Technology

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Thursday's puzzle instead then click here: NYT Connections hints and answers for Thursday, February 6 (game #606).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #607) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• BLUE
• VELVET
• RUN
• TIRE
• LEAD
• BALLOON
• ERASER
• HEAD
• BULL
• LAMP
• CROSS
• WISHES
• DIRECT
• GALOSH
• EARRING
• HERRING

NYT Connections today (game #607) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Bossing it
• GREEN: Bouncy material
• BLUE: Magically appear in an enchanted folktale
• PURPLE: Precede with a color

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #607) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: BE IN CHARGE OF
• GREEN: THINGS MADE OF RUBBER 
• BLUE: ASSOCIATED WITH THE GENIE IN "ALADDIN" 
• PURPLE: RED -_ 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #607) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #607, are…

• YELLOW: BE IN CHARGE OF DIRECT, HEAD, LEAD, RUN
• GREEN: THINGS MADE OF RUBBER BALLOON, ERASER, GALOSH, TIRE
• BLUE: ASSOCIATED WITH THE GENIE IN "ALADDIN" BLUE, EARRING, LAMP, WISHES
• PURPLE: RED -_ BULL, CROSS, HERRING, VELVET

• My rating: Hard
• My score: 2 mistakes

It took me ages to get ASSOCIATED WITH THE GENIE IN "ALADDIN" – I had LAMP and WISHES, which I could have done with three of today, but it took me two mistakes before I solved it and got all four answers, even after landing the yellow and green groups.

A nice touch today to see a tribute to the late director David Lynch with two of his most famous films namechecked across four words – BLUE VELVET and ERASER HEAD .

How did you do today? Let me know in the comments below.

Yesterday's NYT Connections answers (Thursday, 6 February, game #606)

• YELLOW: DELICATE FAINT, LIGHT, MILD, SOFT
• GREEN: MAGNANIMOUS GRAND, GREAT, LOFTY, NOBLE
• BLUE: THINGS WITH NECKS BOTTLE, GIRAFFE, GUITAR, LAMP
• PURPLE: FIRST NAMES IN JAZZ CAB, COUNT, DIZZY, DUKE

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Here are some hints — and the answers — for Connections: Sports Edition No. 137 for Friday, Feb. 7.

Here are some hints -- and the answers -- for the Feb. 7 Strands puzzle, No. 341.

Here are some hints — and the answers — for Connections No. 607 for Feb. 7.

Here are some hints and the answer for Wordle No. 1,329 for Feb. 7.

California king beds are luxurious and perfect for those who need the extra length to stretch out. These are the best California king mattresses you can buy, according to our experts.

• Apps delivering malware to users to steal crypto found on iOS app store
• Some of these apps have thousands of installs across iOS and Android
• The 'SparkCat' campaign has been active since March 2024

Crypto-stealing malware dubbed ‘SparkCat’ has been discovered on iOS and Android app stores, and is embedded with a ‘malicious SDK/framework for stealing recovery phrases for crypto wallets’.

A report from Kaspersky has identified malicious apps, some with upwards of 10,000 downloads, that scan the victims gallery to find keywords - if relevant images are found, they are then sent to a C2 server.

This is the first time a stealer has been found in Apple’s App store, and this is significant because Apple reviews every entry to ‘help provide a safe and trusted experience for users’ - so these malware-infected apps show that the review process is not as robust as it should be.

Although aimed at stealing cryptocurrency wallet recovery phrases, Kaspersky notes that the malware is ‘flexible enough’ to steal other sensitive data from victim’s galleries - here’s what we know.

Multiple malicious apps

The ‘SparkCat’ malware campaign was first discovered in late 2024, and is suspected to have been active since March 2024.

The first app Kaspersky identified was a Chinese food delivery app, ComeCome. The app had over 10,000 downloads and was based in Indonesia and the UAE. The app was embedded with malicious content, and contained OCR spyware which chose images from the infected devices to exfiltrate and send to the C2 server.

This wasn’t the only infected app though, and researchers found that infected apps available in Google Play had been downloaded a combined total of over 242,000 times. In 2024, over 2 million risky Android apps were blocked from the Play Store, including some which tried to push malware and spyware - so although Google is improving its protections, clearly some still make it through.

In the app store, some apps ‘appeared to be legitimate’, like the food delivery services, while others had apparently been built to ‘lure victims’. An example of this, researchers outlined, is a series of similar AI-featured ‘messaging apps’ by the same developer, including AnyGPT and WeTink.

It’s not clear whether these infections are deliberate actions by developers, or are a result of supply chain attacks, but the report does note that the “permissions that it requests may look like they are needed for its core functionality or appear harmless at first glance.”

“What makes this Trojan particularly dangerous is that there’s no indication of a malicious implant hidden within the app” Kaspersky adds.

Mitigating malware

If you have one of the infected apps installed on your device, Kaspersky of course recommends removing it and steering clear until a fix is released - the list of infected apps can be found here.

There is software that can help protect your device, like antivirus software - and as a key part of this malware in particular is the exfiltration of sensitive data through screenshots, the best advice is to avoid storing passwords, confidential documents, or sensitive information in your gallery.

Instead, check out the best password managers to securely store your information, as these present a much safer and convenient option to keeping your passwords in your photos. Make sure you don’t reuse passwords on multiple sites, and change your passwords regularly to avoid a breach.

There are some tricks to avoid malware apps, and considering that dangerous malware apps have been found to have been installed millions of times, it’s always best to be safe.

First of all, be wary of the warning signs. Go through the feedback and reviews - especially the negatives, as it's likely someone else will have already flagged a bug. Be very suspicious of an app which asks for your existing social media credentials - as this could be criminals looking to hijack your account.

You might also like

• Check out our list of the 5 must-have Android apps
• “Everyone will experience a hack” - how incident response can protect your organization
• We've also rounded up the best free antivirus on offer right now

• A hiring company has reportedly left millions of CVs in a publicly accessible AWS bucket
• Foh&Boh has partnerships with leading food and hospitality services
• The dataset is now closed, but users may still be at risk

A dataset containing a staggering 5.4 million files has been discovered by researchers online, and is believed to be primarily CVs (resumes) from hiring giant Foh&Boh.

Researchers from CyberNews discovered the publicly accessible AWS bucket containing the exposed records, and after ‘multiple attempts to reach the company’, the dataset was closed.

It’s not clear whether malicious actors have accessed the dataset, but cybercriminals often have automated tools to scan the internet for unprotected instances, and immediately download them, so victims still face very real risks - here’s what we know so far.

Plenty of personal data

The hiring platform, Foh&Boh, aims to ‘find and recruit talent for the hospitality industry’, and partners with independent restaurants, franchises, hospitality groups, and ‘some of the world’s largest hotel chains. The platform boasts partnerships with industry giants like Nobu, Taco Bell, and KFC.

Of course, CVs contain personally identifiable information (PII), and the research team claims this leak includes full names, phone numbers, email addresses, social media links, and employment and education histories, among others.

The data was available online for a fairly significant period of time, with discovery on September 16, 2024, initial disclosure on October 22 2024, and the leak closed on January 8 2025.

This, like all data leaks, leaves those exposed in danger. Primarily, the concern is identity theft, especially since a CV hands over a comprehensive set of personal details over to potential attackers.

“The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks,” the researchers said.

This might sound familiar to some, as just two days ago on the February 4 2025, a large dataset containing over a million CVs stored by Valley News Live was discovered, so it's a pretty lousy week for jobseekers.

Data breaches have unfortunately become a part of life for anyone on the web. In 2024, one single breach leaked the details of 100 million Americans (although the total is now reported at 190 million - so almost 75% of US adults) - which just shows that no-one is safe.

Also a risk with breached credentials, is social engineering attacks. These commonly come in the form of phishing campaigns, and are designed around the information hackers have obtained, often appearing to know the victim personally or preying on people in difficult financial situations by offering ‘get rich quick’ scams.

“Attackers could craft highly personalized emails referencing specific job details or interests from the resumes, making their phishing attempts ever more convincing” the researchers said. “This targeted approach could deceive candidates more easily, exposing them to further risks.”

How to stay safe

To protect yourself from the risk of identity theft, it’s crucial to keep a close eye on all of your accounts. Monitoring your cards, statements, and transactions for any suspicious activity means that you can quickly identify any issues.

If a service you use has suffered a data breach, make sure you change your password - and probably your passwords to any site that would hold sensitive information. If you’d like some tips on how to choose a secure password, we’ve listed some here.

In short, include capital and lowercase letters, numbers, and special characters - and never reuse a password, especially for sites that carry important information like health or financial data.

If that all seems a little overwhelming, we’ve tested out all the best password managers and the best password generators to simplify the process.

Phishing attacks are most commonly delivered in the form of emails, so be very cautious of any email that urges you to take action, or one which rushes you to click a link or download a file.

Double check any domain names and email addresses, like supp0rt@google instead of support@google, as this is a big indicator that something may not be right.

We’ve made a comprehensive guide on how to spot a phishing email for anyone who wants to make sure they're wise to scammer’s tricks.

You might also like

• Check out our list of the best firewall software around today
• Scammers have a new phishing trick for iPhone users
• We've also rounded up the best malware removal software on offer right now

Two astronauts -- one in space, and one on Earth -- will discuss daily life on the ISS, and you can ask them questions in the chat.

• Windows 10 ESU will be available from November 2025 for three years
• It’ll cost $61 per year, with prices doubling annually thereafter
• Windows 10 is still preferred over Windows 11 by many users

With the official Windows 10 end of life deadline months away, Microsoft is still hoping users will opt to upgrade to its flagship OS, Windows 11, but it has also issued a series of notes detailing how users can continue to use the older software.

A newly-updated support document from the company has detailed the Windows 10 Extended Security Updates (ESU) program, including costs and eligibility.

Microsoft promises its ESU will continue to provide “critical and important security updates” for a period after Windows 10 loses support - but this will come at the expense of an annual subscription.

Windows 10 ESU details revealed

In the post, Microsoft revealed devices running Windows 10 22H2 will be eligible to participate in the ESU program, but stressed this would only include important security updates and not new features, non-security updates, design change requests or general support.

Users can enrol on the ESU program via the Microsoft Volume Licensing Program, and it’ll cost $61 per device for cover between November 2025 and November 2026. From thereon in, costs will double annually, but ESU membership terminates after three years. In other words, Windows 10 fans can buy themselves another three years of safe usage before they’re ultimately forced to run a potentially insecure OS or upgrade to Windows 11.

The company also added ESUs are cumulative, so you’ll need to have bought year one before upgrading to year two. If you decide at the start of the second year to get security updates, you’ll be able to join retrospectively by paying for the previous year’s coverage.

“Windows 10 PCs will continue to work, but we recommend customers upgrade eligible PCs to Windows 11 using Windows Autopatch, Microsoft Intune, or transition to a new Windows 11 PC for the best, most secure computing experience," the company added.

The rose among the thorns is that Windows 10 virtual machines running in Windows 365 or Azure Virtual Desktop will get Extended Security Updates free of charge.

However, even Microsoft’s best efforts haven’t deterred users from opting to stay on Windows 10 – the nearly-deprecated operating system accounts for 60% of all Windows installs (via Statcounter). Still, Windows 11 adoption has increased slowly in recent months to a 37% market share.

You might also like

• Consider upgrading to the best business laptops
• For something more powerful, how about the best mobile workstations and best workstations?
• Has the rush to upgrade to Windows 11 just begun? New stats show a marked uptick as Windows 10 End of Life looms later in 2025

• A new discovery highlights Microsoft's efforts in improving privacy while in incognito mode on Chrome
• The clipboard history is no longer saved on Cloud Clipboard
• Media previews of content viewed in incognito are hidden

Microsoft has been under pressure from many PC users (including myself) lately due to the litany of issues that Windows 11 24H2 has introduced - but for once it seems to have done something I, and others, approve of.

As highlighted by Windows Latest, one of Microsoft's previous updates disabled Google Chrome from saving clipboard history when browsing in incognito mode on both Windows 11 and Windows 10. It was previously possible to copy your content to the Cloud Clipboard, which allows you to cut and paste across devices on the same Google account, but this negated what incognito mode is used for.

While Chrome is Google's software, it didn't stop Microsoft from stepping in to make this change. If you're copying sensitive private data, it's not entirely ideal for users, especially since it's easy to forget you've done so.

The update also applies to viewing videos while in incognito on Chrome - normally, adjusting the volume from your keyboard (particularly on Windows 10) would display what content is being viewed with its title as a media preview. With this change, it now shows 'a site is playing media', making incognito work the way it's intended and allowing people to browse in privacy.

Now, just please fix Windows 11 24H2...

I'm pleased Microsoft has seemingly gone out of its way to ensure user privacy while using the clipboard - but I'm also hoping 24H2 can finally be rid of its issues soon.

I'm aware that it takes time to update and identify bugs , but I won't pretend it isn't frustrating when new patches seem to introduce new issues. Since it's clear Microsoft is slowly shifting its users away from Windows 10 for Windows 11, it's only right that the operating system is in top-tier shape.

For both desktop and handheld gaming PCs, we can only hope that this is the case - handheld PC gaming is quickly growing, and I'd hate to see more complaints and frustrations thrown around regarding Windows 11's functionality when Valve has SteamOS, which feels like it's getting more popular by the day...

You may also like...

• Windows 11’s Start menu search gets new, clearer labels, as Microsoft tries to avoid EU regulation trouble
• Best Xbox Game Pass games to play in 2025
• Microsoft’s new Surface for Business PCs have AI firmly at the core

The hosts of Uncanny Valley chronicle the TikTok ban saga and ask: What makes the app so uniquely vulnerable?

• DeepSeek’s V3 and R1 models are available through Huawei’s Ascend cloud service
• They are powered by the Ascend 910x accelerators banned in the US, EU and UK
• The pricing is much lower than offered by Azure and AWS who have started trialing DeepSeek

DeepSeek recently massively unsettled global markets with the launch of its open reasoning LLM, which was built and trained for a fraction of the cost of models from much larger US competitors, although OpenAI has since accused DeepSeek’s developers of using its models to train theirs.

A new paper had claimed DeepSeek’s V3 LLM was trained on a cluster of just 2,048 Nvidia H800 GPUs - crippled versions of the H100 designed to comply with US export restrictions to China. Rumors around DeepSeek’s newer reasoning model, R1, suggest it may have been trained on as many as 50,000 Nvidia “Hopper” GPUs, including H100, H800, and the newer H20, although DeepSeek hasn’t - and likely won’t - confirm this. If true, it raises serious questions about China’s access to advanced AI hardware despite ongoing trade restrictions, although it’s no secret there’s a thriving black market for advanced Nvidia AI hardware there.

Now, in a move that’s going to further shake Western firms, the South China Morning Post reports Huawei Technologies’ cloud computing unit has partnered with Beijing-based AI infrastructure start-up SiliconFlow to make DeepSeek’s models available to end users for an incredibly low price.

Powered by Huawei hardware

This collaboration, which was worked on during the Chinese Lunar New Year holidays, provides efficient, cost-effective access to DeepSeek’s V3 and R1 models through Huawei’s Ascend cloud service, which is powered by Huawei’s own homegrown solutions, including the controversial Ascend 910x accelerators which are banned in the US, UK and Europe.

Huawei has made no secret that it wants to become the Chinese Nvidia, and Huawei Cloud claims its performance levels are comparable to those of models running on premium global GPUs.

SiliconFlow, which hosts the DeepSeek models, has come out swinging with some aggressive pricing, offering it for 1 yuan (approximately US$0.13) per 1 million input tokens and 2 yuan for output tokens with V3, while R1 access is priced at 4 yuan and 16 yuan.

Microsoft added DeepSeek to its Azure AI Foundry a few days ago, and Amazon swiftly followed suit, adding the LLM to its AWS’ Bedrock managed service. AWS showcased the AI model using an ml.p5e.48xlarge instance, powered by eight Nvidia H200 GPUs delivering 1128GB of GPU memory. It’s early days for both cloud offerings though, and they work out much more expensive than SiliconFlow’s super-low pricing.

The collaboration between Huawei, SiliconFlow and DeepSeek highlights China’s broader strategy to strengthen its domestic AI capabilities while reducing reliance on Nvidia hardware.

The South China Morning Post notes, “The move to launch DeepSeek’s models on a homegrown hardware backbone highlights China’s progress in cutting dependency on foreign technology and bolstering its domestic AI industry amid growing efforts by the US to choke off China’s access to high-end chips that the US government said could be used to advance military aims.”

You might also like

• Check out our list of the best AI tools around today
• “This is a wake-up call" - the DeepSeek disruption: 10 experts weigh in
• AI phenomenon DeepSeek is officially growing faster than ChatGPT

• Disney Plus lost 700,00 subscribers this past quarter
• This is the first time the service has posted a quarterly subscriber drop
• But the service is making more revenue than ever

Disney Plus has lost 700,000 users since September 28, 2024, likely due to price increases and its password-sharing crackdown, but I have bad news for you: that’s not going to stop Disney from raising prices again. In fact, Disney’s tactics have been a complete success.

At first, it doesn’t look like a Disney win; after all, this would mark the first time it has posted a quarterly subscriber drop since the Disney Plus platform was launched. But this negative milestone isn’t significant when you get into the numbers.

Firstly, the platform now sits at 124.6 million users, down from 125.3 million, so 700,000 represents just over 0.5% of users leaving between its quarterly reports. Meanwhile, those price rises – which saw Disney Plus with ads go from $7.99 to $9.99 and the ad-free tier going up to $15.99 from $13.99 – represent a 25% and 14% hike, respectively, for each tier, so the remaining subscribers would more than cover the cost of people leaving.

(Image credit: AFM Visuals / Shutterstock.com)

But the real kicker for people hoping we could somehow convince Disney, Netflix, and the rest that price rises and password-sharing crackdowns are a bad idea is this: in researching this article, I found that Disney’s subscriber drop was from international Disney Plus users – not those in the US or Canada where these significant price hikes happened. In fact, US and Canada Disney Plus numbers rose by 800,000 this past quarter despite the hike.

So according to Disney’s earnings report, in the US and Canada, Disney Plus went from making an average of $431.2 million a month to $453.83 million, and overall, it went from $902.16 million to $940.73 million per month.

All this is to say, as loud as we all are about hating price hikes and not being able to share our passwords for free, companies are incentivized to keep doing it because, financially, it’s a clearly successful strategy. So even though Disney is expected to lose even more subscribers by its next quarterly report, don’t expect it to change course any time soon – and as much as I hate to say it, expect 2025 to include plenty more price hikes across the best streaming services, and more password sharing crackdowns too.

You might also like

• A Buffy the Vampire Slayer reboot could be headed to Hulu
• How to watch Super Bowl halftime show 2025
• These are the best Prime Video movies to stream today

The competition over generative AI search is heating up.

Are the Ape Escape monkeys coming back?

A place in the semifinals is on the line at the Estadio de Mestalla.

Night driving glasses claim to help you see at night when you are behind the wheel. But do they actually work, and are they safe?

Treat your guests to a luxurious night’s sleep on a hybrid or traditional innerspring mattress, leaving them feeling pampered while at your place.

The fourth season of the golf league tees off under lights in Saudi Arabia.