TechRadar News

• The North Face has notified customers of a data breach
• Hackers ran a credential stuffing attack on its website and breached customer accounts
• They stole names, addresses, and phone numbers

The North Face has confirmed suffering a credential stuffing attack through which cybercriminals exfiltrated sensitive customer information.

The outdoor clothing and equipment company has filed a new notice with the Vermont Attorney General which also included the data breach notification letter sent out to affected customers.

In the letter, the company said it discovered “unusual activity” on its website on April 23, 2025. The subsequent investigation showed that an unidentified attacker ran a “small-scale credential stuffing attack”, using login credentials obtained elsewhere, most likely purchased from the dark web.

Save up to 68% on identity theft protection for TechRadar readers

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)View Deal

Payment information intact

“Credential stuffing attacks can occur when individuals use the same authentication credentials on multiple websites,” The North Face said. “We encourage all of our customers to use a unique password on our website.”

The crooks made away with people’s shipping addresses, preference information, email addresses, full names, dates of birth, and phone numbers.

“Payment card (credit, debit, or stored value card) information was not compromised on our website,” the company added.

“The attacker could not view your payment card number, expiration date, or your CVV (the short code on the back of your card).”

As The North Face explained, payment data was not taken because it’s not being stored on its servers. The company only retains a token linked to the payment card, while the payment processor retains the details.

“The token cannot be used to initiate a purchase anywhere other than on our website. Accordingly, your credit card information is not at risk as a result of this incident.”

The North Face also said notifying customers wasn’t necessary, given the nature of the stolen information, but still decided to do it “out of an abundance of caution.” Still, names, birth dates, postal addresses, and phone numbers are more than enough information to create custom, convincing phishing emails that can result in identity theft, payment information theft and wire fraud, identity theft, and more.

Via BleepingComputer

You might also like

• Millions of Vans, North Face customers confirmed hit in data breach
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• You can now create Sora AI videos in the Bing app on mobile
• You get 10 credits, but can earn more by searching with Bing
• Videos are portrait and five seconds long with more formats coming soon

Remember Bing, Microsoft’s attempt to take on the mighty Google in search? I’ve got to admit, I’d completely forgotten about it until Microsoft’s latest trick to make it relevant again caught me off guard: It has added Sora AI video creation to the Bing app on iOS and Android, for free!

Since you would normally need to be a ChatGPT Plus subscriber (which costs $20 a month) to get access to Sora, that’s a pretty sweet deal.

However, a look at the small print shows there are some restrictions. You get 10 ‘fast creations’ credits to start with, and each time you create a video with Bing Video Creator you gobble up a credit.

Using 'fast credits' your video will be created in just a few minutes. Once you’re out of fast credits you switch to Standard speed. Standard means that it will take Bing “approximately several hours per video” to generate anything.

Intriguingly, the 'fast credits' don't auto-renew each month, but instead you can earn more of them by searching using the Bing search engine.

Microsoft has produced a video to show you how Bing Video Creator works:

Using Bing Video Creator

To use Bing Video Creator you have to be using the Bing app on mobile, available on the App Store and Google Play Store.

Once it's running just tap the apps icon at the bottom right of the Bing screen to access all the apps it contains. Next, tap on Video Creator.

You can then type in a prompt for your video. Obviously, the more descriptive you are with your prompts the better the video will be, but to test it out I tried something very simple: “A tiger prowling through the jungle” and hit the Create button.

Just a couple of minutes later, I had my five second AI video. And it had only used up one of my 'fast creations' credits.

I could share my video using all the usual methods on my iPhone, and the video file it produced was only 7MB in size. Videos created in Bing Video Creator are five seconds long and can be created in 9:16 format with 16:9 format “coming soon”.

Here it is:

Unlike Google’s recently released Veo 3 AI video creator, you can’t lip-sync voices in Sora videos, so you can’t make videos of people saying things, although it surely can’t be long before OpenAI add this feature to Sora. There also didn’t seem to be any way of adding sound to the video at all in Bing.

We all know that Microsoft has had a long-standing alliance with OpenAI which has meant that Copilot is powered by the ChatGPT search engine. This has sometimes meant that you can access premium features that you’d normally have to pay for via a ChatGPT.

The addition of Bing Video Creator is another welcome advantage of this deal, even if it's currently only available on mobile, however, Microsoft says that a desktop version is coming soon.

Earning more credits

The most interesting part of the new tool is how you earn 'fast creation' credits. To gain more you can redeem 100 Microsoft Rewards points for a single credit. You can earn these reward points by searching using Bing on desktop or mobile, browsing using the Edge browser or gaming using the Xbox console, provided you are logged in with your Microsoft account.

For example, you can earn five points by searching just once using Bing on either mobile or PC desktop. So, the more you search with Bing, the more Sora videos you can create.

Offering Sora video credits for searching in Bing is a clever tactic from Microsoft, and who knows, it might just bring Bing back into the spotlight again?

You might also like

• Did ChatGPT ruin the em dash? Here’s how to stop it from putting them everywhere
• 5 power-hungry appliances that use less energy than generating an image in ChatGPT
• Nothing shows how far ChatGPT’s images have come than two pictures generated with the same prompt, but created a year apart

• Photoshop on Android (beta) drops for devices running Android 11 or later
• It's free for a limited time
• Creative Cloud subscriptions unlock Adobe Stock assets and generative edits

Following the release of Photoshop for iPhone earlier this year, the biggest photo-editing app has finally made it to Android in pro-grade form, complete with Photoshop's marquee features and generative capabilities.

Offering much of the same functionality as the iPhone app, the free beta version of Photoshop for Android has an intuitive interface designed specifically for phones, with core Photoshop tools such as layering, masking, and blending.

I'm yet to use the app, but I watched a demonstration of its capabilities presented by Adobe, and it looks super impressive, seemingly being one of if not the most fully equipped and powerful photo editors for Android phones.

You can import images from your camera roll, start from a blank canvas, utilize Adobe Stock assets, and take a photo with your phone to then edit.

As a regular Photoshop user I can't wait to try the app out on my Google Pixel phone, and here are three tools I'll start with…

Tap select can be applied to both subjects and backgrounds and can utilize Adobe's generative Firefly tools. (Image credit: Adobe)1. Tap select

Simplifying Photoshop's subject and background selection tools on a mobile phone is no easy task, but what Adobe calls 'Tap select' appears to do the trick nicely.

During a demo, an Adobe professional walked us through an edit of a classic car photo, using Tap select to make image adjustments to just the car itself, and then to other subjects.

Tap select suggests various objects in an image that you might want to selectively edit, displaying thumbnails of these, and when you've made a selection it'll suggest a huge arsenal of Photoshop tools such as color adjustments and so forth.

Subject selection can be refined with Photoshop's Brush Tool to add / subtract from the selection when it has missed the mark.

And with these edits working within Photoshop's layering capabilities, changes can be tweaked at any point in the editing process.

Tap select is the kind of tool I can see myself using on almost every edit, and its implementation for Android phones looks well thought out.

With the model's clothes selected, it's possible to make selective edits, such as changing the hue. (Image credit: Adobe)2. Generative Firefly

Adobe has focused a lot of its energy recently into developing Firefly – the generative AI tools that sit within its leading apps such as Photoshop. Naturally, Photoshop for Android phones can tap into these tools too.

For example, Generative Fill can replace subjects and backgrounds to your liking, however fanciful your ideas are. Again, during the demo, we saw these tools put into practice – removing parked cars in the background and replacing surrounding trees for palm trees, with multiple generated options to choose between.

Naturally, there are limits to Firefly's capabilities, but the Android phone version appeared to be as powerful and efficient as the full version of Photoshop with the word prompt tasks it was assigned.

It's possible to work on the same file across Photoshop on mobile and Photoshop on web apps. (Image credit: Adobe)3. Tapping into Adobe Stock assets

Despite having a Creative Cloud subscription, I don't generally make use of the 'commercially safe' Adobe Stock assets at my disposal, whether that's images or textures or other assets. However, on the mobile version I can see myself having a proper play with these.

Let's say I want to add text to an image, for which there's a huge selection of fonts to choose from. I can then mask that text layer, modifying the lettering with just about any texture or image of my choice from hundreds of thousands of stock assets.

In the demo, we saw 'Aloha' text added to the classic car photo, taken in Hawaii, and then modified with an image of a hibiscus flower within the lettering.

I came away from the demo with the feeling that the scope of the edits I can make to photos from my phone is vast, and limited only by my imagination.

I'm really looking forward to having a play with Photoshop on my Android phone to get a proper feel for it.

You might also like

• I'm a Photoshop pro – here are 5 things I love about the new iPhone app and 3 things I don’t
• Best Adobe Photoshop alternative of 2025: Avoid Creative Cloud subscriptions with these top apps
• The 5 biggest new Photoshop, Firefly and Premiere Pro tools that were announced at Adobe Max London 2025

• The De'Longhi Dedica Duo is a new compact manual espresso machine
• It can brew hot and cold espresso, and has an integrated steam wand
• It comes in four colors, including three pastel shades inspired by gelato

De'Longhi has launched a new compact coffee maker, the De'Longhi Dedica Duo, which takes one of my all-time favorite machines and gives it a makeover with the ability to brew hot or cold, and a choice of four pretty pastel colors.

The De'Longhi Dedica Duo is an upgraded version of the Dedica Style, which has long held a top spot in our roundup of the best espresso machines thanks to its small footprint, impressive performance, high-quality integrated steam wand, and very reasonable price tag.

The Dedica Duo keeps all of those features, and adds the option to brew cold coffee for drinks like iced lattes and espresso martinis.

Cold brew is the biggest trend in home coffee machines right now, with brands including Breville, Ninja, and Jura all launching new models that aim to recreate the mellow flavor of cold-infused coffee in seconds rather than hours.

According to De'Longhi, the Dedica Duo can recreate the flavor profile of traditional cold brew in less than five minutes.

Image 1 of 3

(Image credit: De'Longhi)Image 2 of 3

(Image credit: De'Longhi)Image 3 of 3

(Image credit: De'Longhi)Espresso with gelato?

The Dedica Duo came in silver, gray, and black colorways, but the Dedica Duo breaks from tradition with a choice of four shades, three of which, according to De'Longhi, are inspired by the pastel colors of gelato. Alongside the classic stainless steel, you can also take your pick from muted green Pistachio, creamy Vanilla, and candy-pink Rose. The colors are part of a bigger overall trend towards soft shades in the kitchen, and away from clinical designs.

KitchenAid kicked things off in February when it announced that its color of the year would be a soft yellow called Butter, and since then we've seen a real shift towards more natural shades, with Kenwood, Breville and others all joining the trend. Just last week, the tiny Nespresso Vertuo Pop machine appeared in Pistachio (to match its pistachio vanilla coffee capsules) and Pastel Yellow.

Each Dedica Duo comes with a matching colored portafilter handle, which is a nice touch. Other design tweaks include a new knurled knob for controlling steam pressure, and controls positioned on top of the machine, leaving the front looking clean and smart.

The De'Longhi Dedica Duo is available to buy now direct from De'Longhi, and from third-party retailers like Amazon and Target for $299.95. International release dates and prices are yet to be announced, but we'll let you know as soon as this cute little espresso machine is available more widely.

You might also like

• The De'Longhi Primadonna Aromatic is one of the best bean-to-cup coffee makers I've ever used – and one of the most expensive
• The Sage Barista Impress is so satisfying to use, I just want to make lattes all day
• Nespresso's pistachio vanilla coffee capsules are delicious over ice, and I can't stop drinking them

• IO Interactive has announced its new James Bond game, 007 First Light
• The game will be revealed during the studio's first IOI Showcase on June 6
• The special showcase will also provide announcements and updates on the Hitman franchise and Mindseye

IO Interactive has announced its new James Bond game, 007 First Light, and it's set to be revealed at a special developer showcase this week.

To celebrate 25 years of the Hitman franchise, the first IOI Showcase will air online and in-person on June 6 at 6 PM PDT / 2 AM BST and provide new details for IOI's franchises, including Hitman, Mindseye, and 007 First Light.

The event will be livestreamed from Los Angeles on IOI’s Twitch, YouTube, and TikTok channels and feature exclusive trailers, announcements, gameplay demos, and a live Q&A with key figures from IO Interactive, Build A Rocket Boy, and more.

#EarnTheNumber in 007 First Light, a new game by @iointeractive. Mission brief is headed your way soon. Stay tuned for more information.#007FirstLight pic.twitter.com/Zk46IqHQfbJune 2, 2025

The studio has also confirmed that it will showcase its proprietary game engine, Glacier, alongside announcements regarding upcoming content for Hitman World of Assassination and collaborations within the Hitman franchise.

There will also be new information on the upcoming narrative-driven action-adventure thriller Mindseye, which launches on June 10 for PlayStation 5, Xbox Series X, Xbox Series S, and PC, as well as a first look at the developer's highly anticipated James Bond game, with presumably a cinematic trailer.

"This event celebrates our 25-years history with the HITMAN franchise and shares an in-depth look at the diverse future of our studio," said IO Interactive CEO Hakan Abrak in a press release. "We’ve prepared some truly exciting surprises."

You might also like...

• Best PC games 2025: the must-play titles you don’t want to miss
• EA has canceled Cliffhanger Games' Black Panther game and closed the studio to 'sharpen our focus' elsewhere
• Sony's Days of Play sale kicks off tomorrow and will bring price cuts to the PS5 Pro, DualSense Edge, the PS5 Call of Duty: Black Ops 6 bundle, and a host of price cuts on accessories and games

• Pokémon Scarlet and Violet had new footage revealed in the Nintendo Today app
• The new footage showcases the game running at 60fps on Nintendo Switch 2
• The image quality is also noticeably much cleaner

Pokémon Scarlet and Violet is set to get a free Nintendo Switch 2 update at the console's launch, as previously revealed on Nintendo's official website.

Now, though, Nintendo has finally revealed footage of the game running on Switch 2, via the Nintendo Today mobile app for iOS and Android devices. And it looks absolutely glorious.

While it's only 30 seconds of footage, we get a good mix of battling and traversal out in the game's open world. Not only is it running at a buttery smooth 60fps, but image quality has taken a noticeable step-up. The game simply looks much sharper and cleaner on Switch 2.

If you're unable to download the Nintendo Today app, popular Pokémon fan page Serebii has uploaded the footage to X / Twitter. Though do keep in mind that the website's ungodly compression doesn't do it any favors here.

Serebii Update: A trailer for Pokémon Scarlet & Violet for Nintendo Switch 2 has been released on the Nintendo Today app https://t.co/gDbXkHSvkT pic.twitter.com/JQlc66YobGJune 2, 2025

Pokémon Scarlet and Violet, representing the series' ninth generation of pocket monsters and originally releasing for the Nintendo Switch in 2022, was heavily criticized at launch. While all the ingredients for a great Pokémon adventure were certainly there, it ran horribly and was riddled with more bugs than Viridian Forest.

Of course, it's not the only game in the series to suffer from being released on underpowered hardware, as Pokémon Sword and Shield and Pokémon Legends Arceus also had their share of performance issues - though certainly not quite to the same extent.

Thankfully, this Nintendo Switch 2 update does seem to put the game in a much better light. It is a shame that Scarlet and Violet had to be rushed out the door the way it was originally, but this will certainly be a nice bonus for folks who have the new console and were looking for a reason to dive back into the game's Spain-inspired setting.

Lastly, it is worth stressing that unlike the Nintendo Switch 2 Edition line-up of games, the Pokémon Scarlet and Violet update is completely free and will simply require players to own the original game either physically or digitally. The update will be available on the Switch 2's launch day of June 5.

You might also like...

• No, you shouldn't peel off the Nintendo Switch 2 screen's protective layer
• Target reveals it will have Nintendo Switch 2 stock next week
• UK retailer Game is canceling some Nintendo Switch 2 pre-orders, so you may want to check yours

• The Google Pixel 10 series could launch a week later than the Pixel 9
• Plus, leaked photos give us a look at the possible design of the Pixel 10 Pro
• And the Pixel 10's ringtone has also leaked

Google announced the Pixel 9 series on August 13 last year, and if anything we’d have predicted the Google Pixel 10 line could land earlier this year. After all, some Pixel superfans are possibly getting to preview the devices as early as June 27, but a new leak suggests the Pixel 10 line will actually land later this year than the Pixel 9 series did last year.

This is according to sources speaking to Android Headlines, who claim the Pixel 10 series will be announced on August 20 – so that’s one week later than last year’s launch.

Pre-orders will likely start the same day, and the Pixel 10 series – which is expected to include the Pixel 10 itself, the Pixel 10 Pro, the Pixel 10 Pro XL, and the Pixel 10 Pro Fold – will apparently ship just over a week later, on August 28.

We would however take this with a pinch of salt, because along with this being a long time after the June 27 event where the devices might get previewed, this would also probably be long after the launch of Android 16.

Typically, Google launches new versions of Android towards the end of the year, but this year it’s shifting its schedule forwards, so it would make some amount of sense to similarly shift its smartphone release dates forward so it has new devices to show the new software off on.

Of course, Google also needs time to actually develop and produce new Pixel models, so it wouldn’t be surprising if the company stuck to an August release for that reason.

Image 1 of 2

A leaked photo of a Pixel 10 Pro prototype (Image credit: Mystic Leaks)Image 2 of 2

A leaked photo of a Pixel 10 Pro prototype (Image credit: Mystic Leaks)

In any case, this isn’t the only new Pixel 10 leak, as photos of what appears to be a Pixel 10 Pro prototype have been shared by someone calling themselves Mystic Leaks (via Android Authority).

The images – some of which you can see above – show a phone that looks a lot like the Pixel 9 Pro, but with a thinner metal border around the camera bar, and the SIM card tray repositioned to the top edge.

The photos also show the phone running an app that displays some specs, including the expected Tensor G5 chipset, 16GB of RAM, and 256GB of storage.

While we'd take this leak with a pinch of salt, it certainly looks convincing, and matches up with leaked Pixel 10 renders.

An adventure in sound

Finally, what’s purportedly the Google Pixel 10 ringtone has also been shared, along with some system sounds.

You can hear them in the YouTube video from theVakhovske above (via Android Headlines). The ringtone is apparently called ‘The Next Adventure’, which would make for a similar naming scheme to the Pixel 9’s ‘Your New Adventure’ ringtone.

Based on past form though it’s likely that these sounds will make their way to older Pixel devices too, so you probably won’t have to buy a Pixel 10 model to get them.

You might also like

• Google Pixel 10 rumors – 5 things we think we know and 3 we don't
• Best Google Pixel phones: our reviews help you choose the Google phone that's right for you
• Google Pixel 9 Pro review: the AI phone is here, but the future is not

• DLC and two player support is coming to Elden Ring Nightreign
• This was confirmed by FromSoftware in a recent social media post
• The studio also revealed that the game has sold more than 3.5 million units

Elden Ring Nightreign developer FromSoftware has confirmed that the game will receive a two-player mode later this year.

The news comes from a recent post by the studio's Japanese-language X / Twitter account, which also revealed that the game had sold more than 3.5 million units.

"The total number of copies shipped worldwide for Elden Ring Nightreign has exceeded 3.5 million. Thank you to everyone who has been playing," the post, which we have machine translated, read.

"We will continue to provide post-launch support, including DLC ​​scheduled for release this year, as well as adding a two player mode," it continued.

The news of an incoming two player mode will likely come as a great relief for some. Currently, Elden Ring Nightreign only supports matches of one or three players. This unusual number makes it a little tricky to team up with friends, as you need get two people who own the game online and ready to play at the same time.

When you factor in the lack of cross-platform matchmaking, it can really limit your ability to play when you want to.

The announcement of some downloadable content (DLC) is significant too. Given the online nature of the game, it seems fair to expect that it will receive a number of updates and additions in the following weeks and months.

Finally, the post concluded by stating that "we plan to release enhanced versions of the existing 'Kings of the Night' from this month onwards, so we hope you will continue to enjoy the game."

It's a little unclear what this means, though it will likely be an updated version of some of the game's existing bosses.

If you're keen on trying the game before this new content arrives, Elden Ring Nightreign is available now for PC, PlayStation 5, PlayStation 4, Xbox Series X and Series S, and Xbox One.

You might also like...

• Tom Clancy's The Division 2 developers explain why the Battle for Brooklyn DLC is the perfect starting point for new players
• No, you shouldn't peel off the Nintendo Switch 2 screen's protective layer
• RoboCop: Rogue City - Unfinished Business is more of the same, but that’s not a bad thing

• Microsoft Copilot study claims major timesaving and productivity gains across UK government
• 20,000 civil servants gained access to Copilot, with striking results
• Timesaving amounted to around two weeks per person per year

Using AI tools such as Microsoft Copilot could help civil servants save weeks of work over the course of a year, new government research has claimed.

The UK government had 20,000 civil servants across 12 different organizations use Microsoft Copilot over the course of several months, using the service to draft documents, take meeting notes, search internal information, and even personalize recommendations to unemployed job seeker benefits claimants.

The study claimed to find major productivity and efficiency boosts from using Copilot, with the workers saving on average between 19 and 24 minutes per day — amounting to around two weeks per person per year.

Copilot timesaving

The study, which took place over September 30 to December 31 2024, says these savings were the equivalent of giving a full year back to 1,130 people, allowing them to focus on higher-value tasks rather than admin-based work.

“These findings show that AI isn’t just a future promise – it’s a present reality," commented Technology Secretary Peter Kyle.

“Whether it’s helping draft documents, preparing lesson plans, or cutting down on routine admin, AI tools are saving civil servants time every day. That means we can focus more on delivering faster, more personalised support where it really counts."

The study also signified the largest deployment of Microsoft Copilot in UK government to date, with workers utilizing the platform across the likes of Word, Excel, PowerPoint, Outlook, and Teams.

"AI is the most transformative technology of our time and we’re already seeing its potential to reshape public service delivery," noted Darren Hardman, CEO, Microsoft UK.

“This could unlock new levels of growth, efficiency, and innovation for the country. The Government’s Microsoft 365 Copilot experiment shows what’s possible when people are empowered with the right tools: 26 mins per day (almost 2 weeks per year) less time on admin, more time delivering what matters. And the really exciting part is, this is just the beginning.”

You might also like

• These are the best online collaboration tools for workers
• Most workers are greatly overestimating their AI skills
• Over half of UK businesses who replaced workers with AI regret their decision

Would you trust AI tools to secure your most sensitive data and workflows in SaaS apps? Or allow it to integrate with your SOC tools? Welcome to the new wave of agentic-driven SaaS security.

SaaS apps are the backbone of business operations. But they’ve also become one of the most under-protected parts of the enterprise attack surface. The rapid adoption of platforms like Microsoft 365, Salesforce, and ServiceNow has made managing risk and complexity significantly more difficult for organizations.

Traditional security tools haven’t kept up

Traditional security tools haven’t kept up. Most were built for networks and endpoints, not for the fluid, API-driven, user-centric nature of SaaS. Cybersecurity teams are overwhelmed with alerts, logs, and sprawling permission models. Can AI help them?

Generative AI (or GenAI) can automate and streamline many parts of the security workflow, but its real value comes from enhancing the capabilities of human cyber analysts. In SaaS environments, where visibility is fragmented and telemetry is overwhelming, GenAI brings speed, scale, and contextual understanding that humans alone can’t achieve in real time.

Here’s how and why GenAI is becoming indispensable for SaaS security.

1.Scaling Security Operations Without Scaling Headcount

SaaS ecosystems grow rapidly, often beyond what security teams can track. Every new app, user, and integration adds risk.

GenAI enables organizations to scale by:

• Automating alert triage and enrichment
• Recommending remediation steps
• And streamlining investigation workflows. This reduces analyst fatigue and lets teams focus on strategic, high-value tasks.

Instead of drowning in logs, security teams can focus on strategic analysis and incident response. GenAI acts as a force multiplier, freeing up human analysts for deeper work.

2.Silencing the Noise and Prioritizing Real Threats

The average security operations center (SOC) deals with tens of thousands of alerts daily. Most of these are noise, but buried within are the handful of events that actually matter. GenAI helps cut through the fog.

By analyzing data across multiple SaaS tools and ingesting telemetry in real time, GenAI can:

• Identify behavioral anomalies faster
• Highlight privilege escalation attempts or lateral movement
• And correlate user activity with known threat indicators.

This isn’t just automated alerting. It’s contextual decision support, which helps analysts zero-in on what truly matters for their organization, not just what happened.

3.GenAI Turns Security Teams Into SaaS Experts

SaaS platforms are like conveyor belts in a high-speed factory.

At first, everything runs clean and smooth. But over time, more integrations, add-ons, custom workflows, and user roles get added. Each one is like a new package being dropped onto the belt. As the belt moves faster, representing rapid innovation and business needs, these add-ons get reconfigured and repackaged through frequent updates.

New features are deployed, old ones deprecated, and access controls shift to match evolving use cases. From the outside, it all looks seamless. But underneath, the belt is overloaded and accelerating. Without continuous inspection, it’s easy for a broken piece, a mislabel, or an unsecured package to slip by, introducing risk downstream.

SaaS platforms are nuanced, and each has its own ecosystem of roles, permissions, APIs, and configuration nuances. Imagine being tasked with inspecting this conveyor belt in real time; flagging faulty components, tracking changes, and ensuring nothing dangerous makes it into the final product. Most security teams don't have the luxury of having a deep expert on every SaaS platform in their stack.

That’s where GenAI comes in. It fills that gap by:

• Acting as a domain-specific tutor for security analysts
• Offering contextual guidance on specific SaaS configurations
• Mapping risks based on real-time configuration and activity data
• And automatically triaging and prioritizing threats and configuration vulnerabilities.

Like an intelligent scanner that watches the entire belt, GenAI understands what’s normal, and instantly flags anything suspicious before it causes a data exposure or a breach.

4.Enhancing Security Analysis with SIEM and SOAR Tools

Can GenAI integrate seamlessly with SIEM, SOAR, and data lake tools? Yes it can. GenAI can provide comprehensive analysis of incidents across cloud, SaaS, and endpoint data sources.

Instead of users having to manually piece together information from various alerts and logs, GenAI can automatically analyze the data and provide a coherent, prioritized summary of the situation. GenAI can correlate data across different sources (threat detection, identities, configurations, policies, etc.) to provide more comprehensive and contextualized insights.

It can also proactively analyze the data, identify high-risk issues, and provide detailed investigation and remediation plans. This allows security and IT teams to be more proactive instead of reactive, as the AI can surface and triage the most critical issues without the user having to manually search through all the data.

Reducing effort

Lastly, by automating the correlation, contextualization, and initial triage of security alerts and findings, GenAI can significantly reduce the manual effort required by security teams.

This allows security practitioners to focus on the most critical issues and higher-level analysis, rather than getting bogged down in the time-consuming task of data sifting.

This allows GenAI to become the "first line user" of the security tools, automating many of the initial triage and investigation steps.

GenAI brings four key advantages to SIEM, SOAR, and data lake tools:

• Reduces false positives by understanding context across systems
• Speeds up investigations by summarizing cross-platform events
• Reduces manual effort by threat hunting and investigating proactively from their SOC tools to include data from the SaaS domain or similar
• And enhancing investigations by integrating expert, SaaS-aware AI agents into SOC tools.

Now, what are the considerations for organizations in utilizing GenAI for SaaS security?

SOCs Must Evolve to Detect AI-Empowered Threats

It’s not just defenders using GenAI. Attackers are too. Threat actors now use AI to craft spear-phishing (or whale-ing) messages, clone voices for social engineering, and generate synthetic data to evade detection.

SaaS is a soft target in this new paradigm. SOCs and threat hunters must adapt by:

• Detecting subtle, low-noise, AI-assisted attacks
• Investigating identity misuse and session hijacking with AI-powered forensics
• And using GenAI to surface anomalies invisible to traditional detection tools.

As adversaries up their game with GenAI, defenders must do the same or fall behind.

GenAI Must Be Secured Like Any SaaS Tool

GenAI itself is typically SaaS based or is embedded in SaaS applications. With AI-enabled apps becoming common, the risk of inadvertent data loss that cannot be clawed back or malicious data theft is a concern for corporations. GenAI data governance and securing integrations between solutions with embedded AI is important to meet compliance and data sovereignty requirements.

The more GenAI is integrated into the security workflow, the more access it has to sensitive data. That makes GenAI itself a high-value target.

Security leaders must:

• Treat GenAI platforms as sensitive SaaS apps with proper access controls
• Demand transparency from GenAI providers on model training data, subprocessor use, and retention policies
• And evaluate models not just on performance, but also on their security posture.

The biggest risk in GenAI is assuming it’s safe by default. AI risk is “blind risk” or invisible until it causes serious damage.

Security First, Everything Else Second

The flood of new GenAI models and tools creates real pressure to chase shiny new objects. But switching between AI solution providers without a clear security review process can expose organizations to data leakage or compliance failures.

Organizations should prioritize:

• Providers with strong model isolation and data governance controls
• Tools that meet the organization’s existing SaaS security guidelines
• And fit-for-purpose models aligned to the intended use case (e.g., writing, analysis, summarization).

Performance, cost, and latency are all important. But none outweigh the need for security.

GenAI Is the Future of SaaS Defense

The convergence of SaaS adoption and GenAI innovation marks a pivotal moment for cybersecurity. As attackers become more sophisticated, and SaaS environments more complex, security teams must embrace the power of GenAI. It's no longer just about staying competitive; staying secure is now on the line.

The next generation of security operations will not be run solely by humans or AI, but by a partnership between the two. GenAI is not just a tool, but an incredible security multiplier.

We've compiled a list of the best time management apps.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Vanta admits it introduced a bug in its code
• The bug resulted in a small subset of customers having data exposed
• The error is being fixed, and affected customers notified

Security and compliance automation company Vanta has confirmed sharing sensitive customer data with other customers by mistake.

In a statement (via TechCrunch), the company said a change it had made in the code resulted in a security breach. In it, some sensitive data from a small subset of customers was shared with other customers.

The incident was spotted on May 26, and remediation efforts are currently underway, with the process set to finish by June 4.

Hundreds of victims

As a result of the incident, “a subset of data from fewer than 20% of our third-party integrations” was exposed to other Vanta customers, the company’s chief product officer Jeremy Epling said.

He added that fewer than 4% of Vanta customers have been affected, and they have already been notified.

Since the company has more than 10,000 customers, that would put the breach at up to 400. At the same time, the data breach notification letter Vanta sent out says that the data typically includes employee names, roles, and information about different tools, such as 2FA. The company did not confirm exactly what type of data was grabbed.

Vanta is a security and compliance automation platform that helps businesses achieve and maintain certifications like SOC 2, ISO 27001, HIPAA, and GDPR more efficiently through continuous monitoring and integrations.

Among its customers are Atlassian, Omni Hotels, Quora, and ZoomInfo.

You might also like

• Iranian hackers pose as journalists to push backdoor malware
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• Ballerina: From the World of John Wick shouldn't be called a spin-off, its director says
• The film series' latest entry is set between the third and fourth John Wick movies
• It "expands on the mythology" of the action thriller franchise, he adds

Ballerina director Len Wiseman has rejected claims that the John Wick film franchise's latest entry is a spin-off.

Speaking to TechRadar ahead of the movie's release, Wiseman argued that it should actually be called a "spin-on" – i.e. a film that puts its own spin on a film franchise's well-established formula.

Wiseman admits that very few people, if anyone, will have heard the phrase "spin-on" before. Nevertheless, he insists that the Ana de Armas-starring film is "fully connected" to the movie series' other entries – and not just because Wick appears in it.

Ballerina's first trailer raised eyebrows about Wick's inclusion. After all, at the end of John Wick Chapter 4, Keanu Reeves' iconic hitman was – spoiler! – presumed dead. With John Wick 5 in early development, though, it's likely that the well-dressed assassin hasn't taken his last breath.

However, Ballerina takes place between John Wick Chapter 3: Parabellum and its sequel, which is why Reeves' gun-for-hire is, at this point on the John Wick timeline, still alive and kicking. For more on said timeline, read my guide on how to watch the John Wick movies in order.

But I'm getting off-track. With Ballerina set between Parabellum and John Wick Chapter 4, plus Reeves' involvement in its story, the franchise's latest entry should be viewed as the mainline series' newest flick. It's for that reason that Wiseman has coined the "spin-on" moniker for one of 2025's highly anticipated new movies.

When I ask him if Ballerina should be labeled an "in-between-quel" – another industry term for a movie that's set between two other films – Wiseman replied: "Yeah, it is. I've seen people call it a spin-off, which is really misleading.

"Ballerina's events mostly run parallel to John Wick Chapter 3: Parabellum. We're really building out the world of John Wick, so it's more of a 'spin-on' than a 'spin-off'. I know that's not a phrase, but it should be!"

John Wick will have a supporting role to play in Ballerina (Image credit: Lionsgate)

Asked to explain how Ballerina explores the movies series colloquially known as the 'John Wick universe', Wiseman added: "One of the things that first attracted me to this film was the mythology of John Wick and how layered it is.

"Here, we're able to dive deeper into that mythos and explore the Ruska Roma, who we've met in previous movies. Before, we've seen this group through John Wick's eyes and his experiences [with them]. Now, we get to sift through the layers of their folklore, and try to balance that with what was previously established. We had a ton of fun with that and I think audiences will appreciate it."

Ballerina: From the World of John Wick lands in theaters worldwide on June 6.

You might also like

• Ballerina's official trailer suggests Keanu Reeves' John Wick will have a bigger role to play in the spin-off film than we thought
• Inside The Continental, the John Wick Prime Video prequel series that trades gun-fu for expressive ‘disco noir’
• The Continental is a risky John Wick TV spin-off that lacks Keanu Reeves' star power – and it shows

Automation has been a cornerstone of industrial revolutions throughout history, driving productivity, efficiency, and profitability. From Britain’s late 18th and 19th-century industrial revolution to the United States’ post-World War II boom, automation has radically transformed economies and societies.

Today, we stand on the brink of a new wave of automation, powered by agentic AI, which promises to revolutionize business operations in unprecedented ways. In fact, our recent research found that 82% of organizations plan to integrate AI agents by 2027.

What are AI agents, really?

AI agents are, at their core, software programs that interact with their environment, collect data, and autonomously perform tasks to meet predetermined goals. They represent an evolution from traditional automation technologies like robotic process automation and machine learning that have powered enterprise operations for the past two decades.

An agentic AI workflow employs technology such as Large Language Models (LLMs) that perform specific tasks and integrates these in a system that can interact with users and perform tasks autonomously and effectively. Unlike their predecessors, AI agents can perceive, reason, and act in changing environments to achieve their goals, often deciding independently how to reach them, thanks to the explosion in advanced reasoning capabilities of LLMs in recent years.

The benefits of agentic AI in enterprises are widespread. We will undoubtably see enhanced customer service, IT support, and overall business functions because of agentic systems in the coming years. By automating complex tasks and integrating with external tools such as web searches, APIs, and dedicated databases, AI agents can execute more sophisticated tasks and collaborate with each other, driving productivity and efficiency.

Businesses can use agentic AI to improve and differentiate their offers to customers ahead of competitors, adding communication channels and styles that appeal to specific customer bases. They will also reduce the cost of operations as trust in agents is built, and human oversight is reduced.

How to make AI agents that can transform organizations

To build agentic AI systems that deliver real impact and return on investment, businesses have a clear set of tasks. AI agents must have defined roles, need to be able to easily find and locate the data they will use, seamlessly define the tasks or goals they will execute, and set boundaries with guardrails.

Multiple agents, each with its own specialized role, can cooperate in a decentralized structure to solve more complex tasks collaboratively. For example, in processing insurance claims, one agent verifies documentation, another evaluates policy criteria, and a third processes payments, completing the task jointly and the user only needing to engage with one interface.

As organizations transition toward agentic systems, it’s vital that leaders collaborate closely with AI specialists to effectively design and streamline these processes. Integrating AI agents into existing systems can be complex and disruptive if not managed carefully. Building an architecture that accurately reflects real-world activities requires creating digital descriptions and definitions of business operations.

Clearly defined tasks can then be mapped to AI agents as needed. Designing systems for human/AI collaboration needs to be front of mind, ensuring that AI agents collaborate seamlessly with human workers. This involves careful orchestration to maintain human oversight and compliance with safety regulations.

Data quality and optimization is an easily-overlooked element to consider for the entire agentic architecture. Fragmented data will block AI agents from working effectively. Organizations must assess data quality, implement robust governance and security measures, develop pipelines for real-time data availability, and continuously enhance processes through feedback loops.

Governance strategies are also essential for managing AI agents. Human intervention must be a safeguard in case decision-making from AI agents appears to be biased, inaccurate, or breaches company ethics. Testing for compliance and failure, including for bias, fairness, and operational performance, is non-negotiable.

Systematic logging of agent activity, capturing performed tasks, actions taken, evaluation metrics, and the agent’s internal state, is necessary for effective monitoring and error tracing.

Use of agentic AI across industries

The integration of AI agents in various sectors is already underway, and there are huge benefits to be reaped for enterprises. In customer service, we’re seeing AI agents automatically draft responses to customer queries based on historical interaction data, taking ownership of client issues and resolving them without human input.

For example, an AI agent can request more information from a customer, analyze the enquiry, and offer a solution, even overriding standard procedures if circumstances justify making an exception. This level of autonomy and adaptability enhances customer satisfaction and loyalty.

In financial services, AI agents can create personalized investment strategies and dynamically monitor client portfolios. They can also detect fraud by identifying suspicious transactions and initiating appropriate responses.

Looking at life sciences, AI agents can support drug discovery by extracting actionable insights from drug mechanisms, disease progression, and clinical outcomes. They can refine clinical trial design and monitor real-time data for mid-trial adjustments, improving the efficiency and effectiveness of research.

Manufacturing and retail sectors can also benefit from AI agents. Smart camera-based process monitoring can improve shopfloor performance and safety compliance, while agentic systems monitor shelves in-store and warehouses, automatically triggering stock replenishment using stock-keeping unit codes.

The future of agentic AI

The agentic AI future is here, and it’s set to revolutionize business operations. Organizations must seize this moment to review their processes for suitability and unlock unprecedented gains in productivity and cost saving. As expertise in adoption spreads, more sectors will join the agentic AI journey, transforming how we work and interact.

By harnessing the autonomous, goal-oriented, and adaptive capabilities of AI agents, enterprises can supercharge their functions and stay ahead of the competition. The future of business is agentic, and the time to embrace this transformative technology is now.

I tried 70+ best AI tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Hello and welcome to our coverage of InfoSecurity Europe 2025!

Held at London's Excel center, Infosec 2025 (as everyone actually calls it) is one of the biggest security-focused events on the calendar, packed with big names, informative talks, and news from the biggest firms around.

We're here in London and live on the ground for Infosec 2025 - here's what we've seen so far!

Good morning from InfoSecurity Europe 2025! We're here at the Excel, and off to collect our badge before heading in.

Despite it being June, it's a cloudy and blustery day here - let's hope things are warmer inside...

(Image credit: Future / Ellen Jennings-Trace)

We're heading in to the show now!

As you can see from our pictures, the theme of Infosec 2025 is "Building a Safer Cyber World" - something you can bet we'll hear more about over the next few days.

(Image credit: Future / Ellen Jennings-Trace)

(Image credit: Future)

We're now seated for a super packed keynote, plenty of people are standing - so this is clearly a popular one! We're about to hear from Graham Cluley, host of the Smashing Security Podcast who'll introduce us all to Infosec's 30th year!

• Netflix's latest crime drama series Dept Q has received a lot of praise from viewers
• At the time of writing, it has a solid 81% Rotten Tomatoes score
• The Guardian called it a "grimy, gothic treat" in their 4-star review

With so much to choose from on Netflix, it's easy to let good shows pass us by. That's why you should make time to watch Dept. Q, a fantastic new crime series which has been hailed as a "grimy, gothic treat" by The Guardian.

Dept. Q currently has an 81% Rotten Tomatoes score, meaning it can grab a spot on our best Netflix shows list. Since its release, it's received a lot of praise from viewers and critics alike, with many binge-watching the nine-part series.

Take a look at the trailer below for a peek at what people are raving about.

Why are people loving Dept. Q?

People on social media have praised Dept. Q, highlighting the "next level" acting from Matthew Goode. Some have even called for a second season to be greenlit, because it's just that good.

Dept Q on Netflix is such a good crime thriller . Matthew Goode's acting was next level !I hope they make season 2 of this series .#DeptQ #DepartmentQ #Netflix pic.twitter.com/KzTdARCO0fMay 30, 2025

I finished the rest of the #Deptq episodes last night.I can't say enough about how good Goode's performance is in this one. I think with a better overall mystery, this show has the potential to be one of the best. The ending was emotional and I can't wait for another season. pic.twitter.com/dldDTlnP0TMay 31, 2025

While we currently have no word on Dept. Q's future, it would definitely be nice to see it return to one of the best streaming services. I've always been a huge fan of police dramas, most recently the outstanding BBC series Line of Duty, and one of its stars, Kelly Macdonald, appears in Dept. Q as well.

She joins a brilliant cast alongside Goode, Mark Bonnar, Jamie Sives, Shirley Henderson, and Kate Dickie, whose performances really do elevate this gritty, nail-biting drama.

The series follows the creation of a new police unit, a cold-case division formed "in hopes of generating good press for a beleaguered Edinburgh police department."

It was created by Scott Frank, who co-created the brilliant Netflix show The Queen's Gambit, and it's safe to say he's done it again here.

While the two shows are very different, he's definitely had people glued to their television sets, and we can only hope that Dept. Q comes back for another round.

You might also like

• Stranger Things season 5 release dates have been revealed, and Netflix has turned my 2025 festive season plans upside down
• 8 new horror movies on Netflix, Shudder, HBO Max, and more in June 2025
• Netflix has 3 of my favorite crime movies of all time to stream right now, for both fun and dramatic moods

• Asus is trying to persuade those who can’t upgrade their Windows 10 laptop to switch to a Copilot+ PC
• This is ignoring concerns about millions of PCs heading to the scrapheap because of Windows 11’s spec requirements
• Asus is also overselling the abilities of Copilot+ PCs, which just aren’t that impressive overall – not yet, anyway

For some time, Microsoft has been urging folks with a Windows 10 PC that can’t upgrade to Windows 11 that they should buy a new computer, preferably a Copilot+ PC – and Asus is now playing that same tune.

Windows Latest noticed a post from Asus about why now’s the time to switch to Windows 11, and to consider upgrading to a Copilot+ device (from Asus, naturally).

This is aimed at folks who are in the unfortunate situation where their Windows 10 laptop is too old to support the stricter hardware requirements of Windows 11, and so they can’t upgrade. Notebooks with older CPUs are left out in the cold, of course, as you can’t switch out those parts like you can with a desktop PC.

Asus reminds us that Windows 10 runs out of support in October 2025, which is rapidly approaching, and that you shouldn’t run an OS without security updates, which is certainly true.

The laptop maker then moves on to persuade us that what everyone in this situation needs is a new Windows 11 notebook, and that what makes these devices different is one word: Copilot.

Moreover, Asus argues: “But here’s where it gets even better: with Copilot+ PCs, Windows 11 takes the AI experience to a whole new level. These devices are equipped with an NPU – a dedicated AI processor, specifically designed to handle AI tasks locally, making your experience smoother, faster, and more secure.

“If your current laptop isn’t up to snuff for Windows 11 or Copilot+, this is the perfect time to upgrade to a device that’s built for it.”

Thereafter follows a series of plugs for Asus Vivobook models, Copilot+ PCs with both Snapdragon (Arm-based) and traditional Intel processors.

(Image credit: Photo by Tom Fisk via Pexels)Analysis: Landfill woes and unwise overselling

The problem with these marketing campaigns, which are nudging people to simply dump their Windows 10 PC, is that this isn’t a very green-friendly perspective to serve up.

Going way back, there have been alarm bells rung about potentially towering piles of scrapped PCs heading to landfills later this year, thanks to Microsoft’s policy of enforcing steeper system requirements with Windows 11. If it wasn’t for some of those – generally security-related – measures, those folks could upgrade to the newer OS just fine and keep their current laptop (or indeed desktop PC).

So, when companies like Microsoft and now Asus push the benefits of throwing out old hardware for a shiny new Copilot+ PC, you can see why this frustrates organizations that are working to promote eco-friendliness in one way or another.

At any rate, if your laptop isn’t compatible with Windows 11, is it really ready for the bin when October 2025 and the End of Life for Windows 10 rolls around? Of course not – one option is that you can pay to extend support for a year.

That’s a choice Microsoft has provided for consumers for the first time ever, actually, likely to placate those with the aforementioned environmental concerns – though it’d be good if this support could be extended even further. (It can be for businesses, but we don’t know if that’ll be the case for everyday users).

Another option is switching to Linux, of course, as has been highlighted recently.

The other problem with the argument Asus presents here (and Microsoft is guilty of this too) is that it’s overselling the ability of Copilot+ PCs. While there are some impressive powers for these devices – like improved (natural language) Windows 11 search, and the same search trick in Settings too – most of the AI exclusives for Copilot+ devices aren’t overly compelling (Recall included right now).

While Copilot+ laptops may eventually take your Windows 11 computing experience to ‘another level’ as Asus mentions in its blurb, we definitely aren’t there yet. This is marketing fluff, essentially, and while that’s hardly unexpected, companies need to be careful about how they’re framing these kinds of posts, given the environmental concerns in play here.

No, you can’t keep your PC running forever, but Microsoft and its partners need to be more thoughtful about the state of tech landfill and our planet. And I’d really like to see Microsoft confirm extended support for updates to consumers for more than just a year, without making that additional time prohibitively expensive.

You may also like

• Windows 11 fully streamlined in just two clicks? Talon utility promises to rip all the bloatware out of Microsoft’s OS in a hassle-free way
• Windows 11 is still my favorite OS, ads and all
• Microsoft looks to be making a big change to how you install and log in to Windows 11 – and I’m not happy about it at all

• We're just days away from the Switch 2 launch on June 5, 2025
• A safety manual reveals the Switch 2 has a protective film layer as part of its screen
• If you're getting a Switch 2, don't try and peel it off ... though it's not a traditional screen protector

The Nintendo Switch 2 is nearly here, and we’re still learning more about the console in the short lead-up until the June 5, 2025, launch. Case in point, Nintendo of Europe has shared the Nintendo Switch 2 safety manual as a PDF online.

While it contains standard operating instructions we’d expect for a portable game console, Nintendo Soup spotted that it tells us a bit more about the display. Mainly, “The screen is covered with a film layer designed to prevent fragments scattering in the event of damage. Do not peel it off.”

That brings back memories of the original Galaxy Fold for some, including myself, but this is less a screen protector and more a layer of the display. Even so, Nintendo is making it as clear as possible, as a key bullet, and reminding folks not to risk removing it. In the unfortunate event that you drop the Switch 2 and crack the display, the film layer could prevent the crack from spreading.

@techradar

♬ original sound - TechRadar

Now, this film layer isn’t exclusive to the Switch 2, as it’s found in most glass displays to prevent further injury from a cracked screen. You don’t want splints or pieces of glass going everywhere. It’s not a knock on the Switch 2’s durability by any stretch, and the Switch OLED features a similar layer.

Further, if you want to add another layer of protection to the Switch 2’s 7.9-inch display, you can still affix a screen protector. And keep in mind, this film layer isn't a screen protector in the traditional sense.

The rest of the manual has some other helpful operating tips that are all pretty standard for a portable game console. You can see it in full here.

If you’re lucky enough to be holding a successful preorder for the Switch 2, you’re only just days away from receiving the gaming system. But if you’re like me and countless others, you might still be on the hunt for a console. You can check out TechRadar’s live blog tracking pre-orders and, come launch day, the ready availability of the console.

Though if it’s anything like previous Nintendo launches or, say, the PS5, don’t be surprised if the Switch 2 is hard to find.

You might also like

• Target reveals it will have Nintendo Switch 2 stock next week
• I spent four hours with Nintendo Switch 2, and it hasn't just exceeded my expectations – it's blown them away
• Nintendo Switch 2: everything you need to know, from pre-orders and price to exclusive games and launch titles

• GangExposed leaks sensitive information and PII on key ransomware figures
• Among them are Stern and Professor
• Stern's identity was confirmed by German police

A mysterious leaker has been spotted unveiling the identities of some of the world’s most wanted cybercriminals, including the masterminds behind Conti and Trickbot ransomware, infamous groups responsible for some of the biggest extortions in modern history.

Recently, The Register spoke to an anonymous individual that goes by the alias GangExposed, who said they are on a personal mission to “fight against an organized society of criminals known worldwide”.

"I take pleasure in thinking I can rid society of at least some of them," GangExposed said. "I simply enjoy solving the most complex cases."

Doxxing Stern

One of the people they doxxed is Stern, the leader of Trickbot and Conti ransomware operations. They claim Stern is actually one Vitaly Nikolaevich Kovalev, a 36-year-old Russian national. His identity was later confirmed by German police.

"The subject is suspected of having been the founder of the 'Trickbot' group, also known as 'Wizard Spider,'" the Federal Criminal Police Office of Germany said recently. "The group used the Trickbot malware as well as other malware variants such as Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol."

Soon after, GangExposed doxxed another key figure, AKA Professor. Behind this alias, they claim, is a 39-year-old Russian named Vladimir Viktorovich Kvitko. Kvitko is allegedly living in Dubai.

Besides naming key figures, GangExposed leaked chat logs, videos, and ransom negotiations.

The leaker claim not to be an “IT guy” and that the methodology relies on observing patterns that others have missed:

"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," they told the publication.

"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than those of most subjects of my investigations."

To uncover the identities of infamous cybercriminals, they used data obtained via "semi-closed databases, darknet services (for probing state records through corrupt officials), and I often purchase information. I have access to the leaked FSB border control database," they added, claiming to have purchased them from the darkweb for $250,000.

An interesting detail is that they could have claimed at least $10 million in bounty from the FBI, but have apparently decided against it - leading some media to speculate they are a disgruntled former member just looking for revenge, while others believe grabbing the bounty could incriminate themselves, as well.

You might also like

• Conti ransomware group officially shuts down - but probably not for long
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• AMD’s Zen 1 tech gave Hygon a head start, but catching up is difficult
• Sugon and Hygon's merger aims at Intel and AMD, but performance proof still remains elusive
• With SMT4 potential, Hygon eyes elite territory in the race for the fastest CPU

A major consolidation is underway in China’s semiconductor industry after two key players, Hygon and Sugon, announced their merger.

The deal represents an effort to strengthen China’s capabilities in high-performance computing, potentially posing a serious challenge to US chipmaking giants Intel, AMD, and Nvidia.

While the merger appears formidable on paper, its global impact remains uncertain due to technical, political, and market constraints.

An integrated force in supercomputing

This implies the use of SMT4 (simultaneous multithreading with four threads per core), a technology only IBM has deployed at scale, beginning with its POWER7 architecture in 2010.

Hygon’s chip development roots trace back to a 2016 licensing deal with AMD, which gave it access to the Zen 1 CPU design and x86-64 architecture.

Although the resulting chips, branded as Dhyana, have remained modest compared to AMD’s EPYC line, they have seen adoption in China, including support from Linux kernel developers and Tencent.

Sugon has also used Dhyana processors in various systems, including a supercomputer that once ranked 38th on the TOP500 list.

While these chips are not on par with the world’s fastest processors, they reflect a long-standing collaboration and a continued push for Chinese alternatives.

On the political front, both Hygon and Sugon remain on the US Bureau of Industry and Security’s Entity List.

This designation restricts access to American technologies over national security concerns and raises questions about how much the new entity can innovate independently of U.S. intellectual property.

For now, the power and competitiveness of the new chip remain unclear.
However, the technical leap required to rival AMD’s Threadripper or Intel’s Xeon, often cited among the world’s fastest CPUs, is significant.

Via TheRegister

You might also like

• Upgrading to Windows 11 got easier with Microsoft's new business backup tool
• Check out the best 3D modeling software for 3D printing and more
• We've rounded up the best portable monitors available now

• Unit 42 found a website spoofing a known German modelling agency
• The site carries obfuscated JavaScript which exfiltrates system information
• In the future, it could host malware or steal login credentials

Iranian hackers were found spoofing a German modelling agency in an attempt to gather more information about their targets’ devices.

This is according to a new report from Palo Alto Networks’ Unit 42, which also claims that full functionality of the campaign, which could include malware delivery or credential harvesting, has not yet been achieved.

Unit 42 says that while monitoring infrastructure they believe are likely tied to Iranian threat actors, the researchers found the domain “Megamodelstudio[.]com”. After browsing through the site a little, they determined it was a spoofed version of megamodelagency.com, a legitimate modelling agency based in Hamburg, Germany.

Selective targeting

The two websites are seemingly identical, but there are a few key differences. The malicious one, for example, carries an obfuscated JavaScript designed to capture detailed visitor information.

Unit 42 says the script grabs information about browser languages and plugins, screen resolution information, as well as timestamps, which allow the attackers to track a visitor’s location and environment.

The script also reveals the user’s local and public IP address, leverages canvas fingerprinting, and uses SHA-256 to produce a device-unique hash. Finally, it structures the collected data as JSON and delivers it to the endpoint /ads/track via a POST request.

“The likely goal of the code is to enable selective targeting by determining sufficient device- and network-specific details about visitors,” Unit 42 said.

“This naming convention suggests an attempt to disguise the collection as benign advertising traffic rather than storing and processing potential target fingerprints.”

Another key difference is that among profile pages of different models, one is fake. That page is currently not operational, but Unit 42 speculates it could be used in the future for more destructive attacks, dropping malware or stealing login credentials.

The researchers concluded, “with high confidence”, that the Iranians are behind the attack. They’re somewhat less confident about the exact group behind it, speculating that it might have been the work of Agent Serpens, also known as Charming Kitten, or APT35.

You might also like

• Iranian hackers pose as journalists to push backdoor malware
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers