Tag: input validation

A new chapter for Galaxy: what Samsung actually announced at Unpacked 2026

Samsung's Unpacked on February 25, 2026 landed like a weather front for mobile tech — not a single dramatic lightning strike, but a sweep of changes that together reframe what a smartphone can do. From the S26 Ultra's built-in Privacy Display to earbuds that talk back to AI and “agentic” assistants that act for you, this event wasn't just about specs. It was about shifting phones from reactive tools into proactive partners.

Below I break down the headlines, give the context you need, and share what the changes mean for privacy, daily workflows, and whether it's worth upgrading.

Quick snapshot

• Event date: February 25, 2026 (Galaxy Unpacked, San Francisco).
• Ships: Galaxy S26 series and Galaxy Buds4 line are slated to be available from March 11, 2026.
• Themes: agentic AI (phones acting on your behalf), hardware privacy (Privacy Display), camera and performance refinements, and refreshed earbuds with tighter AI integration.

What matters most right now

• Privacy Display: a hardware-layer privacy solution built into the S26 Ultra’s OLED that limits side viewing — useful in crowded places and for safeguarding on-screen data.
• Agentic AI: Samsung positions Galaxy AI as more than assistants that answer questions; it will proactively perform tasks, leverage on-device Personal Data Engine (PDE), and work with partners like Google (Gemini) and Perplexity.
• Buds4 and Buds4 Pro: redesigned earbuds with improved audio, new gesture and head controls, and closer integration with Galaxy AI.
• Pricing and release: preorders opened after Unpacked; S26 series ships March 11, 2026 with U.S. pricing shifts (S26 and S26+ up $100 vs. predecessors; Ultra holds at $1,299 in the U.S., per reporting).

A few high-level takeaways

• Privacy and AI are front-and-center, not afterthoughts.
• Samsung is treating AI as infrastructure — deeply embedded, cross-device, and designed to act for you.
• Hardware innovations (display tech, thermal design) support those AI ambitions by enabling sustained on-device processing.
• The product lineup is evolutionary in many specs, but the platform changes (PDE, agentic features) create new user scenarios that may drive upgrades.

The Galaxy S26 series: subtle redesigns, big platform bets

• Design and performance:
  • The S26 Ultra swaps titanium for lighter aluminum for better thermal control and adds a larger vapor chamber; Samsung claims significant NPU and CPU improvements for the Ultra’s custom AP. These changes are meant to sustain AI-heavy workloads on-device.
• Cameras and displays:
  • Improvements in apertures, image processing, and a 200 MP main sensor on the Ultra continue Samsung’s push on computational photography. The Ultra keeps flagship camera capabilities (including 8K options) while adding a display technology that’s the real eye-catcher this year.
• Privacy Display (S26 Ultra headline):
  • This is a display-integrated approach to “shoulder surfing”: when enabled the screen remains clear for the person directly in front of it but darkens or blacks out when viewed from the side. You can configure it per app or area (notifications/passwords), and there’s a “Maximum Privacy Protection” mode for especially sensitive content.
  • Importantly, this is hardware-level masking integrated into the OLED panel rather than a simple software filter — which reduces the chance of easy circumvention and preserves front-view clarity.
• Pricing and availability:
  • Preorders followed Unpacked and shipping begins March 11, 2026. U.S. pricing shows S26 and S26+ up about $100 versus last year, while the Ultra stays around $1,299 (regional prices vary).

Why this matters: Samsung is answering two real user pain points — public privacy and AI usefulness — with hardware plus platform improvements. That combination is more compelling than incremental megapixel or battery gains alone.

Agentic AI: a phone that does more than answer

• Agentic AI concept:
  • Samsung framed agentic AI as the phone taking action on your behalf: scheduling, summarizing conversations, searching and even completing tasks (via partnerships and Google Labs previews of Gemini 3).
• Personal Data Engine (PDE) and security:
  • The PDE organizes on-device data so AI can use context sensibly, and Knox/KEEP/Knox Vault aim to isolate and protect that data. Samsung emphasizes that privacy/security sit at the architecture level.
• Partners and assistants:
  • Galaxy devices will ship with multiple AI assistants available: Bixby, Google’s Gemini, and Perplexity (with “Hey Plex” wake-word support for Perplexity features).
• Day-to-day features:
  • Examples shown include contextual nudges during chats (Now Nudge), natural-language photo edits (Photo Assist), multi-object Circle to Search, call screening and summaries, and proactive document scanning/cleanup.

Why this matters: agentic features are a step beyond voice queries. If executed well and securely, they could reduce friction — fewer taps, fewer app switches. The risk is user trust: people will need to feel confident the AI acts correctly and respects privacy boundaries.

Galaxy Buds4 and Buds4 Pro: tighter audio and smarter ears

• Design and hardware:
  • A refreshed “blade” look, smaller earbud heads, IP54/IP57 dust-water ratings, and an 11 mm wide woofer in the Pro that increases speaker area and bass response.
• AI and safety features:
  • Super Clear call quality, better ANC, siren detection that boosts ambient awareness, and head gesture controls for hands-free interactions.
• Integration:
  • Deep integration with Galaxy AI and multi-assistant voice control means the earbuds become more than audio peripherals — they’re conversational endpoints and modes of invoking assistants.

Why this matters: earbuds are now an important interface for agentic AI. Improvements in call clarity and environmental awareness fit a world where voice and context increasingly drive interactions.

The privacy and ethics question

• Hardware privacy vs. software privacy:
  • The Privacy Display protects visual eavesdropping, but it doesn't (and can't) address data collection, profiling, or how AI services handle information. Samsung’s architectural protections (PDE, KEEP) are meaningful, but trust depends on transparent policies and implementation details.
• Agentic risks:
  • When AI acts for you, mistakes can multiply. Mis-scheduled meetings, incorrect actions, or poor judgment in sensitive contexts are real concerns. User control, clear undo/consent flows, and conservative defaults will be crucial.
• Ecosystem complexity:
  • Multiple assistants (Bixby, Gemini, Perplexity) increase choice but also fragmentation and potential confusion. How Samsung surfaces which assistant is acting — and how data is shared between them — will affect adoption.

My take

Samsung didn’t just refresh a spec sheet at Unpacked 2026 — it laid foundational pieces for phones that act. The Privacy Display is a smart, tangible response to a mundane yet widespread annoyance (shoulder-surfing), and the agentic AI push is the kind of platform-level ambition needed to make mobile AI meaningfully useful. That said, agentic AI’s success will depend on careful rollout: predictable behavior, robust privacy controls, and sensible defaults.

If you’re someone who uses a phone for work, reads sensitive content in public, or loves productivity shortcuts, the S26 Ultra’s mix of hardware privacy and agentic AI previews is compelling. If you’re more conservative about AI acting on your behalf, watch for early user reports about accuracy, transparency, and how personal data is handled before committing.

Sources

• Samsung Newsroom — Galaxy Unpacked 2026 highlights.
  https://news.samsung.com/global/galaxy-unpacked-2026-highlights-from-galaxy-unpacked-the-beginning-of-truly-agentic-ai

• Associated Press — Samsung rolls out more AI, new privacy shield mode with the new Galaxy S26 lineup. (Published Feb 2026.)
  https://apnews.com/article/b23e8c9c51c2d09e772fe8709b867ca7

• TechCrunch — Everything announced at Samsung's Galaxy Unpacked event, including S26 smartphones, privacy screen, and more.
  https://techcrunch.com/2026/02/26/everything-samsung-announced-at-samsungs-galaxy-unpacked-event-including-s26-smartphones-privacy-screen-and-more/

• Wired — Everything Samsung Announced at Galaxy Unpacked 2026.
  https://www.wired.com/story/samsung-galaxy-s26-series-galaxy-unpacked

• Samsung for Business — Galaxy Unpacked February 2026 — Full replay and highlights.
  https://insights.samsung.com/2026/02/25/samsung-unpacked-february-2026-full-replay-and-highlights/

When your SIEM becomes the attacker's foothold: Fortinet patches a dangerous FortiSIEM flaw

The idea that your security operations center could be quietly turned against you is the stuff of nightmares — and, this week, reality. Fortinet released fixes after a critical vulnerability in FortiSIEM (tracked as CVE-2025-64155) was disclosed that lets unauthenticated attackers run commands on vulnerable appliances by abusing the phMonitor service. That’s not just an issue for one box; compromise can silence logging, tamper alerts, and become a springboard for lateral movement across an organization.

Why this matters right now

• FortiSIEM sits at the heart of many enterprises’ detection and response tooling. If attackers gain root on those appliances, defenders lose both visibility and control.
• The flaw is an OS command injection in phMonitor (the internal TCP service that listens on port 7900) that allows unauthenticated argument injection, arbitrary file writes and ultimately remote code execution as an administrative/root user.
• A public proof-of-concept and exploit activity have been reported, raising the urgency for operators to act quickly.

What happened (quick timeline)

• The vulnerability CVE-2025-64155 was publicly recorded in January 2026 after coordinated research and disclosure.
• Researchers at Horizon3.ai detailed how the phMonitor service accepts crafted TCP requests that lead to command injection and file overwrite escalation, allowing full appliance compromise. (horizon3.ai)
• Fortinet published fixes and guidance; vendors and CERTs pushed immediate mitigation advice. The NVD entry documents the affected releases and the OS command injection nature of the flaw. (nvd.nist.gov)

Affected products and where the fix is

• A wide range of FortiSIEM releases are affected across multiple branches (6.7.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, and 7.4.0). Some newer branches (e.g., FortiSIEM 7.5 and FortiSIEM Cloud) are not affected. Exact affected versions and fixed builds are listed in Fortinet advisories; administrators should consult vendor notes for their exact build numbers. (horizon3.ai)

Immediate actions for defenders

• Patch immediately.
  • Apply the Fortinet fixed builds for your FortiSIEM branch as published in the vendor advisory. Patching is the only reliable fix.
• If you cannot patch right away, restrict network access.
  • Block or firewall TCP port 7900 (phMonitor) at the perimeter and between network segments so only trusted internal hosts or specific management IPs can reach it.
• Hunt and validate.
  • Search for unexpected changes on FortiSIEM appliances (new files, altered binaries, unusual cron jobs, disabled logging).
  • Review network logs for inbound connections to port 7900 from Internet sources or unexpected internal hosts.
• Assume potential compromise if your appliance was exposed prior to patching.
  • FortiSIEM compromise can mean attackers have tampered with logs and alerts; treat affected systems as high-risk and perform a full incident response (forensic imaging, integrity checks, and rebuilds where necessary).

Why phMonitor flaws keep resurfacing

phMonitor is a useful internal service — it coordinates discovery, health checks, and sync tasks — but that convenience comes with risk if it accepts unauthenticated, unchecked input. Over multiple disclosure cycles, researchers have found different handlers and helper scripts that trust external input. When a security product exposes internal control channels to the network, it increases the attack surface of the defender's infrastructure. The lesson is blunt: secure-by-default services and strict input sanitization are non-negotiable in security appliances.

Practical defender checklist

• Confirm FortiSIEM version(s) in your environment.
• Cross-check against Fortinet published fixed-build versions and apply patches.
• Immediately block TCP/7900 from untrusted networks; document any exceptions.
• Run integrity checks and look for indicators of unauthorized file writes and scheduled tasks.
• Rebuild appliances if you discover evidence of exploitation (compromise of a SIEM is high-risk).
• Review network segmentation and make sure management interfaces and internal services are not exposed to broad networks.

What this says about vendor security

This incident is a reminder that the software defending us must itself be held to rigorous standards. Vendors need secure defaults (services bound to localhost unless explicitly required), least-privilege internal APIs, continuous fuzzing/input validation, and faster transparent communication about exposure indicators. At the same time, customers should reduce exposure of management and internal services, assume compromise where appliances were internet-reachable, and treat security infrastructure as high-value assets requiring extra hardening.

My take

A SIEM’s compromise flips the security model: tools meant to detect threats can become cover for them. CVE-2025-64155 is a textbook example of how powerful and dangerous a single injection bug can be when it lives inside a security product. Patch quickly, tighten access to internal services, and treat exposure as a severe incident — because it is.

Sources

• NVD — CVE-2025-64155: CVE Detail. https://nvd.nist.gov/vuln/detail/CVE-2025-64155. (nvd.nist.gov)
• Horizon3.ai — CVE-2025-64155: Fortinet FortiSIEM RCE (research and disclosure details). https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/. (horizon3.ai)
• Fortinet PSIRT advisory — FG-IR-25-772 (vendor advisory and fixed versions). https://fortiguard.fortinet.com/psirt/FG-IR-25-772. (incibe.es)
• Help Net Security — Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code. https://www.helpnetsecurity.com/2025/08/13/fortinet-warns-about-fortisiem-vulnerability-with-in-the-wild-exploit-code-cve-2025-25256/. (helpnetsecurity.com)