TechRadar News

• Security researchers are warning about "hidden text salting" in emails
• Hackers can hide parts of the text to confuse email scanners
• The hidden text helps the email pass the scans and land in the inbox

Hackers are increasingly using “hidden text salting”, or “poisoning” techniques, to work around email security measures and get phishing messages to land in people’s inboxes.

A new in-depth guide published by cybersecurity researchers from Cisco Talos outlines how cybercriminals are abusing HTML and CSS properties in email messages, setting the width of some elements to 0, and using the “display: hidden” feature to hide some content from the victims. They are also inserting zero-width space (ZWSP) and zero-width non-joiner (ZWNJ) characters, and ultimately hiding the true email content, by embedding irrelevant language.

As a result, email security solutions, spam filters, and brand name extractors get confused, and the emails that would otherwise end up in the spam folder, make it directly to the inbox.

Advanced filtering

In its writeup, Cisco Talos has given multiple examples, including one in which attackers hid French words in the email’s body. This confused Microsoft’s Exchange Online Protection (EOP) spam filter which ultimately let the message pass.

In another example, Cisco Talos said threat actors were using CSS properties and ZWSP characters to hide email content, successfully mimicking Wells Fargo, and Norton LifeLock.

To tackle this strategy, the researchers suggested IT teams adopt advanced filtering techniques that scan the structure of HTML emails, rather than just their contents. An email security solution could, thus, look for extreme use of inline styles or CSS properties such as “visibility: hidden”. Deploying AI-powered defenses is also recommended.

Email remains one of the top attack vectors, due to its simplicity, omnipresence, and low cost for a large-scale operation. It also owes its popularity to the fact that it attacks the email security chain on its weakest link - the human.

You might also like

• 7 myths about email security everyone should stop believing
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

• Philips H8000E are new noise-canceling headphones
• 40mm graphene drivers, hi-res audio, and Bluetooth Auracast
• "Easily replaceable" batteries for sustainability

Philips has announced its new competitor in the world of the best noise-canceling headphones, the Philips H8000E. They're over-ear headphones with ANC, customization options via the Philips Headphones apps, Bluetooth LE Audio and the next-gen LC3 codec, Bluetooth Auracast, 50 hours of battery life with the ANC on (70 with it off), and even replaceable batteries for repairability.

That's a lot of stuff, but there's one thing notably missing so far: the price. Philips has described these headphones as "mid-range", but that could mean anything from under $150 to under $250 depending on your particular view.

They're due to launch in September 2025 in the US, UK, and Europe, which means they're going to have an interesting time likely competing with the Sony WH-1000XM6 that are expected to launch in the summer – and also a lowered price for the existing Sony WH-1000XM5.

So it's good that they've got a few advantages over Sony currently, with the biggest probably being the 50-hour battery life – Sony's headphones manage 30 hours with the ANC on.

There's also the future-proof support for the LC3 codec, which is capable of higher-res audio and better quality sound generally while using less power, which still isn't totally common among premium headphones.

And like Sony's headphones, they support the LDAC higher-res Bluetooth codec.

There are five levels of noise cancellation power selectable through the app, and the promise that 'AI microphones' will aid call quality.

There's a folding design that's good for travel, and they're lightweight. Philips says that they have some sustainability goals in mind too, featuring recycled plastic in the construction, and "easily replaceable integral batteries and detachable ear pads" with the aim that you can use them for years and years (though let's hope that the batteries are easier to replace than the last headphones that iFixit tried to repair).

With eight months to go until they're due to be released, let's hope that Philips really has future-proofed the sound quality, features, and planned price of these cans, because a lot may have changed in the world of the best headphones by then. I wouldn't be surprised to see new models before then not only from Sony but also Sennheiser.

You might also like

• These retro headphones and speaker designs really bring the ’80s cool – AIAIAI and design agency Brain Dead went old-school for this one
• Apple's banking on camera-equipped AirPods to trounce Meta smart glasses, but I'm not sure it's enough
• Size does matter: how one reader’s email left me obsessed with headphone arm length (and sent me on a quest to find a model for larger heads)

• Unofficial AMD Radeon drivers reveal FSR 4 DLL file
• The file suggests RDNA 4 GPUs will have access to FP8 WMMA, which may be a prerequisite for FSR 4
• Games that already have FSR 3.1 will have FSR 4 implemented instantly

While AMD has already confirmed that the new FSR 4 (FidelityFX Super Resolution) upscaling method will be exclusive to RDNA 4 GPUs, some gamers were holding out hope that older GPUs could one day benefit from its addition - but a recent revelation may have shut that possibility down entirely.

As reported by VideoCardz, an FSR 4 DLL file was spotted in unofficial Radeon drivers.

According to Osvaldo Pinali Doederlein on X, FSR 4 uses a machine learning algorithm with an 8-point floating-point implementation - and reports are also suggesting that RDNA 4 GPUs will use FP8 WMMA (Wave Matrix Multiply Accumulate that helps to accelerate AI applications), which is what is supposedly required for FSR 4 to function.

With this in mind, it would mean older GPUs won't be able to take advantage of FSR 4, as RDNA 3 GPUs (like the RX 7900 series) reportedly won't receive the full optimization of FP8 WMMA, while older RDNA 2 GPUs won't receive any FP8 support at all.

Since rival Nvidia's DLSS 4 upscaling tech will be available for all RTX GPU users, this could easily lose Team Red some fans.

(Image credit: Joseph GTK / Shutterstock) What does this mean for RDNA 3.5 handheld gaming PCs?

It remains to be seen whether RDNA 3 GPUs will be able to make the cut for AMD's new FSR 4, so I fear for what this may mean for handheld gaming PCs. Upcoming devices like the Lenovo Legion Go 2 will be using the Ryzen Z2 Extreme APUs, which are likely built-in RDNA 3.5 architecture.

If it wasn't clear enough already, upscaling will be an important feature for games going forward, especially graphically-intensive ones. If new handhelds can't take advantage of what Team Red's new frame generation will have to offer in terms of performance enhancements, then the ability of these handhelds to be able to play the latest AAA games will be compromised.

Games that already have FSR 3.1 support will instantly have FSR 4 implemented once it becomes available - so it begs the question of whether this could mean older GPUs could still use FSR 4 super-resolution, but lose out on potential improved frame generation tech, similar to Nvidia's DLSS 3 and 4 with RTX 3000 and 2000 series GPUs. Hopefully, older AMD GPUs can get something out of this...

You may also like...

• AMD exec hints that discrete RDNA 4 GPUs won’t be in gaming laptops anytime soon, leaving Nvidia’s RTX 5000 cards unchallenged
• AMD looks set to compete with Nvidia in the laptop GPU space - Team Red claims Ryzen AI Max 395+'s iGPU outperforms RTX 4070 laptop GPU
• Sorry, AMD, Nvidia's price tags for its RTX 5000 GPUs could win me over

• Security researcher finds related attacks and dubbed them Clone2Leak
• This allowed threat actors to leak credentials through Git's credential helper
• Patches are already available, so update now

A number of flaws was recently found in distributed version control system Git’s credential helper which allowed malicious actors to exfiltrate login credentials from different projects. It was responsibly disclosed to the developers and shut down.

Git's credential helper is a feature that securely manages credentials (usernames and passwords, or personal access tokens) required to authenticate with remote repositories. It simplifies authentication by caching or storing credentials so users don't need to repeatedly enter them for every Git operation.

Recently, a cybersecurity researcher from the Japanese GMO Flatt Security outfit, alias RyotaK, found three separate, but related attacks, and dubbed them “Clone2Leak.” He explained that the flaws revolve around the improper handling of authentication messages sent to the credential helper. As a result, Git could end up sharing stored credentials to a malicious server.

Multiple flaws

GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager, were said to be vulnerable.

Clone2Leak comprises these three flaws: CVE-2025-23040, CVE-2024-50338, and CVE-2024-53263. The first two are described as “carriage return smuggling” flaws affecting GitHub Desktop and Git Credential Manager, while the third one is described as “newline injection” in Git LFS. The researcher also discovered a logic flaw in credential retrieval, tracked as CVE-2024-53858, affecting CitHub CLI and GitHub Codespaces.

Users are now urged to migrate to the safe releases to mitigate the risk of potential credential leakage.

All of the above-mentioned bugs have since been addressed, and users are now urged to update their tools, audit credential configurations, and be extra careful when cloning repositories. That being said, the versions they should go for include GitHub Desktop 3.4.12, Git Credential Manager 2.6.1, Git LFS 3.6.1, and gh cli 2.63.0.

Users should also enable Git’s ‘credential.protectProtocol’, it was said.

Via BleepingComputer

You might also like

• Apple forced to patch iOS and macOS security flaw that could have leaked your private info
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

• WWE 2K25 is coming to PC and console on March 7
• The world-famous wrestler Roman Reigns will be the headlining cover star
• The next WWE 2K entry will feature new modes, match types, and over 300 wrestlers

WWE 2K25 has been officially revealed with world-renowned wrestler Roman Reigns announced as its cover star.

The next entry in the WWE 2K franchise will have three editions at launch, including a Standard Edition, which will arrive on March 14 for PS4, PS5, Xbox One, Xbox Series X, Xbox Series S, and PC.

For those looking to play early, they can purchase the WWE 2K25 Deadman Edition or The Bloodline Edition which will be released on March 7.

New features will be introduced in WWE 2K25 including the 2K Showcase: The Bloodline's Dynasty mode, "an interactive celebration of the legacy of the extended Anoa’i wrestling family", as well as new match types like Underground Match, Bloodline Rules Matcher, and Intergender matchups, the return of Chain Wrestling, a new MyRISE experience, and more.

The game will also feature The Island, allowing players to explore and challenge others while also completing quests, challenges, and live events. However, this will only be available on PS5, Xbox Series X, and Xbox Series S.

WWE 2K25 also boasts "the largest ever WWE 2K roster" of more than 300 Superstars, Legends, and Hall of Fame wrestlers, including some of the most iconic faces, like John Cena, Rhea Ripley, The Rock, “Rowdy” Roddy Piper, CM Punk, “Stone Cold” Steve Austin, Jade Cargill, Diamond Dallas Page, Booker T, Ultimate Warrior, Trish Stratus, and more.

Roman Reigns, aka "The Original Tribal Chief", will be featured on the Standard Edition cover, as well as the Bloodline Edition alongside other famous wrestlers, while the Deadman Edition will headline The Undertaker to celebrate his 35th anniversary in the WWE.

"I am personally and professionally excited that the Original and Only Tribal Chief and the extended Anoa’i family are the focus of WWE 2K25," said Roman Reigns.

"We’ve been building toward this moment for generations and I challenge players everywhere to show me and my Wiseman, Paul Heyman, what they’ve got, and prove they’re worthy of the attention of their Tribal Chief."

Greg Thomas, president of developer Visual Concepts added, "WWE 2K25 expands on our winning formula in nearly every aspect of the player experience. Our new approach to 2K Showcase and MyRISE storylines really tap into the creativity of the development team, and we're excited to see our community enjoy these updated features."

You might also like...

• Best PS5 games 2025
• Leaked listing suggests the Nintendo Switch 2 could cost less than $400, but I don't believe it
• Have you been chosen? Nintendo Switch 2 Experience invites are being sent out now

• Your Friendly Neighborhood Spider-Man's producers have revealed why its release was delayed
• The Marvel show's launch wasn't impacted by the pandemic or 2023 Hollywood strikes
• Work was completed in mid-2024, so we've had to wait seven months for it

Two of Your Friendly Neighborhood Spider-Man's (YFNSM) producers have explained why it wasn't released sooner than it should've been.

Brad Winderbaum and Jeff Trammell, the latter of whom is also YFNSM's showrunner and head writer, told TechRadar that there were two big reasons for the show's delayed launch. Strangely, it had nothing to do with the pandemic or the 2023 Hollywood strikes, even though the latter was the chief cause for multiple Marvel movie delays and a much quieter 2024 for Marvel Studios on the Disney Plus front.

So, considering Winderbaum – Marvel's head of TV, streaming, and animation – told me that the Marvel Phase 5 show was "completed last summer" (that'll be mid-2024, for anyone wondering), what was the hold up? As it happens, adding some final polish to the overall series and, even more curiously, issues from a distribution perspective.

YFNSM is finally set to arrive on Disney Plus tomorrow (January 29) (Image credit: Marvel Animation/Disney Plus)

"We announced it pretty quickly after we greenlit its development," Winderbaum told me about Spider-Man's latest animated adventure. "We started showing fans some of the art at Comic-Con [in July 2021], so we were working on it right around then.

"The development timeline was around three years and we actually completed it last summer," he added. "So, we've been waiting with bated breath for the world to see it. The only real delay was on the distribution side. You know, release schedules and subject to a lot of different forces in the world, so they're liable to shift and change."

It wasn't just the scheduling patterns that deviated from their original target. YFNSM was initially designed to be a show that was canon in the Marvel Cinematic Universe (MCU), one that would've acted as a prequel to the Tom Holland-starring Spider-Man movies that are also set in Marvel's cinematic juggernaut. However, as Winderbaum explained on a December 2024 edition of the Phase Hero Podcast, the comic book giant pivoted away from that plan when, as Windderbaum put it, "we would've had to put so many limiters on our story to get it to lock into canon".

Paid intern by day, Spider-Man also by day.Stream Marvel Animation's all-new series #YourFriendlyNeighborhoodSpiderMan Wednesday on @DisneyPlus. pic.twitter.com/gArYz2nXQPJanuary 27, 2025

Even with its semi-creative overhaul, YFNSM was ready to make its debut on one of the world's best streaming services seven months ago. Given the dearth of Marvel content last year, it would've made sense to release it on Disney's primary streamer in 2024, then. Regardless, Trammell isn't complaining about the additional development time that was afforded to the show's crew.

"It took the time that it took," he told me with a smile. "There were certain parts of it where we thought 'we can push this even further and make it better', and we were allowed the time to do that by Marvel, which was great.

"Everyone wants to deliver the best version possible," Trammell continued, "And I think we were able to do that because Marvel was so supportive, and gave us more time to iron things out or work on something that wasn't at the required level. It's great to have the chance to do that because I've worked on other shows where that wasn't the case and we were forced to hit specific deadlines. Marvel knew this was an important series, so they wanted us to get it right."

Depending on who you ask, YFNSM could've used more time to make it as good as possible. Indeed, Trammell has already had to defend its animation style after some fans criticised how it looked, so some people may not agree with his sentiments. Anyway, you can see what I thought of YFNSM and whether it deserves a spot in our best Disney Plus shows guide, when my review goes live tomorrow (January 29).

You might also like

• 'There's a lot of content coming out': Your Friendly Neighborhood Spider-Man producer explains why the Marvel TV show has such a 'unique' release schedule
• Find out how to watch the Spider-Man movies in order
• Or get the lowdown on what we know so far about Spider-Man 4

DeepSeek has turned the AI world upside down this week with a new chatbot that's shot to the top of global app stores – and rocked giants like OpenAI's ChatGPT.

The reason why DeepSeek is such big news is because it's free, open source and appears to show it's possible to create chatbots that can compete with models like ChatGPT's o1 for a fraction of the cost.

It's a story that continues to develop by the minute too, as rivals like OpenAI and Nvidia publicly comment on the emergence of China's new AI disruptor, while the Australian government raises privacy concerns about DeepSeek.

Confused about DeepSeek and want the latest news on the biggest AI story of 2025 so far? We're covering all of the latest news here live below...

The latest DeepSeek news

• OpenAI's Sam Altman calls DeepSeek 'impressive' but promises to launch 'much better models' soon
• Don't get too attached to DeepSeek – it'll never survive in the US
• DeepSeek forced to pause new signups following large scale cyberattack
• DeepSeek has already dethroned ChatGPT – is it coming for Midjourney and DALL-E next?

A quick DeepSeek refresher

(Image credit: Getty Images)

A bit confused about DeepSeek? Here's a quick primer. The free AI chatbot was actually released on January 20, but has exploded in popularity over the past few days as tech fans realized its significance. As the venture capitalist Marc Andreessen noted on X (formerly Twitter), "Deepseek R1 is AI's Sputnik moment".

The app is currently top of the free charts on Apple's App Store and Play Store in the US and many other countries, despite being made in China – which was the subject of a trade ban on advanced chips from the likes of Nvidia.

Ironically, it's those trade restrictions that appear to have sparked the ingenuity behind of DeepSeek, which was created using a tiny amount of the enormous compute power that's behind today's major AI models.

Benchmark tests show that it can perform tasks like answering questions and generating code as well as the current top AI models around. However, you may have trouble creating a DeepSeek account – it was forced to pause sign-ups following a major cyber-attack.

OpenAI's Sam Altman responds

(Image credit: Shutterstock/photosince)

OpenAI's Sam Altman has now publicly commented on DeepSeek for the first time, stating on X (formerly Twitter) that the AI model is "impressive" – and I can't help but hear that in the voice of Patrick Bateman in the American Psycho business card scene.

But he was also typically bullish about OpenAI's response, stating that "we will obviously deliver much better models" and that it's "legit invigorating to have a new competitor". Altman also doesn't think the news changes the picture in terms of chips, stating that "more compute is more important now than ever before to succeed at our mission".

The markets don't seem to agree, with the chip-making giant Nvidia suffering the biggest one-day market value dive in US history yesterday.

Will the DeepSeek hype last?

(Image credit: DeepSeek)

TechRadar's Editor-at-Large Lance Ulanoff has written a fine takedown of the DeepSeek hype – questioning whether the chatbot, which isn't yet multi-modal, is worthy of the column inches it's getting and (quite reasonably) suggesting that it's unlikely to last in the US, given TikTok's recent woes.

Commenting on the share price drops of Nvidia and others he notes "with almost no information or real proof that DeepSeek and its investors are being transparent and truthful, investors have started pulling their AI dollars from the US stock market."

Even if we do accept that DeepSeek is a breakthrough, there are understandable question marks about its longevity in the US. As Lance Ulanoff states "it doesn't matter how good it is; this app will not survive in the current US climate".

• Read more: Don't get too attached to DeepSeek – it'll never survive in the US

Is DeepSeek safe to use?

(Image credit: Future)

We've done our own in-depth comparison of how DeepSeek compares to ChatGPT, but since then some privacy alarm bells have been sounded about the app.

As noted by the BBC, Australia's science minister, Ed Husic, told ABC News earlier today there are lots of unanswered questions around "data and privacy management" with DeepSeek. "I would be very careful about that, these type of issues need to be weighed up carefully," he cautioned.

DeepSeek's privacy policy is quite open that "we store the information we collect in secure servers located in the People's Republic of China". That information includes your email address, phone number, date of birth and chat histories.

None of this is much different from the privacy policies of ChatGPT or Gemini, but the harvesting of that information in China – and the fact that it's combined with "actions you have taken outside the service" from advertisers – is bound to keep those alarm ring bells ringing louder in the coming days.

Who actually owns DeepSeek AI?

(Image credit: DeepSeek / Future)

DeepSeek was founded in mid-2023 by the Chinese hedge fund manager Liang Wenfeng, who is the company's CEO. Liang founded High-Flyer, a hedge fund that uses AI to create trading strategies, back in 2015 – then according to a Washington Post profile, used that experience to develop large language models with his new DeepSeek company.

How close are DeepSeek's links to the Chinese government? Inevitably, the AI app's newfound success has garnered a lot of new attention, but it apparently hasn't always been considered an AI star inside China.

According to Matt Sheehan (an expert on China’s AI industry quoted in the Washington Post's profile), DeepSeek was "not the ‘chosen one’ of Chinese AI start-ups" and that it "took the world by surprise, and I think to a large extent, they took the Chinese government by surprise".

But DeepSeek is now far from an unknown – and it'll be interesting to see if or how it distances itself from the Chinese government in order to allay those growing privacy fears.

Nvidia calls DeepSeek an 'excellent AI advancement'

Beyond OpenAI's Sam Altman sharing his thoughts about DeepSeek AI and promising much more from ChatGPT, Nvidia has also publicly commented, calling DeepSeek an "excellent AI advancement."

The response came after yesterday's record-breaking $600 billion share price drop, the largest drop the shares have ever seen and largely a result of DeepSeek's performance and the cost of the AI model. Beyond being impressed by R1, it's clear that Nvidia wants to remain a key part of the narrative.

The complete written statement reads, “DeepSeek is an excellent AI advancement and a perfect example of Test Time Scaling. DeepSeek’s work illustrates how new models can be created using that technique, leveraging widely-available models and compute that is fully export control compliant. Inference requires significant numbers of NVIDIA GPUs and high-performance networking. We now have three scaling laws: pre-training and post-training, which continue, and new test-time scaling.”

• A Steam Deck user had an issue with the gaming handheld's bulk
• So he created the 'Steam Brick,' a stripped-down version
• He successfully created a portable one-third the size of the original

The Steam Deck has taken the gaming handheld market by storm since its initial launch, enabling users to play the best PC games in a much smaller and more portable form factor. However, one person decided that his OLED Steam Deck wasn’t portable enough, and decided to take matters into his own hands.

User crastinator-pro’s disclaimer on the GitHub page reads “I am not a smart man,” after he describes his thought process behind the massive modification process, which involved stripping down the portable’s screen and controller. According to the post, he only found himself using the Deck with either AR Glasses or a TV and, more often than not, leaving it at home due to it being too bulky for his taste.

Crastinator-pro started by testing if the Steam Deck would still boot if he disconnected everything but the fan from the motherboard. He found that it would, writing that it “will boot output display over USB and accept peripherals via an external dock.” After more tearing down, he then made a basic case to house the brick-like ‘console.’ The biggest obstacle here was ensuring that the case wouldn’t melt from any heat generated by gaming sessions.

(Image credit: Valve / crastinator-pro)

The final result is truly a marvel of engineering. The ‘brick’ is roughly one-third the size of the Steam Deck, four times smaller than its OEM case, and 24% lighter. The ‘brick’s’ dimensions are 7.6 x 4.9 x 0.8 inches / 193.5 x 126.5 x 21mm, and it weighs 16.7oz / 474g, compared with the original OLED Steam Deck’s 4.6 x 11.7 x 1.9 inches and a weight of 1.41lbs.

That’s a significant difference, but there are a couple of downsides to this build. The first one is that “accessing the BIOS by holding down the + button while powered up is impossible, as that button isn’t included in the build.” The second is that it’s difficult to determine whether the modified system is turned on since the indicator light doesn’t illuminate.

What makes the Steam Deck so special?

The Steam Deck is a fascinating machine — not only does it offer comparable PC gaming functionality without the bulk of either a desktop or laptop, but you can also endlessly modify the machine to suit your software or hardware needs. Projects like the ‘Steam Brick’ truly show just how well-built and flexible this portable is.

Simply using the handheld as intended can be a changing experience for gamers. As TechRadar’s Roland Moore-Colyer puts it, the freedom of being able to play the best Steam Deck games without being tethered to a dedicated PC is incredible. Even better is not having to worry about carrying a heavy gaming laptop when traveling, something only console gamers have been able to experience.

You can also choose from the best Steam Deck alternatives, each of which offers unique features and selling points – the Lenovo Legion Go for example, has a joystick that replaces the function of a mouse for shooters.

• The Steam Deck keeps winning me over – here’s why it’s my most-played console of 2024
• Steam Deck OLED vs Steam Deck: comparing design, specs, performance, and more
• The best Steam Deck alternatives in 2025: top picks to play on the go

In the evolving cyber arms race, bad actors have turned to sophisticated tools like Rockstar 2FA, a phishing-as-a-service kit capable of bypassing multi-factor authentication (MFA) on widely trusted platforms such as Microsoft 365 and Google Workspace. This attack method resets the cybersecurity landscape, exposing pre-MFA vulnerabilities and proving that even advanced authentication methods are no longer a silver bullet for security. As cyber threats evolve at an unprecedented pace, businesses find themselves at a crossroads in balancing technological innovation with holistic identity security strategies. The question organizations must now ask is no longer whether MFA should be in place but whether it is enough, properly configured, monitored effectively, and a part of a broader defense strategy.

As 2025 nears, the proliferation of AI-embedded SaaS applications amplifies the challenges of managing human and non-human identities, driving a surge in identity-driven breaches. To navigate this evolving landscape, businesses need to rethink their approach to identity and access management (IAM), and extend their approach beyond MFA to include centralized monitoring, anomaly detection, and real-time remediation.

The problem with MFA in 2025

MFA undoubtedly raises the bar for some attackers, yet organizations often mistake its implementation for complete, set-it-and-forget-it security. It reduces the probability of an attack, but think a few steps down the line and it becomes clear that MFA does little to stop breaches if not configured properly or if monitoring and detection mechanisms are inadequate.

For years, MFA has been heralded as the best defense against phishing. However, its growing adoption has motivated attackers to find new ways to exploit its weaknesses. One key vulnerability lies in session token abuse. Once a user grants second-factor access in a browser session, the resulting session tokens — captured via phishing attacks — can be reused to bypass MFA entirely. Even the most junior cybercriminals exploit these tokens to mimic legitimate user activity, rendering MFA protections useless after an initial breach.

Failing to address these gaps has significant implications, from operational disruption to potential regulatory fines and reputational damage. The bottom line is that today’s threat actors don’t need widespread success; they only need one vulnerable entry point to compromise entire systems.

What’s worse, phishing-as-a-service kits like the previously mentioned Rockstar 2FA make this process seamless. Attackers leverage automation and brute force to identify users who can be tricked and have their credentials or session tokens stolen. The result? Undetectable campaigns that sidestep MFA without triggering alarms.

Identity-based threats beyond MFA

While identity-based attacks affect every industry, cybercriminals gravitate toward targets that promise the highest returns — financial services organizations, legal departments, and C-suite executives. These roles often have elevated privileges and access to critical data, making them ideal targets for phishing campaigns.

Compounding the issue, the rapid adoption of SaaS and AI has introduced a critical yet overlooked vulnerability: non-human identities. Unlike human users, these machine-based identities — service accounts, OAuth tokens, and third-party integrations — cannot perform MFA. They rely instead on static authentication methods, such as API tokens or embedded credentials, which are significantly less secure. This vulnerability was starkly highlighted in a recent browser extension attack campaign where attackers used consent phishing to bypass MFA protections. By tricking victims into authorizing a malicious OAuth application through legitimate Google authentication flows, the attackers gained access without triggering MFA prompts, exploiting the static nature of machine-based authentication.

Consider the number of apps integrated into a single employee’s account — Calendly linked to Microsoft 365, Slack connected to Salesforce, and AI tools with access to sensitive business data. These machine identities often carry privileges equivalent to human users, but their proliferation makes them difficult to monitor and control. We’ve found the ratio of non-human identities to human ones at almost 10-to-1. Each integration introduces another point of exposure, and poor oversight creates easy openings for intelligent attackers. Organizations must trust that AI vendors secure their tokens effectively, but this trust is often misplaced. Attackers frequently target these third-party tokens to bypass MFA protections, exploiting the trust users place in vendors. Breaches at vendor systems have repeatedly enabled attackers to compromise tokens, using them as entry points to infiltrate customers’ systems and access sensitive data.

Decentralized administration: a hidden weakness

Decentralized administration poses yet another risk, especially within organizations using dozens of SaaS applications.

With disparate platforms under a company’s corporate umbrella — like Salesforce managed by sales teams, Workday by HR, HubSpot managed by the marketing team, and GitHub by developers — security often becomes an afterthought. Admins, focused on immediate business needs, may disable security configurations temporarily to resolve workflow bottlenecks. These short-term fixes can lead to long-term security risks, such as misconfigured MFA or excessive privileges, which attackers eagerly exploit.

The challenge lies in scale. Each SaaS platform defines MFA and security controls differently, requiring deep expertise to manage configurations effectively. Without centralized oversight, organizations lose visibility into their security posture, creating opportunities for breaches.

Actionable steps to bolster defenses

Looking ahead, the battle against phishing and identity-based threats will require a multi-layered approach to security:

Adopt stronger MFA solutions: Organizations must move beyond phone-based 2FA to advanced methods like biometrics or hardware-based security keys, which are far more resistant to phishing.

Centralize identity management: Consolidate administration under a single framework to enforce consistent security configurations and policies across SaaS applications, reducing misconfigurations and unauthorized access.

Enhance visibility and monitoring: Implement tools that provide continuous visibility into both human and machine identities, detecting anomalies in real time. Continuously audit configurations to detect drift from secure states.

Prioritize training and awareness: Educate employees and administrators to recognize phishing attempts and avoid risky configurations. rain business teams to prioritize security and avoid temporary “workarounds” that compromise long-term defenses.

The adoption of AI and SaaS is inevitable, but so are the threats they introduce. To stay ahead, businesses must recognize that MFA alone is insufficient. By combining advanced authentication, centralized monitoring, and proactive policies, organizations can defend against the phishing arms race of 2025. MFA may no longer be the silver bullet, but with the right defenses, it can be a key component of a more holistic identity strategy.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Microsoft has confirmed a bug is taking out audio on some PCs
• It’s affecting all versions of Windows 11, and also Windows 10, mainly hitting those who use a DAC with their PC setup
• A fix is in the pipeline, we’re told

Microsoft has confirmed that Windows 11 has an audio bug (that we reported on yesterday), a glitch which can take out the PC’s sound completely, and it’s now clear that this affects multiple Windows versions.

That means not just those on Windows 11 24H2 (an update that’s still rolling out), but people running 23H2 and 22H2, and also Windows 10, making this an unusually widespread bug to say the least.

This problem was first noticed by Windows Latest and is lurking within the January 2025 cumulative updates for these OS versions.

The tech site ran into the issue after they installed the January update for Windows 11 (24H2), whereupon the audio on their PC immediately stopped working.

Apparently, this bug mainly affects those with use an audio DAC (digital-to-analog converter) hooked up via USB, but it can happen to any unlucky Windows 11 (or 10) user who grabs the latest patch.

As Windows Latest spotted, Microsoft has confirmed the issue, stating that: “After installing this security update, you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver-based DAC in your audio setup.”

Sadly, there isn’t a fix, and the only way to avoid your audio being torpedoed is to remove the external DAC (assuming you’re using one, and this is what’s causing the problem). In other words, just plug the audio device directly into your PC, instead of via the DAC.

Microsoft further notes: “We are working on a resolution and will provide an update in an upcoming release.”

(Image credit: Marjan Apostolovic / Shutterstock) Analysis: An update oddity indeed

This is an odd one for a couple of reasons. Firstly, it’s unusual to see a bug disrupting every available version of Windows 11, and Windows 10 as well – that represents an alarming across-the-board clattering of dominoes.

Secondly, the January update doesn’t bring anything in the way of new features (to any of these OS versions). It’s a very straightforward patch applying security fixes, and that’s all. So, it really shouldn’t be causing any issues, but clearly, it is.

Why? Well, your guess is as good as mine, but if you want to hear my stab-in-the-dark, it’s that someone has been tweaking something deep inside of Windows as part of those security measures. Why do I say that? Given that the bug is present across all versions, going back to Windows 10, it surely must have been an old, core part of the operating system codebase that was tweaked (and broke something).

Whatever the case, this is yet another hassle for Windows 11 users, particularly those on 24H2, some of who’ve been experiencing a very hard time of it lately, with a seemingly relentless stream of bugs crawling in the general direction of those users. Most recently, that includes another audio bug, and a whole bunch of nastiness that has been visited on PC gamers in one form or another.

Are some of those 24H2 users getting very fed up? I’d say that’s likely, particularly the gamers, but hopefully the teething troubles caused by what I presume is the under-the-hood transition to the Germanium platform (introduced with 24H2, and a key element for Copilot+ PCs) will soon start to settle down.

In the case of this audio bug, though, clearly it has nothing to do with Germanium seeing its widespread presence outside of 24H2. With any luck, the promised fix from Microsoft won’t take long.

You may also like...

• How to prepare for Windows 10 End of Life
• If Microsoft's Windows 11 24H2 issues continue like this, I'll fully convert to SteamOS for gaming
• Windows 11 remains an unloved OS – but why won't people upgrade?

• Google’s Chrome Web Store for Enterprise has been made available
• It’s free to use for Chrome Enterprise Core and Premium users
• Two new features are coming later in 2025

Google’s Chrome Web Store for Enterprises has officially launched, meaning company IT admins are about to have much more control over the type of browser extensions employees can access.

First teased back in October 2024, the new Enterprise-destined Chrome Web Store allows organizations to curate lists of pre-approved Chrome extensions for their workers to help reduce the risks associated with malicious extensions.

Tools built into the admin controls will display disk scores for extensions to provide additional visibility into the potential risks.

Chrome Enterprise Web Store

The feature relies on Google’s security operations (SecOps) tools to offer real-time telemetry and risk scoring, providing IT admins with detailed insights into extension usage and more, but risk scores are provided by third-party platform spin.AI.

“By providing greater control, visibility, and security, Google is committed to empowering businesses to harness the full potential of Chrome extensions while safeguarding their critical assets," Chrome Web Store & Extensions Product Manager Hafsah Ismail and Chrome Enterprise Product Manager Maxime Martin wrote in the announcement.

Hafsah and Martin summarized the benefits, which include simplified access, enhanced security, increased productivity, customizable interface, and more transparency.

The company-specific Web Stores will also feature company branding, including logos, imagery, and announcements, allowing enterprises further customization of their employee experiences.

Besides the ability to curate pre-approved lists, admins will also be able to remotely remove extensions from users’ systems in an update later this year. Another update arriving this year will let Enterprise admins look forward to customer block messages on extension detail pages. Google hopes this will reduce end-user requests to IT.

The new Chrome Web Store is available free of charge to Chrome Enterprise Core and Chrome Enterprise Premium users.

You might also like

• We’ve listed our pick of the best browsers
• Check out the best privacy tools and anonymous browsers
• Google Workspace opens up Gemini for all - but you'll have to pay more

• There's a new Apple Support doc about AirPods updates
• Spoiler: You're doing it correctly already
• If things go wrong, try, try again

Apple's AirPods, AirPods Pro and AirPods Max aren't like other Apple products: where iPhones, iPads and Macs update their software through a visible and straightforward process, Apple's headphones are more mysterious. Or at least, they were until now.

At long last, Apple has clarified what you need to do to update the best AirPods of all kinds. And it's simple: just wait for a full moon, turn out your pockets three times, and dance the dance of the AirPods update. If you've been good then the AirPods gods will smile upon you and bless your buds.

Well, not quite. But even with the clarification it's still a bit opaque.

How to update the software in AirPods, AirPods Pro 2 and AirPods Max

Apple has updated its AirPods firmware support page (via The Verg) to explain exactly how to perform an AirPods or AirPods Max firmware update. And the steps are:

• You need to be in Bluetooth range of your iPhone, iPad or Mac, and that device needs to be connected to Wi-Fi.
• For earbuds: put them into the charging case and close the lid. Plug the charging case into a USB charger or port.
• For AirPods Max: plug the charging cable into the right earphone and connect the other end to a into a USB charger or port.
• Wait 30 minutes.
• Reconnect your earbuds or headphones to your iPhone, iPad or Mac.

I'm being a bit snarky but there is some new information here: I was aware of all the steps but I didn't know it could take up to 30 minutes for the update to complete, which perhaps explains why I've been annoyed by firmware updates I knew were available but that didn't install when I wanted them to.

While the new information is handy, it'd be nice if there were a notification to let you know your update was complete; at the moment you still need to go into Bluetooth settings and check the firmware version manually to see if it's been updated. Maybe Apple will add a notification in a future iOS update.

You might also like

• Apple's banking on camera-equipped AirPods to trounce Meta smart glasses, but I'm not sure it's enough
• The best earbuds: wireless and wired buds for all budgets, all TechRadar tested and recommended
• The best noise-cancelling earbuds, chosen by our testers and for all budgets

• Powerbeats Pro 2 images have been leaked by noted tipster Arsène Lupin on X
• The images confirm previous leaks, predicting orange, lilac, and white finishes
• This leak follows rumors that Beats' new buds will feature heart-rate monitors

Another day, another Powerbeats Pro 2 leak, but this one allegedly shows us not only colorways and design tweaks but also a much-requested feature: a heart-rate monitor in the companion app.

The rumor mill's really ramped up a gear in the past couple of weeks, most recently thanks to MacRumors (who spotted a hidden line of code in iOS 18, reportedly revealing that Powerbeats Pro 2 can be used in conjunction with gym equipment to measure heart rate), which came hot on the heels of the Powerbeats Pro 2's appearance in an official database on January 17.

And now, we get to see them in what looks to be unreleased press shots (read: on someone other than baseball star Shohei Ohtani, or quarterback for the Colorado Buffaloes Shedeur Sanders – awesome though those images were).

The images were leaked by noted tech tipster Arsène Lupin on X (or Twitter), who has the excellent handle @MysteryLupin, but it's important to note that the photos are just that – leaked images, rather than anything official from Apple. So, take them with as much of your preferred seasoning as you'd like.

pic.twitter.com/NoFOEbFXrNJanuary 27, 2025

Powerbeats Pro 2: what we know now

The ticker-taking button we'd all be hoping for…  (Image credit: Arsène Lupin (via X))

Obviously, these images don't tell us definitively whether or not the incoming Powerbeats Pro 2 will beat AirPods to sporting on-ear heart-rate monitors (although ticker-taking AirPods are likely coming, though perhaps not even as soon as the AirPods Pro 3) but there is one telling image to get excited about. Look at the photo of the woman using the app: see the icons for different spatial sound profiles – and crucially, the separate button labeled 'Heart Rate'?

The images also back up data found in the code for iOS, which mentioned beige, black, orange, and purple color options, which of course checks out here.

Looks-wise (because that's all you typically get with images), we'd been wanting more slender arms and a slightly more pocketable case, and it looks as if that's exactly what we've got.

Obviously, there's no further information on chipset, battery life, stamina, or other additional features within the images (and we've already mentioned that these images are not to be relied upon as concrete evidence), but it's great to see toggles for different sonic profiles – and given the sporty nature of the photos, it looks as if this new Powerbeats Pro iteration is still very much the set of earbuds Beats wants its athletic fanbase to purchase.

Release date? Pricing? Those details are still very much at large. But as we see it, so shall you. It's our job, and we take it very seriously.

You may also like

• See our pick of the best earbuds
• Need ANC? Here's our guide to the best noise-cancelling earbuds
• Something for running? See our roundup of the best open-ear headphones

• A listing for the Nintendo Switch 2 has appeared at an online Italian retailer
• The Switch 2 is listed with a €364.99 / $385 / £307 price tag
• This would make the console slightly more expensive than the Switch OLED

Just because the Nintendo Switch 2 has been revealed doesn't mean the leaks have stopped, and the latest may have given us an idea of how much the console will cost.

According to a newly uploaded listing on the Italian retailer Games and Movies the Switch successor will seemingly cost €364.99, which is roughly $385 / £307 (via NintendoLife).

The website also features an apparent release date, reading, "Pre-order product. Estimated availability: 31 December 2025", although it's highly likely that this is just a placeholder date.

Interestingly, the €364.99 / $385 / £307 price point puts the Switch 2 at just €15 / $15 / £12.58 more than the Nintendo Switch OLED, which is the most expensive Switch model currently available.

Nintendo has yet to announce an official launch date for the console, we only know that it will be arriving in 2025, so the retailer's current price listing could prove to be a placeholder to encourage interest in early pre-orders.

For now, we can only speculate on how much the next Nintendo handheld will cost, however, if we consider the console's more powerful hardware it could certainly have a higher price point than its predecessor.

TechRadar Gaming predicts that Nintendo will keep the cost of the Switch 2 at around $399.99 / £349.99 / AU$699.95, or lower.

Alongside the Nintendo Switch 2 reveal earlier this month, it was confirmed that a Nintendo Direct showcase will air on April 2, 2025, which will hopefully provide us with a release date and a deeper look at the hardware and software.

You might also like...

• The best Nintendo Switch games to play in 2025
• Have you been chosen? Nintendo Switch 2 Experience invites are being sent out now
• Nintendo Switch 2 backwards compatibility is ‘the best direction to take’ for players, Nintendo says

• The Empress has been renewed for a third and final season
• The German period drama has been one of the most-watched Netflix shows
• Season 3 plot details have not yet been revealed

The Empress (Die Kaiserin) will make one last royal return to Netflix as the German historical drama series has been renewed for a third and final season.

Much like Bridgerton, My Lady Jane, and The Serpent Queen, the Emmy award-winning series has been crowned a global success, with season 1 staying in the global Netflix top 10 most-watched non-English shows ranking for five straight weeks in 2022. The Empress season 2 was just as popular and became one of the most successful Netflix series worldwide in 2024 after making it into the Top 10 list in 84 countries.

Netflix's German social media accounts confirmed that Empress Elisabeth and Emperor Franz's romance would continue in season 3, with a post translated into English saying: “Love, drama and intrigue. The story continues. Season 3 is coming."

Liebe, Drama und Intrigen. Die Geschichte geht weiter. Staffel 3 kommt. pic.twitter.com/58tII2gBW7January 27, 2025

What can we expect in The Empress season 3?

The Empress, which is one of the best Netflix shows, tells the story of Empress Elisabeth of Austria, known as Sisi (Devrim Lingnau), who is forced to navigate complex court politics after marrying Emperor Franz Joseph (Philip Froissant).

While official plot details for The Empress season 3 are yet to be revealed, The Empress season 2, which was one of three new Netflix shows I was excited to watch last year, sees Franz face a powerful European adversary just as the young couple hope to enjoy their newfound marital bliss.

Meanwhile, Elisabeth faces fresh struggles of her own as she's under intense pressure to produce an heir to secure the future of the empire. As fate strikes, their love threatens to break apart and Elisabeth must fight for her family and the integrity of her soul.

Showrunner Katharina Eyssen said of the renewal to Netflix: "It sometimes leaves me speechless to see how many people we have been able to reach and touch all over the world with The Empress. To be able to continue and conclude this story together with our team and the unique ensemble cast is nothing less than a gift."

Alongside The Empress season 3, other period dramas that are coming to the best streaming service are The Law According to Lidia Poet season 3, House of Guinness and The Leopard.

You might also like

• 3 new Netflix shows I can't wait to watch in February 2025
• Black Mirror season 7: everything we know so far about the hit Netflix show’s return
• Netflix's Zero Day trailer shows Robert DeNiro as a troubled former US president and I'm already on the edge of my seat

• The Google Pixel 9a is rumored to launch with a pricier storage upgrade than the Pixel 8a
• The phone is expected in March this year, and will likely feature upgraded specs and a new, surprisingly un-Pixel-like design
• We aren't sure how reliable the pricing rumor is, as the source is anonymous

The Google Pixel 9a may keep the same starting price as the Pixel 8a, but come with a price hike for its higher storage variant, if a new rumor is to be believed.

According to a report from Android Headlines that only credits “our sources”, the Google Pixel 9a will launch at $499 in the US for the model with 128GB of storage – that’s the same as the current-gen Pixel 8a, and if prices hold steady elsewhere, that means we’ll see a launch price of £499 / AU$849 in the UK and Australia.

However, the report also suggests that the expanded 256GB model will come in at $599 – that’s a $40 hike on last year’s model. This may be reflected in pricing for the UK and Australia too, in which case we’d expect to see a price of around £599 / AU$1,000, but Google may elect to change regional pricing individually.

For example, the Pixel 8a launched at $499 / £499 / AU$849, which was the same as the Pixel 7a in the US, but £50 more expensive in the UK and $100 more expensive in Australia.

This pricing structure equates the value of 128GB of storage to $100, which is also the basis for the pricing of the flagship Pixel 9 and Pixel 9 Pro models.

A price hike of any kind is never good news, but a stable launch price is perhaps more important for a phone targeting budget-conscious consumers. And as a follow-up to the Pixel 8a – our present choice for the best budget Android phone – the Pixel 9a is likely to offer great value for money regardless.

A leaked render of the Google Pixel 9a, showing the new design with no camera bar (Image credit: Android Headlines / @OnLeaks)

We’ve been reporting on leaks about the upcoming cheaper Pixel phone for months, and, if these rumors are to be believed, we’ll be getting a very capable midrange handset from Google in March 2025.

We previously reported that the Pixel 9a is rumored to have a 6.3-inch 120Hz display, the flagship-class Tensor G4 chipset, and 8GB of RAM.

As for cameras, we’re expecting the Pixel 9a to sport a 48MP main camera, 13MP ultra-wide, and 13MP selfie camera. That main camera might seem like a downgrade on the Pixel 8a’s 64MP snapper, but as T3 reports, this could be the same sensor found on the Google Pixel 9 Pro Fold, which would be considered an upgrade on the 8a.

The Pixel 9a is also expected to get a refreshed design that ditches the iconic Pixel camera bar for an oval cutout, and come equipped with a 5,100mAh battery; that would be larger than the one in the Pixel 9 Pro XL, and even larger than the batteries in the iPhone 16 Pro Max and Samsung Galaxy S25 Ultra.

We shouldn’t have to wait too long for official details about the Pixel 9a, but for now, the above is based on rumors and leaks. The pricing rumor stems from an anonymous source, so we can't say for sure how reliable it is.

If you can’t wait until March to see whether the Pixel 9a is for you, be sure to check out our lists of the best Android phones and best cheap phones for more options.

You might also like

• This case isn't just a rotting banana, it's a window into iconic music history
• The Samsung Galaxy S25 Ultra could get a Bluetooth S Pen after all – but it’ll cost you extra
• The latest iPhone SE 4 leak shows off its rumored redesign next to the iPhone 16

• MSI says there will be a limited supply of the RTX 5090 at launch
• This shortage reportedly stems from miscommunication with Nvidia
• Scalpers may have the upper hand at launch due to limited availability

Nvidia's RTX 5090 is about to launch at multiple retailers on January 30 and considering the power it packs for providing the best gaming performance across the board, many PC gamers are keen to get hold of one - but unfortunately, that might not be easy.

As reported by Wccftech, MSI claims that the supply of the RTX 5090 will be limited at launch, suggesting a chip shortage on Nvidia's part. While this is only one of Team Green's third-party partners, it certainly doesn't spell good news for other partners and those attempting to purchase Founders Edition GPUs.

Considering the history of scalping surrounding the previous generation's RTX 4090, I’m worried it might turn out to be much worse this time around - with an MSRP of $1,999 / £1,939 / AU$4,039 (along with the combination of a limited supply), we could be seeing a far more dire situation. It's also worth noting that most partner cards will be more expensive than Nvidia's Founders Edition, so this may give scalpers an opportunity to go overboard with pricing if demand is suitably high.

According to IT Home (translated from Chinese), the projected short supply at launch stems from miscommunication between Nvidia and partners, plus the 'Spring Festival' (Chinese New Year) affecting factory opening times. Whilst it's not the end of the world for those intent on purchasing the flagship GPU, it does indeed point towards a potential long (and expensive) wait if scalpers are quick to strike.

(Image credit: Future) So, how do you beat scalpers?

Let's face it: there's not much one can do to beat scalpers other than staring at your screen and constantly refreshing the store page to reach the checkout before everything sells out. The same can be said for those camping outside retailers for the RTX 5090 due to the limited supply as highlighted by IGN - besides this, most of it is left to luck and any measures put in place by Nvidia itself or retailers.

We've seen this occur with the likes of Valve's Steam Deck, which was limited to one order per account when in high demand - and whilst it didn't completely eliminate scalping, it did a great job at softening the blow, though at the cost of customers left on edge when awaiting a new batch of units. If you’re wondering where to buy Nvidia’s RTX 5090, we’ve made a short guide on the best online retailers to keep tabs on.

If scalpers manage to beat customers and units sell out quickly, I'd say it's worth waiting patiently to avoid overpaying - especially if you're still using an RTX 4090, as I promise you, you're perfectly fine for the time being.

You may also like...

• Where to buy Nvidia RTX 5080: I'd check for stock here first
• Are Nvidia’s RTX 5060 GPUs about to arrive? Rumor hints they might be - with the RTX 5060 Ti potentially coming with 16GB VRAM
• AMD looks set to compete with Nvidia in the laptop GPU space - Team Red claims Ryzen AI Max 395+'s iGPU outperforms RTX 4070 laptop GPU

• Apple warns users about use-after-free vulnerability being exploited in the wild
• It affects most products, including iPhones, watches, TVs, and more
• A patch is already available, so update now

Apple has released a patch for its first zero-day of 2025, fixing CVE-2025-24085, a use-after-free flaw affecting the CoreMedia component.

CoreMedia is a framework in Apple's ecosystem that handles multimedia. It is important for the playback, processing, and management of both audio and video files, and is found in devices powered by macOS, iOS, iPadOS, tvOS, and watchOS.

A use-after-free (UAF) flaw is a type of memory vulnerability that occurs when a program continues to use a memory location after it has been freed (deallocated). This can result in unpredictable behavior, such as crashes, data corruption, or execution of malicious code. Attackers can exploit UAF by manipulating the memory space to insert malicious payloads, which the program may execute when it accesses the freed memory.

Patching things up

The issue affects multiple Apple products: iPhones, iPads, macs, TVs, Vision Pro, and watches.

The company said it was being exploited in the wild as a zero-day, but at this time, it did not share any details - although the bug could be exploited through a rogue app, which could grant the attackers more control over the target system.

The relative silence is regular practice for Apple, since it wants to give its users enough time to apply the patch, without tipping potential threat actors off on a new attack avenue.

Speaking of the patch, Apple product users should make sure their devices are updated to the following: iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3.

"A malicious application may be able to elevate privileges," Apple said in a security advisory. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

Via The Register

You might also like

• Apple forced to patch iOS and macOS security flaw that could have leaked your private info
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

• Nintendo Switch 2 Experience invites are now being sent out
• The preview event will be held in cities across North America, Europe, Asia, and Oceania
• Waitlists are scheduled to open on January 29 for those who missed out on an invite

Invites for the Nintendo Switch 2 Experience event are now being sent out.

Following the long-awaited reveal of the Nintendo Switch successor, Nintendo announced that it would be holding an exclusive preview event, offering fans the opportunity to get a closer look at the console ahead of its release.

Sign-ups went live earlier this month and official invites have now been sent out to a selection of lucky members of the public.

Those who did get an invite received confirmation via their emails, verifying their entry and the designated location they registered for, and have since been sharing their excitement through social media.

YOOO I GOT IN!!! Oh my god, against all the odds I actually did it! I can’t wait to see the switch 2 in person!! Now I’m trying to get my best friend irl a ticket so we can go together, but other than that if any of my mutuals or cool people are going at this time, hit me up! pic.twitter.com/yLMGrku14HJanuary 27, 2025

For fans who were rejected, Nintendo has now confirmed that there could be an opportunity to attend the preview event in the case of cancellations. Waitlists are also scheduled to open on January 29 and will be available on a "first-come, first-served basis".

The Nintendo Switch 2 Experience is scheduled to kick off in New York on April 4 and will run until June, though the specific date has yet to be announced.

You can check out the list of locations and dates below.

North America

• New York: April 4 - April 6
• Los Angeles: April 11 - April 13
• Dallas: April 25 - April 27

Europe

• Paris: April 4 - April 6
• London: April 11 - April 13
• Milan: April 25 - April 27
• Berlin: April 25 - April 27
• Madrid: May 9 - May 11
• Amsterdam: May 9 - May 11

Oceania

• Melbourne: May 10 - May 11

Asia

• Tokyo (Makuhari): April 26 - April 27
• Seoul: May 31 - June 1
• Hong Kong: To be announced
• Taipei: To be announced

You might also like...

• Nintendo Switch OLED - review
• The best Nintendo Switch games to play in 2025
• Nintendo Switch 2 backwards compatibility is ‘the best direction to take’ for players, Nintendo says

• PS5 exclusive Rise of the Ronin is coming to PC
• It will have a range of exclusive features, including 8K support
• It's also cheaper than the PS5 version

PlayStation 5 exclusive Rise of the Ronin is finally coming to PC. Developer Koei Tecmo has officially revealed that the game will arrive on Steam on March 11, 2025.

Interestingly, the PC version will benefit from quite a few exclusive features in the graphics department. This includes support for 8K resolution, DirectX 12 Ultimate, ultra-wide and super ultra-wide displays, 120fps support, ray tracing, and 3D audio. This is on top of a menu UI that has been reworked for mouse controls, plus customizable keyboard and mouse inputs.

In my experience, the original release of Rise of the Ronin often struggled to run on the base PS5 - with a few persistent stutters and a rather muddy looking picture at times. The developer has confirmed that the PC release will benefit from the addition of AMD Fidelity FX Super Resolution and Nvidia DLSS and Reflex support, which might prove a reliable way to smooth out those issues.

The PC release is currently available for pre-order and comes in significantly cheaper than the PS5 version, which retailed for $69.99 / £69.99 when it launched on March 22, 2024. It costs just $49.99 / £39.99, which in my eyes is a great price for such an expansive and unique open world game.

Those who pre-order the PC version will receive the same pre-order bonus as PS5 players did, a pack of Ninja Gaiden inspired items. This includes the Iga Ninja's Katana and Iga Ninja Armor Set, plus early access to four in-game combat styles. Overall, not the most essential addition, but a neat little bonus for those eager to dive in on day one.

In our Rise of the Ronin review, we praised its superb action combat and the sheer number of things to discover in its world. Although it suffers a bit from some samey mission design, it’s still well worth experiencing and the ability for more players to do so can only be a good thing.

You might also like

• I think now could be the best time to buy a Nintendo Switch instead of waiting for the Nintendo Switch 2, here’s why
• Marvel Snap is finally back online in the US and all players are getting a huge number of free in-game items as compensation
• Xbox games are coming to Nintendo Switch 2, per Phil Spencer