KitKat was a bodega cat from the Mission District of San Francisco who was killed by a Waymo car on October 27, 2025. Locals built altars and the death has raised comments about the safety of self-driving cars. == Life == Mike Zeidan, the owner of Randa's Market, adopted KitKat as a stray to help keep rodents out of his store. KitKat lived in Randa's Market for six years and was well-loved by the neighborhood, including an appearance on a shop cats map that went viral in 2022 as a "particularly friendly cat". After KitKat arrived at the bodega, customers were said to come more often, and regularly brought the cat food and gifts. == Death == At around 11:40 pm on October 27, 2025, witnesses saw KitKat sitting in front of a stopped Waymo car for seven seconds. He walked under the car as the car pulled out, and the right rear tire ran over the back half of his body. A bartender who was taking a cigarette break used a sandwich board sign as a stretcher and took KitKat to an emergency animal clinic. An hour later, KitKat was pronounced dead. Waymo confirmed that the cat was killed by one of its vehicles on October 30. Surveillance footage of the incident was released in December. From Waymo's report to the National Highway Traffic Safety Administration (NHTSA): The Waymo AV was stopped next to the curb for a passenger pickup facing east on 16th Street. As the passengers were boarding the Waymo AV, a cat approached the Waymo AV from the southern sidewalk of 16th Street and sat in the roadway partially under the front right corner of the Waymo AV. A pedestrian approached the Waymo AV from the east on the southern sidewalk of 16th Street and began crouching near the front of the Waymo AV, stepping partially into the roadway, appearing to reach for the cat. As they did so, the cat moved farther from the sidewalk under the Waymo AV and the pedestrian stepped back onto the sidewalk. The Waymo AV then departed the pickup location and the rear right tire made contact with the cat. At the time of impact, the Waymo AV's Level 4 ADS was engaged in autonomous mode. Waymo later received notice that the cat did not survive. The passengers in the Waymo AV did not have seatbelts fastened at the time, having just boarded the Waymo AV. Prior to KitKat's death, the NHTSA had logged 14 collisions between Waymo cars and animals, of which 5 were confirmed fatalities. == Aftermath == After KitKat's death, an altar was created outside Randa's Market. People left flowers, candles, cat food, written notes, and Kit Kat candy bars in the cat's honor. A city worker took down the memorial for fire safety reasons, but neighbors built it again. Local supervisor Jackie Fielder held a rally called "Justice for KitKat" in support of a non-binding San Francisco resolution to shift decision-making about the operation of self-driving cars from the state to individual counties. Critics say that the resolution is performative because it is non-binding, that local control would make autonomous vehicle operation impractical, and that Waymo is still far less dangerous to animals than human drivers. Elon Musk commented that "many pets will be saved by autonomy". There are multiple meme coins inspired by KitKat.
Deep Learning Indaba
The Deep Learning Indaba is an annual conference and educational event that aims to strengthen machine learning and artificial intelligence (AI) capacity across Africa. Launched in 2017, it brings together students, researchers, industry practitioners, and policymakers from across the African continent. == History == The Deep Learning Indaba began in 2017 at the University of the Witwatersrand with over 300 participants from 23 African countries, offering tutorials in advanced AI topics and featuring notable speakers like Nando de Freitas. In 2018, it expanded to 650 delegates at Stellenbosch University, introducing parallel sessions to encourage collaboration. The 2019 edition in Nairobi, Kenya, reflected further growth, with increasing sponsorship and support from major tech companies like Google and Microsoft. === Deep Learning IndabaX ===
Social media and psychology
Social media began in the form of generalized online communities. These online communities formed on websites like Geocities.com in 1994, Theglobe.com in 1995, and Tripod.com in 1995. Many of these early communities focused on social interaction by bringing people together through the use of chat rooms. The chat rooms encouraged users to share personal information, ideas, or even personal web pages. Later the social networking community Classmates took a different approach by simply having people link to each other by using their personal email addresses. By the late 1990s, social networking websites began to develop more advanced features to help users find and manage friends. These newer generation of social networking websites began to flourish with the emergence of SixDegrees.com in 1997, Makeoutclub in 2000, Hub Culture in 2002, and Friendster in 2002. However, the first profitable mass social networking website was the South Korean service, Cyworld. Cyworld initially launched as a blog-based website in 1999 and social networking features were added to the website in 2001. Other social networking websites emerged like Myspace in 2002, LinkedIn in 2003, and Bebo in 2005. In 2009, the social networking website Facebook (launched in 2004) became the largest social networking website in the world. Both Instagram and Kik were launched in October 2010. Active users of Facebook increased from just a million in 2004 to over 750 million by the year 2011. Making internet-based social networking both a cultural and financial phenomenon. In September 2011, Snapchat was launched and reported over 300 million users in 2021. == Psychology of social networking == A social network is a social structure made up of individuals or organizations who communicate and interact with each other. Social networking sites – such as Facebook, Twitter, Instagram, Pinterest and LinkedIn – are defined as technology-enabled tools that assist users with creating and maintaining their relationships. A study found that middle schoolers reported using social media to see what their friends are doing, to post pictures, and to connect with friends. Human behavior related to social networking is influenced by major individual differences, meaning that people differ quite systematically in the quantity and quality of their social relationships. Two of the main personality traits that are responsible for this variability are the traits of extraversion and introversion. Extraversion refers to the tendency to be socially dominant, exert leadership, and influence on others. In contrast, introversion reflects a tendency towards shyness, social phobia, or even avoid social situations altogether, which could potentially reduce the number of social contacts a person may have. These individual differences may result in different social networking outcomes. Other psychology factors related to social media and Media psychology are depression, anxiety, attachment, self-identity, well-being, and the need to belong. === Neuroscience === The three domains that neural systems rely on to be strengthened to support social media use are social cognition, self-referential cognition, and social rewarding. When someone posts something on social media, they think of how their audience will react, while the audience thinks of the motivations behind posting the information. Both parties are analyzing the other's thoughts and feelings, which coherently rely on multiple network systems of the brain including the dorsomedial prefrontal cortex, bilateral temporoparietal junction, anterior temporal lobes, inferior frontal gyri, and posterior cingulate cortex. All of these systems work to help us process social behaviors and thoughts drawn out on social media. Social media requires a great deal of self-referential thought. People use social media as a platform to express their opinions and show off their past and present selves. In other words, as Bailey Parnell said in her Ted Talk, we're showing off our "highlight reel" (4). When one receives feedback from others, the individual obtains more reflected self-appraisal which leads to comparisons of their social behaviors or "highlights" to other users. Self-referential thought involves activity in the medial prefrontal cortex and the posterior cingulate cortex. The brain uses these systems when thinking of oneself. A 2021 umbrella review found that most associations between adolescent social media use and mental health were characterized as weak or inconsistent, though certain studies identified 'substantial' negative impacts, particularly linked to passive consumption and problematic use. Social media also provides a constant supply of rewards that keeps users coming back for more. Whenever users receive a like or a new follower, it activates the brain's social reward system which includes the ventromedial prefrontal cortex, ventral striatum, and ventral tegmental area. This system has been found to activate in response to positive feedback from peers, suggesting that users experience online acceptance in a similar manner to other material rewards or positive experiences, further acting as a potential reward. While these areas of the brain become strengthened, other parts of the brain start to weaken. Technology is encouraging multi-tasking, especially because of how easy it is to switch from one task to another by opening another tab or using two devices at once. The brain's hippocampus is mainly associated with long-term memory. In a study done by Russell Poldark, a professor at UCLA, they found that "for the task learned without distraction, the hippocampus was involved. However, for the task learned with the distraction of the beeps, the hippocampus was not involved; but the striatum was, which is the brain system that underlies our ability to learn new skills." The study concludes that multitasking can cause reliance on the striatum more than the hippocampus, which can change the way we learn. The striatum is known to be connected to mainly the brain's reward system. The brain will strengthen the neurons to the striatum while it weakens the neurons to the hippocampus to make the brain more efficient. Because our brain starts to rely on the striatum more than the hippocampus, it becomes harder for us to process new information. Nicholas Carr, author of The Shallows: How The Internet Is Changing Our Brains, agrees: "What psychologists and brain scientists tell us about interruptions is that they have a fairly profound effect on the way we think. It becomes much harder to sustain attention, to think about one thing for a long period of time, and to think deeply when new stimuli are pouring at you all day long. I argue that the price we pay for being constantly inundated with information is a loss of our ability to be contemplative and to engage in the kind of deep thinking that requires you to concentrate on one thing." === Well-Being === How does well-being relate to social media? In an article titled Social Impact of Psychological Research on Well-Being Shared in Social Media, Pulido et al. found a 15.7% social impact in their results. These new results were compared to a previous study conducted by Pulido et al., which had a high of 4.98% compared to 27.5% in the new study. These results show the ESISM, which is evidence of social impact present. In a two-year span, the difference between social impact rose 22.52% according to these studies. When taking into consideration that an increasingly large number of teens report either being active on, or having used, some form of social media, ranging from apps such as Facebook to TikTok, researching the effects of social media on the well-being of teens and young adults has become more of a topic of focus in recent years. === Depression === Especially in today's society, social media has gained a new perspective on younger generations. It is what younger generations are born into and are growing up to use, particularly what is running today's society. Social Media has its downfalls regarding depression and mental health. Many users often compare their lives regarding what they see on these platforms. In an article Does Social Media Cause Depression? by the Child Mind Institute, Miller states that "several studies, teenage and young adult users who spend the most time on Instagram, Facebook and other platforms for have shown to have substantially (from 13 to 66 percent) higher rates of reported depression than those who spent the least time", what the study shows how Facebook and Instagram, platforms showcasing daily lives and or lifestyles, or less fulfilling or less satisfied or more flaunting base or superficial. Instead of social community, there has become a perception of individuals striving for a life that is not real, whether that is editing photos or making life seem perfect when it is not. This causes a sense of depression by the weight of a comparing game. In "How Social Media Affects Y
Data exchange
Data exchange is the process of moving data from one information system to another. It often involves transforming data that is native to the source system into a form that is consumable by the target system or to a standardized form that is consumable by any compatible system. In particular, data exchange allows data to be shared between computer programs. Data exchange is similar to data integration except that data may be restructured with possible loss of content. There may be no way to transform a particular collection based on exchange constraints. Conversely, there may be multiple ways to transform the data, in which case one option must be identified in order to achieve compatibility between source and target. There are two main types of data exchange: broadcast and peer-to-peer (a.k.a. unicast). For broadcast, data is transmitted simultaneously to all consumers. Just as a conference call, all participants get the same information from the speaker at the same time. For peer-to-peer, data is sent to a single receiver, defined by a specific address. For example, a letter goes to just one mail box. == Single-domain == In some domains, a multiple source and target schema (proprietary data formats) may exist. An exchange or interchange format is often developed for a single domain, and then necessary routines (mappings) are written to (indirectly) transform/translate each and every source schema to each and every target schema by using the interchange format as an intermediate step. That requires less work than writing and debugging the many routines that would be required to directly translate each source schema directly to each target schema. Examples of these transformative interchange formats include: Standard Interchange Format for geospatial data; Data Interchange Format for spreadsheet data; Open Document Format for spreadsheets, charts, presentations and word processing documents; GPS eXchange Format or Keyhole Markup Language for describing GPS data; GDSII for integrated circuit layout. == Representation == A data exchange (a.k.a. interchange) language defines a domain-independent way to represent data. These languages have evolved from being markup and display-oriented to support the encoding of metadata that describes the structural attributes of the information. Practice has shown that certain types of formal languages are better suited for this task than others, since their specification is driven by a formal process instead of particular software implementation. For example, XML is a markup language that was designed to enable the creation of dialects (the definition of domain-specific sublanguages). However, it does not contain domain-specific dictionaries or fact types. Beneficial to a reliable data exchange is the availability of standard dictionaries-taxonomies and tools libraries such as parsers, schema validators, and transformation tools. === XML === The popularity of XML for data exchange on the World Wide Web has several reasons. First of all, it is closely related to the preexisting standards Standard Generalized Markup Language (SGML) and Hypertext Markup Language (HTML), and as such a parser written to support these two languages can be easily extended to support XML as well. For example, XHTML has been defined as a format that is formal XML, but understood correctly by most (if not all) HTML parsers. === YAML === YAML was designed to be human-readable and authored via a text editor with notion similar to reStructuredText and wiki syntax. YAML 1.2 also includes a shorthand notion that is compatible with JSON, and as such any JSON document is also valid YAML; this however does not hold the other way. === REBOL === REBOL was designed to be human-readable and authored via a text editor. It uses a simple free-form syntax with minimal punctuation and a rich set of data types (such as URL, email, date and time, tuple, string, tag) that respect common standards. It is designed to not need any additional meta-language, being designed in a metacircular fashion which is why the parse dialect used for definitions and transformations of REBOL dialects is also itself a dialect of REBOL. REBOL was used as a source of inspiration for JSON. === Gellish === Gellish English is a formalized subset of natural English (language), which includes a simple grammar and a large, extensible dictionary (taxonomy) that defines the general and domain specific terminology, whereas the concepts are arranged in a hierarchy, which supports inheritance of knowledge and requirements. The dictionary also includes standardized fact types. The terms and relation types together can be used to create and interpret expressions of facts, knowledge, requirements and other information. Gellish can be used in combination with SQL, RDF/XML, OWL and various other meta-languages. The Gellish standard is a combination of ISO 10303-221 (AP221) and ISO 15926. === List === The following describes and compares popular data exchange languages. Columns Schemas – Whether supports representing domain specific data structure definition Flexible – Whether supports extension of the semantic expression capabilities without modifying the schema Semantic verification – Whether supports semantic verification of the correctness of expressions in the language Dictionary – Whether includes a dictionary and a taxonomy (hierarchy) of concepts with inheritance Information model – Whether supports an information model Synonyms and homonyms – Whether supports the use of synonyms and homonyms in expressions Dialecting – Whether is available in multiple natural languages or dialects Web standard – Whether is standardized by a recognized body Transformations – Whether includes a translation to other standards Lightweight – Whether a lightweight version is available Human readable – Whether expressions are understandable without training Compatibility – Which other tools can be used or are required
G.9970
G.9970 (also known as G.hnta) is a Recommendation developed by ITU-T that describes the generic transport architecture for home networks and their interfaces to a provider's access network. G.9970 was developed by Study Group 15, Question 1. G.9970 received Consent on December 12, 2008 and was Approved on January 13, 2009. == Relationship with G.hn == G.9970 (G.hnta) and G.9960 (G.hn) are two ITU-T Recommendations that address home networking in a complementary manner. While G.9970 addresses layer 3 (network layer) of the home network architecture, G.9960 addresses layers 1 (physical layer) and 2 (data link layer).
Image fusion
The image fusion process is defined as gathering all the important information from multiple images, and their inclusion into fewer images, usually a single one. This single image is more informative and accurate than any single source image, and it consists of all the necessary information. The purpose of image fusion is not only to reduce the amount of data but also to construct images that are more appropriate and understandable for the human and machine perception. In computer vision, multisensor image fusion is the process of combining relevant information from two or more images into a single image. The resulting image will be more informative than any of the input images. In remote sensing applications, the increasing availability of space borne sensors gives a motivation for different image fusion algorithms. Several situations in image processing require high spatial and high spectral resolution in a single image. Most of the available equipment is not capable of providing such data convincingly. Image fusion techniques allow the integration of different information sources. The fused image can have complementary spatial and spectral resolution characteristics. However, the standard image fusion techniques can distort the spectral information of the multispectral data while merging. In satellite imaging, two types of images are available. The panchromatic image acquired by satellites is transmitted with the maximum resolution available and the multispectral data are transmitted with coarser resolution. This will usually be two or four times lower. At the receiver station, the panchromatic image is merged with the multispectral data to convey more information. Many methods exist to perform image fusion. The very basic one is the high-pass filtering technique. Later techniques are based on Discrete Wavelet Transform, uniform rational filter bank, and Laplacian pyramid. == Motivation == Multi sensor data fusion has become a discipline which demands more general formal solutions to a number of application cases. Several situations in image processing require both high spatial and high spectral information in a single image. This is important in remote sensing. However, the instruments are not capable of providing such information either by design or because of observational constraints. One possible solution for this is data fusion. == Methods == Image fusion methods can be broadly classified into two groups – spatial domain fusion and transform domain fusion. The fusion methods such as averaging, Brovey method, principal component analysis (PCA) and IHS based methods fall under spatial domain approaches. Another important spatial domain fusion method is the high-pass filtering based technique. Here the high frequency details are injected into upsampled version of MS images. The disadvantage of spatial domain approaches is that they produce spatial distortion in the fused image. Spectral distortion becomes a negative factor while we go for further processing, such as classification problem. Spatial distortion can be very well handled by frequency-domain approaches on image fusion. The multiresolution analysis has become a very useful tool for analysing remote sensing images. The discrete wavelet transform has become a very useful tool for fusion. Some other fusion methods are also there, such as Laplacian pyramid based, curvelet transform based etc. These methods show a better performance in spatial and spectral quality of the fused image compared to other spatial methods of fusion. The images used in image fusion should already be registered. Misregistration is a major source of error in image fusion. Some well-known image fusion methods are: High-pass filtering technique IHS transform based image fusion PCA-based image fusion Wavelet transform image fusion Pair-wise spatial frequency matching Comparative analysis of image fusion methods demonstrates that different metrics support different user needs, sensitive to different image fusion methods, and need to be tailored to the application. Categories of image fusion metrics are based on information theory features, structural similarity, or human perception. === Multi-focus image fusion === Multi-focus image fusion is used to collect useful and necessary information from input images with different focus depths in order to create an output image that ideally has all information from input images. In visual sensor network (VSN), sensors are cameras which record images and video sequences. In many applications of VSN, a camera can’t give a perfect illustration including all details of the scene. This is because of the limited depth of focus exists in the optical lens of cameras. Therefore, just the object located in the focal length of camera is focused and cleared and the other parts of image are blurred. VSN has an ability to capture images with different depth of focuses in the scene using several cameras. Due to the large amount of data generated by camera compared to other sensors such as pressure and temperature sensors and some limitation such as limited band width, energy consumption and processing time, it is essential to process the local input images to decrease the amount of transmission data. The aforementioned reasons emphasize the necessary of multi-focus images fusion. Multi-focus image fusion is a process which combines the input multi-focus images into a single image including all important information of the input images and it’s more accurate explanation of the scene than every single input image. == Applications == === In remote sensing === Image fusion in remote sensing has several application domains. An important domain is the multi-resolution image fusion (commonly referred to pan-sharpening). In satellite imagery we can have two types of images: Panchromatic images – An image collected in the broad visual wavelength range but rendered in black and white. Multispectral images – Images optically acquired in more than one spectral or wavelength interval. Each individual image is usually of the same physical area and scale but of a different spectral band. The SPOT PAN satellite provides high resolution (10m pixel) panchromatic data. While the LANDSAT TM satellite provides low resolution (30m pixel) multispectral images. Image fusion attempts to merge these images and produce a single high resolution multispectral image. The standard merging methods of image fusion are based on Red–Green–Blue (RGB) to Intensity–Hue–Saturation (IHS) transformation. The usual steps involved in satellite image fusion are as follows: Resize the low resolution multispectral images to the same size as the panchromatic image. Transform the R, G and B bands of the multispectral image into IHS components. Modify the panchromatic image with respect to the multispectral image. This is usually performed by histogram matching of the panchromatic image with Intensity component of the multispectral images as reference. Replace the intensity component by the panchromatic image and perform inverse transformation to obtain a high resolution multispectral image. Pan-sharpening can be done with Photoshop. Other applications of image fusion in remote sensing are available. === In medical imaging === Image fusion has become a common term used within medical diagnostics and treatment. The term is used when multiple images of a patient are registered and overlaid or merged to provide additional information. Fused images may be created from multiple images from the same imaging modality, or by combining information from multiple modalities, such as magnetic resonance image (MRI), computed tomography (CT), positron emission tomography (PET), and single-photon emission computed tomography (SPECT). In radiology and radiation oncology, these images serve different purposes. For example, CT images are used more often to ascertain differences in tissue density while MRI images are typically used to diagnose brain tumors. For accurate diagnosis, radiologists must integrate information from multiple image formats. Fused, anatomically consistent images are especially beneficial in diagnosing and treating cancer. With the advent of these new technologies, radiation oncologists can take full advantage of intensity modulated radiation therapy (IMRT). Being able to overlay diagnostic images into radiation planning images results in more accurate IMRT target tumor volumes.
Stegomalware
Stegomalware is a form of malicious software that leverages steganography techniques to conceal its code, configuration data, or command-and-control (C&C) communications within seemingly benign digital media such as images, audio files, videos, documents, or network traffic. It typically embeds encrypted or obfuscated payloads into digital media and only extracts and executes them at runtime, which makes traditional signature-based and sandbox-based detection significantly more difficult. Stegomalware has been observed in attacks ranging from advanced persistent threats (APTs) to financially motivated cybercrime, and is now the subject of dedicated academic surveys, research projects, and international law-enforcement initiatives. The key distinction between stegomalware and traditional obfuscated malware lies in the encoding location. After obfuscation, malicious code remains present within the executable and can theoretically be discovered through static analysis. In contrast, stegomalware hides the payload entirely within a cover medium (image, audio, etc.), remaining invisible until the malware dynamically extracts and executes it at runtime. == History == The term stegomalware was formally introduced by researchers Águila, Laskov, and others in the context of mobile malware and presented at the Inscrypt (Information Security and Cryptology) conference in 2014. This marked the first academic formalization of the concept, though earlier work had already identified that botnets and mobile malware could use steganography and covert channels for command-and-control communication over probabilistically unobservable channels. Since its introduction, stegomalware has evolved from a theoretical concern to a documented threat. In 2011, the APT operation known as "Operation Shady RAT" became one of the first documented cases of stegomalware in the wild, using digital images to hide Internet Protocol addresses and command-and-control server addresses. The same year, the Duqu malware (targeting industrial manufacturers) embedded victim data into JPEG image files before exfiltration, making the data transfer virtually undetectable to network-level security tools. From 2014 onwards, stegomalware became more prevalent in organized cybercrime and advanced persistent threat campaigns. Notable examples include Zeus/Zbot, which masked configuration data in images; Gatak/Stegoloader, which hid shellcode in PNG files; TeslaCrypt, which embedded C&C commands in JPEGs; and Cerber, which concealed ransomware payloads within images. By the 2010s, stegomalware had become established as a preferred evasion technique for espionage, financial theft, and ransomware distribution campaigns. Recent surveys (2020–2025) document that stegomalware has increasingly been exploited by adversaries targeting banks, enterprises, government agencies, educational institutions, and internet users via malvertising campaigns. The technique is now considered a sophisticated method of attack worthy of dedicated international law-enforcement attention. == Technical Characteristics and Definitions == Stegomalware operates through a three-component architecture: Stegotext (R): An innocent-looking digital asset (image, audio file, etc.) into which the malicious payload is embedded. Secret key (sk): A key used by the embedding and extraction algorithms, typically hardcoded into the malware. Payload (p): The actual malicious code, configuration data, or C&C commands hidden within the stegotext. The malware extracts the payload at runtime using the secret key and either executes it directly or uses it to download additional stages of the attack. Stegomalware can be classified into several types based on deployment method: Type 0 (Autonomous): Both the stegotext and extraction algorithm are embedded within the malware application itself. The malicious payload is extracted and executed locally without external communication. Type I (Update): The stegotext and secret key are downloaded from a remote server at runtime; only the extraction algorithm is included in the malware. This variant is more flexible, allowing attackers to push updated payloads. Type II (External Algorithm): Neither the stegotext nor the extraction algorithm are distributed with the malware; both are fetched from an attacker-controlled infrastructure, providing maximum flexibility and evasion. == Steganography techniques == === Spatial domain methods === Stegomalware predominantly uses steganographic methods designed for images, as images are the most common cover medium in the wild. The most basic spatial domain technique is Least Significant Bit (LSB) substitution, which replaces the least significant bits of pixel color values with payload bits. While simple and easy to implement, LSB is also relatively easy to detect through statistical analysis. More sophisticated spatial domain techniques include: HUGO (High Undetectable steGO) (2010): Minimizes detectable distortion by distributing the payload across multiple pixels, achieving embedding capacity with reduced statistical footprint. WOW (Wavelet Obtained Weights) (2012): Embeds data preferentially in textured regions of images where modifications are less perceptually noticeable. UNIWARD (Universal Wavelet Relative Distortion) (2014): Uses a universal distortion function applicable to multiple image formats, balancing payload capacity with undetectability. HILL (2014): Applies high-pass and low-pass filters to identify robust embedding regions. MiPOD (Minimizing the Power of Optimal Detector) (2016): Designed to minimize the power of theoretical optimal steganalysis detectors. === Transform domain methods === Transform domain techniques convert images into the frequency domain (e.g., using DCT or DWT) before embedding, allowing for more robust hiding in JPEG and other compressed formats: Embedding in DCT coefficients (used in JPEG compression) Embedding in DWT coefficients (used in lossless formats) Spread spectrum techniques, which distribute the payload across many frequency components Transform domain methods are generally more resistant to noise, compression, and image transformations than spatial methods. === Generative adversarial network (GAN) methods === Recent advances in machine learning have introduced GAN-based steganography, where a generative model produces stego images that minimize detectable artifacts: SGAN (Steganographic GAN) (2017): First GAN applied to steganography, using a generator, discriminator, and steganalysis network. ASDL-GAN (2017): Performs automatic steganographic distortion learning at the pixel level. SteganoGAN (2019): Improves upon earlier GAN models, achieving higher embedding capacity and robustness. HiGAN (Hiding Images GAN) (2020): Enables hiding one image within another while maintaining visual plausibility. GAN-based approaches are more resilient to standard steganalysis attacks but remain an emerging threat requiring further research. == Notable malware campaigns == Stegomalware has been documented in numerous high-profile cyber attacks and campaigns. Notable examples include: Operation Shady RAT (2011): Used digital images to hide command-and-control server addresses in targeted espionage. Duqu (2011): Embedded victim data into JPEG files to exfiltrate industrial control system information. Zeus/Zbot (2014): Masked banking configuration data inside JPEG files exploited via malvertising. Gatak/Stegoloader (2015): Hid shellcode in PNG files for software licensing attacks and bot command execution. TeslaCrypt (2015): Embedded C&C commands and ransomware keys in JPEG images. Cerber (2016): Concealed executable ransomware code in JPEG files distributed via phishing. DNSChanger (2016): Embedded malicious code in PNG files for DNS hijacking campaigns. Sundown Exploit Kit (2017): Distributed exploit code in PNG files via malvertising. AdGholas (2017): Used JPEG steganography to distribute ransomware via malvertising. Synccrypt (2017): Hidden ransomware components in JPEG-steganographic encrypted archives. ZeroT/PlugX (2017): Hid Remote Access Trojan payloads in BMP files for espionage. Loki Bot (2018): Concealed malware installers in JPEG and video files. Waterbug (APT28) (2019): Injected malicious DLLs into WAV audio files. Shlayer (macOS adware) (2019): Hid malicious URLs in JPEG files via malvertising. === Attack vectors === The most common attack vectors for stegomalware include: Phishing emails with malicious attachments or links Malvertising campaigns using malicious banner advertisements Exploit kits through compromised or malicious websites Legitimate application vulnerabilities (e.g., watering-hole attacks) Fake software distribution (cracked software, keygen tools) === Exploitation stages === Stegomalware typically serves one or more roles in attack lifecycles: Payload delivery: Stego images contain full executable code or shellcode. C&C communication: Hidden data contains server addresses or command instructio