TechRadar News

Hackers have been compromising online shops, redirecting people to copycat websites, and stealing both their data and their money there, experts have warned.

The scam, dubbed ‘Phish ‘n’ Ships’ by the Satori Threat Intelligence team from HUMAN which uncovered it, stole tens of millions of dollars until it was finally discovered and stopped.

Phish ‘n’ Ships most likely started in 2019. The crooks would break into legitimate online stores in different ways - leveraging n-day vulnerabilities, server misconfigurations, easy-to-guess passwords, or in other ways. Once they gain access, they would upload multiple scripts which would allow them to upload fake product listings.

Disrupting the campaign

The listings would come with SEO-friendly metadata, to make sure they are easy to find through search engines. The fake products, usually for hard-to-find items such as the Nintendo power glove oven mitt, would lead the victims away from the legitimate stores, and through a series of redirects, which end on a copycat website imitating the original, legitimate store.

There, the victims go through a checkout process, giving away not just sensitive information, but also money, to the attackers.

Satori says that “thousands” of legitimate websites were compromised this way, and “hundreds of thousands” of people victimized. The damages are being counted in tens of millions of dollars.

To make matters worse, the crooks were withdrawing the money with no problem, for years. However, Satori’s researchers managed to notify almost all of the victimized websites, and with the help of Google, removed all malicious listings from search engine results.

Finally, the payment processors who were facilitating the cashouts were also notified, and the accounts were banned.

While this means the campaign is disrupted, the researchers believe it’s not completely destroyed. Since no arrests were made, they believe it is only a matter of time before the crooks start rebuilding the network all over again. As we approach the holiday season, it is essential consumers remain vigilant and only shop on reputable websites.

Via BleepingComputer

More from TechRadar Pro

• How ecommerce retailers can ensure consumer safety in 2024
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Apple’s big reveal of M4 Macs this week came with the introduction of the manufacturer’s new peripherals: the Magic Mouse, Magic Trackpad, and Magic Keyboard, with USB-C replacing the previous Lightning charging ports - but they currently only work properly with macOS Sequoia 15.1.

This means if you’re still on macOS Sonoma (Sequoia’s predecessor), Ventura, or any older version of the OS, the new Mac accessories will not fully work as intended. The issues were spotted by users in MacRumors’ forums, which include claims of the Magic Mouse having scrolling issues, along with the Magic Keyboard’s Touch ID and function keys not working.

While it may come as a surprise to see Sonoma and Ventura’s compatibility for the peripherals seemingly left out (after all, even Ventura is no more than two years old), it’s also a shock to see that the macOS Sequoia 15.2 beta has the same issues - it’s important to note that Apple will likely add full support for the new peripherals later on, but this certainly isn’t a given for the previous macOS versions.

(Image credit: Ilona Kozhevnikova/Shutterstock) Will macOS Sonoma and Ventura have full support for the USB-C accessories?

Considering the omission of Wi-Fi 7 on M4 Macs (much to our surprise), this could be yet another strange decision from Apple, if the older OS versions remain partially incompatible with the new peripherals. The positive news is that at the very least, the Magic Keyboard maintains a standard level of functionality - though frankly, this still isn’t good enough for products that are so expensive.

As for the Magic Mouse, the main issue is the total inability to scroll - perhaps the biggest blunder from Apple this week, since that's one of the most basic functions a mouse should have. While it might be easy for most users to just upgrade to macOS Sequoia, this feels all too familiar to Microsoft Windows and its frequently-forced updates.

There is a chance that this is a temporary matter with the issues potentially being investigated already, but it wouldn’t surprise me to see Apple ignore previous macOS versions in an attempt to push users over to Sequoia - let’s hope that’s not the case, since some users on work systems might not have that option.

You might also like...

• Apple has quietly given the M4 iMac some hidden upgrades – here are the ones you may have missed
• Cyberpunk 2077 is coming to Macs - could the M4 Mac mini be a PS5 Pro killer in 2025?
• Apple is creating its own renewable power to offset the M4 Mac mini's carbon emissions - but is it enough?

• Apple has just acquired the popular photo editing app Pixelmator
• There won't be any changes to Pixelmator's app "at this time"
• The move could be a big boost for photo editing on iPhones and Macs

Apple has just bought the popular photo editing app Pixelmator – and that could be huge news for photo editing on iPhones, iPads and Macs.

The news was shared by Pixelmator in a surprise blog post, which says that it's "signed an agreement to be acquired by Apple, subject to regulatory approval". That approval is likely to be a formality, given Pixelmator is far from the biggest fish in the image editing pool.

If you're a Pixelmator fan, you don't need to worry about big changes for now – the app maker says there will not be "material changes to the Pixelmator Pro, Pixelmator for iOS, and Photomator apps at this time".

However, it added to "stay tuned for exciting updates to come" and it's hard not look ahead to what Apple could do with the apps. The obvious parallel is Dark Sky, a relatively small startup that Apple acquired in early 2020, before folding it into its own Weather app.

It looks highly likely that Apple will do the same with Pixelmator's tech and its Photos app, which similarly exists on the iPhone, iPad and Mac. And that would be big news for photo editing on those platforms...

The new Aperture?

(Image credit: Future)

Apple once made a pro-level image editor and organizer called Aperture for the Mac, which existed between 2005 and 2015, when it was discontinued. This Pixelmator acquisition could potentially fill that hole – and also give Apple fans a powerful native alternative to the likes of Photoshop.

On the iPhone, many photography fans prefer Pixelmator to Adobe's apps. TechRadar contributor Paul Hatton recently wrote that the iOS app let him say goodbye to Photoshop, partly because it's designed specifically for iOS and iPadOS (so can take full advantage of Apple silicon).

We also rate Pixelmator Pro highly in our guide to the best photo editing apps for Mac, calling it a "great all-rounder" and better value than an Adobe Creative Cloud subscription. If Apple does ultimately fold Pixelmator's tech into the Photos app, it could become even better value – perhaps even free, for Apple fans.

The potential for that move has understandably made Pixelmator fans a little nervous. Apple won't necessarily absorb Pixelmator into Photos, but it seems the most likely future scenario.

While Apple Intelligence does now power features like Clean Up for removing distractions from photos, the acquisition of Pixelmator suggests that Apple still thinks it's behind the likes of Google's Magic Editor and Adobe when it comes to native AI image editing and organizing.

That's certainly the case when you look at TechRadar's Phone of the year, the Google Pixel 9 Pro, but we could soon see Apple catch up

You might also like...

• This app let me say goodbye to Photoshop and I might be better off for it
• I tested Photoshop's new AI tool for fixing old photos – and it's seriously impressive
• I tested the Google Pixel’s Long Exposure photo mode – and it’s another reason to leave my pro mirrorless camera at home

It looks like Microsoft’s grand AI schemes have hit another snag, with the release of the controversial Recall feature being pushed back again. Recall is one of Microsoft’s new AI-powered offerings, intended to record your desktop activity in Windows 11 by taking screenshots at regular intervals and making them searchable.

When presented, Microsoft painted a picture of a futuristic ‘instant replay’ of sorts that could help you remember what you were doing, like helping you find a specific document you were working on or backtracking to a tab you closed a while ago.

Quickly following Recall’s announcement came a swift current of criticism about the possible security and privacy-related risks that would come with an AI constantly monitoring your PC. It sounds obvious to say, but Recall would presumably capture a great deal of personal and private information - which in turn would be a lucrative prize for the likes of hackers, scammers, and other malicious actors. Researchers and experts in cybersecurity were quick to point out Recall’s flaws, such as captured information being stored on your PC without encryption.

Yet another delay - but it's for the best

Microsoft took note of the reaction to the announcement of Recall and postponed it once already to add new privacy and security protections, like requiring log-in using Windows Hello and making Recall a strictly opt-in feature. The show was seemingly back on the road after that, with Microsoft readying Recall to be released for testing in October 2024. However, just yesterday, on Halloween no less, Microsoft announced that the release of Recall will be postponed again to continue to improve its privacy and security.

I would rather Microsoft really put as much thought and effort into this as possible, of course, but these numerous postponements make me wonder what the state of Recall’s privacy and security was initially. If it was lacking, that’s pretty worrying and makes me think that Microsoft greatly underestimates how ironclad Recall’s security measures would have to be and that it’s now trying to settle on a minimum.

I understand that even Microsoft’s resources and funds aren’t infinite, but exploitable parts of Recall could have devastating consequences for users.

So when will Recall finally arrive?

When speaking to The Verge about the delay, Microsoft said that Recall’s initial release will be delayed to December 2024. In December, it will be released to testers in the Windows Insider Program with Copilot+ PCs, hoping to achieve ‘‘a secure and trusted experience.’’

Microsoft has put out a Windows Blog post explaining the current state of Recall and how it’s working on beefing up Recall’s privacy and security architecture, including allowing users to have control over data collection and ensuring that data is stored securely on devices. I know Microsoft’s not big on making it easy to disable parts of Windows you may not like, but again, it’s pretty frustrating that this wasn’t considered from the beginning.

PCWorld speculates that while Microsoft still appears to be pretty committed to Recall, there’s still a chance that it could be scrapped altogether. If Microsoft can’t get the privacy and security aspects of Recall right, that wouldn’t be the worst idea.

You might also like...

• Good news! Soon Windows 11 updates won't take forever thanks to 24H2's speed boost
• Another day, another Windows 11 24H2 update bug – this time, Task Manager shows zero apps running
• Microsoft's Windows 11 24H2 issues just keep getting worse, with the new update now causing crashes on Intel motherboards

Cybercriminals are attacking surveillance cameras from multiple manufacturers, leveraging two zero-day vulnerabilities to take over the endpoints, watch and manipulate the feeds, and more.

Cybersecurity researchers GreyNoise claim to have spotted the attacks after their AI-powered analysis tool Sift raised an alarm that crooks are attacking network device interface-enabled (NDI) pan-tilt-zoom (PTZ) cameras from multiple manufacturers.

The cameras can be found in different environments, including industrial and manufacturing plants, where they are used for machinery surveillance, and quality control. They can also be found in business conferences, used for high-definition video streaming and remote presentations, in healthcare (used for telehealth consultations and surgical live streams), state and local government environments, including courtrooms, and houses of worship, where they’re used for live streaming.

Waiting on patches

GreyNoise says the affected devices are typically high-cost, with some models costing several thousand dollars.

Affected devices use VHD PTZ camera firmware < 6.3.40 used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63.

The vulnerabilities in question are now tracked as CVE-2024-8956, and CVE-2024-8957. The former is deemed critical (9.1), and the latter high (7.2). When exploited, the vulnerabilities can be used to completely take over the cameras, view and manipulate video feeds, disable different camera operations, and assimilate the devies into a botnet.

While for some models, patches have already been released, others remain vulnerable. According to BleepingComputer, PTZOptics released a security update on September 17, but since multiple models reached end-of-life status (PT20X-NDI-G2 and PT12X-NDI-G2) not all were patched. Furthermore, PT20X-SE-NDI-G3, and PT30X-SE-NDI-G3 are still pending a fix.

Chances are, the list of affected models is a lot longer than what the researchers determined at this time. Users are advised to check with their manufacturer if they’ve released a fix for the abovementioned flaws.

More from TechRadar Pro

• Top surveillance camera has a major security flaw that allows hackers to install Mirai botnet
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Who said that using one of the best VPN apps needs to affect what you can and cannot do online?

While VPN connections are great for keeping you anonymous on the internet and letting you access otherwise geo-restricted content, they are notorious for creating some issues with certain online services or websites. Surfshark has then developed Bypasser to help you get the best of the two worlds – the security of VPNs and flexibility on the standard internet – within a couple of clicks.

While the Bypasser feature was already available for its Windows, Android, and web extension app, the provider has recently added the option also to its iPhone VPN. Support for macOS devices is also on its way.

What is Surfshark Bypasser?

"With the introduction of Bypasser for iOS, we are giving our users the power to manage their internet connection with ease," said Justas Pukys, Senior Product Manager at Surfshark. "This feature allows certain IP-sensitive websites and services to bypass the VPN, ensuring users can access these online destinations directly while maintaining security where it is most crucial."

If you're familiar with other VPN services, you may remember a feature called split tunneling. Surfshark Bypasser, Pukys explains, is the provider's branded version of the split tunneling feature.

No matter what you want to call it, this feature allows you to decide which data to encrypt with a VPN and which to transmit directly.

Surfshark Bypasser is the provider's branded version of the split tunneling feature

Let's imagine you need to certain websites and services that block VPN connections, like your online bank or your account page on a government site. You can use Bypasser to exclude those sites' traffic from the VPN.

"This allows the user to access the content without restrictions while still maintaining VPN protection for other online activities," Pukys told me.

How to use Surfshark Bypasser

Using Surfshark Bypasser on the iOS app couldn't be easier.

All you need to do is open the app and head to the Settings tab you find on the left-hand side of the panel. Click on VPN settings and then on Bypasser.

Once there, tap on Add website to insert the site you wish to exclude from the VPN connection. You can easily review your choice by removing or adding new websites right from the Bypasser tab.

You can easily manage VPN connections directly within your iOS app. (Image credit: Future)

As mentioned earlier, Surfshark subscribers using other platforms have been able to use Bypasser for some time now. The provider previously launched the feature on Windows, Android, and its VPN web extension app.

The new release gives more VPN flexibility to Apple users, too, as they can take advantage of the feature when using their iPhone or iPad devices. Better still, Pukys said: "We are also working on implementing this feature for the macOS operating system."

Nominating the Samsung S95D as our TV of the Year for 2024 shouldn’t deliver the same shock factor as when the Samsung S90C OLED TV ended LG’s TV of the year reign in 2023, but the reason it earned this title at the TechRadar Choice Awards 2024 is an interesting mix.

What it came down to was a combination of sensational AI-powered processing and a matte screen. This combination of digital and analog tech gave the Samsung S95D a leg-up over the competition and cemented it as one of the best TVs we’ve ever seen.

When I reviewed the S95D, I was surprised by the effectiveness of its OLED Glare-Free screen. Our TV testing room at TechRadar has harsh overhead lighting to help us test reflectivity, but the S95D made easy work of it, all but eliminating reflections and screen glare. I could even watch The Batman, a notoriously dark-looking movie, in full lighting without being distracted!

Screen reflections have typically been kryptonite for the best OLED TVs due to their relatively low brightness levels, and while the new Micro Lens Array (MLA) tech gives OLEDs like the LG G4 and Panasonic Z95A a serious boost, we found the S95D and its simple matte screen over a stunningly bright next-gen QD-OLED panel to be even more effective for viewing in bright rooms.

As I said, the matte screen isn’t the only reason the S95D won – it’s just one big piece of the TV-of-the-Year-winning pie. Like other TV makers, Samsung talked up AI innovations in its TVs at CES 2024, but the S95D is one that legitimately shows how AI can improve picture quality.

The Samsung S95D's details and textures are ultra-realistic thanks to AI features like Real Depth Enhancer (Image credit: Future)

When testing the S95D, I marveled at how realistic textures and details looked. Even stitching in clothing and cracks in rocks took on a lifelike quality I hadn’t seen before on a TV. Part of this is the S95D’s QD-OLED display panel, but it’s also Samsung’s Real Depth Enhancer AI feature that contributes to the TV’s spectacularly detailed picture.

Other AI features in the S95D include 4K AI upscaling, which I found during testing even worked wonders with lower-resolution broadcast TV. Another new feature, OLED HDR Pro, further boosts brightness, giving HDR highlights in images a bolder, more vibrant look. In our tests, the S95D yielded 1,868 nits peak brightness – an over 35% brightness increase compared with its predecessor, the Samsung S95C, and the brightest OLED we've tested to date.

Combine all these features with the rich color and powerful contrast delivered by the S95D’s QD-OLED panel and you get an outstanding TV that looks great with every source thrown at it.

But it isn’t just picture quality where the S95D delivers. It’s stacked with features we look for in the best gaming TVs including 4K 144Hz, VRR (with AMD FreeSync Premium Pro), HGiG support and ALLM . It also comes with Samsung’s Gaming Hub built-in, a useful destination for gamers looking to get to the action right away.

Rounding everything out, the S95D’s built-in sound provides accurate placement thanks to an Object Tracking Sound+ (OTS+) feature. It has a ‘floating’ appearance thanks to a clever stand design, and its external One Connect Box houses all connections with one cable connecting to the TV – ideal for wall-mounting and cable management.

The S95D isn’t perfect. I think one of the best soundbars is needed to add extra audio immersion, and there was some black crush present in dark scenes when I tested it, but there really isn't any other way I could fault Samsung’s top OLED TV.

I’ve seen every major S95D competitor this year – the LG G4, Sony Bravia 9, Panasonic Z95A and Philips OLED909 to name a few – and while they all have their strengths and are superb TVs, none gave me the same feeling of seeing a leap forward that the S95D did. As I said in my review, the Samsung S95D is both “the future of OLED” and “the standard bearer for 2024”. If that doesn’t say TV of the Year, what does?

Lucasfilm and Disney have dropped a new trailer for Star Wars: Skeleton Crew – and, if there were still any doubts, it's definitely going for a 'Star Wars meets Goonies' vibe.

Due to launch on Disney Plus in early December, the last of 2024's new Star Wars TV shows and movies looks equal parts cute, thrilling, dramatic, and action-packed in a teaser set to Peter Schilling's 'Major Tom (Coming Home)' song, albeit one that appears to have been translated into Huttese. It also seems as though it's leaning heavily into the grimy, criminal underworld aesthetic that was a hallmark of the iconic sci-fi franchise's early years, too, which will surely appeal to older Star Wars fans, some of whom – alongside younger viewers – weren't exactly enamored with Star Wars: The Acolyte earlier this year.

If you're a little baffled about what Skeleton Crew's story is about – let's be honest, fun as its latest trailer looks, it's hard to determine its plot – don't worry, because I'm here to help. Essentially, it follows four kids called Wim (played by Ravi Cabot-Conyers), Fern (Ryan Kiera Armstrong), KB (Kyriana Kratter), and Neel (Robert Timothy Smith), who get lost in that famous galaxy far, far away. How do they do so? Well, they find a spaceship buried on their home planet and, after somehow excavating it without any adults finding out, accidentally kickstart its engines and hyperdrive, and wind up in a distant and dangerous part of the cosmos.

But fear not for their safety, because Jude Law's enigmatic rogue Jod Na Nawood, who some observers are already theorizing is a Jedi – or, at the very least, a Force wielder – offers to help them get back home. I suspect, though, that he'll want something in return, and that something could be the very spaceship that the quartet originally found.

#SkeletonCrew is streaming December 3, with a two-episode series premiere, only on @DisneyPlus. pic.twitter.com/Cvwjbg5tiXNovember 1, 2024

This isn't our first official look at Skeleton Crew. In August, Lucasfilm and Disney debuted the sci-fi series' first trailer, which was one of nine big announcements we were most excited to see at D23 Expo 2024. That teaser arrived nine days after Star Wars: Skeleton Crew's official release date was announced alongside some first-look images at its adorable kid characters. For those who didn't read about when it'll take flight on Disney Plus, aka one of the world's best streaming services, in the above X/Twitter post, it'll arrive on December 3 (US) and December 4 (UK and Australia) with a two-episode premiere.

Joining Law and his young co-stars on the cast roster are Kerry Condon and Tunde Adebimpe – the latter of whom, as confirmed in this new trailer, is playing Wim's father. It's unclear who Condon's unnamed character is related to, but I suspect she'll be mother to Fern or KB. Nick Frost is also part of proceedings, with Simon Pegg's long-time collaborator voicing the droid known as SM-33.

Jon Watts, who directed the first three Spider-Man movies in the Marvel Cinematic Universe, has co-created Skeleton Crew with Christopher Ford, who wrote the script for Spider-Man: Homecoming. The pair have assembled a truly talented line-up of directors for this project, too, with The Green Knight's David Lowery, Beef and Thunderbolts filmmaker Jake Schreier, The Mandalorian veterans Bryce Dallas Howard and Lee Isaac Chung, and the Daniels – Daniel Kwan and Daniel Scheinert – helming its episodes. The latter duo's involvement is particularly exciting, especially in light of their work on multi-Oscar winner Everything Everywhere All at Once.

Clearly, Skeleton Crew has a ton of star power attached to it, but will its narrative hold up and earn it a spot on our best Disney Plus shows list? I hope so, but my colleague Rob Dunne believes Skeleton Crew already has a lot of convincing to do. I wonder if this new trailer will make him change his mind.

You might also like

• Here's how to watch the Star Wars movies in order
• Get the lowdown on everything we know about Star Wars: Andor season 2
• Star Wars: The Acolyte gets axed after its first rickety season

Hi-fi lovers, assemble! Wharfedale’s most popular loudspeaker pair, the Linton (but see also the Denton 85 we saw at the 2024 Bristol Hi-Fi Show, to mark Wharfedale's 85th year in the business), has just been elevated to ‘Super’ status. Linton Super, you say? Yes, featuring upgrades to the drive units, crossover and cabinet – but maintaining the glorious wooden cabinet and the offset positioning of the tweeter.

Quick history lesson: the original Linton was one of the UK's heavy-hitters between 1965 and the late 1970s (when I was born. And I remember these speakers the first time around). Wharfedale brought the Linton back in 2019 as part of its Heritage line, lovingly re-engineered. Cut to five years later and Wharfedale’s engineers – buoyed up by their success and led by Director of Acoustic Design, Peter Comeau – decided the design could be pushed even further.

Wharfedale tells me that the team "revisited every element" in the speaker, "from the cabinet to the drive units to the crossover". The result? A Super Linton. It's every inch part of Wharfedale's Heritage Series, but now re-worked for the modern age.

Wharfedale Super Linton: the key upgrades

While its footprint is the same as that of the regular Linton, the Super Linton’s cabinet is 4cm taller – and more internal volume is almost always a good thing in speakers (if you can fit them into your home, that is – and I'd invite these stereo speakers into my small home happily).

The construction now features dual layers of fiberboard, coupled by latex-based damping glue. The 200mm woven Kevlar bass driver's cone is the same, but that extra volume means a more powerful motor system could be added, with increased magnet strength. The treble unit? It's also new, although it inherits much of its design from the one used in the much bigger (and much more expensive) Dovedale, with a 25mm dome formed from a fine fabric weave.

Combining the output of this three-way speaker's units is an all-new crossover network, now split onto two separate circuit boards. The speaker grille is also an improved design, incorporating internal shaping. They certainly sound like contenders for our best stereo speakers roundup.

The new Super Linton is available from mid-November in your choice of walnut, mahogany or black oak wood veneers, priced at $2,499 / £1,999 / AU$5,199 including the matching stands. They're $2,299 / £1,849 / AU$4,599 without the stands but really, why would you?

Bit rich for the blood but want the next-best thing? The 2019-edition Linton remains in the lineup at £1,249 per pair (so around $1,800 or AU$2,450) with the stands or £1,099 without them. You know you need them for those long listening sessions of an evening…

You may also like

• Got a spare $23,000? Devialet's new streaming amp is covered in 23-carat gold leaf – and it's gorgeous
• Grado's high-end headphones look like iconic 90s cans, but feature detachable cables for the first time
• It's a Model and it's looking good: VPI's Model One turntable is simply stunning

New research from the Identity Theft Resource Center (ITRC) has claimed American businesses are facing more cybersecurity events and attacks than ever before.

The report highlights a rise in the number of US small enterprises, defined as those with fewer than 500 workers, experiencing a data or security breach in the past year. Last year, four in five (81%) fell victim, up from fewer than three-quarters (73%) the year before.

ITRC also noted financial losses from these breaches have skyrocketed, revealing the importance of establishing a stronger security posture.

SMB attacks

On average, affected businesses in the small enterprise category are now dealing with losses of more than $500,000, which ITRC says is double what had been reported last year.

Despite the higher prominence of attacks, companies claim to be addressing the challenge. Four in five expressed their commitment to strengthening their security, including cybersecurity training for both IT and non-IT staff (88%), the deployment of new security tools (65%) and increased security budgets (67%).

CEO Eva Velasquez introduced the report by highlighting the importance of adopting passkeys, which are not susceptible to traditional theft methods.

Businesses weren't the only ones to fall victims to cyberattacks – more than four in five (82%) individual consumers also experienced a data breach in the past 12 months. The report also notes a 21 percentage point increase in identity theft victims in the past year.

COO James Lee added that data breaches are the “fuel for most cyberattacks and identity crimes committed today,” which gives both businesses and consumers a clear target when tackling their cybersecurity. AI might have helped criminals to write better code to steal sensitive information, but by protecting this with encryption and cryptography, the chances of an attack become far slimmer.

More from TechRadar Pro

• Check out the best endpoint protection software
• Many bosses think their employees lack even basic security awareness
• Consider using one of the best password generators or best password managers

Microsoft has launched several new AI-powered tools designed to improve the developer experience as well as the brand new GitHub Copilot for Azure, a coding assistant that will be embedded in popular development environments like Visual Studio Code.

Amanda Silver, CVP of Product for Microsoft’s Developer Division, said in an interview with VentureBeat that developers are faced with a growing number of tools that are leading to “cognitive overload,” hence the introduction of what should hopefully be a simpler process.

Quantifying the added stress that an excess of tools brings, Microsoft revealed switching can cost developers up to 23 minutes each time, which adds up over the course of a week.

Microsoft wants to simplify developers’ lives

To coincide with the announcement and the coding platform’s recent series of announcements, GitHub’s CPO Mario Rodriguez noted that the future workload of developers will center around integrating AI into all elements of software.

By introducing new complexities, like prompt engineering, model evaluation and managing AI model outcomes, GitHub’s consensus, supported by a growing number of studies, is that artificial intelligence would change existing roles and introduce new ones, rather than replace human workers.

The company has also introduced new AI App Templates to allow developers to deploy artificial intelligence applications in “as little as five minutes.” Azure AI’s selection of models have also been extended to GitHub via GitHub Models, which is now in preview – users can compare model performance, experiment, and mix-and-match a open and proprietary models for free.

More broadly, a number of other important announcements were made at GitHub Universe, including the introduction of new models like Claude 3.5 Sonnet and Gemini 1.5 Pro to Copilot.

More from TechRadar Pro

• These are the best AI tools and best AI writers
• AI push makes Python the most popular language on GitHub
• Get a swanky new upgrade with the best laptops for programming

The first weekend of November has arrived, and there's a pleasing mix of genre-specific new movies and shows to enjoy on the world's best streaming services.

The return of The Diplomat on Netflix notwithstanding, this week's offerings aren't as headline-grabbing as they have been recently. Nonetheless, that means you'll have to leave your streaming comfort zone and sample something entirely new, which is always worth doing if you ask us.

Anyway, these are the seven biggest new TV series and films worth watching before the working week starts up again. Enjoy!

The Diplomat season 2 (Netflix)

The Diplomat is one of the best Netflix shows around and its second chapter promises to be a gripping affair, with season 2's teaser trailer clearing up an important question about the show's return.

Following last season's explosive finale, Keri Russell's Kate Wyler discovers that – spoilers! – the deadly explosion, which nearly killed her almost ex-husband Hal Wyler (Rufus Sewell), was an inside job directed by the British government. Kate goes on a mission to uncover the truth while trying to balance her fractured marriage, a complicated relationship with British Foreign Secretary Austin Dennison (David Gyasi), and a threatening visit from Vice President Grace Penn (Allison Janney).

The Diplomat is another addition to Netflix's top-tier selection of political thrillers. With my personal favorite, The Night Agent season 2, not returning until 2025, The Diplomat season 2's high-octane action and heart-pounding thrills is just what I need this weekend.

Grace Morris, entertainment writer

• Watch The Diplomat season 2 on Netflix

Wizards Beyond Waverley Place (Disney Plus)

What better way to keep the Halloween Week thrills going this weekend then to sit back with a returning Disney Channel Show filled with wizards and magic? The new fantasy series Wizards Beyond Waverly Place has nine episodes available to stream on Disney Plus – and it looks like perfect viewing for the entire family.

A sequel to the popular teen sitcom Wizards of Waverly Place from the late 2000s, it sees David Henrie and Selena Gomez reprise their roles as siblings Justin and Alex Russo, who are now grown ups trying to lead a 'mortal' life. Well, that's until Alex brings home Billie (Janice LeAnn Brown), who's in need of some magical help.

Will Justin be able to remember his magical training? Can he mentor the young wizard-in-training Billie while also keeping the future of the 'Wizard World' safe? There's a 'magical' button below that'll take you to Disney Plus to find out, so click it and see if it can conjure up a place on our best Disney Plus shows list.

Amelia Schwanke, senior entertainment editor

• Watch Wizards Beyond Waverley Place on Disney Plus

Olivia Rodrigo: Guts World Tour (Netflix)

This one's for all the fans that missed out on getting tickets to the ongoing concert tour of pop's brightest new star: Olivia Rodrigo. When news first dropped that she was getting a larger-than-life Netflix spectacle similar to what we've seen with Taylor Swift and Beyoncé, TechRadar's Rowan Davies couldn't help but see it as another reminder of failing to score tickets to one of this year’s biggest tours.

Luckily, we can all now get a piece of the action from the sold out August 21 show in the Intuit Dome in Los Angeles, as Olivia Rodrigo: Guts World Tour is available to stream. Given its blinding success on the road, I'm going to go out on a whim and say that this is going to get a high enough rating from critics and, whisper it quietly, even qualify for our best Netflix movies guide (check back soon).

Want to keep the party going after watching this one? I recommend these five favorite music movies with over 90% on Rotten Tomatoes to stream next.

Amelia Schwanke, senior entertainment editor

• Watch Olivia Rodrigo: Guts World Tour on Netflix

Music by John Williams (Disney Plus)

No matter whether you're a film fanatic or more of a casual moviegoer, you'll have watched a movie whose music has been scored by the incomparable John Williams. Indeed, the legendary composer has written iconic soundtracks for beloved franchises including Star Wars and Indiana Jones, as well as standalone flicks like Jaws, E.T, Schindler's List, Superman: The Movie, JFK... the list goes on and on.

As a big fan of Williams' famous back catalog, then, this documentary celebrating the adored musician's life and body of work is right up my alley. Featuring many of his most well-known pieces of music, as well as interviews with his closest collaborators (Steven Spielberg among them), industry titans, and other famous faces who've been touched by his artistry, Music By John Williams looks like the kind of Disney Plus docufilm that'll confirm my adoration for the man behind some of the movie industry's most recognizable film scores.

Tom Power, senior entertainment reporter

• Watch Music By John Williams on Disney Plus

Paris Has Fallen (Prime Video)

If one political thriller wasn't enough for you this week, Paris Has Fallen on Prime Video is also worth a gander. Gerard Butler introduced us to the Has Fallen blockbuster franchise in 2013 and now he's taken a back step as an executive producer for this spin-off series set in the French capital.

Paris Has Fallen follows French security officer Vincent Taleb (Tewfik Jallab) and British MI6 operative Zara Taylor (Ritu Arya), who join forces when a terrorist group attack a high-profile embassy reception, with the French Minister of Defence as their target. However, when things take a dark turn, Vincent and Zara soon discover that the plan goes far beyond than what they had imagined. Not only will I be watching Paris has Fallen to see if Butler makes a cameo as Secret Service agent Mike Banning from the original movies, but also to witness Arya as a hotshot super spy as she's brilliant in The Umbrella Academy. I'm not sure, though, if it'll have enough about it to join our best Prime Video shows list.

Grace Morris, entertainment writer

• Watch Paris Has Fallen on Prime Video

Janet Planet (Max)

Whether its my favorite movie of the year in I Saw the TV Glow, or other iconic modern horrors like Hereditary or Midsommar., Max is home to many big A24 hits in the US. But, despite the fact they've made some of the best horror movies, A24 is certainly not limited to one genre. The production company is just as good at dramas – and Janet Planet is among them.

The directorial debut for Annie Baker, the filmmaker has already made quite an impression with this coming-of-age drama about an 11-year-old girl called Lacy and her relationship with her mother Janet. These two powerful lead performances make it worthy of a recommendation, and the slower pace does not take away from its quality. If anything, it elevates it. Don't be shocked if it winds up on our best Max movies list.

Lucy Buglass, senior entertainment writer

• Watch Janet Planet on Max

You Would Do It, Too (Apple TV Plus)

I've devoured many of the best Apple TV Plus shows by this point, but Apple's streamer continues to impress me with its unique, fresh offerings. Indeed, while I've never been more impatient for a series to return than Severance season 2, I increasingly find myself spending a lot of time watching other TV Originals on the platform.

The arrival of You Would Do It Too, a gripping new eight-part series that sees a bus hijacked by three robbers who end up dead before they can get away, prompting detectives and former lovers to try to uncover the truth behind the six witnesses' inconsistent timelines, may be next on my to-do list. Since they can't interrogate the robbers themselves, they have to rely entirely on eyewitness statements. So, what's the truth and will we ever find out? I can't wait to find out.

Lucy Buglass, senior entertainment writer

• Watch You Would Do It, Too on Apple TV Plus

For more streaming recommendations, read our guides on the best Disney Plus movies, best Hulu shows, best Paramount Plus movies, and best Max shows.

Warner Brothers is reportedly developing a Game of Thrones movie, with multiple sources telling The Hollywood Reporter that the company is keen to bring Westeros to the big screen – which could mean it won’t be a Max-first flick.

Now before we get too excited it’s worth noting the Game of Thrones movie is super early in development – so early in fact that reportedly no cast, writer, or filmmaker is yet attached to the project. So even if it does get greenlit we might not see it for some time.

It being at such an undeveloped stage means we also don’t know when it might be set. Both other follow-up Game of Thrones projects – the hit House of the Dragon, and the upcoming A Knight of the Seven Kingdoms – have been prequels. However, sequels have previously been bandied about – such as the seemingly scrapped John Snow show (via Vanity Fair).

If you recall there were originally plans to have multiple Game of Thrones movies, with the original showrunners David Benioff and Dan Weiss, as well as author George R.R. Martin, expressing interest in concluding the story with three feature films instead of a final season. However, HBO reportedly shot the idea down as it wanted to keep Game of Thrones as an HBO series.

This new movie discussion does follow Warner Bros.' modern approach of sharing its properties between the two mediums of film and TV. The Penguin, Dune: Prophecy, and the upcoming Harry Potter show have all brought film worlds to TV shows, so why couldn’t a TV world be transformed into a movie?

Do we need another prequel, or is it time to look forward? (Image credit: HBO) What we want from the Game of Thrones movie

As a series Game of Thrones was known for its sprawling character arcs, with episodes feeling almost like several minisodes carefully stitched together. The large cast of key characters gave the series an epic feel as each season featured multiple different warring factions creating conflict throughout Westeros – without any battle or betrayal feeling tired.

However, with season one alone having a length of around nine and a half hours it had the time to make space for the plethora of plot threads. A feature-length film at two, maybe three hours (at a push) would want to hone in on a smaller slice of Westeros.

That’s why a sequel movie feels like it makes the most sense. It could take the form of a more character-driven flick – perhaps focused on the adventures of John Snow, Arya Stark, or another of the main series’ protagonists post the happenings of season eight – as the more honed-in story would better suit the scope of a movie, and this is the kind of route we hope the movie takes.

Alternatively, Warner Bros. could show us how the more united Westeros (and the North) handle a new invading threat – giving us a massive battle on the big screen, without needing to split our time among too many factions. This approach could also play into a prequel movie that shows us the first conflict between the First Men and the White Walkers.

Do we need to see the Night King lose again? (Image credit: HBO)

However, neither of those sounds particularly appealing if you ask us. Westeros was interesting because of its in-fighting, and we’ve seen united armies face off against big on-screen threats before (from Warner Bros. itself with the likes of Lord of the Rings). Meanwhile, a look into that first White Walker conflict could feel equally uninspiring as many of the mysteries of how they defeated the undead were revealed in the main show – and ultimately we know the conflict won’t have a satisfying resolution because neither side can really ‘win’.

We'll have to wait and see what Warner Bros. announces in the coming months and years with respect to this project. House of the Dragon has done a lot of great work bringing back our love for the fantasy series that had previously ended on a low note, and we're excited to see what comes next.

You might also like

• Squid Game season 2's official trailer reveals a big plot twist that I can't wait for
• Sorry Prime Video subscribers, Universal’s animation and live-action movies will eventually stream on Netflix instead
• Don't Move is a nightmarish Netflix thriller movie, but it didn't leave me crippled with fright like I hoped it would

X has announced sizeable changes to the pricing structure of its API subscriptions, justifying the considerable jump by adding more functionality.

The monthly cost of the Basic API tier has now doubled, increasing from $100 per month to $200. In return, developers using APIs for various applications, like data analysis and engagement tools, can now process 15,000 posts, up from 10,000.

The company confirmed in an X post that new API endpoints, such as ‘reposts_of_me' and community searches, will also become available.

X Basic API tier costs rise

The Pro tier’s $5,000 monthly rate remains unchanged, but adjustments have been made to its usage caps to offer subscribers more value for money.

The social media platform has also introduced annual plans for both the Basic and Pro tiers, priced at $2,100 and $54,000, thus marking a 12.5% and 10% saving over monthly payments.

The company continues to offer a free tier, but the post limit has been reduced from 1,500 to 500 per month, with the read API capped at 100 requests, all in an effort to push customers to part with their money.

X shared on its developer community page: “Since our initial launch a year ago, the Self Serve X API has been used by developers to support a wide range of use-cases.”

Responses shared in the comments of the platform’s X post are mixed – while many sing the praises of the introduction of free experimental read access, others criticize the company for vastly overcharging for API access.

The changes form part of CEO Elon Musk’s efforts to monetize X and stamp out bots, which have historically plagued the site.

More from TechRadar Pro

• Check out our roundup of the best social media management tools
• Use the best email providers to interact with your customers
• X is apparently going on a security hiring spree at last

If you're like me, you've no doubt been impatiently waiting for the arrival of Welcome to Derry, Max's prequel series based on Stephen King's iconic (and mammoth) book, It. The book is so large that the most recent movie adaptation was split into two parts, and honestly, its lore is big enough to make it more than worthy of more adaptations.

Thankfully, we're getting just that, although we haven't been given a trailer so we'll have to wait a little longer. But there's plenty of great stuff coming to Max in November.

Despite the lack of trailers, Max has released some stills to tide us over. This gives us a little look inside Derry, which is thankfully fictional, so there's no chance of any of us actually ending up there – I hope not, anyway.

Take a look at the images below, fresh from one of the best streaming services.

Your worst dream come true... a first look at the HBO Original Series #ITWelcomeToDerry, coming to Max in 2025. pic.twitter.com/RU6Na83YbcOctober 31, 2024

What do we know about Welcome to Derry?

The creators are being fairly tight-lipped about plot details. According to a Max press release: "Set in the world of Stephen King’s It universe, It: Welcome to Derry is based on King’s It novel and expands the vision established by filmmaker Andy Muschietti in the feature films It and It Chapter Two.”

So it's a prequel series and will expand on the lore we already know, which is making me impatient for a trailer and more information. It's one of my favorite books and I hope that this adaptation will be worthy of a spot on our best Max shows list, but only time will tell.

If you need more horror in your life before then, check out our best horror movies list or our big Halloween Week feature, which has plenty of streaming recommendations across all genres, so there's something for everyone.

You might also like

• Max drops Dune: Prophecy's official trailer and proves that HBO is still the king of original TV shows
• The Last of Us season 2: HBO Max release date prediction, trailer, confirmed cast, plot details, and more news and rumors
• 5 action movies on Max with over 90% on Rotten Tomatoes

LiteSpeed Cache, an immensely popular WordPress plugin for site performance optimization, suffered from a vulnerability which allowed threat actors to gain admin status.

With such elevated privileges, they would be able to perform all sorts of malicious activities on the compromised websites.

According to researchers from Patchstack, the vulnerability was discovered in the is_role_simulation function, and it is relatively similar to a different vulnerability that was discovered last summer. The function apparently used a weak security hash check that could be broken with brute force, granting the attackers the ability to abuse the crawler feature and simulate a logged-in administrator.

Who is vulnerable?

There are a few factors that need to align before the vulnerability can be abused, though.

That includes having the crawler turned on, with run duration between 2500 and 4000, and the intervals between runs being set to 2500- 4000. Furthermore, Server Load Limit should be set to 9, Role Simulation to 1 (ID of user with admin role), and Turn every row to OFF except Administrator should be activated.

The vulnerability is now tracked as CVE-2024-50550, and has a severity score of 8.1 (high severity). It was already patched, with the version 6.5.2 of the plugin being the earliest clean one. LiteSpeed Cache is one of the most popular plugins of its kind, with more than six million active installations.

There is no talk of any evidence of in-the-wild abuse, so chances are cybercrooks have not picked up on the vulnerability in the past.

However, now that the patch is public, it’s only a matter of time before they start scanning for vulnerable websites. Currently, almost three-quarters (72.1%) of all LiteSpeed Cache websites are running the latest version, 6.5, with 6.7% running 6.4, and a notable 21.2% running “other” versions. Therefore, at least 27.6% of sites could be targeted, which is more than 1.6 million.

More from TechRadar Pro

• Another top WordPress plugin has a major security flaw — and millions of sites could be affected
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Google has revealed an experimental travel feature called Talking Tours
• It provides AI-generated commentary on over 50 locations
• You can try it out in the Google Arts & Culture app or website

Google made it pretty clear with its recent Google Maps upgrades that it wants to be your virtual tour guide – and a new Talking Tours experiment takes those ambitions to the next level.

Found in Google's Arts & Culture app for iOS and Android (you can also try it online), the Talking Tours feature gives you AI-generated commentary on big landmarks for 55 locations around the world.

But what makes it feel like a glimpse of the future of walking tours is the ability to let you look around a 360-degree panorama, take a snap, and then have the AI feed you information about what's in the scene.

Naturally, the audio guides are restricted to major tourist locations like the Taj Mahal, Machu Picchu, and the National Museum of Modern and Contemporary Art in Seoul. We tested it on one of London's three locations and it did a solid, if fairly basic, job of filling us in on the scene around the London Eye.

For this "first experimentation", Google says it worked with a "small selection of partners and cultural sites", with "more to be added in the future". But the use of AI-generated audio means it could potentially be scaled very quickly and become a handy free travel resource in the future – if Google doesn't send it to the Google Graveyard.

Just add AR glasses

(Image credit: Google)

Our early tests with Talking Tours show it currently isn't yet close to being a replacement for a real city walking tour guide – and likely won't ever match the human touch or anecdotes of an experienced pro.

But it is also a glimpse of the kind of free travel advice that isn't too far away. Combine a more advanced version of its AR-generated commentary with the smart glasses that the Google Play Store appears to be gearing up for and you could have a very useful, free city break assistant with knowledge of virtually anything you're looking at.

In our quick play, the Talking Tours' knowledge of the London Eye was fairly basic, but after we spun around to take a 'snap' (inside Street View) of the river, it recognized the boat and filled us in on the benefits of the city's riverboat cruises.

Google has previously dabbled with offering city guides in the likes of Google Lens and Google Earth, but the combination of computer vision and AI-generated commentary means the feature is potentially far more scalable – and Talking Tours could be our first taste of that future.

You might also like

• ChatGPT search is now live – and it could be the Google replacement you’ve been looking for
• There's no escaping smart TV ads, as Google TV adds them into its once ad-free 'apps-only' mode
• Struggling to find emails in Gmail? Google’s new filter could soon ease your headaches

21 years ago I wrote, "I Search Therefore I Google". It's something I could arguably still write today, along with the billions of others who start their day with a query dropped into the Google homepage or, more likely, their address bar where Google is casually seated. All that could change, though, and now, after using ChatGPT search, I wonder if a half decade from now, I'll write "I search therefore I ChatGPT".

OpenAI's ChatGPT has already had an incredible run as one of the first generative AI platforms everyone knows about, if not uses. The ambition to add search to the platform was well-known and, in some ways, seen as a smart way to bridge the gap between what often appeared to be canny answers and too-frequent hallucinations and misinformation.

With the indexed and current web as a foundation, ChatGPT is instantly smarter. The allure of a generative AI search engine is the conversational nature and the ability to maintain context without restating the initial query. Discovery is more of an interactive exploration.

When OpenAI announced its plans to introduce SearchGPT (what became ChatGPT search) I signed up for early access. As a result, even though I have a free ChatGPT account, I got access to ChatGPT 4o with integrated search. It's a pretty subtle integration; you access search by selecting the globe in the prompt box. Once you do that, you're in ChatGPT search until you turn it off.

For the TL;DR crowd, here's what I found:

• Fast
• No ads
• Accurate
• Clean looking
• Aware

With the exception of awareness, ChatGPT Search is all the things early Google was before it started monetizing our eyeballs.

Modern Google Search now carries so much water for all of Google's other products and services (and its voracious need for revenue) that it's unrecognizable from the search engine I loved in 2003.

Generative AI in the form of the ChatGPT 4o model is the not-so-secret sauce and is what makes this search seem almost aware and able to synthesize disparate information into cohesive text that makes sense. It's also how it keeps track of the conversation so that subsequent searches continue the discovery thread instead of forcing you to restate it.

Throughout my experience, I kept looking for any of ChatGPT's signature errors and hallucinations. After all, OpenAI still makes it clear with a label at the bottom of the page that "ChatGPT can make mistakes".

Perhaps we can attribute the accuracy to ChatGPT search not relying solely on its ability to guess at what word should come next (a key component of large language models (LLMs). It appears to craft the generative response based on the facts it finds on reputable websites.

A different kind of AI view

While Google is top-loading AI overviews that push down traditional results, ChatGPT is nothing but the overviews. Yet it somehow seems cleaner, more concise, and less like an uninvited search results guest.

I asked about the best products in categories like turntables and DSLRs. In each case, I got clear summaries with bullet lists. Under each of them was a citation (I often found information culled from TechRadar).

As with other searches, I could ask a follow-up without restating the initial question. In the case of DSLRs, I asked which is best for wildlife photography. I got a brief summary of what makes a good wildlife camera and then details on which ones are best, again all from reputable sources.

Image 1 of 2

(Image credit: Future)Image 2 of 2

(Image credit: Future)

I asked how much 45 pennies weigh and got a nice detailed answer that noted that the weight has changed over the years. Usually, the sources are inline, but in this case, I had to click the Sources button to see that it pulled the information from the US Mint and Wikipedia, among others. That button, by the way, usually shows a group of tiny brand icons to credit sources,

When I followed up with “Are any more valuable than others?” ChatGPT Search knew I was still talking about the pennies. For what it’s worth, 1,943 copper pennies are particularly valuable.

Then I asked Google the same question, AI overviews weren’t available and the first result was a link to Quora with a summary of what appeared to be guesses. I’m surprised the US Mint results didn’t appear above the virtual fold.

Image 1 of 4

(Image credit: Future)Image 2 of 4

(Image credit: Future)Image 3 of 4

(Image credit: Future)Image 4 of 4

(Image credit: Future)

When I asked ChatGPT for directions from Bryant Park to Dumbo Brooklyn, it used a source I’d never heard of (Rome2Rio), but it was accurate.

When I asked a follow-up, “Can I see a map?” it maintained context and showed me an MTA subway map. Later, I conducted the same search but this time followed with "Is there good food?"

Again, ChatGPT search knew I was still talking about Dumbo and returned almost a dozen options that I could pursue through a side-scrolling carousel. Vinegar Hill House with its cast-iron chicken looks yummy. In one funny turn, though, directions for each eatery link to – wait for it – Google Maps.

When I conducted the same Bryant Park to Brooklyn search on Google, it did a better job of integrating a big Google Map and also used Rome2Rio. Below that was one of Google's many search enhancements, the “People also ask” section. It's not something I asked for, though some might argue details about, for instance, which subway is closest to Bryant Park, could come in handy.

There really isn't a good way in Google to apply a follow-up question like, "Is there good food?" First, I had to delete the text already in my Google Search box and the results returned restaurants for my area and not Dumbo, Brooklyn.

Image 1 of 2

(Image credit: Future)Image 2 of 2

(Image credit: Future)

Unlike Google, ChatGPT search doesn't generate an entirely new page for my queries and instead maintains the thread. I can scroll back up to see where I've been, what I've been asking, and the answers ChatGPT search returned.

I'm not arguing that SearchGPT is the better search engine. It's way too early for that and I doubt OpenAI's knowledge graph is anywhere near as rich as Google's. Plus, Google integrates its myriad tools into search in ways not yet possible with ChatGPT. Even so, right now, ChatGPT search just feels better. But being better doesn’t mean ChatGPT search wins.

Google is a verb and ChatGPT is far from that. Sure, everyone is talking about it but consumers do not use it at anywhere near the level they do Google, which is essentially a homepage for many.

I’m sure that when I’m done experimenting with ChatGPT search, I’ll lapse right back into using Google, like a reflex. Unless, of course, I install the Chrome extension that could make ChatGPT my browser's new default search engine. Now that would be interesting and probably a significant concern for Team Google.

You might also like

• OpenAI launches ChatGPT Advanced Voice mode on desktop and now PCs and Macs can join the conversation
• 4 things you can do in the ChatGPT Windows app that it does better than Copilot
• 7 new (and improved) things you can do with ChatGPT-4o

A major Chinese botnet called Quad7 is being utilized to mount password spray attacks against organizations in the west, Microsoft experts have warned.

In a new report, the company's researchers say the group, called Storm-0940, then use the passwords to establish persistence, steal even more credentials, and ultimately engage in more disruptive cyberattacks.

The end goal of the campaign is, most likely, espionage, Microsoft believes , as targets include think tanks, government organizations, non-governmental organizations, law firms, defense industrial bases, and more.

Targeting SOHO routers

"In particular, Microsoft has observed the Chinese threat actor Storm-0940 using credentials from CovertNetwork-1658," the report states, adding that the group was being extra careful not to get spotted.

"In these campaigns, CovertNetwork-1658 submits a very small number of sign-in attempts to many accounts at a target organization," it was said. "In about 80 percent of cases, CovertNetwork-1658 makes only one sign-in attempt per account per day."

Still, as soon as there is a hit, Storm-0940 moves in to further compromise the target. In fact, Microsoft said that on some occasions, the infiltration was done the same day when the passwords were guessed. Storm-0940’s first move was to dump credentials, and install RATs and proxies, for persistence.

Quad7 is a fairly known botnet. In late September 2024, we reported the botnet adding new features and expanding the attack surface. It was first spotted by a researcher alias Gi7w0rm, and experts from Sekoia, when it was only observed targeting TP-Link routers. However, during the following weeks, Quad7 (which was named so for targeting port 7777), expanded to ASUS routers, and now has been observed on Zyxel VPN endpoints, Ruckus wireless routers, and Axentra media servers.

The attackers built custom malware to compromise these endpoints, targeting different clusters. Each cluster is a variant of *login, with Ruckus, for example, having the ‘rlogin’ cluster. Other clusters include xlogin, alogin, axlogin, and zylogin. Some clusters are relatively large, counting thousands of assimilated devices. Others are smaller, counting as little as two infections.

More from TechRadar Pro

• North Korean hackers linked to Play ransomware attacks
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

In a recent Reddit AMA (ask me anything), OpenAI CEO Sam Altman, along with some other top OpenAI executives, dropped a number of hints about the company’s future, and what to expect from ChatGPT next year.

Firstly, when asked if there would be a ChatGPT-5 Altman doubled down on his “fake news” response on X recently to an article talking of its imminent release: “We have some very good releases coming later this year! Nothing that we are going to call GPT-5, though”, he replied. The phrasing “this year” does indicate that a new LLM could be released by OpenAI very soon though.

Agents are coming

It's been a busy week for OpenAI, with the release of Advanced Voice mode on the desktop app versions of ChatGPT and a new ChatGPT search, which even challenges Google. When asked about the value of the recently released ChatGPT search compared to traditional search engines, like Google, Altman was enthusiastic: “For many queries, I find it to be a way faster/easier way to get the information I'm looking for. I think we'll see this especially for queries that require more complex research. I also look forward to a future where a search query can dynamically render a custom web page in response!”

When asked about the next update to Dall-E 3, the image generator that’s part of ChatGPT, Altman was non committal: “The next update will be worth the wait! But we don't have a release plan yet." So it doesn’t look like much will be happening on the image generation front for a while.

ChatGPT search is the latest addition to ChatGPT. (Image credit: OpenAI) Real intelligence

One area where ChatGPT is being challenged by its rivals is in AI that can perform tasks autonomously. We’ve seen Google make inroads into this area with its Jarvis AI. When asked if ChatGPT will be able to perform tasks on its own, Altman replied “IMHO this is going to be a big theme in 2025”, which indicates the direction OpenAI will be taking next year.

Referring again to autonomous AI, when asked what the next big breakthrough for ChatGPT would be, Altman replied: “We will have better and better models, but i think the thing that will feel like the next giant breakthrough will be agents”. Agents are autonomous AI bots that can perform tasks for you.

Perhaps the most interesting comment from Altman was about the future of AGI - artificial general intelligence. Seen by many as the ‘real’ AI, this is an artificial intelligence model that could rival or even exceed human intelligence. Altman has previously declared that we could have AGI within "a few thousand days".

When asked by a Reddit user whether AGI is achievable with known hardware or it will take something entirely different, Altman replied: “We believe it is achievable with current hardware.”

You might also like...

• OpenAI edges closer to making its first AI chip in bid to power your favorite new apps
• ChatGPT integration and image generation are finally here in the iOS 18.2 developer beta
• ChatGPT search is now live – and it could be the Google replacement you’ve been looking for