TechRadar News

• Androxgh0st’s integration with Mozi amplifies global risks
• IoT vulnerabilities are the new battleground for cyberattacks
• Proactive monitoring is essential to combat emerging botnet threats

Researchers have recently identified a major evolution in the Androxgh0st botnet, which has grown more dangerous with the integration of the Mozi botnet’s capabilities.

What began as a web server-targeted attack in early 2024 has now expanded, allowing Androxgh0st to exploit vulnerabilities in IoT devices, CloudSEK’s Threat Research team has said.

Its latest report claims the botnet is now equipped with Mozi’s advanced techniques for infecting and spreading across a wide range of networked devices.

The resurgence of Mozi: A unified botnet infrastructure

Mozi, previously known for infecting IoT devices like Netgear and D-Link routers, was believed to be inactive following a killswitch activation in 2023.

However, CloudSEK has revealed Androxgh0st has integrated Mozi’s propagation capabilities, significantly amplifying its potential to target IoT devices.

By deploying Mozi’s payloads, Androxgh0st now has a unified botnet infrastructure that leverages specialized tactics to infiltrate IoT networks. This fusion enables the botnet to spread more efficiently through vulnerable devices, including routers and other connected technology, making it a more formidable force.

Beyond its integration with Mozi, Androxgh0st has expanded its range of targeted vulnerabilities, exploiting weaknesses in critical systems. CloudSEK’s analysis shows Androxgh0st is now actively attacking major technologies, including Cisco ASA, Atlassian JIRA, and several PHP frameworks.

In Cisco ASA systems, the botnet exploits cross-site scripting (XSS) vulnerabilities, injecting malicious scripts through unspecified parameters. It also targets Atlassian JIRA with a path traversal vulnerability (CVE-2021-26086), allowing attackers to gain unauthorized access to sensitive files. In PHP frameworks, Androxgh0st exploits older vulnerabilities such as those in Laravel (CVE-2018-15133) and PHPUnit (CVE-2017-9841), facilitating backdoor access to compromised systems.

Androxgh0st’s threat landscape is not limited to older vulnerabilities. It is also capable of exploiting newly discovered vulnerabilities, such as CVE-2023-1389 in TP-Link Archer AX21 firmware, which allows for unauthenticated command execution, and CVE-2024-36401 in GeoServer, a vulnerability that can lead to remote code execution.

The botnet now also uses brute-force credential stuffing, command injection, and file inclusion techniques to compromise systems. By leveraging Mozi’s IoT-focused tactics, it has significantly widened its geographical impact, spreading its infections across regions in Asia, Europe, and beyond.

CloudSEK recommends that organizations strengthen their security posture to mitigate potential attacks. While immediate patching is essential, proactive monitoring of network traffic is also important. By tracking suspicious outbound connections and detecting anomalous login attempts, particularly from IoT devices, organizations can spot early signs of an Androxgh0st-Mozi collaboration.

You might also like

• This devious new malware technique looks to hijack Windows itself to avoid detection
• Take a look at the best firewall software
• These are the best antivirus solutions

• TrueNAS recommends hardening systems to mitigate risks
• Pwn2Own showcases diverse attack vectors on NAS systems
• Cybersecurity teams earn over $1 million by finding in exploits

At the recent Pwn2Own Ireland 2024 event, security researchers identified vulnerabilities in various high-use devices, including network-attached storage NAS devices, cameras, and other connected products.

TrueNAS was one of the companies whose products were successfully targeted during the event, with vulnerabilities found in its products with default, non-hardened configurations.

Following the competition, TrueNAS have started implementing updates to secure their products against these newly discovered vulnerabilities.

Security gaps across multiple devices

During the competition, multiple teams successfully exploited TrueNAS Mini X devices, demonstrating the potential for attackers to leverage interconnected vulnerabilities between different network devices. Notably, the Viettel Cyber Security team earned $50,000 and 10 Master of Pwn points by chaining SQL injection and authentication bypass vulnerabilities from a QNAP router to the TrueNAS device.

Furthermore, the Computest Sector 7 team also executed a successful attack by exploiting both a QNAP router and a TrueNAS Mini X using four vulnerabilities. The types of vulnerabilities included command injection, SQL injection, authentication bypass, improper certificate validation, and hardcoded cryptographic keys.

TrueNAS responded to the results by releasing an advisory for its users, acknowledging the vulnerabilities and emphasizing the importance of following security recommendations to protect data storage systems against potential exploits.

By adhering to these guidelines, users can increase their defences, making it harder for attackers to leverage known vulnerabilities.

TrueNAS informed customers that the vulnerabilities affected default, non-hardened installations, meaning that users who follow recommended security practices are already at a reduced risk.

TrueNAS has advised all users to review its security guidance and implement best practices, which can significantly minimize exposure to potential threats until the patches are fully rolled out.

Via SecurityWeek

You might also like

• Take a look at the best NAS hard drives
• These are the best NAS & media server distros
• Another major WordPress plugin has been hacked to try and hijack your sites

• First look at Dell Pro Max 18 Plus emerges in new images
• Pictures show a completely redesigned mobile workstation laptop
• Pro Max could either replace popular Precision range or be a whole new range, offering up to 256GB RAM and up to 16TB SSD

Leaked details have suggest Dell is developing a new addition to its workstation offerings designed to deliver high-performance capabilities for professional workloads.

Available in two sizes, the Dell Pro Max 18 Plus is expected to debut officially at CES 2025 and could either replace the popular Precision range or form an entirely new lineup.

The device allegedly features an 18-inch display, while the Pro Max 16 Plus provides a smaller 16-inch alternative with similar specifications. According to information shared by Song1118 on Weibo, which includes Dell marketing slides, the laptops will be powered by Intel’s upcoming Core Ultra 200HX “Arrow Lake-HX” CPUs. For graphics, the series will reportedly feature Nvidia’s Ada-based RTX 5000-class workstation GPUs, though the exact model isn’t named in the leaked documents.

Triple-fan cooling system

The Pro Max series is set to offer up to 200 watts for the CPU/GPU combination in the 18-inch version and 170 watts in the 16-inch model. VideoCardz notes that while we have already seen much higher targets in ultra-high-end gaming machines, “this would be the first laptop confirmed to offer 200W for a next-gen Intel/Nvidia combo.”

The laptops will reportedly support up to 256GB of CAMM2 memory. The 18-inch model can accommodate up to 16TB of storage via four M.2 2280 SSD slots, while the 16-inch version supports 12TB with three slots. The heat generated by these high-power components will be managed by an “industry first” triple-fan cooling system.

Additional features look to include a magnesium alloy body to reduce weight, an 8MP camera, and a tandem OLED display option. Connectivity options include Thunderbolt 5 (80/120Gbps), WiFi 7, Bluetooth 5.4, and optional 5G WWAN. The two laptops also feature a quick-access bottom cover for easy serviceability and repairability of key components like batteries, memory, and storage.

The Dell Pro Max 16/18 Plus laptops are expected to be officially unveiled along with pricing at CES on January 7, 2025, with a mid-2025 release window.

You might also like

• These are the best business laptops you can buy right now
• And these are the lightest laptops on the market
• GPD Duo may be the best mobile workstation ever

• The total number of free channels is now 171
• Google TV Freeplay remains exclusive to the US
• There's been a recent boom in free TV with ads

We've already seen dozens of new free-to-view channels added to Google TV during 2024, and one more update has been rolled out in time for the holidays – bringing the number of channels available to US viewers to more than 170.

This latest update was spotted by 9to5Google, and should be available now if you're using a television set or streaming device with the latest Google TV software on it. You'll find them under the Google TV Freeplay app.

The new channels are Best of Dr Phil, Xumo Free Holiday Movie Channel, Xumo Free Holiday Classics, Xumo Christian Christmas, Continuum, Z Nation, The Design Network, Filmrise: Classic TV, UFC, Unbeaten, Big 12 Studios, Waypoint TV, and PursuitUP.

There are also updates for Stingray Greatest Holiday Hits, Stingray Soul Storm Christmas, and Stingray Hot Country Christmas. These new channels follow on from Designated Survivor and Places & Spaces – The Great Christmas Light Fight added in November.

Keep them coming

A variety of new features have been added to Google TV this year (Image credit: Google)

That brings the total number of channels available in Google TV Freeplay to 171 – though as 9to5Google notes, some of them are likely to be only available over the holidays (as a few of those title channels would suggest).

One channel has been removed at the same time though: it seems Motortrend Fast TV is no longer available. No doubt this chopping and changing of content is going to continue as we go through 2025 as well.

We've seen a steady rise in the number of free ad-supported television (FAST) channels available on streaming platforms in recent years: there are hundreds more available in apps such as Plex, Tubi, and PlutoTV.

You may remember Google TV adding extra channels in August and September of this year, as well as at other points during 2024. The software has also been given plenty of new features over the last 12 months as well.

You might also like

• Your Google TV has been given a big, free Roku Channel upgrade
• Everything you need to know about the Google TV Streamer
• There's no escaping smart TV ads, as Google TV has added them

• MLflow identified as most vulnerable open-source ML platform
• Directory traversal flaws allow unauthorized file access in Weave
• ZenML Cloud's access control issues enable privilege escalation risks

Recent analysis of the security landscape of machine learning (ML) frameworks has revealed ML software is subject to more security vulnerabilities than more mature categories like DevOps or Web servers.

The growing adoption of machine learning across industries highlights the critical need to secure ML systems, as vulnerabilities can lead to unauthorized access, data breaches, and compromised operations.

The report from JFrog claims ML projects such as MLflow have seen an increase in critical vulnerabilities. Over the last few months, JFrog has uncovered 22 vulnerabilities across 15 open source ML projects. Among these vulnerabilities, two categories stand out: threats targeting server-side components and risks of privilege escalation within ML frameworks.

Critical vulnerabilities in ML frameworks

The vulnerabilities identified by JFrog affect key components often used in ML workflows, which could allow attackers to exploit tools which are often trusted by ML practitioners for their flexibility, to gain unauthorized access to sensitive files or to elevate privileges within ML environments.

One of the highlighted vulnerabilities involves Weave, a popular toolkit from Weights & Biases (W&B), which aids in tracking and visualizing ML model metrics. The WANDB Weave Directory Traversal vulnerability (CVE-2024-7340) enables low-privileged users to access arbitrary files across the filesystem.

This flaw arises due to improper input validation when handling file paths, potentially allowing attackers to view sensitive files that could include admin API keys or other privileged information. Such a breach could lead to privilege escalation, giving attackers unauthorized access to resources and compromising the security of the entire ML pipeline.

ZenML, an MLOps pipeline management tool, is also affected by a critical vulnerability that compromises its access control systems. This flaw allows attackers with minimal access privileges to elevate their permissions within ZenML Cloud, a managed deployment of ZenML, thereby accessing restricted information, including confidential secrets or model files.

The access control issue in ZenML exposes the system to significant risks, as escalated privileges could enable an attacker to manipulate ML pipelines, tamper with model data, or access sensitive operational data, potentially impacting production environments reliant on these pipelines.

Another serious vulnerability, known as the Deep Lake Command Injection (CVE-2024-6507), was found in the Deep Lake database - a data storage solution optimized for AI applications. This vulnerability permits attackers to execute arbitrary commands by exploiting how Deep Lake handles external dataset imports.

Due to improper command sanitization, an attacker could potentially achieve remote code execution, compromising the security of both the database and any connected applications.

A notable vulnerability was also found in Vanna AI, a tool designed for natural language SQL query generation and visualization. The Vanna.AI Prompt Injection (CVE-2024-5565) allows attackers to inject malicious code into SQL prompts, which the tool subsequently processes. This vulnerability, which could lead to remote code execution, allows malicious actors to target Vanna AI’s SQL-to-graph visualization feature to manipulate visualizations, execute SQL injections, or exfiltrate data.

Mage.AI, an MLOps tool for managing data pipelines, has been found to have multiple vulnerabilities, including unauthorized shell access, arbitrary file leaks, and weak path traversal checks.

These issues allow attackers to gain control over data pipelines, expose sensitive configurations, or even execute malicious commands. The combination of these vulnerabilities presents a high risk of privilege escalation and data integrity breaches, compromising the security and stability of ML pipelines.

By gaining admin access to ML databases or registries, attackers can embed malicious code in models, leading to backdoors that activate upon model load. This can compromise downstream processes as the models are utilized by various teams and CI/CD pipelines. The attackers can also exfiltrate sensitive data or conduct model poisoning attacks to degrade model performance or manipulate outputs.

JFrog’s findings highlight an operational gap in MLOps security. Many organizations lack robust integration of AI/ML security practices with broader cybersecurity strategies, leaving potential blind spots. As ML and AI continue to drive significant industry advancements, safeguarding the frameworks, datasets, and models that fuel these innovations becomes paramount.

You might also like

• Take a look at the best cloud firewalls available today
• These are the best business VPNs around right now
• Deepfakes and AI attacks are worker's biggest security worries

• AI investment drives competitive advantage and innovation, report claims
• Dedicated AI leadership accelerates organizational efficiency
• Business executives see AI as a long-term asset

AI is reshaping the business landscape, and companies committed to AI investment are likely to reap sustained rewards, new research has claimed.

A report from Unisys reveals as businesses establish structured AI strategies, backed by leadership and a long-term vision, they strengthen their position in an increasingly competitive environment.

AI is expected to be a permanent component of several companies’ strategic roadmap as 93% of executives favor the use of AI to stay ahead of the competition.

Time savings with Chief AI Officers?

Elsewhere, the report claimed 89% of brand executives anticipate their organization’s AI use will rise over the next year, with this growing enthusiasm suggesting businesses recognize AI’s potential to drive efficiency, innovation, and competitive differentiation.

The presence of dedicated AI leadership has proven to accelerate benefits, as 86% of companies with a Chief AI Officer reported substantial time savings.

Moreover, the competitive advantages are evident for companies that approach AI investment strategically. 30% of organizations that have invested in AI as a core component of their business strategy report a noticeable competitive edge.

Executives also recognize AI as a long-term asset, not just a trend. With nearly three-quarters of surveyed executives viewing AI as a reliable source of information, many are committed to sustaining AI’s role in business beyond immediate projects.

The study also indicates 60% of organizations expect to diversify their AI investments across various projects in the coming years, ensuring that AI becomes embedded in different facets of their operations, rather than being limited to isolated use cases.

“As Executives are seeking insights for ROI on AI investments, they should consider AI is designed to help problem-solve — from mundane tasks to complex challenges," said Brett Barton Vice President and Global AI Practice Leader at Unisys.

“This allows organizations to maximize the impact, especially when there is a targeted business challenge. With the right strategy, use case and focus, organizations that deploy AI will thrive."

You might also like

• These are the best AI website builders
• IBM’s geospatial AI models are helping at-risk populations tackle sustainability and climate change
• Millennials are indulging in impulse shopping more than ever

• The same iPhones on iOS 18 may also get iOS 19
• One iPad model set to be dropped with iPadOS 19
• Expect official news sometime in June 2025

This year's launch of iOS 18 has brought a host of new features and functions to millions of iPhones, and a new leak suggests the same handsets that can run iOS 18 are going to be eligible for an upgrade to iOS 19 as well.

According to the usually reliable iPhoneSoft (via 9to5Mac), handsets as far back as the iPhone XS and iPhone XR, launched in 2018, are going to be able to get next year's software update. iOS 18, meanwhile, dropped support for the iPhone X and the iPhone 8, which both launched in 2017.

There is a caveat though: not all the new iOS 19 features will be available on all iPhones. This is something we're already used to of course, because recent handsets have the necessary processing power to handle Apple Intelligence, while others don't.

So far we've not heard too much about the upgrades iOS 19 is going to bring along with it, though apparently Apple is planning a ChatGPT-style update for Siri. At the moment of course, you can use ChatGPT inside Siri for more advanced AI conversations.

iPads and launch schedule

The 10.2-inch iPad 7 from 2019 could be missing out (Image credit: Future)

However, the same report says one iPad model will be left behind when iPadOS 19 rolls out. Apparently the 7th-gen entry-level iPad, which launched in 2019 and runs on an Apple A10 chip, won't be compatible.

The new minimum requirement for iPadOS 19 is said to be an A12 chip, which means every other iPad should get the software update. We can expect a similar set of new features to iOS 19, with a few tweaks and extras to account for the tablet form factor.

If Apple sticks to its usual schedule, then the first we'll officially hear about iOS 19 and iPadOS 19 will be at the WWDC (Worldwide Developers Conference) 2025, most likely happening sometime in June. After that, we should get a beta testing period, before a full public release in September 2025.

The new software updates will of course run on the iPhone 17 series, plus whatever new iPads Apple decides to bring out this year. We could well get the 11-generation iPad before 2025 is out, as well as a new 8th-generation iPad Pro.

You might also like

• iOS 18.2 fixes an annoying Photos app quirk
• Apple's rumored iPhone subscription service reportedly scrapped
• Your M4 iPad Pro can finally get iPadOS 18

• Carbon reduction timelines keep shifting forward for European data centers
• Report claims commercial viability comes first as environmental goals are secondary
• Aggreko suggests need for strategic partnerships between companies and energy providers

Data centers are some of the largest energy consumers in Europe, and are facing unique challenges in achieving net zero goals.

A recent survey by Aggreko found volatile energy costs and grid instability are prompting data center operators to rethink their timelines for carbon reduction.

Of the executives surveyed, over 90% have adjusted their net zero targets, with half of those extending their timelines due to these persistent energy-related challenges.

Decentralized energy solutions are gaining traction

For many data centers, achieving sustainability goals requires balancing environmental targets with economic feasibility, especially as energy prices continue to rise.

In response to these energy challenges, data centers are increasingly adopting decentralized energy solutions to mitigate grid dependence and improve resilience. The report claims 87% of European executives are already implementing some form of decentralised energy, with 54% planning to expand these systems.

The move toward decentralization allows data centers to maintain operational stability while reducing reliance on traditional grid energy, which is often unpredictable and expensive. However, even with decentralized systems in place, data center leaders are cautious about fully committing to ambitious decarbonization timelines given current economic constraints.

The situation is dicey for company executives, as despite the urgency of environmental goals, cost and commercial viability remain the top priorities for data center executives. Only 12% of CEOs ranked speed of decarbonization as their primary objective, while the majority prioritize reducing energy costs and achieving a commercial advantage.

As data centers operate on tight profit margins, any investment in sustainable practices must demonstrate a clear return on investment. For many in the sector, this balancing act between sustainability and financial stability is proving complex, with limited capital available for large-scale green initiatives.

A key risk identified in the report is the role of supply chains in delaying the energy transition. Almost half of the executives surveyed see supply chain issues as a significant barrier, with 21% ranking it as their top concern.

As supply chain disruptions persist, securing the technology and resources needed for sustainable upgrades has become a formidable challenge. This uncertainty adds another layer of difficulty to achieving net zero, particularly as data centers attempt to source low-carbon energy options.

To navigate these challenges, Aggreko recommends strategic partnerships between companies and energy providers. By collaborating with energy experts, data centers can better assess options like energy-as-a-service models and power purchase agreements that offer flexible, lower-risk alternatives to traditional energy procurement. These partnerships enable data centers to explore innovative energy strategies without overcommitting financially, a crucial approach for achieving both short- and long-term sustainability goals.

Though current conditions make it difficult to achieve rapid decarbonization, the report suggests that data centers remain committed to sustainability. With 80% of CEOs planning to increase investment in energy solutions, even if only incrementally, there is optimism for continued progress. By adopting a balanced approach that aligns with economic realities, data centers can move towards a sustainable future while managing the operational demands of today’s market.

You might also like

• Data center energy use set to spike ‘six-fold’ in a decade
• Take a look at the best data recovery software
• Data centers are accounting for more and more electricity

Well, it's here: the year 2025, and a new year calls for more movies and shows arriving across the best streaming services, starting with Netflix. This past year has been an eventful one for Netflix with the releases of Rebel Ridge, miniseries Griselda, and of course One Day joining the library of the best Netflix shows and best Netflix movies – and it's only going to get better.

January 1 is packed with a blend of movies including fun family favorites and romance stories, but it's compelling dramas like Lion (2016), Interstellar (2014), and Dallas Buyers Club (2013) that top the list of new Netflix titles. In addition to the usual list of new arrivals, Netflix is also ushering in new original shows, starting with Selling the City on January 3 and as a major fan of Selling Sunset, I'll be sat.

Everything new on Netflix in January 2025

Arriving on January 1

13 Going on 30 (movie)
3 Ninjas: Kick Back (movie)
Apollo 13 (movie)
Blended (movie)
Bruce Almighty (movie)
Colombiana (movie)
Dallas Buyers Club (movie)
Dr. Seuss' The Cat in the Hat (movie)
Dr. Seuss' The Lorax (movie)
Erin Brockovich (movie)
Hotel Transylvania (movie)
Hotel Transylvania 2 (movie)
I Know What You Did Last Summer (movie)
Inception (movie)
Interstellar (movie)
Little Fockers (movie)
Love Actually (movie)
The Love Scam (Netflix original movie)
Meet the Fockers (movie)
Meet the Parents (movie)
Melancholia (movie)
Missing You (Netflix original series)
The Net (movie)
Notting Hill (movie)
Number 24 (Netflix original movie)
Out of Africa (movie)
Rush Hour (movie)
Rush Hour 2 (movie)
Rush Hour 3 (movie)
Schindler's List (movie)
Scooby-Doo (movie)
Scooby-Doo 2: Monsters Unleashed (movie)
Spider-Man (movie)
Spider-Man 2 (movie)
Spider-Man 3 (movie)

Arriving on January 2

Cunk on Life (TV show)
Stranded with my Mother-in-Law season 2 (Netflix original series)

Arriving on January 3

Bandidos season 2 (Netflix original series)
Love Is Blind: Germany (Netflix original series)
Shafted (Netflix original series)
Selling The City (Netflix original series)
Umjolo: My Beginning, My End! (Netflix original movie)
Wallace & Gromit: Vengeance Most Fowl (Netflix original movie)

Arriving on January 4

When the Stars Gossip (Netflix original series)

Arriving on January 6

My Happy Marriage season 2 (Netflix original series)
WWE Raw: 2025 (Netflix live event)

Arriving on January 7

The Breakthrough (Netflix original series)
Gabriel Iglesias: Legend of Fluffy (Netflix comedy special)
The Graham Norton Show: Best Bits: Week of December 31, 2024 (TV show)
Jerry Springer: Fights, Camera, Action (Netflix original documentary)
Younger seasons 1-7 (TV show)

Arriving on January 8

Dubai Bling season 3 (Netflix original series)
Hound's Hill (Netflix original series)
I AM A KILLER season 6 (Netflix original documentary)
Subteran (Netflix original series)

Arriving on January 9

American Primeval (Netflix original series)
Asura (Netflix original series)
I am Ilary (Netflix original series)
Lion (movie)
The Upshaws part 6 (Netflix original series)

Arriving on January 10

Ad Vitam (Netflix original movie)
Alpha Males season 3 (Netflix original series)
Love Is Blind: Germany (Netflix original series)

Arriving on January 11

SAKAMOTO DAYS (Netflix original series)

Arriving on January 13

The Walking Dead: The Ones Who Live season 1 (TV show)

Arriving on January 14

Ari Shaffir: America’s Sweetheart (Netflix comedy special)
Single’s Inferno season 4 (Netflix original series)

Arriving on January 15

Hereditary (movie)
Krapopolis season 1 (TV show)
Public Disorder (Netflix original series)

Arriving on January 16

XO, Kitty season 2 (Netflix original series)

Arriving on January 17

Back in Action (Netflix original movie)
Love Is Blind: Germany (Netflix original series)
Young, Famous & African season 3 (Netflix original series)

Arriving on January 18

SAKAMOTO DAYS (Netflix original series)

Arriving on January 21

The Graham Norton Show: Best Bits: Week of January 10, 2025 (TV show)

Arriving on January 22

W.A.G.s to Riches (Netflix original series)

Arriving on January 23

NCIS seasons 1-5 (TV show)
The Night Agent season 2 (Netflix original series)

Arriving on January 24

The Sand Castle (Netflix original movie)

Arriving on January 25

SAKAMOTO DAYS (Netflix original series)

Arriving on January 26

You Hurt My Feelings (movie)

Arriving on January 28

The Graham Norton Show: Best Bits: Week of January 17, 2025 (TV show)
Liza Treyger: Night Owl (Netflix comedy special)

Arriving on January 29

Six Nations: Full Contact season 2 (Netflix original series)

Arriving on January 30

Mo season 2 (Netflix original series)
The Recruit season 2 (Netflix original series)
The Seven Deadly Sins: Four Knights of the Apocalypse season 2 (Netflix original series)

Arriving on January 31

Lucca's World (Netflix original movie)
The Snow Girl season 2 (Netflix original series)

You might also like

• 5 of my favorite British TV shows to stream on Netflix with over 80% on Rotten Tomatoes
• Netflix’s #2 most-watched show Black Doves is the spy thriller I didn't know I needed – here are 3 more with over 92% on Rotten Tomatoes
• I can't believe the Eras Tour is over – here are 7 movies and shows on Netflix, Hulu and more to quench your thirst for Taylor Swift

• Google Whisk uses images as inputs instead of text-based prompts
• It's built on Google’s Imagen 3 generative AI model
• The experimental tool is free to try for users in the US

Google’s new AI tool makes it easier to create and remix your visual concepts. Instead of asking you to describe what’s in your mind’s eye, Whisk lets you input three image prompts: one for subject, one for scene and one for style. Whisk takes care of the rest, making it a more intuitive way to experiment with different ideas.

While most of the best AI image generators require you to write a detailed prompt, Whisk handles that behind the scenes. When you drop pictures into the web-based Whisk interface as inspiration, Google’s Gemini model automatically analyzes them and writes a detailed caption for each. These are then fed into the Imagen 3 model, to create a matching image.

For example, you could drop in an image of a car as the subject and a photo of a rural landscape for the scene. You could them add a watercolor as the style to see what Whisk creates. Hit the button and you’ll get a pair of images based on your inputs.

From here, it’s easy to remix the images. The interface allows you to specify additional text-based details to tweak the outcomes. You can also easily drop in different source images or roll the dice if you’re in need of inspiration. New results appear in pairs in the feed, making it an intuitive way to ideate. You can also choose to refine images by revealing the text prompt and adding more details.

Whisk it up

While Whisk is designed to eliminate the need for text-based prompts, Google includes the option to refine the written prompts because results won’t always match up to the source material.

In a blog post about the experimental tool, Google explains that Whisk, “captures your subject’s essence, not an exact replica.” It’s only as effective as Gemini’s analysis of the images you submit. While this is generally very impressive, it also isn’t able to get inside your mind: you might expect Whisk to pull out one detail from an image, where it focuses on another.

The post explains further: “Since Whisk extracts only a few key characteristics from your image, it might generate images that differ from your expectations. For example, the generated subject might have a different height, weight, hairstyle or skin tone. We understand these features may be crucial for your project and Whisk may miss the mark, so we let you view and edit the underlying prompts at any time.”

Even with these shortcomings, Whisk an interesting application of Google’s existing AI tools. The underlying generative models are the same as if you were chatting with Gemini via its text interface. By relying on image inputs, though, Whisk is a more accessible and intuitive way for visual creators to play with their ideas.

Based on early feedback from digital creatives, Google refers to Whisk as “a new type of creative tool” which is intended for “rapid visual exploration, not pixel-perfect edits.”

How to try Google Whisk

Google Whisk is currently only available to users in the US. If you’re based there, you can try it out via your web browser at labs.google/whisk.

The experimental tool is completely free to play with. Data from your experience with Whisk will be fed back to Google to help refine and develop future AI products.

You might also like...

• What is Google Gemini? Everything you need to know
• Best AI image generators
• I tested five AI art generators

• Study claims dynamic pricing creates competitive advantages for retailers
• AI enhances real-time pricing adjustments across platforms
• Savvy shoppers track prices for optimal savings

Dynamic pricing has become a cornerstone of modern ecommerce platforms, which increasingly adjust product prices in real-time based on factors such as demand, competition, seasonality, and even localized market conditions.

Unlike traditional fixed pricing, dynamic pricing strategies allow businesses to react swiftly to shifts in the market, helping them to stay competitive and maximize profits. For consumers, this approach means prices can fluctuate frequently, creating both opportunities for savings and challenges in keeping track of the best deals.

With AI and machine learning becoming integral to ecommerce, dynamic pricing is now more sophisticated, with algorithms that analyze vast amounts of data to optimize pricing around the clock.

Good for business, bad for consumer?

Now, a report by Smartproxy has revealed the top five ecommerce platforms with the most fluctuating prices.

Amazon.com leads the way in dynamic pricing, with an average of 12.6 price changes per day, leveraging advanced algorithms to make real-time adjustments. By constantly monitoring competitors, demand, and inventory levels, Amazon ensures its products remain competitively priced, with some reports claiming it updates its prices every 10 minutes.

On the other hand, Amazon’s Canadian site, Amazon.ca, employs a tailored dynamic pricing model that aligns with Canadian market trends. Averaging 4.3 price changes daily, Amazon.ca uses automated repricing tools to keep up with local demand and competitor prices, providing Canadian sellers the flexibility to adjust pricing quickly.

Walmart's Canadian site ranks second for price changes per day, with the report showing it updates around seven times, with supply and demand, seasonality, and promotions all factoring in to the calculation of new prices.

Home furnishings store Wayfair.com uses dynamic pricing as a core component of its strategy. With around 3.6 price adjustments per day, Wayfair also tailors its prices based on seasonality, demand fluctuations, and inventory data.

Rounding out the list, BestBuy.com averages 2.6 price changes per day, using dynamic pricing to respond to competitor promotions and local product availability. Best Buy’s Price Match Guarantee and AI-powered tools further support frequent adjustments, making it a preferred destination for tech-savvy shoppers. By forecasting demand shifts, BestBuy effectively manages its pricing to remain competitive in the U.S. electronics and home appliances market.

“Our industry-first Dynamic Pricing Index was designed to provide a holistic view of the global ecommerce landscape. By evaluating local and regional websites across 40 countries using carefully chosen criteria, we ensured a comprehensive assessment of ecommerce platforms that use dynamic pricing” said Vytautas Savickas, CEO at Smartproxy.

“This data reflects the popularity of the usage of dynamic pricing as well as any price change patterns in the market. We believe that our Dynamic Pricing Index will become a go-to source for various ecommerce businesses that want to improve their user experience, and the whole report will keep savvy online shoppers informed about the most recent developments in this extremely competitive landscape," Savickas added.

You might also like

• These are the best proxy sites around today
• We also list the best datacenter proxy sites
• AWS, Azure and Google Cloud credentials from old accounts are putting businesses at risk

• Synology patches critical zero-click vulnerabilities in NAS devices
• Attackers can exploit vulnerabilities without user interaction
• $260,000 was awarded to researchers for discovering exploits

Synology has recently patched a critical security flaw in its NAS device products which could have allowed hackers to hijack victim units.

The company released two advisories to notify users about patched vulnerabilities in its data storage products, specifically those in Photos for DMS and BeePhotos for BeeStation.

The identified issues, shown off at the recent Pwn2Own Ireland 2024 event, allowed for remote code execution, posing a serious threat as they enabled attackers to take control of affected devices without user interaction.

Critical vulnerabilities revealed

Remote code execution vulnerabilities are especially dangerous as they give attackers the ability to execute arbitrary commands on the device, putting sensitive data at risk.

By addressing these flaws, Synology has ensured users who apply the updates can better protect their devices from potential attacks, as this not only prevents potential remote access, but also reduces the likelihood of ransomware, data theft, and other types of attacks that exploit NAS vulnerabilities.

Devices storing sensitive information are often connected to the internet, therefore they are usually susceptible to attacks. To guard against malicious actors, it is important to employ regular security patches.

Organized by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own Ireland 2024 awarded over $1 million to white-hat hackers who successfully demonstrated exploits across devices, including NAS systems, cameras, and smart speakers.

Synology was one of the companies with security flaws with its products earning researchers $260,000 in total for their discovered vulnerabilities. The company quickly responded to the competition findings and addressed critical flaws in its products.

Via SecurityWeek

You might also like

• Take a look at our guide to the best external storage
• These are the best portable SSDs
• Hackers are abusing Microsoft tools more than ever before

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,000 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1063) - hint #1 - Vowels How many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 5*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1063) - hint #2 - repeated letters Do any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #1063) - hint #3 - uncommon letters Do the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1063) - hint #4 - starting letters (1) Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1063) - hint #5 - starting letters (2) What letters do today's Quordle answers start with?

• D

• S

• P

• C

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1063) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1063, are…

• DOUBT
• SLURP
• PAPER
• CIVIL

A tricky one today. I was doing really well until I guessed PAGER and PAVER ahead of the far more obvious PAPER.

Still, sometimes getting things wrong can help you out and the rare letter V helped me correctly solve CIVIL in the bottom right.

How did you do today? Send me an email and let me know.

Daily Sequence today (game #1063) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1063, are…

• SHOVE
• DANCE
• GUSTO
• STEEP

Quordle answers: The past 20

• Quordle #1062, Saturday 21 December: STRIP, BUDGE, SAPPY, SHELF
• Quordle #1061, Friday 20 December: PENAL, EAGLE, DILLY, QUITE
• Quordle #1060, Thursday 19 December: JEWEL, GNOME, TRAMP, IDLER
• Quordle #1059, Wednesday 18 December: LITHE, BIRTH, HUMID, ROBOT
• Quordle #1058, Tuesday 17 December: DOING, ENJOY, SNAKY, AMPLE
• Quordle #1057, Monday 16 December: HYDRO, CREAM, CHIDE, SLIME
• Quordle #1056, Sunday 15 December: DROVE, STILT, LINEN, GIANT
• Quordle #1055, Saturday 14 December: SPIEL, ONSET, TIGER, DITTO
• Quordle #1054, Friday 13 December: ERECT, REBAR, MOIST, IDIOM
• Quordle #1053, Thursday 12 December: MILKY, CRIER, STORK, DRIER
• Quordle #1052, Wednesday 11 December: BRIAR, NASAL, SHARD, FLUFF
• Quordle #1051, Tuesday 10 December: BEGAN, TRIAL, IDEAL, GUIDE
• Quordle #1050, Monday 9 December: TITAN, FORTE, SPEED, BRIAR
• Quordle #1049, Sunday 8 December: BUNCH, SHINY, MOULT, INTRO
• Quordle #1048, Saturday 7 December: SHAKY, CROOK, GHOUL, VERSE
• Quordle #1047, Friday 6 December: BRAWL, UNTIL, DOWRY, STING
• Quordle #1046, Thursday 5 December: AGING, BICEP, CLOVE, SPILL
• Quordle #1045, Wednesday 4 December: JUDGE, GIVER, GNASH, CLOAK
• Quordle #1044, Tuesday 3 December: FUDGE, THICK, CRANK, STASH
• Quordle #1043, Monday 2 December: TROPE, HOVER, SAUNA, SHAPE

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #560) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• STATS
• CROWN
• ABBOTT
• ELEMENTARY
• NUN
• KEY
• DOME
• ABBA
• LAUREL
• MONK
• COCONUT
• FRY
• SKULL
• BONES
• KAYAK
• KOJAK

NYT Connections today (game #560) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Bodypart lingo
• GREEN: Backwards and forwards
• BLUE: Watching the detectives 
• PURPLE: The other half

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #560) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: SLANG FOR HEAD
• GREEN: PALINDROMES
• BLUE: POLICE PROCEDURALS 
• PURPLE: FIRST IN A COMEDY DUO 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #560) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #560, are…

• YELLOW: SLANG FOR HEAD COCONUT, CROWN, DOME, SKULL
• GREEN: PALINDROMES ABBA, KAYAK, NUN, STATS
• BLUE: POLICE PROCEDURALS BONES, ELEMENTARY, KOJAK, MONK
• PURPLE: FIRST IN A COMEDY DUO ABBOTT, FRY, KEY, LAUREL

• My rating: Moderate
• My score: 1 mistake

Had today’s Connections included the words Noggin, Nut, Helmet, or Bonce then I might not have struggled to see SLANG FOR HEAD so badly. Instead, it was PALINDROMES that hit me first – although that was mainly because I couldn’t see how Swedish pop legends ABBA could connect with anything else, unless there was an obscure 1970s Eurovision act called KOJAK, which is entirely possible.

According to Wikipedia the longest palindrome in regular use is the 19-letter Finnish word saippuakivikauppias (soapstone vendor).

Wikipedia also directs us to some palindrome phrases including “A man, a plan, a canal, Panama” to which I’m sure you could add “a KAJAK” (or a saippuakivikauppias), and the eternal question “Do geese see god?”

Yesterday's NYT Connections answers (Saturday, 21 December, game #559)

• YELLOW: LOOP BAND, CIRCLE, HOOP, RING
• GREEN: COOKING VESSELS CASSEROLE, CROCK, PAN, POT
• BLUE: KINDS OF BEDS BUNK, CANOPY, MURPHY, SLEIGH
• PURPLE: THINGS CALLED "OSCAR" BALONEY, GROUCH, O, STATUETTE

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #294) - hint #1 - today's theme What is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Are you listening?

NYT Strands today (game #294) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• WINK
• RING
• KING
• WREN
• RENT
• ANGEL

NYT Strands today (game #294) - hint #3 - spangram What is a hint for today's spangram?

• We’re happy tonight

NYT Strands today (game #294) - hint #4 - spangram position What are two sides of the board that today's spangram touches?

First side: left, 4th row

Last side: right, 3rd row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #294) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #294, are…

• SNOW
• BELLS
• GLISTENING
• WALKING
• SLEIGH
• SPANGRAM: WINTER WONDERLAND

• My rating: Easy
• My score: Perfect

Taking words from the first verse of WINTER WONDERLAND made today’s Strands a breeze – and I’m sure you were singing about Parson Brown by the time you completed it.

It’s one of those songs that’s hard to ruin, which makes it the perfect karaoke song – perfect except for the fact that it only really works for one month a year.

In the UK, it’s a song that’s been co-opted by soccer fans, who will change the words to fit their star striker with a few variations to fit the club and player. For example, in Scotland in the 1990s Celtic fans would honor goalscorer Jorge Cadete with the chant:

“There’s only one Jorge Cadete / He puts the ball in the netty / He’s Portuguese / and he scores with ease / Walking in a Jorge Wonderland.”

Erm, what I was saying about being a song that’s hard to ruin… I take it back.

How did you do today? Send me an email and let me know.

Yesterday's NYT Strands answers (Saturday, 21 December, game #293)

• ABBEY
• TABERNACLE
• MOSQUE
• TEMPLE
• MONASTERY
• SPANGRAM: SACRED SPACES

What is NYT Strands?

Strands is the NYT's new word game, following Wordle and Connections. It's now out of beta so is a fully fledged member of the NYT's games stable and can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

• Shuttle XH610G2 offers compact design supporting Intel Core processors up to 24 cores
• Exclusive heat pipe technology ensures reliable operation in demanding environments
• Flexible storage options include M.2 slots and SATA interfaces

Shuttle has released its latest mini PC, aimed at meeting the diverse demands of modern commercial tasks.

With a small 5-liter chassis and a compact design measuring just 250mm x 200mm x 95mm, the Shuttle XH610G2 employs the Intel H610 chipset, making it compatible with a broad spectrum of Intel Core processors, from the latest 14th Gen models back to the 12th Gen series.

The company says the device is designed to handle applications that require significant computational power like image recognition, 3D video creation, and AI data processing.

Shuttle XH610G2

The Shuttle XH610G2 comes with an exclusive heat pipe cooling technology which allows the workstation to operate reliably even in demanding environments, being capable of withstanding temperatures from 0 to 50 degrees Celsius, making it suitable for continuous operation in various commercial settings.

The Shuttle XH610G2 can accommodate Intel Core models with up to 24 cores and a peak clock speed of 5.8GHz. This processing power allows the workstation to handle intensive tasks while staying within a 65W thermal design power (TDP) limit. The graphics are enhanced by the integrated Intel UHD graphics with Xe architecture, offering capabilities to manage demanding visual applications, from high-quality media playback to 4K triple-display setups. The inclusion of dual HDMI 2.0b ports and a DisplayPort output facilitates independent 4K display support.

The XH610G2 offers extensive customization and scalability with support for dual PCIe slots, one x16 and one x1, allowing users to install discrete graphics cards or other high-performance components like video capture cards.

For memory, the XH610G2 supports up to 64GB of DDR5-5600 SO-DIMM memory, split across two slots, making ideal for resource-intensive applications, providing the system with the necessary power to handle complex computational tasks efficiently. Running at a low 1.1V, this memory configuration also minimizes energy consumption, which can be a significant advantage in environments conscious of power usage.

In terms of storage, this device features a SATA 6.0Gb/s interface for a 2.5-inch SSD or HDD, along with two M.2 slots for NVMe and SATA storage options. Users are recommended to choose a SATA SSD over a traditional HDD to ensure faster performance.

The I/O options on the XH610G2 further enhance its flexibility, with four USB 3.2 Gen 1 ports, two Ethernet ports, one supporting 1GbE and another 2.5GbE, and an optional RS232 COM port offering enhanced compatibility for specialized peripheral connections, which can be particularly useful in industrial or legacy environments.

Furthermore, the compact chassis includes M.2 expansion slots for both WLAN and LTE adapters, providing options for wireless connectivity that can be critical in setups where wired connections are not feasible.

You might also like

• SSD vs HDD: which is best for your needs?
• Take a look at the best business laptops
• These are the best business VPNs

• TeamGroup claims CAMM2 memory promises high-speed DDR5 performance
• Revolutionary design offers dual-channel operation in a single module
• Limited motherboard compatibility poses challenges for CAMM2 adoption

TeamGroup has introduced its Compression Attached Memory Module 2 (CAMM2), promising high-speed DDR5 performance with its new T-Create lineup.

The company says CAMM2 features a revolutionary design that offers significant advantages over traditional memory types like SO-DIMM, U-DIMM, and R-DIMM. It supports dual-channel operation with just one module, streamlining system architecture and lowering power consumption.

The built-in Client Clock Driver (CKD) boosts signal integrity, making CAMM2 well-suited for slim notebooks while its optimized thermal design enhances heat dissipation, allowing higher performance despite the smaller form factor.

CAMM2-compatible motherboards are very scarce

The T-Create CAMM2 modules are designed with DDR5-7200 specifications and a CAS latency of CL34-42-42-84, delivering remarkable read, write, and copy speeds of up to 117GB/s, 108GB/s, and 106GB/s, respectively.

This performance is achieved through manual overclocking, which has driven latency down to 55ns, a significant reduction compared to typical DDR5 JEDEC specifications. TeamGroup is now focused on pushing boundaries and the company says it is working to achieve even faster speeds, aiming to reach DDR5-8000 and even DDR5-9000 in future iterations.

One major setback for TeamGroup lies in the availability of CAMM2-compatible motherboards, which are currently limited. The T-Create CAMM2 memory was tested on MSI’s Z790 Project Zero, one of the few boards currently compatible with this new form factor.

Other brands, such as Gigabyte, hint at possible CAMM2-enabled designs, like an upcoming TACHYON board. However, the CAMM2 ecosystem is still emerging, and widespread adoption may depend on the release of more compatible boards and competitive pricing.

Nevertheless, TeamGroup expects to launch the first-generation T-Create CAMM2 modules by Q1 2025, with broader motherboard support potentially arriving as manufacturers introduce new CPU platforms. With AMD and Intel rumoured to announce budget-friendly CPUs at CES 2025, the rollout of mid-range boards compatible with CAMM2 could align with TeamGroup’s release plans, potentially helping CAMM2 secure a foothold in the market.

CAMM2 offers a couple of advantages over the widely used SO-DIMM, UDIMM, and RDIMM standards. Notably, CAMM2 modules operate in dual-channel mode while only occupying a single physical slot. Furthermore, they incorporate a Client Clock Driver (CKD), similar to CUDIMM memory, which bolsters signal integrity at high speeds, allowing for more reliable and faster memory performance.

These features make CAMM2 particularly appealing for laptops, which often face limitations with current SO-DIMM speeds or non-upgradeable LPDDR5/5X options.

Via Tom's Hardware

You might also like

• These are the best SSDs
• Take a look at the best MiniPCs
• Schools are facing greater cybersecurity threats than ever before

• Fake text message alerts claim to be from legitimate courier service
• URL requests personal or financial information to arrange redelivery
• If in doubt, go to the official website and enter your tracking number

A new survey has revealed the fastest-growing type of scam and it’s probably one you’ve already received this month: a fake parcel delivery alert sent by text message.

According to research published by NatWest, a UK bank, fake delivery alerts are the fastest-growing con of 2024. The study combines industry data with feedback from a survey of 2,000 British adults.

These messages, delivered to your mobile phone by SMS, claim to be from a courier service. They state that a package delivery has been attempted and needs to be rescheduled. They then prompt the recipient to click a link.

This malicious URL leads to a phishing website designed to look legitimate. It will ask for personal details and usually request a fee payment to arrange the fictitious redelivery. If users submit their information here, including login credentials or credit card details, cybercriminals will be able to use them for fraudulent purposes, including purchases.

Companies commonly impersonated in examples we’ve seen include FedEx, DHL and UPS. Because it’s common to receive real redelivery alerts by SMS, it’s easy to be fooled by an apparently convincing message. It’s also easier to fake an SMS alert, because it contains fewer words and doesn’t include a logo.

The scheme uses tactics common to most phishing scams. The message creates a sense urgency, as most people will want to respond to a missed package and arrange its redelivery as soon as possible. They might also receive and read the SMS when they are away from home and distracted, meaning they don’t pay enough attention to whether it is legitimate.

The scam is particularly effective at this time of year, because many people will be expecting genuine deliveries ahead of the festive season. The scam also relies on emotional manipulation: a lot of these packages will contain presents for love ones, so people will be particularly keen to ensure that they are safely delivered.

As a result, recipients of the SMS may act quickly to resolve the apparent issue. This could cause them to overlook inconsistencies in the message, such as the lack of tracking number.

How to stay safe

Some examples of the kinds of scam 'missed parcel' SMS text messages you might see this holiday season (credit: National Cyber Security Centre). (Image credit: National Cyber Security Centre)

As with any SMS message or email you receive which claims to be from a real company, the most important step is to stop and think before clicking on a link. Be alert to tell-tale signs of a phishing scam, particularly any urgent requests for personal or financial information.

Stuart Skinner, a Fraud Expert from NatWest, advises people: “Think about it: would a real delivery company ask you to follow a link and make a payment?”

This statement from FedEx reflects the position of most courier services: “FedEx does not request, via unsolicited mail, email, or text, any personal information pertaining to your account credentials or identity.”

Once you’ve paused for thought, consider the details in the message and ask yourself a few questions. Are you expecting a delivery? If so, which company is handling that delivery? You should have received a confirmation when you placed your order, which should tell you the courier service and tracking number. If those don’t match up, then you’ve received a fake message.

You should also look out for grammatical errors in the message, as well as misspelled website addresses or variations of real URLs. If you’re uncertain about a link, don’t click it. Instead, head directly to the courier service’s official website and input your tracking number. This ensures you’re seeing genuine information about your package, including whether any action is required.

Most couriers offer advice about how to avoid fake delivery scams. For example, DHL states: “If you don't recognize the sender and don't expect the email or text message, there's a chance you're phishing.”

The United States Postal Inspection Service echoes this advice: “If you suspect the text message you have received is suspicious but are expecting a parcel, please do not click on any links. Rather, report it and visit USPS.com from your mobile device or computer for tracking and additional resources..”

UPS has a similar recommendation: “If you are unsure of the validity of a text, do not click or select any links or open any attachments as they may contain a virus.”

You might also like...

• Everything you need to know about phishing scams
• Spam texts are trying to play on your emotional needs
• Your Netflix account is not suspended – how to avoid the latest SMS scam

• MobiSystems rebrands to MobiOffice
• Adds new MobiScan app for mobile document management
• Affordable pricing aims to attract a billion users worldwide

MobiSystems, known for its OfficeSuite software, has rebranded under a new unified platform to provide an integrated productivity experience that combines office software, PDF editing, and cloud storage within a single package.

The rebrand to MobiOffice will includes MobiPDF (formerly PDF Extra) and MobiDrive, all redesigned to offer a more integrated productivity tool experience.

With a user base of over 550 million worldwide, MobiSystems has now set its sights on the billion mark with the introduction of new products, including MobiScan, a mobile scanning app.

MobiOffice is here

MobiDocs offers a streamlined tool for document creation, supporting both basic text editing and advanced formatting options. Users can quickly create professional-grade documents, benefiting from customizable templates and an AI-powered paraphraser that adds sophistication and ease to the writing process.

For those focused on data management, MobiSheets provides straightforward tools for organizing home budgets and offers advanced data processing options like Pivot Tables for more complex business needs.

MobiSlides is designed to simplify the process of creating presentations, providing an intuitive design suite with customizable templates and options for animations, multimedia integration, and custom transitions.

Each of these components is also available as a standalone app on Windows, giving users the option to select the specific tools they need without purchasing the entire suite.

Formerly known as PDF Extra, MobiPDF lets users create and edit PDFs across platforms, including Windows, Android, and iOS. Built with an integrated mobile scanner, MobiPDF allows users to create high-quality PDFs from any document, including file conversion for over 20 formats, password protection, and advanced encryption, making it suitable for users who prioritize data security.

MobiDrive provides secure and scalable cloud storage, ranging from 20GB of free storage to 2TB paid plans. This service supports storage and conversion for over 1,200 file formats, making it a versatile option for users who need universal accessibility. MobiDrive is available on Windows, Android, iOS, and the web.

MobiOffice Premium is priced at $4.19 per month, or a one-time fee of $99.99 for lifetime access. For users who prefer individual apps, MobiDocs, MobiSheets, and MobiSlides are available at $2.49 per month each. MobiPDF is also priced affordably at $4.19 per month. Meanwhile, MobiDrive’s cloud storage options start at $4.99 per month for up to 2TB.

"In today’s fast-paced world, we provide a solution designed for everyone, helping people accomplish any task, from anywhere, on any device—so they can thrive in whatever they do," noted Justin Priestley, MobiSystems Chief Marketing Officer.

You might also like

• These are the best online collaboration tools
• Here is our guide to the best project management software
• And we've rounded up the best free office software too

• New QLC technology boosts storage capacity and performance
• High-Speed Link Startup Sequence reduces initialization time by 70%
• Enhanced security features protect sensitive user data effectively

The growing demands of mobile technology have increased the need for high-capacity and high-speed data storage, and as digital devices continue to advance, the industry seeks a way to handle larger data loads while delivering fast and efficient performance.

Kioxia has now launched the mass production of its latest innovation: the industry’s first QLC UFS 4.0 embedded flash memory device.

The new device is designed with quadruple-level cell (QLC) technology and comes with a higher bit density and increased storage capacity thanks to Universal Flash Storage (UFS) technology.

High-speed performance for demanding applications

With this new QLC UFS 4.0 device, Kioxia offers higher storage capacity within a compact structure which not only benefits compact devices like mobile phones and tablets but also PCs, networking systems, and emerging fields like AR, VR, and AI that require robust storage solutions.

Kioxia’s QLC UFS 4.0 device has impressive data transfer rates with the device reaching sequential read speeds of up to 4,200 MB/s and sequential write speeds of up to 3,200 MB/s. These speeds are achieved by utilizing the UFS 4.0 interface, which supports interface speeds as high as 23.2 Gbps per lane or 46.4 Gbps per device.

This combination of QLC storage with the latest UFS interface technology provides a significant performance boost, making it well-suited for data-heavy applications. As a result, users can expect faster file transfers, smoother streaming, and more efficient multitasking, particularly for mobile and high-performance computing devices.

Kioxia’s new QLC UFS 4.0 device is also built on its proprietary BiCS FLASH 3D flash memory, known for its durability and efficiency. Designed to meet the JEDEC standard, the UFS 4.0 package combines this advanced memory with a dedicated controller to optimize performance. With backward compatibility with UFS 3.1, Kioxia’s UFS 4.0 devices offer an upgrade path for users.

To enhance its practical application, Kioxia’s QLC UFS 4.0 device features a High-Speed Link Startup Sequence (HS-LSS), a new method that accelerates device-to-host initialization. By allowing link startup at a faster HS-G1 Rate A rather than the conventional slower speed, HS-LSS reduces link startup time by about 70%.

In addition to faster initialization, the device also includes enhanced security capabilities with Advanced Replay Protected Memory Block (RPMB) features. These security measures protect user data by securing access to sensitive information, such as credentials. With RPMB Purge, users can also ensure that discarded data is fully sanitized, adding another layer of confidence in data protection.

Furthermore, Kioxia’s QLC UFS Ver. 4.0 device supports an Extended Initiator ID (Ext-IID), which is designed to work with Multi Circular Queue (MCQ) in the UFS 4.0 host controller. This feature boosts random performance, a critical component for devices requiring fast and distributed access to data across multiple applications. With Ext-IID, the device is better equipped to manage complex data tasks, providing faster, more efficient performance for users with demanding workloads.

Via BusinessWire

You might also like

• These are the best SSDs
• Take a look at our guide to the best cloud storage
• Hybrid work is winning out, despite employers trying to force a return to office