Technology

• Microsoft has new rules to ensure more consistency with USB-C ports
• This means every USB-C port will offer data, power, and display support
• Previously, you weren’t guaranteed to get all of those basic elements if laptop makers cut corners with their connectors

Going forward, the USB-C ports on Windows 11 laptops will be held to more consistent standards that mean users can expect a minimum amount of functionality with any given connector.

Tom’s Hardware noticed Microsoft’s blog post explaining a fresh update to the Windows Hardware Compatibility Program (WHCP) that’s designed to end confusion around USB-C ports. The broad idea is to ensure every single one of these connectors deliver certain key features in terms of data transfer, power delivery (charging), and running an external monitor.

Currently, while the USB-C specification encompasses all those separate elements – and a lot of versatility for the port therein – parts can be missing with connectors on some laptops, as it’s not mandatory to include everything.

Microsoft has changed this with its new way of working, observing that: “While the USB specifications give PC manufacturers the ability to choose which optional features the port supports, we set out to establish a minimum bar for USB-C port capabilities on PCs.”

That baseline bar means that with Windows 11 laptops (and tablets), all USB-C ports must provide display support (to connect a monitor), PC charging support (power), and of course data transfer (which all USB connectors do, of course) at a certain speed.

Furthermore, Microsoft notes that any port which supports USB 40Gbps will work fine with both USB4 and Thunderbolt 3 peripherals.

These updated WHCP requirements have come into play with Windows 11 24H2, and notebooks running 24H2 will already support them.

Analysis: Consistency with connectors

(Image credit: Microsoft)

With the old way of working, the practicality of USB-C ports is that you might buy a laptop which comes with a few of these connectors, and be quite happy chugging along using them for USB sticks or charging. Then, one day, when you plug in a monitor, you’ll suddenly find out that your ports don’t support a display, because the laptop maker produced these USB-C connectors without that particular capability (to save a bit of money).

The problem is there’s no clear labelling on a USB-C port, and you may not find out about any missing pieces of the functionality puzzle until you come across them in this way – and it’s too late at that point.

With the new minimum standard in place, all USB-C ports on WHCP-certified Windows 11 laptops will definitely support all those three basic pillars: power, display, and data transfer.

Now, note that there are still variations in the specs of USB-C ports, in terms of how many displays they may support, or how much power the USB cable will deliver, and the speed of data transfers (all of which should be made clear in the notebook’s spec).

See the screenshot above for the details, but the central point is that from now on, you know that all three of the fundamental bases are covered with at least some level of functionality when you’re buying a new Windows 11 laptop – with every single USB-C port on-board the device – which has to be a good thing.

You might also like...

• macOS Tahoe rumored to follow Sequoia – here’s 3 things to expect from Apple’s next desktop OS
• Can’t upgrade to Windows 11? This Linux project wants to save your old PC from the scrapheap when Windows 10 support ends
• Been hiding from Windows 11 24H2 due to the fuss about all the bugs? There’s nowhere to run now as Microsoft’s made the update compulsory

Nintendo issues warning for Switch 2 console just days before its widely anticipated release.

• Report claims one in three firms don't trust US Big Tech to handle their data correctly
• Civo finds three in five are focused on improving data sovereignty
• Tariff-induced cost fluctuations are also concerning UK IT leaders

More than three in five UK IT leaders say the country's government should stop using US cloud services due to security and economic risks, with many citing ongoing trade war-induced tariffs as a core concern.

A new report from Civo claims a similar amount (61%) of British IT leaders also cite data sovereignty as a strategic priority going forward, with a broader trend of data privacy emerging not just among cloud adoption but also relating to the use of artificial intelligence.

Today, nearly half (45%) are actively considering repatriating from the cloud as they turn back to environments that they have more control over.

Cloud security and cost worries

With EU and UK data protection regulations offering improved compliance and transparency, two-fifths of IT leaders say they're more likely to move away from US providers.

During a time when three of the world's leading hyperscalers (Amazon, Microsoft and Google) account for around two-thirds of the cloud market, Civo's report claims only one-third (36.6%) trust Big Tech AI providers to handle their data, with data sovereignty ranking second to price as an influencing factor for the decision to move away from Big Tech.

"People are more alert than ever to just how valuable their data is, and it’s been astonishing how quickly cloud repatriation and sovereignty have become leading strategic considerations for IT leaders," said Civo CEO Mark Boost.

"US providers are failing to meet [the] demand" for greater visibility over data storage and usage, Boost added, noting Europe leads the way in terms of sovereignty initiatives, urging the "UK to match the energy" of its continental counterparts.

You might also like

• Microsoft completes EU cloud sovereignty project, letting Europe-based cloud customers store and process data in the EU
• We've listed the best cloud computing providers you could consider
• These are the best cloud storage and best cloud backup tools

Looking for a solid internet connection in El Paso? Our experts have found the best ISPs in the area with the fastest speeds, pricing and reliability.

The next version of Apple’s desktop operating system for its Macs, to take the baton from macOS 15 Sequioa next year, will apparently be macOS Tahoe.

According to Mark Gurman’s newsletter for Bloomberg – a leaker who’s already flagged an apparent change in numbering, predicting this will be macOS 26, not 16 – Lake Tahoe is seemingly the next place that Apple will name its product after.

Cue a bunch of jokes drawing similarities between the next macOS and the hulking Chevrolet Tahoe, and tongue-in-cheek comments about how the operating system is bound to be bloated and slow.

As ever, this is still a rumor, so we shouldn’t get carried away with the idea – though Gurman is one of the more prolific and reliable Apple leakers, for sure.

At any rate, whatever the next incarnation of macOS is actually called, when is it out, and what can you expect from it?

Let’s dive into those details and touch on a few of the rumored key features to watch out for in macOS 16, or indeed macOS 26 – Tahoe – ahead of Apple’s big revelations about the operating system at WWDC 25 soon.

macOS 16: release date

(Image credit: Apple)

macOS Tahoe hasn’t been officially revealed or talked about yet, but we're expecting to see it announced at WWDC 2025, which kicks off on June 9.

A potential release date also hasn't been aired. However, Apple typically deploys its new version of macOS in September or October, so we can likely expect the refreshed desktop OS to roll out to Macs around that time.

macOS 16: Rumored new features

(Image credit: Shutterstock)1. An all-new look

If you’ve been getting a bit bored with the look of macOS, which hasn’t changed much as this decade has rolled onwards, here’s some potentially good news – one of the major changes rumored for Tahoe is a revamped look.

While not much in the way of detail has been provided, the rumor that the interface is due for a big overhaul again comes from Mark Gurman. In theory, this is part of a plan to align the design language and appearance of Apple’s software across iOS, macOS, and iPadOS (as well as other platforms).

So, it’ll be of even greater benefit to those with multiple Apple devices to have similar-looking icons or menus (and more besides, no doubt).

(Image credit: Apple)2. Accessibility features in spades

Apple recently announced a raft of new accessibility functionality across its various devices including Macs, and some of these will surely debut in macOS Tahoe.

That includes Personal Voice, which can capture the voice of someone who is losing their ability to talk, and Magnifier for Mac. The latter leverages your iPhone (or a USB camera) to be able to zoom in to, say, a distant whiteboard, and present the writing on the board to the user on their Mac’s screen – seriously nifty stuff for those who are vision-impaired.

In a similar vein, Accessibility Reader can take images of book pages and show them on the Mac display, allowing for zooming, or changing fonts or colors to make things clearer.

(Image credit: Future)3. Wi-Fi timesaver

This is a feature that’s coming with iOS 19, according to Gurman, but logically it must also apply to macOS Tahoe (and other Apple platforms besides), because it’s all about unifying public Wi-Fi logins across multiple Apple devices for convenience.

As it stands, when you’re in a hotel, gym, or other place with public Wi-Fi, you may have to fill out a form before you can connect to the network and go online. Doing this on multiple devices is even more of a pain, but with this new feature, you’ll only have to complete said form once, and all your other Apple devices will automatically use those details.

So, for example, tackle the form on your MacBook, and you’ll also be good to go on your iPhone and iPad – neat.

You might also like...

• What to expect from Apple Macs in 2025
• Can’t upgrade to Windows 11? This Linux project wants to save your old PC from the scrapheap when Windows 10 support ends
• iOS 19: new features, a new design, and everything you need to know

• Ricoh GR IV prototype now on display to the public in the company's GR Space showroom in Tokyo
• Ricoh has already confirmed GR IV is on course for an 'autumn 2025' launch
• A variation with highlight diffusion filter will follow in 'winter 2025'

I’ve been keenly waiting for a first look at the upcoming Ricoh GR IV – but now that it’s happened, I can’t help but feel a little underwhelmed. Disappointed, even.

The long awaited replacement for the excellent Ricoh GR III (which will be discontinued), the GR IV is set to be the next flagship model in Ricoh’s iconic range of premium digital point-and-shoots.

The GR series has gained something of a cult classic status among photographers, prized for their pocketable size, unassuming design and use of large sensors. They're ideal for street photography and holiday snapshots alike, so the release of a new model is always something of an event for photo enthusiasts.

And now a prototype of the Ricoh GR IV is on display at GR Space, the company’s Tokyo camera and photography showroom, allowing curious members of the public to come and take a look (but not have a hands-on experience – this is just an exterior prototype, so not functional).

A tilting LCD and integrated flash would vastly improve the GR series – but it doesn't look like either are coming to the GR IV. (Image credit: Future)

It should be an exciting time for a Ricoh fan like me, but I’m finding the lack of changes over the GR III a bit concerning. The design, for instance, is nigh-on identical to the GR III. I would have loved to have a seen a built-in flash and a tilting LCD screen, but the prototype doesn’t have either.

I also want improvements to autofocus, and to the ruggedness of the camera – and these things are looking doubtful too. Although I will caution that, with this being a prototype, things could change between now and the autumn 2025 release date.

GRIV pic.twitter.com/YF0HsV8HW0May 31, 2025

Reasons to be cheerful?

On the plus side, it will come with a higher resolution sensor, new lens, better image stabilization, some control tweaks and refinements such as a plus / minus switch and a D-pad in place of a control wheel, 53GB of built-in memory (as well as a microSD card slot - not SD) and improvements to the way in which images are shared, all of which are nice – if not as transformational as I was hoping for.

Instead, it appears that the GR IV is going to be a small upgrade. There’s nothing wrong with that per se, and users upgrading from older GR models or buying their first ever GR camera are probably going to be in for a treat. People who own a GR III or GR IIIx, on the other hand, might find few compelling reasons to make the upgrade.

All that being said, I can’t wait to give the camera a real-world test to find out the most important thing: how it performs in the field. Rest assured TechRadar will be getting hold of a review sample as soon as Ricoh is able to loan one to us.

You might also like

• Camera rumors for 2025: new gear we're expecting soon from DJI, Sony, Canon and more
• Ricoh GR IV: 5 things I want to see
• The best compact camera for 2025: top pocket choices to take anywhere

Here are hints and the answer for today's Wordle, No. 1,444, for June 2.

Looking for a gift that delivers premium quality without totally going overboard? Our gifting experts curated a selection of the best gifts under $300. Every item on this list has been handpicked and thoroughly tested by CNET’s experts.

Apple apparently intends to position itself as a major player in video games. Again.

• The Philips Hue AI assistant is now rolling out for iOS users in Benelux
• If you live somewhere else, you can use VPN to try it early
• The assistant lets you make custom lighting scenes with voice commands

The new Philips Hue AI assistant is starting to roll out now, letting you create custom lighting scenes to set a mood using natural language.

Signify (the company behind Philips Hue) revealed that it was working on an AI tool for its smart lights at CES 2025 in January, and promised that the new assistant would make it easy to create "personalized lighting scenes based on mood, occasion, or style".

The company has now got the ball rolling with an initial launch in the Benelux countries, but if you live elsewhere, then you can get around the geographic restriction by using one of the best VPNs to relocate yourself virtually in Belgium, Luxembourg, or the Netherlands.

Signify teased the Philips Hue AI assistant at CES 2025 in January (Image credit: Signify)Make it personal

Fabian over at Hueblog.com, who is based in Germany, managed to get the assistant working by using a VPN to switch his IP address to one of the supported countries and changing his language setting to English.

With that done, he was able to use simple voice commands to look for existing lighting scenes or create whole new ones. That'll be music to the ears of anyone who's struggled to track down seasonal lighting schemes for their best smart lights at Christmas or Halloween, or doesn't want to spend time flicking through the presets to find something suitable for the moment.

The only drawback is that, for the time being, the AI assistant appears to be exclusive to iOS. Despite attempting the same for all three Benelux countries, I was unable to access the tool on Android, and a Hueblog reader based in Belgium reported the same problem.

The Hue AI assistant has only just started to launch, though, and I expect Android owners won't be left in the dark for long. I'll bring you more news about its availability over the coming weeks.

You might also like

• Nanoleaf's new indoor and outdoor smart lights are its funkiest designs to date
• Got Philips Hue lights? This new customizable button could make them even smarter
• Your LG TV can now synchronize with Philips Hue lights without a pricey HDMI Sync Box

• Security researchers find two flaws in vBulletin
• Both are critical in severity, and can be chained for RCE
• One of the flaws is being actively exploited

A critical security vulnerability found in the popular forum software vBulletin is being abused in the wild, experts have claimed.

Cybersecurity researcher Ryan Dewhurst, who claims to have seen exploitation attempts in the wild, says the vulnerability can in theory be used to grant the attackers remote code execution (RCE) capabilities.

Dewhurst says the bug, tracked as CVE-2025-48827, is described as an API method invocation flaw, with a severity score of 10/10 (critical). It affects vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, running on PHP 8.1 and later.

Doxxing Stern

Dewhurst said that he first saw exploitation attempts in his honeypot on May 26. The attacks originated in Poland, he added, stressing that PoCs were available for a few days at this point.

It is also worth mentioning that the bug was first spotted by security researcher Egidio Romano (EgiX), who also observed a “Template Conditionals in the template engine” vulnerability, tracked as CVE-2025-48828.

This one has a severity score of 9.0/10 (critical), and grants the attackers remote code execution (RCE) capabilities. These two can allegedly be chained together, but so far, the researchers haven’t seen the chain in the wild.

According to BleepingComputer, the bug was probably patched quietly, when Patch Level 1 (for all versions of the 6) and Patch Level 3 (for version 5.7.5) were released. The publication claims that many sites remain at risk since not all admins are diligent when it comes to patching.

vBulletin, BleepingComputer further stresses, is one of the most widely used commercial PHP/MySQL-based forum platforms, powering thousands of online communities globally.

It owes its popularity, among other things, to its modular design, which makes it both flexible and complex. It also makes it somewhat more exposed to threats.

You might also like

• Conti ransomware group officially shuts down - but probably not for long
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

The best VPNs for Google Chrome let you unblock geographical restrictions and add a layer of privacy to your browser using a browser plug-in or native device app.

Despite Honda teasing a number of all-electric motorcycle concepts at several shows, including last year’s EICMA event in Italy, it has yet to fully commit to electrification and put something meaty into production.

That is all about to change, as its collaboration with Chinese bike-maker Wuyang has resulted in the Wuyang-Honda WH8000D, or the first production electric motorcycle from the famous Japanese two-wheel specialist.

Granted, Honda-badged electric scooters have come before this, but the WH8000D, which will likely be called the E-VO in its domestic Chinese market, is the first to resemble a 'proper' motorcycle.

Taking inspiration from the gorgeous RC-E concept bike that appeared at the 2011 Tokyo motor show, the E-VO boasts retro-futuristic cafe racer styling, with a neat round headlight, sporty fairing, rear-set footpegs and slightly dropped handlebars.

It’s a little awkward to look at and not quite as handsome as the 1960s GP bike-influences of the aforementioned concept, but it is arguably more impressive than the step-through electric scooters that have so far rolled out of Honda production facilities.

Despite adopting the air of a larger capacity machine, the E-VO is designed to compete with 125cc combustion engine motorcycles, as the motor it uses boasts a peak power of 15.3 kW – or around 20bhp, according to Electrek.

This means that the top speed will be limited to around 68mph to 75mph in the lightest models, although Wuyang-Honda suggests it can accelerate from rest to around 30 mph (city traffic speeds) in just 2.8 seconds .

The second sticky issue is the battery capacities and charging speeds, as it will be offered in China in either 4.1 or 6.2 kWh guises. The former offers around 74 miles of range but weighs a portly 143kg.

There is also a heavier triple battery pack option that sees the range climb to 105 miles, but charging takes around 2.5 hours on a standard domestic outlet or about 90 minutes on a low-power Level 2 EV charger. There’s no option to fast charge the motorcycle.

However, battery swap technology is becoming increasingly popular in China (and further afield), with Cycle World suggesting that the E-VO could well take advantage of something like Honda’s existing Mobile Power Pack e swappable tech.

This would allow users to either remove the batteries and charge them away from the bike, but also swap them for fully charged units at dedicated stations.

But if that sort of convenience doesn't exist, the Wuyang-Honda becomes a vehicle that is really only good for short commutes – something that can easily be tackled by a more affordable and more convenient ICE scooter.

Bang for the yuan

(Image credit: Wuyang-Honda)

Despite looking slightly odd, not packing particularly punchy performance, offering relatively meager range and slow charging speeds, the Honda-Wuyang E-VO comes fitted with some impressive technology for the money.

According to Electrek, prices start at 29,999 yuan, or about $4,500 / £3,100 / AU$6,465 for the 4.1 kWh version, and 36,999 yuan (about $5,100 / £3,811 / AU$7,970) for the 6.2 kWh triple-pack version.

However, the bikes come complete with two 7-inch TFT displays that take care of instrumentation, as well as some infotainment duties. There are also built-in front and rear dash cams for added safety.

Throw in the 'big bike' inverted front forks, disc brakes and adjustable levers and it starts to look like an impressive package for the money, but it will likely be a lot more expensive should it be primed for global sales.

This is where smaller-capacity EVs like this don’t really make much financial sense, as their combustion engine counterparts are more convenient, offer similar performance and generally cost less. Take the Maeving RM-1, Super Soco’s TC Max and Kawasaki’s Ninja Z e-1 as good examples of this.

But a wider range of electric motorcycles are on the horizon, with Royal Enfield hoping to be among the first major manufacturers to offer low-cost electrified two-wheel transport when its Flying Flea model eventually goes on sale in early 2026.

You might also like

• I rode the new Maeving RM1S – and it's the first truly convincing 125cc electric motorbike I've tried
• Royal Enfield has turned this classic WW2 bike into a next-gen EV range – and it might just take electric motorcycles mainstream
• Honda unveils a series of sleek EVs for China and they're way more exciting than anything we get in the rest of the world

• Barclays has reportedly agreed to purchase over 100k Copilot licenses
• Microsoft has signed multiple similar deals with other companies like Siemens
• The firm is set to invest $80 billion into AI this year alone

Microsoft recently announced in a town hall meeting that it has signed an agreement with Barclays bank, in which it will provide 100,000 Copilot AI assistance licenses.

Microsoft’s Chief Commercial Officer Judson Althoff recently revealed to company town hall attendants, “multiple dozen” customers have over 100,000 Copilot users, including Volkswagen, Siemens, and Toyota - deals which could each bring in tens of millions per year for Microsoft.

The official price of a single license is $30 per month, but large deals such as the rumored Barclays agreement are likely to come with a discount.

Spending billions, making millions

Microsoft has invested heavily into AI, and is forecast to spend $80 billion on the technology in 2025, and the tens of millions made in these deals are unlikely to make a dent into the firm’s spending.

The company refused to comment on the Barclays deal when TechRadar Pro reached out.

The two companies have a history of working together, with The Register noting they agreed a multi-year deal for Microsoft Teams usage back in August 2022.

Microsoft CEO Satya Nadella has emphasized a focus on user engagement over pure sales statistics, and despite remaining profitable, Microsoft has announced largescale layoffs, with between 6,000 and 7,000 jobs worldwide expected to be cut - equating to almost 3% of the firm’s workforce - just two years after 10,000 personnel were made redundant (5% of the workforce).

"We continue to implement organizational changes necessary to best position the company for success in a dynamic marketplace," a company spokesperson confirmed.

“This was not about people failing. It was about repositioning for what comes next,” Nadella said at the time, who went on to stress that where Copilot is concerned, “adoption is key” - arguing that organisations need to fully integrate the assistant technology into their daily workflows in order to unlock its full potential.

Via Bloomberg

You might also like

• Take a look at our picks for the best AI tools around
• Check out our choice for best antivirus software
• Generative AI isn't biting into wages, replacing workers, and isn't saving time, economists say

• watchOS 12 will be announced on June 9
• It may have a new name, however, in line with reports Apple is changing the numbers on its OS releases
• Below are three features I think we'll see this year

Apple's WWDC 2025 event is coming in a matter of days, and while this conference is usually focused on developers, I'm expecting big things from iOS, MacOS, iPadOS and, yes, watchOS – the operating system used to power Apple Watches.

While we'll have to wait for September for new models to add to our best Apple Watches list – Apple almost never debuts this sort of hardware at WWDC – we're likely to see a host of new software features.

While watchOS is hardly ever Apple’s main focus for its developer-focused events, it still gets a chunk of time dedicated to it every year. Below are three features I expect to see announced for the future Apple Watch platform.

Before we start:

It’s worth noting while most people are expecting this year’s release to be called watchOS 12, there’s every chance Apple mixes things up somewhat.

In recent weeks, Bloomberg has suggested our devices will be running iOS 26, iPadOS 26 and so forth, with future releases adhering to this new naming convention.

Will we be using watchOS 26 from September, when it's released to the public? We’ll soon find out.

1. Apple Intelligence on Apple Watch

(Image credit: Anna Hoychuk / Shutterstock)

Response to last year’s Apple Intelligence big reveal was somewhat tepid, and some reports have painted a picture of a company struggling to gain a foothold in the AI age.

That makes June 9’s showing very important to show that Apple can run with the seriously AI-focused tech giants such as Google and OpenAI. Bloomberg's Mark Gurman has suggested it’s possible –at least in branding – for Apple Intelligence to arrive on watchOS in a limited capacity.

The Bloomberg report linked above suggested Apple “is branding a new set [of] features as 'powered by Apple Intelligence’ (even though the device isn’t actually running the AI models directly).”

That latter point is key because it could mean your current Apple Watch is able to run some of these “Apple Intelligence” features without needing to splurge on a future model.

There is reportedly a trifecta of features planned; Genmoji creation on a user’s wrist, notification summaries planned for widgets on your Apple Watch, while Siri could see an Apple Intelligence-style refresh. However, this reworking of Siri won't be to the extent Apple promised for the iPhone last year.

2. A redesigned, Solarium inspired UI

(Image credit: Apple/Future)

It wasn’t all that long ago that Apple shook up watchOS with its watchOS 10 update, offering widget stacks reminiscent of the best Garmin watches' UI. Now, rumor has it we could get a broader visual overhaul that encompasses just about every platform, including watchOS, iOS and even MacOS.

Multiple reports have suggested that Apple will use a new design language that’s internally referred to as ‘Solarium’, with a much brighter design, possibly with increased window transparency.

It’s been tipped for iOS, iPadOS, macOS, tvOS, and watchOS. We’re curious to see how the latter works, though, especially since watchOS has always been set against a black backdrop. Color us intrigued.

3. An exercise highlight

(Image credit: Getty Images / Javier Zayas Photography)

Apple loves to showcase one exercise in the upcoming OS where it can, releasing a bunch of new features to excite fans. We’ve seen a big focus on running in watchOS 9 and cycling for watchOS 10 in the past, but where could Apple go next?

We’d love to see a way to track strength workouts within Apple’s own ecosystem: gymgoers are crying out for more ways to make the most of their Apple Watches. However, our money is on something set outdoors.

Rumors have suggested an Apple Watch Ultra 3 is incoming this year, so we’d be very surprised if Apple doesn’t push the rugged durability, GPS capabilities and longer-lasting battery of the Apple Watch Ultra series in some regard.

A marathon? A triathlon? What about rucking – the trendy exercise consisting of walking with a weighted backpack? We’ll find out on June 9.

You might also like...

• Garmin's long-rumored Whoop-style screenless 'sleep band' will reportedly break cover soon
• We may have some information on incoming smartwatches from Android phone and tablet maker HMD
• I tried this armband-style Coros heart rate monitor to free me from the shackles of smartwatches

Hardwood floors and other hard flooring types like vinyl and tile are common, but not all vacuums work well on them. Here are the ones CNET experts have tested for the best performance.

Apple's nature-themed monikers for its desktop operating system to continue with the newest MacOS.

• Two information disclosure vulnerabilities were found in Apport and core-dump handler
• They affect Ubuntu, Fedora, and Red Hat
• Mitigations are available, so users are advised to take a look

Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros.

The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information.

The first one is found in Ubuntu’s core dump-handler, Apport, and is tracked as CVE-2025-5054. The second one is found in the default core-dump handler on Red Hat Enterprise Linux 9 and 10, as well as on Fedora. It is tracked as CVE-2025-4598.

Triggering a crash

Apport is an error reporting tool in Ubuntu that automatically collects crash data and system information, while systemd-coredump captures and stores core dumps of crashed processes for later debugging and analysis.

As Qualys explained, for Apport - Ubuntu 24.04 is vulnerable. Versions up to 2.33.0 are affected, as well as every Ubuntu release since 16.04. For systemd-coredump, Fedora 40/41, and Red Hat Enterprise Linux 9, and the recently released RHEL 10 are all vulnerable. Debian systems aren’t vulnerable by default, Qualys added, since they don’t include any core-dump handlers.

In theory, an attacker could trigger a crash in a privileged process and then quickly replace the crashed process before the core-dump handler intervenes.

That way, the attackers could access the core dump which could include sensitive information, such as passwords.

What’s more, since systemd-coredump does not properly validate the kernel’s per-process "dumpable" flag, a threat actor could crash root daemons that for and set UID to their own user ID. That way, they could read sensitive memory from critical processes.

Qualys developed a proof-of-concept (PoC) for both vulnerabilities, and said that to mitigate the vulnerabilities, system administrators should make sure core dumps are securely stored, implement strict PID validation, and enforce restrictions on accessing SUID/SGID core files.

More details about potential mitigations, and which commands to run to secure the infrastructure, can be found on this link.

Via The Hacker News

You might also like

• A worrying stealthy Linux security bug could put your systems at risk - here's what we know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Biometric data, fingerprints, facial scans or iris patterns have long been a key to seamless digital identity. Whether used to unlock a smartphone or verify passengers at airport gates, biometrics are becoming part of everyday life.

As these unique identifiers become more prevalent in our personal and professional lives, their worth is skyrocketing with many experts arguing that biometric data could become more valuable than conventional financial assets. This shift raises urgent questions about data privacy, the emergence of a black market for stolen biometrics and the responsibility of companies that collect, store and process this sensitive information. It’s becoming increasingly important to engage in conversation around the main drivers behind biometrics’ surging value, the inherent risks and the steps we must take to protect this new form of digital wealth.

The allure of biometric data

Biometric technology offers something that passwords, PINs and physical tokens cannot: a secure method of verifying identity-based on an individual’s characteristics. Fingerprints, facial geometry and irises are far more difficult to replicate than traditional credentials. More importantly, these physical attributes cannot be easily reset, simultaneously their greatest strength and most significant vulnerability.

In the UK especially, the popularity of biometrics has skyrocketed. Banks and fintech firms encourage customers to log in through fingerprints or facial recognition, citing convenience and security. At the same time, biometric passports at UK airports streamline queues, providing a look into how identity verification might function for other services in the future.

From a business perspective, biometrics have a broad appeal. Fraud is more complex if a criminal cannot simply guess or steal digits. Meanwhile, customers appreciate the simplicity of scanning a fingerprint rather than juggling multiple login details. This combination of security and convenience has given biometric identifiers an economic value that rivals payment cards or cash.

Hidden dangers and privacy concerns

Importantly, what makes biometric data so appealing for day-to-day transactions also makes it a potential privacy nightmare. Unlike compromised passwords or credit card numbers, biometric attributes cannot be revoked. If a database of facial scans is breached, victims cannot simply “change” their faces to regain control of their information, adding an entirely new dimension to cybersecurity.

A case in point is the BioStar 2 breach, where a central biometric security platform left over a million people’s fingerprints and facial recognition data exposed on an unprotected server. Incidents like this are particularly alarming because a single breach places individuals at permanent risk, enabling criminals to create fake fingerprints or exploit stolen face templates.

Furthermore, misuse of facial recognition in public spaces can erode fundamental rights, enabling authorities or private companies to track individuals secretly. With UK regulators already scrutinizing facial recognition in law enforcement and public venues and as biometrics become more entrenched, the ethical and legal boundaries around its usage will grow more contentious.

The rise of the biometric black market

Where value grows, criminals follow. Cybercriminals have traded in stolen credit card numbers and personal data for years, but biometric information is emerging as a lucrative commodity. On the dark web, “fingerprint kits” and facial image sets now sell for significant sums. A stolen credit card can be cancelled, but a hacked fingerprint is forever.

In some online marketplaces, criminals sell “selfie with ID” packages, bundling a victim’s photograph, personal details, and other documentation. These packages enable fraudsters to defeat facial recognition checks used by banks, cryptocurrency exchanges or government services.

Given the intensity of security around biometrics, these bundles fetch higher prices than typical account credentials. This shift shows that shady marketplaces have realized stolen biometrics aren’t just a one-off windfall; they’re the gift that keeps giving to identity thieves.

Regulation, ethics and responsibility in the UK

Under British law, biometrics are treated as sensitive personal details. Any organization collecting them must secure valid consent, demonstrate a genuine need and apply safeguards like encryption and minimal storage. Significant lapses risk hefty penalties from the ICO. A potential solution to this is storing said data directly on personal devices rather than central servers to limit the damage a large-scale breach can cause. Yet this is not a common practice in the industry.

Following legal rules alone doesn’t guarantee public trust. Firms relying on biometric checks should explain precisely how they gather data, who has access and when it will be deleted. This openness helps prevent backlash and lawsuits; one mistake can severely harm a company’s image. Those handling fingerprints or facial templates have a high duty of care: they must restrict database access and run regular security checks.

A few developers use “cancellable” biometrics which lets them invalidate compromised data, though this approach remains uncommon. Equally important is alerting users at once if a breach happens. Concealing problems only deepens the harm, whereas prompt, honest disclosure can preserve goodwill and set a business apart in a crowded marketplace.

The future outlook

In the coming years, biometric authentication may become a de facto standard for everything from online shopping to medical records access. This will likely coincide with further growth in the dark web market for biometric data as attackers recognize the long-term exploitative potential. We can anticipate an arms race in which hackers develop new spoofing techniques while security researchers refine liveness detection and AI-driven fraud prevention.

On the regulatory front, UK bodies such as the ICO will continue to evolve guidelines to ensure innovations do not jeopardize personal rights. At the same time, international standards, including potential updates to GDPR, will seek to address emerging threats posed by deepfakes and synthetic identities. If biometric data truly becomes “the new currency” of our digital economy, it will demand the same level of oversight as financial assets, if not more.

Yet the future need not be dystopian. Done correctly, biometrics can significantly reduce fraud, streamline processes and offer unprecedented convenience. With robust encryption, limited data retention, transparent policies and a focus on privacy by design, organizations can harness the power of biometric technology without undermining trust. The stakes are high, but so are the benefits, provided we prioritize responsible implementation and vigilant oversight.

We've featured the best Security Key.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

As the promise of AI to rapidly reshape industries intensifies, the gap between having an understanding of AI capabilities and the skills to implement AI solutions continues to widen. This divide is particularly pronounced between senior leadership, who drive digital transformation, and frontline workers, who are expected to implement and adapt to these changes and use this technology in their everyday work.

Recent research highlights the consequences of the AI skills gap, with one-third of UK employees feeling unprepared to adopt AI in the next one to three years. This disconnect between strategy and day-to-day execution on the ground is further underscored by the fact that 77% of UK tech workers admit to pretending they know more about AI than they actually do – illustrating the urgent need for organizations to bridge this gap and promote organization-wide AI literacy.

To address this divide, businesses must move beyond top-down mandates and build AI literacy across their entire workforce. Let’s explore why its important to act now, and how to achieve this in a scalable and effective way.

Why businesses need AI literacy now

According to the World Economic Forum’s 2025 Future of Jobs Report, 39% of current skills in the workforce will become outdated within the next five years, with skills gaps remaining the biggest obstacle to organizational preparedness for future markets. As AI transforms ways of working and skills gaps widen, organizations must act now to equip employees with the knowledge necessary to understand AI applications and leverage them effectively.

First and foremost, businesses must recognize that AI literacy is no longer a nice-to-have, but a necessity. Employees need a foundational understanding of how AI works, where it adds business value and how it can be integrated into daily operations.

AI has the power to enhance efficiency, streamline workflows and improve business operations, transforming organizations across industries. A key element to upskilling efforts beyond understanding general AI capabilities is equipping team members with the ability to identify the opportunities for AI. They should also focus on building the mindset and awareness required to use AI effectively.

For IT professionals, understanding AI fundamentals, such as ethical use, large language modelling and data privacy, is crucial. But technical proficiency alone isn’t enough. Power skills, like critical thinking, communication, experimentation, curiosity and resilience, will be equally important for navigating complex environments and driving innovation. A combination of technical and power skills ensures employees can thrive in their current roles, adapt to evolving technologies and build skills for the future.

To embed AI literacy across the entire organization, leadership must take an active role in championing AI literacy initiatives. Without visible executive support, companies risk fragmented adoption and widening disparities in AI understanding between senior leaders and frontline workers. AI must be embraced holistically across all levels, from the boardroom to the frontline.

Assessing existing skillsets

With concern over the AI skills gap growing, 66% of C-Suite executives plan to recruit external AI-skilled talent, while 34% intend to ‘build’ talent internally by training existing employees. This split reflects the broader challenge of staying competitive in a landscape where AI capabilities are impacting the business landscape at a rapid pace.

However, as skill lifespans shorten, especially in areas like machine learning, generative AI and data science, businesses can’t solely rely on external hires to stay ahead. The pace of change means that today’s skills can quickly become outdated and hiring new talent each time a skill becomes obsolete is not sustainable or cost-effective. Instead, organizations should strike a balance between hiring new talent and investing in continuous learning and reskilling for existing teams.

This starts by assessing the existing skillsets in their team. By conducting baseline evaluations, businesses can compare current skills against benchmarks to identify areas for improvement. This targeted approach ensures learning initiatives are relevant, measurable and aligned with strategic business goals, maximising resource efficiency and impact.

Bringing existing employees along on this journey by assessing their existing AI skills and upskilling them appropriately will lead to deeper benefits beyond technical proficiency. This approach also boosts employee retention by demonstrating a clear investment in their growth while also improving the quality of and engagement in their work.

Creating an AI literacy framework

Rather than relying on ad hoc training sessions, organizations should establish structured, strategic AI literacy programs that equip frontline workers with the knowledge and skills required to identify AI use cases and drive AI adoption. Building this requires a multifaceted approach to learning, including programs that provide access to foundational AI and data skills, but they are only one piece of the puzzle.

Programs such as instructor-led sessions that contextualize AI within specific roles and industries and simulation-based learning allow employees to engage with realistic, AI-powered scenarios. By embedding these learning experiences into workforce development, organizations can future-proof their workforce with the skills needed for the AI revolution.

Additionally, continuous learning and adaptability must be central to organizational culture, equipping employees with current and future required skilling opportunities, as technical skill lifespans shorten. Creating AI literacy frameworks ultimately helps teams stay ahead of technological shifts while building overall resilience.

Achieving organization-wide AI literacy

AI literacy is no longer just for tech teams. It’s a business imperative across the entire workforce. For businesses to reduce the AI skills gap, it becomes even more crucial to bridge the divide between senior leadership and frontline workers.

By assessing existing skill sets, implementing comprehensive AI upskilling throughout the organization and fostering a culture of continuous learning, businesses can build an AI-ready workforce that is both prepared for and on board with their business strategy.

We've featured the best productivity tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro