Whats in bigtech?
- Samsung's Big AI Bet with Perplexity: Get ready for a significant AI upgrade on your next Samsung device! Reports indicate Samsung is on the verge of a major agreement with AI search startup Perplexity AI. The deal is expected to involve pre-installing Perplexity's AI assistant and app on upcoming Samsung devices, integrating its powerful AI search capabilities directly into Samsung's web browser, and potentially even enhancing the Bixby voice assistant. This move could drastically change how Samsung phone users access information and interact with on-device AI.
- Google's Quiet Push for On-Device AI: Google has been making moves behind the scenes, quietly releasing an app that allows users to download and run AI models directly on their own devices. This development signals a strong strategic shift towards on-device artificial intelligence, which promises faster AI processing, enhanced privacy (as user data stays on your device), and the ability to use AI features even without an internet connection. Expect more seamless and responsive AI experiences.
- Meta's AI Moderation Shift: In a move sparking considerable debate, Meta is reportedly transitioning thousands of its human content moderation roles to AI systems. While this aims to improve efficiency and scale content review, it raises important questions about the accuracy of AI in content moderation, the potential for bias, and the overall safety of online platforms without extensive human oversight. This shift could significantly impact content governance on Facebook and Instagram.
- OpenAI's "AI Super Assistant" Vision: Unsealed documents from OpenAI have shed light on their ambitious long-term strategy: to evolve ChatGPT from a mere chatbot into an all-purpose AI companion for daily life. Their vision is for a singular AI that assists you with a wide range of tasks, from managing your schedule and handling communications to providing personalized advice and information, truly becoming an omnipresent digital helper.
- AI's Job Market Ripple Effect: The conversation around AI's impact on employment continues to intensify, particularly concerning roles for software engineers. There are growing concerns and reports of recent graduates facing difficulties finding positions, with some describing it as an "AI job apocalypse" for certain fields. This highlights the ongoing need for upskilling and adapting to a rapidly changing tech-driven job market.
Valorant Moving to Unreal Engine 5
Riot Games has confirmed that Valorant will transition to Unreal Engine 5 with Patch 11.02, set to roll out by the end of July 2025. This upgrade promises smoother framerates, enhanced technical performance, and future improvements in graphics and animation. While the core gameplay will remain unchanged, players can expect better rendering and optimization. Additionally, Riot is introducing a replay system in September with Patch 11.06, allowing players to analyze past matches
WWDC 2025 Preview
Apple’s Worldwide Developers Conference (WWDC) kicks off on June 9, 2025, with major software updates expected across iOS, macOS, iPadOS, watchOS, and tvOS. While AI-powered features will be part of the announcements, Apple may focus more on platform consistency and navigation improvements rather than groundbreaking AI advancements. A new gaming app and battery optimization tools are also rumored to be unveiled.
Fujifilm Instax Mini 41 Launch
Fujifilm has launched the Instax Mini 41 in India, priced at ₹13,999, with a discounted price of ₹10,499 on select platforms. This analogue instant camera features Automatic Light Adjustment, ensuring well-balanced exposure in various lighting conditions. It also includes a Close-up Mode for improved selfies and detailed shots.
Google Pixel 10 Teaser
Google is hosting an exclusive pre-launch event for the Pixel 10 series on June 27, 2025, in London. The event, called Pixel Penthouse, will allow select superfans and retail partners to get hands-on experience with pre-release Pixel devices. This suggests an earlier-than-usual launch, possibly in July or August.
Cybersecurity in the Spotlight: Battling the Evolving Threats
- Alleged TikTok Data Breach: A significant cybersecurity concern for social media users has emerged, with a new threat actor named "Often9" claiming to have stolen a massive 428 million unique user records from TikTok. The alleged method was by exploiting an internal API vulnerability. If confirmed, this data breach includes sensitive information such as email addresses, mobile numbers, TikTok user IDs, and other profile details, posing a substantial privacy risk. TikTok has launched a probe into these serious allegations.
- Coinbase Hack Linked to Insider Threats: A major cyberattack impacting over 69,000 Coinbase customers, potentially costing the cryptocurrency exchange a staggering $400 million, has been linked to a disturbing tactic: hackers bribing customer service workers. Specifically, reports suggest these agents, from a US-based company called TaskUs (which has a large operational presence in India), allegedly leaked sensitive customer data, allowing the cryptocurrency breach to occur. This incident painfully underscores that human vulnerabilities can be a critical gateway for even sophisticated cyberattacks, regardless of technical safeguards.
- ConnectWise Cyberattack : Even companies dedicated to cybersecurity solutions are not immune. ConnectWise, a prominent developer of remote access software, disclosed that it was the victim of a cyberattack. The company suspects the attack was perpetrated by a nation-state threat actor, exploiting a high-severity vulnerability (CVE-2025-3935). While only a small number of ScreenConnect customers were impacted, this incident serves as a stark reminder of the persistent and sophisticated cyber threats faced by critical software providers.
- Active Vulnerabilities and New Malware: The cybersecurity landscape is rife with actively exploited weaknesses. Critical vulnerabilities (CVE-2025-48827, CVE-2025-48828) in the vBulletin forum software are being actively targeted, allowing unauthenticated remote code execution. Qualcomm has also released patches for three zero-day vulnerabilities (CVE-2025-21479, CVE-2025-21480, CVE-2025-27038) in its Adreno GPU, which were exploited in targeted Android attacks. Furthermore, a new Rust-based information stealer called EDDIESTEALER is being spread via fake CAPTCHA pages, designed to bypass Chromium's encryption and steal sensitive browser data like cookies. Cybersecurity awareness and timely updates are crucial.
- The Overwhelm of Security Tools: A recent global survey by Barracuda Networks highlights a significant challenge in cybersecurity: 65% of IT and security professionals feel overwhelmed by managing too many security tools. This "tool sprawl" is ironically increasing cyber risk and complexity, as disjointed solutions create gaps. The report suggests a growing need for integrated, perhaps AI-powered cybersecurity platforms, to simplify management and enhance overall defense against the rising tide of digital threats.
A bit about the CVE's mentioned above..
Here's what we know about the specific CVEs:
-
CVE-2025-3935 (ConnectWise ScreenConnect)
- What it is: A high-severity vulnerability in ConnectWise ScreenConnect versions 25.2.3 and earlier.
- Type: ViewState code injection. It affects web applications built on the ASP.NET framework that use ViewState to preserve page and control state.
- How it's exploited: Attackers could exploit this by injecting malicious code. Successful exploitation often requires obtaining "machine keys" that protect ViewState, which implies an attacker might need some level of privileged system access first
- Impact: Can lead to remote code execution (RCE) on the server.
- Context in news: ConnectWise disclosed that this vulnerability was exploited in a cyberattack suspected to be from a nation-state actor. Patches were released in April 2025 after Microsoft observed in-the-wild misuse of ASP.NET machine keys.
-
CVE-2025-48827 and CVE-2025-48828 (vBulletin Forum Software)
- What they are: These are critical vulnerabilities affecting the vBulletin forum software (versions 5.1.0, 5.7.5, 6.0.1, and 6.0.3 are confirmed vulnerable). They were publicly disclosed in May 2025.
- Type:
- CVE-2025-48827: Relates to a "protected method invocation issue."
- CVE-2025-48828: Allows arbitrary PHP code execution by abusing "Template Conditionals" in the template engine.
- How they're exploited: The vulnerabilities can be exploited for unauthenticated remote code execution (RCE), particularly when running vBulletin on PHP 8.1 or later. Attackers can craft malicious template code to bypass security checks.
- Impact: Unauthenticated remote code execution, giving attackers significant control over the affected forum.
- Context in news: These flaws are being actively exploited in the wild shortly after their disclosure. While a patch was reportedly issued quietly in April 2024, the CVEs were only assigned and public exploitation began more recently.
-
CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 (Qualcomm Adreno GPU)
- What they are: Three zero-day vulnerabilities in Qualcomm's Adreno Graphics Processing Unit (GPU) driver, affecting numerous chipsets used in Android devices.
- Type:
- CVE-2025-21479 & CVE-2025-21480: Both are "incorrect authorization" vulnerabilities in the Graphics component. They can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is executed. These are rated as critical severity.
- CVE-2025-27038: A "use-after-free" vulnerability in the Graphics component that could result in memory corruption while rendering graphics using Adreno GPU drivers, particularly in the Chrome browser. This one has a high severity rating.
- Impact: Can lead to memory corruption, and potentially allow attackers to bypass browser isolation or execute arbitrary code. Google's Threat Analysis Group (TAG) has indicated these may have been used in targeted attacks.
- Context in news: Qualcomm released security updates for these, urging OEMs (original equipment manufacturers) to deploy them quickly, as there are indications of "limited, targeted exploitation" in the wild.
-
CVE-2024-11857 (Realtek Bluetooth HCI Adaptor)
- What it is: A high-severity vulnerability in the Bluetooth Host Controller Interface (HCI) Adaptor from Realtek.
- Type: "Link Following" vulnerability (CWE-59: Improper Link Resolution Before File Access).
- How it's exploited: Local attackers with regular privileges can create a symbolic link (symlink) with the same name as a specific file. This tricks the product into deleting arbitrary files that the symlink points to.
- Impact: Can lead to arbitrary file deletion, which an attacker could then leverage for privilege escalation on the Windows system.
- Context in news: This flaw allows for local arbitrary file deletion and potential privilege escalation.
-
CVE-2025-20672 (MediaTek Bluetooth Driver)
- What it is: A high-severity vulnerability in the MediaTek Bluetooth driver.
- Type: Heap overflow (specifically, an out-of-bounds write due to an incorrect bounds check).
- How it's exploited: This vulnerability could lead to local escalation of privilege. It requires user execution privileges but no user interaction for exploitation.
- Impact: Local escalation of privilege, meaning an attacker with limited access could gain higher-level permissions on the device.
- Context in news: MediaTek included this and other vulnerabilities in their recent security bulletin, affecting a range of their chipsets.
