TechRadar News

We've been waiting to see how Apple Intelligence's Genmoji feature works since Apple first revealed it at WWDC in June.

Now, we've finally caught our first glimpse and it's quicker and easier than we expected. Apple quietly updated its iPadOS 18 guide with steps on how to activate the custom AI emoji creator and if it works as seamlessly as it sounds then Genmoji is likely to become a massive success.

According to Apple, 'Just tap the emoji icon, type a description of the image you want—“Golden Retriever catching the best wave ever,” for example—then tap Create New Emoji.'

We have yet to see anyone try this new Apple Intelligence feature, which is expected to arrive as part of the iOS 18.2 and iPadOS 18.2 updates later this year. Ryan Christoffel over at 9to5Mac, however, has used Genmoji and wrote this about the experience, 'By happenstance, I was able to try out an early version of this walkthrough in action using a recent iOS beta.' He added, 'My experience followed Apple’s description exactly, proving just how easy it will be to create new Genmoji.'

Finally some Genmoji information

(Image credit: Future / Lance Ulanoff)

It's exciting to finally get some information on how Genmoji actually works as I was starting to get worried that Apple Intelligence's messy launch with no proof of these features in action could lead to another AirPower disaster.

The fact that Apple's guides are being updated to reflect how to use the feature and people outside of Apple have created Genmojis for themselves, means we can actually get excited to create cowboy frogs in the very near future.

If you want to try Apple Intelligence for yourself, you'll need one of the best iPhones compatible with Apple's AI tools. Check out our iPhone 16 Pro review to see exactly what Apple Intelligence is capable of.

You might also like...

• iPhone 16 review
• Apple Intelligence's most underrated feature
• 5 Apple Intelligence features to try right now

Star Health and Allied Insurance, one of the biggest health insurance organizations in India, has suffered a cyberattack that saw sensitive customer data stolen and then leaked on Telegram via a number of bots.

The information stolen and subsequently leaked included people’s full names, phone numbers, postal addresses, medical reports, and insurance claims.

Furthermore, for some people it included copies and scans of ID cards and certain tax details - more than enough information to run identity theft campaigns, phishing, and possibly even wire fraud.

Investigation under way

When Star Health and Allied Insurance learned of the breach, it moved to contain it. Since the data was leaking via Telegram, it sued the instant messaging platform for facilitating crime. Hackers apparently also propped up websites to hold the data, which were hosted on Cloudflare, which is allegedly being mentioned in the lawsuit, too.

A local court issued a legal order, forcing Telegram and Cloudflare to restrict access to the stolen information, which appaears to have been only partially successful, since the sites are still accessible from some ISPs in the country - and it's not known if the bots are still active on Telegram.

At press time, the victim did not yet issue any statement. It told TechCrunch a “forensic investigation” is underway, and added that it would be premature for a public company to comment before the investigation is concluded.

We don’t know exactly how many customers are affected by this incident. According to Life Insurance International - everyone, and that means more than 31 million people. The stolen data reportedly totalled 7.24 terabytes. We also don’t know if this is the work of a ransomware organization, and if the company was asked for payment to keep the data private. The breach happened in August.

Via TechCrunch

More from TechRadar Pro

• Millions of Toyota drivers have had data exposed - here's what you need to know
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

 Samsung has launched its 990 EVO Plus SSD, designed for gamers, creatives, and professionals.

The 990 EVO Plus seems a worthy follow-up to its predecessor, the 990 EVO (which already has a spot in our best SSDs list). It’s more power-efficient, supports PCIe4.0, has expanded storage capacity, and is more reliable. Samsung claims it’s 50% faster than its predecessor, offering lightning-fast read speeds of up to 7,250 MB/s and write speeds of up to 6,300 MB/s.

As for power efficiency, it delivers a phenomenal 73% more efficiency than the EVO 990, a feat Samsung attributes to its 8th generation V-NAND technology, 5-nanometer controller, and nickel-coated heat shield.

In other words, the 8th gen V-NAND technology can tackle more information faster because it can store more data in a smaller space, meaning better performance and faster access to data; the hugely efficient 5nm controller uses less power and processes data faster, improving the performance of tasks like transferring files or loading games. To top it off, its nickel-coated heat shield keeps overheating to a minimum so the 990 EVO Plus can remain reliable and speedy during heavy use.

An upgrade in every way

The SSD comes in 1TB, 2TB, and 4TB capacities, again topping its predecessor, whose max-capacity model offered 2TB of storage. The 4TB model offers random read speeds of 1,050K and random write speeds of 1,400K, measured in IOPS (input/output operations per second). Samsung mention that these speeds are near what you’d get in an SSD with a DRAM cache.

The 990 EVO Plus is also strapped with Samsung’s newly-improved TurboWrite 2.0. This feature was first seen back in Samsung’s 840 EVO; it speeds up writes by initially using a portion of the SSD’s more space-efficient but slower triple-level cell (TLC) memory in single-level cell (SLC) mode.

Also included is Samsung’s successful Magician Software, which contains tools to optimize and enhance the functionality of Samsung’s SSDs. It can monitor drive health, protect valuable data, and customize performance optimization.

The 990 EVO Plus will be available in 1TB at $110.00 (£106, AU$139), 2TB at $185 (£178, AU$279), and 4TB at $345 (£326 AU$579).

You might also like...

• The Nvidia RTX 5090 and 5080 specs may have leaked, and the 5080's VRAM might be a huge disappointment for gamers
• Is Intel's nightmare finally over? One last patch could fix 13th-gen and 14th-gen CPU instability issues
• V-color’s new DDR5 RAM has been launched and it seems like an overclocker’s dream, looking ridiculously fast and stable

With the Samsung Galaxy S25 now likely just four months away, it would appear that it's time to start talking about the Samsung Galaxy S26 – and it's being tipped to offer some significant performance gains when it launches early in 2026.

Flagship phones always get faster year-on-year of course, but a new report from PhoneArena based on a source in China suggests we're looking at a substantial jump forward in power, thanks to the Qualcomm Snapdragon 8 Gen 5 chipset.

We haven't yet seen the Snapdragon 8 Gen 4 chipset – it's expected to break cover next month – but its successor will apparently come with some next-generation 3-nanometer technology (better performance with greater power efficiency, essentially).

The highest clock speeds (a measure of calculation speed) on this new chipset will apparently hit 5GHz, according to this source. The current Snapdragon 8 Gen 3 maxes out at 3.4GHz, so that would be a big jump across two years.

Chips with everything

The Galaxy S24 Plus (Image credit: Future / Axel Metz)

Yesterday we saw some leaked benchmark scores suggesting the Samsung Galaxy S25 Ultra – with the Snapdragon 8 Gen 4 from Qualcomm inside – could have enough oomph to beat the iPhone 16 Pro Max in terms of raw power.

There is always a complication with Samsung's flagship phones, though, in that some years it equips some models with Qualcomm chips and some models with its own Exynos chips, depending on where in the world they're sold.

That's what happened with the Samsung Galaxy S24 and the Galaxy S24 Plus, though not the Samsung Galaxy S24 Ultra. We'll have to wait and see what the mix is with the Galaxy S25, which may then give us some clues about the Galaxy S26.

You could argue that all this top-level power isn't really necessary for day-to-day phone use, but there are two scenarios where it can make a noticeable difference: in playing demanding games on your mobile, and in tapping up generative AI tools – and those games and tools are only likely to get more demanding between now and 2026.

You might also like

• The Samsung Galaxy S25 and S26 could get the same camera
• These are the best Samsung phones you can buy right now
• Fresh leaks hint at the design of the Samsung Galaxy S25 Ultra

If you want to know why music fans rave about planar magnetic headphones, our Edifier Stax Spirit S3 review and Stax Spirit S5 review make the case for the tech: they deliver exceptional depth and detail in audio. In our reviews we raved about their sound, and suggested that there was only one real omission: active noise cancellation.

Well, while making the transition to earbuds instead of over-ear headphones, Edifier's solved that.

The new Edifier Stax Spirit S10 are the world's first true wireless planar magnetic earbuds with ANC, courtesy of the Qualcomm QCC5181 chipset, and that means we're very excited to hear them: with 12mm planar magnetic drivers, hi-res wireless audio certification and noise cancellation on top, these look like they'll be something special.

Edifier Stax Spirit S10: key features and pricing

The Stax Spirit S10 have third-generation Qualcomm Adaptive Hybrid ANC, and they boast six microphones for ANC and clearer calls, backed with aptX Voice noise reduction. There's up to 28 hours of playback via the charging case, and the Bluetooth is low-latency Bluetooth 5.4 with dual-device multi-point, aptX Adaptive, LDAC, LHDC and AAC to cover all the audio bases.

The buds are IP54 certified for water and dust resistance and there are seven pairs of ear tips for the perfect fit; the sound settings are customizable via the Edifier phone app and you can customize the touch controls too.

They look chunkier than most of the best wireless earbuds, so it's good that they come with lots of eartip options – you'll need a good, secure fit to keep them feeling comfortable, most likely.

The big selling point here is the use of planar magnetic drivers. The 12mm modularized drivers "guarantee a uniform, consistent audio performance" and have the second generation of Edifier's EqualMass wiring counter, which is designed to deliver equal weight distribution across the diaphragm and ensure a consistently clear audio performance. Each pair will go through an auto-calibration process before shipping to guarantee uniform performance, the company says.

These are high-spec headphones, but the price isn't as high as you might expect: the Stax Spirit S10 will be available soon from Amazon for $299.99 (about £223 / AU$435), which is in line with the likes of the Sony WF-1000XM5, and cheaper than the likes of elite Bowers & Wilkins Pi8, so the Edifiers look like a strong contender for our list of the best earbuds if they live up to their heritage.

You might also like

• Google Pixel Buds Pro 2 review: tiny earphones that are drowned out by the competition
• Nothing's first open-ear buds are here, and they truly wow me for fit and bespoke sound quality
• After 8 years, Apple's original AirPods design is finally gone, and I won't miss it – but I love its legacy

Google appears to have pulled the Wear OS 5 update for older Pixel Watch models following widespread reports that it was causing devices to crash and even brick.

Google announced earlier this week that the Pixel Watch 1 and 2 would be getting the Wear OS 5 treatment; however, problems emerged for users following the rollout on Wednesday (September 25).

Multiple users have reported problems with the update, with their Pixel Watches stuck on a blank screen and in need of a fastboot reset.

Now it looks like Google might have pressed pause on the update while it irons out this bug.

While the factory and OTA options for performing a manual install are still available, 9to5Google reports that Pixel Watch owners yet to upgrade no longer have the option to download the update, noting that "Going to Settings > System > System updates and repeatedly tapping does not yield the update like it did earlier in the week."

Wear OS 5 on hold

(Image credit: Future/Lance Ulanoff)

The problem with Wear OS 5 bricking some Pixel Watch models doesn't appear universal. 9to5 notes that "most users have successfully installed Wear OS 5 and aren’t facing any issues." However, the black-screen Bluetooth-logo-of-death is a massive headache for those who have had to deal with it.

As we previously reported, if you've encountered this problem when updating your Pixel Watch 1 or 2 you'll need to do a fastboot rest in order to bring your watch back to life.

When Google does finally get its ducks in a row, Pixel Watch users can look forward to Wear OS 5's battery life optimizations, new watch faces (and a new watch face format that takes up less storage), new running metrics, and more.

While the Pixel Watch 3 is Google's latest contribution to the best smartwatches going right now, older models are getting at least one more trip around the sun on the latest software. We've reached out to Google for comment, and will update this report with any new information.

You may also like

• Pixel Watch 3 vs Pixel Watch 2: Which Google timepiece is for you?
• Wear OS watches including the Pixel Watch 3 are now getting offline Google Maps
• The Pixel Watch 1 and 2 will soon get an upgrade to Wear OS 5

Around one in three (31%) of Britain’s small businesses are hesitant to deploy AI despite its potential positive impact on productivity and efficiency.

According to new data from hiring platform Indeed, many small business leaders expressed concerns about employee resistance and the potential for mishaps.

Around two in five said that they were worried AI could disrupt their operations (38%), and a similar number (39%) suggested that it would be safer to stick with more familiar methods as opposed to introducing new and less proven technologies.

SMBs are cautious about AI

The consequences of this fear could be detrimental to the UK’s economy, the survey warned, as small businesses make up 99.2% of the nation’s business population.

Indeed revealed that leaders are also unsure about their employees using artificial intelligence. One-quarter (26%) were concerns about resistance from staff, while 43% said that unauthorized AI usage by their workers could harm their operations.

AI adoption among SMBs hasn’t been a total disaster, though. If 31% are hesitant, that leaves 69% who are prepared to invest in artificial intelligence solutions. Half of those surveyed (49%) agree that AI could increase efficiency, while nearly as many (44%) say that the tech could reduce time-consuming, low-value and repetitive workloads.

The benefits extend further into employees’ personal lives, too – nearly a quarter (24%) suggested that AI could enable their company to consider a four-day work week.

Looking ahead, it’s clear that simpler solutions are needed. Two in five (40%) are asking for more easy-to-use AI products, and around a third (29%) prefer AI features to be integrated into their existing systems, rather than having to go out and learn an entirely new platform.

“Small businesses are the backbone of the UK’s economy and it’s imperative that they are able to grow and adapt to new technologies," said Caroline Barbour, Senior Marketing Manager for SMB at Indeed.

“It’s important that small businesses have the support they need to navigate this wave of AI adoption, and are set up with easy-to-use tools, or features that integrate within their existing product suite.”

More from TechRadar Pro

• Many businesses aren't sure exactly how employees get their work done
• Check out our roundup of the best online collaboration tools
• These are the best AI tools and best AI writers

Our identities face unprecedented threat. While AI has the potential to be a force for good, in the hands of nefarious actors it can have the opposite effect, amplifying these dangers. Among these threats are deepfakes: synthetic media used to impersonate real individuals. Over the past year, these fraudulent impersonations have surged, targeting individuals across various platforms. As deepfakes become more convincing, cybercriminals are finding new ways to exploit them, posing serious risks to personal and organizational security.

While deepfakes have been circulating online since 2017, their impact has recently escalated. Initially used to impersonate celebrities and public figures, deepfakes have now become more personal, targeting senior executives across nearly every industry—from retail to healthcare. A notable case involved a finance employee who was deceived into transferring an astonishing £20 million to fraudsters who used a video deepfake to impersonate the company's chief financial officer.

Exacerbating the issue is the need for more awareness among the general public. A recent survey by Ofcom revealed that less than half of UK residents are familiar with deepfakes, increasing the likelihood of these attacks succeeding. Equally concerning is that according to KPMG, 80% of business leaders believe deepfakes pose a significant risk to their operations, yet only 29% have implemented measures to counteract them.

The first step in addressing the deepfake challenge to cybersecurity is raising awareness and adopting proactive strategies to combat the threat. But where should organisations begin? Let's delve deeper, looking at three solutions that organisations can take to prevent being caught out by deepfakes.

A Dual Approach: The Importance of Passive and Active Identity Verification

To effectively counter deepfakes, organizations must adopt a multifaceted approach to identity management and verification. While biometric authentication methods such as fingerprint or facial recognition are robust, more than a single mode of authentication is required to protect against today's sophisticated cybercriminals. Multiple layers of authentication are necessary to safeguard against these threats without compromising the user experience.

This is where passive authentication, particularly passive identity threat detection, becomes crucial. Operating alongside active authentication methods—such as user-initiated verifications—passive identity threat detection works behind the scenes, primarily focusing on identifying potential risks. This technology can activate alternative verification methods, such as a push notification to confirm location or device usage when suspicious login attempts or behavior are detected. Rather than overwhelming users with additional authentication steps, passive identity threat detection alerts both the user and the organization to potential fraudulent activity, preventing it before it escalates.

Navigating a 'Trust Nothing' Era: The Shift from Implicit to Explicit Trust in Identity Verification

The concept of implicit trust—where we naturally trust what we see and hear—is diminishing as deepfakes increasingly compromise identity verification. In today’s “trust nothing, verify everything” era, explicit trust measures, such as sending a text message, push notification, or other credential checks outside the usual communication channels, have become essential. While not necessary for every interaction, these additional verifications are crucial when dealing with sensitive actions like transferring money or clicking on potentially malicious links, ensuring authenticity in a world where appearances can deceive.

Deepfakes are often used to socially engineer victims, exploiting channels like voice, images, and video over unauthenticated platforms. For instance, an employee might receive a Zoom call from someone impersonating their CEO, asking to reset a password or make an urgent payment. We have been encouraged by employers for years to trust our colleagues, but this rise in deepfakes presents a challenge to the fabric of work culture.

Leveraging AI for Good: Using Emerging Technologies to Combat Deepfakes

Society is at a critical juncture where AI tools can be used for good and evil, with human identity caught in the middle of this technological tug-of-war. As trust erodes and our identities are increasingly at risk, it is imperative that we stay vigilant and proactive in the fight against deepfakes.

AI, while contributing to the deepfake problem, also offers solutions to mitigate it. To reduce the prevalence of deepfakes, organizations must harness emerging technologies designed to detect these fraudulent media. These include image insertion detection, which identifies if an image was manually or falsely added to a communication, and audio detection tools that determine if an audio file was synthetically generated. As AI technology continues to evolve, we can expect the development of even more sophisticated deepfake prevention methods. However, in the meantime, organizations must leverage existing technologies to stay ahead—just as cybercriminals do with AI on the other side of this battle.

As with any cybersecurity threat, the best protection comes from being one step ahead. The more prepared organizations are for potential deepfake attacks, the better they can protect against future threats. By adopting a multifaceted approach to identity verification and remaining aware of the tactics employed by cybercriminals, we can safeguard our identities and maintain trust in a digital world.

We've listed the best network monitoring tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

There aren't many headphones that started life in hospital, but then Audeze's CRBN2 electrostatic headphones aren't like other headphones. They're built around a cutting-edge material made from suspended carbon nanotubes that was originally designed for use in magnetic resonance imaging (MRI), and that ultra-thin material doesn't just prevent you from being hurled into the guts of an MRI machine. It also sounds pretty fantastic, as demonstrated in the Audeze CRBN headphones. And now there's a brand new version that promises to be even better.

The sequel to the CRBN headphones is the CRBN2, and it introduces what Audeze calls SLAM – short for Symmetric Linear Acoustic Modulator. According to the firm, this tech is "revolutionary" and delivers incredible clarity and powerful bass that's truly immersive.

Audeze CRBN2 electrostatic headphones: key features, pricing and availability

In addition to the SLAM, the CRBN2 headphones also have the second generation of the firm's carbon nanotube electrostatic driver. SLAM optimizes its air pressure distribution to improve low frequency performance without introducing distortion, and Audeze CEO Sankar Thiagasamudram says that it delivers "the most lifelike bass and transparency ever delivered in an electrostatic headphone." 

Electrostatic headphones are highly prized by audiophiles due to their natural and transparent sound and fast response, but they don't feature in our list of the best wired headphones because they're not easy to drive – you'll need a compatible amp. The CRBN2 are compatible with all 580-volt bias electrostatic amplifiers.

These are premium headphones made with premium materials, which include "sumptuous" leather earpads and a comfortable suspension headband. And because the electrostatic headphones don't require large magnets to drive them, the total weight is a relatively light 480g.

Audeze has built quite the reputation for its high-end headphones, and it was recently acquired by Sony Interactive Entertainment. Audeze tells us that while it's under new management, it'll be business as usual, with Audeze remaining a separate and distinct brand with its own way of doing things and its own very distinctive products.

The new Audeze CRBN2 headphones are available now with a recommended retail price of $5,995 (about £4,480 / AU$8,700). What's the first thing you'll listen to on that SLAM technology you've spent so much on? Well, it obviously has to be this.

You might also like…

• They're real: Neurable's brainwave-reading headphones are here, promising to help you focus and avoid burnout
• The new Marshall Monitor III ANC headphones are comfy, sound great, and have a ridiculously long battery life
• Nothing's first open-ear buds are here, and they truly wow me for fit and bespoke sound quality

Microsoft is currently testing a new ‘Shared’ section in Windows 11’s File Explorer, which aims to make it easier to find everything that’s been shared with you across Microsoft services.

Windows Latest flagged up that the new addition is part of the latest preview of Windows 11 (24H2) in the Dev channel (build 26120).

The Shared section sits alongside the ‘Recent’ and ‘Favorites’ tabs, showing any file that has been shared with your Microsoft account (whether that’s a document from OneDrive, an email, and so forth). This makes it easy to see these files, right upfront in File Explorer, rather than having to hunt for them.

While the feature isn’t working properly in preview right now - at least not according to testing carried out by Windows Latest - the theory is that files will be marked with their origin, and, for example, something shared in cloud storage would open in OneDrive (naturally in the Edge browser).

If you’re using Microsoft products in a work or school environment, your Shared section will also include files shared within your organization or school body. 

(Image credit: Microsoft) File this one under ‘plenty’ 

Microsoft further notes in the blog post for build 26120 that you’ll also see more types of file in the Recent and Favorites tabs, as well as the new Shared section, and that includes files you’ve recently interacted with in Power BI or Microsoft Forms, for example, or Designer. Expect to see a wider selection of apps represented in these parts of the File Explorer UI, in short.

The preview build also brings a few other developments, such as new flyout menus for pinned apps in the Start menu for easier access to certain features, the ability to share files that come up in Windows search more easily, and a relocation of media controls to the bottom-center of the lock screen when you have media playing in the background.

All of this should be packaged in the upcoming big Windows 11 24H2 update, which we expect to arrive any week now. However, as ever with work in testing, we don’t know if all the features will make the cut for the release version of the update. 

It seems likely that most of these proposed changes will end up in Windows 11, though, including the Shared tab - assuming the current bugginess can be ironed out by Microsoft as the feature proceeds onward through the testing channels.

YOU MIGHT ALSO LIKE...

• Windows 11 users could get a shiny new ‘Soundscape’ Settings page to replace another bit of the ancient Control Panel
• Following a backlash around a recent Windows 11 Start menu change, Microsoft reverses course in new preview build
• Windows 11’s new ‘Recommendations & Offers’ page might give you more say over what ads you see, but probably not enough to make you happy

Security leaders have become increasingly clear on one thing: Application Security (AppSec) has grown more complex and complicated than ever before. With the rise of cloud computing, microservices, and continuous integration/continuous deployment (CI/CD) pipelines, the attack surface has expanded dramatically. More tools, more data, more potential vulnerabilities—it’s no wonder that many organizations are struggling to keep up. But here’s the irony: as our cybersecurity practices have become more sophisticated, they’ve also become more convoluted, and that complexity often leads to gaps in coverage.

The Growing Complexity of AppSec

Today’s AppSec environment is like a massive jigsaw puzzle with pieces that are constantly shifting. Every new application, microservice, or third-party integration adds another layer of complexity. Each layer introduces new risks, and without comprehensive technology coverage, those risks can easily go unnoticed until it’s too late. We’ve seen this play out in incidents like the 2020 Twitter hack, where attackers exploited gaps in security to access internal tools and compromise high-profile accounts. The complexity of modern AppSec makes it easy to miss these gaps if you’re not equipped with the right tools and strategies.

Why Simplification Is Key—But Not at the Expense of Accuracy

As the complexity of AppSec increases, so does the need for simplification. But —simplification doesn’t mean cutting corners or sacrificing accuracy. On the contrary, it’s about streamlining your processes and tools so that you can maintain a clear, comprehensive view of your security landscape without getting bogged down by unnecessary complications. In other words, we need to simplify without sacrificing thoroughness.

Take the 2020 MGM Resorts breach, for example. Over 10 million guests had their personal information exposed because of gaps in continuous monitoring. This wasn’t just a failure of technology; it was a failure of process. If the organization had a simpler, more streamlined approach to its security coverage—one that didn’t miss critical updates and vulnerabilities—this breach might have been avoided.

The False Sense of Control Amid Complexity

One of the biggest risks in a complex AppSec environment is the false sense of control. It’s easy to believe that more tools and more processes mean better security, but that’s not necessarily the case. The 2021 Panera Bread data breach, which exposed millions of customer records due to overlooked vulnerabilities, is a stark reminder of this. Despite having various security measures in place, the complexity of their environment created blind spots. This breach highlights the critical need for simplicity in your security approach—ensuring that nothing slips through the cracks and that every vulnerability is accounted for.

Simplified, Comprehensive Coverage: The Answer to Modern AppSec Challenges

So, how do we manage this complexity without losing control? The answer lies in achieving full stack technology coverage through simplified, yet comprehensive, processes. This means adopting a holistic approach that covers all aspects of your digital environment—applications, infrastructure, APIs, and more—without getting overwhelmed by the intricacies of each component.

Consider the Log4j vulnerability that took the industry by storm in 2021. It affected organizations across the globe and demonstrated the need for comprehensive application visibility. But here’s the catch: those who had already implemented streamlined, full stack coverage were able to respond quickly and effectively. They weren’t scrambling to piece together a fragmented security posture; they had a clear, accurate view of their entire environment and could act with precision.

Why Full Stack Coverage Is the Simplification We Need

Full stack technology coverage doesn’t just provide a complete view of your security landscape—it simplifies the complexity of modern AppSec. By integrating advanced management tools that offer continuous updates and comprehensive visibility, you can ensure that every aspect of your environment is covered. This not only reduces the risk of missing critical vulnerabilities but also streamlines your decision-making process, allowing you to focus on what matters most: protecting your organization.

Companies like Google and Microsoft have shown us how effective this approach can be. By simplifying their security processes while maintaining thorough coverage, they’ve gained a strategic advantage. They’re not just compliant with regulations—they’re setting new standards for what it means to be secure in a world where threats are constantly evolving.

Conclusion: Simplify, Don’t Sacrifice

As a risk executive, you’re facing an AppSec landscape that’s more complex than ever before. But complexity doesn’t have to mean confusion. By prioritizing full stack technology coverage, you can simplify your approach to cybersecurity without sacrificing accuracy or thoroughness. This isn’t just about keeping up with the latest threats—it’s about staying ahead of them, ensuring that your organization is fully protected no matter how the landscape changes.

The time to simplify is now. Don’t wait until your next audit or, worse, your next breach, to realize that your current approach isn’t cutting it. Take action today to streamline your security processes, implement full stack coverage, and gain the clarity you need to make informed, strategic decisions. In a world where AppSec is only going to get more complex, simplicity—and comprehensive coverage—are your best defenses. Let’s embrace a simpler, more effective way to secure our organizations, ensuring that we’re not just reacting to the challenges of today, but proactively preparing for the threats of tomorrow.

We've listed the best cloud optimization service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

ElevenLabs has added a Deepak Chopra to the stable of celebrity voice clones available on its Reader App. Chopra’s AI-generated voice can now read out any digital text to you with his full approval. Chopra joins the likes of Judy Garland, James Dean, Burt Reynolds, and Sir Laurence Olivier as a celebrity voice, though he is the first still-living person who has signed up to have his synthetic avatar read digital texts.

Chopra has been a leader in promoting meditation and mindfulness for decades and is also taking the lead in deploying a voice clone of himself. A few months ago, ElevenLabs and Chopra produced a virtual Chopra chatbot called Digital Deepak. Trained on Chopra’s collected speeches, books, interviews, and other comments, Digital Deepak acts as a limited but still knowledgeable source for Chopra’s thinking. You can ask Digital Deepak about himself and his work and get personalized responses from his AI voice clone. 

The success of Digital Deepak is what led to Chopra and ElevenLabs extending their partnership to the Reader App. The Reader app uses voice clones like Chopra’s to perform any uploaded text. It will read the words and mimic human emotion based on the context. 

Those interested in hearing the voices can try the ElevenLabs Reader app for free for three months or subscribe to ElevenLabs’ platform to gain access to the iOS or Android app. ElevenLabs has suggested that using celebrity voices will enhance any listening experience. Chopra’s inclusion with the Hollywood Golden Age stars suggests it won’t just be for entertainment but also for deeper topics.

Chopra Speaks

“I am proud to announce my partnership with ElevenLabs. Listening can help cultivate emotional nurturing and engagement. This is no different in the age of AI, it is only more important,” said Chopra. “I have always written to connect with people, and now I can connect on a deeper level with a global audience as I make my teachings available for everyone in my own voice.”

Performers have expressed concern that AI will leave them out of a job since it can recreate their look and sound far more cheaply. Meta has already proven it will pay big bucks to get celebrities to voice the Meta AI assistant, and Disney ensured it had a deal with James Earl Jones before he passed to legally recreate his voice if they want Darth Vader in future projects. Recent actor union strikes have made stronger protections against unfair AI replication of their performances part of their bargains. For now, ElevenLabs wants people to see Chopra and other famous voices as a way to create deeper connections with people they respect, even if it’s all synthetic.

“At ElevenLabs, we’re committed to preserving and celebrating cultural legacies while pushing the boundaries of technology,” said Dustin Blank, Head of Partnerships at ElevenLabs. “By bringing  voices like Deepak Chopra to our platform, we’re not just enhancing our app – we’re creating new ways for people to connect with the most influential figures and their work.”

You might also like

• This app can add AI narration to any site or text – here's how to make it work
• How you can get (AI versions of) Judy Garland or Burt Reynolds to read to you
• Why the passing of James Earl Jones doesn't mean you won't hear Darth Vader's voice again

Puget Systems has published a detailed content creation review of the Intel Xeon W-3500 series. The company's latest workstation processors are an update of the W-3400 series, offering increased core counts and cache but maintaining the core architecture. This new chips aim to address Intel's lagging performance in the high-end desktop (HEDT) content creation space compared to AMD’s Threadripper series.

Puget Systems had a full retail sample of the high-end Xeon w9-3595X but used pre-production samples for other models, meaning real-world performance might vary slightly. For consistency, benchmarking used standardized setups, ensuring RAM speed and cooling factors were controlled.

In Adobe After Effects, an application benefiting from multicore CPUs, Intel’s processors showed some performance improvements, although AMD’s Threadripper held the lead. Similarly, the Xeon processors showed only incremental gains in Adobe Premiere Pro and DaVinci Resolve, with Threadripper still leading in single-threaded and multi-core performance.

Showing some gains

For video editing and motion graphics, the Xeons performed respectably but failed to surpass AMD’s offerings. Specifically, Premiere Pro showed minor improvements, while the RAW codec performance was positive. DaVinci Resolve further highlighted AMD's dominance, although Intel resolved previous issues with odd core count models underperforming.

Adobe Photoshop tests confirmed that these high-core count processors weren't the best choice due to the application's latency sensitivity and single-core reliance. AMD’s Threadripper dominated here as well.

In Unreal Engine tests and CPU rendering benchmarks (Cinebench, V-Ray, Blender), the Xeons showed some gains, particularly in Blender with a 10-15% improvement. However, AMD's higher-core models were faster, completing tasks notably quicker.

(Image credit: Puget Systems) Summing up

At the end of its review, Puget Systems said, “The new Intel Xeon W-3500 family of processors is a fine refresh to an existing product stack but leaves a lot to be desired if Intel wants to compete with AMD in the HEDT space for Content Creation. As is typical, the performance gain depends a lot on the particular application, but, in general, gains are from 0-20% with a bias towards multi-threaded applications due to the increased core count.”

Puget noted that while it didn’t test the new chips for scientific computing and HPC/ML applications in this review (as the focus was on content creation) this is one area where the Intel Xeon W-3500 series will shine and it plans run a comparison for that in the future.

More from TechRadar Pro

• Intel's game-changing technology for enterprise, is it too little too late?
• Intel unveils Xeon 6 series CPUs with a clear focus
• Intel could move away from regular CPU releases

Practicing with a native speaker has long been seen as the best way to learn a language, but Duolingo thinks its AI characters can fill in if you don't have a global contact list. The language learning app showcased two new AI features at its annual Duocon conference, Video Call and Adventures – both aiming to boost your language skills with AI.

Video Call, as the name suggests, is a video phone call with an AI character who speaks the language you are trying to learn. The feature uses the widely used Duolingo character Lily, a somewhat dour but clever personality, who will chat with you using AI to understand and respond to what you say realistically. That includes what she says and the voice speaking the words, which mimics a human pretty well in tone and cadence, with pauses for 'thought' incorporated into the dialogue.

It's not a one-size-fits-all conversation, either. Lily will adjust her response based on how far along you are in learning the language, gently correcting errors and encouraging you to keep trying. Currently, Lily only speaks English, Spanish, and French, though the company plans to add more soon. Additionally, the feature is also only available to Duolingo Max subscribers.

Adventures with Lily and Oscar

You can do more than just have a conversation with Lily by turning to Duolingo's Adventures. The simulation game sets you up in different real-world scenarios where you need to communicate with Lily or fellow Duolingo mascot Oscar to complete tasks and solve problems at school, the store, and elsewhere, exploring as you go.

The idea is to learn how to speak in useful contexts and build up vocabulary as you go. The AI characters correct any mistakes by adjusting what they say to help you better understand, similar to how a (very patient) real person would try to help a visitor who doesn't speak the language. The Adventures feature is only available for English speakers learning French and Spanish speakers learning English. However, Adventures isn't limited to Max subscribers and will be accessible on the Duolingo app.

Video Call and Adventures continue Duolingo's investment in AI for its app. Last year, the company partnered with OpenAI to offer Max subscribers detailed explanations on wrong quiz answers using the Explain My Answer feature and the chance to practice conversations with generative AI chatbots in the Roleplay feature. As AI translation and educational tools continue to spread, these may be the key for Duolingo to stay relevant and popular, especially on a global scale where AI tools may not be as accessible.

Luis von Ahn, co-founder and CEO of Duolingo, said "Our mission is to develop the best education in the world and make it universally available. We believe the best way to do that is by continuously pushing the boundaries of technology." He then continued, “With new AI-powered features like Video Call and Adventures, we're creating new, immersive ways to practice languages and build confidence.”

You might also like

• Forget Duolingo – Google Translate just got a massive AI upgrade that gives it over 100 new languages
• YouTube could be getting a real-time translator in the future
• Duolingo's new GPT-4 AI will happily explain why your Spanish is wrong

While there have been many leaks, rumors, and reports surrounding Nvidia’s upcoming flagship RTX 5090 and the 5080 graphics cards, we now have some definitive specs thanks to a recent and massive leak.

Well-known and reliable Nvidia leaker kopite7kimi posted on their X (formerly known as Twitter) account specs for the forthcoming Blackwell graphics cards. 

According to said leaks, the RTX 5090 will supposedly use the GB202-300 GPU with 21,760 FP32 CUDA cores (a decrease from the 24,576 of the whole chip), a 512-bit memory bus, 32GB of GDDR7 RAM, and use a whopping 600W of power. It’s still apparently using a two-slot cooler despite the power output increasing from the 4090’s 450 to 600, which most likely points to a differently designed cooling system.

Meanwhile, the RTX 5080 is rumored to use the GB203-400 GPU with 10,572 FP32 CUDA cores, a 256-bit memory bus, 16GB of GDDR7 VRAM, and consuming 400W of power. The power usage is up from the 4080’s 320W.

As for an official release date, Nvidia still hasn’t announced anything on their end, while leakers have been coming up mostly short. There was one leak that asserted the cards would launch in late September 2024, but that seems unlikely now.

What do these leaks mean for the 5090 and 5080? 

The specs for the RTX 5090 are nothing short of impressive, though that 600W of power usage puts quite a damper on things. Hopefully, whatever cooling system Nvidia develops for it will be up to the task of keeping it running at reasonable levels (maybe the Cooler Master one will be up to the task?). However, it won’t address the steep environmental impact of that power – not to mention that the price on this thing will be astronomical.

If the leaks are to be trusted, the RTX 5080 is shaping up to be pretty disappointing. The fact that we’re only getting 16GB of VRAM for what should be a premium card is absolutely a joke. It reminds me of the embarrassing RTX 4080 variant with only 12GB of VRAM that was later ‘unlaunched’ after public outcry.

The worst part is that the 5080 will undoubtedly cost an eye-watering amount and yet come with barely more VRAM than an underpowered last-gen card that was canceled. It’s staggering at this point that Nvidia would still put out graphics cards like that. Not to mention that the wattage is far too high for the level of performance that it’s sure to offer if this leak is true.

Can we please get some budget cards instead? The average gamer is dying of thirst, waiting for an affordable way to upgrade their gaming rigs.

You might also like

• Nvidia RTX 5090 may not be the fastest next-gen GPU
• Nvidia RTX 5080 and 5090 may not turn up this year after all
• Nvidia RTX 4090 graphics card could soon be disappearing off the shelves

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Wordle hints and answers, Strands hints and answers and Quordle hints and answers articles if you need help for those too.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #474) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• IMPORT
• THING
• GRAVITY
• START
• BANK
• TRADE
• MATRIX
• DUNE
• WEIGHT
• ABYSS
• DRAFT
• MOUND
• HILL
• BENCH
• FLY
• SUBSTANCE

NYT Connections today (game #474) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• Yellow: Up there on that __
• Green: Big deal
• Blue: Team of the week
• Purple: Star Wars would not be one. The Return of the Jedi would

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #474) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: AREA OF HIGH GROUND
• GREEN: SIGNIFICANCE
• BLUE: ACTIONS IN FANTASY SPORTS
• PURPLE: SCI-FI MOVIES, WITH “THE”

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #474) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #474, are…

• YELLOW: AREA OF HIGH GROUND BANK, DUNE, HILL, MOUND
• GREEN: SIGNIFICANCE GRAVITY, IMPORT, SUBSTANCE, WEIGHT
• BLUE: ACTIONS IN FANTASY SPORTS BENCH, DRAFT, START, TRADE
• PURPLE: SCI-FI MOVIES, WITH “THE” ABYSS, FLY, MATRIX, THING

• My rating: Moderate
• My score: 3 mistakes

What do MATRIX, THING, FLY, ABYSS, GRAVITY and DUNE all have in common? They're all movies, of course – and more specifically all sci-fi movies (although The Fly is also a horror). Four of them also formed a Connections group today – but which four?

If I'd been a little more careful I'd have worked it out sooner and not lost a guess very early on. But I didn't do that, instead just picking four at random, which was a REALLY STUPID thing to do. Still, I got it on the second attempt, taking a little more time over it and realizing that it was SCI-FI MOVIES, WITH “THE”, and therefore ABYSS, FLY, MATRIX and THING.

I only lost one guess there, but threw away a couple more on the blue ACTIONS IN FANTASY SPORTS group. I originally had IMPORT in there, thinking it was something about taking things/people from one place to another (which worked with DRAFT and TRADE), but was looking in slightly the wrong place and almost suffered a failure. With no guesses remaining I swapped IMPORT for BENCH, added START and solved this Connections puzzle.

How did you do today? Send me an email and let me know.

Yesterday's NYT Connections answers (Thursday, 26 September, game #473)

• YELLOW: DECORATIVE EDGE BORDER, FRILL, FRINGE, TRIM
• GREEN: INCREASE, IN A WAY GROW, MOUNT, SWELL, WAX
• BLUE: SPECIFICATIONS FOR A BARTENDER DRY, NEAT, STRAIGHT, VIRGIN
• PURPLE: STRING ___ BEAN, BIKINI, CHEESE, THEORY

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Quordle was one of the original Wordle alternatives and is still going strong now nearly 1,000 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my Wordle today, NYT Connections today and NYT Strands today pages for hints and answers for those puzzles.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #977) - hint #1 - Vowels How many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 4*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #977) - hint #2 - repeated letters Do any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #977) - hint #3 - uncommon letters Do the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #977) - hint #4 - starting letters (1) Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #977) - hint #5 - starting letters (2) What letters do today's Quordle answers start with?

• G

• C

• R

• B

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #977) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #977, are…

• GUEST
• CHASM
• ROOST
• BASAL

You can't win 'em all, eh? After a 55-game winning streak I suffered a failure in today's Quordle. And really, it was all of my own doing. OK, so it's a potentially difficult game in general – CHASM has an uncommon spelling, ROOST and BASAL both have repeated letters – but I should still have solved it.

The truth is, I was slapdash in my play. I guessed QUEST when GUEST would have made more sense, BALSA rather than BASAL and WORST rather ROOST. All made sense at the time, but a smart player (which clearly I am not) would instead have guarded against some of those mistakes. Playing GORSE, for instance, would have told me that it had to be GUEST, ROOST and BASAL, but it would have ruled out the wrong answers. Unforgivable.

How did you do today? Send me an email and let me know.

Daily Sequence today (game #977) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #977, are…

• MISSY
• SIXTY
• LANKY
• CHUMP

Quordle answers: The past 20

• Quordle #976, Thursday 26 September: STAGE, VOGUE, CLUMP, HEATH
• Quordle #975, Wednesday 25 September: UMBRA, DADDY, GLAZE, PRANK
• Quordle #974, Tuesday 24 September: SPACE, INNER, SPAWN, BEGAT
• Quordle #973, Monday 23 September: GUILT, STERN, ANNEX, FIELD
• Quordle #972, Sunday 22 September: ZESTY, MEATY, ALIVE, DRAWN
• Quordle #971, Saturday 21 September: VITAL, FRAIL, SPEAR, EERIE
• Quordle #970, Friday 20 September: ELIDE, DITTO, SHAWL, BONUS
• Quordle #969, Thursday 19 September: MARRY, OWING, DICEY, LUCKY
• Quordle #968, Wednesday 18 September: CEDAR, VENOM, MIGHT, MEDIC
• Quordle #967, Tuesday 17 September: ETHOS, COUNT, PRINT, THREE
• Quordle #966, Monday 16 September: ROUGE, SWAMP, FUGUE, UNDUE
• Quordle #965, Sunday 15 September: VILLA, SMOKE, BULKY, THRUM
• Quordle #964, Saturday 14 September: ESSAY, GENRE, WIMPY, CHUTE
• Quordle #963, Friday 13 September: LEANT, ORGAN, FILLY, PLAIT
• Quordle #962, Thursday 12 September: ARBOR, STARK, LEAVE, GOOFY
• Quordle #961, Wednesday 11 September: ROUGH, CACTI, SAVOY, ODDER
• Quordle #960, Tuesday 10 September: PLUMB, SEIZE, EARLY, ASSET
• Quordle #959, Monday 9 September: CHIRP, BEADY, THETA, MINUS
• Quordle #958, Sunday 8 September: TEASE, AGATE, PRIDE, PLATE
• Quordle #957, Saturday 7 September: LASSO, TILDE, BUNCH, PRONG

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my Wordle today, NYT Connections today and Quordle today pages for hints and answers for those games.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #208) - hint #1 - today's theme What is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Medieval marvel

NYT Strands today (game #208) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• BUTTER
• TORE
• WEAR
• ATOM
• LAUD
• DARE

NYT Strands today (game #208) - hint #3 - spangram What is a hint for today's spangram?

• Not necessarily made of sand

NYT Strands today (game #208) - hint #4 - spangram position What are two sides of the board that today's spangram touches?

First: left, 4th row

Last: right, 3rd row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #208) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #208, are…

• MOAT
• WALL
• DRAWBRIDGE
• COURTYARD
• TOWER
• KEEP
• TURRET
• SPANGRAM: CASTLE

• My rating: Easy
• My score: Perfect

This was a spectacularly easy Strands puzzle. If the words 'Medieval marvel' didn't immediately conjure up a CASTLE to you, well, then, you didn't spend as much time during your childhood playing with Lego, reading The Lord of The Rings or watching Robin Hood as I did.

I got the spangram right away, and that made the task of finding the other answers all the easier. None were remotely hard to think of or difficult to uncover, and I completed the whole thing in about three minutes.

How did you do today? Send me an email and let me know.

Yesterday's NYT Strands answers (Thursday 26 September, game #207)

• SWING
• CRIB
• HIGHCHAIR
• STROLLER
• BLANKET
• PLAYPEN
• SPANGRAM: BABYGEAR

What is NYT Strands?

Strands is the NYT's new word game, following Wordle and Connections. It's now out of beta so is a fully fledged member of the NYT's games stable and can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

Hackers are using TikTok in new phishing attacks as they attempt to steal people’s Microsoft Office 365 credentials, a new report from Cofense has warned.

The company's researchers detected someone sending out phishing emails threatening victims that all of their emails will be deleted unless they press a button. What’s new about this campaign is that the button actually leads to TikTok.

To make the attack work, the attackers employ TikTok URLs. A TikTok URL usually appears in the bios of a profile that has links to external websites, the researchers explained - so therefore, the TikTok URL can redirect the visitor to whatever site the profile holder chooses.

Spotting the scam

If the phishing email recipient does not spot the trick and clicks the button in the message, they will be sent through a number of redirects, ultimately landing on a web page that looks like a Microsoft 365 login site, with the company logo and all. The malicious site even autofills the user’s email address in order to improve legitimacy.

However, since this is a fake website, controlled by the attackers, any information - including passwords - submitted there, go straight to the hackers.

The use of TikTok URLs may be novel, but the overall methodology does not differ much from what we’re used to seeing. The email still comes from a completely unrelated domain. It is still full of grammar and spelling mistakes. Finally, the URL of the landing page does not even come close to resembling a Microsoft domain.

Therefore, spotting the attack should not be too difficult - it only takes being a little mindful of the emails coming in, and not trusting everything in the inbox.

More from TechRadar Pro

• An ID verification service for TikTok, Uber and X reportedly left its credentials open for a year
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Google has hailed Rust, a memory safe programming language, as a significant factor in its ability to cut down on vulnerabilities as part of its Safe Coding initiative.

Memory access vulnerabilities often occur in programming languages that are not memory safe. In 2019, memory safety issues accounted for 76% of all Android vulnerabilities.

In response, many developers and tech giants are moving towards using memory safe languages that help them produce secure-by-design software and technology.

Vulnerabilities Rusting away

In its blog, Google presented a simulation of the transition to memory safe languages through the gradual use of memory safe code in new projects and developments over a five year period. The results showed that despite a gradual rise in code being written in memory unsafe languages, memory safety vulnerabilities dropped significantly.

This, Google says, is because vulnerabilities decay exponentially. New code that is written in memory unsafe languages often contains bugs and vulnerabilities, but as the code is reviewed and refreshed vulnerabilities are gradually removed making the code safer over time. Ergo, the main source of vulnerabilities is new code, and by prioritizing the use of memory safe programming languages when starting new projects and developments, the number of vulnerabilities drops significantly.

In Google’s own shift towards using memory safe programming languages there has been a significant drop in the number of memory-related vulnerabilities, with memory safe vulnerabilities down to 24% in 2024 - a stark contrast from 2019 and well below the industry norm of 70%.

Credit: Google (Image credit: Google)

Using memory safe languages is not a silver bullet however, and Google acknowledges that “with the benefit of hindsight, it’s evident that we have yet to achieve a truly scalable and sustainable solution that achieves an acceptable level of risk.”

The strategies for approaching memory safety vulnerabilities began with reactive patching, where memory safe vulnerabilities are prioritized by software manufacturers, leaving other issues to be exploited more rapidly.

The second approach consisted of proactive mitigating, where developers were encouraged to include mitigations such as stack canaries and control-flow integrity at the cost of execution speed, battery life, tail latencies, and memory usage. Developers were also unable to keep up with attackers' ability to exploit vulnerabilities in new and creative ways.

Third came proactive vulnerability discovery, where the focus was on detecting vulnerabilities through ‘fuzzing’, where vulnerabilities are tracked down through the symptoms of unsafe memory. However, as Google points out, these tools are inefficient and time-intensive for teams to use and often do not spot all vulnerabilities even with multiple passes.

Google’s fourth tactic is to therefore engage in high-assurance prevention and secure-by-design development. By using programming languages such as Rust, developers know and understand the properties of the code they have written and can infer vulnerabilities based on those properties. This reduces the cost on developers by reducing the number of vulnerabilities from the start, including vulnerabilities outside of memory safe issues. This cumulative cost reduction also has the added benefit of making developers more productive.

“The concept is simple:,” the Google blog notes, “once we turn off the tap of new vulnerabilities, they decrease exponentially, making all of our code safer, increasing the effectiveness of security design, and alleviating the scalability challenges associated with existing memory safety strategies such that they can be applied more effectively in a targeted manner.”

More from TechRadar Pro

• These are the best laptops for programming
• Nvidia CEO predicts the death of coding — Jensen Huang says AI will do the work, so kids don't need to learn
• Take a look at the best online cybersecurity courses