Technology

The company allegedly collected and sold geolocation and driver behavior data to third-party companies.

The next-gen Switch could see many new games not typically found on a Nintendo console.

Officials in California are warning the public about scams targeting wildfire relief donors with bogus charities.

We found the best fast, affordable broadband plans across the state of Colorado. Here's what to look for.

CES 2025 has come and gone with no official confirmation of the possible AMD Radeon RX 9070 XT flagship graphics card, though there is somewhat of a confirmation of RDNA 4 graphics cards.

Though AMD didn't have time to properly elaborate on RDNA 4 during its 45-minute CES 2025 keynote, according to Frank Azor (AMD’s head of consumer and gaming marketing), we know now that the tech is coming.

This especially applies to the RX 9070 XT, which most likely will compete with Nvidia's RTX 5070. It'll be exciting to see what this card has to offer in terms of performance and official pricing. But for now, we'll keep an ear to the ground for the latest news and rumors, and bring them all in one place to keep you up to date on the latest developments.

AMD Radeon RX 9070 XT: Cut to the chase

(Image credit: YouTube / Michael Quesada)

• What is it? The possible AMD Radeon RX 9070 XT GPU
• How much does it cost? Unknown at this time, as it hasn't been officially announced
• When can I get it? This has also yet to be officially announced, though there are rumors of a late January pre-order date for RDNA 4 cards.

AMD Radeon RX 9070 XT: Latest news

• AMD exec drops hints on RX 9070 pricing and some PC gamers are panicking
• AMD and Nvidia could be set for epic GPU showdown with RX 9070 and 9070 XT going on sale at the same time as the RTX 5080
• AMD announces new Radeon RX 9070 XT and RX 9070 graphics cards at CES 2025

Click to read more of the latest news...

• What to expect from AMD in 2025
• AMD RDNA 4 GPU rumors flood forth, including possible name change to RX 9070

AMD Radeon RX 9070 XT: Release date rumors

(Image credit: AMD)

While there's no concrete news concerning a release date for the AMD Radeon RX 9070 XT, there are rumors of a general RDNA 4 pre-order date set for January 23.

The dates allegedly came from B&H Photo putting up early listings for some Asus RX 9070 and RX 9070 XT graphics cards (TUF and Prime models). Luckily the listings were screenshotted by longtime hardware leaker @momomo_us before they were removed.

AMD Radeon RX 9070 XT: Specs

(Image credit: AMD)

There haven't been any clear cut leaks, rumors, or reports about the AMD Radeon RX 9070 XT's performance, or the performance of RDNA 4 in general. We can surmise, however, that the card won't be a 4K powerhouse thanks to its price point range.

The previous hope was that the flagship RDNA 4 GPU would be slightly faster than the 7900 XT. However, it seems to be slightly slower according to All The Watts (though take that with a grain of salt).

While it sounds rather risky in the face of Nvidia's own high-end 5000-series cards, not targeting that market makes sense from a business standpoint as the vast majority of gamers are playing on 1080p resolution, with some gaming on 1440p. Instead, AMD could be reaching for an overall much larger target audience by scaling back on the performance and therefore the price.

AMD Radeon RX 9070 XT: What to expect

Right now there isn't much concrete news on the AMD Radeon RX 9070 XT graphics card and on the RDNA 4 at large, due to AMD not having the time to elaborate on it during its CES 2025 conference.

While there are plenty of rumors and a few scant official details including a possible preorder date - the latter thanks to an interview and retailer leaks - we don't have a clear picture as to what this card will be like right now in terms of exact pricing, specs, and performance.

Hopefully AMD will give us the low down on the RX 9070 XT and any other RDNA 4-powered graphics cards in the future.

Honor’s latest flagship phone is a refined marriage of hardware and AI-infused software.

• Researchers say criminals are hiding malware in images hosted on reputable websites
• At least two different groups were seen deploying two types of infostealers
• The campaigns abuse an ancient Excel flaw, HP Wolf Security claims

Hackers are hiding malware in website images to go unnoticed and compromise as many computers as possible, experts have warned.

A new Threat Insights Report from HP Wolf Security, based on data from millions of endpoints, claims there are currently large campaigns active spreading VIP Keylogger and 0bj3ctivityStealer. Since the same techniques and loaders are used in both, the researchers suspect two groups are using the same malware kits to deliver different payloads.

“In both campaigns, attackers hid the same malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload,” the researchers explained. “Such techniques help attackers circumvent detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.”

Throwing GenAI into the mix

The attack starts with a phishing email pretending to be an invoice, or purchase order. The attachment is usually an Excel document designed to exploit CVE-2017-11882, an ancient bug in the Equation Editor, to download a VBScript file.

Alex Holland, Principal Threat Researcher in the HP Security Lab, said phishing kits, paired with Generative AI (GenAI) tools, have significantly lowered the barrier to entry, exacerbating the ever-present risk of malware: “This allows groups to concentrate on tricking their targets and picking the best payload for the job – for instance by targeting gamers with malicious cheat repositories.”

Discussing GenAI, the researchers said miscreants are using it to create malicious HTML documents. They also identified an XWorm remote access trojan (RAT) campaign initiated by HTML smuggling, which contained malicious code that downloads and runs the malware.

The loader was quite obviously written by an AI, they added, since it included a line-by-line description and the design of the HTML page.

Both VIP Keylogger and 0bj3ctivityStealer are infostealer malware which record, and exfiltrate, sensitive information such as passwords, cryptocurrency wallet information, sensitive files, and more.

You might also like

• This sneaky Ghostpulse malware hides in PNG image files
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does.

• Minisforum N5 Pro is unlike anything I've seen before: a powerful mini PC and expansive NAS
• It has a 10Gb + 5Gb LAN not unlike the MS01 I covered a while back
• Add in an OCuLink port and a PCIe x16 slot and you've got a pretty capable workstation PC

One of my favorite mini PC makers, Minisforum, best known for its compact workstation systems like the MS-01 and MS-A1, is expanding into the NAS market with the introduction of the N5 Pro, a 5-bay desktop NAS designed for performance and scalability.

NASCompares, which went hands on with Minisforum’s new device at CES 2025, says the N5 Pro is the first of three planned NAS devices expected to launch this year.

The N5 Pro is powered by an AMD Ryzen AI 9 HX PRO 370 (Strix Point) processor, equipped with 12 cores and 24 threads, running at a base clock of 3.5 GHz and capable of boosting up to 5.2 GHz. Built on AMD's Zen 5 architecture, the processor includes an integrated AI engine delivering 50 INT8 TOPS for enhanced data processing. The NAS supports up to 96GB of DDR5 ECC memory across two slots, providing the sort of reliable error correction commonly found in enterprise solutions.

Modular motherboard

As you’d expect, storage options are extensive, with five hot-swappable SATA bays supporting up to 22TB drives each, suitable for both hard drives and SATA SSDs. The device also features three M.2 NVMe slots - one PCIe 4.0 x2 and two PCIe 4.0 x1 - along with U.2 SSD support for expanded capacity and faster performance. RAID configurations are software-driven, with compatibility for platforms such as TrueNAS and Unraid.

One particularly welcome touch is the N5 Pro’s modular motherboard, which can be removed with a simple button press. This approach, which follows Minisforum’s design for the MS-01 workstation, simplifies upgrades and maintenance, making it easier for users to access and replace memory modules, storage, and PCIe expansion cards.

The N5 Pro offers a solid range of connectivity options, including a 10Gbps Ethernet port and a 5Gbps Ethernet port for dual high-speed wired connections. Additional ports include three USB 3.2 Gen2 Type-A ports, one internal USB 3.2 Gen2 Type-A port, a USB 2.0 port, and two USB4 Type-C ports with 40Gbps transfer speeds. The system also supports an HDMI 2.0 output, two USB-C ports with DisplayPort 2.0 Alt Mode, and a 3.5mm audio jack.

Expansion options are further boosted with a PCIe 4.0 x16 slot (operating at x4 bandwidth) and an OCuLink 4i port, allowing for external GPU support or additional storage.

With its powerful hardware, flexible storage options, and Minisforum’s usual clever, user-friendly design, the Minisforum N5 Pro is unquestionably a versatile NAS choice for both home and professional environments. Pricing and availability have not yet been revealed, but it should be available soon.

You may also like

• Check out our list of the best mobile workstations for any budget
• And these are the best NAS hard drives you can buy right now
• Could this be Lenovo's first NAS? A proof of concept has emerged

• Apple M4 Mac mini users report issues with USB-C connections
• Accessories such as keyboards are reportedly disconnecting randomly
• Apple has yet to address the situation, and it's not clear what the cause is as of now

While Apple's latest mini PC is lauded as one of the best Macs ever which is highlighted in our Mac mini (M4) review, it is currently facing a big issue that seems to be annoying plenty of users.

Multiple users claim that they are experiencing random USB-C disconnections as reported by AppleInsider, with accessories such as keyboards suddenly disconnecting. This is corroborated by various reports from users, and one notable post on Reddit, which implies that the only way for the accessories to start working again is by disconnecting the cable and reconnecting which is an inconvenience, to say the least.

This could also cause problems when transferring files between the Mac mini and an external USB-C drive if disconnections are as frequent as reports suggest. It isn't exactly clear whether this is a fault on Apple's side, but all signs point towards this being the case - as AppleInsider highlighted, some users' errors stem from waking the Mac mini up from sleep mode which may be resolved by a future software patch from Apple.

(Image credit: Future) What's the best solution for now?

While there are plenty of accessories that can only be used via direct connections, the best solution, for now, is Bluetooth - which is also another worry, as M4 Mac mini users also reported Bluetooth issues last December in a MacRumors forum.

Issues like this can quickly begin to annoy users and undermine some of the things the Mac mini does so well, so Apple needs to address this as soon as possible.

In the case of an accessory like the Magic Mouse, you wouldn't even be able to use it wired anyway - its USB-C charging port is placed on the bottom of the mouse, a massive point of criticism for many since Apple has stuck with this design from the previous model. Fortunately, it's a wireless mouse, so it will suffice while you wait for Apple to address the situation.

The M4 Mac mini was only released late last year in November, so weird bugs are to be expected. We'll have to wait and see what the exact cause is, and let's just hope that the wait doesn't last too long.

You may also like...

• The rumored OLED MacBook Air delays are no bad thing – the last thing I want is a price hike
• What is Apple Intelligence? The new Apple AI for your iPhone, iPad and Mac explained
• Microsoft reveals more on a potentially major Apple macOS security flaw

Looking for a Valentine's Day gift for your dude (or special someone) that isn't a boring box of chocolates? Whether he's into sports, style, cooking or new kicks, there's surely something he'll love on our curated list of the best Valentine's Day gifts for him.

• Copilot is now included in Microsoft 365 Personal and Family
• Users can now access Copilot across Word, Excel, Outlook and more
• But subscription costs will rise to pay for the new features

Microsoft has revealed its Copilot AI offerings will now be available to more users across the world - but the launch will come at a slightly increased price.

The company has announced Copilot, along with Microsoft Designer, is now part of Microsoft 365 subscription for Personal and Family tiers worldwide, bringing AI tools to millions more users.

However the launch will mean an increase in subscription costs, with Microsoft 365 Personal and Family subscriptions in the US set to rise by $3.

Microsoft Copilot for all

"Our plan has always been to make Copilot in the Microsoft 365 apps more accessible to a wider audience at a great price," Bryan Rognier, Vice President, Microsoft 365 Consumer, wrote in a blog post announcing the news.

"These changes bring the transformative power of AI to the personal productivity tools that millions of people use every day."

Microsoft believes the move will bring Copilot to "most of" its 84 million consumer subscribers for popular programs such as Word, Excel, PowerPoint, Outlook, and OneNote.

It will also open up Microsoft Designer, the company's AI-powered image generator, which can be used for photo editing, logo creation, and more.

The company says Microsoft 365 Personal and Family subscribers will receive a monthly allotment of AI credits to use Copilot in Word, Excel, PowerPoint, Outlook, and OneNote, which can also be used for Designer's AI image generation and editing.

For those unsure about the price rises, Microsoft says existing subscribers with recurring billing enabled with Microsoft can switch to plans without Copilot or AI credits, such as its Basic plan, or for a limited time, chane to the new Personal Classic or Family Classic plans.

The company had already recently announced a move to bring AI tools to all enterprise Microsoft 365 users with the launch of Copilot Chat, a secure AI chat service powered by GPT-4o which was an upgrade to the current free chat tool in its office software platform.

It also comes shortly after Google announced its Gemini AI offering would also be rolling out to all tiers of its office software.

The company revealed all Google Workspace tiers will now get access to Gemini for no extra cost, having previously had to spend more for an extra add-on - although some users will see their subscription costs rise as a result.

You might also like

• Microsoft wants to help your small business grow faster with Copilot Agents
• These are the best office software options around
• We've also featured the best task management apps

The historical epic stars Paul Mescal, Denzel Washington and Pedro Pascal.

If you get an unrecognized package with a QR code inside, never scan it. Do this instead.

• Nvidia’s initial Blackwell GPUs are rumored to have ‘extremely limited’ stock
• It’s claimed that the RTX 5090 will be particularly thin on the ground
• This is the case for the German market, but it could well reflect the wider picture

We’ve heard our first rumblings that Nvidia’s initial next-gen GPUs, the RTX 5080 and 5090, due at the end of January, will be thin on the ground for stock levels.

VideoCardz flagged up a post from a moderator (Pokerclock) claiming this, on the forums for German site PC Games Hardware. And yes, if your rumor-sense is tingling at this point, you’re quite correct – this needs to be regarded with a robust amount of skepticism.

So, armed with that caution – and also the knowledge that this is all translated from German, so some accuracy may be lost in that process – the broad assertion is that stock levels for these first Blackwell GPUs will be ‘extremely limited’ and this will be particularly the case for the RTX 5090.

That’s according to ‘well-informed’ insiders in the trade, but the good news, at least as far as PC gamers go, is that B2B and wholesalers – those selling to businesses – aren’t getting much Blackwell stock at all (if any, if this rumor is right).

The majority of GeForce graphics cards going to gamers, then, is a positive element here, albeit this is just how it should be. These are gaming GPUs after all, they are not supposed to be drafted into AI work and the like (but they invariably are).

Pokerclock predicts that you’ll need a lot of luck to get your RTX 5090 or RTX 5080 on launch day, and that there’ll likely be queue systems at retailers for those purchasing, meaning the usual GPU scramble amidst scalpers and bots. Sigh…

(Image credit: Nvidia) Analysis: Say it ain’t so… your stock is a heartbreaker

Bear in mind this is a forecast for the German market, where the big retailers like Mindfactory are expected to secure the lion’s share of RTX 5090 and 5080 stock. Even if Pokerclock is correct in their claims, this may not apply to other regions.

However, Germany is a large European market, and if there’s creakiness here regarding supply, it’s not an unreasonable expectation that there will be elsewhere. Okay, perhaps the US might fare better in this potential future of scarce Blackwell stock, but American gamers are going to have their own troubles – in terms of the rush to buy before Trump’s tariffs kick in and spike pricing upwards. (Not just for the best graphics cards, either, which Nvidia, and indeed AMD, are surely going to have new candidates for).

There’s already an expectation that next-gen GPUs could be thin on the ground, and difficult to buy, in the early days of Blackwell (and maybe AMD RDNA 4 too, who knows). This isn’t exactly uncommon when it comes to new hardware launches, and PC enthusiasts are always prepared for a potentially frustrating hunt for available stock, and instances of just missing out, then seeing the inevitable appearance of new GPUs on auction sites laden with infuriatingly eye-watering price tags.

If you can be patient, these wrinkles will all come out in the wash eventually, but as noted, those in the US face a very different kind of pressure this time around to buy quick before the hefty price inflation that’s on the horizon for electronic goods kicks in.

You might also like...

• The end of the Nvidia RTX 4000 series is nigh – with the RTX 4070 expected to sell out in weeks
• Nvidia releases stats that prove DLSS and Frame Generation are here to stay - sorry, angry gamers
• Best PC games: must-play titles you don't want to miss

If you're after a device that will help you keep an eye on your kids no matter where you are, we've got the best nanny cams listed.

• Severance fans are convinced that Keanu Reeves appears in season 2 episode 1
• The Matrix, John Wick, and Sonic 3 star seems to voice an animated character in the show
• Apple isn't commenting on whether Reeves has an uncredited role in its hit TV Original

Severance season 2 has finally arrived and, while there's plenty to discuss after its Apple TV Plus debut, fans have one big question that episode 1's release: does Keanu Reeves make a cameo?

Yes, you read that right. Severance fans, myself included, are convinced that Reeves makes an uncredited appearance in season 2 episode 1, aka 'Hello, Ms. Cobel'. He doesn't appear in the flesh, nor does his name appear in the highly-rated Apple show's end credits, so it's hard to tell if The Matrix and John Wick actor is actually part of proceedings.

So, where and how does Reeves apparently show up? Full spoilers immediately follow for Severance's season 2 premiere, so turn back now if you haven't seen it yet.

Severance fans think Keanu Reeves voices the animated Lumon building in season 2 episode 1 (Image credit: Apple TV Plus)

If you've watched 'Hello, Ms. Cobel', you'll have heard a very familiar voice about midway through Severance's latest episode. Indeed, it seems Reeves' distinctively calming voice can be heard when the Macrodata Refinement (MDR) team sit down to watch the animated 'Lumon is Listening' video that Lumon Industries has prepared for them.

During this felt puppet animated broadcast, an anthropomorphic version of Lumon's building discusses the changes that the sinister biotech megacorporation has made as part of 'Severance Reform'. That's the implementation of a new program that seemingly puts the wellbeing of Lumon's severed employees above everything else, for those wondering. It's at this point in one of the best Apple TV Plus shows' newest episodes that Reeves supposedly appears. Indeed, it seems he's the voice of the animated Lumon building and, as I said, many of us would recognize his voice anywhere.

So, is this really Reeves? Right now, I can't confirm if it is. Many of my fellow viewers think that's the case, though, with multiple comments in various season 2 premiere threads on the r/television, r/severance, and r/appletvplus Reddit pages all saying the same thing – i.e. that it has to be Reeves because, well, nobody else sounds like him.

John Wick in the Severance universe confirmed? (Image credit: Lionsgate)

There is some actual evidence that it might be Reeves. Earlier today (January 17), Collider published an article, which carried quotes from creator Dan Erickson, that appears to confirm that Reeves was asked to voice the Lumon building in season 2's first episode.

Here's what Erickson said when Collider asked if Reeves plays the aforementioned character: "All I can say is that we talked about a couple of different people for that role. We always wanted it to be somebody that people have certain associations with, but also, it had to be a very warm presence. The Lumon building is very friendly in the context of this video, and there’s a friendliness to that particular voice and a heart to that particular voice."

Sure, the fact that Erickson doesn't deny it means that it's like to be Reeves. However, Erickson doesn't actually confirm that the Sonic the Hedgehog 3 and Toy Story 4 voice actor is part of proceedings, so the headline of that article is somewhat misleading.

Anyway, I've reached out to Apple to ask if they can confirm or deny whether Reeves has a small role in Severance's newest chapter. I'll update this article if I hear back, too. In the meantime, read my Severance season 2 review (if you haven't already) before you stream its first episode. If you've watched it, see if you agree with these seven big theories I came up with after Severance season 2's premiere.

You might also like

• Severance star Patricia Arquette says Harmony Cobel's loyalty to Lumon will be tested in season 2: 'There's a desire to be loved by them and also punish them'
• Severance creator Dan Erickson reveals the funniest fan theory he's heard about the popular Apple TV Plus show: 'I think that's ridiculous'
• Severance creator 'has a sense' of what the Apple TV Plus show's final scene will be – and how many seasons would be 'ideal' to reach it

• At press time, Cleo’s Lexicom, VLTransfer and Harmony contain a bug it disclosed in October 2024
• Threat actors were first observed to be exploiting it in December 2024
• Ransomware group Clop has claimed 59 victims on its leak site, though some are disputing any intrusion

Clop, the Russian state-linked ransomware group, has now claimed to have hacked 59 companies after exploiting a known bug in a number of file transfer applications developed by software house Cleo.

The flaw, CVE-2024-50623, affects Cleo’s LexiCom, VLTransfer and Harmony software, inadvertently enables remote code execution, and was first disclosed on October 30, 2024. Clop later published the list of victims on its dark web site, though many are denying that a breach has taken place.

Clop is claiming to have issued intrusion notices to its victims, including Cleo itself, on its own website, but also that impacted companies are refusing to submit to ransom demands.

Cleo RCE bug impact

Przemyslaw Jedrysik, a spokesperson for German manufacturer Covestro, was one of the few willing to reveal the extent of the intrusion to TechCrunch.

He disclosed unauthorized access by Clop to a US logistics server, but that it has since “taken measures to ensure system integrity, enhance security monitoring and proactively notify customers”. He also claimed that information on this server wasn’t of a sensitive nature.

Spokespeople for several companies including car rental firm Hertz and Australian logistics company Linfox have, however, explicitly denied intrusions in statements to TechCrunch.

Clop also listed as a victim software supply chain enterprise Blue Yonder as a victim, though, at press time, it hasn’t issued any cybersecurity incident updates since December 12, 2024. However, a spokesperson did say in a statement to TechCrunch that Blue Yonder does use Cleo software, and that it was investigating potential unauthorized access to its servers.

The group is claiming it’ll disclose more of its victims in this attack on January 21, 2025, though the true scale of the attack remains unclear.

You might also like

• Many firms see cyberattacks as their top business concern this year
• Standing strong against hyper-volumetric DDoS attacks
• We’ve also listed the best endpoint protection software right now

• Xiaomi's rumored phone could have the battery capacity of two iPhone 16s
• The phone is expected to release via Xiaomi's Redmi sub-brand
• Samsung could be eyeing similar tech for next year's Galaxy S26

A new rumor suggests that Xiaomi is working on a new phone with an enormous 7,500mAh battery, tipped for release via the company’s Redmi brand.

Noted tipster Digital Chat Station shared a Weibo post which says Xiaomi has begun testing on the 7,500mAh “super-large” battery for a “sub-series”, which, as Android Authority reports, refers to Redmi, a Xiaomi subsidiary.

It’s likely that a battery with this much capacity would make use of a silicon-carbon design, which offers a much greater energy density than the previously standard lithium-based batteries still found in the iPhone 16, Samsung Galaxy S24, and Google Pixel 9.

For reference, the Google Pixel 9 sports a 4,700mAh battery, the Samsung Galaxy S24 sports a 4,000mAh battery, and the iPhone 16 comes in at 3,561mAh – less than half the capacity of the rumored Redmi phone.

As with most aspects of smartphone hardware, numbers don’t tell the full story – battery life is determined by a wide range of factors in addition to capacity, such as chipset efficiency, display resolution and brightness, and heat dissipation. For example, Apple is able to achieve satisfactory battery life with the iPhone thanks to the company’s famously great optimization.

Still, we would generally expect a phone with a 7,500mAh battery to substantially outlast one with a 3,500mAh battery in an equal test, simply because the hardware gap is so wide.

Across the latter half of 2024, we saw Chinese phone manufacturers fit silicon-carbon batteries to new flagship phones like the Oppo Find X8 Pro and the OnePlus 13, but Xiaomi doesn’t tend to issue flagship-level devices through its Redmi brand.

Typically, Redmi devices occupy the budget to mid-tier space in Xiaomi’s portfolio, which does allow for a handful of higher-end features with each new device. The recently released Redmi Note 14 Pro Plus, for example, comes equipped with a 6,200mAh battery and support for 90W wired charging.

Analysis: Return of the stamina monsters?

Phones like the Asus ROG Phone 9 Pro (above) have offered large battery capacities like 5,800mAh recently, but Xiaomi's phone would comfortably eclipse that. (Image credit: Future)

While we have seen specialized, battery-focused phones released in the past (see Energizer's 28,000mAh battery phone), as well as ruggedized handsets with very large batteries designed for extended periods away from the charger, a 7,500mAh battery would without a doubt be the largest we’ve ever seen in a conventional smartphone.

Personally, I think developments in battery technology are some of the most exciting in modern smartphone hardware: larger, more efficient batteries are a truly consumer-friendly addition, and could have a positive impact on the environment too if there’s a reduced need for charging.

Furthermore, we’re all no stranger to being out with friends or family and hearing the familiar request for a portable charger or to find somewhere with a wall socket to top up – bigger, better batteries should be able to allay that anxiety.

This is all contingent on the big three phone makers – Apple, Samsung, and Google – taking note of the progress being made by global manufacturers. The best Xiaomi phones are impressive, truly premium units that push the envelope, but with a limited presence in Europe and none whatsoever in the US, it doesn’t have too much of a chance of making waves.

Luckily, we’ve already heard suggestions that Samsung could be picking silicon-carbon batteries for the Galaxy S26 lineup, which we’d expect to launch next year. I’m hoping our list of the best Samsung Galaxy phones will soon be full of handsets that push the envelope when it comes to battery life.

You might also like

• Motorola's new cheap phones offer flagship features for a quarter of the price of an iPhone 16
• Apple tipped to add vapor chamber cooling to the iPhone 17 to prevent overheating
• Honor Magic 7 Pro review: the Android endurance king

• Vulnerability was discovered in W3 Total Cache WordPress plugin, allowing for data exposure, and more
• It affects all versions up to 2.8.2, which was released in response
• Hundreds of thousands of WordPress websites are still vulnerable

W3 Total Cache, a popular website performance optimization WordPress plugin, reportedly carried a high-severity vulnerability which allowed attackers to access sensitive information, abuse service plan limits, and run unauthorized actions.

The vulnerability is tracked as CVE-2024-12365, and has a severity score of 8.5/10 (high). It occurs due to a missing capability check in a function, and affects all versions up to, and including, 2.8.1.

“This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications,” it was said on the National Vulnerability Database website.

WordPress and its plugins

The WordPress plugin repository states that W3 Total Cache has more than a million downloads, with less than half (42.8% running the latest version), meaning more than 500,000 websites could still be vulnerable.

The plugin’s vendor, BoldGrid, has released a fix with its version 2.8.2, and WordPress security project Wordfence urged all users to apply the fix immediately.

WordPress is the world’s most popular website builder platform, powering roughly half of all the websites on the internet.

As such, it is a popular target for cybercriminals, as well, but since the platform is relatively secure, threat actors are mostly focused on third-party plugins and themes, especially those with poor developer or community support.

W3 Total Cache is a powerful WordPress plugin designed to improve website performance by caching content, minimizing code, and optimizing server resources. It claims to be able to help reduce load times, enhance user experience, and improve SEO by integrating features like content delivery network (CDN) support and database caching.

Via BleepingComputer

You might also like

• Another top WordPress plugin found carrying critical security flaws
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now