Technology

• The company is currently investigating the attack
• The hacker claims to have stolen 40 GB of compressed data
• Schneider Electric's Jira system was breached

Schneider Electric has confirmed suffering its second cyberattack and data leak in recent months.

Earlier this week, a threat actor alias Greppy added a new post on X, claiming to have breached the corporation:

“Hey Schneider Electric, how was your week? Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data,” the tweet reads.

Hiding the IP address

This prompted BleepingComputer to reach out to the company with further questions.

"Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment," the firm told the publication. "Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric's products and services remain unaffected."

Greppy also posted the loot on a dark web site, saying they accessed the company’s Atlassian Jira system.

“This breach has compromised critical data, including projects, issues, and plugins, along with 400,000 rows of user data, totaling more than 40GB compressed data,” the ad reads. “To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes,” the hackers said.

Obviously, the attacker doesn’t want hundreds of thousands of baguettes - it’s a joke, since Schneider Electric is a French business. Instead, they just want the victim company to acknowledge the breach within 48 hours. Since the company did just that, let’s see if Greppy keeps their word.

Schneider Electric is a multinational corporation specializing in energy management and automation solutions. It builds technologies and services that increase efficiency and sustainability across various sectors, including buildings, data centers, and infrastructure.

Via BleepingComputer

You might also like

• Cactus ransomware hackers say they stole terabytes of Schneider Electric data
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

The night before the election, Arizona Senate candidate Kari Lake, a former TV anchor-turned-election truther, thanked her supporters for voting early—something she has long railed against.

The financial services sector handles huge volumes of confidential client and customer data to complete daily business transactions. The value of this information—and the severe consequences if it falls into the wrong hands—are arguably higher than in any other industry.

Protecting sensitive financial information relies on the effectiveness of access controls and the resilience of identity management systems for those who handle it. The delicate balance of the financial services industry means that identity security serves as a vital defense, and careful design of these controls can prevent disastrous outcomes.

Just as an acrobat relies on a safety net for confidence when performing at great heights, financial institutions—from multinational corporations and insurance companies to local banks and credit unions—navigate a risk-ridden landscape. Identity security plays a crucial role in building and maintaining trust amid complex online banking operations and financial data transfers.

The link between financial services and identity security

As the digital financial landscape expands, bearing an unprecedented volume of data and transactions, the demand for an ironclad identity security system becomes critical. This is underscored by the alarming statistic that 93% of organizations worldwide experienced at least two identity security-related incidents in the past year. This protective framework needs to do more than just prevent failures; it must foster the confidence necessary for advancement, innovation, and secure, efficient customer engagement.

Strengthening the safety net

To ensure the financial sector’s safety net is both resilient and responsive, there are six foundational elements that you need to consider to enhance identity security and future-proof against growing cyber risks. The first of these is the principle of least privilege. This process requires careful calibration of your security measures, ensuring that access is granted exclusively to authorized parties at appropriate times. It necessitates striking a delicate balance between user-friendly experiences and robust security protocols to thwart unauthorized entry.

Intelligent privilege controls are also important here. IT teams need to strengthen the fibers of their net with smart controls for protecting IT administrators, for example, by also introducing a zero standing privileges approach to access management. By implementing strict access management, you reduce the likelihood of security incidents while simultaneously ensuring your staff retains the necessary flexibility to carry out their duties efficiently.

Unified identity orchestration is the third foundational element. Strengthen your security framework by centralizing and unifying all identity-related processes. This consolidated approach enables early detection of inconsistencies and potential security risks, allowing for pre-emptive action before any damage can occur.

Proactive threat detection, comprehensive identity mapping and adaptive authentication are the steps that need to follow. Enhance your identity security infrastructure with highly sensitive detection systems capable of identifying even the subtlest signs of potential threats, enabling prompt responses. Then implement ongoing surveillance and instantaneous data analysis to quickly recognize and address security risks. Ensure comprehensive visibility and accountability within your security framework by thoroughly documenting all human and machine identities present on your network. This complete awareness is vital for maintaining robust security measures. Finally, adjust your security protocols in response to changing circumstances by employing contextual, flexible multi-factor authentication (MFA) that adapts dynamically to fluctuating risk levels. This approach bolsters identity security while preserving a smooth user experience.

Go further than just compliance

Regulatory standards such as SWIFT CSCF, Sarbanes-Oxley (SOX), 23 NYCRR 500, and DORA provide a foundational structure for security measures. However, true leadership in global financial security goes beyond mere compliance. It involves collaborative efforts to create a proactive security system that anticipates potential risks and reinforces vulnerable areas before they are exploited.

For those working in financial cybersecurity, this presents a prime opportunity to not only ensure compliance but also to pioneer innovative security models. By incorporating these six strategic elements into your identity security framework, you're not just safeguarding assets; you're fostering an organization-wide culture that prioritizes identity security at every level.

Becoming confident with identity security

Adopt this comprehensive identity security strategy to confidently navigate today's complex financial landscape. By reinforcing your own security measures, not only are you protecting data and transactions, you are also helping to build the trust and confidence of your customers. Implementation of these measures will allow you to stay secure and agile in a field with great potential risk. As financial security continues to change, having the right identity security measures in place will give you a competitive edge. By adopting these strategies, your organization can tackle present challenges while building a strong foundation for a secure, and therefore successful future in the digital age.

We've featured the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

AI-generated images and videos are a growing risk to society and our economy - becoming easier to create, and much harder to differentiate from reality. Discussion so far has largely centered around political deepfakes by bad actors looking to influence democracies. This has proved to largely be unfounded in Europe, the UK, the EU and India - despite Sumsub data detecting upwards of a 245% YoY increase in deepfakes worldwide in 2024.

Now, the concern is around deepfakes impacting organizations or people through financial fraud. Businesses know this when it comes to new customers - with identity verification and fraud monitoring a central part of any financial onboarding process.

Deepfake-augmented phishing and impersonation scams, however, are something that businesses are not prepared for. Imposter scams remained the top fraud category in the US in 2023, with reported losses of $2.7 billion according to their Federal Trade Commission, and as deepfakes get better, more will fall victim. Business leaders know this: new data from Deloitte showed that surveyed executives experienced at least one (15.1%) or multiple (10.8%) deepfake financial fraud incidents in 2023.

Although this is likely to increase, with over half of surveyed execs (51.6%) expecting an increase in the number and size of deepfake attacks targeting financial and accounting data, little is being done. One-fifth (20.1%) of those polled reported no confidence at all in their ability to respond effectively to deepfake financial fraud.

While there are deepfake detection tools that are crucial for preventing external fraudsters from bypassing verification procedures during onboarding, businesses must also shield themselves from internal threats.

Here, a low-trust approach to financial requests or other potentially impactful decisions, alongside new AI-augmented digital tools, are vital for businesses to detect deep fake-augmented phishing and impersonation scams. This means that training, education, and a change in our philosophical approach to visual and audible information must be implemented from the top down.

A holistic deepfake strategy

Sociocultural implausibilities: Perhaps the best tool against deepfake fraud is context and logic. Every stakeholder, at every step, must view information with a new found skepticism. In the recent case where a finance worker paid out $25 million after a video call with deepfaked chief financial officer - one would think ‘why is the CFO asking for $25 million?’ and ‘how out of the ordinary is this request?’ This is certainly easier in some contexts rather than others, as the most effective fraudster will design their approach so it seems well within someone’s normal behavior.

Training: This new found skepticism must be a company wide approach. From the C-Suite down, and across to all stakeholders. Businesses need to establish a culture in which videos and telephone calls are subject to the same verification processes as emails and letters. Training should help establish this new way of thinking.

A second opinion: Businesses would be wise to introduce processes which encourage getting a second opinion on audio and visual information, and any subsequent requests or actions. One person may not spot an error or inconsistency that someone else does.

Biology: This may be the most obvious, but keep in mind natural movement and features. Perhaps someone on a video call doesn’t blink very often, or the subtle movement in their throat as they speak isn’t normal. Although deepfakes will become more sophisticated and realistic over time, they are still prone to inconsistencies.

Break the pattern: As AI-generated deepfakes all rely on relevant data, they can’t recreate actions which are out of the ordinary. For example, at time of writing, an audio deepfake may struggle to whistle or hum a tune convincingly, and for video calls, one could ask the caller to turn their head to the side or move something in front of their face. Not only is this an unusual movement, which data models are less likely to be trained on so extensively, they also break the anchor points that hold the generated visual information into place, which could result in blurring.

Lighting: Video deepfakes rely on consistent lighting, so you could ask someone on a video call to change the light in their room or the screen they’re sitting in front of. Software programs also exist which can make someone’s screen flicker in a unique and unusual way. If the video doesn’t properly mirror the light pattern, you know it’s a generated video.

Tech: AI is aiding fraudsters, but it can also help stop them. New tools are being developed that can spot deepfakes by analyzing audio and visual information for inconsistencies and inaccuracies, such as the free-to-use For Fakes’ Sake for visual assets, or Pindrop for audio. Although these are not foolproof, they are an essential arsenal to help establish reality from fiction.

It’s important to note that no single solution, tool, or strategy should be totally relied upon, as the sophistication of deepfakes is rapidly increasing - and may evolve to beat some of these detection methods.

Skepticism at every step

In an age of mass synthetic information, businesses should look to extend the same level of skepticism towards trusting visual and audible information as they do towards new contracts, onboarding new users, and screening out illicit actors. For both internal and external threats, AI-augmented verification tools and new training and education regimes are central for minimizing potential financial risk from deepfakes.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The top savings rates remain attractive, but APYs are likely to fall after this week's Fed meeting.

• City of Columbus, Ohio, confirms suffering ransomware attack
• Around 500,000 citizens thought to have had private data stolen
• Rhysida criminal group claims responsibility for attack

The City of Columbus has confirmed suffering a ransomware attack in which sensitive information on hundreds of thousands of residents was stolen.

In a breach notification letter sent to affected individuals, Ohio’s capital said it experienced a “cybersecurity incident” on July 18 2024 which apparently saw a “foreign threat actor” try to disrupt the city’s IT infrastructure, deploy ransomware, and later solicit a ransom payment.

While the city responded by containing the attack, isolating the threat actors, and bringing in third-party experts to assess the situation, the crooks managed to get away with sensitive information.

Half a million affected

“The information involved in the incident may have included your personal information, such as your first and last name, date of birth, address, bank account information, driver’s license(s), Social Security number, and other identifying information concerning you and/or your interactions with the City,” the City of Columbus said in the letter.

At the same time, the institution filed a report with the Office of the Maine Attorney General in which it stated that 500,000 of the city’s residents were affected, out of a total of roughly 910,000 citizens.

Despite the theft, the organization claims there is no evidence the data was misused on the dark web. However, there seems to be more to this story than that.

The threat actor behind the attack seems to be Rhysida, after the eastern European group claimed responsibility in August 2024, claiming it stole 6.5 TB from the city, including “databases, internal logins and passwords of employees, a full dump of servers with emergency services applications of the city and … access from city video cameras.".

The gang asked for 30 bitcoin, which was roughly $1.9 million at the time of the attack. It is likely it did not receive the payment, since security researchers found an archive containing Ohio residents’ sensitive data, posted on the dark web.

Via TechCrunch

More from TechRadar Pro

• Data breached at LA Housing Authority after ransomware attack
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

The best chance to view it will be Nov. 13-17.

Enjoy your TV even more with this excellent TV backlight from Govee for just $64.

• Call of Duty: Mobile Season 10 launches tomorrow
• The update includes a new weapon, battle royale map, and skins
• Call of Duty: Mobile has also hit one billion downloads worldwide

The fifth anniversary update for Call of Duty: Mobile arrives tomorrow, introducing a new season of content and an additional battle royale map.

Season 10 will introduce the new Anniversary Pass with both premium and paid tiers. Free players will be able to claim the all–new USS 9 SMG weapon, plus the brand-new Teleport battle royale class, a range of skins, weapon blueprints, Vault Coins, and more.

The Teleport class is equipped with a special beacon, which you can place and then teleport to from any point on the map.

Those who upgrade to the premium pass will be able to get their hands on new operator skins in addition to blueprints for the USS 9 and other weapons. A new Season 10 challenge pass will also be available via the in-game events tab, letting you earn challenge tokens and use them to purchase new skins, or complete Special Missions for special calling card unlocks.

The anniversary is also being marked by the addition of a new battle royale map, Krai. Krai is described as “a mid-sized map nestled in a valley at the base of the Ural Mountains” and seems to offer a good mix of both urban and rural combat environments. While playing on Krai, every operator is given one respawn and the option to come back into the game after that via a dropped dog tag that can be scanned by your squad.

Season 10 also contains plenty of new narrative content, with a special mission that follows Urban Tracker and Kumo-chan as they investigate Krai’s history, defeat enemies in combat, and complete mini-games to bypass security.

Publisher Activision has taken the opportunity to reveal that Call of Duty: Mobile has reached over one billion downloads worldwide since its release back in 2019. This is a huge milestone that most likely places Call of Duty: Mobile among some of the most downloaded mobile games of all time.

If you’re interested in giving it a go in time for the anniversary celebration, Call of Duty: Mobile is available as a free-to-play title on both Android and iOS.

You might also like

• Call of Duty: Black Ops 6 review: back with a bang
• Black Ops 6 Season 1 release date and what to expect
• Great news, the Call of Duty: Black Ops 6 double XP weekend has been extended

Act fast to get the Amazon Fire Tablet 8 while it's at an all-time low price.

• Hackers found abusing DocuSign to send phishing emails
• The signed documents are used to request payment
• DocuSign says it has implemented additional safeguards

Cybercriminals are abusing DocuSign’s Envelopes API to trick businesses into signing fake invoices, which are later used to steal money from the victims.

DocuSign is an esign software platform that businesses can use to sign, send, and manage documents digitally - with “send” here being the keyword.

New findings by cybersecurity researchers Wallarm highlight how crooks would create fake invoices, and use DocuSign to send them to the victims for “signing”. Since they are using the platform, the emails are sent directly from DocuSign’s domain, appearing legitimate and moving past any email protection services the victims may have set up.

Bypassing the billing department

In the invoices, the crooks impersonate major brands, such as Norton, or PayPal. The funds requested are also in a realistic range, lending further credence to the campaign.

Businesses that don’t spot the ruse end up signing the documents, which might seem odd at first, since they don’t really lose money, or sensitive data, that way.

However, the attackers can leverage the signed documents to authorize payments outside of normal company procedures since, at the end of the day, the signatures in the invoices are legitimate. That way, they are effectively bypassing the billing departments and stealing money from their victims.

The attacks are not manual, since the distribution seems to be going in relatively high volumes, the researchers further explained. By using the 'Envelopes: create' function, attackers can generate and send a large volume of these fraudulent invoices to numerous potential victims simultaneously.

Wallarm added that the attacks have been going on for a while now. DocuSign acknowledged it, as well. Responding to a request for comment from BleepingComputer, the company said it worked to prevent misuse: “We are aware of the reports and take them very seriously,” it told the publication. “While, in the interest of security, we don’t disclose specifics that could alert bad actors to our prevention tactics, DocuSign has a number of technical systems and teams in place to help prevent misuse of our services.”

Commenting on the news, Erich Kron, security awareness advocate at KnowBe4, said that the campaign likely wouldn't be very successful, and gave a few tips on how to spot similar attacks:

"Because this is coming through an API exploit, they’re probably won’t be many signs that would be easy to spot as in a spoofed email. The easiest way to spot this is if it is asking you to renew a service that you don’t currently have, such as a specific brand of antivirus, it should stand out as a fake. Even if you do happen to have that brand of antivirus, it is always best to renew through the vendor website, or through the app itself," Kron explained.

"It is critical for people to be cautious when receiving unexpected invoices or other communications through email, text messages, or even phone calls as bad actors may sometimes combine tactics to further confuse potential victims or try to improve the believability of the scams."

You might also like

• Hackers target DocuSign with new phishing threat — watch out, you could be signing your data away
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Hackers target companies in the retail and technology sectors the most, especially small or medium firms based in the US.

These are the main findings from new research conducted by the company behind TechRadar's best VPN provider, NordVPN. The team at NordStellar (the provider's threat exposure management platform) and NordPass (its password manager service) have investigated almost 2,000 data breach incidents worldwide over the past two years to understand how cybercriminals choose their victims.

"While small retail companies are highly attractive, other profiles are no less appealing for hackers," said Karolis Arbaciauskas, Head of Business Development at NordPass. "This analysis helped us illustrate which businesses face higher risks and explain what measures can be taken to avoid them."

Which businesses are hackers' favorite targets?

As mentioned earlier, Nord's research found that retail and technology have been the most-targeted sectors over the past two years, suffering a total of 95 and 56 attacks respectively.

Companies providing business services follow suit, with 51 data breach incidents counted during the research period – August 31, 2022, and September 1, 2024.

The top 10 hackers' most-wanted sectors also include more specific technology-related businesses, such as internet and web services (36 attacks), IT services and consulting (35), software development (26), and computer hardware development (22). Entertainment, education, and finance were also on the list, counting 34, 28, and 27 incidents respectively.

These results were surprising, Arbaciauskas explained, considering that the tech and IT sectors are notoriously less vulnerable and better equipped against online threats. Yet hackers know that even if companies employ high-end IT solutions, human mistakes can still occur.

(Image credit: NordVPN)

Besides specific sectors, researchers were keen to find out where highly targeted companies are based.

It doesn't come as a surprise that US companies are the ones getting the most attention from hackers, amounting to almost a quarter of the businesses appearing in the research (489). India (114) and the United Kingdom (73) also made it to the top three, followed by some European countries – Spain and France.

Most remarkably, perhaps, Nord's findings show how cybercriminals prefer attacking small and medium businesses. The majority of the breached companies figured in the research (72%), in fact, had up to 200 employees.

According to Arbaciauskas, this may be because these firms underestimate their value to hackers. "There are targeted attacks, yes, but hackers often go for much broader scope activities, such as credential stuffing, dictionary or rainbow attacks that do not choose their victims," he said, adding that for smaller companies a data breach could even mean the end of their businesses.

Private companies are also the biggest target, accounting for 85% of affected businesses.

How to protect your business from data breaches

As these findings clearly highlight, private and smaller business realities are the ones most at risk of suffering a cyberattack. This is a stark reminder that every type of company – no matter its size – should have a strong cybersecurity strategy in place.

According to Arbaciauskas, it's vital to employ critical security tools across all areas of the business. A reliable password manager solution allows for secure management of company credentials and accesses, for example.

Even if companies are employing high-end IT solutions, human mistakes can still occur

A secure business VPN tool is then the first step towards better resilience against online threats. That's because a virtual private network (VPN) encrypts your employees' internet connections, preventing third-party access to the data leaving their work devices.

He also suggests carrying on regular cybersecurity audits to help you spot weaknesses in the company's IT infrastructure and prepare resilience strategies. Similarly, companies should also invest in cybersecurity training to raise awareness and knowledge among employees to reduce human mistakes – often the main backdoor into serious data breaches.

• New FiiO planar earbuds come in Walnut or Rosewood finish
• The same "Tesla Valve" bass enhancer as the FD15
• Under $100 / £80

FiiO, maker of fine and affordable audio products (see our recent FiiO FT1 and FiiO FH19 reviews for headphones specifically), has announced a new set of planar earbuds with a choice of rosewood or black walnut faceplates. And according to FiiO, they sound as good as they look.

The new FiiO FP3 have been designed with an ultra-light, aluminum and titanium-coated diaphragm that's exceptionally thin and exceptionally stiff. That diaphragm is driven by 14 magnets, seven on each side of the diaphragm, to deliver what FiiO says is "a powerful, responsive sound."

FiiO FP3 Planar Earbuds: key specifications and pricing

The FP3 are Hi-Res Audio Certified and have a frequency response of 10Hz to 40kHz, an impedance of 36 ohms and sensitivity of 105 dB/mW at 1kHz. Their cables are made of 392 silver-plated copper wires, bundled into four strands that then terminate in a detachable 0.78mm 2-pin connector at the earbud end and a gold-plated 3.5mm stereo jack at the other. That's swappable for a 4.4mm plug.

One of the key selling points here is that the FP3 have the same "Tesla Valve" acoustic design as the FD15 earbuds. That's designed to deliver enhanced bass, and judging by the reviews of the FD15 the result is an impressively natural low end that's punchy without losing clarity.

The wooden faceplates don't add significant weight: the earbuds are 6.5g each.

The new FiiO FP3 are available now from AliExpress and Amazon with a recommended price of $92.85 (which makes them around £71 or AU$140, give or take) and puts them squarely in the budget sector – one for consideration in our best wired earbuds guide for sure.

You might also like

• FiiO FH19 review: a potential contender for the best wired earbud crown
• 1MORE Triple Driver In-Ear Headphone review
• The best wired earbuds you can buy today

• Serbian hacker IntelBroker claims to have stolen Nokia source code
• Nokia is “is aware of reports” and is taking the allegation “seriously”
• IntelBroker has a history of high-profile attacks

Nokia has revealed it is investigating a security possible breach involving a third-party vendor after notoruious hacker claimed to have stolen source code from the company.

“Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia," the company said in a statement

However, the ongoing investigation is yet to reveal any evidence that Nokia’s systems or data have been compromised.

Nokia breach?

Posting to an online forum, the hacker, known as IntelBroker, said, "Today, I am selling a large collection of Nokia source code, which we got from a 3rd party contractor that directly worked with Nokia to help aid their development of some internal tools."

Although no evidence has been found to back up IntelBroker’s claims, Nokia stresses that it’s taking the allegation seriously and continues to monitor the situation closely.

The hacker claims to have obtained proprietary Nokia software, SSH keys, RSA keys, BitBucket logins, SMTP accounts, webhooks and hardcoded credentials.

IntelBroker is reportedly a Serbian hacker who has been active since October 2022, and has a history of high-profile attacks. More than 80 separate leaks have been posted to online forums by IntelBroker to date, with targets including companies and organizations such as AMD, Apple, Europol and HPE.

Emerging studies are also indicating many companies, from SMBs to multinational enterprises, are failing to comply with basic cybersecurity principles.

Furthermore, employees are increasingly frustrated with a lack of suitable tools and policies, leaving them to turn to public AI tools which pose a risk to company security.

TechRadar Pro has asked Nokia for further details, but the company did not immediately respond.

Via Bleeping Computer

You might also like

• AMD reportedly hacked again — criminals offer data for sale online
• Check out the best endpoint protection software
• Cover your tracks by installing the best VPN

• Apple is introducing hardware-accelerated ray tracing on the Mac mini
• The M4 Mac mini’s base model will use 16GB of unified memory
• This is Apple's best-value desktop PC, starting at $599

Apple’s big reveal of the M4 chips last week promised significant enhancements across the board for its Mac devices, and the M4 Mac mini could get one of the biggest upgrades - a feature called ‘hardware-accelerated ray tracing’ for gaming.

The Cupertino company has considered gaming on previous Apple Silicon Macs, but the last base model M2 Mac mini only utilized 8GB of unified memory (similar to base M2 and M3 models of the MacBook Pro), and because this memory is shared between system memory and video memory (hence being called ‘unified’) it meant those chips couldn’t handle advanced graphics like ray tracing. However, the base model of the M4 Mac mini starting at $599 (£599 / AU$999) comes with 16GB of unified memory.

It’s no wonder Apple is looking to boost its Macs gaming credentials, as the gaming library for Macs is continuing to grow, and the mention of hardware-accelerated ray tracing for games like Prince of Persia: The Lost Crown and Control (which can be found on the official Mac mini page), suggests it could finally be time for Apple to take a serious step into the gaming PC market (potentially consoles too).

Could the pricing of the M4 Mac mini provide competition for Windows gaming PCs?

Considering its small size, gaming capability claims from Apple, and the pricing of the M4 Mac mini, I believe this will certainly shake things up in the desktop gaming PC market. While going toe-to-toe with the best gaming PCs available is unlikely, the $599 (£599 / AU$999) price is a steal considering the performance enhancements present within the M4 chip.

The prices of GPUs (specifically Nvidia’s high-end GPUs) leave some gaming experiences out of reach for many PC gamers. With the M4 chip, you’ll have the luxury of a 10-core CPU and GPU and the aforementioned 16GB of unified memory (which some pre-built gaming PCs don’t have).

This alongside Apple’s move to bring more popular games to Mac devices like the Resident Evil 4 remake and Cyberpunk 2077, shows us that gaming is slowly but surely becoming a strong selling point for the company, and the M4 Mac mini appears to be the next big step in the right direction…

You might also like...

• Apple is adding 3 more useful upgrades to your iPhone with iOS 18.2 – including a Camera Control boost
• Your Mac’s menu bar will finally get a weather widget in macOS Sequoia 15.2 – plus these Apple Intelligence features
• Apple’s M4 Macs are here, but you’ll need to install a quick macOS Sequoia update first to unlock all the Apple Intelligence goodness

There are a lot of AI image generators, but they won't all be right for your project needs and budget. These are our top picks and what you need to consider when choosing.

• Grindr employees were allegedly given two weeks to relocate
• The company laid off 83 workers for failing to comply
• It added the union was only formed after the policy was published

The National Labor Relations Board (NLRB) has filed a formal complaint against LGBTQ dating app Grinder over its enforcement of a return-to-office policy, which it alleges was only enacted to retaliate against the formation of a workers’ union.

According to the report, Grindr terminated the contracts of “about 83 employees” after they failed to comply with the new RTO mandate.

However, the workers were allegedly only given two weeks to relocate to a designated hub city or resign.

Grindr fired workers for failing to comply with RTO within two weeks

The NLRB’s investigation was triggered by six unfair labor practice charges filed in August, representing workers in California, Nevada and Hawaii.

Grindr’s relocation requirements were notably challenging for many workers given the short notice period. Trans employees were among the most affected, being that many faced struggles to locate alternative healthcare in sufficient time.

The dating app denies the accusations, describing them as “meritless” and arguing that the union activity only emerged after the company announced its RTO policy.

The union added: “In response, Grindr management hired notorious union-busting Littler Mendelson and quickly established a retaliatory return-to-office (RTO) policy.”

More broadly, Grindr’s efforts to get workers back into the office reflects an industry-wide trend in the tech sector. Companies like Amazon, Google and Microsoft have all reduced the amount of time that workers have at home, but criticism always arises accusing companies of using these policies to encourage resignations and reduce the need for layoffs.

If Grindr can’t come to an agreement, the case will be heard by an administrative law judge in March 2025.

The union, Grindr United-CWA, commented: “Today’s complaint from the NLRB is another huge victory for our union.”

Grindr did not immediately respond to TechRadar Pro’s request for a comment.

You might also like

• Hundreds of Amazon employees petition CEO to reverse return-to-office policy
• Find a new role with the best job sites and best recruitment platforms
• We’ve listed all the best hybrid working tech you need

• APK teardown reveals potential updates to Google's Pixel Screenshots app
• New features include new app shortcuts and image scanning abilities
• It's not confirmed when, or even if, these features will be released

Google's Pixel Screenshots app, which provides a dedicated gallery and AI search function for (you guessed it) screenshots, is due to receive some major improvements with a coming update.

Coming additions include two new shortcuts and a new home screen layout, as well as the possibility of copying and contacting email addresses and phone numbers from a screenshot.

That’s according to Android Authority, who have published a new APK teardown looking into the code and features of the next update to the Screenshots app.

For reference, APK here stands for Android Package, which is the file type used to deliver apps, games, functional software, and updates to all three to Android devices.

Pixel Screenshots: upcoming new features

The most immediately noticeable new feature is the Pixel Screenshots app's subtly redesigned home screen, which has changed from a list of gallery display options to simply showing the gallery with a toggle to change the view type.

There also seems to be a new gesture enabled, allowing users to long-press-and-swipe over a group of screenshots to select multiple images – the teardown also finds that users may be able to rename collections.

As for the new shortcuts, these refer to the functions available with a long-press of the app icon on the phone’s home screen or app drawer.

The two shortcuts that seem to be on the way are “Gallery” and “Camera”, allowing users to access and add to their screenshots with even less hassle.

What’s more, the Screenshots app will seemingly allow users to copy, contact, and save email addresses or phone numbers from images – this seems like a logical addition to the current set of AI tools included in Pixel Screenshots, but this isn’t yet confirmed.

Keep in mind that this is neither a scheduled or implemented update yet, so some or all of these features could change before release, or not make it to users at all.

For the latest official updates as we hear them, be sure to keep up with our Google Pixel phones coverage and Android coverage.

You might also like

• A Samsung Galaxy S25 Ultra benchmark suggests it could be the most powerful phone on the planet
• Apple is adding 3 more useful upgrades to your iPhone with iOS 18.2 – including a Camera Control boost
• This iPhone 17 display rumor is the biggest reason yet to skip the iPhone 16

• Projector improvements are still in beta
• Support for new aspect ratios including 21:9
• Improved dialog and show information, too

The latest version of Apple's tvOS system for the Apple TV 4K introduces some new features that'll be particularly useful for viewers with the best 4K projectors, or people who connect their Apple TV to widescreen monitors rather than TVs.

In tvOS 18.2, Apple has added support for aspect ratios including 21:9. That's not going to be relevant to most people viewing on TVs, which tend to be 16:9. But it's great for ultrawide monitors and for projectors.

What improvements does tvOS 18.2 deliver?

The big draw here is the new aspect ratio support. The options are:

• Automatic
• 16:9
• 21:9
• 2.37:1
• 2.39:1
• 2.40:1
• DCI 4K
• 32:9

In addition, the new beta improves Apple's Enhance Dialog feature, turning on subtitles when you press the mute button, and there's a redesigned Apple Fitness Plus app as well as improved support for using an iPhone as a FaceTime camera. The beta also includes InSight, a similar feature to Prime Video's X-Ray that tells you who's on screen and what music is playing.

One feature that's coming, but that hasn't arrived yet, is new screensavers. The current crop are all very nice, but they've become rather familiar, and Apple is promising to bring screensavers from some of its hit shows on Apple TV Plus. We don't yet know when those new screensavers will arrive, however.

The improvements are currently in beta, which means they're in final testing before release: if you don't mind risking the odd bug or crash you can enrol your Apple TV 4K from the Software Updates part of its Settings menu, though we'd suggest just waiting for the finished version.

The final release of tvOS 18.2 is currently scheduled for December 2024.

You might also like

• Apple TV+: how to sign up and what to watch
• The best Apple TV shows to stream in November 2024
• Prefer Android? Discover the best Android box of 2024

• Netflix will shelve nearly all of its interactive titles next month
• Out of the 24 interactive specials, only four will remain
• There's still interactive content available within Netflix games

Netflix will remove nearly all of its interactive shows and movies on December 1, which means now's the time to take advantage of your subscription and actually play them before they're gone.

The best streaming service confirmed the news to The Verge, where they revealed that only four out of the 24 Interactive Specials will remain. These are Black Mirror: Bandersnatch, Unbreakable Kimmy Schmidt: Kimmy vs. the Reverend, Ranveer vs. Wild with Bear Grylls, and You vs. Wild.

I remember playing one of Netflix's first interactive movies Black Mirror: Bandersnatch back in 2018, and being both fascinated and frightened by the dark turns in this next level storytelling. The removal of the titles marks a disappointing end to a new form of engaging narrative experiences for audiences.

In addition to interactive specials, such as Jurassic World Camp Cretaceous: Hidden Adventure and Barbie Epic Road Trip, Netflix also made other interactive forms of content, including quizzes, a daily trivia series, which we unfortunately found boring, and a trivia game you could play with a friend. Given the limited amount of titles available in this format and the lack of variety, it suggests that they weren't a success for the streamer.

What interactive specials will be leaving Netflix?

Choose Love, an interactive rom-com will be removed from Netflix. (Image credit: Netflix)

Netflix's first interactive stories were released in 2017: Puss in Book: Trapped in an Epic Tale, Buddy Thunderstruck: The Maybe Pile and Stretch Armstrong: The Breakout. However, Puss in Book: Trapped in an Epic Tale seems to have disappeared from the streamer.

It's a shame to see these various interactive titles removed from the streaming platform as they cater to a wide audience. Netflix's latest title Choose Love, is an interactive rom-com where you choose your own romantic adventure, meanwhile Escape the Undertaker delves into the world of WWE. There's also specials based off franchises like Carmen Sandiego: To Steal or Not to Steal, The Boss Baby: Get That Baby!, and Captain Underpants Epic Choice-o-Rama.

“The technology served its purpose, but is now limiting as we focus on technological efforts in other areas,” spokesperson Chrissy Kelleher told The Verge.

However, this news doesn't mean that the streamer is straying away from interactive titles related to some of their best Netflix movies and shows. On its visual novel app Netflix Stories, there are games based on my favorite reality shows Selling Sunset and Love is Blind, as well as hit series Outer Banks and Emily in Paris that you can still enjoy.

You might also like

• Woman of the Hour is the scariest movie I've seen in 2024 so far and it's not even a horror
• 3 new Netflix shows I'm excited to watch with over 88% on Rotten Tomatoes
• Squid Game season 2's official trailer reveals a big plot twist that I can't wait for in the wildly popular Netflix show's next chapter