatically create personalized video news channels based on the chosen content.

“Displace is redefining TV with a cutting-edge smart screen, using integrated AI chips that deliver real-world environmental experiences without compromising user privacy,” highlights Balaji Krishnan, founder and CEO of the technology company.

“The Pro TV 2 offers highly personalized AI experiences that feel easy and intuitive, paving the way for a new era where the TV becomes a true smart computer on your wall,” continues the executive in the press release about their presence at the fair.

During CES, Displace will be giving several live demonstrations of the technology. The equipment will also be available for purchase at the fair.

Displace's first television was also presented at CES in 2023, and it truly marked an innovation by eliminating all the wires needed to connect the equipment, including the power cord, as the model comes equipped with a battery. This model is the one featured in the photo accompanying this article.

Following its successful CES 2025 appearance, Displace, the creator of the world's first wireless television, today announced its return to CES 2026, the world's most powerful consumer tech event. During the annual conference on Jan. 6-9, 2026, Displace will showcase its new products, including Pro TV 2, the first AI-native TV, and conduct live demos of its AI features, signaling that the future of TV goes beyond passive entertainment.

Pro TV 2 arrives as the demand for TVs to do more, including function like phones, increases. Consumers want more interactive TV experiences, such as direct purchasing opportunities, highly personalized content and productivity tools, and Pro TV 2 delivers, with powerful, privacy-first, multimodal intelligence directly on the wall. This innovative product's dedicated native NPUs and TPUs enable local AI processing for voice and gesture control, personalized content using computer vision and fine-tuned local models. Coupled with the OS 2.0, the system transforms the TV from a passive display into an intelligent, ambient computing hub.

mundophone

 

DIGITAL LIFE

Fairness in AI: Study shows central role of human decision-making

AI-supported recommender systems should provide users with the best possible suggestions for their inquiries. These systems often have to serve different target groups and take other stakeholders into account who also influence the machine's response: e.g. service providers, municipalities or tourism associations.

So how can a fair and transparent recommendation be achieved here?

Researchers from Graz University of Technology (TU Graz), the University of Graz and Know Center investigated this using a cycling tour app from the Graz-based start-up Cyclebee. They conducted research into how the diversity of human needs can be taken into account by AI. The study was awarded a Mind the Gap research prize for gender and diversity by TU Graz.

The findings are published in the journal Frontiers in Big Data.

Impact on numerous groups..."AI-supported recommender systems can have a major influence on purchasing decisions or the development of guest and visitor numbers," says Bernhard Wieser from the Institute of Human-Centered Computing at TU Graz.

"They provide information on services or places worth visiting and should ideally take individual needs into account. However, there is a risk that certain groups or aspects are under-represented."

In this context, an important finding of the research was that the targeted fairness is a multi-stakeholder problem, as not only end users play a role, but also numerous other actors.

These include service providers such as hotels and restaurants along the routes and third parties such as municipalities and tourism organizations. And then there are stakeholders who don't even come into contact with the app but are nevertheless affected, such as local residents who could feel the effects of overtourism.

According to the study, reconciling all these stakeholders cannot be solved with technology alone.

"If the app is to deliver the fairest possible results for everyone, the fairness goals must be clearly defined in advance. And that is a very human process that starts with deciding which target group to serve," says Wieser.

Involving all actors in the design...This target group decision influences the selection of the AI training data, its weighting and further steps in the algorithm design. In order to involve the other stakeholders as well, the researchers propose the use of participatory design, in which all actors are involved, in order to harmonize their ideas as well as possible.

"Ultimately, however, you have to decide in favor of something, so it's up to the individual," says Dominik Kowald from the Fair AI group at the Know Center research center and the Institute of Digital Humanities at the University of Graz. "Not everything can be optimized at the same time with an AI model. There is always a trade-off."

Ultimately, it is up to the developers to decide what this trade-off looks like, but according to the researchers, it is important for end users and providers that there is transparency. Users want to be able to adapt or influence the recommendations, and providers want to know the rules according to which routes have been set or providers ranked.

"Our study results are intended to support software developers in their work in the form of design guidelines, and we also want to provide guidelines for political decision-makers," says Wieser.

"It is important that we make recommender systems increasingly available to smaller, regional players thanks to technological developments. This would make it possible to develop fair solutions and thus create counter-models to multinational corporations, which would sustainably strengthen regional value creation."

Provided by Graz University of Technology

 

DIGITAL LIFE

Publishers fight big tech with small local language models

As 2025 closes, referrals from social media and organic search are dead or dying, and generative AI is coming for facts. But 2026 may grant publishers an opportunity Silicon Valley has persistently ignored: local knowledge.

Journalism and Big Tech have long been frenemies. For 15 years, Facebook and its peers have wielded immense market power behind polite smiles and self-serving terms. But the wheel of progress turns, and generative AI has recently disrupted news publishers and tech platforms alike. The AI bubble may soon pop, but conversational interfaces powered by large language models (LLMs) are here to stay, and with them, an opportunity for publishers to break free from the grip of the tech titans.

The key is the Model Context Protocol (MCP), an open-source project from Anthropic that allows generative AI tools to interact with more traditional software systems via any standard application programming interface (API). Barely a year old, MCP has seen rapid market adoption and the support of major platforms from Azure to WhatsApp.

The magic is that an MCP server is a dictionary, translating GenAI requests into actions that the API of an external service can provide. In effect, it makes LLMs infinitely extensible via seamless integration with any digital tool available on the internet.

Software developers have been the first to adopt the tool, and can “create a Jira ticket for a WordPress site, build it in a GitHub repo, register a domain on AWS, and deploy the app to EC2” on command. That prompt is an oversimplification, but not an exaggeration.

For news consumers, it could mean asking Siri, Google, or ChatGPT for the latest news and seeing updates from their preferred local or regional news sources. Or: “What’s being built on Elm Street?”, or “When is the farmers market open?”, or any other question tied to specifically local interests. This everyday information is invaluable to the community, but its commercial value is tied to the local proximity and so rarely appears in the large datasets that feed search indexes or train LLMs.

But think of a local newsroom as a human LLM. Journalists collect, organize, and publish select details across a vast array of local topics. Beyond decades of news archives, our digital shelves include event calendars, obituaries, verified lists of local people, places, and institutions, civic meeting agendas and minutes, election results, building permits, restaurant inspections, local ordinances, development projects, and more.

Right now, the value of this information remains largely untapped on our own sites, and readers rarely come to us for it — they’re on other platforms when they ask the questions our local data and reporting might answer. Either individually or in regional collaborations, newsrooms should create knowledge bases — structured repositories of information — trained on local reporting and local data, available to the community through freemium or subscription products. “Subscribe to our website and get access to our local knowledge base — now also available on your favorite chatbot or search engine.”

These local services will run on small language models. SLMs are cheaper to build, easier to maintain, and grounded in a narrowly defined domain, making them far less prone to factual improvisation than LLMs. By design, SLMs are only economically viable at a local level, giving large tech platforms little incentive to compete in the space. What they will have is an incentive to provide their users access to this layer of local intelligence — so long as the administrative and financial demands are reasonable.

And that is the power of open standards. MCP can be thought of as RSS for LLMs: a lightweight, universal way for any model or chatbot to discover, connect to, and use local structured knowledge without bespoke integrations, contract negotiations, or exclusive partnerships. Signup can be automated. Payments (if any) become small, predictable, and standardized. This lowers the barriers for publishers and platforms, and gives readers the choice to enrich their chatbot with trusted local intelligence.

If publishers embrace small language models and open standards, they may regain some control over how local knowledge is collected, delivered, and valued. For decades, news organizations have tried to win while playing by Big Tech’s rules, but MCP and SLMs give them something new in the digital era: a home field advantage. The platforms own the pipes, but publishers can own the intelligence that matters most to our communities.

Local knowledge is journalism’s superpower. Newsrooms that invest in structured data, local SLMs, and MCP-enabled delivery will define a new, durable model for digital journalism, free from platform dependency and focused on accurate and trusted information about the places people actually live.

by Damon Kiesow---https://bsky.app/profile/damon.kiesow.net

 

TECH

Google at risk of heavy fine: EU demands Play Store follow Apple's example

The world of technology regulation in Europe is full of twists and turns. After years of being the main target of the European Commission's antitrust investigations, Apple seems to have managed, through its recent and drastic changes to the App Store, to become the "model student." Now, it's Google that's in the spotlight.

Google Play has been under scrutiny from the European Commission since March of this year, in the context of payment methods for app purchases and the value of customer acquisition fees. In August, Google implemented some flexibilities in this area, but European regulators are dissatisfied with the results of these measures and would like to see broader concessions, considering Apple's similar actions as a model. It is expected that European authorities will agree that Apple's measures to align its business practices with regional antitrust laws are sufficient.

Google may formally make additional concessions to avoid a hefty fine in the EU, but there is no certainty that the corresponding penalties will be imposed in the first quarter of this year. Google representatives have expressed not only a willingness to continue cooperating with the European Commission, but also concern about creating more favorable conditions for the distribution of malware and the theft of user data through Google Play. Fines for violating the European Data Protection Act (DMA) can reach 10% of the company's annual revenue. On a global scale, the European Commission is also investigating Google regarding the legality of prioritizing its namesake search engine, as well as the use of online content by its AI tools, not to mention the advertising policies of the American internet giant.

According to an exclusive Reuters report, the search giant is at risk of incurring a heavy fine from the European Union as early as next year. The reason? The changes Google made to the Play Store are not enough to comply with the Digital Markets Act (DMA), and regulators are using Apple's changes as the new benchmark that Google must meet.

For those following the regulatory saga, this development is surprising. Apple was fined €500 million earlier this year and has been fiercely fighting against opening up its ecosystem. However, the “comprehensive changes” that the Cupertino company ended up implementing in Europe — which include new fee structures and greater freedom for third-party stores — seem to have convinced regulators, at least partially.

Now, the European Commission is looking at Google and asking: “Why can’t you be more like Apple?”

Google announced changes to the Play Store in August in an attempt to appease Brussels. These changes included:

-Fee reduction: Cuts in the “initial acquisition fee” from 10% to 3%.

-New models: A two-tier system for in-app transactions and purchases (IAPs).

However, Reuters sources indicate that these measures “still fall short” of expectations. The Commission considers that Google has not done enough to ensure that developers can direct customers to alternative channels fairly and without excessive friction, something that Apple's new framework (despite its complexity) seems to have addressed more satisfactorily in the eyes of the law.

Google is now in a race against time. The report suggests that the company still has an opportunity to avoid the financial penalty. Google can offer new changes and concessions to regulators before the fine is formally applied, which is expected to happen in the first quarter of 2026.

If Google fails to match the “Apple standard” in time, it could face one of those astronomical fines for which the EU has become famous in the tech sector.

mundophone

DIGITAL LIFE

'Big Tech's backyard', digital extractivism: data centers face dilemmas in Brazil

TikTok announced investments exceeding R$ 200 billion to build its first data center in Brazil and Latin America in Caucaia (CE), in what the industry sees as the start of a wave of projects landing in the country, in a movement with the potential to multiply the domestic technological infrastructure by four to five times. They all seek Brazil's clean and abundant energy—but also the tax benefits granted by the Lula government, which, according to Minister Fernando Haddad, could unlock the attraction of R$ 2 trillion in investments to the country.

However, this euphoria runs into a complex crossroads, where the shine of trillion-dollar investments overshadows growing tensions about the real cost-benefit for the nation.

Behind the billion-dollar figures, civil society, national industry, and the infrastructure sector are engaged in a heated debate around three fundamental dilemmas that could define Brazil's technological future. The first, most immediate, is political. The second, medium-term, concerns the effect on Brazilian equipment manufacturers. And the third, long-term, is about the environmental impact.

For various sides of this dispute, it is not just about building buildings to house servers focused on artificial intelligence, but about deciding what role Brazil will play in the digital economy: a sovereign power or a colony for processing other people's data.

The impact of data centers on natural and energy resources. The most forceful criticism comes from Idec (Brazilian Institute for Consumer Protection), which warns of the danger of Brazil becoming a "data center backyard" for big tech companies: a country full of facilities with high water and energy consumption and territorial occupation, but aimed at generating wealth for abroad.

"If data is the new oil, data centers are the new refineries." The production of a good, which is artificial intelligence, follows the same logic as the colonial plantations of the 1500s (?). They used the strength of enslaved people and nature to concentrate energy in sugarcane and send it to the metropolis to generate value. It's the same thing with data centers: they are using Brazilian energy, water, and soil to be transformed into value abroad ''...Júlia Catão Dias, Coordinator of the Responsible and Sustainable Consumption Program at Idec.

The five data centers, one of which belongs to TikTok, approved in Ceará are prime examples of this dynamic, says Júlia. The projects will be built in water-stressed zones (Caucaia has been in a state of emergency due to drought in 16 of the last 21 years) and, due to the configuration of the EPZs, will only export data processing services. The criticism also extends to Redata, because those benefiting from the tax exemption are only required to allocate 10% of their capacity to local data processing - going beyond that is optional.

Tossi, from ABDC, admits that Brazil has become a preferred target for the installation of data centers due to its energy potential. "The world is experiencing a moment where we are trying to attract investments here, because Brazil has two main inputs that the global market demands: available and renewable electricity. (...) This is what big tech companies are looking for, because they have a goal of meeting the Paris Agreement. In addition, energy here has a relatively competitive price when compared to the United States."

mundophone

 

TECH

Star power: how energy efficient is your home?

Ever wondered how energy efficient your home is? CSIRO's new Energy Rating Finder puts the power in your hands. It indicates the energy performance of your home's thermal shell—the walls, floors, roof, windows and insulation. These features influence how much energy it takes to keep your home at a comfortable temperature.

It's like an appliance star label, but for your home. If your address doesn't appear in the database, your home may not have an energy rating yet. But don't worry, there are other ways to estimate its efficiency—we'll get to that shortly.

Your home's thermal shell—walls, roof, floors, windows, and insulation—plays a big role in energy performance and comfort.

A win for people and the planet...CSIRO data scientist and platform developer Melissa James, said the goal was to make energy performance information accessible. "The system is easy to use—simply enter an address, and if data is available, you'll receive an energy-efficiency rating out of 10," James said.

A zero-star home offers little protection from external temperatures, while a 10-star home stays comfortable with minimal, if any heating or cooling.

You can also search by postcode or street name to help locate the address you're interested in and view its energy-efficiency rating. James hopes this data sparks curiosity and encourages upgrades.

"We want people to see how their home rates and start thinking about what changes could make a difference," James said. "Energy-efficient homes use less power, cost less to heat and cool and are more comfortable to live in.

"They also produce fewer carbon emissions, which is better for the planet. In addition, energy-efficient homes can help reduce energy infrastructure costs by lowering overall demand," she said.

Powered by a decade of data...The Energy Rating Finder includes headline certificate data from the Nationwide House Energy Rating Scheme (NatHERS) providing a snapshot of your home's energy performance—watch this video to learn more.

"All new homes and many undergoing major renovations must demonstrate that they meet the minimum standard specified under the building regulations (currently seven stars for most states). Most do this using software accredited by NatHERS," James said.

Average ratings have improved dramatically since the standard was established in 2003, from 1.8 stars for older homes to seven stars for most new builds in 2025.

James cautioned that not all properties are included in the database.

"CSIRO has been collecting this data since 2016, so only homes built or renovated after this date and assessed using NatHERS—which accounts for 80% of assessments nationwide, will appear in the system," she said.

NatHERS is also expanding NatHERS assessments to existing homes. Eventually this data may be included in the Energy Rating Finder.

If your property isn't covered, try RapidRate, a CSIRO tool that estimates your home's energy efficiency using basic information.

Together, these resources give Australians more insight into home energy performance than ever before.

Have your say...CSIRO is inviting feedback on the Energy Rating Finder: Tell us what you think. You can easily opt-out if you don't want your property's data shown publicly: Find out more

Amp up your home's energy efficiency...Thinking about improving your home's energy efficiency? James said performance depends on many factors, from insulation and window design to shading and ventilation. Even roof color matters.

So what impacts your home's energy rating? For example, CSIRO's Dr. Mahsan Sadeghi found that dark roofs absorb and retain heat, creating urban heat islands.

While structural changes are easiest during building or renovating, CSIRO offers tips for keeping older houses warm or cool without major work.

And energy efficient homes don't just lower bills and emissions—they can also boost the property's value.

Improving home energy efficiency—it's the bright thing to do.

Energy efficiency ratings:

-A-G or 0-10 Stars: Many systems, such as in the European Union and Australia (NatHERS), use a scale from A (most efficient) to G (least efficient), or from 0 to 10 stars for residences.

-More stars = More savings: A higher rating means the house (or appliance) consumes less energy to maintain comfort, resulting in lower utility bills and a smaller carbon footprint.

-Example House (Australia): A 0-star rated house offers little thermal protection, requiring a lot of energy to heat or cool. A 10-star house remains comfortable year-round with little or no need for mechanical heating or cooling.

Tips to improve energy efficiency:

-Regardless of your current rating, you can increase your home's efficiency with the following measures:

-Improve insulation: Add insulation to walls, floors, ceilings, and roofs to reduce heat loss.

-Seal air leaks: Use caulk and sealing tape to seal gaps around windows, doors, and wall outlets.

-Upgrade to energy-efficient appliances: When buying new appliances, look for those with the highest star rating (or A rating on the European label).

-Install LED lighting: Replace incandescent bulbs with LEDs, which use up to 75% less energy and last much longer.

-Use smart thermostats: Program your heating and cooling to adjust automatically when you are not at home or sleeping.

-Consider renewable energy: Installing solar panels can reduce or eliminate your reliance on traditional energy sources.

Provided by CSIRO