Abdelkarim, D. O. et al. Extending the shelf life of fresh Khalal Barhi dates via an optimized postharvest ultrasonic treatment. Plants11, 2029 (2022).
Google Scholar
Fikry, M., Yusof, Y. A., Alqahtani, N. & Al-Awaadh, A. in Sustainable Valorization of Date Palm By-products and Wastes 139–158 (Elsevier, 2026).
Al-Mssallem, M. Q., Alqurashi, R. M. & Al-Khayri, J. M. In Bioactive Compounds in Underutilized Fruits and Nuts 1–15 (Springer, 2019).
Fikry, M., Al-Awaadah, A. & Rahman, R. Production and characterization of palm date powder rich in dietary fiber. J. Food Meas. Charact.15, 2285–2296 (2021).
Google Scholar
Shareef, S. H. Study the active compounds of Barhi date seed extracts. Euphrates J. Agricultural Sci.17, 1074–1085 (2025).
Google Scholar
Alqahtani, N. K., Ali, S. A. & Alnemr, T. M. Quality preservation of date palm (Phoenix dactylifera L.) fruits at the Khalal stage: a review on current challenges, preservation methods, and future trends. Front. Sustainable Food Syst.9, 1558985 (2025).
Google Scholar
Fikry, M. et al. Mathematical modeling of sorption isotherms and the thermodynamic properties of vacuum-dried and freeze-dried Barhi dates. Sci. Rep.15, 19781 (2025).
Google Scholar
Cheraghi, S. & Hamdami, N. A study of kinetics and some resulting physical characteristics of dates (Barhi variety) during drying (modeling and experimental validation). Iran. J. Biosyst. Eng.41 (2010).
Sagarika, N. Development of Drying Technology for Date Palm Fruits Using Novel Techniques (Anand agricultural university, 2020).
Fikry, M. et al. Ultrasound-assisted extraction of bioactive compounds from Longan seeds powder: kinetic modelling and process optimization. Ultrason. Sonochem.108, 106949 (2024).
Google Scholar
Manzoor, S., Yusof, Y. A., Tawakkal, I. S. M. A. & Fikry, M. Thin-layer drying characteristics of Papaya (Carica papaya) Peel using convection oven and microwave drying. Pertanika J. Sci. Technol.27 (2019).
Kahraman, O., Malvandi, A., Vargas, L. & Feng, H. Drying characteristics and quality attributes of Apple slices dried by a non-thermal ultrasonic contact drying method. Ultrason. Sonochem.73, 105510 (2021).
Google Scholar
Fikry, M. et al. Kinetic modelling of moisture transfer and phytochemical properties in Longan seeds: impact of ultrasonic pretreatment and microwave drying process. Food Bioprocess. Technol. 1–18 (2024).
Apinyavisit, K., Nathakaranakule, A., Mittal, G. S. & Soponronnarit, S. Heat and mass transfer properties of Longan shrinking from a spherical to an irregular shape during drying. Biosyst. Eng.169, 11–21 (2018).
Google Scholar
Nadi, F. & Tzempelikos, D. Vacuum drying of apples (cv. Golden Delicious): drying characteristics, thermodynamic properties, and mass transfer parameters. Heat Mass Transf.54, 1853–1866 (2018).
Google Scholar
Al-Awaadh, A. M., Hassan, B. H. & Ahmed, K. Hot air drying characteristics of Sukkari date (Phoenix dactylifera L.) and effects of drying condition on fruit color and texture. Int. J. Food Eng.11, 421–434 (2015).
Google Scholar
Muhammad, A. I., Al-Dairi, M., Al‐Khalili, M., Al‐Habsi, N. & Pathare, P. B. Drying Kinetics, Characteristics, and quality assessment of Hot‐Air dried Semi‐Dried Biser stage dates using computer vision. Heat. Transf.54, 4223–4238 (2025).
Google Scholar
Alvi, T., Khan, M. K. I., Maan, A. A., Shahid, M. & Sablani, S. Microwaves as sustainable approach for artificial ripening of date fruit cv. Khupra to reduce fruit waste. Food Bioscience. 54, 102829 (2023).
Google Scholar
Fikry, M. et al. Modeling mass transfer kinetics and thermodynamic properties of ultrasonically pretreated and untreated Apple slices during Air-Frying. J. Food Process Eng.47, e14745 (2024).
Google Scholar
Rodrigues, M. C. K. et al. Potential use of green banana Peel waste: modeling of drying and determination of physicochemical and antioxidant properties. Biomass Convers. Biorefinery. 14, 14095–14106 (2024).
Google Scholar
Mondal, I. H. & Dash, K. K. Textural, color kinetics, and heat and mass transfer modeling during deep fat frying of Chhena Jhili. J. Food Process. Preserv.41, e12828 (2017).
Google Scholar
Dehghannya, J., Gorbani, R. & Ghanbarzadeh, B. Effect of ultrasound-assisted osmotic dehydration pretreatment on drying kinetics and effective moisture diffusivity of Mirabelle Plum. J. Food Process. Preserv.39, 2710–2717 (2015).
Google Scholar
Dincer, I. & Hussain, M. Development of a new Bi–Di correlation for solids drying. Int. J. Heat Mass Transf.45, 3065–3069 (2002).
Google Scholar
Fikry, M. et al. Influence of ultrasonic pretreatment on drying and thermodynamic characteristics of Asian Seabass fish skin during air-frying process. J. Food Meas. Charact.18, 4147–4160 (2024).
Google Scholar
Akhoundzadeh Yamchi, A., Sharifian, F., Khalife, E. & Kaveh, M. Drying kinetic, thermodynamic and quality analyses of infrared drying of truffle slices. J. Food Sci.89, 3666–3686 (2024).
Google Scholar
Fikry, M. & Al-Awaadh, A. M. Characteristics of dynamics sorption isotherms of date flesh powder rich in fiber. Int. J. Food Eng.12, 469–480 (2016).
Google Scholar
Lomauro, C., Bakshi, A. & Labuza, T. Evaluation of food moisture sorption isotherm equations. Part I: Fruit, vegetable and meat products. Lebensmittel-Wissenschaft Und Technologie. 18, 111–117 (1985).
Google Scholar
Hii, C. L., Menon, A. S., Chiang, C. L. & Sharif, S. Kinetics of hot air roasting of cocoa Nibs and product quality. J. Food Process. Eng.40 (2017).
Crank, J. The Mathematics of Diffusion: 2d Ed (Clarendon, 1975).
Özkan-Karabacak, A., Acoğlu, B., Yolci Ömeroğlu, P. & Çopur, Ö. U. Microwave pre‐treatment for vacuum drying of orange slices: drying characteristics, rehydration capacity and quality properties. J. Food Process Eng.43, e13511 (2020).
Google Scholar
Surendhar, A., Sivasubramanian, V., Vidhyeswari, D. & Deepanraj, B. Energy and exergy analysis, drying kinetics, modeling and quality parameters of microwave-dried turmeric slices. J. Therm. Anal. Calorim.136, 185–197 (2019).
Google Scholar
Dehghannya, J., Ngadi, M. & Vigneault, C. Mathematical modeling procedures for airflow, heat and mass transfer during forced convection cooling of produce: a review. Food Eng. Rev.2, 227–243 (2010).
Google Scholar
Putra, R. N. & Ajiwiguna, T. A. Influence of air temperature and velocity for drying process. Procedia Eng.170, 516–519 (2017).
Google Scholar
Han, Y. et al. A novel microwave pretreated hot air drying (PMt-HD) process for improving drying efficiency and drying quality of Z. bungeanum. Ind. Crops Prod.222, 119482 (2024).
Google Scholar
Salehi, F., Goharpour, K. & Kamran, H. R. Effects of ultrasound and microwave pretreatments of Carrot slices before drying on the color indexes and drying rate. Ultrason. Sonochem.101, 106671 (2023).
Google Scholar
Karimi, S., Layeghinia, N. & Abbasi, H. Microwave pretreatment followed by associated microwave-hot air drying of Gundelia tournefortii L.: drying kinetics, energy consumption and quality characteristics. Heat Mass Transf.57, 133–146 (2021).
Google Scholar
Dbeibia, A., Khiari, R., Mihoubi, D., Zeghonda, N. & Boudhrioua, N. Drying kinetics of Deglet enour date Seeds, Antioxidant, Antibacterial, antidiabetic and Bio-preservative potencies. Waste Biomass Valoriz. 1–17 (2025).
Metwally, K. A. et al. The mathematical Modeling, Diffusivity, Energy, and Enviro-Economic analysis (MD3E) of an automatic solar dryer for drying date fruits. Sustainability16, 3506 (2024).
Google Scholar
Seerangurayar, T. et al. Experimental investigation and modeling of date drying under forced convection solar dryers. Biomass Convers. Biorefinery. 14, 21705–21718 (2024).
Google Scholar
Rabie, S., Younis, O. S. & Mohamed, A. Kinetic studies for microwave-assisted drying of Oraby date slices. Egypt. J. Agricultural Res.98, 670–689 (2020).
Google Scholar
İZLİ, G. Total phenolics, antioxidant capacity, colour and drying characteristics of date fruit dried with different methods. Food Sci. Technol.37, 139–147 (2017).
Google Scholar
Younis, M. et al. Kinetics and mathematical models of date paste dried using a convective infrared dryer. Czech J. Food Sci.42 (2024).
El-Mesery, H. S., Farag, H. A., Kamel, R. M. & Alshaer, W. G. Convective hot air drying of grapes: drying kinetics, mathematical modeling, energy, thermal analysis. J. Therm. Anal. Calorim.148, 6893–6908. https://doi.org/10.1007/s10973-023-12195-0 (2023).
Google Scholar
Chokngamvong, S. & Suvanjumrat, C. Study of drying kinetics and activation energy for drying a pineapple piece in the crossflow dehydrator. Case Stud. Therm. Eng.49, 103351 (2023).
Google Scholar
Şahin, U. & Öztürk, H. K. Comparison between artificial neural network model and mathematical models for drying kinetics of osmotically dehydrated and fresh figs under open sun drying. J. Food Process Eng.41, e12804 (2018).
Google Scholar
Prajapati, S., Shah, M. & Srivastava, S. Mass transfer behavior of Jamun (Indian Blackberry) slices using convective drying technique. J. Biosystems Eng.50, 353–363. https://doi.org/10.1007/s42853-025-00270-3 (2025).
Google Scholar
Srikiatden, J. & Roberts, J. S. Moisture transfer in solid food materials: A review of mechanisms, models, and measurements. Int. J. Food Prop.10, 739–777 (2007).
Google Scholar
Fikry, M. et al. Influence of ultrasonic pretreatment on drying and thermodynamic characteristics of Asian Seabass fish skin during air-frying process. J. Food Meas. Charact. 1–14 (2024).
Öztekin, Y. B., Aktaş, M., Dolgun, E. C., Bilim, H. C. & Sacilik, K. Drying kinetics and thermodynamic properties of Uzun pistachios dried by convective drying. J. Food Process. Preserv.46, e17035 (2022).
Google Scholar
Moreira, I. S. et al. Production of Kiwi snack slice with different thickness: drying kinetics, sensory and physicochemical analysis. Aust. J. Crop Sci.12, 778–787 (2018).
Google Scholar
Santos, N. C., Almeida, R. L. J., da Silva, G. M., Monteiro, S. S. & Andre, A. M. M. Effect of ultrasound pre-treatment on the kinetics and thermodynamic properties of guava slices drying process. Innovative Food Sci. Emerg. Technol.66, 102507 (2020).
Google Scholar
Rashid, M. T. et al. Multi-frequency ultrasound and sequential infrared drying on drying kinetics, thermodynamic properties, and quality assessment of sweet potatoes. J. Food Process Eng.42, e13127 (2019).
Google Scholar
Goneli, A., Correa, P. C., Oliveira, G. & Botelho, F. M. Water desorption and thermodynamic properties of Okra seeds. Trans. ASABE. 53, 191–197 (2010).
Google Scholar
Kaleemullah, S. & Kailappan, R. Monolayer moisture, free energy change and fractionation of bound water of red chillies. J. Stored Prod. Res.43, 104–110 (2007).
Google Scholar
Fikry, M. et al. Kinetic modelling of moisture transfer and phytochemical properties in Longan seeds: impact of ultrasonic pretreatment and microwave drying process. Food Bioprocess Technol.17, 5134–5151 (2024).
Google Scholar
Doymaz, İ. Drying behaviour of green beans. J. Food Eng.69, 161–165 (2005).
Google Scholar
Page, G. E. Factors Influencing the Maximum Rates of Air Drying Shelled Corn in Thin Layers (Purdue University, 1949).
Rahman, M. S., Perera, C. O. & Thebaud, C. Desorption isotherm and heat pump drying kinetics of peas. Food Res. Int.30, 485–491 (1997).
Google Scholar
Doymaz, İ. Effect of pre-treatments using potassium metabisulphide and alkaline Ethyl oleate on the drying kinetics of apricots. Biosyst. Eng.89, 281–287 (2004).
Google Scholar
Lahsasni, S., Kouhila, M., Mahrouz, M. & Jaouhari, J. Drying kinetics of prickly Pear fruit (Opuntia ficus indica). J. Food Eng.61, 173–179 (2004).
Increase driven by higher terminal charges; rates lifted for both SNGPL, SSGC consumers
RLNG. photo: file
ISLAMABAD:
Pakistan’s oil and gas regulator has raised re-gasified liquefied natural gas (RLNG) prices by up to 0.59% for February 2026, citing a marginal increase in terminal charges.
The Oil and Gas Regulatory Authority (OGRA) announced its decision on Friday, increasing RLNG rates for both Sui Northern Gas Pipelines Ltd (SNGPL) and Sui Southern Gas Company Ltd (SSGCL). The changes reflect an increase of up to $0.0605 per million British thermal units (MMBtu) across transmission and distribution costs.
Under the new pricing, RLNG rates for SNGPL consumers were up by 0.53% from January levels, while SSGC consumers will face an increase of 0.59%, according to an OGRA notification.
For SNGPL, the distribution price edged up by $0.0602 per MMBtu to $11.3345 per MMBtu from $11.2743 in January. The SSGC distribution price increased by $0.0605 per MMBtu to $10.27 from $10.21 in January.
OGRA said the revised prices include terminal charges, transmission losses, port handling costs and margins for Pakistan State Oil (PSO), the state-run LNG importer. The weighted average sale prices were calculated on the basis of eight LNG cargoes imported by PSO under its two long-term supply agreements with Qatar. Of these, four cargoes were procured at a higher pricing slope, while the remaining four were acquired at a lower rate.
RLNG remains a critical component of Pakistan’s energy mix, particularly during periods of domestic gas shortages.
The government revises RLNG prices every month in line with global LNG rates, exchange rate movements and infrastructure-related costs.
You don’t have permission to access “http://www.spglobal.com/market-intelligence/en/news-insights/research/2026/02/fixed-broadband-expansion-monetization-apac-market-trends-to-monitor-in-2026” on this server.
An artificial intelligence system first identified a general formula for a class of gluon interactions long thought impossible at the simplest level of calculation, a result later rigorously proven by the researchers in a new preprint.
The study shows that when the particles are arranged in a particular way, the interaction does not disappear and can be built step by step using a standard method in particle physics, turning what would normally be a sprawling set of diagrams into a compact mathematical expression.
The AI-proposed formula was then tested against established consistency rules in quantum field theory, and the same approach is expected to extend to related calculations involving gravitons and other theoretical generalizations.
A long-dismissed class of particle interactions may exist after all — and human scientist say an artificial intelligence system served as a lab assistant to help them with the discovery. Or maybe rediscovery.
In a pre-print study posted to arXiv, the researchers report that a type of gluon interaction many physicists assumed could not occur at the simplest level of calculation can, under specific conditions, take on clean, compact mathematical forms. According to the study, the key closed-form expression was first conjectured by GPT-5.2 Pro before being formally proven and independently checked by humans.
The paper, published by researchers from Institute for Advanced Study, OpenAI, Vanderbilt University, Cambridge University and Harvard University, focuses on gluons, which are the particles that carry the strong nuclear force, which, as that sticky name suggests, binds quarks together inside protons and neutrons.
At the center of the work is a concept known as a scattering amplitude. In particle physics, a scattering amplitude is the mathematical object that encodes the probability that particles will collide and emerge in a particular configuration. These amplitudes are the bridge between abstract quantum field theory and real-world measurements. They are computed using Feynman diagrams, which depict every possible way particles can interact.
The problem is scale. As the number of particles increases, the number of diagrams grows faster than exponentially. What looks manageable at three or four particles becomes nearly intractable at six or seven. Yet physicists have repeatedly discovered that when all those diagrams are added together, the final answer often collapses into something surprisingly simple.
This tension — overwhelming intermediate complexity, unexpected final simplicity — has shaped modern theoretical physics for decades.
Vanishing? Maybe Not
The new study revisits a particular class of amplitudes involving gluons. Gluons, like photons, have a property called helicity, which can be thought of as the orientation of their spin relative to their direction of motion. At the risk of using an American football analogy so soon after the Super Bowl, helicity is like whether a football spirals clockwise or counterclockwise as it flies downfield.
For massless particles, helicity can take one of two values: positive or negative. In so-called “single-minus” configurations, one gluon has negative helicity while the remaining n−1 gluons have positive helicity.
Standard textbook arguments have long suggested that these amplitudes vanish — meaning the probability of that interaction is zero — at tree level, the baseline calculation that includes only the most direct interaction diagrams and leaves out the messier quantum loops that appear at higher orders.
According to the study, that conclusion rests on an assumption about the momenta — the directions and energies — of the particles. Those arguments hold when the momenta are generic, meaning they are not specially aligned.
The researchers show that when the momenta satisfy a particular alignment condition, known as the half-collinear regime, the reasoning breaks down. In this regime, certain spinor products — mathematical quantities used to represent particle momenta in a compact way — vanish in a coordinated fashion. The result is that the single-minus amplitude does not disappear.
Instead, it exists on a precisely defined slice of momentum space.
The researchers derive a recursion relation — a step-by-step construction rule based on the Berends-Giele method — that determines these amplitudes for any number of gluons. In other words, scientists can systematically build a complicated multi-particle interaction based on simpler ones.
When the team computed explicit examples for small numbers of gluons, the results were messy. Even at six particles, the expressions spanned dozens of terms, reflecting the superexponential growth of Feynman diagrams.
Enter AI.
According to the accompanying blog post from OpenAI, the human scientists first calculated the amplitudes for small values of n by hand, obtaining long expressions derived from Feynman diagrams. GPT-5.2 Pro was then used to simplify those expressions. From the simplified cases, the system identified a pattern and conjectured a general formula valid for all n.
An internal, scaffolded version of GPT-5.2 subsequently spent roughly 12 hours reasoning through the conjecture and produced a formal proof of its validity, according to the blog post. The researchers then verified the result analytically.
The formula was checked against the Berends-Giele recursion relation, ensuring that it reproduces the step-by-step construction of amplitudes. It was also tested against several standard consistency conditions in quantum field theory, including cyclic symmetry, reflection symmetry and Weinberg’s soft theorem — a rule that constrains how amplitudes behave when one particle’s energy becomes very small. According to the study, the result passed all of these checks.
In one special arrangement of the particles’ motion — known as region R1 — where a single negatively spinning gluon turns into many positively spinning ones, the math simplifies dramatically. What starts as a tangled web of interaction diagrams reduces to a short formula made of simple plus, minus, or zero values depending on how the particles are aligned.
According to the researchers, The simplification is dramatic. The direct Feynman-diagram expressions grow superexponentially in complexity as the number of particles increases. The AI-assisted formula replaces that growth with a structured product whose pattern holds for any number of gluons.
A Methodological Shift
The physics result itself occupies a narrow but conceptually important corner of Yang-Mills theory, the framework that describes gluons and underlies the Standard Model’s treatment of the strong force. Single-minus amplitudes were widely regarded as absent at tree level. Showing that they exist under well-defined conditions reopens questions about the internal structure of scattering amplitudes and the geometric principles that may organize them.
But the methodological aspect may draw even broader attention.
Here, the AI system did more than assist with algebraic manipulation. It inferred a general pattern from specific cases and proposed a closed-form formula. The human researchers then proved and validated that formula using established analytic methods.
In the blog post, the researchers write that this may serve as a template for AI-assisted theoretical research: conjecture generation by machine, verification by rigorous mathematics and cross-checking against known physical principles.
The study suggests that certain domains of theoretical physics — especially those involving hidden simplicity inside complex algebra — may be particularly well suited to this approach. Historically, recognizing such patterns required deep intuition built over years of experience. In this case, a large language model identified a structure that had not been written down in closed form.
Nima Arkani-Hamed, Professor of Physics, Institute for Advanced Study, said, in the post: “The physics of these highly degenerate scattering processes has been something I’ve been curious about since I first ran into them about fifteen years ago, so it is exciting to see the strikingly simple expressions in this paper. It happens frequently in this part of physics that expressions for some physical observables, calculated using textbook methods, look terribly complicated, but turn out to be very simple. This is important because often simple formulas send us on a journey towards uncovering and understanding deep new structures, opening up new worlds of ideas where, amongst other things, the simplicity seen in the starting point is made obvious.”
Arkani-Hamed added: “To me, finding a simple formula’ has always been fiddly, and also something that I have long felt might be automatable by computers. It looks like across a number of domains we are beginning to see this happen; the example in this paper seems especially well-suited to exploit the power of modern AI tools. I am looking forward to seeing this trend continue towards a general purpose ‘simple formula pattern recognition’ tool in the near future.”
Limits, Next Steps
The results apply to tree-level amplitudes and to specific kinematic regimes. Loop corrections, which incorporate quantum fluctuations, remain far more complicated. The half-collinear configuration is mathematically consistent but not generic in ordinary Minkowski spacetime; it corresponds to a special alignment of momenta or to complexified momentum configurations.
According to the study, the construction generalizes from gluons to gravitons — the hypothetical quantum carriers of gravity — and supersymmetric extensions are also possible. The researchers note that the structural role of these amplitudes within the broader theory remains to be understood and that even simpler formulations may exist.
In general, the study suggests how AI might be integrated into probing some of the problems that continue to vex science, particularly quantum mechanics.
Nathaniel Craig, Professor of Physics at the University of California, Santa Barbara, said in the post: “I am already thinking about this preprint’s implications for aspects of my group’s research program. This is clearly journal-level research advancing the frontiers of theoretical physics, and its novelty will inspire future developments and subsequent publications. This preprint felt like a glimpse into the future of AI-assisted science, with physicists working hand-in-hand with AI to generate and validate new insights. There is no question that dialogue between physicists and LLMs can generate fundamentally new knowledge. By coupling GPT‑5.2 with human domain experts, the paper provides a template for validating LLM-driven insights and satisfies what we expect from rigorous scientific inquiry.”
The research team included Alfredo Guevara, of the Institute for Advanced Study; Alexandru Lupsasca of Vanderbilt University and OpenAI; David Skinner of the University of Cambridge, Andrew Strominger of Harvard University and Kevin Weil, of OpenAI
The paper is highly technical and for a deeper dive, it’s recommended the reader review the paper on arXiv.
Also, please note that arXiv is a pre-print server, which allows researchers to receive quick feedback on their work. However, it is not — nor is this article, itself — official peer-review publications. Peer-review is an important step in the scientific process to verify results.
This article explores the misuse of QR codes in today’s threat landscape, covering three areas of concern:
QR codes using URL shorteners to disguise malicious destinations
QR codes using in-app deep links to steal account credentials and take control of a victim’s apps
QR codes attempting to bypass app store security by linking to direct downloads of malicious apps
With QR codes a notable presence in our everyday lives, some people instinctively scan them without hesitation. But QR codes are also a vector for attack. QR codes enable attackers to bypass organizational security by exploiting the weaker controls of personal mobile devices. By doing this, they can trick users into scanning codes and interacting with malicious destinations outside the corporate security perimeter.
Over the past several months, we have tracked campaigns that used QR codes for phishing (known as quishing) and scams. Our telemetry reveals an average of over 11,000 detections of malicious QR codes each day. Investigating these detections, we found that attackers are leveraging QR code shorteners, in-app deep links and direct downloads to bypass people’s awareness and security controls.
In addition to mass campaigns, we see attackers using QR codes for highly targeted messenger app phishing, such as targeting Ukrainian Signal users in the context of the Russia-Ukraine war. These findings necessitate further analysis of deep links and QR code data.
Palo Alto Networks customers are better protected from the threats described in this article through the following products and services:
If you think you might have been compromised or have an urgent matter, contact the Unit 42 Incident Response team.
Phishing QR Codes Not New, but a Growing Threat
QR codes are not a new technology, but their prevalence has increased with the push for contactless interactions, especially during the initial emergency phase of the coronavirus pandemic. QR codes allow companies to interact seamlessly with their customer base for payments, enabling customers to join rewards programs and sign up for apps or mailing services. People have grown used to QR codes in daily life, and often scan them without sufficient caution, increasing their susceptibility to attacks.
The popularity of QR codes has led to their use by attackers. In our offline web crawlers, we currently find an average of 75,000 detections of QR codes each day, with 15% of these pages containing QR codes leading to malicious links. This represents an average of over 11,000 detections of malicious QR code use each day.
Problem of Evasive QR Code Redirects
We looked beyond the recognized risks of QR codes. While straightforward QR code web-based attacks remain a threat, our focus shifted to understanding how attackers are leveraging the following trends to remain evasive to both victims and security controls:
These tactics represent an evolution in QR code-based attacks that security teams need to address.
Previous Unit 42 research has covered several key attack vectors for phishing QR codes hosted on documents, which are also relevant when hosted on websites. Attacks through these vectors can be effective for several reasons including:
Lower user vigilance
Security solutions having difficulty extracting URLs embedded in QR codes
Complex redirection chains that obscure final destinations
Weaker security controls on personal mobile devices
Hosting on otherwise legitimate-looking pages
Building upon this threat model, in-app deep links allow the attacker to target specific apps and trigger specific behavior (Figure 1).
Figure 1. QR code threat model.
QR codes on websites need to be analyzed by security crawlers and other security solutions. To close this security gap, specific QR code detection techniques must be deployed to analyze the various data types stored in QR codes:
Standard HTTPS URLs
Deep links
Non-URL content (e.g., JSON, plaintext)
Key Definitions
QR code shorteners are services that combine a URL shortener with a QR code generator to create a shorter, more scannable QR code that links to a long URL. These shorteners offer benefits such as reducing the size of the QR code, allowing attackers to change the destination URL later, and tracking scan data in a single dashboard.
In-app deep links are hyperlinks that direct visitors to a specific screen or content within a mobile app. In-app deep links can use both custom URL schemes (i.e., sms:+1234567890:Hello, tg[:]//login?token= ) or standard web URLs (i.e., hxxps[:]//wa[.]me/settings/linked_devices#) that the operating system redirects to the app.
Figure 2 shows an example that displays a phishing site impersonating a job match and training program website that hosts a payment in-app deep link. Deep links are often used to improve user experience by reducing the number of steps to access specific content from external sources like emails, social media, authentication tokens or ads.
Figure 2. QR code in-app deep link example.
The Stealth Factor: QR Code Shorteners
Attackers use QR code shorteners to mask malicious destinations. QR code shorteners convert a static image into a dynamic endpoint. Consequently, the attacker can change the redirect destination at will.
The attacker is also able to leverage the good reputation of QR code shortener services to evade detection of malicious activity. Even security-conscious people who check the URL preview before scanning cannot determine the final destination when presented with shortened links. This technique effectively prevents targets from being aware of potential threats until after the malicious payload has been delivered.
Our previous article has already talked about the risk of URL shorteners more broadly. However, the combination of a QR code and URL shortener is even more likely to bypass scrutiny.
Steady Increase in QR Code Shortener Traffic
We have seen QR code shortener traffic grow steadily over the past three years (Figure 3).
Figure 3. QR code shortener traffic trends, 2023-2025.
We see a steady increase of QR code shortener traffic in our telemetry. This includes a 55% increase from the first half of 2023 to the first half of 2024 and a 44% increase from the first half of 2024 to the first half of 2025. This data is based on the following popular QR code shortener services:
qrcc[.]io
qrco[.]de
me-qr[.]com
qr[.]io
qrfy[.]com
qrfy[.]io
get-qr[.]com
qr[.]ne, qrs[.]ly
Most Misused QR Code Shortener Services
Our telemetry reveals that qrco[.]de, me-qr[.]com and qrs[.]ly are the most used QR code shorteners. Compared to the top QR code shorteners mentioned in the Anti-Phishing Working Group (APWG) phishing trends report [PDF], qrs[.]ly is a notable new addition as the QR code shortener used in 7.3% of the malicious URLs observed.
Targeted Industries
Financial services was the most impacted industry when considering compromised QR code shorteners, accounting for 29% of this type of attack. This is followed by high tech (19%) and wholesale and retail (14%). Significantly, QR code shorteners for financial services make up only 4.8% of this type of traffic as a whole. This makes the high percentage of compromised QR code shorteners for financial services even more striking as shown in Figure 4
Figure 4. This chart illustrates the contrast between the total QR code shorteners we observed in traffic, by industry, and the number of compromised QR code shorteners, by industry.
Example of a Phishing Attack Misusing a QR Code Shortener
The webpage shown in Figure 5 is a popular file-sharing platform containing a QR code that appears to imitate a school by including its logo. Upon analysis, we found that it is a QR code shortener that first redirects to a CAPTCHA page and then lands on a phishing page that impersonates Outlook hosted on cdnimg.jeayacrai[.]in[.]net. After a few days, the URL from this QR code no longer worked, illustrating how QR code shorteners are often ephemeral and can quickly cease redirecting to the original malicious endpoint.
Figure 5. Malicious QR code shortener example.
In-App Deep Links Vulnerabilities: More Than Just Web Browsing
Modern mobile devices support a wide range of QR code actions beyond simple web browsing. The distribution of in-app deep links in QR codes is an understudied area despite its exploitability. In-app deep links account for about three percent of the QR codes in our telemetry. Attackers can either misuse app functionality (e.g., adding a trusted device, or sending a payment), or push malicious content to those apps (such as, adding malicious links to calendar invites).
Defenders face a challenge in detecting malicious in-app deep links embedded in QR codes because the activity generated by these links is often invisible to standard web crawlers. Effective detection necessitates a mobile sandbox environment with the specific app installed to properly observe and analyze this activity. Custom in-app deep links lack standardization across applications. This makes identifying malicious signals difficult to generalize, often requiring individualized investigation for each case.
Both iOS and Android devices can process QR codes with in-app deep links that have direct app integration. We categorize in-app deep links as those that apply to the following types of apps:
Social media and communications
App stores
Payment
System utilities (e.g., Wi-Fi, contacts, calendar, telephone, email, SMS, navigation)
The three most popular custom app URLs that we found were for Telegram, XHS Discover (RedNote) and Line, which respectively account for 44.7%, 1.8% and 0.8% of in-app deep links. As we discuss later, attackers commonly misuse Telegram and Line.
Attack Scenarios
In-app deep links enable additional cross-device interactions, creating new attack scenarios via QR codes.
Table 1 lists some examples of the attack chain scenarios possible through in-app deep links.
Attack Name
Deep Link Category
Description
Example (QR Code Content)
Financial fraud
Payment
Direct access to payment applications with pre-filled recipient information
bitcoin:attackers_address
Account Takeover
Social Media and Communications
Directs the victim to authenticate the attacker into the victim’s account
Attacker’s website hosts: tg[:]//login?token=xxxx
Embedding Malicious URLs
Communications, Other Apps
Attackers can embed malicious URLs in emails or text messages to be sent from the victim’s device, saved into a file, etc.
Table 1. Attack scenarios involving in-app deep links.
Many of these attack scenarios involve embedding malicious URLs into specific data entries stored in mobile apps. Figure 6 illustrates this for contact poisoning, where a malicious URL is embedded in a saved contact card.
Figure 6. Contact poisoning attack scenario.
Some of the scenarios described in Table 1 were not observed in our data collection, while others were. The ones not observed are plausible, but hypothetical scenarios. We will further discuss the scenarios observed in our data collection below.
Current Attack Trends and Examples
Financial Fraud In-App Deep Links
Financial in-app deep links represent a significant financial risk to potential victims. QR codes are commonly used in legitimate business transactions to facilitate payments, making it straightforward for attackers to misuse this trusted interaction through phishing schemes. We observed legitimate in-app deep links from popular payment apps such as:
WeChat Pay
Alipay
Bitcoin
Ethereum
LitCoin
Metamask
Trust (wallet)
The familiarity and trust people have with payment-related QR codes create an ideal environment for social engineering attacks, where malicious QR codes can closely mimic legitimate payment requests. Phishing campaigns using pressure tactics can manipulate people into making quick payments.
Below, we share a few examples where an attacker attempts to trigger a financial transaction using a QR code. Figure 7 includes two examples. The first example is a phishing campaign claiming easy returns on investment, asking for an initial payment through a Bitcoin in-app deep link. The second example is a hacking for hire service advertising and providing easy payment with a WeChat payment in-app deep link.
Figure 7. Examples of malicious financial in-app deep links.
Figure 8 illustrates another get-rich-quick phishing scheme that requests an initial payment through a popular cryptocurrency wallet via a QR code with an in-app deep link.
Figure 8. QR code phishing scheme that uses a popular cryptocurrency wallet.
Messenger Account Takeover Through In-App Deep Links
Account takeovers through in-app deep links appear to be a significant phishing vector for messaging and social media sites. Telegram, in particular, was the most prominent application identified in our analysis that uses custom in-app deep links. We found over 35,000 QR codes that contain Telegram in-app deep links such as tg[:]//login or tg[:]//resolve and we observed multiple instances where attackers exploited these links to compromise accounts.
We saw three kinds of Telegram in-app deep links:
Login accounted for 97% of the Telegram in-app deep links observed. Login grants the QR code creator authorization to access your account.
Previous reporting of Telegram in-app deep link scams warns about these account takeover attacks. Roughly one out of every five host pages with a login Telegram in-app deep link is malicious, based on our conservative estimate.
Figure 9 includes two examples of such Telegram login scams. However, while Telegram is the most popular, attackers are also targeting other popular communication apps.
Figure 9. Example of a QR code designed to give an attacker full access to the device and account owner’s Telegram.
Figure 10 shows an example of a QR code containing an in-app deep link that requests authorization to a target’s Line account. This would allow attackers to send Line messages under the device and account owner’s name. Of note, Line has since deprecated this in-app deep link, and the link will now result in an error.
Figure 10. Example of a QR code for a Line account takeover.
Figure 11 shows an example of a QR code containing an in-app deep link that requests authorization to access a target’s Signal account.
Figure 11. Example of a QR code for a Signal account takeover.
Figure 12 shows an example of a QR code containing an in-app deep link that requests authorization to access a target’s WhatsApp account.
Figure 12. Example of a QR code for a WhatsApp account takeover.
In addition to mass phishing campaigns, there’s a clear trend toward more focused attacks aimed at stealing Signal credentials. For instance, the Google Threat Intelligence Group (GTIG) has documented increased efforts by Russia state-aligned actors to compromise Signal Messenger accounts. These attacks frequently misuse Signal’s feature to link devices with malicious QR codes.
Many of these campaigns have targeted Ukraine in the context of the Russia-Ukraine war. In July 2024, the CERT-UA reported on several threat groups, such as UAC-0185 (aka UNC4221), that have specifically targeted messenger accounts.
Our researchers continue to observe new malicious domains targeting Ukrainian Signal users, including snitch.open-group[.]site and similar variations. After linking a new session to Signal accounts, the attackers can exfiltrate message history and other account information. We have reported discovered information to our Ukrainian cybersecurity partners.
Figure 13 shows a QR code from a campaign targeting Ukraine-based Signal accounts.
Figure 13. QR code from a campaign targeting Ukraine-based Signal accounts.
Bypassing App Store Security: Direct App Downloads
QR codes are widely used for easy downloading of files and applications. Attackers can exploit this convenience to trick victims into downloading malicious content or installing harmful mobile applications.
Major app stores impose strict security and compliance guidelines to limit the distribution of harmful apps. However, attackers may circumvent these security measures by distributing links to unreviewed Android Package Kit (APK) files hosted on their own servers via QR codes.
Our investigation identified 59,000 detections of host pages distributing a total of 1,457 distinct APK files directly through QR codes, without going through any app store. Notable examples of these distributed APKs are listed below.
Gambling/Casino App Downloads
Gambling and casino games websites are distributing their apps through APK files in QR codes.
Figures 14-16 illustrate some examples of such host pages. They are all hosted by many different domains and request certain Android permissions that could be concerning to people.
Figure 14 shows an ad for a popular game that includes a QR code, which redirects the victim to another QR code to download a game app named yicai.apk from f9999[.]app. This QR code is hosted on 10,022 unique URLs.
The app requests read and write permissions to the device’s external storage and camera. It also requests install packages permissions.
Figure 14. First example of a gambling game distribution campaign through a QR code.
Figure 14 shows an ad for another game hosted on 9,161 unique URLs. The URL used in Figure 15 is hxxps[:]//pyreneesakbash[.]com/m-nagapoker/android.html. The file for the game is named NagaPocker.apk, and it requests write to external storage and internet permissions.
Figure 15. Second example of a gambling game distribution campaign through a QR code.
Figure 16 shows an app distributed through two different pages. Named app-u7cp-release.apk, the app requests:
Access to coarse location
Access to fine location
Background location
Read and write access to external storage
Read phone state
Camera permissions
Figure 16. Two different pages with QR codes leading to the same app.
Warnings from Trustwave about malicious APK files highlight that these types of gambling and betting apps expose victims to harmful activity, such as:
Excessive advertising
Theft of personal data
Theft of funds
Hidden fees
Subscriptions
These apps provide financial incentives for engagement, prolonging the life of such scams. Allowing victims to download apps directly and bypassing official app stores enables attackers to circumvent app verification procedures.
Many campaigns hosting QR codes that pointed to a given APK file did so across numerous domains. The apps request suspicious Android permissions, most notably write external storage, camera and access fine location. These permissions could allow intentional data exfiltration, accidental data leakage and surveillance. The aggressive distribution across many different host pages, stealthy methods and excessive permissions suggest malicious intent.
Other Malicious App Downloads
Though gambling apps account for a large portion of the QR codes distributing APK files, QR codes also distribute other kinds of suspicious apps. Figure 17 illustrates two examples.
Figure 17. Examples of QR code with malicious app downloads.
The first example is a phone optimization app named ludashi_home.apk. It requests the following permissions:
Recording audio
Reading battery status
Reading phone state
Accessing the camera
Reading and writing to external storage
Authenticating accounts
Clearing the app cache
Installing packages permissions
The second example is a social network app for educators named k12sns.apk. This app also requests several different types of permissions:
Accessing the internet
Reading logs
Waking the lock
Reading the phone state
Writing to external storage
Several vendors detect these apps as suspicious or malicious, and they extract sensitive information from the device they are installed on. For example, the phone optimization app can take on certain behaviors like authenticating accounts and installing further packages, which attackers can misuse for malicious gains.
Conclusion
The attack scenarios and variety of examples we’ve discovered illustrate the extensive potential and existing prevalence of QR code misuse. The fundamental challenges of this type of misuse are user awareness and lack of visibility from current detection systems.
Most people scanning QR codes don’t anticipate the broad range of device functions that can be triggered from in-app deep links or unexpected endpoints from QR code shorteners. This expectation mismatch creates a significant security weak spot that attackers can actively exploit.
User education remains critical — people need to understand that QR codes can do much more than simply open webpages.
Palo Alto Networks customers are better protected from the threats discussed above through the following products:
Customers using Advanced URL Filtering and Prisma Browser (with Advanced Web Protection) are better protected against various QR code attacks. Our detectors analyze QR code landing pages and deep links.
If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team or call:
North America: Toll Free: +1 (866) 486-4842 (866.4.UNIT42)
UK: +44.20.3743.3660
Europe and Middle East: +31.20.299.3130
Asia: +65.6983.8730
Japan: +81.50.1790.0200
Australia: +61.2.4062.7950
India: 000 800 050 45107
South Korea: +82.080.467.8774
Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members. CTA members use this intelligence to rapidly deploy protections to their customers and to systematically disrupt malicious cyber actors. Learn more about the Cyber Threat Alliance.
Acknowledgements
The authors would like to thank Bradley Duncan and Billy Melicher for the thorough technical review of the article. We would also like to thank the editorial team including Samantha Stallings and Lysa Myers for the assistance with improving and publishing this article.
NEW YORK, Feb. 13, 2026 /PRNewswire/ — Criteo S.A. (NASDAQ: CRTO) (“Criteo” or the “Company“), the global platform connecting the commerce ecosystem, today announced that two leading independent proxy advisory firms, Glass Lewis & Co., LLC and Institutional Shareholder Services, Inc. (“ISS”), recommend that shareholders vote “FOR” all the proposals related to the previously announced proposed transfer of the Company’s legal domicile from France to Luxembourg via a cross-border conversion (the “Conversion“) and the replacement of its American Depositary Shares structure with ordinary shares to be directly listed on Nasdaq.
A general meeting of the Company’s shareholders will be held on February 27, 2026 at 10:00 a.m., Paris time, at the Company’s registered office at 32 Rue Blanche, 75009 Paris, France to obtain approval by the Company’s shareholders for the Conversion and certain related proposals.
More information about the Conversion, the general meeting, and associated filings from Criteo S.A. is available on Criteo’s investor website at http://criteo.investorroom.com. Additionally, shareholders are welcome to contact Criteo’s Investor Relations department by phone at +1 (929) 287-7835 or by email at [email protected], or Criteo’s proxy solicitation firm, Innisfree, using the following contact information:
Innisfree M&A Incorporated 501 Madison Avenue, 20th Floor New York, NY 10022 (877) 717-3923 or +1 (412) 232-3651 outside the United States
As previously announced, and after considering various factors, Criteo’s Board of Directors believes the Conversion and the replacement of its American Depositary Shares (“ADSs“) structure with ordinary shares will enhance shareholder value over the long-term by providing potential strategic opportunities and benefits, including:
Positioning Criteo for potential inclusion in certain U.S. indices, subject to meeting other eligibility criteria, thereby expanding the Company’s access to passive investment capital, triggering associated benchmarking from actively managed funds and broadening its shareholder base;
Providing greater capital management flexibility by reducing or eliminating current restrictions related to share repurchases and holdings of treasury shares; and
Eliminating fees and complexities associated with ADSs potentially increasing stock liquidity.
The expected timing for completion of the Conversion remains the third quarter of 2026, subject to shareholder approval and other customary conditions.
About Criteo
Criteo (NASDAQ: CRTO) is the global platform connecting the commerce ecosystem for brands, agencies, retailers, and media owners. Its AI-powered advertising platform has unique access to more than $1 trillion in annual commerce sales—powering connections with shoppers, inspiring discovery, and enabling highly personalized experiences. With thousands of clients and partnerships spanning global retail to digital commerce, Criteo delivers the technology, tools, and insights businesses need to drive performance and growth. For more information, please visit www.criteo.com.
This communication contains certain forward-looking statements within the meaning of the U.S. federal securities laws. Forward-looking statements include statements with respect to the redomiciliation from France to Luxembourg, the objectives, benefits, and completion of the transaction, and the assumptions underlying such statements. By way of illustration, words such as “anticipate”, “believe”, “expect”, “intend”, “estimate”, “project”, “will”, “should”, “could”, “may”, “predict” and similar expressions are intended to identify forward-looking statements, although not all forward-looking statements contain such identifying words. We base forward-looking statements on our current assumptions, expectations, estimates and projections about us and the markets that we serve in light of our industry experience, as well as our perception of historical trends, current conditions, expected future developments and other factors that we believe are appropriate under the circumstances. Forward-looking statements are not guarantees of future performance and involve risks, uncertainties, estimates and assumptions that are difficult to predict and often outside of our control. Therefore, actual outcomes and results may differ materially from those expressed in forward-looking statements. These forward-looking statements are subject to risks, uncertainties and other factors, including, among others: failure to obtain the required shareholder vote to adopt the proposals needed to complete the transaction; failure to satisfy any of the other conditions to the transaction, including the condition that the option to withdraw shares for cash in connection with the transaction is not exercised above a certain threshold; the transaction not being completed; the impact or outcome of any legal proceedings or regulatory actions that may be instituted against us in connection with the transaction; failure to list our shares on Nasdaq following the transaction or maintain our listing thereafter; inability to take advantage of the potential strategic opportunities provided by, and realize the potential benefits of, the transaction; the disruption of current plans and operations by the transaction; the disruption to our relationships, including with employees, landowners, suppliers, lenders, partners, governments and shareholders; the future financial performance of Criteo following the transaction, including our anticipated growth rate and market opportunity; changes in shareholders’ rights as a result of the transaction; inability to terminate the deposit agreement and withdraw our ordinary shares from the depositary so as to terminate our ADS program; difficulty in adapting to operating under the laws of Luxembourg; the deferment or abandonment of the transaction by our board of directors up to three days prior to the general shareholders’ meeting to vote thereon; following the completion of the transaction, a delay or failure in our ability to redomicile to the United States via the merger into a newly incorporated and wholly-owned U.S. subsidiary for any reason; costs or taxes related to the transaction; changes in general political, economic and competitive conditions and specific market conditions; and those risks detailed from time-to-time under the caption “Risk Factors” and elsewhere in Criteo’s filings with the U.S. Securities and Exchange Commissions (the “SEC”) and reports, including Criteo’s Annual Report on Form 10-K for the fiscal year ended December 31, 2024, filed with the SEC on February 28, 2025, subsequent Quarterly Reports on Form 10-Q and the proxy statement/prospectus filed with the SEC under Rule 424(b)(3) on January 22, 2026 in connection with the transaction, as well as future filings and reports by Criteo. As a result of these and other factors, no assurance can be given as to our future results and achievements. Accordingly, a forward-looking statement is neither a prediction nor a guarantee of future events or circumstances and those future events or circumstances may not occur. You should not place undue reliance on the forward-looking statements, which speak only as of the date of this communication. We are under no obligation, and we expressly disclaim any obligation, to update or alter any forward-looking statements, whether as a result of new information, future events, or otherwise.
Additional Information and Where to Find It
In connection with the transaction, Criteo filed with the SEC a Registration Statement on Form S-4 and a proxy statement/prospectus under Rule 424(b)(3) on January 22, 2026 that includes a proxy statement for a special meeting of Criteo’s shareholders to approve the transaction and also constitutes a prospectus. The definitive proxy statement / prospectus was mailed to Criteo’s shareholders as of the record date established for voting on the transaction and the other proposals relating to the transaction set forth in the proxy statement / prospectus. Criteo may also file other relevant documents with the SEC regarding the transaction. This communication is not a substitute for the registration statements, the proxy statement / prospectus or any other document that Criteo may file with the SEC with respect to the transaction (if and when available). INVESTORS AND SECURITY HOLDERS ARE URGED TO READ THE REGISTRATION STATEMENT, THE PROXY STATEMENT / PROSPECTUS, ANY AMENDMENTS OR SUPPLEMENTS TO THOSE DOCUMENTS AND ANY OTHER RELEVANT DOCUMENTS THAT MAY BE FILED WITH THE SEC IF AND WHEN THEY BECOME AVAILABLE CAREFULLY AND IN THEIR ENTIRETY BECAUSE THEY WILL CONTAIN IMPORTANT INFORMATION ABOUT CRITEO AND THE TRANSACTION.
Shareholders are able to obtain copies of these materials and other documents containing important information about Criteo and the transaction free of charge through the website maintained by the SEC at www.sec.gov. Copies of documents filed with the SEC by Criteo are made available free of charge on Criteo’s investor relations website at https://criteo.investorroom.com.
No Offer or Solicitation
This communication is for informational purposes only and is not intended to and does not constitute, or form part of, an offer, invitation or the solicitation of an offer or invitation to purchase, otherwise acquire, subscribe for, sell or otherwise dispose of any securities, or the solicitation of any vote or approval in any jurisdiction, pursuant to the transaction or otherwise, nor shall there be any sale, issuance or transfer of securities in any jurisdiction in contravention of applicable law.
Participants in the Solicitation
Criteo and its directors and certain of its executive officers and other employees may be deemed to be participants in the solicitation of proxies from Criteo’s shareholders in connection with the transaction. Information about Criteo’s directors and executive officers is set forth in the proxy statement for Criteo’s 2025 Annual Meeting of Shareholders, which was filed with the SEC on April 29, 2025. Investors may obtain additional information regarding the interest of such participants by reading the proxy statement / prospectus and other relevant materials regarding the transaction to be filed with the SEC when they become available. These documents can be obtained free of charge from the sources indicated above in “Additional Information and Where to Find It.”
