Technology

Prepare for the reality of a white Christmas with this impressive gas snow blower to clear paths all winter long.

Recently, DevOps professionals were reminded that the software supply chain is rife with risk, or as I like to say, it’s a raging dumpster fire. Sadly, this risk now includes open source artificial intelligence (AI) software. Especially after further investigations into Hugging Face (think GitHub for AI models and training data) uncovered up to one hundred potentially malicious models residing in its platform, this incident is a reality check regarding the ever-present vulnerabilities that can too easily catch unsuspecting dev teams by surprise as they work to acquire machine learning (ML) or AI models, datasets, or demo applications.

Hugging Face does not stand alone in its vulnerability. PyTorch, another open-source ML library developed by Facebook's AI Research lab (FAIR), is widely used for deep learning applications and provides a flexible platform for building, training, and deploying neural networks. PyTorch is built on the Torch library and offers strong support for tensor computation and GPU acceleration, making it highly efficient for complex mathematical operations often required in ML tasks.

However, its recent compromise raises specific concerns about blindly trusting AI models from open-source sites for fear the content has been previously poisoned by malicious actors.

This fear, while justified, is starkly contrasted with the long-standing belief in the benefits of open-source platforms, such as fostering community through collaboration on projects and cultivating and promoting other people's ideas. Any benefits to building secure communities around large language models (LLMs) and AI, seem to evaporate with the increased potential for malicious actors to enter the supply chain, and corrupt CI/CD pipelines or change components that were believed to have initially come from trusted sources.

Software security evolves from DevOps to LLMOps

LLMs and AI have expanded concern over supply chain security for organizations, particularly as interest in incorporating LLMs into product portfolios grows across a range of sectors. For cybersecurity leaders whose organizations are looking to adapt to the broad availability of AI applications, they must stand firm against risks introduced by suppliers not just for traditional DevSecOps, but now for ML operations (MLOps) and LLM operations (LLMOps) as well.

CISOs and security professionals should be proactive about detecting malicious datasets and responding quickly to potential supply chain attacks. To do that, you must be aware of what these threats look like.

Introduction to LLM-specific vulnerabilities

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation working to improve the security of software, through community-led open-source projects including code, documentation, and standards. It is a true global community of greater than 200,000 users from all over the world, in more than 250+ local chapters, and provides industry-leading educational and training conferences.

The work of this community has led to the creation of the OWASP Top 10 vulnerabilities for LLMs, and as one of its original authors, I know how these vulnerabilities differ from traditional application vulnerabilities, and why they are significant in the context of AI development.

LLM-specific vulnerabilities, while initially appearing isolated, can have far-reaching implications for software supply chains, as many organizations are increasingly integrating AI into their development and operational processes. For example, a Prompt Injection vulnerability allows adversaries to manipulate an LLM through cleverly crafted inputs. This type of vulnerability can lead to the corruption of outputs and potentially spread incorrect or insecure code through connected systems, affecting downstream supply chain components if not properly mitigated.

Other security threats are caused by the propensity for an LLM to hallucinate, causing models to generate inaccurate or misleading information This can lead to vulnerabilities being introduced in code that is trusted by downstream developers or partners. Malicious actors could exploit hallucinations to introduce insecure code, potentially triggering new types of supply chain attacks that propagate through trusted systems. This can also create severe reputational or legal risks if these vulnerabilities are discovered after deployment.

Further vulnerabilities involve insecure output handling and the challenges in differentiating intended versus dangerous input to an LLM. Attackers can manipulate inputs to an LLM, leading to the generation of harmful outputs that may pass unnoticed through automated systems. Without proper filtering and output validation, malicious actors could compromise entire stages of the software development lifecycle. Implementing a Zero Trust approach is crucial to filter data both from the LLM to users and from the LLM to backend systems. This approach can involve using tools like the OpenAI Moderation API to ensure safer filtering.

Finally, when it comes to training data, this information can be compromised in two ways: label poisoning which refers to inaccurately labeling data to provoke a harmful response; or training data compromise, which influences the model's judgments by tainting a portion of its training data, and skewing decision making. While data poisoning implies that a malicious actor might actively work to contaminate your model, it’s also quite possible this could happen by mistake, especially with training datasets distilled from public internet sources.

There is the possibility that a model could “know too much” in some cases, where it regurgitates information on which it was trained or to which it had access. For example, in December of 2023, researchers from Stanford showed that a highly popular dataset (LAION-5B) used to train image generation algorithms such as Stable Diffusion contained over 3,000 images related to “child sexual abuse material.” This example sent developers in the AI image generation space scrambling to determine if their models used this training data and what impact that might have on their applications. If a development team for a particular application hadn’t carefully documented the training data they’d used, they wouldn’t know if they were exposed to risks that their models could generate immoral and illegal images.

Tools and security measures to help build boundaries

To mitigate these threats, developers can incorporate security measures into the AI development lifecycle to create more robust and secure applications. To do this, they can implement secure processes for building LLM apps, identified in five simple steps:

1) foundation model selection; 2) data preparation; 3) validation; 4) deployment; and 5) monitoring.

To enhance the security of LLMs, developers can leverage cryptographic techniques such as digital signatures. By digitally signing a model with a private key, a unique identifier is created that can be verified using a corresponding public key. This process ensures the model's authenticity and integrity, preventing unauthorized modifications and tampering. Digital signatures are particularly valuable in supply chain environments where models are distributed or deployed through cloud services, as they provide a way to authenticate models as they move between different systems.

Watermarking is another effective technique for safeguarding LLMs. By embedding subtle, imperceptible identifiers within the model's parameters, watermarking creates a unique fingerprint that traces the model back to its origin. Even if the model is duplicated or stolen, the watermark remains embedded, allowing for detection and identification. While digital signatures primarily focus on preventing unauthorized modifications, watermarks serve as a persistent marker of ownership, providing an additional layer of protection against unauthorized use and distribution.

Model Cards and Software Bill of Materials (SBOMs) are also tools designed to increase transparency and understanding of complex software systems, including AI models. A SBOM is essentially a detailed inventory of all software product components and focuses on listing and detailing every piece of third-party and open-source software included in a software product. SBOMs are critical for understanding the software's composition, especially for tracking vulnerabilities, licenses, and dependencies. Note that AI-specific versions are currently in development.

A key innovation in CycloneDX 1.5 is the ML-BOM (Machine Learning BOM), a game-changer for ML applications. This feature allows for the comprehensive listing of ML models, algorithms, datasets, training pipelines, and frameworks within an SBOM, and captures essential details such as model provenance, versioning, dependencies, and performance metrics, facilitating reproducibility, governance, risk assessment, and compliance for ML systems.

For ML applications, this advancement is profound. The ML-BOM provides clear visibility into the components and processes involved in ML development and deployment, to help stakeholders grasp the composition of ML systems, identify potential risks, and consider ethical implications. In the security domain, it enables the identification and remedy of vulnerabilities in ML components and dependencies, which is essential for conducting security audits and risk assessments, contributing significantly to developing secure and trustworthy ML systems. It also supports adherence to compliance and regulatory requirements, such as GDPR and CCPA, by ensuring transparency and governance of ML systems.

Finally, use of strategies that extend DevSecOps to LLMOps are essential like model selection, scrubbing training data, securing the pipeline, automating the ML-BOM build, building an AI Red Team, and properly monitoring and logging the system with tools to help you. All of these suggestions provide the appropriate guardrails for safe LLM development while also embracing the inspiration and broad imagination for what is possible using AI, with an emphasis for maintaining a secure foundation of Zero Trust.

We've featured the best network monitoring tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Normally $70, this Black Friday double discount saves you a ton of cash on this tech essential.

Whether you work in the mobile world or not, you probably heard of the term “super app” and that these apps are very popular in certain markets, especially Asia. These all-in-one platforms integrate multiple functionalities beyond a company’s core offering. They usually have a complete, all-encompassing user experience that normally would require multiple smaller apps.

While in the West this type of app is not as popular as in other markets, there is a growing appetite with apps such as Uber and Revolut at the vanguard. It is unsurprising as the potential is massive with the super app market projected to reach a staggering $714.73 billion by 2032. Our own research at SplitMetrics has also found that in 2024 (until the end of September) super apps added 370 million new users globally, with a global lifetime user base of 4.7 billion.

That is super competitive and can be daunting for anyone launching a new app but with the right user experience and marketing, you can still make your new super app a success.

A crowded market - how do you disrupt the established?

You’ve got to start by identifying your app’s Unique Selling Proposition (USP). This differentiation doesn’t have to be a radical change; it can be an improvement in functionality, cost, or user experience.

To differentiate effectively, new super apps should:

Identify a clear USP: Highlight how your app improves upon existing solutions, whether through innovative features or better value.

Combine services creatively: Offer a unique mix of services that aren’t currently bundled together by competitors.

Invest in marketing: Launch a well-resourced and optimized marketing campaign to gain visibility and enter the conversation.

Target untapped markets: Consider focusing on regions outside of Asia where super apps are gaining popularity but competition is less intense. Building a sizable user base in these markets can provide a strong foundation before entering the more competitive Asian landscape.

Adapt to change

The app industry is among the most competitive and dynamic sectors around. Consumer preferences are in a constant state of flux and there are literally thousands of new apps launched every single day. This means that even very successful apps can’t stay still - they need to be constantly reevaluating both their offering and their marketing initiatives. What is important to remember is that the average consumer does not think about using a Super App or a specialized app as a binary choice. Most wouldn’t even recognize an app like Uber as a super app.

The critical factor is that every aspect of the app works as well as it can because if it doesn’t there are plenty of competitors that a user can switch to. The key to ensuring the best user experience is responding to change. This means knowing what new innovations can enhance your app or how it is marketed, what your competitors are doing and how market conditions and consumer demands are changing. If you stay ahead of the curve, you will be able to stay competitive.

Do your market research

Although we often talk about Asia or Western markets as a homogeneous block, the reality is that there are huge variations between each country. What may work well in France, might not appeal to an audience in Australia. Knowing the market and tailoring the app offering and how it is marketed to the demands of consumers in each country is fundamental.

App developers will naturally know their home market the best, so that’s the most obvious place to start. From there, it is about identifying the next most similar market and modifying the app and how you promote it to that audience. It may seem appealing to go after the most lucrative markets first, for example, the US. However, not only will they be the most competitive, they will also likely be the most expensive places to do business. It is better to take an incremental, pragmatic approach to growth - learning lessons on the way - and build up your audience and capabilities on this journey.

Don’t forget the app marketing basics

Once your app is launched, the journey is far from over. While organic growth is valuable, a robust paid user acquisition (UA) strategy is essential to maintain competitiveness in today's bustling app market. A strong foundation in App Store Optimization (ASO), coupled with strategic paid UA, can drive quality conversions and optimize costs.

Remember, these two strategies are interconnected. A well-optimized app store listing can amplify the impact of your paid campaigns, leading to increased organic visibility and downloads. By analyzing performance metrics, making data-driven decisions, and staying attuned to market trends, you can ensure your app's continued success.

Super apps offer a unique opportunity to disrupt the app landscape. By focusing on a strong USP, creative service bundles, and strategic marketing, you can carve out your niche in this booming market. But remember, it's not just about launching an app – it's about constant adaptation, innovation, and a deep understanding of your target market. Stay ahead of the curve, and you can build a super app that stands the test of time.

We've featured the best business intelligence platform.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

CNET's top pick for high-speed internet in Riverside is Spectrum, but you might get cheaper prices and faster speeds elsewhere.

(Image credit: Sony/PlayStation)

1. US 30th Anniversary Collection quick links
2. UK 30th Anniversary Collection quick links
3. Complete US stock checks
4. Complete UK stock checks
5. Live updates

The PS5 30th Anniversary Collection release date is nearly here and we're quietly hopeful - though not expectant - of seeing some PS5 30th Slim or PS5 30th Anniversary DualSense stock appearing.

As a result, we're starting early today by providing some information on what the 30th Anniversary Collection is, what products might be available tomorrow, providing all the best stock check links, and then keeping track of all the major retailers tomorrow when stock might go live.

It's been tough going since the PlayStation 30th Anniversary pre-orders opened, with the PS5 Slim 30th Anniversary pre-orders being particularly popular along with folks really wanting to know where to buy the PS5 30th Anniversary DualSense since too. While we have seen a restock for both since the initial pre-orders sold out, it's been barren ever since, and stock goes very quickly.

The 30th Anniversary Collection launched for pre-orders the same day as the PlayStation 5 Pro too - but the latter has proved easy to get, and anyone can buy a PS5 Pro right now from pretty much any retailer of their choosing.

Anyway, getting back to it: with us only less than 12 hours from release day in the UK, there's going to be nothing stopping retailers from going live with any launch day stock they may have been saving. If we see anything at all, then I think we're most likely to see PS5 30th Anniversary restocks and stock drops on the PS5 Slim console bundle, and the DualSense controller. However, it could also be a total no-show for restocks - we just don't know, but we're here to save you the work anyway, and make it as easy as possible for you to check quickly.

US 30th Anniversary Collection Quick Links

• PS5 Slim 30th Anniversary Edition Bundle: Check stock at Walmart ($499)
• PS5 Slim 30th Anniversary Edition Bundle: Check stock at Amazon ($499.99)
• PS5 Slim 30th Anniversary Edition Bundle: Check stock at Best Buy ($499.99)
• PS5 Slim 30th Anniversary Edition Bundle: Check stock at Target ($499.99)
• PS5 Slim 30th Anniversary Edition Bundle: Check stock at PS Direct ($499.99)
• 30th Anniversary DualSense: Check stock at Amazon ($79.99)
• 30th Anniversary DualSense: Check stock at Walmart ($79.99)
• 30th Anniversary DualSense: Check stock at Best Buy ($79.99)
• 30th Anniversary DualSense: Check stock at Target ($79.99)
• 30th Anniversary DualSense: Check stock at GameStop ($79.99)
• 30th Anniversary DualSense: Check stock at PS Direct ($79.99)
• PS5 Pro 30th Anniversary Edition Bundle: Check stock at PS Direct ($999.99)
• 30th Anniversary DualSense Edge: Check stock at PS Direct ($219.99)
• 30th Anniversary PlayStation Portal: Check stock at PS Direct ($219.99)

UK 30th Anniversary Collection Quick Links

• PS5 Slim 30th Anniversary Digital Edition: Check stock at Amazon (£429.99)
• PS5 Slim 30th Anniversary Digital Edition: Check stock at Argos (£429.99)
• PS5 Slim 30th Anniversary Digital Edition: Check stock at Very (£429.99)
• PS5 Slim 30th Anniversary Digital Edition: Check stock at EE (£439.99)
• PS5 Slim 30th Anniversary Digital Edition: Check stock at PS Direct (£433.99)
• PS5 Slim 30th Anniversary Digital Edition: Check stock at Currys
• 30th Anniversary DualSense: Check stock at Amazon (£69.99)
• 30th Anniversary DualSense: Check stock at Argos (£69.99)
• 30th Anniversary DualSense: Check stock at Very (£69.99)
• 30th Anniversary DualSense: Check stock at Currys (£69.99)
• 30th Anniversary DualSense: Check stock at Game (£69.99)
• 30th Anniversary DualSense: Check stock at PS Direct (£69.99)
• 30th Anniversary PS5 Pro bundle: Check stock at PS Direct (£959.99)
• 30th Anniversary DualSense Edge: Check stock at PS Direct (£219.99)
• 30th Anniversary PlayStation Portal: Check stock at PS Direct (£219.99)

Complete US stock checks

PS5 Slim Digital Edition 30th Anniversary Edition bundle ($499.99): Check stock at Target
We're leading with Target here for the PS5 Slim, as Target's listing page for the PS5 Slim 30th Anniversary Edition says to 'Check back on release date' which we will most gladly do in the hope of seeing more stock. Best Buy also has a 'coming soon' label, and Amazon never went live with its stock despite having a live listing page back on pre-order day, so check those two next for sure.

Check for stock at: Best Buy | Amazon | Walmart | PlayStation DirectView Deal

DualSense 30th Anniversary Edition ($79.99): Check stock at Target
It's the same with the Dualsense 30th Anniversary Edition controller: Target's listing page has got 'check back on release date' on it, seemingly hinting at more stock. Elsewhere, again, Best Buy has 'coming soon', and we have seen the controller crop up since pre-orders started at Amazon and Walmart too.

Check for stock at: Amazon | Best Buy | Walmart | GameStop | PlayStation DirectView Deal

PS5 Pro 30th Anniversary Edition bundle ($999.99): Check stock at PlayStation Direct
Perhaps the longest shot for 30th Anniversary Collection release day stock, the PS5 Pro truly is a limited edition thing with only 12,300 models being made by Sony (inexplicably). If this does come up for a restock it'll only be at PS Direct.View Deal

DualSense Edge 30th Anniversary Edition ($219.99): Check stock at PlayStation Direct
The limited-edition DualSense Edge proved very popular with the premium pad selling out when pre-orders came up. I haven't seen a restock of this since then either, but if that does happen on launch day, it'll only be at PlayStation Direct.View Deal

PlayStation Portal 30th Anniversary Edition ($219.99): Check stock at PlayStation Direct
I love the PlayStation Portal, and so did a whole heap of other folks too by the looks of it given the 30th Anniversary Edition Portal sold out. Again, this will only pop up at PS Direct if we do see some restock action on launch day.View Deal

Complete UK stock checks

PS5 Slim Digital Edition 30th Anniversary Edition bundle (£429.99/£433.99): Check stock at Amazon
The PS5 Slim 30th Anniversary Edition has not appeared anywhere properly since the pre-orders opened and sold out at other retailers on October 10. Amazon's stock only lasted 8 minutes then so we reckon it might be the best-placed retailer to offer launch-day stock if we see any at all. Check the other go-to retailers below too.

Check for stock at: Argos | Very | Currys | PlayStation Direct | EE Store (£539.99 bundle) | GameView Deal

DualSense 30th Anniversary Edition (£69.99): Check stock at Amazon
The 30th Anniversary DualSense popped up a couple of times briefly at Amazon since pre-orders opened there, so we think it might be as good a place as any to start. The controller has also appeared at Argos and Currys since so those are great places to look too.

Check for stock at: Argos | Currys | Very | Game | PS DirectView Deal

PS5 Pro 30th Anniversary Edition bundle (£959.99): Check stock at PlayStation Direct
The PS5 Pro bundle was barely visible to anyone when it went up for pre-order and we haven't seen any since. It's a long shot like it is in the US, but if it's going to come up anywhere it'll be at PS Direct.View Deal

DualSense Edge 30th Anniversary Edition (£219.99): Check stock at PlayStation Direct
Another exclusive-to-PS-direct-prosduct, the DualSense Edge pro controller will only appear at PlayStation Direct UK if it pops up on launch day we are almost certain of that.View Deal

PlayStation Portal 30th Anniversary Edition (£209.99): Check stock at PlayStation Direct
In the UK, the PlayStation Portal 30th Anniversary Edition proved exceptionally popular too - I'm going to be jealous when a colleague's unit arrives. It'll only be at PlayStation Direct, once again, if it does pop up.View Deal

Hello and welcome to our live build-up coverage to the PlayStation 30th Anniversary Collection release day!

We're here to look forward to and celebrate the collection's release date and cheer on fans who finally get their hands on the gear. But we're also here with fingers crossed that we might see some launch day stock drops or restocks at retailers who may have kept their powder dry on some inventory, or have specific release day units to sell.

It's by no means guaranteed but that's not going to stop us hoping and doing constant checks for you nonetheless./. We've got all the best and most important links to check above, and will be keeping this post as up to date as we can with restock news and links to stock itself should any pop up.

(Image credit: Sony/PlayStation)

So what's all the fuss about then?

Well, back in September, along with the official announcement of the PS5 Pro, Sony revealed its pretty expansive 30th Anniversary Collection. This is a collection of limited edition PS5 hardware that's all styled in the original PS1 aesthetic and all looks excellently slick.

The grey-color stylings are perfect for igniting that nostalgia in long-term PlayStation fans and celebrating the original PlayStation made for perfect PS5 consoles and accessories.

The collections covered the PS5 Pro, PS5 Slim, DualSense, DualSense Edge, and PlayStation portal specifically, though you did get a DualSense charger in the same style with the PS5 Pro bundle - the latter only being made to the tune of 12,300 units in honor of the PS1'sd December 3 release date.

The Collection was extremely popular with plenty of hype building before pre-orders went live. When the opportunity to bag a pre-order did come for fans, it was all over in a matter of minutes, however, and many have been left disappointed since. Which is part of the reason for our live coverage starting today.

(Image credit: PlayStation/Sony)

With only 12,300 units on offer, anticipation was intense and the PS5 Pro bundle barely stuck around for a few minutes when fans got past the virtual waiting room at PlayStation Direct.

The other bits of hardware soon followed suit, and all sold out pretty quickly indeed. When other retailers could release their own pre-orders two weeks later on October 10 (but only for the PS5 Slim and DualSense controller), the action was equally intense and stock flew off the virtual shelves. We have seen some fleeting restocks at retailers like Amazon and Target in the US, and Argos and Currys in the UK, but there's been nothing substantial or long-lasting.

Which brings us to today, 30th Anniversary Collection release date eve. I think that release date might well be a good bet for some stock drops or retailer restocks for the 30th Anniversary Collection. It's not guaranteed by any means, and is based largely on my own hunch and experience - there was indeed PS5 stock released on launch day after all, when few people actually expected it then - but we also have a couple of retailer-specific reasons to hold out hope. Let me explain...

You can get almost 30% off Samsung's latest model just a day before the kickoff of Amazon's Black Friday sale.

The partly Leighton-less season premieres this week.

• Amazon has launched its biggest-ever smart display – the Echo Show 21
• It combines a 21-inch screen with new features like improved audio
• The Echo Show 15 has also been upgraded with the same new features

If you like the idea of having a wall-mounted smart display for video calls, photo sharing, and family organization, Amazon has just launched two tempting new options – an upgraded Echo Show 15 and its biggest-ever smart screen, the new Echo Show 21.

The Echo Show series is already available in bewildering array of screen sizes, starting with the Echo Show 5. But these two new models are unique – not only are they Amazon's largest options, with 15-inch and 21-inch screens respectively, they're also designed to be wall-mountable. That makes them particularly suitable for busy kitchens with cluttered worktops.

The original Amazon Echo Show 15 launched in September 2021, but it's been updated with several upgrades, which are also in the new Echo Show 21. The first of those directly addresses one of our main criticisms of the first Echo Show 15, which is improved audio quality. Rather than two 1.6-inch tweeters, the displays combine dual 2-inch woofers with two 0.6-inch tweeters for a bassier sound.

Combined with some new noise reduction tech and improved auto-framing skills, this should make the Echo Show 15 and 21 much better for video calls. Amazon also says that both displays now offer double the field-of-view compared to the first Echo Show 15 and "65% more zoom", although this is presumably still just digital zoom.

The final two improvements should boost Echo Shows' streaming and smart home powers. They now have Wi-Fi 6E, which offers better speeds and lower latency compared to Wi-Fi 6. Depending on your router, that should boost the streaming experience from YouTube, Netflix, and Prime Video.

Image 1 of 2

(Image credit: Amazon)Image 2 of 2

(Image credit: Amazon)

Lastly, the Echo Show 15 and 21 have a built-in smart home hub with Matter support. The original Echo Show 15 already supports Matter, but connecting to your various smart home devices should be easier thanks to direct support for Wi-Fi, Thread, or Zigbee protocols. Both are powered by an octa-core processor with Amazon's AZ2 neural network engine.

On the downside, the price of getting a large, wall-mountable Echo Show has gone up since the original Echo Show 15 was launched. The new Echo Show 15 costs $299 / £299 (around AU$460) – a $50 increase from the original – while the Echo Show 21 will set you back $399 / £399 (around AU$615).

We'll update this story when we get the official Australia pricing – and we'll also be testing both soon to let you know if they're new contenders for our best smart displays guide.

Analysis: The battle for your wall space heats up

The new Amazon Echo Show 21's size (above) and improved speakers should make it a good option for video calls. (Image credit: Amazon)

We've seen rumors grow in recent months that Apple is planning to launch a wall-mounted smart display in early 2025 – and it seems that Amazon has pre-empted that by launching its new Echo Show 21 and refreshing its Echo Show 15.

Both of these new displays are built on the same idea as Apple's rumored Apple Intelligence-powered screen – namely, letting you easily video call family, watch YouTube, and control your smart home from one unobtrusive kitchen hub.

As our Amazon Echo Show 15 review noted, the original kitchen nerve center wasn't perfect. Our main complaints were the disappointing speakers, average display with weak colors and brightness, lack of resizable widgets, and the fact that the tilt stand was sold separately.

Amazon certainly seems to have addressed the criticisms of audio quality in these new Echo Shows. But while they do both come with an Alexa Voice Remote, you still need to buy the pricey stand separately (for $99 / £99).

The other big unknown is the future state of voice assistants on these devices. The upgraded Alexa AI seems to be perpetually delayed, Apple won't be meaningfully upgrading Siri until iOS 18.4 in 2025, and Google is being characteristically non-committal with its smart home plans, despite our pleas for it to upgrade its aging Nest Hub.

Still, Amazon certainly has the most experience in making big, wall-mountable smart home displays – and on paper, the Echo Show 15 and 21 look like its best efforts yet.

You might also like

• Everything you need to know to set up your smart home
• Amazon Echo Hub review: Alexa finally puts smart home first
• Devices that Matter: these products work with the new smart home connectivity standard

The appointee, Brendan Carr, wrote a dissenting opinion blasting opposition to broadband data caps.

Apple also rolled out security fixes for the iPhone and iPad.

Oregon's broadband providers offer fiber-optic plans but not all of them deliver the same speed -- or value. CNET's got you covered with the top picks for best internet plans in Oregon.

Streaming music giving you the blues? These record players will help you rock on to analog audio at home.

• Wix Studio adds AI visual sitemap and wireframe generator
• The results can be tweaked and customized in many ways
• Any changes are synced in real-time, from both ends

Wix Studio has gotten richer for yet another AI-powered feature - a visual sitemap and wireframe generator.

In a press release shared with TechRadar Pro earlier this week, Wix, one of the best website builders on the market, said the new offering “allows agencies and enterprises to accelerate site planning” with the new tool.

A visual sitemap is a graphical representation of a website's structure, showing the relationships and hierarchy of its pages and content. It provides an organized overview of how the site is laid out, helping to plan navigation, user flow, and content distribution. To create such a sitemap with Wix Studio, agencies, and web professionals can now simply input project details such as business type, site description, goals, target audience, and tone of voice.

After that, the AI takes over, generating a tailored sitemap with pages and sections. Users can then refine and customize the design, add or remove sections and pages, or shuffle things around. The final step is to export the solution for easy sharing with clients, partners, and search engines.

This is a new feature that helps further position Wix Studio as one of the best website builders for agencies.

Adding AI to website builders

Users can also opt for a sitemap with wireframes - simplified, low-fidelity visual guides that represent the layout and structure of a website or app.

"With the visual sitemap and wireframe generator, we’re offering users a powerful new way to streamline the website creation process," said Gali Erez, Head of Wix Studio. "By automating the initial site planning and structuring, users can now focus more on the creative aspects of their work, delivering fully-customized, client-ready websites faster than ever before."

Wix also said that any changes can be synchronized in real time. If a user makes a change to the visual sitemap, it instantly gets reflected on the site, and vice-versa.

The new offering will come pre-installed with Wix’s business solutions, the company added, stressing that it will be available on Wix Studio to users “on a rolling basis.”

Over the last couple of months, most website builders have implemented generative artificial intelligence (GenAI) solutions in one form or another. Bluehost, Crazy Domains, GoDaddy, Wix, and many others, have recently introduced chat-based website building capabilities, helping agencies and web professionals create sites faster and more seamlessly, thus freeing up valuable time to focus on more pressing matters.

More from TechRadar Pro

• Bluehost adds AI to its WordPress website builder
• Check out our roundup of the best AI website builders on the market
• Get a great deal on your Wix subscription with our Wix coupon codes

• Apple has issued a patch to a number of its operating systems
• The patch addresses two critical vulnerabilities in JavaScriptCore and WebKit
• Users should install the patches immediately

Apple has issued a patch for macOS following the exposure of two critical zero-day vulnerabilities found in the software.

The macOS Sequoia 15.1.1 update looks to mitigate a vulnerability in JavaScriptCore that would allow attackers to create malicious web content that could result in arbitrary code execution.

A second vulnerability found in WebKit would allow attackers to also use malicious web content for cross site scripting attacks, with Apple stating for both vulnerabilities, it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”

Patch now, warns Apple

While the vulnerability may have only been potentially exploited on Intel-based Mac systems, Apple has also issued patches across its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilies could allow attackers to compromise vulnerable devices and steal data or install malware.

The vulnerabilities are tracked as CVE-2024-44308 and CVE-2024-44309, and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, they are likely to be deemed critical and users should apply patches immediately.

The vulnerabilities were discovered by Google’s Threat Analysis Group which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for the exploitation of the vulnerabilities.

Mac users can apply the patch by searching for updates in the usual manner by using the Apple menu to navigate to System Settings > General > and then clicking Software Update. iPhone users can apply the patch by navigating to Settings > General > and then clicking Software Update. Be aware that older devices that use older operating systems may not have a patch available.

Via TechCrunch

You might also like

• Here is our guide to the best Mac antivirus
• Take a look at some of the best Black Friday antivirus deals
• Update now — Fortinet Windows VPN hacked to steal user data

Supervive takes two styles I've always wanted to like -- the multiplayer online battle arena and the battle royale -- and weaves the best of each into something I finally enjoy.

The My AI feature shows up as a "friend," but maybe this isn't the kind of tech you want to be palling around with.

The next Nintendo console should arrive next year, and lots of details are already here.

Nike, maker of some of the best running shoes out there, has today unveiled its new transformed lineup of road running shoes for 2025, and the new Vomero 18 is leading the charge.

The Vomero 18 is Nike's new maximum-cushioning shoe for the most comfortable ride possible, expanding the benefits of Nike's current cushioning king, the Invincible 3. That's Nike's version of shoes like the ASICS Gel Nimbus 25. The new Vomero offers more cushion than ever before and the tallest stack height in its history, using a combo of Nike's ZoomX and ReactX foams double stacked for maximum comfort.

The stack height stands at 46mm, 6mm tallest than the Vomero 17. Most notably, Nike has extensively tested the shoe with women runners. The sole is made from durable rubber for traction, and the upward curve delivers increased rocker geometry for a smoother heel-to-toe transition.

(Image credit: Nike) Nike's new 2025 running lineup Image 1 of 1

(Image credit: Nike)

As mentioned, the Vomero now sits in Nike's new, simplified road running lineup for 2025. The Vomero is the maximum cushioning option, and sits alongside the Pegagus, Nike's responsive ride option. The final offering is the Structure, offering supportive cushioning and stability for runners who overpronate.

Each of these three lines will feature an "Icon" shoe (like the Pegasus 41 or the Vomero 18), alongside Plus and Premium silhouettes. Nike's Pegasus 41 and Pegasus Plus are already available at Nike.com, while the Pegasus Premium is launching in January 2025.

The Vomero 18 drops globally on February 27, with Plus and Premium models coming later in 2025. Next year will also deliver new Structure silhouettes.

Today's announcement also includes new running essentials, Nike Swift for women and Nike Stride for men.

(Image credit: Nike)

Relive the action with Russell Crowe and that tiger.