Beginning right now, the Apple Pencil Professional is offered in Apple’s on-line refurbished retailer within the U.S. and Canada, for the primary time because the accent launched in Could 2024.
Within the U.S., the refurbished Apple Pencil Professional is offered for $109, down from $129 model new. That could be a roughly 15% low cost, which is typical for Apple’s refurbished merchandise.
On the time of penning this, Amazon is promoting the Apple Pencil Professional model new for $110.87 within the U.S., so the refurbished choice isn’t an amazing alternative proper now, since you might get a brand new one for simply $1.87 extra. Then again, Apple’s refurbished merchandise are typically in like-new situation, so the refurbished one does supply a tiny little bit of financial savings.
Apple says all of its refurbished merchandise bear “full performance testing,” and any faulty modules recognized in testing are changed. All the refurbished merchandise are additionally put by means of a “thorough cleansing course of and inspection,” earlier than being repackaged.
Key options of the Apple Pencil Professional embody the power to squeeze the accent to carry up a device palette, a gyroscope that enables customers to roll the Apple Pencil Professional for exact management of formed pen and brush instruments, haptic suggestions for sure actions, and Discover My assist. It’s appropriate with iPad Professional fashions with the M4 chip, iPad Air fashions with the M2 chip or newer, and the iPad mini with the A17 Professional chip.
Notice: MacRumors is an affiliate associate with Amazon. If you click on a hyperlink and make a purchase order, we might obtain a small cost, which helps us maintain the positioning working.
Apple’s iPhone 17 Professional and iPhone 17 Professional Max fashions will characteristic quite a lot of important show, thermal, and battery enhancements, in line with new late-stage rumors.
Based on the Weibo leaker often called “On the spot Digital,” the iPhone 17 Professional fashions will characteristic shows with greater brightness, making it extra appropriate to be used in direct daylight for extended durations. The iPhone 16 Professional and…
Only one week earlier than Apple is predicted to unveil the iPhone 17 sequence, an analyst has shared new worth estimates for the units.
Listed below are J.P. Morgan analyst Samik Chatterjee’s worth estimates for the iPhone 17 sequence in the USA, in line with 9to5Mac:
Mannequin
Beginning Value
Mannequin
Beginning Value
Change
iPhone 16
$799
iPhone 17
…
Apple is predicted to unveil the iPhone 17 sequence on Tuesday, September 9, and last-minute rumors concerning the units proceed to floor.
The newest information comes from a leaker often called Majin Bu, who has shared alleged photos of Apple’s Clear Case for the iPhone 17 Professional and Professional Max, or a minimum of replicas.
Picture Credit score: @MajinBuOfficial
The pictures present three alleged modifications in comparison with Apple’s iP…
Apple will launch its new iPhone 17 sequence this month, and the iPhone 17 Professional fashions are anticipated to get a brand new design for the rear casing and the digital camera space. However extra important modifications to the lineup aren’t anticipated till subsequent yr, when the iPhone 18 fashions arrive.
When you’re considering of buying and selling in your iPhone for this yr’s newest, contemplate the next options rumored to be coming to…
An iPhone 17 announcement is a lifeless cert for September 2025 – Apple has already despatched out invitations for an “Awe dropping” occasion on Tuesday, September 9 on the Apple Park campus in Cupertino, California. The timing follows Apple’s development of introducing new iPhone fashions yearly within the fall.
On the occasion, Apple is predicted to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17…
We’re solely days away from Apple’s “Awe dropping” fall occasion scheduled to happen on Tuesday, September 9 – and together with the brand new iPhone 17 sequence, we’ll get a brand new model of the Apple Watch Extremely for the primary time since 2023.
By the point the Extremely 3 is unveiled, it is going to have been two years because the earlier mannequin arrived. The intervening interval has left loads of room for…
One in all these three gadgets has simply been leaked within the full-frontal picture you may see beneath. The supply, the prolific Chinese language leakster who goes by Ice Universe, hasn’t but disclosed which of the three it’s, nevertheless it’s positively one in every of them since that wallpaper is a part of Xiaomi’s HyperOS 3, which the entire Xiaomi 16 collection ought to launch operating.
The telephone can be claimed to have the narrowest symmetrical bezels and essentially the most curved display corners within the historical past of cell phones. It’s thus going to have corners which are extra rounded than even the iPhone 17 Professional‘s.
These are very daring claims certainly, and it does definitely look the half. For those who’re confused about Xiaomi’s reshuffling of its flagship line, the 16 and 16 Professional are mainly the identical (smaller) measurement, with the latter having higher-end specs, whereas the Professional Max is only a greater model of the Professional. We have seen this earlier than, after all, from each Google and Apple, and even vivo, and now Xiaomi desires among the ‘smaller-screen telephone however with high specs’ motion too.
Video Friday is your weekly collection of superior robotics movies, collected by your folks at IEEE Spectrum robotics. We additionally publish a weekly calendar of upcoming robotics occasions for the following few months. Please ship us your occasions for inclusion.
Humanoid robots have just lately achieved spectacular progress in locomotion and whole-body management, but they continue to be constrained in duties that demand speedy interplay with dynamic environments by way of manipulation. Desk tennis exemplifies such a problem: with ball speeds exceeding 5 m/s, gamers should understand, predict, and act inside sub-second response instances, requiring each agility and precision. To handle this, we current a hierarchical framework for humanoid desk tennis that integrates a model-based planner for ball trajectory prediction and racket goal planning with a reinforcement studying–primarily based whole-body controller.
Regardless of their promise, at this time’s biohybrid robots usually underperform their totally artificial counterparts and their potential as predicted from a reductionist evaluation of constituents. Many methods characterize attractive proofs of idea with restricted sensible applicability. Most stay confined to managed laboratory settings and lack feasibility in complicated real-world environments. Creating biohybrid robots is at present a painstaking, bespoke course of, and the ensuing methods are routinely inadequately characterised. Complicated, intertwined relationships between element, interface, and system efficiency are poorly understood, and methodologies to information knowledgeable design of biohybrid methods are missing. The HyBRIDS ARC alternative seeks concepts to deal with the query: How can artificial and organic parts be built-in to allow biohybrid platforms that outperform conventional robotic methods?
Robotic methods will play a key position in future lunar missions, and an excessive amount of analysis is at present being performed on this space. One such undertaking is SAMLER-KI (Semi-Autonomous Micro Rover for Lunar Exploration Utilizing Synthetic Intelligence), a collaboration between the German Analysis Middle for Synthetic Intelligence (DFKI) and the College of Utilized Sciences Aachen (FH Aachen), Germany. The undertaking focuses on the conceptual design of a semi-autonomous micro rover that’s able to surviving lunar nights whereas remaining inside the dimension class of a micro rover. Throughout growth, circumstances on the Moon corresponding to mud publicity, radiation, and the vacuum of area are taken under consideration, together with the 14-Earth-day period of a lunar evening.
ARMstrong Dex is a human-scale dual-arm hydraulic robotic developed by the Korea Atomic Power Analysis Institute (KAERI) for catastrophe response purposes. It’s able to lifting its personal physique by way of vertical pull-ups and manipulating objects over 50 kg, demonstrating power past human capabilities. On this check, ARMstrong Dex used a handheld noticed to chop by way of a thick 40×90 mm wooden beam. Sawing is a bodily demanding job involving repetitive pressure utility, fantastic trajectory management, and real-time coordination.
CMU researchers are creating new know-how to allow robots to bodily work together with people who find themselves not capable of take care of themselves. These breakthroughs are being deployed in the true world, making it attainable for people with neurological illnesses, stroke, a number of sclerosis, ALS and dementia to have the ability to eat, clear and dress totally on their very own.
Caracol’s additive manufacturing platforms use KUKA robotic arms to provide large-scale industrial elements with precision and suppleness. This video outlines how Caracol integrates multi-axis robotics, modular extruders, and proprietary software program to help manufacturing in sectors like aerospace, marine, automotive, and structure.
On June 6, 1990, following the conclusion of Voyager’s planetary explorations, mission representatives held a information convention at NASA’s Jet Propulsion Laboratory in Southern California to summarize key findings and reply questions from the media. Within the briefing, Voyager’s longtime undertaking scientist Ed Stone, together with famend science communicator Carl Sagan, additionally revealed the mission’s “Photo voltaic System Household Portrait,” a mosaic comprising photographs of six of the photo voltaic system’s eight planets. Carl Sagan was a member of the Voyager imaging group and instrumental in capturing these photographs and bringing them to the general public.
Carl Sagan, man. Carl Sagan. Blue Dot unveil was proper round 57:00, should you missed it.
ESET researchers have recognized a brand new risk actor, whom we’ve named GhostRedirector, that compromised at the very least 65 Home windows servers primarily in Brazil, Thailand, and Vietnam. GhostRedirector used two beforehand undocumented, customized instruments: a passive C++ backdoor that we named Rungan, and a malicious Web Info Companies (IIS) module that we named Gamshen.
Whereas Rungan has the aptitude of executing instructions on a compromised server, the aim of Gamshen is to offer website positioning fraud as-a-service, i.e., to govern search engine outcomes, boosting the web page rating of a configured goal web site. Although Gamshen solely modifies the response when the request comes from Googlebot – i.e., it doesn’t serve malicious content material or in any other case have an effect on common guests of the web sites – participation within the website positioning fraud scheme can damage the compromised host web site popularity by associating it with shady website positioning methods and the boosted web sites.
Apparently, Gamshen is applied as a local IIS module – IIS (Web Info Companies) is Microsoft’s Home windows net server software program, which has a modular structure supporting two forms of extensions: native (C++ DLL) and managed (.NET meeting). There are various kinds of malware that may abuse this know-how; our 2021 white paper Anatomy of native IIS malware offers a deep perception into the forms of native IIS threats and their structure. Gamshen falls underneath the class of a trojan with the principle purpose of facilitating website positioning fraud, much like IISerpent, which we documented beforehand.
Moreover Rungan and Gamshen, GhostRedirector additionally makes use of a collection of different customized instruments, in addition to the publicly identified exploits EfsPotato and BadPotato, to create a privileged consumer on the server that can be utilized to obtain and execute different malicious parts with larger privileges, or used as a fallback in case the Rungan backdoor or different malicious instruments are faraway from the compromised server. We consider with medium confidence {that a} China-aligned risk actor was behind these assaults. On this blogpost we offer perception into the GhostRedirector arsenal used to compromise its victims.
Key factors of this blogpost:
We noticed at the very least 65 Home windows servers compromised in June 2025.
Victims are primarily positioned in Brazil, Thailand, and Vietnam.
Victims aren’t associated to at least one particular sector however to a spread reminiscent of insurance coverage, healthcare, retail, transportation, know-how, and training.
GhostRedirector has developed a brand new C++ backdoor, Rungan, able to executing instructions on the sufferer’s server.
GhostRedirector has developed a malicious native IIS module, Gamshen, that may carry out website positioning fraud; we consider its objective is to artificially promote numerous playing web sites.
GhostRedirector depends on public exploits reminiscent of BadPotato or EfsPotato for privilege escalation on compromised servers.
Based mostly on numerous components, we conclude with medium confidence {that a} beforehand unknown, China-aligned risk actor was behind these assaults. We have now named it GhostRedirector.
Attribution
We haven’t been capable of attribute this assault to any identified group; thus we coined the brand new identify GhostRedirector, to cluster all actions documented on this blogpost. These actions began in December of 2024, however we had been capable of uncover different associated samples that lead us consider that GhostRedirector has been energetic since at the very least August 2024.
GhostRedirector has an arsenal that features the passive C++ backdoor Rungan, the malicious IIS trojan Gamshen, and a wide range of different utilities. We have now clustered these instruments collectively by:
their presence on the identical compromised server throughout the identical timeframe,
a shared staging server, and
similarities within the PDB paths of varied GhostRedirector instruments, as defined beneath.
We consider with medium confidence that GhostRedirector is a China-aligned risk actor, based mostly on the next components:
a number of samples of GhostRedirector instruments have hardcoded Chinese language strings,
a code-signing certificates issued to a Chinese language firm was used within the assault, and
one of many passwords for GhostRedirector-created customers on the compromised server comprises the phrase huang, which is Chinese language for yellow.
GhostRedirector isn’t the primary identified case of a China-aligned risk actor partaking in website positioning fraud through malicious IIS modules. Final yr, Cisco Talos printed a blogpost a couple of China-aligned risk actor known as DragonRank that conducts website positioning fraud. There’s some overlap within the sufferer geolocation (Thailand, India, and the Netherlands) and sectors (healthcare, transportation, and IT) in each assaults. Nonetheless, it’s doubtless that these had been opportunistic assaults, exploiting as many weak servers as attainable, moderately than concentrating on a selected set of entities. Moreover these similarities, we don’t have any purpose to consider that DragonRank and GhostRedirector are linked, so we observe these actions individually.
Victimology
Determine 1 exhibits a heatmap of the affected nations, combining knowledge from two sources:
ESET telemetry, the place we detected these assaults between December 2024 and April 2025, and
our internet-wide scan from June 2025 that we ran to get a greater understanding of the dimensions of the assault, and that allowed us to establish further victims.
We notified all of the victims that we recognized by way of our web scan in regards to the compromise.
Determine 1. International locations the place victims had been detected
With all of the collected data, we discovered that at the very least 65 Home windows servers had been compromised worldwide. Many of the affected servers are in Brazil, Peru, Thailand, Vietnam, and the USA. Word that a lot of the compromised servers positioned within the USA seem to have been rented to corporations which are based mostly in nations from the earlier listing. We consider that GhostRedirector was extra considering concentrating on victims in South America and South Asia.
Additionally, we noticed a small variety of instances in:
Canada,
Finland,
India,
the Netherlands,
the Philippines, and
Singapore.
GhostRedirector doesn’t appear to be considering a selected vertical or sector; we’ve seen victims in sectors reminiscent of training, healthcare, insurance coverage, transportation, know-how, and retail.
Preliminary entry
Based mostly on ESET telemetry, we consider that GhostRedirector beneficial properties preliminary entry to its victims by exploiting a vulnerability, most likely an SQL Injection. Then it makes use of PowerShell to obtain numerous malicious instruments – all from the identical staging server, 868id[.]com. In some instances, we’ve seen the attackers leveraging a distinct LOLBin, CertUtil, for a similar objective.
This conjecture is supported by our commentary that the majority unauthorized PowerShell executions originated from the binary sqlserver.exe, which holds a saved process xp_cmdshell that can be utilized to execute instructions on a machine.
The next are examples of instructions that we detected being executed on the compromised servers:
We additionally encountered that GhostRedirector put in GoToHTTP on the compromised net server, after downloading it from the identical staging server. GoToHTTP is a benign software that enables establishing a distant connection that may be accessed from a browser.
GhostRedirector used the listing C:ProgramData to put in its malware, significantly for the C++ backdoor and the IIS trojan they use the listing C:ProgramDataMicrosoftDRMlog.
Assault overview
An summary of the assault is proven in Determine 2. Attackers compromise a Home windows server, obtain and execute numerous malicious instruments: a privilege escalation software, malware that drops a number of webshells, the passive C++ backdoor Rungan, or the IIS trojan Gamshen. The aim of the privilege escalation instruments is to create a privileged consumer within the Directors group, so GhostRedirector can then leverage this account to execute privileged operations, or as a fallback in case the group loses entry to the compromised server.
As a part of its arsenal, GhostRedirector created a number of instruments that leverage the native privilege escalation (LPE) tactic, doubtless based mostly on public EfsPotato and BadPotato exploits. Nearly all the analyzed samples had been obfuscated with .NET Reactor, with a number of layers of obfuscation. A number of the samples had been validly signed with a code-signing certificates issued by TrustAsia RSA Code Signing CA G3, to 深圳市迪元素科技有限公司 (Shenzhen Diyuan Know-how Co., Ltd.), and with a thumbprint of BE2AC4A5156DBD9FFA7A9F053F8FA4AF5885BE3C.
The principle purpose of those samples was to create or modify a consumer account on the compromised server and add it to the Directors group.
Throughout our evaluation, we extracted from the analyzed samples the next usernames that had been used within the creation of those malicious administrator customers.
MysqlServiceEx
MysqlServiceEx2
Admin
Determine 3 exhibits the decompiled code utilized by these samples to create a consumer after profitable LPE exploitation. The password has been redacted for safety functions.
Determine 3. Portion of decompiled code that creates a brand new consumer on a sufferer server
As seen in Determine 3, these privilege escalation instruments use a customized C# class named CUserHelper. This class is applied in a DLL named Frequent.International.DLL (SHA-1: 049C343A9DAAF3A93756562ED73375082192F5A8), which we named Comdai and that was embedded within the analyzed samples. We consider that Comdai was created by the identical builders as the remainder of the GhostRedirector arsenal, based mostly on the shared sample of their respective PDB paths – see the repeated x5 substring as proven in Desk 1, which is shared between Rungan, Gamshen, and the privilege escalation instruments.
Desk 1. PDB strings collected from GhostRedirector instruments
Desk 2 offers an outline of the essential courses applied in Comdai which are utilized by GhostRedirector’s numerous privilege escalation instruments, together with the outline of the category habits. Word the ExeHelper class, which offers a operate to execute a file named hyperlink.exe – GhostRedirector used the identical filename to deploy the GoToHTTP software.
Additionally be aware the backdoor-like capabilities, together with community communication, file execution, listing itemizing, and manipulating companies and Home windows registry keys. Whereas we haven’t noticed these strategies being utilized by any identified GhostRedirector parts, this exhibits that Comdai is a flexible software that may assist numerous phases of the assault.
Desk 2. Courses applied in Comdai
C# class
Description
AES
Encrypts/Decrypts AES in ECB mode. Key: 030201090405060708091011121315
CUserHelper
Lists customers on a compromised server. Creates a consumer with specified credentials and provides it into a bunch identify additionally specified by an argument; by default it makes use of the Directors group.
ExeHelper
Used to execute a binary named hyperlink.exe. This identify was utilized by the attackers for the GoToHTTP binary.
HttpHelper
Can carry out by way of completely different strategies, GET and POST requests, with an unknown objective, to a hardcoded URL – https://www.cs01[.]store.
MsgData
Accommodates solely attributes, utilized by the category NodejsTX to deserialize a JSON object.
MyDll
Invokes strategies from an unknown DLL named MyDLL.dll.
NodejsTX
Gives a technique to speak with one other malicious part through pipes; the pipe is known as salamander_pipe, which might obtain parameters to create a specified consumer who’s then added to the directors group. This consumer creation is achieved by invoking a technique from the CUserHelper class.
RegeditHelper
Accommodates a technique for studying the worth of a specified home windows registry key.
ScanfDirectory
Accommodates strategies for itemizing the contents of a specified listing.
ServiceHelper
Accommodates strategies to restart a specified service.
SystemHelper
Accommodates strategies to execute a binary or execute instructions through ProcessStartInfo class. The binary or instructions are offered to ProcessStartInfo as arguments.
UserStruct
Accommodates solely attributes, username – string Teams – listing Attributes are utilized by class CUserHelper for itemizing customers.
Some exceptions to the rule
We found a pattern (SHA-1: 21E877AB2430B72E3DB12881D878F78E0989BB7F) utilizing the identical certificates, uploaded to VirusTotal in August 2024, which we consider is expounded to GhostRedirector’s arsenal, though we didn’t see it used throughout this marketing campaign. This assumption relies on the habits of the pattern, which tries to open a textual content file and ship its contents to a hardcoded URL. For this, the pattern comprises an embedded Comdai DLL and it invokes the Comdai C# class HttpHelper, which has a hardcoded URL that’s https://www.cs01[.]store – the identical area talked about in Desk 2.
We additionally found some privilege escalation instruments that differ slightly from the habits talked about beforehand.
For instance, in a single case (SHA-1: 5A01981D3F31AF47614E51E6C216BED70D921D60), as a substitute of making a brand new consumer, it modifications the password of an present consumer Visitor for one hardcoded within the malware after which, utilizing the RID hijacking method, it makes an attempt so as to add this consumer to the administrator teams.
In one other case (SHA-1: 9DD282184DDFA796204C1D90A46CAA117F46C8E1), the software not solely creates a brand new administrator consumer but additionally installs a number of webshells on a selected path within the sufferer’s servers, offered manually by GhostRedirector as an argument to the software.
These webshells are embedded within the assets of the pattern in cleartext, and the names are hardcoded; the names we noticed used are:
C1.php
Cmd.aspx
Error.aspx
K32.asxp
K64.aspx
LandGrey.asp
Zunput, an internet site data collector plus webshell dropper
One other attention-grabbing software utilized by GhostRedirector had the filename SitePuts.exe. This pattern (SHA‑1: EE22BA5453ED577F8664CA390EB311D067E47786), which we named Zunput, can be developed with the .NET Framework and signed with the certificates talked about above; it reads the IIS configuration system on the lookout for configured web sites and obtains the next details about them:
bodily path on the server,
identify, and
for every web site, the next attributes:
○ protocol
○ IP handle, and
○ hostname
As soon as the data is collected, Zunput checks for the existence of the bodily path on the server, and in addition verifies that the listing comprises at the very least one file with the .php, .aspx, or .asp extension. This fashion, Zunput solely targets energetic web sites able to executing dynamic content material – solely in these directories does it then drop the embedded webshells. Webshells are embedded within the assets of the pattern and for the dates of every webshell (creation, modified, accessed), the malware makes use of the date of an present file from the listing.
Webshells are written in ASP, PHP, and JavaScript, and the names used are chosen randomly from the next listing:
Xml
Ajax
Sync
Loadapi
Loadhelp
Code
Jsload
Loadcss
Loadjs
Pop3
Imap
Api
Extensions used for the webshells:
Info collected throughout Zunput execution is saved in a file named log.txt (see an instance in Determine 4) within the listing from which it was executed. This data isn’t exfiltrated mechanically by Zunput, however it may be obtained by the attackers by way of a number of strategies; one may be through the deployed webshell talked about earlier than.
Determine 4. Instance of saved content material of log.txt the place 分割线 machine interprets to Dividing line
The ultimate payloads
Rungan, a passive C++ backdoor
Rungan (SHA-1: 28140A5A29EBA098BC6215DDAC8E56EACBB29B69) is a passive C/C++ backdoor that we’ve seen put in in C:ProgramDataMicrosoftDRMlogminiscreen.dll.
This backdoor makes use of AES in CBC mode for string decryption. 030201090405060708090A0B0C0D0E0F is used for the IV and key, and based mostly on the malware’s PDB path F:x5AvoidRandomKill-mainx64ReleaseIISAgentDLL.pdb, we consider that GhostRedirector reuses the AES implementation from the AvoidRandomKill repository.
The principle performance of this backdoor is to register a plaintext hardcoded URL http://+:80/v1.0/8888/sys.html into the compromised server, bypassing IIS by abusing the HTTP Server API. Then the backdoor waits for a request that matches that URL, then parses and executes the obtained instructions on the compromised server.
Further URLs may be set in an optionally available configuration file named C:WindowsMicrosoft.NETFramework64v2.0.507271033vbskui.dll. Rungan will hearken to all incoming requests matching the configured patterns, and the configuration may be up to date through a backdoor command. To activate the backdoor, any incoming HTTP request should comprise a selected mixture of parameters and values, that are hardcoded in Rungan.
As soon as this test is met, Rungan makes use of the parameter motion to find out the backdoor command, and makes use of the information within the HTTP request physique because the command parameters. No encryption or encoding is used within the C&C protocol. Probably the most notable capabilities are creating a brand new consumer or executing instructions on the sufferer’s server; a full listing of backdoor instructions is proven in Desk 3.
Desk 3.Rungan backdoors instructions
Parameter
Physique
Description
Response
mkuser
consumer=&pwd=&groupname=
Creates the required consumer on the compromised server utilizing the NetUserAdd Home windows API.
Standing code of the operation.
listfolder
path=
This appears to be like unfinished: it collects data from chosen path however doesn’t exfiltrate it.
N/A
addurl
url=|
Registers URLs the backdoor will hear on. Could be multiple separated with |. The URL can be added to the configuration file.
If a URL fails to register, the response can be Failed: , in any other case All Okay.
cmd
cmdpath=&mingl=
Executes a command on the sufferer’s server utilizing pipes and the CreatePorcessA API.
Command output.
Determine 5 and Determine 6 present completely different examples of requests made to the malware throughout a dynamic evaluation utilizing the software postman in a simulated setting.
Determine 5. Executing instructions on a testing serverDetermine 6. Including a consumer by way of the malware on a testing server
Gamshen, malicious IIS module
Developed as a C/C++ DLL, Gamshen is a malicious native IIS module. The principle performance of this malware is to intercept requests made to the compromised server from the Googlebot search engine crawler and solely in that case modify the professional response of the server. The response is modified based mostly on knowledge requested dynamically from Gamshen’s C&C server. By doing this, GhostRedirector makes an attempt to govern the Google search rating of a selected, third-party web site, by utilizing manipulative, shady website positioning methods reminiscent of creating synthetic backlinks from the professional, compromised web site to the goal web site. We beforehand documented a case of an IIS trojan utilizing related ways: see IISerpent: Malware-driven website positioning fraud as a service.
It is essential to say {that a} common consumer who visits the affected web site wouldn’t see any modifications and wouldn’t be affected by the malicious habits as a result of Gamshen doesn’t set off any of its malicious exercise on requests from common guests.
Determine 7 exhibits how a malicious module taking part within the IIS website positioning fraud scheme modifies the professional response of a compromised server when a request is comprised of the Google Crawler, aka Googlebot.
Determine 7. Overview of an website positioning fraud scheme
As a way to do that, the attackers have applied their very own malicious code for the next IIS occasion handlers:
OnBeginRequest
OnPreExecuteRequestHandler
OnPostExecuteRequestHandler
OnSendResponse
When the compromised server receives an HTTP request, the request goes by way of the IIS request processing pipeline, which triggers these handlers in numerous steps of the method – notably, the OnSendResponse handler is triggered simply earlier than the HTTP response is distributed out by the compromised server. Since Gamshen is put in as an IIS module, it mechanically intercepts every incoming HTTP request at these steps, and performs three actions.
First, it performs a collection of validations to filter solely HTTP requests of curiosity:
The request should originate from a Google crawler: both the Person-Agent header comprises the string Googlebot, or the Referer comprises the string google.com.
The HTTP technique should not be POST.
The requested useful resource isn’t a picture, stylesheet, or related static useful resource, i.e., it doesn’t have any of the next extensions: .jpg, .resx, .png, .jpeg, .bmp, .gif, .ico, .css, or .js. That is prone to keep away from breaking UI performance.
The URL should comprise the string android_ or match any of the next common expressions:
Second, Gamshen modifies the response supposed for the search engine crawler with knowledge obtained from its personal C&C server, brproxy.868id[.]com. We have now noticed three URLs getting used for this objective:
https://brproxy.868id[.]com/index_base64.php?
https://brproxy.868id[.]com/tz_base64.php?
https://brproxy.868id[.]com/url/index_base64.php
In all instances, the next hardcoded Person-Agent string is used: Mozilla/5.0 (appropriate; Googlebot/2.1; +http://www.google.com/bot.html). A base64-encoded response is predicted, which is then decoded and injected into the HTTP response supposed for the search engine crawler.
Lastly, on the final step of the request processing pipeline, simply earlier than the HTTP response is distributed out – the OnSendResponse occasion handler verifies the response for these crawler requests. If the response has the 404 HTTP standing code – i.e., Gamshen had not been capable of get hold of the malicious knowledge from its C&C server, then it as a substitute performs a redirect to a distinct C&C server: http://gobr.868id[.]com/tz.php.
We weren’t capable of get hold of a response from brproxy.868id[.]com or gobr.868id[.]com, however consider the information helps shady website positioning methods – reminiscent of key phrase stuffing, inserting malicious backlinks – or, in case of the redirection, making the search engine affiliate the compromised web site with the goal, third-party web site, thus poisoning the search index.
We had been, nonetheless, capable of pivot on these domains on VirusTotal and discover associated photographs – on this case, photographs promoting a playing software for Portuguese talking customers. We consider this web site is the beneficiary of the website positioning fraud scheme, facilitated by this malicious IIS module – Gamshen most likely makes an attempt to compromise as many web sites as attainable and misuse their popularity to drive visitors to this third-party web site.
Determine 8 and Determine 9 present two photographs doubtlessly utilized by GhostRedirector in its website positioning fraud scheme.
Determine 8. A playing web site doubtless benefiting from the website positioning fraud scheme (machine translation: Advantages and privileges for VIP members)Determine 9. A playing web site doubtless benefiting from the website positioning fraud scheme (machine translation: Giant deposits and withdrawals with out worries)
Conclusion
On this blogpost, we’ve offered a beforehand unknown, China-aligned risk actor, GhostRedirector, and its toolkit for compromising and abusing Home windows servers. Along with enabling distant command execution on the compromised servers, GhostRedirector additionally deploys a malicious IIS module, Gamshen, designed to govern Google search outcomes by way of shady website positioning ways. Gamshen abuses the credibility of the web sites hosted on the compromised server to advertise a third-party, playing web site – doubtlessly a paying shopper taking part in an website positioning fraud as-a-service scheme.
GhostRedirector additionally demonstrates persistence and operational resilience by deploying a number of distant entry instruments on the compromised server, on prime of making rogue consumer accounts, all to take care of long-term entry to the compromised infrastructure.
Mitigation suggestions may be present in our complete white paper. For any inquiries, or to make pattern submissions associated to the topic, contact us at threatintel@eset.com.
IoCs
A complete listing of indicators of compromise (IoCs) and samples may be present in our GitHub repository.
Information
SHA-1
Filename
Detection
Description
EE22BA5453ED577F8664CA390EB311D067E47786
SitePut.exe
MSIL/Agent.FEZ
Zunput, data collector and webshell installer.
677B3F9D780BE184528DE5967936693584D9769A
EfsNetAutoUser.exe
MSIL/HackTool.Agent.QJ
A customized software utilizing the EfsPotato exploit to create a brand new consumer on the compromised server.
5D4D7C96A9E302053BDFAF2449F9A2AB3C806E63
NetAutoUser.exe
MSIL/AddUser.S
A customized software utilizing the BadPotato exploit to create a brand new consumer on the compromised server.
28140A5A29EBA098BC6215DDAC8E56EACBB29B69
miniscreen.dll
Win64/Agent.ELA
Rungan, a passive C++ backdoor.
371818BDC20669DF3CA44BE758200872D583A3B8
auto.exe
Generik.KJWBIPC
A software to create a brand new consumer on the compromised server.
9DD282184DDFA796204C1D90A46CAA117F46C8E1
auto_sign.exe
MSIL/Agent.XQL
A software to create a brand new consumer or deploy webshells on the compromised server.
87F354EAA1A6ED5AE51C4B1A1A801B6CF818DAFC
EfsNetAutoUser.exe
MSIL/HackTool.Agent.QJ
A customized software utilizing the EfsPotato exploit to create a brand new consumer on the compromised server.
5A01981D3F31AF47614E51E6C216BED70D921D60
DotNet4.5.exe
MSIL/AddUser.S
Customized software utilizing BadPotato exploit to raise privileges of an present consumer.
6EBD7498FC3B744CED371C379BA537077DD97036
NetAUtoUser_sign.exe
MSIL/AddUser.S
Customized software utilizing BadPotato exploit to elevated privileges of an present consumer.
0EE926E29874324E52DE816B74B12069529BB556
hyperlink.exe
Win64/RemoteAdmin.GotoHTTP. A doubtlessly unsafe software
GoToHTTP software.
373BD3CED51E19E88876B80225ECA65A5C01413F
N/A
PHP/Webshell.NWE
Webshell.
5CFFC4B3B96256A45FB45056AE0A9DC76329C25A
N/A
ASP/Webshell.MP
Webshell.
B017CEE02D74C92B2C65517101DC72AFA7D18F16
N/A
PHP/Webshell.OHB
Webshell.
A8EE056799BFEB709C08D0E41D9511CED5B1F19D
N/A
ASP/Webshell.UV
Webshell.
C4681F768622BD613CBF46B218CDA06F87559825
N/A
ASP/Webshell.KU
Webshell.
E69E4E5822A81F68107B933B7653C487D055C51B
N/A
ASP/Webshell.UZ
Webshell.
A3A55E4C1373E8287E4E4D5D3350AC665E1411A7
N/A
ASP/Webshell.UY
Webshell.
E6E4634CE5AFDA0688E73A2C21A2ECDABD5E155D
N/A
ASP/Webshell.UY
Webshell.
5DFC2D0858DD7E811CD19938B8C28468BE494CB6
N/A
ASP/Webshell.UX
Webshell.
08AB5CC8618FA593D2DF91900067DB464DC72B3E
ManagedEngine32_v2.dll
Win32/BadIIS.AG
Gamshen, a malicious IIS module.
871A4DF66A8BAC3E640B2D1C0AFC075BB3761954
ManagedEngine64_v2.dll
Win64/BadIIS.CY
Gamshen, a malicious IIS module.
049C343A9DAAF3A93756562ED73375082192F5A8
N/A
MSIL/Agent.FFZ
Comdai, a malicious multipurpose DLL used to create a malicious consumer.
Community
IP
Area
Internet hosting supplier
First seen
Particulars
N/A
xzs.868id[.]com
N/A
2024‑12‑03
GhostRedirector staging server, hosted on Cloudflare.
104.233.192[.]1
xz.868id[.]com
PEG TECH INC
2024‑12‑03
GhostRedirector staging server.
104.233.210[.]229
q.822th[.]com www.881vn[.]com
PEG TECH INC
2023‑10‑06
GhostRedirector staging server.
N/A
gobr.868id[.]com
N/A
2024‑08‑25
Gamshen C&C server, hosted on Cloudflare.
N/A
brproxy.868id[.]com
N/A
2024‑08‑25
Gamshen C&C server, hosted on Cloudflare.
43.228.126[.]4
www.cs01[.]store
XIMBO Web Restricted
2024‑04‑01
Comdai C&C server.
103.251.112[.]11
N/A
IRT‑HK‑ANS
N/A
GhostRedirector staging server.
MITRE ATT&CK methods
This desk was constructed utilizing model 17 of the MITRE ATT&CK framework.
GhostRedirector makes use of .NET Reactor to obfuscate its instruments, and used EfsPotato and BadPotato to develop customized privilege escalation instruments.
Since Ryan took over as the top of Sensible Information Collective, we’ve got been dedicated to exploring how AI applied sciences has began to alter healthcare and training. You will note that synthetic intelligence is taking part in a rising function in serving to nurses be taught sooner and adapt to challenges in a strained healthcare system.
Earlier this week, Kelly Gooch and Kristin Kuchno of Becker’s Hospital Overview reported that 68 hospitals have been reporting layoffs. It’s changing into clear that the “Large Lovely Invoice” signed by Donald Trump has accelerated strain on suppliers to coach new nurses with fewer employees. Hold studying to be taught extra.
Revolutionizing Nursing Training
A report from the American Hospital Affiliation exhibits that spending on digital AI in healthcare elevated 47 % within the first quarter of this yr. You’ll be able to perceive from this development that healthcare organizations are urgently in search of instruments to strengthen coaching and help.
Andis Robeznieks of the American Medical Affiliation discovered that two out of three physicians noticed the worth in AI. It’s uncommon for medical doctors to agree so strongly on a brand new development, and this exhibits why nurse educators needs to be paying consideration.
You’ll be able to see that AI tutoring programs can present custom-made classes that match every nurse’s ability stage. There are rising alternatives for simulation platforms that permit college students to observe with out placing sufferers in danger.
There are sensible causes for AI’s rising function in healthcare training. It’s common for nurses to face overwhelming workloads, and AI may give them studying assets anytime with out ready for an teacher.
You’ll discover that simulation instruments are making it simpler to rehearse troublesome situations. There are additionally AI-driven programs that may analyze pupil efficiency and provides suggestions tailor-made to their strengths and weaknesses.
It is very important acknowledge that Medicaid cuts will restrict funding for hospitals and coaching applications. You’re going to see AI step in as an economical choice when budgets are too strained to help conventional instructing.
The nursing career, the spine of healthcare, is continually evolving. To maintain tempo with the rising calls for of a fancy healthcare panorama, nursing training and observe are present process a major transformation pushed by digital instruments and automation. These developments supply the potential to raise the standard of nursing training, empower nurses, and in the end enhance affected person outcomes in unprecedented methods.
The next are some methods by which the enhancement of nursing training accomplishes these targets.
Conventional nursing training strategies, whereas foundational, can usually profit from integration with fashionable digital instruments. Expertise gives the chance to create extra partaking, interactive, and customized studying experiences that higher put together future nurses for the realities of the sector.
Digital Actuality (VR): Stepping past textbook studying, VR and AR simulations present immersive scientific experiences. College students can observe complicated procedures, like inserting a central line or managing a essential occasion, in a secure, managed setting. This hands-on observe builds confidence and competence earlier than encountering actual sufferers.
Information Analytics and Customized Studying: Information analytics can observe pupil progress and determine areas the place they wrestle. This info permits essential nurse educators to tailor instruction to particular person wants, offering focused help and guaranteeing that no pupil is left behind. Customized studying pathways can optimize the training expertise.
Empowering Nurses with Expertise
Past training, digital instruments are reshaping the day by day observe of nurses, empowering them to ship extra environment friendly and efficient care in methods akin to:
Digital Well being Information (EHRs) and Scientific Resolution Assist Techniques (CDSS): EHRs are the cornerstone of contemporary healthcare, offering nurses with immediate entry to affected person info, treatment information, and lab outcomes. These programs can flag potential drug interactions, permitting nurses to make extra knowledgeable and well timed selections.
Wearable Expertise and Distant Affected person Monitoring: Wearable units, akin to smartwatches and biosensors, can repeatedly monitor affected person important indicators, exercise ranges, and sleep patterns. This information might be transmitted wirelessly to nurses, permitting them to determine potential issues early and intervene proactively.
Robotics and Automation: Robots are more and more being utilized in healthcare settings to automate duties like treatment dishing out, specimen transport, and cleansing. This frees up nurses to concentrate on extra complicated and patient-centric duties, akin to offering emotional help and conducting thorough assessments.
Enhancing Affected person Outcomes
The overarching objective of integrating digital instruments and automation into nursing training and observe is to enhance affected person outcomes. By equipping nurses with the data, expertise, and instruments they should ship the absolute best care, they’ll obtain:
Lowered Medical Errors: automated treatment dishing out programs considerably cut back the danger of treatment errors, a number one explanation for preventable hurt in healthcare.
Improved Affected person Security: Actual-time monitoring of affected person important indicators and distant affected person monitoring permit nurses to detect potential issues early and intervene proactively, stopping hostile occasions.
Enhanced Affected person Engagement: Digital instruments can facilitate affected person engagement by offering them with entry to their well being info, permitting them to speak with their healthcare crew, and providing customized training and help.
Elevated Effectivity and Lowered Prices: Automation streamlines workflows, reduces administrative burdens, and improves effectivity, resulting in decrease healthcare prices.
Higher Persistent Illness Administration: Distant affected person monitoring and customized interventions can enhance continual illness administration, lowering hospital readmissions and bettering high quality of life for sufferers with situations like diabetes and coronary heart failure.
Navigating the Way forward for Nursing
Whereas the potential advantages of digital instruments and automation in nursing are immense, there are additionally challenges that must be addressed:
Digital Literacy and Coaching: Guaranteeing that each one nurses have the required digital literacy expertise to successfully use these instruments is essential. Ongoing coaching and help are important.
Information Privateness and Safety: Defending affected person information and guaranteeing the safety of digital programs is paramount.
Moral Issues: Addressing the moral implications of utilizing AI and different applied sciences in healthcare is crucial.
Regardless of these challenges, the way forward for nursing management roles are undoubtedly intertwined with digital expertise. By embracing these developments and addressing the related challenges, we will empower nurses to ship increased high quality, extra environment friendly, and extra patient-centered care, in the end resulting in improved well being outcomes for all.
The journey of integrating digital instruments and automation into nursing is a steady means of studying, adaptation, and innovation, paving the way in which for a more healthy and extra sustainable future.
You’ll be able to acknowledge that the rise of AI in nursing training is not only about protecting tempo with expertise however about survival in an period of fewer employees and shrinking budgets. There are clear indicators that the career will depend on AI to satisfy the rising demand for expert care.
It’s doable that the hospitals and colleges that embrace AI sooner can have stronger outcomes within the years forward. You can find that this shift issues not just for nurses themselves but additionally for sufferers who depend upon them on daily basis.
The Rust Basis, steward of the Rust programming language, has launched the Rust Innovation Lab, providing fiscal sponsorship to related, well-funded open supply tasks. The inaugural hosted undertaking is Rustls, a memory-safe, high-performance TLS (Transport Layer Safety) library, the muse mentioned.
Introduced September 3, Rust Innovation Lab sponsorship consists of governance, authorized, networking, advertising, and administrative assist. Creation of the lab comes at a pivotal second, the muse mentioned. Rust adoption has accelerated throughout each trade and open supply, and plenty of tasks written in Rust have matured into essential items of worldwide software program infrastructure, the muse burdened. With Rust turning into extra deeply built-in in every little thing from cloud platforms to embedded methods, a rising want has arisen for impartial, community-led governance, the muse mentioned. Dependable institutional backing will assist these tasks in remaining sustainable, safe, and vendor-independent, the muse added.
The inaugural sponsored undertaking, Rustls, responds to a rising demand for safe, memory-safe TLS in safety-critical environments. The library is used to construct safe connections within the Rust ecosystem, the muse mentioned. Rustls demonstrates Rust’s potential to ship safety and efficiency in one of many most-sensitive areas of recent software program infrastructure, the muse mentioned.
Arbitrage continues to be one of the crucial easy but best strategies of constructing earnings in monetary markets, and the identical applies to the crypto market.
With hundreds of tokens and common fluctuations in provide and demand, the alternatives for promising offers not solely persist however are literally rising in 2025.
Ethereum has at all times been one of the crucial essential ecosystems for arbitrage owing to its excessive liquidity, in depth community of decentralized exchanges (DEXs), and extremely lively developer group.
However is Ethereum nonetheless price becoming a member of for arbitrage functions? The quick reply: sure. Though the market has toughened, the event of Layer 2 (L2) protocols, cross-chain bridges, and custom-made arbitrage bots continues to supply new avenues for merchants and companies eager to earn on market inefficiencies.
Some Info on Ethereum Ecosystem Buying and selling Exercise
What Is an Ethereum Arbitrage Bot?
Blockchain arbitrage is defined because the act of making the most of value discrepancies of the identical asset on totally different markets, protocols, or networks.
So, an Ethereum arbitrage bot is automated software program that independently seems for interesting value disparities, however throughout the Ethereum ecosystem.
In distinction to guide buying and selling, the place worthwhile alternatives are often gone by the point a dealer can react, a bot can monitor, choose, and act in seconds or milliseconds.
For instance, if ETH is at $1,600 on one cryptocurrency change and $1,605 on one other, the bot should purchase on the cheaper value instantly and promote on the costlier value for a small revenue.
In comparison with crypto buying and selling bots produced for different blockchains, Ethereum bots have a couple of distinctive attributes:
They need to rigorously oversee fuel charges, which might make or break a commerce.
They immediately work together with good contracts and subsequently want safe Web3 integration.
They face harsh competitors in Ethereum’s lively mempool, and thus velocity and execution methods matter.
How an Ethereum Arbitrage Bot Works
The Ethereum bot, by the use of fundamental logic and goal, is just about like different crypto arbitrage bots. Nonetheless, as it’s made particularly for Ethereum, it nonetheless retains some peculiarities that set it other than different bots that work on different blockchains.
Bot Structure
Typically, Ethereum arbitrage cryptocurrency bots consist of 4 principal components:
Market Information Collector – extracts related costs from CEXs (centralized exchanges), DEXs, or Ethereum nodes.
Arbitrage Engine – crosses costs and uncovers worthwhile choices.
Execution Layer – executes trades, usually making all elements of the commerce occur atomically.
Monitoring Dashboard – watches efficiency, sends alerts, and offers management to the dealer.
By and enormous, such a modular format permits flexibility, so bot builders can add new exchanges, modify algorithms, or tweak execution with out overhauling the bot.
Worth Scanning
The bot’s intelligence comes from its scanning algorithms. Some merely examine costs on two exchanges, whereas others observe a number of token pairs for extra complicated prospects, like triangular arbitrage.
Ethereum bots in DeFi are in a position to learn good contracts immediately utilizing Web3 libraries. In an effort to seize alternatives quick, they usually work in parallel, preserve value information prepared in reminiscence, and even attempt to guess short-term value strikes.
Execution
Timing of execution in crypto arbitrage is of utmost significance. Upon discovering a deal, the bot:
Executes trades atomically so both all elements succeed or none do.
Makes use of personal transaction channels (i.e., Flashbots) to keep away from front-running.
Scores fuel charges to maintain prices lower than income.
Some superior bots additionally use easy machine studying to resolve whether or not a commerce is price making based mostly on the present community standing.
Ethereum-Particular Instruments
Ethereum crypto bots depend on blockchain-native instruments:
Web3 libraries (Web3.js, Web3.py) to work together with nodes and good contracts.
EVM (Ethereum Digital Machine), the place transactions are run.
GraphQL endpoints to question blockchain information effectively.
RPC and WebSocket connections for quick, real-time communication.
These applied sciences permit the bot to scan costs, calculate earnings, and execute trades in a rush earlier than they’re misplaced.
Applied sciences and Instruments Behind Automated Buying and selling
To make an Ethereum arbitrage buying and selling bot, builders require the correct mix of programming languages, blockchain companies, and change APIs. Because the bot’s success depends upon how rapidly it might spot and commerce, what you develop it with issues lots.
Programming Languages
Python – nice for testing methods and connecting to change APIs.
Node.js – well-suited for stay information streams and WebSocket connections.
Golang or Rust – usually used when velocity and low latency are the priority.
Many bots mix all of those: Python for evaluation, Node.js for dealing with information, and Go or Rust for the quickest elements of the execution.
Blockchain Instruments
These instruments assist bots spot revenue alternatives and attain trades with out delays:
Flashbots – allow bots to submit non-public Ethereum transactions to keep away from being front-run.
Blocknative – helps observe the mempool so bots can see how transactions are lining up.
QuickNode (and comparable suppliers) – give quick and dependable entry to Ethereum and Layer 2 networks.
Trade Connections
In an effort to be worthwhile, a bot will usually connect with each decentralized and centralized markets:
CEXs: Binance, Kraken, Coinbase, and many others., give in depth liquidity and stay order books.
DEXs: Uniswap, Curve, SushiSwap, and Balancer are well-known Ethereum platforms the place value variations are more likely to occur.
By combining CEXs and DEXs, bots get extra possibilities to catch worthwhile trades.
Actual Challenges and Limitations of ETH Buying and selling Bot
Blockchain buying and selling software program could be just about worthwhile, however the actuality is much from uncomplicated. The market is very aggressive, and plenty of technical and monetary limitations can lower into doable good points.
Let’s begin with competitors. There are literally thousands of merchants and bots watching the identical markets, many with seasoned groups and infrastructure behind them. Due to this, value discrepancies shut in seconds, giving barely any time to react.
One other drawback is how trades in Ethereum are settled. When a commerce continues to be unconfirmed, it goes into the mempool, the place everybody can view it.
It’s subsequently doable for different bots to repeat the commerce and have it executed first by paying a bigger fuel payment, which is named front-running. In that state of affairs, the unique commerce can fail and even lead to a loss.
Fuel charges are an issue in and of themselves. Ethereum charges change rapidly relying on community utilization. A commerce that appears worthwhile at first look can very simply be rendered unprofitable as soon as the fuel payment is included. As a consequence of this, bots have to consistently calculate if the unfold is large enough to cowl charges.
Pace can be a constraint. A bot should course of data and ship transactions extraordinarily quick with a view to win. Even a small lag will consequence within the alternative being taken by one other quicker competitor. That’s the reason profound builders use optimized code, paid RPC nodes, and personal transaction relays.
Problem
Impression
Answer
Market Competitors
Fewer worthwhile alternatives as many bots compete.
Use {custom} methods and monitor a number of exchanges/DEXs.
Delays & Entrance-Operating
Trades can fail or be overtaken by quicker bots.
Optimize execution velocity and take into account MEV-resistant instruments.
Pace Necessities
Bots should execute in milliseconds to remain aggressive.
Use low-latency infrastructure and environment friendly code.
Safety Dangers
Vulnerabilities can result in losses or information breaches.
Implement safe coding, audits, and protected key administration.
Liquidity & Slippage
Low liquidity can cut back or get rid of earnings.
Give attention to liquid pairs and modify commerce sizes dynamically.
Community & Fuel Charges
Excessive charges might wipe out good points.
Monitor charges in real-time and use L2 options when doable.
Challenges and Limitations of Utilizing Bots
Prepared-Made Bots vs. Customized Ethereum Buying and selling Bot Improvement
When it’s a matter of utilizing a crypto buying and selling bot, often there are two alternate options: off-the-shelf options or {custom} ones. Each have severe professionals, but cons too.
Off-the-shelf bots are common resulting from ease of set up and minimal technical data required. They sometimes embody simple-to-use dashboards and pre-programmed methods, so merchants can begin testing in virtually no time.
For people or small teams, it’s a affordable technique of attempting arbitrage. The draw back, nevertheless, is that these bots can be found to many merchants. Their methods quickly grow to be well-known, and markets modify quick, which suggests earnings often shrink over time.
Customized improvement affords better management. A bot developed in-house or with a crypto arbitrage buying and selling bot improvement firm, can go well with particular buying and selling methods, be modified to work with particular platforms, and be tuned for efficiency and safety.
Why Select SCAND?
At SCAND, we specialise in designing, creating, and supporting arbitrage crypto bots in order that they will final lengthy and survive market competitiveness.
Our companies cowl every thing from preliminary structure planning and change integrations to ongoing efficiency tuning and safety enhancements.
In shut cooperation with clients, we be sure that each bot shouldn’t be solely technically sound but in addition well-aligned with the consumer’s enterprise technique.
Potential Instances for B2B Purchasers
For B2B purchasers, SCAND can develop {custom} cryptocurrency bots that open up arbitrage alternatives going far past easy methods.
Hedge funds, for instance, can automate and scale a number of methods directly, similar to inter-exchange arbitrage on centralized platforms and triangular alternatives on Ethereum DEXs. A SCAND-built bot can course of hundreds of market alerts per second and execute trades quicker than any guide method.
Crypto exchanges can use SCAND-developed bots to handle liquidity, right value variations throughout markets, and preserve spreads tight. This ensures smoother buying and selling and makes the platform extra enticing to each retail and institutional customers.
Buying and selling corporations coming into DeFi can profit from cross-chain and Layer 2 arbitrage bots constructed by SCAND. These techniques can handle a number of networks, optimize fuel prices, and execute complicated trades with precision — far above what ready-made options permit.
Steadily Requested Questions (FAQs)
What’s an Ethereum arbitrage bot?
It’s a program that robotically seems for value disparities for Ethereum or associated tokens throughout totally different markets and executes trades to make a revenue. It really works a lot quicker than guide buying and selling, appearing in seconds or milliseconds.
Why select a {custom} bot over a ready-made one?
Pre-built bots are fast and straightforward to make use of however aren’t versatile or worthwhile in the long run. Customized bots, in flip, could be programmed for multi-strategy use, connect with chosen exchanges or networks, be optimized for efficiency, and alter because the market modifications.
Are arbitrage bots dangerous?
Sure. Entrance-running, fluctuating fuel costs, competing bots, and safety threats are a few of them. A rigorously designed bot with correct safety features, nevertheless, will cut back these dangers.
How can SCAND assist companies?
SCAND builds {custom} Ethereum bots for B2B purchasers, taking good care of every thing from technique design and system setup to change and blockchain integrations, monitoring, and additional help. Get in contact with us to e book a session and get extra particulars.
Thrilling information – Indie Selects is bringing you a monster new Demo Fest subsequent week. From September 9-30, gamers on Xbox Sequence X|S and Xbox One can dive into greater than 40 demos, together with upcoming titles and video games with new content material.
Whether or not you’re desperate to strive one thing new or get a sneak peek at video games coming in future, this demo occasion is one you gained’t need to miss!
Right here are some things to remember:
Whereas some could return to the Demo channel later, most of those demos will solely be out there to play this month, so don’t delay – should you see one thing you just like the sound of, strive it now!
These recreation demos differ from the same old ones in our Demo channel, as they’re shared earlier than the video games are completed and should not mirror the ultimate product. Consider them extra like “showfloor demos,” providing you with early entry and an opportunity to offer suggestions. Count on these video games to develop and enhance earlier than launch.
Talking of suggestions – please share your ideas with the builders by way of social media, or their web sites! You could possibly assist form the way forward for these video games.
We’ll announce the complete listing of demos on September 9, however listed here are some video games you may count on to see:
Echo Weaver – Moonlight Children/Akupara Video games
Are you able to grasp time itself? Echo Weaver is a “metroidBRAINia” the place time is your finest useful resource and secrets and techniques are your solely upgrades. You’re the final of the Weavers, a remnant of a ruined society trapped in a glitching time loop. The Congregation got down to discover the celebrities and discover paradise. What they discovered as a substitute has led their utopian mission to ash and cinders – are you able to break the loop?
Mina The Hollower– Yacht Membership Video games
Descend right into a frightful world of action-adventure in Mina the Hollower. Take management of Mina, a famend Hollower hurled right into a determined mission to rescue a cursed island. Burrow beneath hazards and monsters, whip foes into oblivion, and kit up with an arsenal of sidearms and trinkets.
Discover an unlimited world stuffed with pixel-perfect graphics, masterful gameplay, beastly bosses, and infectious music. Encounter a forged of weird characters, get your hands on secrets and techniques in an array of unique locales, and illuminate the omnipresent darkness in Mina the Hollower, a brand-new recreation from the builders who introduced you Shovel Knight!
The Jackbox Occasion Pack 11– Jackbox Video games
The Occasion Pack is again! The Jackbox Occasion Pack 11 catapults you and your crew into the most effective timeline of occasion recreation pandemonium. Whether or not you’re a trivia titan, a joke mastermind, or the resident undercover detective of your buddy group, there’s one thing for everybody on this pack. No further controllers wanted – gamers merely be a part of the sport and play utilizing telephones, tablets or computer systems!
5 brand-new video games will change the way in which you occasion this vacation season and past. Play two of those video games in our demo:
Doominate (Writing): Take a wonderfully beautiful scenario and destroy it on this head-to-head joke recreation the place it feels so good to be so unhealthy. Doominate helps 3-8 gamers.
Hear Say (Sound Results): Document sound results and dialogue straight out of your telephone in a foley-inspired recreation the place laughter is the soundtrack. Then, watch your voices come to life in a sequence of quick film clips! Hear Say helps 2-8 gamers.
Yooka-Replaylee – Playtonic Video games/PM Studios
Yooka-Replaylee is the definitive remade and enhanced model of the 3D indie platforming collectathon darling, Yooka-Laylee, developed by key artistic expertise behind the Banjo-Kazooie and Donkey Kong Nation video games.
New, remixed challenges and outdated favorites await as you embark to discover the large, stunning open worlds because the lovable buddy-duo Yooka (the inexperienced one) and Laylee (the purple one) as soon as extra, all whereas backed by a stupendous orchestral soundtrack. Did we point out there’s a map now? A shiny new forex? And tons of customization choices? It’s by no means moved, appeared, or sounded higher!
And there’s a lot extra in retailer. The ID@Xbox Indie Selects Demo Fest will provide all kinds of video games to find and revel in. Whenever you get the possibility to examine them out, we’d love to listen to your ideas. Join with us on Twitter, Instagram, Discord, Twitch, Bluesky and YouTube. Keep tuned to Xbox Wire to study extra about what Workforce Xbox has deliberate!
The Business UAV Expo, held in Las Vegas from September 2–4, 2025, introduced collectively international leaders in drone expertise to debate the fast evolution of the trade. One of the crucial compelling classes explored how autonomy, synthetic intelligence (AI), and innovation are reshaping the function of drone operators and reworking the way in which organizations deploy drone expertise at scale.
From Pilots to System Managers: Who’s Flying the Drone?
A decade in the past, drone operations relied closely on expert pilots with hands-on flying experience. At this time, panelists agreed, these roles are shifting towards system administration, information interpretation, and strategic oversight.
“We’re previous the innovation stage, the place persons are testing our merchandise,” mentioned Adrien Briod, Co-Founder and CTO of Flyability. “Now we’re within the stage the place persons are utilizing our merchandise to do their jobs day-after-day.”
Nitin Gupta, CEO of FlytBase, described this transition as a transfer from piloting to problem-solving. “Drones must be invisible – we shouldn’t be apprehensive about how the drone will fly, we must be apprehensive concerning the job,” he defined. This shift locations higher emphasis on enterprise affect relatively than technical operation.
Constructing Scalable and Sustainable Operations
Scaling drone packages requires extra than simply dependable plane. The dialogue emphasised the significance of user-friendly techniques, supportive ecosystems, and powerful buyer relationships.
Armin Ambuehl, CTO of Wingtra, famous that “for giant organizations, transferring data and onboarding workers turns into a giant drawback. The simpler you make it from a {hardware} standpoint, the higher it’s on your clients.”
From a utility perspective, Ameren’s James Pierce emphasised the worth of collaboration in product growth. “We need to check out expertise earlier than we purchase it – and we need to probably have a component within the growth of that product, in order that we might help form that growth for the utility trade.”
Panelists additionally identified that drone adoption extends past tools. Service suppliers, coaching packages, and ongoing assist stay important to long-term success. As Briod defined, “on the finish of the day, they supply the answer… and I feel that’s going to stay the case for a while.”
AI as an Business Catalyst for the Way forward for the Drone Business
AI emerged as a central theme of the way forward for the drone trade, with panelists highlighting its transformative potential. Invoice Irby, CEO of AgEagle Aerial Methods, emphasised flexibility in dealing with the unknown: “AI goes to have a big impact on this. We have to be versatile, as a result of we don’t know the way but.”
Gupta defined that the best AI functions deal with information evaluation, which characterize “low-hanging fruit.” Extra complicated functions, corresponding to physical-world interactions, would require extra growth and regulatory adaptation.
Briod added that whereas AI is highly effective, it can’t substitute human judgment in safety-critical contexts. “Individuals aren’t going to say it’s OK that AI says that bridge is now protected, or that ship is prepared to return to sea. So we’re growing techniques that hold the human within the middle of these selections, however they’ve tremendous powers.”
AI’s function in advancing one-to-many operations, enhancing security, and standardizing practices may speed up the trade’s progress, supplied each expertise and belief evolve in tandem.
Bridging Regulation, Belief, and Expertise
The dialog additionally touched on the interaction between technological functionality and regulatory frameworks. Ambuehl reminded attendees that regulators will not be all the time aligned with trade’s imaginative and prescient of operator roles shifting from pilots to analysts or managers.
Panelists pressured the necessity for pragmatic approaches whereas remaining visionary. Gupta in contrast the dialog to the early skepticism round autonomous automobiles, which now share the street with human-driven autos in main cities.
Constructing belief in regulators, in clients, and within the broader public, was recognized as important. As panel moderator Kaitlyn Albertoli, CEO of Buzz Options, highlighted, the way forward for drone operations would require cautious administration of each technological potential and societal expectations.
Making ready the Workforce of Tomorrow
As autonomy and AI proceed to evolve, workforce growth is changing into a high precedence. Coaching now focuses much less on piloting and extra on analyzing information, managing techniques, and fixing enterprise challenges.
Panelists envisioned a future the place AI brokers assist operators, enabling workers to deal with higher-level problem-solving. “What differentiates us is to have the ability to assume. To take a seat down and take into consideration an issue and what the boundaries are,” Ambuehl mentioned.
This transition underscores the necessity for complete coaching, robust assist techniques, and training about each capabilities and limitations. As Briod concluded, “the North Star for product growth is ‘Don’t make folks assume.’ Nevertheless, we have now to additionally educate the market concerning the capabilities and the worth that they will get.”
The drone trade is coming into a brand new part the place AI, autonomy, and innovation redefine the function of the operator and the worth of drone expertise. Whereas challenges stay in regulation, belief, and workforce readiness, the potential for drones to remodel industries is clearer than ever.
Learn extra:
Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, an expert drone companies market, and a fascinated observer of the rising drone trade and the regulatory setting for drones. Miriam has penned over 3,000 articles centered on the industrial drone area and is a global speaker and acknowledged determine within the trade. Miriam has a level from the College of Chicago and over 20 years of expertise in excessive tech gross sales and advertising for brand spanking new applied sciences. For drone trade consulting or writing, E mail Miriam.
The brand new Rail Unloader Automotive is designed to soundly and effectively unload steady welded rail strings. | Supply: Delta Railroad Providers
Extra robots are coming to railways. Delta Railroad Providers yesterday launched a brand new, rail-bound, custom-engineered and constructed automated Rail Unloader Automotive, or RUC.
The corporate mentioned it designed the RUC to enhance the pace, effectivity, and security of unloading as much as 1,600-ft. (487-m) steady welded rail (CWR) strings from railcars. It mentioned the RUC streamlines the end-to-end rail unloading course of, a activity historically carried out manually, which might be each time-consuming and harmful.
The system’s design permits for the environment friendly and exact distribution of CWR strings straight from railcars onto the monitor mattress, the corporate asserted. Linda Laurello, CEO of Delta Railroad Providers, known as the brand new unloaders a “recreation changer for the rail business.”
“We’ve taken a labor-intensive, hazardous course of and reworked it right into a protected, automated operation,” she added. “This not solely protects our front-line building crews, however [it] additionally dramatically will increase productiveness for crews throughout the US and North America.”
RUC will increase monitor unloading pace and security
Delta Railroad Providers listed options of its RUC system:
Automated unloading: The RUC makes use of a self-contained system to exactly offload CWR strings alongside tangents and curves, with out the necessity for guide intervention, minimizing the danger of harm, claimed the corporate.
Elevated pace: The machine can unload a single railcar in a fraction of the time it takes utilizing conventional strategies, accelerating mission timelines, based on Delta.
Enhanced security: By minimizing employee interface throughout unloading, the RUC can scale back the danger of accidents and accidents.
Superior versatility: The unloader is adaptable to varied sorts and lengths of railcars and rail measurement (115#, 136#, 141#).
Totally built-in: The RUC can transfer freely all through a railroad community with out limitations like a railcar.
Steven Pratt, chief working officer of Delta Railroad Providers’ Equipment division, High quality Monitor Gear, touted the corporate’s give attention to the consumer. “Each machine that leaves our store is constructed with our buyer in thoughts—their consolation, security, and operational wants,” he mentioned.
Based in 1957, Delta Railroad Providers is a part of the Salcef Group. At the moment, it’s a railroad building and upkeep firm, a producer and remanufacturer of maintenance-of-way (MOW) gear, and an gear rental firm.
The Ashtabula, Ohio-based enterprise mentioned it goals to serve the rising railroad infrastructure wants within the U.S. and all through North America.
Editor’s be aware:RoboBusiness 2025, which will probably be on Oct. 15 and 16 in Santa Clara, Calif., will embrace an expanded monitor on discipline robotics. Registration is now open.
