Technology

• Someone forked a popular database module and fitted it with malware
• The malicious fork was then cached and stored indefinitely
• It was then creatively hidden in plain sight to target Go developers

A software supply chain attack targeting developers on the Go platform was apparently hiding in plain sight for three years to spread malware, experts have warned.

Cybersecurity researchers from Socket Security uncovered and publicly spoke about the campaign, which started back in 2021, when someone took a relatively popular database module called BoltDB on GitHub and forked it. In the fork, they added malicious code, which granted the attacker backdoor access to compromised computers.

That instance was then cached indefinitely by the Go Module Mirror service.

Abusing Go Module Mirror

For those unfamiliar with Go Module Mirror, it is a proxy service operated by Google that caches and serves Go modules to improve reliability, availability, and performance. It ensures that Go modules remain accessible even if the original source is modified, deleted, or becomes temporarily unavailable.

After the instance was cached, the attacker changed the Git tags in the source repository, to redirect visitors to the benign version, essentially hiding the malware in plain sight.

"Once installed, the backdoored package grants the threat actor remote access to the infected system, allowing them to execute arbitrary commands," security researcher Kirill Boychenko said in his report.

Speaking to TheHackerNews, Socket said this is one of the earliest recorded instances of threat actors taking advantage of the Go Module Mirror service.

"This is possible because Git tags are mutable unless explicitly protected," Socket said. "A repository owner can delete and reassign a tag to a different commit at any time. However, the Go Module Proxy had already cached the original malicious version, which was never updated or removed from the proxy, allowing the attack to persist."

The malicious version ended up permanently accessible through the Go Module Proxy, Boychenko explained. "While this design benefits legitimate use cases, the threat actor exploited it to persistently distribute malicious code despite subsequent changes to the repository."

Boychenko said that he reported his findings and awaits for the removal of the malicious content: “As of this publication, the malicious package remains available on the Go Module Proxy. We have petitioned for its removal from the module mirror and have also reported the threat actor’s GitHub repository and account, which were used to distribute the backdoored boltdb-go package.”

You might also like

• Your cheap Netgear router might have some serious security flaws — here's what we know so far
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

The revolutionary dual-screened handheld just celebrated its 20th anniversary, but interest is still going strong.

In cybersecurity, defenders are often a victim of their own success. When enough organizations adopt a successful solution, threat actors adapt. For a long time, multi-factor authentication (MFA) was seen as one of the best defenses against password-based attacks. And this is still true today. However, a sharp increase in adversary-in-the-middle (AiTM) attacks means that MFA alone may no longer be enough.

Our annual State of the Threat Report highlighted a notable rise in AiTM attacks. You could see this as a positive step, resulting from wider use of MFA. But another driver for this growth is the ease and availability of access to the necessary software.

AiTM explained

AiTM attacks are a sophisticated method of intercepting and potentially altering communication between two parties, carried out without their knowledge. Increasingly we're seeing these attacks take the form of AiTM phishing attacks. This uses email or a messaging service to create the conditions for an attacker to intercept and manipulate communications between a user and a legitimate service in order to steal credentials and authenticated access tokens.

We’re used to seeing traditional phishing attacks which trick people into visiting fraudulent websites, where entered credentials are then stolen. But AiTM attacks level up on these phishing attacks, taking them a step further. Adversaries use sophisticated but easy-to-use frameworks to set up a server to sit between the person targeted and a real service. Luring victims to authenticate through this server, threat actors can steal the resulting access token. The attacks use reverse proxy servers to intercept the communication, break SSL/TLS encryption, and spy on the data exchange.

In practice, it looks like this – an individual will receive a phishing email that looks legitimate. And in fact, the link provided will take them to the actual website they are expecting, not a fraudulent site as you might expect. However, victims are taken to this website via a malicious reverse proxy server. When the authentication process takes place, the legitimate website provides the user with an authenticated token, or authenticated session cookie, to enable ongoing persistent access. And this is where AiTM attacks really differ from traditional phishing. In the case of AiTM, the malicious proxy server sees both the token and user credentials. Taking this token enables the threat actor to have continued access, bypassing any MFA and without having to reauthenticate.

Access enables attack

There are a number of sophisticated solutions available for free on the Internet and phishing kits can be hired on underground marketplaces and Telegram. Popular kits include Evilginx3, EvilProxy and Tycoon 2FA. These kits not only facilitate attacks, but also automate some parts, making it much easier and cost effective for threat actors to execute attacks.

Credentials form a crucial part of our online identities – both for high-value personal services, like banking, and also our work. Often these are protected by MFA, so even if a threat actor has the credentials, they can’t get any further. However, AiTM enables the theft of authenticated session cookies. These can be used directly in additional fraud and extortion including business email compromise, data theft extortion and ransomware.

Preventing AiTM threats

Before anyone panics, this isn’t a reason to get rid of MFA. Several of the major cyberattacks in 2024 could have been prevented if MFA was in place and it remains a crucial part of necessary defenses against cyberattacks.

However, it's important to have tools in place that are robust enough for changing threats. Phishing-resistant MFA is built on standards like FIDO2 and goes deeper than traditional MFA. This technology ensures tokens are only associated with the person and computer who completed the authentication process, effectively making the AiTM attack fruitless.

For individuals, it can be harder to spot these attacks due to the legitimate original service being passed through to the user. The attack infrastructure is essentially transparent. But there are strategies that can help employees remain secure. Encourage them to think about the initial interaction: Did they receive an email that prompted an urgent action? If they are being asked to follow links and authenticate, they should question whether the context is normal. If there’s any doubt, they should feel empowered to raise it with the internal team. Above all, encourage employees to always be cautious and curious.

We've featured the best authenticator app.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• AMD looks set to hit back against Nvidia amid speculation of a March launch for the RTX 5060 Ti and 5060
• The new Radeon RX 9000 series will launch in early March
• A press conference for the new GPU lineup is rumored to happen at the end of February

CES 2025 showcased what to expect regarding this generation’s GPUs, with Nvidia taking the spotlight at the convention with its new RTX 5000 series GPUs (currently sold out) - and now, AMD is finally about to join the race after the initial reveal of its new GPUs.

As reported by VideoCardz, AMD’s CEO Lisa Su confirmed the Radeon RX 9000 series GPUs will launch in March after previous reports that the lineup would, and just days after rumors of Nvidia’s RTX 5060 Ti and 5060’s potential launch began circulating. The RDNA 4 architecture for the upcoming GPUs promises to enhance ray tracing performance while utilizing Team Red’s new FSR 4 feature for greater image stabilization when upscaling.

VideoCardz also recently relayed rumors of AMD holding an RX 9070 series press conference at the end of February - considering the activity from its main rival Nvidia, it’s about time for AMD to properly enter the picture and show us all how its new lineup of graphics cards stack up against Team Green’s. From what we’ve already seen, the Radeon RX 9070 XT doesn’t appear to be a midrange GPU, supposedly providing top-tier performance at native 4K without using FSR.

Since Nvidia’s aggressive pricing for its premium GPUs could be a dealbreaker for many, AMD has the chance to gain an advantage in the GPU race with more affordable prices (especially if those initial performance results are accurate).

Time for another showdown between Lisa Su and Jensen Huang... who, just incidentally, are actually cousins. (Image credit: AMD) Is this a reaction to speculation on Nvidia’s RTX xx60-class launch rumors?

While it's definitely possible that AMD had already planned for launch in March as most reports suggested, this feels like smart timing from Team Red. It’s obvious that Nvidia is in the lead with its RTX 5000 series GPU lineup (as it has been for a while now), and the rumors of an RTX xx60-class launch in March would directly rival AMD’s potential hype.

The end of this month feels like the ideal time to unveil the new Radeon RX GPU lineup, but there’s also a strong chance that Nvidia will end up doing the same thing. We’ve only seen the RTX 5090, 5080, 5070 Ti, and 5070 (with the latter launching on a currently undisclosed date later this month), so it’s only a matter of time before we see the RTX 5060 Ti and 5060.

Personally, I’m hoping AMD’s new GPUs can provide a strong alternative for gamers to Nvidia’s cards, as the GPU market is very much in need of competition - if strong competition comes in the form of high-tier performance at generous prices, it could lead to some potential RTX buyers turning their heads to reconsider. We’ll just have to wait and see what Team Red has in store for us…

You may also like...

• Nvidia's new Smooth Motion technology is exclusive to RTX 5000 series GPUs, but not for long - RTX 4000 series support incoming
• The best AMD graphics card in 2025: top GPUs from Team Red
• Intel is taking the budget GPU market by storm - leaked Arc B570 benchmark shows solid performance for a very reasonable price

As technology evolves, cybercriminals are finding ever more sophisticated ways to exploit it. One of the most insidious developments to date is the rise of deepfakes — realistic but ultimately fake audio, video, or images created using artificial intelligence (AI). These tools are enabling bad actors to launch highly convincing impersonation scams, from imitating the voices of executives to creating fake videos that bypass verification processes.

With deepfake technology beginning to get easier and cheaper to obtain, the tools - once seen as a novelty in entertainment – are increasingly being leveraged for fraud, disinformation and cybercrime. And with AI technology evolving at breakneck speed, deepfakes are becoming increasingly convincing and accessible. In fact, Ofcom recently revealed that 43% of UK internet users believed they had experienced a deepfake in the first half of 2024.

It goes without saying that the challenge of defending against deepfakes is growing. While financially lucrative organizations were the primary targets of such attacks - thanks to the time and effort needed to deploy the tools - cyber criminals are now able to widen their net to smaller businesses.

To stay ahead, businesses of all sizes must understand how deepfake threats operate and adopt advanced technologies, training, and practices to combat them effectively.

Understanding the deepfake threat

We recently conducted research on the security stature of UK SMEs, which uncovered a number of concerning insights. Cyber breach fears were found to be on the rise for 86% of workers in UK SMEs, with AI being the primary driver of concern when it comes to cyber risks in the workplace.

Despite this growing awareness, AI-powered deepfakes manipulate audio and visual media that can dupe even the most careful viewers or listeners. For example, attackers may use deepfake audio to mimic a CEO’s voice, instructing an employee to transfer funds to a fraudulent account. In one reported case, this tactic successfully duped an organization into wiring $243,000 to a scammer.

Beyond financial scams, deepfakes can destabilize organizational trust. A deepfake impersonating a cybersecurity leader during a data breach could manipulate an organization's response, leading to unauthorized access to sensitive information. As businesses rely more on digital and remote communication, such attacks can erode confidence in the integrity of day-to-day operations.

The growing accessibility of deepfake tools

The increasing availability of deepfake technology is compounding the threat. What was once the domain of advanced technical experts is now within reach of less-skilled attackers. Open-source AI tools and online tutorials make it easier than ever to create convincing deepfake content, offering cybercriminals a broader arsenal of attack methods.

As a result, organizations of all sizes are at risk. While large enterprises are often high-profile targets that make news headlines, smaller businesses are frequently being targeted by organized criminal networks due to their typically weaker security measures. The National Cyber Security Council recently warned that severity of the threat facing the UK is – worryingly – underestimated by organisations from all sectors. Right across the country, basic cyber security practices are too often ignored.

Fighting back: tools and strategies

As deepfake threats become more sophisticated, organizations need to adopt a multifaceted approach to defense. Our latest research found that, alarmingly, 43% of employees in UK SMEs haven’t had any form of training regarding cybersecurity in the last year, despite the rapid emergence of new threats. Unsurprisingly, only a third of UK employees are confident that they could even spot a cyber threat.

A combination of advanced technologies, improved security protocols, and targeted employee training can significantly reduce the risks. Modern tools and techniques are advancing to counter the rise of deepfake manipulation and enhance identity verification. AI-powered detection systems use machine learning to identify tell-tale signs of manipulation, such as inconsistencies in facial shadows, unnatural pauses in speech, or irregularities in lip-syncing. Meanwhile, behavioral biometrics are redefining identity verification by analyzing dynamic actions like typing speed, mouse movements, and interaction patterns, going beyond static identifiers like fingerprints or facial recognition. To strengthen security further, dynamic multi-factor authentication (MFA) is becoming essential. Adaptive systems, such as those from Duo Security and Okta, incorporate real-time challenges like one-time PINs or live video verifications and adjust based on unusual activity. These innovations are critical in combating deepfake threats and safeguarding digital trust.

Training teams to recognize and respond

While technology plays a crucial role in combating deepfakes, human vigilance is equally important. Awareness programs for employees are key to this. Teams should be regularly educated on the growing use of deepfakes in cybercrime, from fraudulent requests for financial transfers to phishing scams. Recognizing the signs of suspicious activity, such as unusual requests or unverified communications, can help employees – and their employer – avoid falling victim.

Businesses should also consider educating employees through real life simulations, enabling them to understand what a deepfake attack could look like in a controlled environment. We for example, we use AI tools to create social engineering simulations, helping staff identify the hallmarks of sophisticated attacks. The deepfake threat is constantly evolving, so training must be ongoing. Incorporating the latest examples and trends into educational sessions ensures employees stay informed and prepared.

Building a proactive defense

Defending against deepfakes requires more than reactive measures. Organizations must adopt a proactive approach that combines robust technology, comprehensive training, and a culture of vigilance. With deepfake tools becoming easier to use, attackers may begin focusing on companies they perceive as less prepared.

The UK has one of the world’s most advanced digital economies which relies on having a secure digital infrastructure. By combining advanced detection tools, biometric verification, and a vigilant workforce, organizations can build a strong defense against deepfake threats, protecting both their operations and their reputation. The key is to act now and stay one step ahead of the ever-evolving cybercrime landscape.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Today’s ever-evolving digital landscape, characterized by hyper connectivity and big data, has most recently made the global race for AI innovation unavoidable for organizations. Meanwhile, the agenda in the boardroom continues to evolve, shifting focus from prioritizing data accessibility to championing data confidentiality – recognizing that true innovation extends beyond mere access to cutting-edge technologies.

The growing recognition of data as a strategic asset has elevated its role in shaping national security policies and economic strategies. This evolution reflects the increasing reliance on AI-powered technologies, which are becoming integral to critical infrastructure, global competitiveness and societal development.

Amid this shift, sovereign cloud has emerged at the forefront of innovation, positioning itself as a powerful solution for those that are aiming to strike a balance between the benefits of unrestricted data flows and the imperatives of national sovereignty and security. Beyond its national significance, adopting these frameworks offers tangible benefits for end customers. In an era where customer loyalty is increasingly fragile, fostering trust through transparent data practices and empowering users with control over their personal information is paramount. Sovereign cloud equips organizations with the means to achieve these objectives while maintaining alignment with security and governance priorities.

Embracing the Sovereign Cloud era

Sovereign cloud redefines cloud infrastructure and services, offering a fresh perspective on data governance. As organizations navigate the dual priorities of global connectivity and safeguarding domestic interests in the digital realm, sovereign cloud frameworks set a new paradigm. These frameworks are designed to encourage digital collaboration and innovation while safeguarding local data, protecting propriety software and ensuring compliance with local, national, and European-wide jurisdictions.

Driven by regulatory demands, this approach is already making a profound impact across Europe, not only enabling regions to harness its collective data resources for global economic advantage but also empowering nations to assert greater control over their digital futures.

Cloud Service Providers (CSPs) across the region are pivotal to the success of sovereign cloud but, getting sovereign cloud ‘right’ can be challenging – especially when trying to straddle evolving residency and sovereignty requirements, tightening budgets, siloed infrastructures, and skills challenges.

So how do CSPs set themselves up for success? Ultimately, there are three key considerations to ensure their sovereign clouds live up to their promise:

Creating a roadmap for Sovereign Cloud adoption

Data sovereignty ultimately requires balancing security, privacy, and interoperability. But as GigaOm’s Jon Collins pointed out at the European Sovereign Cloud Day event in Brussels in September last year, it is essential to understand the key organizational drivers of sovereignty – including societal, regulatory, and architectural factors – when shaping your vision for successful sovereign cloud adoption.

To create a successful roadmap for sovereign cloud adoption, it’s imperative to first define what ‘sovereign success’ means in relation to data, operations and infrastructure. This clarity not only helps guide organizations but also enables customers to see the key principles of sovereignty and show how they align with their specific needs. The process should begin by assessing current practices and identifying areas that need improvement. This foundational step ensures that organizations can protect their data, leverage it for business objectives, comply with regulatory requirements and meet broader societal expectations.

Paving the way for collaboration

Best practices in sovereignty can produce a significant competitive advantage, demanding the highest standards that go beyond mere regulatory compliance. It’s fundamental to evaluate frameworks against others to ensure full alignment with cloud principles. While meeting the minimum requirements may seem sufficient, it doesn't necessarily guarantee long-term success. True effectiveness stems from adopting comprehensive, well-maintained standards and ensuring that all parties are committed to the same principles. This approach should be mirrored in the sovereign cloud space, where CSPs work towards shared frameworks and standards that foster a unified European data space for innovation.

Similarly, don’t be afraid to engage with local and regional partners to build truly robust sovereign frameworks for data sharing. Interoperability and portability will be crucial to our shared success, so it’s in all of our interests to work together to test, iterate and elevate our frameworks to new heights. The most successful initiatives are those designed to develop and implement sovereign cloud solutions at national and European levels, for instance, showing the marked difference between what European Union and non-native frameworks can deliver, which are pivotal to fostering game-changing innovation.

Adapting with flexibility

Laying the foundations for success is crucial, but it’s important to remember that the principles of sovereign cloud are not fixed. As regulatory and business environments evolve, these principles must also remain adaptable. Staying informed about changing regulations and having the ability to adjust strategies accordingly, keeps the roadmap flexible to accommodate future shifts.

Above all, don’t miss the opportunity to highlight your strategic differentiation. Keep in mind, sovereign cloud is no longer just a transactional conversation. It’s about forming strategic partnerships and making long-term investments that foster ongoing excellence. While the technology stack and software remain the same, the ability to offer services through your own sovereign cloud will set you apart.

Driving value through this opportunity

The opportunity offered by sovereign cloud is both transformative and essential for creating a foundation for sustainable digital growth. As we look ahead, the role of sovereign cloud will only increase in significance, acting as a vital link between technological progress and national priorities. Achieving success will demand a clear and forward-thinking vision, a steadfast commitment to standardization and collaboration, and the agility to navigate evolving regulations and market dynamics. For businesses, governments, and individuals alike, adopting sovereign cloud represents a pivotal step toward a more secure, transparent, and innovative digital future. For CSPs, this journey toward shaping that future is only just beginning.

We've featured the best cloud storage.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Netgear found two flaws affecting WiFi access points and routers
• To mitigate them, it released new firmware for the devices
• The company urged users to apply the fix as soon as possible

Netgear has confirmed recently fixed a number of critical-severity vulnerabilities, plaguing multiple access points and routers.

Since the bugs can be exploited in attacks requiring no user interaction, and could result in remote code execution (RCE), Netgear urged its customers to apply the released fixes without delay.

A Netgear security advisory noted the two flaws are internally tracked as PSV-2023-0039 (a remote code execution flaw), and PSV-2021-0017 (an authentication bypass flaw). They affect these WiFi 6 access points and Nighthawk Pro Gaming Routers: XR1000, XR1000v2, XR500, WAX206, WAX220, and WAX214v2.

Reaching end-of-life status

"NETGEAR strongly recommends that you download the latest firmware as soon as possible," the company said in the security advisory, before giving a step-by-step tutorial on how to download and install the latest firmware for Netgear routers.

"NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification,” it warned.

Internet routers and WiFi access points are among the most attacked devices because they serve as the gateway between a local network and the internet. They are also often considered a “low hanging fruit” in cyberattacks, since many have default credentials, outdated firmware, or weak security configurations. In many instances, users keep their devices past their end-of-life date, losing support and exposing themselves to known vulnerabilities.

Attackers can use compromised routers for botnets, man-in-the-middle attacks, DNS hijacking, or data interception. Since routers operate 24/7 and control network traffic, an attacker who gains control can redirect users to malicious sites, steal credentials, or deploy malware across networks.

Due to its popularity, Netgear is a popular target for hackers. In June 2024, a popular budget-friendly Netgear small business router was found vulnerable to half a dozen flaws that could lead to the theft of sensitive information, and possibly even full device takeover. The device reached its end-of-life, so Netgear did not bother releasing a patch.

You might also like

• A worrying security flaw could have left Microsoft SharePoint users open to attack
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

• LinkedIn says video creation is growing 2x faster than other post formats
• An improved full-screen viewer has been added to LinkedIn on desktop
• Creators can also see even more detailed analytics

LinkedIn has tweaked some of its video settings and tools to help creators reach larger audiences and gain a better insight into performance.

Noting a 36% year-over-year increase in video watch time on the site, Director of Product for Video, Games, and Moonshots, Lakshman Somasundaram, said video creation is growing at twice the rate of other post formats.

As of summer 2024, vertical videos get displayed in a full-screen experience, and the platform has also experimented with a new ‘Videos for You’ module within the home screen feed - and this latest update now also brings those two features to desktop environments.

LinkedIn is betting on videos

“We’re working hard to have the videos you publish get noticed, get seen, and get you the success you’re looking for," Somasundaram added.

Subtle changes have also been made to how search results display relevant content, which now includes videos in a swipeable carousel.

While content creators can (and do) monetize their videos on other platforms, Somasundaram expressed an understanding for why LinkedIn’s users are using the platform in the first place – they want more followers, inquiries about service offers and InMails that can lead to career opportunities.

The full-screen video player has been updated with a clearer follow button and a profile preview to give scrollers a quick oversight of the creator, where they can view other videos without leaving the player.

For creators, average watch times have been added to the analytics page, which also includes impressions, total views and engagement.

Despite forging its own way as a business networking and job-sourcing platform, armed with increasing amounts of AI and backing from Microsoft, LinkedIn is still releasing updates to keep it on the radars of other social media users.

Looking ahead, Somasundaram indicated that more feature updates will continue throughout 2025 as the platform dips its toes even further into video, following mounting pressure from the likes of TikTok and Instagram.

You might also like

• Keep track of your posts with the best social media management tools
• Check out the best free video editing software
• LinkedIn now wants to be more like...TikTok?

• Nintendo has revealed the times its Nintendo Switch 2 Direct will air
• Expect to watch it on April 2 at 6am PT / 9am ET / 2pm GMT / 3pm CEST
• No other details have been revealed about the Direct's contents so far

We now have an official time for the April 2 Nintendo Switch 2 Direct, and it perhaps unsurprisingly falls in line with historical Nintendo Direct air times.

Announced by Nintendo's regional social channels on X / Twitter, the April 2 Nintendo Direct - which is set to be a full reveal and deeper dive on Nintendo Switch 2 - will go live at 6am PT / 9am ET / 2pm GMT / 3pm CEST. This is about standard for most Nintendo Direct presentations, which typically air in the morning in the US and the afternoon for UK and European folks.

Before this, we only had that general April 2 live date to go off, which was revealed in the official Nintendo Switch 2 announcement trailer. Now, we have actual times set in stone, which will make it easier for budding viewers to plan their days around the presentation (or, you know, book the day off work which I will sadly not have the luxury to do. Sigh).

Join us on April 2nd at 6am PT for #NintendoDirect: Nintendo Switch 2 – 4.2.2025, where we will share a closer look at #NintendoSwitch2.► https://t.co/XCecVa9Zid pic.twitter.com/ACu5pZUd0DFebruary 5, 2025

As for what we'll see during the Nintendo Switch 2 Direct, the company remains tight-lipped. While we probably won't get an exhaustive specs breakdown - at least not the kind you'd see from, say, PlayStation's Mark Cerny - it should give us a better idea of what improvements we can expect over the base Nintendo Switch hardware.

There are likely to be plenty of new game reveals, however, as well as the potential of an official launch date for the system. We already know a brand new Mario Kart game is on the way thanks to the Switch 2 announcement trailer, but could we also get updates on Metroid Prime 4 Beyond and Pokémon Legends: Z-A? Both are still slated for a 2025 release, so one can certainly hope.

You might also like...

• Monster Hunter Wilds' second open beta kicks off this week, will let players fight flagship monster Arkveld and create private lobbies
• We're probably getting Madden and EA Sports FC on Nintendo Switch 2, as EA's CEO says the franchises 'could find real energy' on the upcoming console
• Nintendo is already preparing for Switch 2 scalpers ahead of the console's release

From tower and pedestal styles to utilitarian box fans, these are our WIRED-tested favorites.

I switched out my Casper Select mattress for the Helix Midnight Luxe and my body thanked me.

• The first trailer for Jurassic World Rebirth has been released online
• Rebirth will see Scarlett Johansson lead an all-star cast in a story set five years after Jurassic World Dominion
• Universal's dinosaur-centric film series returns in theaters worldwide on July 2

The first trailer for Jurassic World Rebirth has roared its way online. And I don't know about you, but I get the feeling that it'll be a return to form for Universal Pictures' dinosaur-starring movie series – and I'm not just saying that because of its clear ties to Jurassic Park.

Rebirth, which will be the seventh film in the sci-fi action film franchise, is aiming to, well, breathe new life into the multi-billion dollar-spinning movie brand after some not-so-well received instalments. Heck, you only needed to read my scathing review of Jurassic World Dominion for an example of how the franchise bag has been fumbled in recent times.

But I digress. You're here to watch Rebirth's first teaser, aren't you? Check it out below:

What is the plot of Jurassic World Rebirth?

Scarlett Johansson's Zora is Rebirth's protagonist (Image credit: Universal Pictures)

Per a Universal press release, the latest film in the Jurassic series is set five years after the events of Dominion. Despite their attempts to co-exist with humanity, dinosaurs have struggled to adapt to planet Earth, especially from an ecological standpoint. Those that remain now populate various islands that sit close to or on the equator, due to how similar their climates are to weather conditions that existed tens and hundred of millions of years ago.

However, humans just don't know when to leave these fierce, skyscraper-sized reptiles alone. Indeed, the crux of Rebirth's plot is this: the DNA of the world's three biggest dinosaurs apparently hold the key to creating a life-saving drug that could benefit humanity for eons. Thus begins an expedition to an archipelago – one that housed a research facility for the original Jurassic Park (yep, the very one situated on Isla Nublar in Steven Spielberg's 1993 classic) – to track down these beasts and extract their genetic code.

Who's part of the Jurassic World Rebirth cast?

Mahershala Ali (center) is another big name actor attached to Jurassic World Rebirth (Image credit: Universal Pictures)

The Jurassic film franchise is renowned for its star-studded casts. From the original trilogy's, erm, iconic trio of Sam Neil, Laura Dern, and Jeff Goldblum, to the first set of World movies that featured Marvel alumnus Chris Pratt and actor-turned-Star Wars director Bryce Dallas Howard and many more besides, A-listers have appeared in their droves to get their fill of these dinosaur action-driven flicks.

Jurassic World Rebirth has assembled its own cast of talented individuals, especially in front of the camera. Scarlet Johansson, who's best known for playing Black Widow, aka Natasha Romanoff, in the Marvel Cinematic Universe (MCU), is one of the new movie's lead stars. In it, she'll play skilled covert ops expert Zora Bennett, who's enlisted by paleontologist Doctor Henry Loomis (Bridgerton alum Jonathan Bailey) and Big Pharma representative Martin Krebs (Anatomy of a Scandal's Rupert Friend) to lead said expedition.

Oscar winner Mahershala Ali is also on board as Duncan, Zora's most trusted lieutenant, as is Manual Garcia-Rulfo (star of Netflix's The Lincoln Lawyer) as Reuben, the father of a shipwrecked civilian family. Rounding out Rebirth's supporting cast are Luna Blaise (Manifest), David Iacono (The Summer I Turned Pretty), and Audrina Miranda (Lopez vs Lopez) as Reuben's family, as well as Philippine Velge (Station Eleven), Bechir Sylvain (BMF), and Ed Skrein (Rebel Moon), who are Zora and Duncan's fellow operatives.

Gareth Edwards is on directing duties for the first entry in what's been planned as another Jurassic film trilogy. His filmmaking credits include 2014's Godzilla and 2023's The Creator, so he seems an ideal choice to bring sci-fi spectacle and deadly, titanic monsters to the big screen once more.

When is Jurassic World Rebirth's release date?

The latest Jurassic movie will make its theatrical debut in mid-2025 (Image credit: Universal Pictures)

If you skipped over the bullet point list at the start of this article, Jurassic World Rebirth will bare its teeth in theaters worldwide on July 2, 2025.

It won't be the only blockbuster to arrive that month, either. James Gunn's Superman movie, which marks the true beginning of the DC Universe (DCU) will take flight in cinemas globally just over a week later on July 11. Then, on July 25, The Fantastic Four: First Steps, the first Marvel Phase 6 film, will make its silver screen debut. Start saving your pennies now, everyone, because July is going to be an expensive one for all of us cinephiles.

You might also like

• See if you agree with our ranking of the best Jurassic movies
• The Fantastic Four: First Steps trailer has achieved lift-off as Marvel reveals first-looks at its iconic First Family, Galactus, and John Malkovich's mystery character
• Check out my spoiler-light review of Invincible season 3

• Monster Hunter Wilds' PS5 Pro enhancements have been revealed
• The console will offer three different performance modes
• Prioritize Framerate will feature 60FPS but won't have ray tracing

Capcom has revealed the PS5 Pro enhancement details for Monster Hunter Wilds.

Following Capcom's Spotlight + Monster Hunter Wilds Showcase yesterday, which offered a brand new look at the upcoming game ahead of the its release, the company has provided the system features for PS5 Pro.

It's confirmed that the console will offer three performance settings, including Prioritize Resolution, Balanced, and Prioritize Framerate. Ray tracing will be enabled for the first two, but disabled for the latter, and each one will output at different frame rates.

Prioritize Resolution will offer 30FPS, Balanced will have 40FPS, while Prioritize Framerate will feature the highest at 60FPS. It's noted, however, that "frame rate may drop in situations of high system load".

Thanks to the PS5 Pro's AI-upscaling technology, PlayStation Spectral Super Resolution (PSSR), the visual quality of Monster Hunter Wilds will also be boosted while maintaining performance "for an ultra-smooth image" when playing.

Capcom also revealed the details about Monster Hunter Wilds' second open beta test. It's set to begin on February 6 and will run across two weekends ending February 16.

Players who download the open beta client will be able to try out some of the game's features ahead of time, including the Training Area exclusively built for solo play, private lobbies, and online single-player mode, and even take on the flagship monster Arkveld.

Content from the previous open beta test held in November will also be featured, including the character creator, story trial, and a Dogshagma Hunt.

Monster Hunter Wilds launches on February 28 for PS5, PS5 Pro, Xbox Series X, Xbox Series S, and PC.

You might also like...

• Best RPGs 2025 - top role-playing games for PC and consoles
• Age of Empires 2: Definitive Edition and Age of Mythology: Retold are coming to PS5 this year
• An all-digital PS6 doesn't seem possible, according to ex-PlayStation boss Shawn Layden: 'I think it would be hard for them to go fully disc-less'

Potentially massive delivery disruptions were expected when the suspension was announced but mail service is now back to normal.

• Hulu has ordered a pilot for a revival of the cult TV show Buffy the Vampire Slayer
• Sarah Michelle Gellar is set to return as Buffy Summers, with Oscar-winner Chloe Zhao eyed up to direct
• Original show producers Fran and Kaz Kuzui will return, but Joss Whedon will not be involved

Since Buffy the Vampire Slayer ended with its seventh season over 20 years ago, not only has it become one of the best Hulu shows but a potential revival of the supernatural cult series starring Sarah Michelle Gellar has been bubbling away for some time. Now, it seems as though the Buffyverse is about to be expanded once more (with feeling) thanks to a pilot order from Hulu - and you bet that I can’t wait to sink my teeth into it.

Returning to the role that made her a household name, Sarah Michelle Gellar will star as Buffy Summers on one of the best streaming services, with Oscar-winning director Chloe Zhao (Nomadland) eyed up to take the reins on the pilot episode with Nora and Lilla Zuckerman (Poker Face) lined up as writers. But one of the more exciting parts of its production team is the addition of Gellar herself as executive producer, in addition to the return of the original show’s producers Fran Kuzui and Kaz Kuzi. Original show writer Joss Whedon won’t be returning, which is only appropriate given his misconduct allegations.

Whether or not the original scooby gang members Willow (Allison Hannigan), Xander (Nicholas Brendan), and Giles (Anthony Stewart Head) will make a comeback is yet to be determined, but for now, the news of Gellar’s return is enough to lock me in.

(Image credit: 20th Century Fox) What’s next for Sunnydale?

In retrospect, the scale of the Buffyverse has grown since its final episodes aired in 2002 and 2003 with Buffy’s adventure continuing in the comic book series, and of course not forgetting its spin-off series Angel (1999-2004). Therefore, when it comes to its Hulu revival, there are many paths that Zhao and fellow executive producers could go down to relight the Buffy fire.

Following the news of the pilot order, The Hollywood Reporter has briefly touched on which direction Hulu’s Buffy the Vampire Slayer revival will take and has stated that it could focus on a new central character - another young slayer. Despite the golden rule of the Buffyverse being that there’s only one slayer at a time, the Hulu reboot could flip this on its head and explore the possibilities of there being multiple slayers just as its final episode did. With a new central slayer in place, this means that Buffy’s character will sit on the sidelines, however, in spite of Sarah Michelle Gellar’s previous stance on a Buffy the Vampire Slayer reboot I’m surprised her character is returning altogether.

An exciting return, or a nerve-wrackingly ambitious project?

In short, the answer is both. Being a huge fan of the original Buffy show, there’s no lie that I’m very excited to relive watching the show for the first time again, but now that it’s finally coming together I can’t help but wonder, what changed?

An official reboot was never really on the cards despite fans desperately craving one, and even Gellar (Buffy Summers herself) had never considered returning until now, having recently shared in an interview with The Hollywood Reporter; “I always used to say no, because it’s in its bubble, and it’s so perfect,” she said during an appearance on The Drew Barrymore Show. “But watching Sex and the City (sequel And Just Like That) and seeing Dexter, and realizing there are ways to do it, definitely does get your mind thinking, ‘Well, maybe.’”

I think that when it comes to TV shows that have amassed a cult following like Buffy the Vampire Slayer, a reboot is inevitable which is an exciting proposition, yet one that could easily crumble if not executed perfectly. As it stands, shows like And Just Like That have taken to the art of the reboot by modernising its approach to characters and story while maintaining that familiar charm we love in the original Sex and the City series. If they want a successful Buffy the Vampire Slayer reboot, in my opinion all they have to do is bring back James Marsters as Spike, and it’s all 10s from me.

You might also like

• 5 new Hulu movies with over 90% on Rotten Tomatoes I'm excited to watch in February 2025
• The Fantastic Four: First Steps trailer has achieved lift-off as Marvel reveals first-looks at its iconic First Family, Galactus, and John Malkovich's mystery character
• Hulu drops full trailer for A Thousand Blows and Stephen Graham's performance already has me hooked

Get rid of old, broken, and unused devices—even Lightning cables—without adding to the e-waste problem.

• The Australian Home Affairs department has banned the use of DeepSeek
• India's finance Department has also warned against its use
• Concerns have arisen over the privacy and safety of AI models

The new DeepSeek AI chatbot has been making headlines, and even briefly became the world’s most popular chatbot within 10 days of its launch - overtaking existing models like ChatGPT and Gemini.

However new research has claimed the DeepSeek chatbot is ‘incredibly vulnerable’ to attacks, sparking national security concerns which have caused Australia’s Department of Home Affairs to ban the use of the model on federal government devices.

The policy, issued on the February 4 2025, determines the use of DeepSeek products and web services ‘poses an unacceptable level of security risk to the Australian Government’ and warns that departments must manage the risks from the ‘extensive collection of data’ and the exposure of the data to ‘extrajudicial directions from a foreign government that conflict with Australian law’.

Following the trend

Australia isn’t alone in this. India’s finance ministry has also asked its employees to avoid using any AI tools, like DeepSeek and ChatGPT for official purposes, and have cited the risk to confidential government documents and data.

Similarly, the US Navy banned the use of DeepSeek in ‘any capacity’ due to ‘potential security and ethical concerns’, and Italy’s data protection authority said it ordered DeepSeek to block its model in the country after the company failed to address the regulator’s privacy policy concerns, only providing information that the regulator found ‘totally insufficient’.

AI companies, like ChatGPT and DeepSeek collect vast amounts of data from all corners of the internet to train their chatbots, and have run into trouble against data privacy laws around the world.

Beyond that, some models have worrying privacy policies. For example, OpenAI has never asked people for consent to use their data, and it’s not possible for individuals to check what information has been stored.

You might also like

• Take a look at our pick of the best AI tools around
• Check out our recommendations for best AI website builders
• “This is a wake-up call" - the DeepSeek disruption: 10 experts weigh in

More than 8 companies out of every 10 have admitted to actively spying on their employees in the UK. Yet, over half of British workers said they would be ready to quit their jobs if subjected to workplace surveillance.

These are the tensions rising across the UK workspace revealed by the latest research conducted by ExpressVPN, one of the best VPN providers on the market.

"These findings highlight an urgent need for greater transparency and trust in the workplace," said Lauren Hendry Parsons, Privacy Advocate at ExpressVPN.

The boom of bossware tools

While we're all accustomed to physical surveillance in the workplace – think about all the security cameras or your personal badge – remote work surveillance isn't as visible. Yet, as remote working gets more widespread, bosses are finding new ways to monitor their employees.

Known as bossware (portmanteau of boss and spyware), it refers to software installed on workers' devices to monitor their activities. This may include the websites they visit, the apps they use, keystrokes, and even screen monitoring to gauge performance and productivity levels.

The team of privacy experts interviewed 1,000 employees and 1,000 employers all across the country to discover their attitudes toward this rising trend, unveiling a clear discrepancy between British bosses and employees.

As mentioned earlier, 85% of employers in the UK admitted to using some form of online monitoring. Not only that, nearly three-quarters of UK bosses (72%) said they were more comfortable with in-person work as it requires less surveillance.

(Image credit: ExpressVPN)

On the other hand, British workers have expressed concerns about workplace surveillance, with the vast majority (79%) arguing that the government should better regulate the use of bossware technologies.

Almost half of the respondents (42%) believe online communications monitoring, such as emails, chats, and video calls, to be unethical. Yet, 45% of employees suspect that they've already been the object of workplace monitoring.

Worryingly, even more Brits (46%) said that the prospect of their boss spying on their online activities and communications has an impact on their stress and anxiety levels. A few respondents (17%) would even be willing to take a 25% pay cut to avoid being monitored.

According to Parsons, employers must find a balance between enabling productivity and respecting employee privacy, no matter where their employees are working.

She said: "Over-surveillance can lead to a toxic work environment, increased stress, lower productivity, and ultimately, higher turnover rates. It’s essential for organizations to adopt transparent and ethical monitoring practices that prioritize the well-being of their employees."

Therabody’s at-home muscle stimulator is brilliant in theory but is plagued with connectivity issues.

• Regardless of rowing back on its decision, the USPS is still thought to have new obligations to inspect incoming parcels from China and Hong Kong
• 'De minimis' rule previously granted exemptions to parcels valued under $800 from customs duties and inspection
• Chinese sellers on popular ecommerce platforms and their customers get a reprieve from an intensifying trade war between the US and China

Update 02/05/2025:

Hours later, the USPS has now confirmed (via CNBC) that, effective immediately, it will resume accepting packages from China and Hong Kong.

“The USPS and Customs and Border Protection are working closely together to implement an efficient collection mechanism for the new China tariffs to ensure the least disruption to package delivery,” it wrote in an update to its website.

Original story follows.

The United States Postal Service (USPS) has begun rejecting international parcels from China and Hong Kong following the former’s introduction of tariffs on US imports in retaliation against President Trump’s own introduction of a 10% tariff on Chinese imports.

In a short statement (via CNN), the USPS said the measure would be in place until “further notice”, but also, “the flow of letters and flats from China and Hong Kong will not be impacted”.

The move is almost certainly going to impact the day-to-day business of ecommerce platforms such as Temu, Shein, Wish and AliExpress, who often rely on sellers from these territories to list products that are often shipped as small parcels.

USPS China parcel ban

To remain financially sustainable, and viable to end users, these platforms have, up to now, generally relied on what was known as the “de minimis” exemption, which allowed anyone to ship parcels worth less than $800 to the US and not be subject to exemption or taxes. The past tense is important here, as the President ended de minimis via executive order (external paywall) earlier in February 2025.

“This is a significant challenge for [USPS] because there were 4 million de minimis packages per day in 2024, and it is difficult to check all the packages — so it will take time,” wrote Chelsey Tam, a Morningstar senior equity analyst, in a research note according to CNN.

Other multinational delivery firms, such as UPS, DHL, and FedEx, are also expected to respond, perhaps via a similar blanket refusal of packages from China and Hong Kong.

Retaliatory Chinese tariffs

China’s own tariffs on goods to the US, set to take effect on 10 February, 2025, are wide-ranging and potentially set the stage for a trade war that’ll affect much more than consumers being prevented from, to take Temu’s slogan, ‘shopping like billionaires’.

In addition to a 15% tax on coal and gas, plus 10% on oil and certain vehicles such as those in the agricultural sector, it also introduced new export controls on several metal products and associated technologies, while adding biotech and life science research firm Illumina and clothing company PVH Group to its list of ‘unreliable entities’; sending their share prices plummeting.

Lin Jian, a spokesperson for China’s Foreign Ministry, said, “China will continue to take necessary measures to firmly defend the legitimate rights of Chinese companies,” and called the US’ tariffs “unreasonable suppression” of its busn

Washington must “cease its unreasonable suppression of Chinese companies,” spokesman Lin Jian said when asked about the US postal announcement. “China will continue to take necessary measures to firmly defend the legitimate rights of Chinese companies.”

You may also like

• We’ve also listed the best ecommerce tools right now
• Ecommerce firms are pushing for major technology investments
• Could Oracle be about to take over TikTok? Trump reportedly backs plans for shock deal