A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Vendors who discover the vulnerability may create patches or advise workarounds to mitigate it, though users need to deploy that mitigation to eliminate the vulnerability in their systems. Zero-day attacks are severe threats. == Definition == Despite developers' goal of delivering a product that works entirely as intended, virtually all products contain software and hardware bugs. If a bug creates a security risk, it is called a vulnerability. Vulnerabilities vary in their ability to be exploited by malicious actors. Some are not usable at all, while others can be used to disrupt the device with a denial of service attack. The most dangerous allow the attacker to inject and run their own code, without the user being aware of it. Although the term "zero-day" initially referred to the time since the vendor had become aware of the vulnerability, zero-day vulnerabilities can also be defined as the subset of vulnerabilities for which no patch or other fix is available. A zero-day exploit is any exploit that takes advantage of such a vulnerability. == Exploits == An exploit is the delivery mechanism that takes advantage of the vulnerability to penetrate the target's systems, for such purposes as disrupting operations, installing malware, or exfiltrating data. Researchers Lillian Ablon and Andy Bogart write that "little is known about the true extent, use, benefit, and harm of zero-day exploits". Exploits based on zero-day vulnerabilities are considered more dangerous than those that take advantage of a known vulnerability. However, it is likely that most cyberattacks use known vulnerabilities, not zero-days. Governments of states are the primary users of zero-day exploits, not only because of the high cost of finding or buying vulnerabilities, but also the significant cost of writing the attack software. Nevertheless, anyone can use a vulnerability, and according to research by the RAND Corporation, "any serious attacker can always get an affordable zero-day for almost any target". Many targeted attacks and most advanced persistent threats rely on zero-day vulnerabilities. In 2017, the average time to develop an exploit from a zero-day vulnerability was estimated at 22 days. The difficulty of developing exploits has been increasing over time due to increased anti-exploitation features in popular software. === Window of vulnerability === Zero-day vulnerabilities are often classified as alive—meaning that there is no public knowledge of the vulnerability—and dead—the vulnerability has been disclosed, but not patched. If the software's maintainers are actively searching for vulnerabilities, it is a living vulnerability; such vulnerabilities in unmaintained software are called immortal. Zombie vulnerabilities can be exploited in older versions of the software but have been patched in newer versions. Even publicly known and zombie vulnerabilities are often exploitable for an extended period. Security patches can take months to develop, or may never be developed. A patch can have negative effects on the functionality of software and users may need to test the patch to confirm functionality and compatibility. Larger organizations may fail to identify and patch all dependencies, while smaller enterprises and personal users may not install patches. Research suggests that risk of cyberattack increases if the vulnerability is made publicly known or a patch is released. Cybercriminals can reverse engineer the patch to find the underlying vulnerability and develop exploits, often faster than users install the patch. According to research by RAND Corporation published in 2017, zero-day exploits remain usable for 6.9 years on average, although those purchased from a third party only remain usable for 1.4 years on average. The researchers were unable to determine if any particular platform or software (such as open-source software) had any relationship to the life expectancy of a zero-day vulnerability. Although the RAND researchers found that 5.7 percent of a stockpile of secret zero-day vulnerabilities will have been discovered by someone else within a year, another study found a higher overlap rate, as high as 10.8 percent to 21.9 percent per year. == Countermeasures == Because, by definition, there is no patch that can block a zero-day exploit, all systems employing the software or hardware with the vulnerability are at risk. This includes secure systems such as banks and governments that have all patches up to date. Security systems are designed around known vulnerabilities, and repeated exploitations of a zero-day exploit could continue undetected for an extended period of time. Although there have been many proposals for a system that is effective at detecting zero-day exploits, this remains an active area of research in 2023. Many organizations have adopted defense-in-depth tactics so that attacks are likely to require breaching multiple levels of security, which makes it more difficult to achieve. Conventional cybersecurity measures such as training and access control — including multi-factor authentication, least-privilege access, and air-gapping makes it harder to compromise systems with a zero-day exploit. Since writing perfectly secure software is impossible, some researchers argue that driving up the cost of exploits is considered a good strategy to reduce the burden of cyberattacks. == Market == Zero-day exploits can fetch millions of dollars. There are three main types of buyers: White: the vendor, or to third parties such as the Zero Day Initiative that disclose to the vendor. Often such disclosure is in exchange for a bug bounty. Not all companies respond positively to disclosures, as they can cause legal liability and operational overhead. It is not uncommon to receive cease-and-desist letters from software vendors after disclosing a vulnerability for free. Gray: the largest and most lucrative. Government or intelligence agencies buy zero-days and may use it in an attack, stockpile the vulnerability, or notify the vendor. The United States federal government is one of the largest buyers. As of 2013, the Five Eyes (United States, United Kingdom, Canada, Australia, and New Zealand) captured the plurality of the market and other significant purchasers included Russia, India, Brazil, Malaysia, Singapore, North Korea, and Iran. Middle Eastern countries were poised to become the biggest spenders. Black: organized crime, which typically prefers exploit software rather than just knowledge of a vulnerability. These users are more likely to employ "half-days" where a patch is already available. In 2015, the markets for government and crime were estimated at least ten times larger than the white market. Sellers are often hacker groups that seek out vulnerabilities in widely used software for financial reward. Some will only sell to certain buyers, while others will sell to anyone. White market sellers are more likely to be motivated by non pecuniary rewards such as recognition and intellectual challenge. Selling zero-day exploits is legal. Despite calls for more regulation, law professor Mailyn Fidler says there is little chance of an international agreement because key players such as Russia and Israel are not interested. The sellers and buyers that trade in zero-days tend to be secretive, relying on non-disclosure agreements and classified information laws to keep the exploits secret. If the vulnerability becomes known, it can be patched and its value consequently crashes. Because the market lacks transparency, it can be hard for parties to find a fair price. Sellers might not be paid if the vulnerability was disclosed before it was verified, or if the buyer declined to purchase it but used it anyway. With the proliferation of middlemen, sellers could never know to what use the exploits could be put. Buyers could not guarantee that the exploit was not sold to another party. Both buyers and sellers advertise on the dark web. Research published in 2022 based on maximum prices paid as quoted by a single exploit broker found a 44 percent annualized inflation rate in exploit pricing. Remote zero-click exploits could fetch the highest price, while those that require local access to the device are much cheaper. Vulnerabilities in widely used software are also more expensive. They estimated that around 400 to 1,500 people sold exploits to th
Caspio
Caspio, Inc. is an American software company providing a low-code platform for building cloud-based business applications. Founded in 2000 by Frank Zamani, the company is headquartered in Sunnyvale, California, with operations in Poland, the Philippines, and Spain. Caspio’s platform allows organizations to create online database applications and workflow tools without extensive coding. == History == Caspio was founded by Frank Zamani in 2000. The company initially focused on simplifying custom cloud applications and reducing development time and cost as compared to traditional software development. Caspio released the first version of its platform, Caspio Bridge, in 2001. In 2014, Caspio released a HIPAA-Compliant Edition of its low-code application development platform. Caspio also released an EU General Data Protection Regulation (GDPR) Compliance Edition of its low-code application development platform in 2016. Caspio's second European Software Development Center opened in Kraków, Poland in 2017. In 2019, Forrester Research listed Caspio and three other platforms in its highest of four ranked tiers of twelve low-code platforms for business developers based on rankings of offerings and strategy at that time. Caspio also opened data centers in Montreal, Canada and India in 2020.
Blue check
A blue check is used on social media platforms, notably X (formerly known as Twitter), to indicate the authenticity of an account. Since November 2022, Twitter users whose accounts are at least 90 days old and have a verified phone number receive verification upon subscribing to X Premium or Verified Organizations; this status persists as long as the subscription remains active. When introduced in June 2009, the system provided the site's readers with a means to distinguish genuine notable account holders, such as celebrities and organizations, from impostors or parodies. Until November 2022, a blue checkmark displayed against an account name indicated that Twitter had taken steps to ensure that the account was actually owned by the person or organization whom it claimed to represent. The checkmark does not imply endorsement from Twitter, and does not mean that tweets from a verified account are necessarily accurate or truthful in any way. People with verified accounts on Twitter are often colloquially referred to as "blue checks" on social media and by reporters. In November 2022, the verification program was modified heavily by new owner Elon Musk, extending verification to any account with a verified phone number and an active subscription to an eligible X Premium (formerly Twitter Blue) plan. These changes faced criticism from users and the media, who believed that the changes would ease impersonation, and allow accounts spreading misleading information to feign credibility. In a related change, Twitter introduced additional gold and gray checkmarks, used by Verified Organizations and government-affiliated accounts, respectively. Twitter claims that the changes to verification are required to "reduce fraudulent accounts and bots". Twitter users who had been verified through the previous system were known as "legacy verified" accounts; legacy verification was deprecated in April 2023, and stripped from accounts who do not meet the new payment requirements. Musk later implied that he had been personally paying for the X Premium subscriptions of several notable celebrities. == Until November 2022 == In June 2009, after being criticized by Kanye West and sued by Tony La Russa over unauthorized accounts run by impersonators, the company launched their "Verified Accounts" program. Twitter stated that an account with a "blue tick" verification badge indicates "we've been in contact with the person or entity the account is representing and verified that it is approved". After the beta period, the company stated in their FAQ that it "proactively verifies accounts on an ongoing basis to make it easier for users to find who they're looking for" and that they "do not accept requests for verification from the general public". Originally, Twitter took on the responsibility of reaching out to celebrities and other notable people to confirm their identities in order to establish a verified account. In July 2016, Twitter announced a public application process to grant verified status to an account "if it is determined to be of public interest" and that verification "does not imply an endorsement". In 2016, the company began accepting requests for verification, but it was discontinued the same year. Twitter explained that the volume of requests for verified accounts had exceeded its ability to cope; rather, Twitter determines on its own whom to approach about verified accounts, limiting verification to accounts which are "authentic, notable, and active". In November 2020, Twitter announced a relaunch of its verification system in 2021. According to the new policy, Twitter verifies six different types of accounts; for three of them (companies, brands, and influential individuals like activists), the existence of a Wikipedia page will be one criterion for showing that the account has "Off Twitter Notability". === Controversy === On June 21, 2014, actor William Shatner raised an issue with several Engadget editorial staff and their verification status on Twitter. Besides the site's social media editor, John Colucci, Shatner also targeted several junior members of the staff for being "nobodies", unlike some of his actor colleagues who did not bear such distinction. Shatner claimed Colucci and the team were bullying him when giving a text interview to Mashable. Over a month later, Shatner continued to discuss the issue on his Tumblr page, to which Engadget replied by defending its team and discussing the controversy surrounding the social media verification. Twitter's practice and process for verifying accounts came under scrutiny again in 2017 after the company verified the account of white supremacist and far-right political activist, Jason Kessler. Many who criticized Twitter's decision to verify Kessler's account saw this as a political act on the company's behalf. In response, Twitter put its verification process on hold. The company tweeted, "Verification was meant to authenticate identity & voice but it is interpreted as an endorsement or an indicator of importance. We recognize that we have created this confusion and need to resolve it. We have paused all general verifications while we work and will report back soon." As of November 2017, Twitter continued to deny verification of Julian Assange's account following his requests. In November 2019, Dalit activists of India alleged that higher-caste people get Twitter verification easily and trended hashtags #CancelAllBlueTicksInIndia and #CasteistTwitter. Critics have said that the company's verification process is not transparent and causes digital marginalisation of already marginalised communities. Twitter India rejected the allegations, calling them "impartial" and working on a "case-by-case" policy. == Since November 2022 == On April 20, 2023, Twitter (known as X since July 2023) began removing verification status for users of public interest, causing a controversy among Twitter users. The website's system was altered, allowing any individual to receive verification for a monthly fee, an act which saw significant criticism. Following the acquisition of Twitter by Elon Musk on October 28, 2022, Musk told Twitter employees to introduce paid verification by November 7 through Twitter Blue. The Verge reported that the updated Blue subscription would cost $19.99 per month, and users would lose their verification status if they did not join within 90 days. Following backlash, Musk tweeted, in response to author Stephen King, a lowered $8 price on November 1, 2022. Twitter confirmed the new price of $7.99 per month on November 5, 2022. The new verification system began rollout on November 9, 2022, a day after the 2022 United States elections. The decision to delay its rollout was to address concerns about users potentially spreading misinformation about voting results by posing as news outlets and lawmakers. At the same time, Twitter introduced a secondary gray "Official" label on some high-profile accounts, but removed them hours after launch. Less than 48 hours later, Twitter reinstated the gray "Official" label, after multiple users were suspended for deliberately impersonating reporters and high-profile athletes like LeBron James. A viral tweet from an account purporting to be the pharmaceutical company Eli Lilly and Company caused the company's stock to fall after announcing "insulin is free now". As a result, Twitter disabled new Blue subscriptions on November 11, 2022. === Announcement === In October 2022, Casey Newton of Platformer reported that executives at Twitter began discussing the possibility of users being forced to pay for Twitter Blue in order to keep their verification status. Musk publicly announced that verification was "being revamped right now" after Newton's article; according to The Verge, Twitter planned to increase the price of Twitter Blue from US$4.99 per month to US$19.99 per month. Users would have had 90 days to subscribe or face losing their verification status, and employees were told to implement paid verification by November 9 or risk getting fired. Upon the news that Twitter Blue would cost US$19.99 per month, author Stephen King expressed displeasure towards Twitter and stated that he would leave. Musk, replying to King's tweet, proposed that the service should cost US$7.99 instead. In a separate tweet, Musk wrote that Twitter Blue subscribers would receive priority in replies, mentions, and search, fewer advertisements, and longer audio and video. Although paid verification was expected to be launched by November 7, the reintroduction of Twitter Blue was delayed until after the 2022 United States elections on November 9, according to a memo obtained by The New York Times. The announcement of paid verification resulted in several accounts facetiously impersonating Musk, such as those of comedians Kathy Griffin and Sarah Silverman, being suspended. In response, Musk announced that impersonators using Twitter Blue "will be permanently suspended". An "official
CU-RTC-WEB
Customizable, Ubiquitous Real Time Communication over the Web is an API definition being drafted by Bernard Aboba at Microsoft. It is a competing standard to WebRTC, which drafted by a World Wide Web Consortium working group since May 2011. As of 2024, CU-RTC-WEB is still in the drafting phase, with ongoing discussions and contributions from various stakeholders in the tech community. Bernard Aboba, who serves as a co-chair of the W3C WebRTC Working Group, is actively involved in both CU-RTC-WEB and WebRTC, indicating a commitment to advancing real-time communication standards across platforms.
Style sheet (web development)
A web style sheet is a form of separation of content and presentation for web design in which the markup (i.e., HTML or XHTML) of a webpage contains the page's semantic content and structure, but does not define its visual layout (style). Instead, the style is defined in an external style sheet file using a style sheet language such as CSS or XSLT. This design approach is identified as a "separation" because it largely supersedes the antecedent methodology in which a page's markup defined both style and structure. The philosophy underlying this methodology is a specific case of separation of concerns. == Benefits == Separation of style and content has advantages, but has only become practical after improvements in popular web browsers' CSS implementations. === Speed === Overall, users experience of a site utilising style sheets will generally be quicker than sites that do not use the technology. ‘Overall’ as the first page will probably load more slowly – because the style sheet AND the content will need to be transferred. Subsequent pages will load faster because no style information will need to be downloaded – the CSS file will already be in the browser’s cache. === Maintainability === Holding all the presentation styles in one file can reduce the maintenance time and reduces the chance of error, thereby improving presentation consistency. For example, the font color associated with a type of text element may be specified — and therefore easily modified — throughout an entire website simply by changing one short string of characters in a single file. The alternative approach, using styles embedded in each individual page, would require a cumbersome, time consuming, and error-prone edit of every file. === Accessibility === Sites that use CSS with either XHTML or HTML are easier to tweak so that they appear similar in different browsers (Chrome, Internet Explorer, Mozilla Firefox, Opera, Safari, etc.). Sites using CSS "degrade gracefully" in browsers unable to display graphical content, such as Lynx, or those so very old that they cannot use CSS. Browsers ignore CSS that they do not understand, such as CSS 3 statements. This enables a wide variety of user agents to be able to access the content of a site even if they cannot render the style sheet or are not designed with graphical capability in mind. For example, a browser using a refreshable braille display for output could disregard layout information entirely, and the user would still have access to all page content. === Customization === If a page's layout information is stored externally, a user can decide to disable the layout information entirely, leaving the site's bare content still in a readable form. Site authors may also offer multiple style sheets, which can be used to completely change the appearance of the site without altering any of its content. Most modern web browsers also allow the user to define their own style sheet, which can include rules that override the author's layout rules. This allows users, for example, to bold every hyperlink on every page they visit. Browser extensions like Stylish and Stylus have been created to facilitate management of such user style sheets. === Consistency === Because the semantic file contains only the meanings an author intends to convey, the styling of the various elements of the document's content is very consistent. For example, headings, emphasized text, lists and mathematical expressions all receive consistently applied style properties from the external style sheet. Authors need not concern themselves with the style properties at the time of composition. These presentational details can be deferred until the moment of presentation. === Portability === The deferment of presentational details until the time of presentation means that a document can be easily re-purposed for an entirely different presentation medium with merely the application of a new style sheet already prepared for the new medium and consistent with elemental or structural vocabulary of the semantic document. A carefully authored document for a web page can easily be printed to a hard-bound volume complete with headers and footers, page numbers and a generated table of contents simply by applying a new style sheet.
AI warfare
AI warfare refers to the use of artificial intelligence technologies to automate military operation and enhance or bypass human decision-making in armed conflicts. AI is used to rapidly analyze large volumes of military intelligence data, including making recommendations or decisions on who and what to target. Abdul-Rahman al-Rawi, a 20-year-old student, was the first acknowledged civilian killed by AI-assisted airstrike in a U.S. strike in Iraq in 2024. In 2026, the U.S. declared it would become an 'AI-first' warfighting force. Husain et al (2018) coined the term hyperwar to refer to warfare which is algorithmic or controlled by artificial intelligence, with little to no human decision-making. == 2026 Iran war == The 2026 Iran war has been described as the "first AI war", although the Untied States and Israel have previously used AI to identify targets during the Gaza war. The U.S. has used AI tools to attack Iran. These tools have been used for military intelligence, targeting, and damage assessment in the war in Iran. Using the Maven smart system, the U.S. attacked 1,000 targets in the first 24 hours of the war and 5,000 targets over the course of 10 days. While the U.S. had used Maven in 2022 to share targeting information with Ukraine and strike against Iraq, Syria, and against the Houthis in 2024, Iran's attacks are its biggest. Authorities are looking into whether artificial intelligence was involved in the airstrike on an Iranian girls' school that killed 170 civilians, the majority of whom were female students. The United States Central Command emphasized that humans were making final targeting decisions. Per a White House tally released on April 8, the U.S. military hit over 13,000 targets in Iran during the war's first 38 days, including more than 2,000 command-and-control sites, 1,500 air defense targets, and 1,450 industrial infrastructure targets. == Gaza war == As part of the Gaza war, the Israel Defense Forces (IDF) have used artificial intelligence to rapidly and automatically perform much of the process of determining what to bomb. IDF's Unit 8200 developed AI systems, dubbed the Gospel and Lavender, to find targets for the Israeli Air Force to bomb. The Gospel automatically provides targeting recommendations to human analysts, who decide whether to approve strikes. Lavender identified 37,000 Hamas-linked individuals early in the war, and was used alongside the Gospel, which chooses buildings or structures as targets. According to a report by +972 Magazine and Local Call, strikes assisted by Lavender were routinely permitted to kill 5–20 civilians for each suspected Hamas militant, who were often bombed at home with their families. The IDF denies these claims, maintaining that every strike is assessed to minimize collateral damage, and that there is no policy "to kill tens of thousands of people in their homes." Israel deployed AI technologies during the Gaza war for audio analysis, facial recognition, and airstrike targeting. One such system was used to help identify the location of Hamas commander Ibrahim Biari through phone call analysis, leading to strikes that killed him as well as more than 125 civilians. == 2022 Russian Ukraine war == Kyiv launched a project with Palantir called Brave1 Dataroom to build AI systems using the extensive combat data Ukraine has gathered since Russia’s full-scale invasion in 2022. The country has also created tools for in-depth airstrike analysis, introduced AI to process large volumes of intelligence, and incorporated these technologies into the planning of long-range strike operations. == Involved companies == Maven Smart System is developed by Palantir. It integrates Anthropic's Claude as its large language model, and uses Amazon's AWS servers as its cloud infrastructure. Since Anthropic's refusal to support autonomous weapons development and domestic surveillance efforts. In its place, other AI firms, including OpenAI, have been brought in to take over that role. == Involved state actors == In 2024, the United States Department of Defense had 800-plus active AI-related projects and requested $1.8 billion in AI funding, with Project Maven and Project Artemis (AI-resistant drones developed together with Ukraine) being the main ones. The technology has been used in Iran, Iraq, Syria and Yemen to identify targets. China is pursuing intelligentized warfare, integrating AI across all combat domains—land, sea, air, space, and cyber—with military AI spending exceeding $1.6 billion annually. == International regulation == Since 2014, states meeting within the framework of the Convention on Certain Conventional Weapons have discussed lethal autonomous weapon systems. In 2016, the treaty's states parties established an open-ended Group of Governmental Experts on Lethal Autonomous Weapons Systems to continue those discussions. The discussions have addressed international humanitarian law, accountability, possible prohibitions and regulations, and the extent of human control required over AI-enabled weapons.
1tik
1tik, pronounced Antik (Arabic: أنتيك; lit. "Everything is going well") is a fully Algerian instant messaging, social media and mobile payment app. designed, developed and built locally by the Algerian start-up, INTAJ Digital, with backing from the state-owned company ATM Mobilis (who's the company's main sponsor). It is described as Algeria's first super-app that is entirely designed and built by local developers. == Etymology == The name "1tik" (Arabic: أنتيك) is drawn from the popular Algerian vernacular (Antik), the neologism, which appeared several years ago, means "everything is going well" or "it's all good". == History == 1tik was officially launched and announced the 20th December 2025 by INTAJ Digital's founder Youcef Toulaib and a team of 50 employees, making it the first ever Algerian instant messaging, social media and mobile payment app, rivaling with the growing influence of Yassir in Algeria. it grew in popularity after the presidency of Algeria and several other state-owned companies, medias, and ministries opened official accounts on the app.