Technology

• Fake PDF converters are tricking users with cloned sites and fake CAPTCHAs
• PowerShell command installs malware that steals browser and crypto wallet data
• Attackers use realistic designs and social engineering to avoid detection

Cybercriminals are using fake PDF converters to install powerful malware on victims' systems, experts have warned.

Research from CloudSEK found attackers are cloning popular file conversion websites like pdfcandy.com - replicating its logo and brand elements - in order to trick users into downloading malicious software.

CloudSEK says these fake sites look almost identical to the real ones. When someone tries to convert a file, the page shows a fake loading screen and then prompts for a CAPTCHA verification. Instead of just confirming the user is human, this step leads to an instruction to run a PowerShell command. Following the command downloads a zip file containing malware known as ArechClient2, part of the SectopRAT family of information stealers.

Collecting personal data, and worse

The malware uses a number of hidden methods to infect the system. It spawns normal Windows processes to hide its activity and begins collecting browser passwords, crypto wallet information, and other sensitive data. Once the malware is active, it can quietly send stolen information back to the attackers, CloudSEK reports.

The FBI has already warned that online file converters are becoming a popular way for criminals to spread their malware. CloudSEK’s research shows that attackers are improving their methods, cleverly blending realistic website designs with social engineering tricks in order to lower users' defenses.

With online tools becoming part of everyday work and personal life, it’s important to know how to avoid these threats.

How to stay safe

(Image credit: Amazon India)

The best way to protect yourself is to avoid clicking random search results for online file converters. Always visit known official websites directly.

In addition to that, always double-check the website address for small spelling changes that might be easy to miss.

For a good starting point, check out our round up of the best PDF editors, and the best free PDF editors. We also recommend the best Adobe Acrobat alternatives.

Staying cautious when uploading documents online can stop many of these attacks before they start.

Keep your antivirus software up to date (you’re doing this anyway, right?) and scan any downloaded files before you open them. Installing browser extensions that block suspicious or dangerous sites can also help.

If a website asks you to run PowerShell commands or download extra files after uploading a document, close the page immediately.

Finally, if you think you’ve been tricked, disconnect the device from the internet right away, change all important passwords from a safe device, and let your bank or service providers know as soon as possible.

You might also like

• Stay protected with the best endpoint protection tools around
• We've also rounded up the best ransomware protection tools
• And these are the best free PDF to Word tools you can use

While Verizon Fios stands out as Harrisburg's top internet choice, it's worth exploring all your options before committing to a provider.

The best AI generation trends are the cute ones, especially those that transform us into our favorite characters or at least facsimiles of them. ChatGPT 4o's ability to generate realistic-looking memes and figures is now almost unmatched, and it's hard to ignore fresh trends and miss out on all the fun. The latest one is based on a popular set of Anime-style toys called Chibi figures.

Chibi, which is Japanese slang for small or short, describes tiny, pocketable figures with exaggerated features like compact bodies, big heads, and large eyes. They are adorable and quite popular online. Think of them as tiny cousins of Funko Pop!.

Real Chibi figures can run you anywhere from $9.99 to well over $100. Or, you can create one in ChatGPT.

What's interesting about this prompt is that it relies heavily on the source image and doesn't force you to provide additional context. The goal is a realistic Chibi character that resembles the original photo, and to have it appear inside a plastic capsule.

The prompt describes that container as a "Gashapon," which is what they're called when they come from a Bandai vending machine. Bandai did not invent this kind of capsule, of course. Tiny toys in little plastic containers that open up into two halves have been on sale in coin-operated vending machines for over 50 years.

If you want to create a Chibi figure, you just need a decent photo of yourself or someone else. It should be clear, sharp, in color, and at least show their whole face. The effect will be better if it also shows part of their outfit.

Here's the prompt I used in ChatGPT Plus 4o:

Generate a portrait-oriented image of a realistic, full-glass gashapon capsule being held between two fingers.

Inside the capsule is a Chibi-style, full-figure miniature version of the person in the uploaded photo.

The Chibi figure should:

• Closely resemble the person in the photo (face, hairstyle, etc.)
• Wear the same outfit as seen in the uploaded photo
• Be in a pose inspired by the chosen theme

A time capsule

(Image credit: Mr Rogers Chibi generated by ChatGPT)

Since there's no recognizable background or accessories in the final ChatGPT Chibi figure image, the final result is all about how the character looks and dresses.

I made a few characters. One based on a photo of me, another based on an image of Brad Pitt, and, finally, one based on one of my heroes, Mr. Rogers.

These Chibi figures would do well on the Crunchyroll Mini and Chibi store, but I must admit that they lean heavily on cuteness and not so much on verisimilitude.

Even though none of them look quite like the source, the Mr. Rogers one is my favorite.

Remember that AI image generation is not without cost. First, you are uploading your photo to OpenAI's server, and there's no guarantee that the system is not learning from it and using it to train future models.

AI image generation also consumes electricity on the server side to build models and to resolve prompts. Perhaps you can commit to planting a tree or two after you've generated a half dozen or more Chibi AI figures.

You might also like

• The action figure trend is the latest way people are ...
• Everyone wants the viral AI doll – but it's a privacy ...
• The hottest new AI image trend is Sora users begging for ...

The company may override user-provided ages if it suspects the account belongs to a teen.

Get the most out of your iPhone with these MagSafe accessories, handpicked by CNET’s tech experts.

• Crooks are abusing Google's notification system to bypass email protection
• Through OAuth apps, they are able to generate convincing phishing emails
• The campaign also uses sites.google.com

Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform.

Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in his Google Account.

He said that the email looked legitimate, and that it was very difficult to spot that it’s actually fake. He believes less technical users might very easily fall for the trick.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

DKIM signed

Apparently, the crooks would first create a Google account for me@domain. Then, they would create a Google OAuth app, and put the entire phishing message (about the fake subpoena) in the name field.

Then, they would grant themselves access to the email address in Google Workspace.

Google would then send a notification email to the me@domain account, but since the phishing message was in the name field, it would cover the entire screen.

Scrolling to the bottom of the email message would show clear signs that something was amiss, since at the bottom one could read about getting access to the me@domain email address.

The final step is to forward the email to the victim. “Since Google generated the email, it's signed with a valid DKIM key and passes all the checks,” Johnson explained how the emails landed in people’s inbox and not in spam.

The attack is called a “DKIM replay phishing attack,” since it leans on the fact that in Google’s systems, DKIM checks only the message and the headers, not the envelope. Since the crooks first registered the me@domain address, Google will show it as if it was delivered to their email address.

To hide their intentions even further, the crooks used sites.google.com to create the credential-harvesting landing page. This is Google’s free web-building platform and should always raise red flags when spotted.

Via BleepingComputer

You might also like

• Millions of airline customers possibly affected by OAuth security flaw
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• Some Entra ID accounts were being flagged as having compromised credentials
• Seems it was just Microsoft “inadvertently generat[ing] [false] alerts”
• However, users were getting different explanations from Microsoft

Windows administrators have been reporting mass account lockouts across various organizations following a Microsoft Entra ID update.

Many believe these were false positives triggered in Entra ID's new leaked credentials detection app (a new feature called MACE Credential Revocation), as affected accounts had unique and unused passwords.

One user posted to a Reddit thread that around half a dozen accounts had been blocked after credentials were supposedly found on the dark web, however those users didn’t have much in common, suggesting that it wasn’t a targeted attack.

Entra ID might be flagging false positives

“There are no risky signins, no other risk detections, everyone is MFA, it's literally the only thing that's appeared today, raising the risk on these people from zero to high,” the Reddit user explained.

Beneath the original post is a series of comments from other system admins who also experienced similar issues, with one user sharing a response from Microsoft suggesting that the accounts had been erroneously flagged:

“On Friday 4/18/25, Microsoft identified that it was internally logging a subset of short-lived user refresh tokens for a small percentage of users, whereas our standard logging process is to only log metadata about such tokens. The internal logging issue was immediately corrected, and the team performed a procedure to invalidate these tokens to protect customers.”

The notice sees Microsoft admit to “inadvertently generat[ing] alerts in Entra ID Protection” of supposed compromised credentials between 4AM UTC and 9AM UTC on April 20.

Another user said they were quoted “Error Code: 53003” for conditional access policy, while another was told that it was to do with an outage in their region – even though no outage had been reported or logged.

TechRadar Pro has asked Microsoft to clarify what happened over the weekend and why users appear to have received different explanations. Any update will be posted here.

You might also like

• Major TalkTalk Business outage means customers have had to go without email for over a week
• Keep your account safe with the best password managers
• We’ve listed the best identity management software

The initiative focuses on data center hard drives for the recovery of rare earth elements, which have taken on new significance as China pushes back against US tariffs.

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Monday's puzzle instead then click here: NYT Connections hints and answers for Monday, April 21 (game #680).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #681) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• ICE
• WHEEL
• GREASE
• LIGHTNING
• FIRE
• EEL
• AXE
• SUN
• CLAY
• SCRAP
• VOLCANO
• GLAZE
• DROP
• BANANA PEEL
• KILN
• CUT

NYT Connections today (game #681) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Halt
• GREEN: Making china pots 
• BLUE: Slide away
• PURPLE: Hot, hot, hot 

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #681) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: CANCEL, AS A PROJECT
• GREEN: SEEN IN A POTTERY STUDIO 
• BLUE: THINGS THAT ARE SLIPPERY 
• PURPLE: NATURAL PRODUCERS OF HEAT 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #681) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #681, are…

• YELLOW: CANCEL, AS A PROJECT AXE, CUT, DROP, SCRAP
• GREEN: SEEN IN A POTTERY STUDIO CLAY, GLAZE, KILN, WHEEL
• BLUE: THINGS THAT ARE SLIPPERY BANANA PEEL, EEL, GREASE, ICE
• PURPLE: NATURAL PRODUCERS OF HEAT FIRE, LIGHTNING, SUN, VOLCANO

• My rating: Easy
• My score: 1 mistake

Today’s joke was, of course, GREASE and LIGHTNING. Although I’m sure I wasn’t alone in the words ICE and FIRE triggering a quick search for a Game of Thrones group (A Song of Ice and Fire being the title of the unfinished collection of books it is based on).

My mistake today came as I was soaring towards a faultless round. Thinking there was a group that was about natural electricity creation I had EEL instead of VOLCANO in what became the purple quartet, NATURAL PRODUCERS OF HEAT.

That they produce electricity is one of three things people know about eels, the others being they are slippery and some brave souls enjoy eating them boiled and served in jelly (I am not one of those people, the idea of eating something that is slimy, boney and stringy does not whet my appetite).

How did you do today? Let me know in the comments below.

Yesterday's NYT Connections answers (Monday, 21 April, game #680)

• YELLOW: INFO ON A NUTRITION LABEL FAT, IRON, PROTEIN, SODIUM
• GREEN: METAPHOR FOR SOMETHING UNEXPECTED BOMBSHELL, CURVEBALL, TWIST, WRENCH
• BLUE: THINGS YOU CAN INSERT INTO A SPREADSHEET CELL, COLUMN, ROW, SHEET
• PURPLE: HELICAL THINGS CORKSCREW, DNA, FUSILLI, SPRING

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Monday's puzzle instead then click here: NYT Strands hints and answers for Monday, April 21 (game #414).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #415) - hint #1 - today's theme What is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Counter offers

NYT Strands today (game #415) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• SPACE
• PRUNE
• SOAP
• FACE
• SHADE
• STREP

NYT Strands today (game #415) - hint #3 - spangram letters How many letters are in today's spangram?

• Spangram has 8 letters

NYT Strands today (game #415) - hint #4 - spangram position What are two sides of the board that today's spangram touches?

First side: left, 4th row

Last side: right, 4th row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #415) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #415, are…

• JUICES
• SOUP
• PASTRIES
• CHAI
• SANDWICHES
• ESPRESSO
• SPANGRAM: CAFE MENU

• My rating: Easy
• My score: Perfect

It never ceases to amaze me how well the NYT hides the answers in Strands, but today was a rare day where I saw one word – JUICES – immediately.

Then, after getting SOUP, the letters for PASTRIES were easy to spot and I was three words in, before I'd barely started.

SANDWICHES aside it was also a very left to right day, too, which made the search easier than when it goes right to left, down and up or all over the place.

In fact, the biggest challenge, for me at least, was to resist the temptation of stopping the word search and going out to a CAFE.

How did you do today? Let me know in the comments below.

Yesterday's NYT Strands answers (Monday, 21 April, game #414)

• ACROBAT
• JUGGLER
• DUET
• COMIC
• MAGICIAN
• DANCER
• SPANGRAM: VARIETY ACTS

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

Looking for a different day?

A new Quordle puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Monday's puzzle instead then click here: Quordle hints and answers for Monday, April 21 (game #1183).

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,100 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1184) - hint #1 - Vowels How many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 3*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1184) - hint #2 - repeated letters Do any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #1184) - hint #3 - uncommon letters Do the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1184) - hint #4 - starting letters (1) Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1184) - hint #5 - starting letters (2) What letters do today's Quordle answers start with?

• P

• C

• B

• T

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1184) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1184, are…

• POUTY
• CHEST
• BROOM
• TEPEE

Well, that was taxing! Despite having three letters (including two in the correct position) I don't think I've ever been as stumped as I was by the word that became POUTY.

Fortunately, I had better options elsewhere – and by my seventh guess the final word solved itself. This is just one reason why I prefer Quordle over Wordle.

How did you do today? Let me know in the comments below.

Daily Sequence today (game #1184) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1184, are…

• TABBY
• GIVEN
• FRISK
• AVIAN

Quordle answers: The past 20

• Quordle #1183, Monday, 21 April: SHARD, PRINT, SUMAC, LEACH
• Quordle #1182, Sunday, 20 April: DINER, HORDE, SHONE, FUGUE
• Quordle #1181, Saturday, 19 April: GRADE, LAUGH, RAINY, EXULT
• Quordle #1180, Friday, 18 April: DEBUT, GLADE, BASTE, PESTO
• Quordle #1179, Thursday, 17 April: SPRAY, RAMEN, SHELF, COURT
• Quordle #1178, Wednesday 16 April: STUMP, GRAFT, CHORD, INPUT
• Quordle #1177, Tuesday 15 April: SLEET, MERIT, HARSH, FORAY
• Quordle #1176, Monday 14 April: DRAWL, CROOK, ACTOR, LANCE
• Quordle #1175, Sunday 13 April: SHALE, KINKY, SHORN, WHOOP
• Quordle #1174, Saturday 12 April: BLIND, OVOID, CACHE, THING
• Quordle #1173, Friday 11 April: FOLLY, PITHY, SCOWL, CURLY
• Quordle #1172, Thursday 10 April: LEAST, SEWER, UNTIE, NOOSE
• Quordle #1171, Wednesday 9 April: LITHE, LEFTY, KNOLL, MULCH
• Quordle #1170, Tuesday 8 April: WIDTH, VISOR, MEDAL, BROOK
• Quordle #1169, Monday 7 April: BROTH, SHOUT, BRUTE, CABIN
• Quordle #1168, Sunday 6 April: AMBER, GAUZE, STORE, SLICK
• Quordle #1167, Saturday 5 April: GUSTY, VAULT, WHINE, BEGAT
• Quordle #1166, Friday 4 April: OAKEN, LOOPY, CURIO, BUTTE
• Quordle #1165, Thursday 3 April: ASCOT, JETTY, DRUNK, JOLLY
• Quordle #1164, Wednesday 2 April: INDEX, QUEEN, INCUR, STOLE

• Cisco found and fixed three vulnerabilities, including a high-severity one
• The high-severity issue was found in the Cisco Webex app
• It allowed criminals to run commands remotely

Cisco has patched a high-severity vulnerability in its Webex video conferencing platform which allowed threat actors to mount remote code execution (RCE) attacks against exposed endpoints.

The bug was discovered in the custom URL parser of a Cisco Webex app and is described as an “insufficient input validation” vulnerability.

“An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files,” the bug’s NVD page reads. “A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.”

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

No revolution

The vulnerability is tracked as CVE-2024-20236, and was assigned a severity score of 8.8/10 (high).

Cisco further explained that the vulnerability is present in all older versions of the product, regardless of the OS it’s running on, or system configurations.

The networking giant also said there were no workarounds for the bug, so installing the update is the only way to mitigate the risk.

While the most severe, it’s not the only vulnerability Cisco recently addressed. The company also fixed two more flaws, CVE-2025-20178 (6.0/10), and CVE-2025-20150 (5.3/10).

The former is a privilege escalation flaw in Secure Networks Analytics’ web-based management interface, and allows threat actors to run arbitrary controls as root, with admin credentials.

The latter was found in a Nexus Dashboard, and allows threat actors to enumerate LDAP user accounts remotely, separating valid accounts from the invalid ones.

The good news is that the vulnerabilities are not yet being exploited in the wild, BleepingComputer reports, citing analysis from the company’s Product Security Incident Response Team (PSIRT).

Cisco’s equipment, both software and hardware, are popular in both the enterprise and in consumer households. That makes them a prime target for threat actors, both state-sponsored and profit-oriented.

Via BleepingComputer

You might also like

• Cisco warns a decade-old vulnerability is back and targeting users
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

If the economic headlines have you reeling, a CD can provide some much-needed peace of mind.

It's not the time to make panic purchases, but it could be a good time to save.

We're now well into 2025, and two of the biggest flagship phone launches are still to come. I am of course talking about the Pixel 10 (due in August) and the iPhone 17 (due in September) and as someone with extensive experience of handsets from both Google and Apple (blame the tech journalism), I've got some thoughts about how the Pixel can get the upper hand this year.

When I say the upper hand, I'm not really talking about sales numbers: iPhones and Samsung Galaxy phones are going to win that battle for a good few years yet, at least as far as the US is concerned (globally, the market is a bit more competitive). Instead, I'm going to focus on what would resonate with me, and I suspect a lot of other consumers, too.

You'll see we awarded 4 stars out of 5 to the Pixel 9 in our Google Pixel 9 review, while in our Apple iPhone 16 review, we gave Apple's handset 4.5 stars out of 5. That means Apple currently has a slight edge when it comes to these flagship phones, so how can Google catch up this year?

1. Keep the camera bar

The Google Pixel 9a might be easier to lie down on a flat surface, but at what cost? The removal of the iconic Pixel camera bar from the design means the mid-ranger looks rather ordinary and nondescript, lost in a crowd of similar smartphone slabs.

In our Google Pixel 9a review, we described it as "dang ugly", and so I'm hoping that the big camera bump makes a triumphant return with the Pixel 10. It provides more room for additional camera technology, on top of everything else.

The iPhone 17, meanwhile, seems to be having something of an identity crisis – or at least the Pro models are, based on the leaks we've seen so far. It seems like Apple isn't sure where to go next with the design, so Google could score a win here in terms of aesthetics.

The Google Pixel 9 Pro (Image credit: Blue Pixl Media) 2. Focus on Google Gemini

It's no secret that the rollout of Apple Intelligence has been badly bungled so far, so much so that Apple has had to go on record to say it over-promised and under-delivered, which you can be sure was acutely embarrassing for a company of Apple's stature.

Google Gemini, meanwhile, is rapidly improving – in the last month or so we've seen new AI models that are smarter than ever, as well as Gemini Live screen and camera sharing roll out for all users – even those who are using Gemini for free.

There's a clear winner here already, but Google can't be complacent. Apple engineers will be busy behind the scenes trying to get Siri up to the level of Gemini and ChatGPT, and so it makes sense for the Pixel 10 to have yet more AI features baked right into it.

3. Improve performance

Apple's lead in terms of raw processor performance is as clear as its failings in AI: if we're talking solely about CPU speed, the A18 and A18 Pro chips inside the iPhone 16 series beat the Tensor G4 chip you'll find inside the Pixel 9 phones.

That doesn't mean the Pixel 9 is in any way slow or laggy, but it's something that Google needs to address if it wants to fully catch up with Apple. When it comes to gaming, video editing, or just jumping between apps, performance matters.

Unfortunately for mobile enthusiasts, the leaks to date suggest the Tensor G5 isn't going to be a huge leap forward from the Tensor G4 in terms of performance. I'm hoping that as Google gets better at designing its own chips, we'll see a bigger upgrade here.

4. Offer value for money

If you're of a certain age, you may remember handsets like the Google Nexus 5 and Google Nexus 6, which managed to combine flagship specs with mid-range pricing. Google was essentially doing the OnePlus trick before OnePlus got started.

As the Nexus series has given way to the Pixel series, that value-for-money aspect has disappeared – although the 'a' phones have taken up some of the slack. The Pixel 9 starts at $799 / £799 / AU$1,349, while the iPhone 16 starts at $799 / £799 / AU$1,399.

You'll notice those prices for the 128GB models are identical, except for Australia, and if Google was able to shave off a little from the cost of the Pixel 10, it would help it stand up better against the iPhone 17 – and bring back memories of the Nexus phones.

The iPhone 16 Pro (Image credit: Future / Lance Ulanoff) 5. Improve battery life

Smartphones seem stuck as far as battery life goes, with most handsets on the market lasting a full day of general use, so an overnight charge is always required to get through a substantial amount of a second day.

Could Google change this with the Pixel 10? It depends on the efficiency improvements it manages with the Tensor G5 chip, and also on any power-saving features that arrive with Android 16 (which should be out before the Pixel 10 phones).

Comfortably managing two days of battery life between charges would set the Pixel 10 apart from the iPhone 17 and just about every other phone available right now. It's a tough ask, but it's something all users want to see.

You might also like

• iPhone 17 report points to major display and camera upgrades
• These are the best phones you can buy right now
• We may have pricing for the upcoming Google Pixel 10 series

Verizon Fios leads the way for internet in Syracuse, but if fiber hasn’t reached your neighborhood yet, CNET's experts have some other solid choices to consider.

• ASUS patches a 9.2-rated security flaw in certain routers
• The flaw stems from AiCloud, a personal cloud server feature
• There's no evidence of abuse yet, but users should be wary

ASUS has released a fix for a critical-severity vulnerability affecting routers with AiCloud enabled which could allow threat actors to execute functions on the exposed devices remotely and without authorization.

It is tracked as CVE-2025-2492, and was given a severity score of 9.2/10 (critical). It can be exploited via a custom-tailored request.

“This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions,” the NVD page reads.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Safeguarding the device

AiCloud is a feature integrated into many ASUS routers that transforms the home network into a personal cloud server.

Users can then access, stream, sync, and share files stored on USB drives connected to the router from anywhere with an internet connection.

The flaw was found in firmware versions released after February 2025, meaning: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.

According to CyberInsider, such features “often become attractive targets” for threat actors, since they are exposing sensitive data to the internet.

Therefore, it would be wise not to delay deploying the patch. Depending on the model, there are different firmware versions that can be downloaded directly from the ASUS website.

The flaw also affects a few devices that reached end-of-life, which should now have AiCloud entirely disabled. Internet access for WAN should also be disabled, as well as port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services.

The company did not say if the flaw is being abused in the wild or not, but at press time, it was not added to CISA’s KEV, which is usually a good litmus paper for actively exploited flaws.

According to BleepingComputer, the critical CVSS rating “implies the exploitation could have a significant impact.” ASUS also told its users to use unique, strong passwords to secure their wireless networks and router administration pages.

That means making passwords at least 10 characters long, and making them a mix of lowercase and uppercase letters, numbers, and special symbols.

You might also like

• Cisco warns a decade-old vulnerability is back and targeting users
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Apple and Samsung are each offering lower-cost phones with flagship-level features, here's how to compare which one could be better for you.

SnapPower's outlet is an innovative, easy-to-install answer to a very old nightlight problem.

• OnePlus has unveiled more details of its upcoming 13T phone
• The fresh info relates to the device’s battery capacity
• The 13T is due to launch on April 24

We’re just a couple of days away from the OnePlus 13T launch, which will fall on April 24. Yet that hasn’t stopped OnePlus from teasing a few choice specs and details of the upcoming phone ahead of schedule, with the latest info concerning the device’s battery capabilities.

According to a OnePlus post on Chinese social media site Weibo, the 13T will come with a 6,260mAh battery. That’s in line with the company’s previous claims that the battery would offer a capacity of no less than 6,000mAh.

As well as that, OnePlus has revealed that the 13T’s battery will feature bypass charging. This allows your Android phone to draw power directly from a power source (like a power bank) rather than from its internal battery when charging. This helps to prolong the phone’s battery and slow down its degradation.

The data drop didn’t end there, as OnePlus has confirmed that the 13T will weigh 185g. Compare that to the OnePlus 13 and OnePlus 13R, which both come with less capacious 6,000mAh batteries yet weigh 200g each. Packing a larger battery into a smaller frame is a surprising move from OnePlus, but it’s certainly a welcome one.

Few secrets left to unveil

(Image credit: OnePlus)

OnePlus has been very forthcoming about the 13T, disclosing all manner of images and details on social media. Previously posted photos have shown the device’s range of colors – including gray, pink and black shades – as well as the fact that it will come with a new button.

Leaks have also played their part. For example, it’s been suggested that the OnePlus 13T will come with a Snapdragon 8 Elite chip, a 6.32-inch display, an IP65 rating, and two 50-megapixel rear cameras. Of those two lenses (primary and telephoto), the telephoto one could offer 2x optical zoom and 4x lossless zoom.

That said, we don’t yet know the full spec sheet for the OnePlus 13T, and it’s possible that OnePlus is saving some intriguing new features for the launch event itself. But with so much already in the public domain, it will be interesting to see what the company might possibly have held back. We’ll find out for sure on April 24, when the 13T finally launches.

You might also like

• The OnePlus 13T is coming on April 24, and the company has already shown it off
• ‘It’s not a removal, it’s an evolution’: OnePlus backs decision to ditch the Alert Slider on the OnePlus 13T and future models
• OnePlus 13 review: I'm dumbfounded, I can't find anything wrong with this phone