<!–> BeeBright/Getty Images PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software developed and released by the Python community as well as serving as a repository where developers can distribute their software. Also: How to use […] More

Elyse Betters Picaro/ZDNETZDNET’s key takeawaysOpenAI adds reminders to take a break. ChatGPT will also have improved functions for mental health support.The company is working with experts, including physicians and researchers. As OpenAI prepares to drop one of the biggest ChatGPT launches of the year, the company is also taking steps to make the chatbot safer and more reliable with its latest update. Also: Could Apple create an AI search engine to rival Gemini and ChatGPT? Here’s how it could succeedOn Monday, OpenAI published a blog post outlining how the company has updated or is updating the chatbot to be more helpful, providing you with better responses in times when you need support, or encouraging a break when you use it too much:We build ChatGPT to help you thrive in the ways you choose — not to hold your attention, but to help you use it well. We’re improving support for tough moments, have rolled out break reminders, and are developing better life advice, all guided by expert input.…— OpenAI (@OpenAI) August 4, 2025

New get off ChatGPT nudge If you have ever tinkered with ChatGPT, you are likely familiar with the feeling of getting lost in the conversation. Its responses are so amusing and conversational that it is easy to keep the back-and-forth volley going. This is especially true for fun tasks, such as creating an image and then modifying it to generate different renditions that meet your exact needs.  More

Researchers with cybersecurity firm Randori have discovered a remote code execution vulnerability in Palo Alto Networks firewalls using the GlobalProtect Portal VPN. 

ZDNet Recommends

The zero-day — which has a severity rating of 9.8 — allows for unauthenticated, remote code execution on vulnerable installations of the product. The issue affects multiple versions of PAN-OS 8.1 prior to 8.1.17, and Randori said it found numerous vulnerable instances exposed on internet-facing assets, in excess of 70,000 assets. It is used by a number of Fortune 500 companies and other global enterprises.Palo Alto has released an update that patches CVE-2021-3064 after being notified about the issue in September. Aaron Portnoy, principal scientist at Randori, told ZDNet that the original catalyst for their research into Palo Alto Networks firewalls was identifying its presence on customer perimeters.”Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally. Randori believes the best way to identify potential points of attack is to assess the attack surface. We then devoted resources into assessing the attack surface of the firewall itself in a lab environment. This process allowed us to identify the components an attacker would have to exploit in order to compromise the device,” Portnoy explained.”As is the case with many closed-source products, simply setting up an environment in which to develop an exploit is challenging. Complex products such as PAN firewalls include protections that make this process difficult regardless of the vulnerability. We have found the overall security posture of the affected devices to be on par with other vendors in the space.” 

Portnoy said that exploitation is difficult but possible on devices with ASLR enabled, which appears to be the case in most hardware devices. “On virtualized devices (VM-series firewalls), exploitation is significantly easier due to lack of ASLR, and Randori expects public exploits will surface,” Portnoy said. According to Portnoy, in October 2020, his team was tasked with researching vulnerabilities with the GlobalProtect Portal VPN. By November 2020, his team discovered CVE-2021-3064, began authorized exploitation of Randori customers, and successfully landed it at one of their customers — over the internet — not just in a lab.The exploit gains root privileges — complete control over the device — and can execute arbitrary code. Portnoy said his team was able to gain a shell on the affected target, access sensitive configuration data, extract credentials and more while moving laterally from there and gaining visibility into the internal network. Randori exploited Palo Alto Networks PA-5220, including PAN-OS 8.1.16 and PAN-OS 8.1.15.”The vulnerability chain consists of a method for bypassing validations made by an external web server (HTTP smuggling) and a stack-based buffer overflow. Exploitation of the vulnerability chain has been proven and allows for remote code execution on both physical and virtual firewall products. Publicly available exploit code does not exist at this time,” Randori said.”VPN devices are attractive targets for malicious actors, and exploitation of PA-VM virtual devices, in particular, is made easier due to their lack of Address Space Layout Randomization (ASLR). CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. The problematic code is not reachable externally without utilizing an HTTP smuggling technique. The exploitation of these together yields remote code execution as a low privileged user on the firewall device.”Randori noted that in order to exploit the vulnerability, the attacker must have network access to the device on the global protect service port (default port 443). As the affected product is a VPN portal, they added that this port is often accessible over the internet. In addition to the patch, Randori suggested affected organizations look through the available Threat Prevention signatures 91820 and 91855 that Palo Alto Networks made available. They can be enabled to thwart exploitation while organizations plan for the software upgrade. For those that do not use the VPN capability as part of the firewall, Randori recommended disabling the VPN functionality.Portnoy and Randori touted the situation as an example of the ethical use of zero-days to protect companies from the kind of threats they face from nation-state actors. Portnoy estimates that the vulnerability would be worth several hundred thousand dollars on the black market. More

S&P Global Market Intelligence and Immuta released a new study this week highlighting how many larger organizations are struggling to manage and use their data. The report, conducted by 451 Research, found that 55% of respondents said the data they get for analysis is often out-of-date or stale by the time it gets to them. 451 Research surveyed 525 data leaders in the US, Canada, UK, Germany and France. All of the survey participants work for organizations that have more than 1,000 employees. The survey’s findings represented the larger debate being had among enterprises about how to balance effective data use with data privacy and security. Of the respondents to the survey, 84% said they thought data privacy and security requirements would limit access to data at their organizations over the next 24 months.Nearly 40% of respondents who work as data suppliers said they lack the staff or skills to handle their positions, with almost 30% citing a lack of automation as a problem. At least 90% of those who answered the survey said data quality and trust were becoming more important than the volume or quantity of data, while the role of chief data officer is becoming increasingly prominent within organizations. A majority of respondents said the chief data officer had direct access to the CEO. According to the survey, 60% of respondents said their organizations have a chief data officer while 40% do not. The numbers also corresponded to organization size, with larger enterprises being more likely to have a chief data officer. “The findings are clear. As data workflows and processes have become more complex over time — and as organizational demand for data grows — there are clear points of friction in the data supply chain,” said Paige Bartley, senior analyst at 451 Research. 

“Chief among them is data suppliers that have limited resources, skills shortages, and little automation being tasked with trying to deliver a steady stream of relevant data to a growing number of data consumers.”Reliance on the cloud is also on the rise according to the survey, which found that 76% of respondents worked for organizations using cloud data technology more frequently for storage, compute and sharing over the next 24 months. For those still struggling to move to the cloud, 43% said it was because of security while 40% cited compliance issues and 35% said data privacy was a concern. Overall, 65% of respondents said data has become more important for their own job now than it ever had been over the last 24 months. More than 71% said the number of data consumers in their organization has steadily increased over time, with another 73% adding that more human and machine data consumers will need access to data over the next two years. The changes to data consumption and deployment are also being affected by legislation, according to the survey, which found that 84% said their enterprise was subject to regulations like GDPR and HIPAA.Data privacy and security are also prompting changes. More than 83% said data security rules will limit their access to data at their organization over the next two years. Respondents also complained about the fact that data was not available in real time, expressing exasperation with ill-equipped data teams unable to deliver self-service data tools. Almost 40% said their data is only available at a point in time. More than 62% of respondents said they used free cloud-based tools to help them handle data-focused tasks. “Respondents from regulated organizations were also much more likely to report their organization had a cloud-first (31%) or cloud-forward (45%) adoption strategy, while respondents from non-regulated organizations were disproportionately more likely to report a cloud-conservative (46%) or cloud-skeptic (9%) strategy,” the report said. “The assumption that regulated industries or firms tend to shy away from cloud technology is outdated at best.”Organizations are also struggling to manage data access and use, according to 65% of respondents. Immuta CEO Matt Carroll said the disconnect between data suppliers and consumers highlights the pressing challenge for businesses and the public sector to improve speed and access to data. “The findings make it clear that insights and business value cannot be quickly and easily generated from data unless it can be shared, modeled, and analyzed in a frictionless manner,” Carroll said. “This report validates what our customers have experienced. The good news is, by understanding these pain points, organizations can address them and move forward to maximize the value of enterprise data and minimize risks. Investing in automation and scalability removes hurdles to cloud adoption and opens the door for more efficient data access and use to improve business outcomes.” More

Maximusnd/iStock/Getty Images Plus via Getty Images Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways Linus Torvalds is annoyed by non-informative links in proposed Linux code changes. Many of these useless links come from AI dev programs and other automated tools. Torvalds doesn’t want to see links unless they take him […] More