Technology

Your favorite retailers carry some of our favorite mattress brands. You might find your next bed at stores like Costco, Target and Walmart.

The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen.

Netflix is adding two new documentaries to its content library at the end of the month that tackle very different subjects. So if you can't get enough factual content, or you're looking for something to watch after devouring our list of the best Netflix documentaries, you won't want to miss these.

One is a heartwarming feature where comedian and actor Will Ferrell goes on a road trip with his friend, who has recently transitioned to live as a trans woman. The other focuses on the former CEO of WWE, Vince McMahon, chronicling the rise and fall of the controversial figure across six episodes.

There's plenty to learn about thanks to these two new documentaries. Here's what you need to know about both the new documentaries arriving on the best streaming service.

Will & Harper

Release date: September 27

Directed by Josh Greenbaum, this emotional documentary explores the friendship between Will Ferrell and former Saturday Night Live head writer Harper Steele. When Will gets an email from his long-time friend, where she comes out as a trans woman, the two head off on a road trip to reconnect, and learn more about Harper's identity and experience transitioning later in life and in the United States, something she has complex feelings about. She says in the trailer: "I love this country so much, I just don't know if it loves me back right now." You'll definitely need tissues for this one, I've already cried!

Mr. McMahon

Release date: September 25

Elsewhere, Tiger King filmmaker Chris Smith told Tudum that he's "pulled back the curtain to reveal the true Vince McMahon obscured beneath the persona he presented to the world" in this docuseries. Across the six-part series, there are more than 200 hours of interviews with McMahon himself (prior to his resignation), as well as his family members, business associates, and some of the most iconic names in wrestling history, alongside the journalists who uncovered McMahon's allegations. While this will no doubt be a tough watch, it feels like an important one.

You might also like

• Netflix is serving up three more Chef's Table seasons and I'm salivating over the noodle-focused special
• Netflix just released The Perfect Couple trailer and I'm already obsessed with Nicole Kidman's shady matriarch character
• Netflix will release Arcane season 2's official trailer sooner than I expected, and I'm praying it tells us one big thing

In early August, cybersecurity researchers from Cybernews discovered an unprotected database containing sensitive information on hundreds of thousands of Chinese individuals. To this day, they haven’t figured out who the database belongs to, or why it was generated and left open in the first place.

Using Elasticsearch, a search engine for databases, the Cybernews team found a database containing details on 762,000 car owners, and their vehicles. The archive contained people’s names, ID numbers, phone numbers, email addresses, postal addresses, birth dates, vehicle identification numbers (VIN), car brand, car model, engine number, and vehicle color. In other words, there was more than enough information to engage in identity theft or even worse - grand theft auto.

“The exposure of this database is particularly alarming due to the detailed nature of the personal and vehicle information involved. The breach could have severe consequences for the affected individuals, including identity theft, financial fraud, and potential physical security risks,” Cybernews researchers said.

Mystery owners

The owners of the database remain a mystery. The archive was hosted on a US-based IP address, and after it was discovered on August 4, it was locked down after 48 hours.

The researchers speculate foul play here. They don’t believe that a legitimate company was gathering and storing the information, but rather that this was the work of a threat actor. The argument is that no company would need such a specific combination of information, while cybercriminals would. Still, no one has come forward to claim ownership over the database.

Unprotected databases remain one of the most common reasons for data leaks and spills. Nowadays, the majority of sensitive data is stored in the cloud, and in many cases, the administrators simply forget (or can’t be bothered) to protect it with a password, or multi-factor authentication (MFA).

More from TechRadar Pro

• Over 750 million records exposed by ERP firm data breach — find out if you're safe
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

New Mint Mobile deal offers the Google smartphone for only $699.

Snag yourself lifetime access to a huge 262 hours of CompTIA certification prep content for just $50.

Nine years after its predecessor debuted, the fourth-generation Nest Learning Thermostat blends beauty with smarts.

Zelda finally takes the lead role in the franchise that bears her name. In a hands-on preview, I learned there are countless ways she can save the day.

Saturn will be in opposition on the evening of Sept. 8, while Neptune hits its opposition on Sept. 21.

As companies like Apple, Google and Samsung load their devices with AI, many consumers are still unimpressed -- and unwilling to pay for those premium features.

Legend of Zelda: Echoes of Wisdom gives Princess Zelda some entertaining ways to solve problems. CNET's Bridget Carey gets a preview and is good with naps.

Apple's iPhone 16 could divide Apple users like never before, all because of fragmentation around Apple Intelligence. CNET's Bridget Carey explains the drama brewing around Apple's AI.

Dedicated web hosting gives you an entire server, allowing you to host tons of web pages and accommodate millions of monthly visitors. Here are the best dedicated web hosts on the market.

If you’ve been waiting to upgrade your gaming PC I’d suggest waiting a little bit longer, as a new rumor suggests that Nvidia could launch its next-gen RTX 5080 and RTX 5090 graphics cards in a matter of weeks.

The rumor comes from Chinese website Benchlife – and reported by PC Gamer – which says (translated) "If all goes well, the GeForce RTX 5090/D and GeForce RTX 5080/D with the Blackwell GPU architecture are scheduled to officially launch in September."

This is both exciting and surprising. Nvidia’s current flagship GPU, the RTX 4090, launched back in October 2022, and while it remains one of the best graphics cards ever made, and very few games even come close to making use of all its power, there are plenty of enthusiasts (including me) who are excited to see how Nvidia improves upon it.

While Nvidia’s RTX 5000 series of graphics cards, built on its new Blackwell architecture, has been expected for a while now, previous rumors had us preparing for a late 2024 or early 2025 launch. So, if this rumor is correct – and that’s a big if at the moment – then we’re getting the two high-end Blackwell GPUs earlier than expected.

Hold your PC building horses

While I’m not entirely convinced that this rumor is accurate, as we’ve had no other leaks suggesting a launch is imminent, it’s not out of the question, either. As I mentioned above, the RTX 4090 launched in October 2022, so a September 2024 announcement for its successor is possible.

Regardless, we’ll likely see new Blackwell graphics from Nvidia sooner rather than later, and that’s why I feel right now is the wrong time to build or upgrade your gaming PC. We’re so close to a likely launch that it’s worth holding on a little longer to see what these new GPUs have in store.

If they blow our socks off, then you can build your PC around the new GPUs and have a cutting-edge gaming rig that will play the best PC games with ease for years to come.

On the other hand, if they are a disappointing upgrade over the RTX 4000 series, you could end up saving money, as the prices of the RTX 4080 and RTX 4090 will likely drop once newer models are out.

We won’t know for sure until the new GPUs are officially announced, though recent rumors suggest the RTX 5090 in particular could be a real power guzzler. Hopefully, we won’t have much longer to wait, then we can crack open our gaming PCs and get upgrading.

You might also like

• Nvidia RTX 5090 may not be the fastest next-gen GPU
• The best cheap graphics cards: top GPUs on a budget
• Top gaming PCs: great rigs for serious PC gaming

Amazfit has become a great pick for anyone looking for a cheap fitness tracker or a cheaper rival to one of the best Garmin watches, but its next release could be its most ambitious yet.

The company has revealed the T-Rex 3, which it dubs the "ultimate outdoor GPS smartwatch" at the IFA Berlin event, following leaks late last month.

The latest addition to the Amazfit Adventure lineup has a 25-day battery life with 100 hours of continuous support in GPS mode. It also has a 1.5-inch AMOLED display comprised of Corning Gorilla Glass, and a 2,000 nit brightness rating that certainly makes it competitive with other options.

The watch will include over 170 sport modes covering everything from fishing to skydiving, and will once again pair with the Zepp app on iOS or Android. It'll also play nicely with the Amazfit Helio Smart Ring.

The watch will retail for a suggested retail price of $299 (around £230 / AU$440), making it a more premium option in the Amazfit portfolio, but still a far cry from the almost four-figure price tag of other adventure watches like the Garmin Fenix 8.

The Amazfit T-Rex 3 will come in Black, Cangshan Green and Red Rock colorways.

Amazfit's move into premium territory?

The AmazFit T-Rex 2 smartwatch, as tested in 2022 (Image credit: Future)

"The T-Rex 3 exemplifies Amazfit's dedication to advancing wearable technology for active and adventurous individuals," Wayne Huang, CEO of Zepp Health said via a press release.

"Its rugged design, extensive features, and unmatched battery life make the T-Rex 3 perfect for those who live an active lifestyle and are always ready for their next adventure."

We've already taken a look at the Amazfit T-Rex 2 way back at the end of 2022, praising its durable design and battery life, but there were a few accuracy issues here and there. While we were less impressed by the Zepp app, the app has seen big improvements throughout 2023 and 2024.

You might also like

• RIP Fitbit smartwatches – an end we could see coming a mile away
• Pixel Watch 3 vs Galaxy Watch 7: Google and Samsung’s latest timepieces square off
• Wear OS watches including the Pixel Watch 3 are now getting offline Google Maps

Apache released a patch for a critical severity vulnerability in its OFBiz software. The bug is an arbitrary code execution flaw, allowing threat actors to run any code on either Windows, or Linux servers.

Apache OFBiz (short for Open For Business) is an open-source enterprise resource planning (ERP) system that provides a suite of applications designed to automate and manage a wide range of business processes. It offers a comprehensive platform for businesses to handle operations such as customer relationship management (CRM), supply chain management, inventory management, accounting, e-commerce, and more.

According to cybersecurity researchers Rapid7, the bug stems from a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks. "An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server," the researchers explained.

Mitigations and fixes

The vulnerability is now tracked as CVE-2024-45195, and carries a severity score of 7.5 (high). All versions prior to 18.12.16 were vulnerable, and in the latest version, Apache addressed the issue by adding authorization checks. Users are advised to apply the patch without hesitation.

The researchers further explained that this is not the first vulnerability, or the first patch, to address the very same kind of flaw. Last year, Apache released three patches for three flaws that all had the same root cause: CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856.

That being said, CVE-2024-45195 is a patch bypass for the three older ones.

“All of them are caused by a controller-view map fragmentation issue that enables attackers to execute code or SQL queries and achieve remote code execution without authentication,” the researcher concluded.

Earlier this month, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that one of the three flaws - CVE-2024-32113, was being exploited in attacks, and added it to the Known Exploited Vulnerabilities (KEV) catalog.

Via BleepingComputer

More from TechRadar Pro

• Apache HugeGraph users told to patch immediately to stay safe from this dangerous bug
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Apache released a patch for a critical severity vulnerability in its OFBiz software. The bug is an arbitrary code execution flaw, allowing threat actors to run any code on either Windows, or Linux servers.

Apache OFBiz (short for Open For Business) is an open-source enterprise resource planning (ERP) system that provides a suite of applications designed to automate and manage a wide range of business processes. It offers a comprehensive platform for businesses to handle operations such as customer relationship management (CRM), supply chain management, inventory management, accounting, e-commerce, and more.

According to cybersecurity researchers Rapid7, the bug stems from a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks. "An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server," the researchers explained.

Mitigations and fixes

The vulnerability is now tracked as CVE-2024-45195, and carries a severity score of 7.5 (high). All versions prior to 18.12.16 were vulnerable, and in the latest version, Apache addressed the issue by adding authorization checks. Users are advised to apply the patch without hesitation.

The researchers further explained that this is not the first vulnerability, or the first patch, to address the very same kind of flaw. Last year, Apache released three patches for three flaws that all had the same root cause: CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856.

That being said, CVE-2024-45195 is a patch bypass for the three older ones.

“All of them are caused by a controller-view map fragmentation issue that enables attackers to execute code or SQL queries and achieve remote code execution without authentication,” the researcher concluded.

Earlier this month, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that one of the three flaws - CVE-2024-32113, was being exploited in attacks, and added it to the Known Exploited Vulnerabilities (KEV) catalog.

Via BleepingComputer

More from TechRadar Pro

• Apache HugeGraph users told to patch immediately to stay safe from this dangerous bug
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Controlling an iPhone from another room is an impressive technical feat, but is it really practical? We run down the real-world situations for when it's genuinely helpful to remotely mirror your phone from your computer.

After eight years of development, Sony pulled the plug on Concord today after just two weeks. Fans loved it, but seemingly not enough. Is the future of the industry blockbuster-or-bust?

A 125-year-old theory explains why humans want luxury items even more when the prices go up. Blame social media—and ubiquitous counterfeits—for making it even worse.