Technology

Want to watch Minnesota play Seattle? Here's everything you need to stream Sunday's 1:05 p.m. PT game on Fox.

This viral hair styling tool rarely goes on sale, but right now you can grab it for over $100 off and get fast shipping from Amazon.

Internet options in Toledo are limited, but our CNET experts have still found some solid ISPs worth considering in the Glass City.

If you're expecting to move up to a higher tax bracket in future years, it might make sense to convert your traditional IRA to a Roth.

• The total number of free channels is now 171
• Google TV Freeplay remains exclusive to the US
• There's been a recent boom in free TV with ads

We've already seen dozens of new free-to-view channels added to Google TV during 2024, and one more update has been rolled out in time for the holidays – bringing the number of channels available to US viewers to more than 170.

This latest update was spotted by 9to5Google, and should be available now if you're using a television set or streaming device with the latest Google TV software on it. You'll find them under the Google TV Freeplay app.

The new channels are Best of Dr Phil, Xumo Free Holiday Movie Channel, Xumo Free Holiday Classics, Xumo Christian Christmas, Continuum, Z Nation, The Design Network, Filmrise: Classic TV, UFC, Unbeaten, Big 12 Studios, Waypoint TV, and PursuitUP.

There are also updates for Stingray Greatest Holiday Hits, Stingray Soul Storm Christmas, and Stingray Hot Country Christmas. These new channels follow on from Designated Survivor and Places & Spaces – The Great Christmas Light Fight added in November.

Keep them coming

A variety of new features have been added to Google TV this year (Image credit: Google)

That brings the total number of channels available in Google TV Freeplay to 171 – though as 9to5Google notes, some of them are likely to be only available over the holidays (as a few of those title channels would suggest).

One channel has been removed at the same time though: it seems Motortrend Fast TV is no longer available. No doubt this chopping and changing of content is going to continue as we go through 2025 as well.

We've seen a steady rise in the number of free ad-supported television (FAST) channels available on streaming platforms in recent years: there are hundreds more available in apps such as Plex, Tubi, and PlutoTV.

You may remember Google TV adding extra channels in August and September of this year, as well as at other points during 2024. The software has also been given plenty of new features over the last 12 months as well.

You might also like

• Your Google TV has been given a big, free Roku Channel upgrade
• Everything you need to know about the Google TV Streamer
• There's no escaping smart TV ads, as Google TV has added them

GhostBed's Flex Hybrid combines supportive coils with contouring foam for a comfortable feel. Our CNET sleep expert put it to the test to find out whether this high-end mattress is worth your money.

Want to watch Carolina play Arizona? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.

Want to watch New York play Atlanta? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.

Want to watch Detroit play Chicago? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.

Want to watch Philadelphia play Washington? Here's everything you need to stream Sunday's 1 p.m. ET game on Fox.

Cincinnati look to keep alive their fading playoff hopes.

Los Angeles look to make it four wins in a row as they head to MetLife Stadium.

Prime Video has the sci-fi entertainment you've been looking for.

Chromebook VPNs add an extra layer of privacy while browsing the web or unblocking streaming content.

• MLflow identified as most vulnerable open-source ML platform
• Directory traversal flaws allow unauthorized file access in Weave
• ZenML Cloud's access control issues enable privilege escalation risks

Recent analysis of the security landscape of machine learning (ML) frameworks has revealed ML software is subject to more security vulnerabilities than more mature categories like DevOps or Web servers.

The growing adoption of machine learning across industries highlights the critical need to secure ML systems, as vulnerabilities can lead to unauthorized access, data breaches, and compromised operations.

The report from JFrog claims ML projects such as MLflow have seen an increase in critical vulnerabilities. Over the last few months, JFrog has uncovered 22 vulnerabilities across 15 open source ML projects. Among these vulnerabilities, two categories stand out: threats targeting server-side components and risks of privilege escalation within ML frameworks.

Critical vulnerabilities in ML frameworks

The vulnerabilities identified by JFrog affect key components often used in ML workflows, which could allow attackers to exploit tools which are often trusted by ML practitioners for their flexibility, to gain unauthorized access to sensitive files or to elevate privileges within ML environments.

One of the highlighted vulnerabilities involves Weave, a popular toolkit from Weights & Biases (W&B), which aids in tracking and visualizing ML model metrics. The WANDB Weave Directory Traversal vulnerability (CVE-2024-7340) enables low-privileged users to access arbitrary files across the filesystem.

This flaw arises due to improper input validation when handling file paths, potentially allowing attackers to view sensitive files that could include admin API keys or other privileged information. Such a breach could lead to privilege escalation, giving attackers unauthorized access to resources and compromising the security of the entire ML pipeline.

ZenML, an MLOps pipeline management tool, is also affected by a critical vulnerability that compromises its access control systems. This flaw allows attackers with minimal access privileges to elevate their permissions within ZenML Cloud, a managed deployment of ZenML, thereby accessing restricted information, including confidential secrets or model files.

The access control issue in ZenML exposes the system to significant risks, as escalated privileges could enable an attacker to manipulate ML pipelines, tamper with model data, or access sensitive operational data, potentially impacting production environments reliant on these pipelines.

Another serious vulnerability, known as the Deep Lake Command Injection (CVE-2024-6507), was found in the Deep Lake database - a data storage solution optimized for AI applications. This vulnerability permits attackers to execute arbitrary commands by exploiting how Deep Lake handles external dataset imports.

Due to improper command sanitization, an attacker could potentially achieve remote code execution, compromising the security of both the database and any connected applications.

A notable vulnerability was also found in Vanna AI, a tool designed for natural language SQL query generation and visualization. The Vanna.AI Prompt Injection (CVE-2024-5565) allows attackers to inject malicious code into SQL prompts, which the tool subsequently processes. This vulnerability, which could lead to remote code execution, allows malicious actors to target Vanna AI’s SQL-to-graph visualization feature to manipulate visualizations, execute SQL injections, or exfiltrate data.

Mage.AI, an MLOps tool for managing data pipelines, has been found to have multiple vulnerabilities, including unauthorized shell access, arbitrary file leaks, and weak path traversal checks.

These issues allow attackers to gain control over data pipelines, expose sensitive configurations, or even execute malicious commands. The combination of these vulnerabilities presents a high risk of privilege escalation and data integrity breaches, compromising the security and stability of ML pipelines.

By gaining admin access to ML databases or registries, attackers can embed malicious code in models, leading to backdoors that activate upon model load. This can compromise downstream processes as the models are utilized by various teams and CI/CD pipelines. The attackers can also exfiltrate sensitive data or conduct model poisoning attacks to degrade model performance or manipulate outputs.

JFrog’s findings highlight an operational gap in MLOps security. Many organizations lack robust integration of AI/ML security practices with broader cybersecurity strategies, leaving potential blind spots. As ML and AI continue to drive significant industry advancements, safeguarding the frameworks, datasets, and models that fuel these innovations becomes paramount.

You might also like

• Take a look at the best cloud firewalls available today
• These are the best business VPNs around right now
• Deepfakes and AI attacks are worker's biggest security worries

While you won't easily get access to fiber internet in New Mexico, there are several other options to choose from.

Our sleep experts have put decades of experience to the test and found the best mattresses to address back pain.

L'Oréal's first professional hair dryer combines infrared light, wind, and heat to drastically reduce your drying time.

Liverpool look to get back to winning ways as they travel to north London.

If you feel guilty eating your favorite foods, here's how to enjoy them without the guilt.