Technology

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Monday's puzzle instead then click here: NYT Connections hints and answers for Monday, May 5 (game #694).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #695) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• HUSH
• RIBBON
• BABY
• TOY
• MINUTE
• MOCKINGBIRD
• GAME
• RAZZMATAZZ
• STILL
• SET
• COMPACT
• PEACE
• MATCH
• CALM
• KIDNEY
• TOURNAMENT

NYT Connections today (game #695) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Tranquility
• GREEN: Wimbledon words
• BLUE: Tiny
• PURPLE: Roasting at the start

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #695) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: SILENCE
• GREEN: TENNIS COMPETITION UNITS 
• BLUE: COMPARATIVELY SMALL 
• PURPLE: STARTING WITH SYNONYMS FOR "TEASE" 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #695) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #695, are…

• YELLOW: SILENCE CALM, HUSH, PEACE, STILL
• GREEN: TENNIS COMPETITION UNITS GAME, MATCH, SET, TOURNAMENT
• BLUE: COMPARATIVELY SMALL BABY, COMPACT, MINUTE, TOY
• PURPLE: STARTING WITH SYNONYMS FOR "TEASE" KIDNEY, MOCKINGBIRD, RAZZMATAZZ, RIBBON

• My rating: Easy
• My score: Perfect

I did think that there was a group about teasing today, but in mine I had TOY and BABY rather than the clever gathering of STARTING WITH SYNONYMS FOR “TEASE”.

I love that Connections features this kind of wordplay, I just wish that I could see it more easily.

I got today’s groups in order of difficulty, which always makes me feel an inner sense of PEACE. The SILENCE words came quickly; my only doubt was originally thinking that they had something to do with meditation and that SET belonged in the gang.

TENNIS COMPETITION UNITS was easy, too, thanks to the umpire’s pronouncement of “Game, set, and match” being permanently etched on our brains regardless of whether we like tennis or not.

Personally, I’m in and out. I like the tantrums more than the actual games.

How did you do today? Let me know in the comments below.

Yesterday's NYT Connections answers (Monday, May 5, game #694)

• YELLOW: GLIDE COAST, CRUISE, DRIFT, FLOAT
• GREEN: ASSOCIATED WITH COUNT DRACULA BAT, CAPE, CASTLE, FANG
• BLUE: STOP CHANGING FLATTEN, LEVEL, PLATEAU, SETTLE
• PURPLE: THINGS THAT ARE LONG AND CYLINDRICAL BATON, CIGAR, HOAGIE, TORPEDO

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Monday's puzzle instead then click here: NYT Strands hints and answers for Monday, May 5 (game #428).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #429) - hint #1 - today's theme What is the theme of today's NYT Strands?

• Today's NYT Strands theme is… I'm in lobe

NYT Strands today (game #429) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• DRONE
• ROPE
• GAIN
• NEAR
• GLUE
• CHOP

NYT Strands today (game #429) - hint #3 - spangram letters How many letters are in today's spangram?

• Spangram has 8 letters

NYT Strands today (game #429) - hint #4 - spangram position What are two sides of the board that today's spangram touches?

First side: bottom, 4th column

Last side: top, 3rd column

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #429) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #429, are…

• STUD
• CUFF
• HOOP
• CHANDELIER
• PLUG
• CLIPON
• TEARDROP
• SPANGRAM: EARRINGS

• My rating: Easy
• My score: Perfect

CHANDELIER was so snaky – going from the top all the way to the bottom of the grid – that I thought it was going to turn yellow.

Instead, it was EARRINGS, a spangram which I needed to get as in my ignorance I tapped out EARDROP and missed the letter T.

STUD was the first word I looked for, which after getting it immediately exhausted my knowledge of the many types of ear adornments.

Like clip-on ties and clip-on moustaches, there is something comical about CLIP-ON earrings. Largely because they are the type of thing you’d put on as a child and wear while doing impressions of your mother and her friends gossiping about the neighbors at a Tupperware party. No? Just me then!

How did you do today? Let me know in the comments below.

Yesterday's NYT Strands answers (Monday, May 5, game #428)

• STEAK
• HOME
• CURLY
• WAFFLE
• CRINKLE
• SHOESTRING
• SPANGRAM: FRENCH FRIES

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

It's not just hard goods like cars and smartphones. Tariffs could soon be a factor in the costs of making and watching movies.

• Asustor won’t force users into branded drives - you pick the parts, they stay compatible
• Lock-in means landfill - Asustor’s open NAS avoids waste and keeps your hardware relevant longer
• Want to load 360TB in your NAS? Asustor says go ahead with no restrictions

Asustor is taking a firm stand against vendor lock-in with a renewed pledge to keep its NAS devices fully open and unlocked.

While not naming any competitors, the move clearly takes aim at brands like Synology, which restrict hardware compatibility through proprietary firmware.

Asustor says it tests a wide range of third-party components for inclusion in its compatibility list but stops short of enforcing limitations. “We do not believe in treating our customers like children,” the company says. Instead, Asustor trusts users to make their own choices when selecting drives, memory, or even operating systems.

Freedom of choice without firmware walls

The company does not guarantee support for every model on the market but said that any drive compatible with the physical interface should work in theory. This includes many of the top NAS hard drives available today.

Asustor says the goal is to provide “the best experience” without locking users into a narrow ecosystem that could degrade over time.

There’s also an environmental advantage. Devices from vendors with strict restrictions are more likely to become obsolete when in-house drives are discontinued, leading to unnecessary e-waste.

“Another side effect of vendor lock-in is disposability. Because Asustor NAS devices do not lock you in, this means longer longevity, as there is no risk of losing functionality due to the termination of manufacturing of in-house drives,” the company explained in a blog post.

Additionally, users are free to install alternate operating systems even after official support ends, something few NAS makers allow. While Asustor does not provide direct support for third-party OSes, it respects users’ rights to choose what works best for their systems.

In terms of performance and flexibility, vendor-neutral NAS devices offer significantly more room to grow. With no firmware-level restrictions on storage capacity, users can install the latest large-capacity drives, such as 36TB models, and build arrays up to 360TB in a 10-bay Asustor unit.

Devices with hard-coded limitations, by contrast, may not support such upgrades. This freedom is crucial, especially when certain drives or capacities become difficult to source. “Sometimes availability is an issue, and the specifications you want might not even be available,” Asustor explains.

Ultimately, this reflects a broader philosophy: users should truly own the hardware they purchase. For those pairing their NAS with a portable hard drive or other third-party components, it’s a reassuring sign that their setup won’t be artificially limited.

You might also like

• These are the best business laptops for every budget
• We've also listed the best smartphones right now
• Microsoft 365 and Azure revenues push company results to another record high

If you're a Street Fighter 6 fan, this Woot deal slashes the cost of Cooler Master's Caliber X2 gaming chair down to just $117 for a limited time.

• Socket found seven malicious packages on PyPI
• The packages were abusing Gmail and WebSocket
• They were removed from the platform

Several malicious PyPI packages were recently observed abusing Gmail to exfiltrate stolen sensitive data and communicate with their operators.

Cybersecurity researchers Socket, who found the packages, reported them to the Python repository and thus helped get them removed from the platform - however the damage has already been done.

According to Socket, there were seven malicious PyPI packages, some of which were sitting on the platform for more than four years. Cumulatively, they had more than 55,000 downloads. Most are an imitation of the legitimate Coffin package, with names like Coffin-Codes-Pro, Coffin-Codes, NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, and Coffin-Grave. One was called cfc-bsb.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Compromised hosting accounts

The researchers explained that once the package is installed on the victim device, it connects to Gmail using hardcoded credentials, and contacts the C2 server.

It then creates a tunnel using WebSockets, and since Gmail’s email server is being used for communication, the communication bypasses most firewalls and other security measures.

As a result, the attackers are able to send commands, steal files, run code, and even access systems remotely.

However, it seems that the crooks were mostly interested in crypto theft, since one of the email addresses the malware was reaching out to had the words “blockchain” and “bitcoin” it it:

“Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]comand a password,” the report says.

“It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.”

Socket has warned all Python users running any of the packages in their environment to remove them immediately and rotate keys and credentials as needed.

The researchers also urged everyone to watch for unusual outbound connections, “especially SMTP traffic”, and warned them not to trust a package just because it was a few years old.

"To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links,” they added.

“Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.”

Via BleepingComputer

You might also like

• US government warns this popular CMS software has a worrying security flaw
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Get rid of all unwanted McAfee Antivirus software with this easy removal guide.

• Japanese researchers hit 106Gbps per core with plastic fiber breakthrough
• Multicore plastic fiber slashes costs and complexity for AI data centers
• Bit error rate drops 100,000-fold versus traditional glass-based systems

A team of researchers at Keio University in Japan has developed a breakthrough plastic optical fiber (POF) technology that could transform short-range, high-speed communications in next-generation AI data centers.

Announced ahead of the Optical Fiber Communication Conference (OFC) 2025, the group revealed a multicore graded-index POF capable of transmitting data at up to 106.25Gbps per core.

Led by Professor Yasuhiro Koike and Lecturer Kenta Muramoto at the Keio Photonics Research Institute, the project addresses a growing bottleneck in AI infrastructure: the need for ultra-high-capacity, low-latency interconnects between GPUs and accelerators in dense computing environments.

Faster, more scalable AI infrastructure

Unlike traditional glass fibers, which require complex ribbonization and multicore connectors, the team’s method allows for multicore POFs to be manufactured in one step using extrusion molding. This dramatically reduces costs and complexity, by a factor of 10 to 100, according to the researchers.

The new extrusion technique allows for mass production of multicore fibers regardless of core count or arrangement, making it adaptable to a wide range of data center designs.

Testing confirmed even after 30 meters of transmission at 106.25Gbps PAM4, signal integrity remained high, with minimal degradation in TDECQ. Bit error rates (BER) were reduced by up to 1/10,000 to 1/100,000 compared to conventional glass fibers.

According to the researchers, "GI-type POF has a property in which the fine non-uniform structure formed inside the core reduces the coherence of light, functioning as a volumetric noise reduction effect throughout the entire optical fiber."

This fine-grained internal structure diffuses optical coherence and acts as a volumetric noise reduction mechanism.

The team’s multicore GI-POF, including a 61-core circular version and a 4-core rectangular variant, reportedly demonstrated high manufacturing reliability and stable transmission across all cores.

Combined with VCSELs (vertical-cavity surface-emitting lasers), the system achieved 106.25Gbps PAM4 signal transmission over 30 meters without significant degradation.

Two papers detailing this work have been accepted at OFC 2025. With increasing demand for efficient, high-performance interconnects, Keio’s multicore plastic fiber technology could be key to unlocking faster, more scalable AI infrastructure in the years ahead.

Via PC Watch

(Image credit: Y. Koike and K. Muramoto, OFC 2025) You might also like

• Fiber optic cables transport petabytes of data every second around the world
• Scientists build a silicon-less computer that use light waves
• New research leads the way to creating cheaper, high-density optical storage

Do these things ASAP to make the most of the Fed's upcoming rate decision.

• A bug that broke jump links in the Start menu was previously flagged up with Windows 10’s April update
• That glitch was actually floating about in earlier updates (going back to February)
• Microsoft has fixed the problem, which related to a change to bring a Microsoft account-related panel to the Start menu in Windows 10

Remember that odd Windows 10 problem where the April update for the OS broke part of the Start menu for some people? The good news is that Microsoft has resolved this bug.

If you missed this one, it was a glitch that meant jump lists – extra options that pop up with a right click on an icon – no longer worked properly for some apps in the Start menu.

Windows Latest caught an update from Microsoft about the issue, which both confirmed that this bug is (or was) present in Windows 10, and also that it’s now fixed, thankfully.

In a release health dashboard update, in the known issues section, Microsoft acknowledged the bug and admitted it was more widespread than just the most recent April cumulative update for Windows 10. In fact, this Start menu faux pas has been present since the February preview (optional) update.

Microsoft explains that the problem related to bringing in Microsoft account “control experiences” to the Start Menu, a limited rollout that began in March 2025. (So, it would also have been present in the late February update, which was a preview of the March full release.)

Whatever was happening with introducing that feature caused the jump list functionality to vanish for some Windows 10 users. Upon realizing this, Microsoft paused the rollout of that Microsoft account-related addition to the Start menu on April 25. A fix was piped through, as well.

Microsoft says: “This [jump link] issue was resolved by a service change that was rolled out on April 25, 2025. If you are still facing this issue, please ensure that your device is connected to the internet to receive the automatic resolution that has been rolled out. After the next reboot, this issue should be resolved.”

(Image credit: Microsoft) Analysis: Backporting blues

Windows Latest, which experienced this problem on some of its Windows 10 PCs, has confirmed that the bug is now cured on those devices, so that’s good to hear.

While jump lists – which provide extra context-sensitive abilities for certain apps on the Start menu, like opening recently used files, ‘jumping’ straight to them – might sound like a pretty minor thing, some people use them a lot. And this functionality getting broken really messed with the workflows of those Windows 10 users, and seriously annoyed them (as you could see from some of the complaints aired online).

Back when this bug was first reported, I guessed that it could be the result of backporting features from Windows 11, and that turned out to be the case. The Microsoft account panel being introduced to the Start menu is already in Windows 11, and is being brought to Windows 10 – or it was, anyway, though that work is now paused.

It may be (and probably is) still inbound, then, although I’m not quite sure why Microsoft is providing additions for Windows 10 at this point, when the operating system has less than half a year left on the clock before support runs out. Perhaps that’s a measure of just how important the company feels it is to promote visibility for Microsoft accounts.

You may also like...

• Been hiding from Windows 11 24H2 due to the fuss about all the bugs? There’s nowhere to run now as Microsoft’s made the update compulsory
• Here's why you should reinstall Windows 11 every two months - no, I'm not kidding
• Windows 11 fully streamlined in just two clicks? Talon utility promises to rip all the bloatware out of Microsoft’s OS in a hassle-free way

Replacing filters is all you need to worry about after buying a filtered water pitcher and kissing bottled water goodbye.

APYs have been falling, and that's likely to continue. Here's where you can still secure a great CD rate.

The recent controversy known as “Signal-Gate” has exposed a glaring truth: even the highest-ranking national security officials sometimes behave like everyday people scrambling through a group chat. In this case, top Trump administration figures unwittingly invited The Atlantic’s editor-in-chief, Jeffrey Goldberg, to a Signal thread discussing a live military operation in Yemen. Details ranged from takeoff times for F-18 strikes to surveillance data on key Houthi targets. By any traditional measure, this is precisely the type of information meant for restricted channels—and absolutely off-limits to random add-ins.

Administration leaders insisted that the conversation—despite its clear operational value—was never formally classified. If the Secretary of Defense says it’s “unclassified,” so be it. But for those of us who’ve worked in military or intelligence operations, that’s a semantic sidestep, not a legitimate defense. Revealing real-time strike data isn’t just a security lapse; it could easily compromise missions and endanger lives. Encryption on Signal might protect messages from hackers, but it offers no defense against carelessness—like adding the wrong person to a conversation.

Jeffrey Goldberg, the accidental observer of this unfolding operation, says he originally assumed the messages were fake. A hoax or maybe a foreign intelligence plant. But then the details in the chat began to line up with real-world airstrikes. What started as disbelief gave way to concern—and yet, Goldberg stayed in the thread for days before bowing out. Critics say he should’ve left immediately.

Others argue he was within his rights to confirm what was happening before acting. Legally, he likely did nothing wrong. He didn’t sneak in. He didn’t steal access. He simply opened an invitation that should never have arrived. But ethically, the water’s murkier. If you believe you’re witnessing a potential breach in real time, do you alert someone? Or do you wait it out and report when the story is whole?

Deeper problems

The deeper problem here isn’t just Goldberg’s decision-making, or even the apparent nonchalance of senior officials discussing war like weekend logistics. It’s a familiar pattern in the United States: a kind of bipartisan amnesia when it comes to accountability for mishandling sensitive information. Before Signal-Gate there was the controversy behind Hillary Clinton’s private email server. Clinton, a former secretary of state, infamously used personal email for official business, with federal agencies ultimately finding that hundreds of her emails contained information that should have been deemed classified.

While her actions caused a political firestorm, she was never prosecuted. The broader pattern repeats across presidencies and party lines: from Donald Trump’s boxes of documents in Mar-a-Lago to Joe Biden’s classified files in a Delaware garage parked next to his corvette. We’ve seen it all—top-secret records stored in bathrooms, basements, and glove compartments. And through it all, one thing remains consistent: no one goes to jail.

We tell ourselves that classification matters. That secrecy protects lives. That mishandling classified information is serious. But when violations occur at the highest levels, we treat them like PR problems instead of national security failures. Federal employees have been fired or prosecuted for far less than what’s now become routine for political leaders.

And in this case, there was no dark-web intrusion or zero-day exploit. Just a group chat. Just one mistaken invite. That’s all it took to put the details of a live military operation into the hands of a journalist. Secretary of Defense Pete Hegseth was reportedly posting blow-by-blow updates: drone deployments, missile launch schedules, surveillance feeds.

If the Houthis had gained access to this chat—even hours before the first strike—the outcome could’ve endangered lives or compromised the operation. That data should have never seen the light of day, let alone appeared on a consumer messaging platform. It’s the kind of information you’d expect locked down in a SCIF—where digital devices are banned, access is tightly controlled, and no one accidentally adds a reporter to the call sheet.

Heroes and villains

Signal, for what it’s worth, isn’t the villain here. The app boasts strong end-to-end encryption and has even been endorsed by the Cybersecurity and Infrastructure Security Agency (CISA). CISA’s 2024 guidance specifically lauded end-to-end messaging apps like Signal for “highly targeted officials,” emphasizing that no single tool is foolproof but that strong encryption can significantly mitigate threats. Yet the meltdown here wasn’t about hacking—it was about a reckless group chat invitation. If even the most advanced secure platforms can’t guard against user errors, do we have any hope of fully protecting sensitive data?

This is not just a government issue. Corporate America is just as guilty of letting convenience trump security. Financial data gets sent over Slack. Trade secrets get texted instead of encrypted. Confidential reports accidentally go to the wrong “Steve” in Gmail. We’ve built a culture that prizes speed over caution, where “just shoot me a quick note” is the norm—even when it involves details that could cost companies millions or, in the case of Signal-Gate, risk a classified operation.

At the end of the day, no one in this saga is likely to be prosecuted. The White House swiftly brushed off accusations, claiming no official classification was assigned, and the Yemen strike itself was an outstanding success. Jeffrey Goldberg’s slow departure from the chat may raise eyebrows, but his decision to document it all likely remains protected journalism. The entire drama serves as a reminder that humans, no matter their rank, are prone to careless oversights when it comes to handling precious information.

If we want stricter accountability, we need more than sporadic outrage. We need consistency in enforcing rules and a cultural shift that values caution over convenience. It’s easy to point fingers, but the next data breach—be it from a top official or a small-town entrepreneur—could be just one careless invite away. Signal-Gate might become a footnote in the broader saga of national security mishaps, but it leaves us with one unassailable truth: if even the national-security leadership of the world’s most powerful country can’t secure a chat, the rest of us need to double-check before we hit “send.”

Signal is one of the best encrypted messaging apps for Android - see more.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The effects of the recent cyberattack against Co-op could be much more damaging than previously thought after the apparent hackers boasted of stealing huge amounts of company data, including customer information.

The "DragonForce" hackers contacted the BBC, sharing screenshots of their communication with the company, where they claim to have stolen "customer database, and Co-op member card data".

Co-op later appeared to confirm the theft, saying in a statement to BleepingComputer, ""As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems."

Co-op customer data stolen

"The accessed data included information relating to a significant number of our current and past members," Co-op's statement continued.

"This data includes Co-op Group members' personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group."

In an attempt to prove itself, the BBC says DragonForce shared databases including usernames and passwords of all Co-op employees, as well as a sample of 10,000 customers data including Co-op membership card numbers, names, home addresses, emails and phone numbers.

The hackers say as many as 20 million people have registered, or have registered in the past, with the Co-op's rewards program, meaning the range of affected users could be huge.

DragonForce said they contacted Co-op's head of cybersecurity and other executives via Microsoft Teams, sharing screenshots of the extortion messages with the BBC.

Co-op had told employees to keep their cameras on while using Microsoft Teams for meetings, as well as being told not to record or transcribe calls, and to verify that all participants were genuine Co-op staff - which suggested the hackers were indeed able to access internal systems.

Co-op has more than 2,500 supermarkets as well as 800 funeral homes and an insurance business, and employs around 70,000 staff across the UK.

The attack on Co-op was the third in a range of incidents to affect major UK retailers, with Marks and Spencer and Harrods also hit in recent days.

DragonForce told the BBC they were also responsible for other attacks, but apparently did not share any evidence proving this, and refused to elaborate.

How can I stay safe?

While it's still not yet known how accurate the DragonForce claims are, Co-op customers should be cautious over the next few days just to be on the safe side, and to get ahead of any repercussions if their information has been affected.

In an incident like this where it isn't clear what, if any, data has been affected - the first thing to do is to change your password linked to your Co-op account, as well as any other sites with the same credentials - we’ve put together a guide on how to create a secure password to make sure you’re as safe as possible.

The next, and probably most important step, is keeping vigilant. With your name and email address, a criminal can send sophisticated social engineering attacks, aimed to trick you into handing over more information, or into inadvertently downloading malware.

Make sure you double check any unexpected communications and email addresses - especially cross referencing these against the legitimate email addresses (these can be found on Google).

Be especially wary of any email that asks you to enter any information, click a link, or scan a QR code. Phishing attacks using QR codes are becoming more common, and are more dangerous than ever before, so make sure anything you scan is verified beforehand.

If a criminal does email you, there will most likely be signs. The first, is the email address the communication comes from - if it's G00gle or M1crosoft instead of their legitimate addresses, just delete the email. If you get an unexpected text, email, or phone call from anyone claiming to be a “friend”, from a number or address you don’t recognise, especially one that asks you to sign in, send money, buy a gift card, be very very suspicious.

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• M&S checkout chaos persists as cyberattack fallout continues

Percy Jackson and the Olympians season 2: key information

- Coming to Disney+ in December
- Filming has officially wrapped
- No official trailer, but a short teaser announcement
- Main cast to return
- Lots of new cast announcements revealed
- Already renewed for season 3

Percy Jackson and the Olympians season 2 is on its way — and it's set for a December release date on Disney+. Based on the iconic teen fantasy novels by Rick Riordan, Percy's story was brought back to life on the streamer, after movie adaptations fell a little short.

And what a life it's had so far, quickly becoming one of the best Disney Plus shows and topping charts as one of the top five most-watched original series across all streaming upon season 1's release. And so, one of the best streaming services is bringing the show back for more. Here's everything we know about Percy Jackson and the Olympians season 2 from release date, to cast, to plot, rumors and more.

Percy Jackson and the Olympians season 2: is there a release date?

A post shared by Percy Jackson (@percyseries)

A photo posted by on

Disney officially announced that Percy Jackson and the Olympians season 2 would debut on the streamer in 2025.

And, as per Deadline, it has been announced that the show will land in December. Though no specific release date has been revealed yet, we'll update here as soon as we know.

But, filming has wrapped. In February 2025, Percy Jackson author Rick Riordan revealed in a Bluesky post that principal photography was complete, so all good signs for December.

Percy Jackson and the Olympians season 2: has a trailer been released?

There's no full trailer for Percy Jackson and the Olympians season 2, but for now, there is a teaser. Though it's mainly filled with clips from season 1, it does confirm one thing that was highly suspected and that's that season 2 will follow Riordan's second Percy Jackson novel, The Sea of Monsters. Once there's a full trailer, we'll be sure to share it.

Percy Jackson and the Olympians season 2: confirmed cast

A post shared by Percy Jackson (@percyseries)

A photo posted by on

With the cast and crew having officially wrapped filming for Percy Jackson and the Olympians season 2, a post on the show's Instagram confirmed some of the main cast returning and there's been plenty of cast announcements for new characters, too:

• Walker Scobell as Percy Jackson
• Leah Sava Jeffries as Annabeth Chase
• Aryan Simhadri as Grover Underwood
• Charlie Bushnell as Luke Castellan
• Dior Goodjohn as Clarisse La Rue
• Daniel Diemer as Tyson
• Tamara Smart as Thalia Grace
• Courtney B. Vance as Zeus
• Timothy Simons as Tantalus
• Sandra Bernhard, Kristen Schaal, and Margaret Cho as the Grey Sisters
• Rosemarie DeWitt as C.C.
• Aleks Paunovic as Polyphemus
• Beatrice Kitsos as Alison Simms
• Kevin Chacon as Chris Rodriguez

A post shared by Percy Jackson (@percyseries)

A photo posted by on

As far as new cast announcements are concerned, there's been a lot. Firstly, Daniel Diemer is joining as a series regular role playing Percy's half-brother Tyson, a Cyclops and son of Poseidon, as revealed by Deadline.

Deadline also shared that Tamara Smart has joined the cast as Thalia Grace, daughter of Zeus. And there's been a recasting following the death of Lance Reddick who played Zeus, as Courtney B. Vance will be taking on the role.

In a statement on an official Instagram post, executive producer Dan Shotz said: "Finding someone to step into this role going forward was not an easy task, but when icon Courtney B. Vance answered the call, we knew the Gods were listening."

Other cast announcements include Timothy Simons as Tantalus, as revealed by Variety, as well as Sandra Bernhard, Kristen Schaal, and Margaret Cho as the Grey Sisters. And there's Rosemarie DeWitt as C.C., Aleks Paunovic as cyclops Polyphemus, Beatrice Kitsos as Alison Simms and Kevin Chacon as Chris Rodriguez.

In the final piece of exciting news, Andra Day will play Annabeth's mother, the goddess Athena, as seen above.

Percy Jackson and the Olympians season 2: story synopsis and rumors

Percy Jackson and the Olympians season 2 follows the second book, The Sea of Monsters (Image credit: 20th Television/Disney Plus)

Full spoilers for Percy Jackson and the Olympians seasons 1 to follow. Plus, potential spoilers for season 2.

The second season of Percy Jackson and the Olympians will follow on with Rick Riordan's award-winning series. This time, adapting his second novel, The Sea of Monsters.

For this, Percy will return to Camp Half-Blood a year later to find everything a little bit... off. As per the book's official synopsis, it's revealed: "Percy Jackson's seventh-grade year has been surprisingly quiet. Not a single monster has set foot on his New York prep-school campus.

"But when an innocent game of dodgeball among Percy and his classmates turns into a death match against an ugly gang of cannibal giants, things get . . . well, ugly. And the unexpected arrival of Percy’s friend Annabeth brings more bad news: the magical borders that protect Camp Half-Blood have been poisoned by a mysterious enemy, and unless a cure is found, the only safe haven for demigods will be destroyed."

So, a whole new adventure awaits for Percy and his friends, old and new. Sure, Percy completed his quest, but there's plenty more to do.

Another epic quest for Percy, Annabeth and Grover awaits (Image credit: Disney Plus)

And the official logline matches, unsurprisingly, with the book: "[Percy's] friendship with Annabeth is changing, he learns he has a cyclops for a brother, Grover has gone missing, and camp is under siege from the forces of Kronos. Percy’s journey to set things right will take him off the map and into the deadly Sea of Monsters, where a secret fate awaits the son of Poseidon."

As the Percy Jackson and the Olympians season 1 finale concluded, viewers watched as trio Percy, Grover and Annabeth split up.

With Percy hoping to reconnect with his mother returning from the underworld, Annabeth going to see her father and Grover finally amble to embark on his quest to find Pan, they agreed to meet again at the Thalia tree after a year.

And it all seemed pretty idyllic as Percy awoke in the final scene to his mother, Sally, greeting him as promised. Of course, there's also Luke's shocking betrayal and disappearing act, the repercussions of defeating Areas, and a Zeus reunion to contend with.

But, as The Sea of Monsters sets the pathway for season 2, for any avid readers of the series, you'll know what's coming. And if you don't, then December 2025 will reveal all.

Will there be more seasons of Percy Jackson and the Olympians?

A post shared by Percy Jackson (@percyseries)

A photo posted by on

Yes, there will definitely be more from the show as Disney Plus renewed Percy Jackson and the Olympians for season 3 in March 2025. Alongside the announcement, made before season 2's launch, it was revealed that season 3 will be based on Rick Riordan's third book, The Titan's Curse.

Riordan told Disney that the third season "will be new territory for the screen, bringing fan favorites like the Hunters of Artemis and Nico di Angelo to life for the first time."

Adding: "It's a huge sign of commitment from Disney, and speaks volumes about the enthusiasm with which the fandom has embraced the TV show. Thank you, demigods worldwide."

Speaking to The Hollywood Reporter, co-showrunner Dan Shotz said around hopes of more seasons: "Being able to get to book five — and I know Walker loves book five — would [be amazing]. That culmination is just very exciting to think about. We have the benefit of, even in making season one, we have all those books to look forward to and tease and play into all those elements that we know are to come."

Considering there's seven books in Riordan's Percy Jackson series, if the show continues to impress on the streamer, we'd hope to see many more seasons in the years ahead.

For more Disney+ TV-based coverage, read our guides on Daredevil: Born Again season 2, Only Murders in the Building season 5, and The Bear season 4.

In 2024, the adoption of cloud computing by organizations has reached remarkable levels, with around 94% of companies now utilizing cloud-based services, according to Rightscale’s report. However, cloud solutions bring significant security challenges, as they rely on shared resources and connectivity, making them susceptible to data breaches, misconfigurations, and account hijacking. Let’s explore essential rules that can help minimize these risks and protect cloud environments effectively.

Cloud infrastructure offers organizations an average savings of 40% on physical space and reduced operational expenses. Furthermore, these environments enable faster time-to-market and improve overall business agility. Over half of organizations have stated that cloud adoption has accelerated their product and service delivery, allowing them to respond more promptly to customer needs.

Security is another major reason for businesses to migrate to the cloud. Approximately 60% of business executives believe that cloud computing enhances their security posture, particularly as it enables automated updates and reduces the risks of human error.

The common threats to cloud environments

Despite all the advantages, there are still some risks associated with cloud computing. For instance, last year, MITRE, a U.S.-based non-profit organization renowned for its work in technology and defense research, experienced a significant cloud security incident. In April 2024, attackers exploited two zero-day vulnerabilities in Ivanti’s Connect Secure VPN, gaining unauthorized access to MITRE’s Networked Experimentation, Research, and Virtualization Environment platform.

This breach resulted in the exposure of sensitive research data, including technical findings, development methodologies, and simulation results related to cybersecurity frameworks MITRE ATT&CK® and CALDER, which are widely used by government agencies and private organizations. It is unlikely that national security data was directly compromised.

Subsequent investigation revealed that the incident was perpetrated by a foreign nation-state threat actor. The successful breach was attributed to unpatched software and compromised devices, which provided the attackers with unauthorized access to sensitive areas within the cloud environment.

Another major cloud security incident in 2024 involved the popular project management tool Trello. In January, the company experienced a data breach, compromising 15 million user accounts. Hackers utilized a public API to connect an existing database of email addresses with Trello account information, which included usernames, full names, and other details.

Overall, according to the 2024 Cloud security report by Check Point Software, 61% of organizations experienced at least one security incident related to public cloud use in 2024 - a significant increase compared to the 24% figure in 2023. Out of these incidents, 21% resulted in data breaches.

Among other common vulnerabilities in cloud environments are misconfigurations, which can lead to the exposure of sensitive data if not promptly addressed, and insider threats, where employees or contractors inadvertently or maliciously compromise cloud security. Additionally, companies often struggle to keep pace with the rapid proliferation of cloud solutions, and a lack of staff skills to operate in the cloud environment becomes a significant security threat in itself.

Ways to protect your cloud

Luckily, businesses that rely heavily on cloud infrastructure can avoid such devastating attacks. The key is to follow seven essential rules. Each of them provides a specific approach to securing a critical aspect of the cloud environment, from access management and data encryption to monitoring and employee training. They complement each other and contribute to a well-rounded cloud security posture.

Rule 1: continuously monitor and log all cloud activities

In 2024, according to SailPoint, around 83% of organizations reported that continuous monitoring helped them catch security incidents early, preventing potential data leaks and system compromises​.

Effective network monitoring helps identify threats such as unauthorized access, data exfiltration, and misconfigurations that might expose sensitive data. By continuously tracking activities and analyzing logs, organizations can quickly pinpoint unusual behaviors, such as access attempts from unknown locations, unusual data transfers, or unauthorized use of privileged accounts.

Rule 2: implement strong identity and access management (IAM) policies

Effective IAM ensures that only authorized users have access to specific cloud resources. A key component of these policies is multi-factor authentication, which requires users to verify their identity through two or more authentication methods, such as a password and a one-time code sent to a mobile device. This ensures that potential attackers would need more than just a password to gain entry.

Role-based access control (RBAC) is another critical IAM strategy, assigning permissions based on user roles within an organization. For example, an employee in the finance department might have access to financial records but be restricted from viewing IT infrastructure details. With RBAC, users are given the minimum level of access required for their roles, significantly reducing the risk of misuse of sensitive data.

Rule 3: encrypt data in transit and at rest

It's important to encrypt data both when it's being transmitted (in transit) and when it's stored (at rest). This ensures that even if attackers intercept or access the data, it remains unreadable without the correct decryption keys.

To implement encryption effectively in your cloud environment, you should use both transport layer encryption (like transport layer security, TLS) for data in transit and disk encryption for data at rest. Many cloud providers offer built-in encryption tools that facilitate these practices.

Rule 4: regularly update and patch cloud resources

Cloud environments, like any other IT infrastructure, are susceptible to vulnerabilities as software ages or new exploits are discovered. When systems remain unpatched, they become easy targets for attackers who often scan for outdated software and exploit known vulnerabilities. A recent study found that approximately 60% of cloud breaches could be attributed to unpatched or misconfigured systems.

Regular updates help protect cloud resources from these risks by addressing known issues before attackers can take advantage of them. Cloud platforms typically make it easy to set up automated backups for persistent resources like databases or virtual machines. These backups ensure that, even in the event of a major attack or human error, data can be recovered without significant disruption.

Rule 5: use data retention policies

To protect against malicious attacks, such as ransomware, it’s essential to establish policies that prevent the immediate deletion of resources in the cloud. Many cloud providers offer this feature, allowing you to configure a delay period. This ensures that even if an attacker gains access to your account and attempts to delete critical resources, those resources won't be removed right away.

For instance, with a 30-day delay, a resource marked for deletion would remain recoverable for that entire period. This delay provides two key advantages: it allows time to detect and respond to unauthorized actions, and it gives you the opportunity to restore data before it is permanently lost. If your cloud provider does not offer this safeguard, it may be worth reconsidering whether they meet your security needs.

Rule 6: keep your costs down

In the event of a DDoS attack, cloud infrastructure can manage the surge in traffic by automatically scaling resources. However, this scaling can rapidly increase costs, potentially putting a strain on the company’s finances. To avoid these unexpected expenses, ensure that your cloud provider offers strong DDoS protection and mitigation options.

These measures can help absorb and filter attack traffic, minimizing the impact without leading to excessive resource scaling. If your provider’s built-in protections are inadequate, consider using third-party DDoS mitigation tools. This approach will help safeguard both your systems and your budget during an attack.

Rule 7: train employees on cloud security awareness

According to the Ponemon Institute, 82% of data breaches are caused by staff mistakes, such as clicking on phishing links, using weak passwords, or falling for social engineering attacks. To prevent these issues, it's essential to invest in ongoing, thorough security training programs. In fact, companies with comprehensive training programs can save an average of $2.66 million per breach.

What these programs might include? Phishing simulations that help employees identify suspicious emails and avoid disclosing sensitive information. Additionally, providing cloud-specific security training, which focuses on secure data handling, password management, and understanding cloud-specific threats, ensures that employees are well-prepared to handle security challenges effectively.

We've compiled a list of the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• iStorage launches world’s first 26TB PIN-authenticated encrypted desktop storage
• diskAshur DT3 offers FIPS 140-3 security and Common Criteria certified microprocessor
• Aimed at businesses, governments, and users needing top-tier offline data protection

While cloud storage offers convenience and accessibility, it may not always provide the level of security some users need, especially when dealing with private data you simply cannot afford to lose or have fall into the wrong hands.

If security is a priority, and you have large volumes of sensitive files to protect, a PIN-authenticated, hardware-encrypted secure drive like iStorage’s diskAshur DT3 or diskAshur DT2 could be the answer, especially as both models are now available with a massive 26TB capacity.

iStorage, a global leader in hardware-encrypted data storage, has built these drives (and others) to deliver government-grade protection for organizations that require reliable, offline security.

Not an unreasonable outlay

The diskAshur DT3 is one of the first encrypted hard drives currently pending certification under the new FIPS 140-3 Level 3 standard, the latest benchmark for cryptographic security.

It features TAA compliance, FIPS PUB 197-validated AES-XTS 256-bit hardware encryption, and a Common Criteria EAL5+ certified microprocessor.

The DT2 remains a strong option too, holding certifications from NCSC CPA, FIPS 140-2 Level 3, NLNCSA BSPA, and NATO Restricted.

“At iStorage, innovation and security go hand in hand," noted John Michael, CEO of iStorage/Kanguru. "Launching the world’s first 26TB PIN-authenticated, hardware encrypted desktop drive is not just a milestone for us, it’s a statement to the industry. As cyber threats grow more sophisticated, so too must our solutions."

"The diskAshur DT3 and DT2 represent the highest standards in data protection, and with our recent acquisition of Kanguru, we are now even better positioned to provide organizations around the world with the most secure, reliable and scalable data storage solutions available.”

While these drives offer exceptional protection, they also place responsibility squarely on the user. If you forget your PIN or lose your backup data, there are no reset options or cloud recovery here.

The new models are available now via iStorage, Kanguru, and select global partners. The 26TB diskAshur DT3 is priced at $1,814, while the diskAshur DT2 comes in at $1,541.

You might also like

• These are the best secure drives you can buy right now
• And these are largest SSDs and HDDs on the planet
• iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Hints and answers for the NYT Connections: Sports Edition puzzle, No. 224, for May 5.

Here are the answers for The New York Times Mini Crossword for May 5.

• Lenovo ThinkCentre neo Ultra 2025 squeezes high-end AI hardware into a tiny, 3.6-liter case
• Delivers big performance and power efficiency at just 300 watts
• It supports large language models with up to 14B parameters

Apple’s Mac Studio continues to dominate the conversation around compact high-performance desktops, but Lenovo is pushing back with its ThinkCentre neo Ultra series.

Originally released at CES 2024, the first ThinkCentre neo Ultra featured a 14th Gen Intel processor. Just six months later, Lenovo refreshed the device with Intel’s Core Ultra CPUs, and also upgraded the GPU in a separate system, the Lenovo Yoga Portal mini PC.

Now, Lenovo has introduced yet another update to the ThinkCentre neo Ultra series - a new mini workstation equipped with Intel’s high-end Core Ultra 9 285 CPU and a 16GB RTX 5060 Ti GPU rated at 180W.

Portable yet powerful

“Small Stature, Big Energy” is how Lenovo describes this year’s model, and the tagline fits. Despite its compact 3.6-liter chassis, this mini PC delivers a total performance output of 825 TOPS and upgrades from the desktop-grade LGA-1700 to the newer LGA-1851 socket.

The power supply has been reduced from 350W in the previous version to 300W, suggesting improved power efficiency.

Although this model still avoids unlocked K-series CPUs, it aims for a balance between thermal limitations and computational performance that should appeal to its business-focused audience.

One of the standout features is the upgraded graphics. Replacing the RTX 4060 with a 16GB RTX 5060 Ti offers a substantial boost for users handling AI inference, 3D rendering, or high-resolution video workflows.

Lenovo also hints at a dedicated NPU card, though it’s unclear whether this refers to separate hardware or is tied to Intel’s Arrow Lake architecture.

Either way, the system supports locally deployed large language models with up to 14 billion parameters - an appealing option for organizations looking to run AI workloads in-house.

Lenovo says the system earned a CES 2025 Best New Tech for Home and Workplace Award, adding further credibility to its performance claims.

Base configurations include 32GB of RAM and 1TB of storage, with pricing set at 14,999 RMB (about $2,056) for the Core Ultra 5 and RTX 5060, or 19,999 RMB (about $2,741) for the Ultra 7 and RTX 5060 Ti.

Pricing and availability for the Core Ultra 9 and RTX 5060 Ti 16GB variant have yet to be announced, and there's no word on international launch details.

Via Videocardz

You might also like

• HMRC launches £1 billion bid for new CRM system
• These are the best mobile workstations around
• Check out our roundup of the best AI writers around today