TechRadar News

A US Senator has presented a new bill to secure the networks of the country's telecommunication companies targeted by the China-linked Salt Typhoon hacking group.

What's considered to be the largest intelligence compromise in US history sparked a call to all US citizens to switch to encrypted communications last week. At least eight of the country's largest telecoms were hacked to spy on their customers' activities, including AT&T, Verizon, and Lumen Technologies.

The Secure American Communications Act would require the Federal Communications Commission (FCC) to "fix its own failure" and fully implement the cybersecurity rules under the 1994 legislation. US telecoms are also required to submit annual security tests and audits to the FCC.

A turning point?

"It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules," said Ron Wyden, US Senator of Oregon who announced the bill.

Under the 1994 Communications Assistance for Law Enforcement Act (CALEA), the FCC was already expected to ensure telecom operators secure their systems against unauthorized access – something that, apparently, the watchdog never did fully.

"Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security," said again Wyden.

"Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies."

The Secure American Communications Act is the third proposal Wyden presented so far in a bid to beef up the security of US communications networks.

While Salt Typhoon hackers reportedly targeted at least 8 American telecommunication networks, the Chinese cyber-espionage campaign seems to be a lot bigger as 'dozens' of countries may be affected. (Image credit: Medium)

As per Wyden's latest proposal, US telecoms will need to implement specific cybersecurity requirements to prevent external interceptions, while conducting both internal and independent evaluations on their systems every year.

In the meantime, new cybersecurity practices come into force, and the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have shared security recommendations for both customers and enterprises.

According to experts, US citizens should secure all their communications with encryption. This technology is used by the likes of WhatsApp, Signal, or secure email like Proton Mail, to scramble data into an unreadable form to prevent third-party access – ensuring communications remain private.

FBI officials also suggest keeping your smartphone up-to-date and enabling two-factor authentication whenever possible to protect your accounts against phishing attacks.

If you're looking to secure your enterprise network, CISA's security tips to stay protected are then a must-read.

• Pokémon x Aardman? It's a match made in animation heaven
• Aardman will be creating new adventures set in the Pokémon universe
• The official Pokémon channel on YouTube is streaming anime episodes for free

How's this for a partnership: Pokémon and Aardman Animation, creators of Wallace & Gromit, Chicken Run and Shaun The Sheep. The much-loved animation studio has announced that it's working with The Pokémon Company International on a new "special project" that'll come out in 2027.

The announcement is as fiendish as anything Feathers McGraw might come up with, though: posting on X/Twitter, all the announcement said was "Pokémon × @aardman Coming in 2027!"

Pokémon × @aardmanComing in 2027! pic.twitter.com/DQPbtekKXoDecember 11, 2024

The good news is that there is a little more information out there, and you don't need to go somewhere where there's cheese to find it.

What's Aardman up to?

There's an official press release that adds a little bit more to the story: "The collaboration will see Aardman bringing their unique style of storytelling to the Pokémon universe in brand-new adventures," the announcement says.

Taito Okiura, VP of marketing and media at The Pokémon Company, added: "This is a dream partnership for Pokémon. Aardman are masters of their craft, and we have been blown away by their talent and creativity. What we have been working on together ensures our global Pokémon fans are in for a treat!”

This is the kind of news that puts a big smile on your face, and Aardman seems to be pretty chuffed too. Sean Clarke, Aardman MD, says he's looking forward to bringing "our love of craft, character and comedic storytelling" to the world's biggest entertainment brand. He and the team are "very excited".

"Aardman and TPCi share an emphasis on heritage and attention to detail as well as putting our fans and audiences at the heart of what we do," Clarke says. That will "steer us right as we together create charming, original and new stories for audiences around the world”.

I can't imagine this being anything other than utterly Charmander-ing. Sorry. More details will be revealed "in the future", Aardman says.

In the meantime, you can get your Pokémon fix on YouTube: the official Pokémon TV YouTube channel is now streaming full episodes of the anime series. The channel is "where you can explore the world of Pokémon with Ash & Pikachu! Experience some of the most iconic moments from their adventure with our full episodes, live streams, compilations and so much more!"

This feels like a good time to make my Pokémon joke. How do you get a cute animated creature onto a bus? Pokemon!

You might also like

• Netflix releases two trailers for surprisingly spooky animations – including our first look at the new Wallace & Gromit movie
• The best family movies to stream right now
• Why Pokémon Concierge was a must-watch

• Security researchers found a flaw in WPForms, a popular WordPress plugin for forms
• The bug allows malicious actors to ask for Stripe refunds and cancel certain subscriptions
• Developers were notified, and have issued a patch

WPForms, a popular WordPress plugin used for contact, feedback, and payment forms, was carrying a vulnerability that could have resulted in businesses having their services disrupted, customer trust eroded, and even losing money, experts have revealed.

Security researcher “vullu164” recently told Wordfence they found a vulnerability in WPForms versions 1.8.4 - 1.9.2, both free and paid versions. The bug allows users with low-level accounts to issue arbitrary Stripe refunds, or cancel different subscriptions.

It is now tracked as CVE-2024-11205, and was assigned a severity score of 8.5 (high). The score may even have been higher if not for the prerequisite of being a registered member on the site. However, since most sites these days allow account registration, exploiting the flaw could be quite easy, and available on numerous sites across the internet.

Releasing the patch

Wordfence then analyzed the flaw on its own, and after confirming the findings, reached out to WPForms’ developer Awesome Motive, who came back with a patch on November 18.

The earliest fixed version of WPForms is 1.9.2.2, and users are highly advised to patch up without delay, or disable the plugin until they do.

WPForms is installed on more than six million websites across the internet, with roughly half currently running an old and vulnerable version. Researchers have not yet found evidence of abuse in the wild, but given the popularity of the plugin, it’s only a matter of time before they do.

WordPress is the world’s most popular website builder platform. It powers roughly half of the world’s internet sites, and as such is a major target for cybercriminals. The platform itself, however, is considered safe, and threat actors are mostly focused on plugins and other addons (such as themes) for vulnerabilities and access points.

Paid plugins are usually considered safer, since they have a dedicated team that maintains the code. Free plugins, especially those run by a single enthusiast, or those with fewer users, are usually more susceptible to attacks.

Via BleepingComputer

You might also like

• Critical Ivanti Cloud Service Appliance flaw exploited in the wild
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• Microsoft warns Russian state-sponsored threat actor is cracking into Ukrainian military tech
• The Anadey bot malware is dropped onto devices to gather information
• Secret Blizzard could used hacked devices to escalate compromise to the Ministry level

Microsoft Threat Intelligence has revealed notorious Russian threat actor Secret Blizzard has been working with other cybercriminals to conduct espionage on targeted organizations of interest in South Asia as well as installing multiple backdoors on devices in Ukraine.

The team has highlighted Secret Blizzard is using cyber attacks conducted by Russian threat actors as a vector of entry to install the Amadey bot malware and backdoors onto Ukrainian devices for espionage purposes.

Secret Blizzard is assessed to either purchase or steal points of entry onto Ukrainian devices from other Russia-aligned state sponsored threat actors in order to diversify its ability to monitor devices and conduct attacks.

Espionage and monitoring

The initial point of access for Secret Blizzard is usually conducted via spearphishing attacks before moving laterally through networks of interest via server-side and edge device compromise.

One access to a device is gained, Secret Blizzard was observed deploying a Powershell dropper via the Amadey malware-as-a-service (MaaS), which allows Secret Blizzard to see device configurations and collect information through a command and control (C2) server.

The Amadey would then gather and relay information on the type of antivirus software installed on the device, before installing two plugins on the target device that Microsoft Threat Intelligence theorizes are used to gather clipboard data and browser credentials.

Secret Blizzard would also seek out and target devices that use a Starlink IP address as a favoured target, before deploying a custom algorithm that allows the threat actor to steal data from the targeted device including the directory tree, system information, active sessions, IPv4 route table, SMB shares, enabled security groups, and time settings.

Microsoft Threat Intelligence also observed a cmd prompt being used to gather information from Windows Defender as to whether previous versions of the Amadey malware had been spotted on the system in order to gauge if the target device was of interest.

Secret Blizzard is actively adapting its attack techniques to specifically target Ukrainian military devices, with Microsoft assessing that footholds are likely being exploited to “escalate toward strategic access at the Ministry level.”

Microsoft recommends that those looking to mitigate against this particular attack vector should introduce attack vector reduction rules on Microsoft Defender XDR, enable network protection in Microsoft Defender for Endpoint, and turn on additional Microsoft defender settings such as PUA protection block mode, cloud-delivered protection, and real-time protection. A full list of mitigation strategies can be found on the Microsoft Threat Intelligence blog.

You might also like

• Take a look at the best endpoint protection
• These are the best password managers around
• Quantum computing can crack all our encryption, and that is everyone’s problem

• Tribit StormBox Blast 2 released, boasting 200W of party power
• A new Karaoke function adds reverb and mic inputs
• Yes, the RGB lightshow remains

Regular readers need no further fanfare from me regarding the 4.5-star Tribit StormBox Blast, which I reviewed soon after its July 2022 release and placed directly in our best Bluetooth speakers and best party speakers buying guides.

Sadly, time marches on, and in due course the Bose SoundLink Max took its spot in those guides, but the important news now is that Tribit has just released a young-buck successor – and this one's got a karaoke function and mic inputs!

The Tribit StormBox Blast 2 (for that is its name) boasts upgraded features including a higher IP67 waterproof rating, Bluetooth 5.4, and a noteworthy 200W of power – versus 90W in the older model.

But the headline grabber (other than that sizeable quoted power output comprising an 80W subwoofer, dual 45W mid-range drivers and two 15W tweeters) is something Tribit calls the Blast 2's "professional-grade karaoke function". This boasts an adjustable reverb effect, dual wired or wireless microphone connections, and the ability to adjust the mic volume for, er, different vocal stylings.

Considering a karaoke bash over the holidays? The Blast 2 can help

As a self-confessed karaoke lover (I used to be on the stage, you know) I'm already sold, but Tribit is keen to extol the virtues of the acoustic design further, telling me that the Blast 2's 80W subwoofer includes diamond reinforcement ribs for a punchy, resolute low end. And if you're all about that bass, the 2.1-channel design is powered by two Ti amplifiers, with dual large passive radiators to really make it resonate.

What of the tweakable dynamic lighting which many users (at least the ones I leant mine to) adored in the older model? It's back! The speaker can be synced to the pulse of the song playing, or you can pick a favorite color in the Tribit app to add a visual theme to your party, wedding, bar and so on.

Worried about the tunes cutting out mid-party? I wouldn't be; the StormBox Blast 2 has a 30-hour playtime – and it can also be used to charge phones or other gadgets, so none of your guests will run out of juice.

This time around, Tribit also mentions an intriguing "innovative X3D algorithm", to surround music lovers in "an immersive sound that adds an extra layer of excitement to any gathering". How good is that? We don't know yet, but we are in the process of testing it, so as soon as we know, so shall you.

Can't wait for our full-fat review and just need one now? If you reside in the US, the Tribit StormBox Blast 2 is available for $249.99 from Amazon (if you click the $50-off voucher), while in the UK it's £189.99 at Amazon if you deploy the £90-off coupon until December 15, and in Australia it's AU$469.

You may also like

• Will.i.am's new gig? Making LG go boom
• Are they Magic 8 Balls? Lawn bowling balls? I don’t care, I want Creative’s wild new desktop Pebble Nova stereo speakers
• See our pick of the best wireless earbuds

• Boya claims its debut wireless mic is the world's 'smallest and lightest'
• It's looking to take on DJI and Rode with a more affordable rival
• The Boya Mini Mic kit looks ideal for beginning vloggers

The market is becoming saturated with wireless mics for content creators, so to hold the 'smallest and lightest' title is no mean feat. Enter the Boya Mini, which can claim exactly that – a new featherweight 5g, thumb-sized wireless mic for smartphones.

Moreover, the Boya Mini mic kit is super cheap at just $44.99 at Amazon in the US or £50.90 at Amazon in the UK, and is available now following its November 25 unveiling. For the money you get two mics, otherwise known as transmitters, a receiver (which is available in USB-C and Lightning versions), all of which are stowed in a charging case.

If the mic is smaller and cheaper than rivals, surely there's no competition, right? Not quite – the Boya Mini is a stripped-back mic whose specs and features cannot compare to pricier models such as the Rode Wireless Micro and the DJI Mac Mini.

Still, the Boya Mini should get you smartphone-beating audio, equipped with environmental noise canceling, and it looks ideal for beginning vloggers. Let's quickly run through the Boya Mini's features and see if it's right for you.

(Image credit: Boya) The ideal starter mic for smartphone content creators?

The Boya Mini is designed specifically for smartphones – you simply plug the receiver into your smartphone's USB-C / Lightning port, and it'll sync to the mics (transmitters). If you use a dedicated vlogging camera, the Mini isn't for you, although Boya says a camera-compatible version is in the pipeline.

The Mini mics are properly tiny and clip onto clothing, although they lack the magnetic through-clothing attachment of pricier alternatives. You can get the kit in black or white versions, while Boya also has a few accessories for the Mini mic, like a necklace for when you're struggling to find a place to clip the mic. Additionally, there is a butterfly pendant to hide it, although that might bring more attention than simply having the mic in a shot.

Audio quality is at the starter end, with a 16-bit depth and 48 kHz sample rate – for context, the aforementioned Rode and DJI rivals have richer 24-bit audio with a 96 kHz sample rate.

You do, however, get a one-push noise reduction control for Boya's AI-driven Environmental Noise Cancellation, which filters out background sounds to enhance vocal clarity in various environments. There are also three voice modulation modes to customize sound for different recording styles, such as live streams, vlogs, and interviews.

Bang for buck, the Boya Mini looks like a highly promising wireless mic kit at just $44.99 / £50.90. We are getting hands-on with it soon and will report how it compares to pricier alternatives.

You might also like

• The best cameras for vlogging 2024: top choices for every budget
• Rode Wireless Micro review: DJI-beating audio for smartphone creators?
• DJI Mic Mini review: the tiny wireless mic to beat for smartphone-first content creators
• Saramonic’s new wireless mic kit is a low-cost Rode and DJI alternative with advanced features

• Google has reportedly asked the FTC to investigate the partnership between Microsoft and OpenAI
• Microsoft is currently the only cloud provider for OpenAI – Google says this is damaging
• Google is currently facing its own FTC investigations

Google has reportedly asked the Federal Trade Commission (FTC) to investigate Microsoft's current partnership with OpenAI, which allows it to be the AI giant's exclusive cloud provider.

The accusation (via The Information), comes after months of deals between the two companies, starting with Microsoft's multi-billion dollar investment into OpenAI, and the subsequent rollout of GPT-powered AI tools across its office software.

The problem, says Google, is that Microsoft’s position as the sole cloud provider for OpenAI’s models, including the widely used ChatGPT chatbot, would limit market competition and impose higher costs on certain customers seeking to access OpenAI’s technology.

Google tackles Microsoft’s partnership with OpenAI

Under Microsoft’s current agreement, companies using OpenAI’s services may incur additional charges if they do not use Microsoft’s Azure cloud servers themselves, which has been branded as an anticompetitive practice. And Microsoft’s oh-so familiar with allegations of anticompetitive business practices – this year alone it has faced numerous threats to investigate its cloud business, but this AI-related concern marks a slightly different angle of attack.

Microsoft has been accused of creating itself an unfair advantage by discouraging businesses from using alternative cloud providers. Furthermore, increased costs could harm customers and reduce their access to AI tools.

Microsoft isn’t oblivious to these types of accusations, though. Earlier in 2024, it gave up an observer seat on OpenAI’s board in order to address regulatory scrutiny.

Although Google is pointing the finger at Microsoft, it, too, has faced antitrust investigations recently. In early 2024, a US judge stated Google has an illegal monopoly over the internet search market, and would be facing a probe

Cloudflare’s recent 2024 Year in Review figures confirmed that Google holds 88.5% of the search market, far ahead of Yandex (3.1%), Baidu (2.7%), Bing (2.6%) and DuckDuckGo (0.9%) in second to fifth places.

OpenAI and the FTC have already declined to respond to media enquiries. Google and Microsoft have not yet responded.

You might also like

• These are the best AI writers to give you a helping hand
• We’ve listed our pick of the best cloud hosting providers
• Microsoft says it found out about FTC probe by watching the news

Another year, another cinematic universe's death. Just 12 months after Aquaman and the Lost Kingdom put the final nail in the coffin of the DC Extended Universe (DCEU), Kraven the Hunter, one of 2024's final new movies, is set to do the same to the Sony Spider-Man Universe (SSU).

Indeed, a new report from The Wrap, with input from Sony Pictures insiders, all but confirms the SSU, which was previously – and confusingly – called the Sony Pictures Universal of Marvel Characters (SPUMC), is being axed less than a decade after it began.

Frankly, nobody should be surprised by this development. Sony might have lucked out with the release of Venom, the 2018 Tom Hardy-starring Spidey spin-off that, despite middling reviews from critics, stunned industry experts with its $856 million box office haul. Even back then, though, it was clear that the SSU was never going to be able sustain that success because of the humungous elephant – or should that be spider? – in the room.

2018's Venom movie ensured the SSU got off to a hot start, but it couldn't sustain is early success (Image credit: Sony Pictures)

Yep, the absolutely bizarre decision not to include a single live-action version of Spider-Man – Tobey Maguire, Andrew Garfield, or current incumbent Tom Holland – in any of the SSU's six movies was a huge mistake. You can't attempt to replicate the success and popularity of the Marvel Cinematic Universe (MCU) by building a franchise without the one individual capable of holding it all together. Warner Bros. wouldn't create a Batman cinematic universe that the Dark Knight never appears in, is only referenced once or twice per movie, and where projects are based around his iconic rogues gallery whose origin stories have to undergo significant changes to work around the Caped Crusader's absence. It would be an impossible task, and one I and many other Batman fans would struggle to comprehend.

So, why did Sony pursue a Spider-Man-less cinematic franchise? The short answer is it wanted a slice of the superhero genre juggernaut pie. The company's multimedia division saw the kind of money that the MCU and, at the time, the DCEU was raking in, and thought it could create a similarly money-spinning franchise. Unfortunately for Sony, Venom proved to be an outlier. Sure, it made tons of money, but the diminishing returns of its sequels and other SSU films – Kraven is projected to make a paltry $13 million to $15 million (per Variety) at the US box office – prove that audiences have grown tired of not only a franchise lacking its primary superhero, but also one whose genre identity was as clear as mud.

The much longer answer lies in Sony's decision to agree to an Avengers-style team-up with Marvel Studios and allow Spider-Man to finally swing into the MCU. Following his debut as the iconic webslinger in 2016's Captain America: Civil War, Holland's Peter Parker/Spider-Man has become one of the MCU's crown jewels. Just look at the $4 billion-plus global takings that Holland's three standalone MCU movies have jointly accumulated and you'll realize how popular Holland's take on the legendary superhero is.

Okay, 2021's Spider-Man: No Way Home was aided by a huge helping of nostalgia, but it's still a film led by an actor who's become a bona fide A-lister over the past eight years. Some of Holland's non-Marvel projects, such as Apple TV Plus' Cherry and The Crowded Room, and Sony's film adaptation of Naughty Dog's videogame series Uncharted, weren't popular with critics. Audiences, though, were immediately drawn to them because of Holland's involvement, so his star power can't be overlooked.

Spider-Man: No Way Home saw three generations of webslingers appear on the big screen for the first time (Image credit: Sony Pictures/Marvel Studios)

The SSU's biggest problem, then, existed long before it started. Sony couldn't make its own cinematic franchise with Holland's Spider-Man because he exists in another one, aka the MCU.

Sure, the ongoing Marvel Multiverse Saga is breaking down the barriers between cinematic universes based around Marvel Comics' ever-expanding roster of heroes and villains. That, though, hasn't helped Sony's cause because, well, the SSU began before the Multiverse Saga did. Besides the odd reference in Venom: Let There Be Carnage and Morbius, Sony hasn't made a concerted effort to aid any crossover event by refusing to acknowledge the existence of Holland's Spider-Man, either.

Sony can claim Spider-Man wouldn't exist in the MCU without its partnership with Marvel and that, because it retains the rights to the webhead, his legion of associated characters, and movie distribution rights, it still holds the cards from a negotiating perspective. But, let's be honest: people watch Spider-Man movies because a) he's one of the most popular superheroes of all-time and b) he's currently part of the biggest shared cinematic universe to ever exist. Sorry, Sony, but neither of those have got anything to do with you.

Sony has enjoyed more success with its animated Spider-Verse movies than its live-action, villain-starring spin-offs (Image credit: Sony Pictures)

So, what's the solution? Just as Spider-Man: No Way Home , aka one of the best Marvel movies and best superhero movies, initiated a hard reset for its eponymous hero in the MCU, the SSU requires a reboot not dissimilar from it or James Gunn's reborn DC Cinematic Universe (DCU).

For me, there are two ways Sony can go about resuscitating its cinematic franchise. The first and most simple option is to just keep making Spider-Man projects that aren't tethered to any of their counterparts. Right now, there are three such productions in active development: number one, Spider-Man 4, i.e. the wallcrawler's next MCU adventure that'll be part of the Marvel Phase 6 line-up. Number two, the Nic Cage-starring Spider-Man Noir TV show that'll be released on Prime Video. And, number three, Spider-Man: Beyond the Spider-Verse, the third and final Spider-Verse flick that'll wrap up Miles Morales and Spider-Gwen's story in the multi-award-winning animated film series. Maintain that separation, continually remind audiences that they're not connected in any way, and people will check them out.

The SSU is going on an indefinite hiatus, but Tom Holland's wallcrawler won't be taking time away from the MCU (Image credit: Sony Pictures/Marvel Entertainment)

The other, perhaps more complicated solution is to bring back one of Spidey's former live-action stars in Maguire or Garfield, or restart a live-action Spider-Man universe with someone like Miles Morales at its heart. Indeed, complexities could arise in trying to convince Maguire or Garfield to return for a multi-movie deal when the former largely keeps a low profile these days, while the latter is enjoying success with non-superhero projects. Where Miles is concerned, Sony would need to convince fans that this iteration isn't the same one who starred in the Spider-Verse films, too, which would lead to viewer confusion if it isn't explained effectively.

Sony would need to ensure a related issue doesn't emerge if it brings Maguire or Garfield back. Audiences may wonder if future films starring one of them are continuations of their Spider-Man movie franchises. If Sony only performs a soft reboot of the SSU, it runs the risk of creating confusion if any of its previous SSU movies, such as Venom are deemed canon in any new-look franchise. The DCU has already puzzled some viewers with such a scenario – Creature Commandos, the first DCU Chapter One project, including references to the DCEU's The Suicide Squad and Peacemaker.

I love Spider-Man. He's my all-time favorite superhero and, while I'm delighted he's a part of the MCU, it's been incredibly frustrating to see his legacy damaged by Sony's hackneyed approach to his illustrious rogues gallery. If – and it's a huge if – Sony revives the SSU after a lengthy hiatus, I really do hope that it does justice to the infamous wallcrawler. After all, "with great power, comes great responsibility".

You might also like

• Find out how to watch the Marvel movies in order
• Or learn more about watching the Spider-Man movies in order
• Alternatively, see if you agree with our best Spider-Man movies ranked piece

In today’s data-driven landscape, the demand for AI shows no signs of slowing down as it becomes engrained in everyday tasks for businesses and consumers. A Goldman Sachs report found that AI-focused tech giants will spend over $1 trillion in the coming years, with a significant portion of capital targeted at data centers, AI infrastructure, and the power grid.

Increased AI investments are driving the need for more AI data centers, which can provide the added computing capacity needed but require significantly more power than traditional data centers. For example, in 2022, data centers consumed more than 4% of all electricity in the United States. Driven by AI's power demands, that number is projected to more than double to 9% in 2030, according to the Electric Power Research Institute. Driving this energy consumption is higher power GPUs deployed in configurations that, at the rack level, will drive power consumption from the current sub 50KW range up to a MW by 2030. In light of such forecasts, data center operators are faced with a critical decision to ensure long-term AI readiness: upgrade existing infrastructure or build new facilities from scratch.

Each option presents unique advantages and challenges. Understanding these pros and cons is essential for making informed choices that align with business goals, budget constraints, and future needs. The range of factors to consider when deciding to update existing technology or starting fresh and build out a new AI data center include:

- The existing facility’s infrastructure: When updating an existing data center, HVAC systems, power infrastructure, energy distribution systems, and structural loading capability should all be inspected to ensure they can support the increased demand that will be placed on them when upgrading to an AI data center.

- The ability to upgrade to higher voltages – such as 48-volt (V) or even 800V power architecture: Implementing or upgrading to a higher bus voltage architecture can improve thermal management and efficiencies while delivering the higher power required by AI servers and IT equipment.

- The potential to leverage three-phase power, conduction cooling, and liquid-immersion cooling: Both technologies can help address power and heat challenges related to increased computing capacities and higher-powered networking equipment.

High-capacity requirements for HVAC, power infrastructure, and energy distribution

A data center’s HVAC, power infrastructure, and energy distribution systems must meet high-capacity requirements to support AI's accelerated computing demands. Building a new data center from scratch could be a better option than the high cost of a complete overhaul if these systems are not up to the task.

HVAC systems

AI workloads are computationally intensive and generate significant heat. Advanced HVAC systems are crucial for maintaining optimal operating temperatures to prevent overheating, which can lead to data center hardware failures and reduced performance. Proper airflow design, hot aisle/cold aisle configurations, and effective cooling strategies can help ensure that cooling is efficiently directed where it’s needed most. This is particularly important for densely packed server environments typically found in AI data centers.

As AI applications grow in complexity and demand, HVAC systems must be scalable to handle increased heat loads and be flexible to adapt to changing needs. Efficient data center HVAC systems can contribute to lower operational costs, improve sustainability, and reduce a data center's overall energy footprint.

Power infrastructure

AI workloads necessitate a data center’s power conversion solutions to deliver consistent, reliable energy to ensure optimal operation. Fluctuations in power quality can adversely affect sensitive AI hardware, so power infrastructure must provide clean, stable power to avoid costly downtime. According to a report from PCMag, the financial losses associated with network disruptions are substantial, as just one minute of worldwide internet outage would cost the global economy $20 million.

When existing data center systems approach or reach their functional limits, operators will seek innovative ways to serve increased computing capacity and accommodate the associated power demands. Whether upgrading or building new, backup power systems will be essential to ensure continuous operation and data integrity. Backup systems and dual-redundant power sources can provide reliable, uninterrupted service during power outages and fluctuations, reducing the risk of downtime. In addition, well-designed power infrastructures can accommodate the dynamic loads created by AI demands.

Energy distribution systems

High-capacity data centers need energy distribution systems that efficiently manage and deliver power without significant losses. High-voltage DC power architectures can significantly improve energy efficiency by reducing power losses during transmission.

Direct utility feeds that connect power straight into a data center’s power and networking cabinets can also enhance energy efficiency by minimizing the distance electricity must travel. Additionally, to optimize the performance of IT equipment and power systems, implementing real-time monitoring and control functionality allows for the proactive management of energy consumption during demand ebbs and flows.

Structural loading considerations

Floor loading increases, in addition to roof loading, need to be considered in the overall architecture as higher power density results in more copper and liquid cooling—direct-to-chip, liquid-cooled busbars, and power supplies. The increased PSI (pounds per square inch) will require a reassessment of loading capabilities in existing data centers.

When deciding whether or not to upgrade an existing data center, the costs related to refurbishing infrastructure and energy distribution systems may make building a new facility the most cost-effective strategy.

Upgrading to a 48V bus architecture

To improve efficiency and meet the increased power needs driven by AI and other technologies, operators are now leveraging 48V networking equipment and 48V bus architectures instead of traditional 12V IT equipment and DC buses. The transition to 48V architecture in data centers allows for lower current to be run to networking equipment, which, in turn, helps improve thermal management and efficiency, reduce energy costs, and create higher-density power delivery. Moving to a 48V architecture, which was recently just a consideration but has evolved into a necessity, reduces the number of conversion stages needed to power IT equipment, which can lower the overall cost of power distribution.

As AI drives computing demands higher, 48V systems can better support the high-density power needs of modern servers and networking equipment and allow for easier scaling when new equipment is implemented. Depending on how easily and cost-effectively power systems and DC bus architectures can be upgraded to 48V versions, building a new data center could be the most cost-effective long-term solution. Even higher voltages are on the way – both to the rack and within the rack

Addressing power and heat management challenges

Three-phase input power and liquid-immersion cooling are innovative solutions designed to address the power and heat management challenges of small-footprint data centers. If an existing data center can't support the addition of these solutions, building a new data center may be the best option.

Three-phase input power systems

In data centers, three-phase power systems can help reduce the current needed for the same amount of power, which can lead to lower energy losses. With three-phase systems, the need for larger transformers and distribution solutions can be minimized, helping to save space and simplify power conversion. Three-phase power systems can evenly distribute electrical loads across three conductors, reducing the risk of overheating and allowing for more stable and reliable equipment operation.

Liquid-immersion cooling

Liquid-immersion cooling is particularly effective at handling the high thermal loads generated by densely packed servers in data centers. Liquid immersion can reduce the need for traditional cooling infrastructure, allowing more efficient use of available data center space. By reducing reliance on air cooling systems, liquid-immersion cooling can lower energy consumption and operational costs.

Analyzing specific needs to make the best choice

Whether an operator decides to upgrade an existing data center or build a new one from scratch, the key factors to consider include budget, strategic goals, the condition of existing infrastructure, and the ability to scale. As such, data center operators should thoroughly analyze their circumstances to determine the best path forward. In some cases, a hybrid approach that leverages upgrades and new builds to maximize efficiency and capabilities may deliver the best ROI possible.

We've featured the best IT infrastructure management service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The most exciting Apple Intelligence update yet is available today as iOS 18.2 arrives on the best iPhones.

The new update brings a whole host of Apple Intelligence features, including to ChatGPT integration with Siri, Genmoji, Image Playground, and Visual Intelligence to the iPhone. It also adds language support for other regions such as the UK and Australia, officially launching Apple's AI in those countries.

With so much to talk about, and a lot to wrap your head around, TechRadar is here to take you through the biggest iOS launch of the year, as Apple Intelligence makes a huge stride to becoming the most important part of your iPhone user experience.

We're covering the whole launch live, so sit back and relax, and enjoy the Apple Intelligence show.

Welcome to TechRadar's iOS 18.2 launch live blog. My name is John-Anthony Disotto and I'm TechRadar's Senior AI Writer and resident Apple Intelligence expert. I'll be covering all things iOS 18.2 over the next few hours.

So sit back, grab a cup of hot beverage, and let's get ready to jump into the world of Genmoji.

(Image credit: Apple)

Where shall we start? iOS 18.2 is rolling out today alongside iPadOS 18.2 and macOS Sequoia 15.2. The new update brings Genmoji, Apple's generative AI emojis, to iPhone and iPad (sorry Mac users you'll need to wait a little longer), as well as major upgrades to Siri that allow you to ask ChatGPT directly from your favorite voice assistant.

If that wasn't enough, there's also an AI image generator called Image Playground, as well as Visual Intelligence, an exclusive iPhone 16 feature.

It can all get a bit overwhelming, considering just how much is launching as part of iOS 18.2, but fret not, I've been using Apple Intelligence for months and I've got you covered.

Apple Intelligence has arrived (in some countries)

(Image credit: Shutterstock/Qubix Studio)

Oh, and if you're in Australia, Canada, Ireland, New Zealand, South Africa, or the UK, you can now access Apple Intelligence without any workarounds.

That's right, Apple Intelligence is now officially out in more countries worldwide with support for localized languages. Apple says additional languages, including Chinese, English (India), English (Singapore), French, German, Italian, Japanese, Korean, Portuguese, Spanish, and Vietnamese will be coming throughout the year, with an initial set arriving in a software update in April.

(Image credit: Future / Apple)

Let's go through each of the big new Apple Intelligence features coming to iPhone with iOS 18.2, starting with my personal favorite, Genmoji.

I've been using Genmoji for a few weeks now and I think it's the best Apple Intelligence feature to get started with, purely because it's so much fun!

I've had a blast creating emojis of a frog on a skateboard, a frog driving a car, and even a frog playing the drums. My favorite way to use Genmoji, however, is by creating emojis based on my photos alongside my French Bulldog, Kermit.

Honestly, I think most of my friends are starting to block my number because Genmoji is becoming my sole means of communication. Maybe I should try and tone it down. But where's the fun in that?

Genmoji is an absolute blast and I advise anyone installing iOS 18.2 to give it a try. If you need help I've also covered how to use Genmoji.

(Image credit: Apple)

Next up, Visual Intelligence.

This new Apple Intelligence feature in iOS 18.2 is exclusive to the best iPhones, specifically the iPhone 16 lineup. It's similar to Google Lens, but built by Apple and directly tied into the new Camera Control on the latest iPhones.

Simply hold down on Camera Control, then take a photo of anything and either ask ChatGPT for more information or search for information with Google. I think the fact that you can launch Visual Intelligence whenever you want makes it a very compelling feature and one that many might fall in love with.

You can read more about my first impressions of Visual Intelligence and how to use it, where I cover why I think Visual Intelligence finally makes Camera Control worth it.

(Image credit: Apple)

The features keep on coming. iOS 18.2 adds ChatGPT to Siri, allowing you to ask OpenAI's chatbot anything you want, when Siri doesn't quite cut it.

The ChatGPT extension can be accessed at any time through Siri by simply asking a question or using Type to Siri. If Siri can't answer the specific prompt, it will give you the option to access ChatGPT.

There's a couple of settings that allow you to bypass the request so you don't need to approve access to ChatGPT every time you want to use it, but Apple has included an option that requires your approval every single time - just to be extra cautious.

ChatGPT as part of iOS is a massive update and one that I think many Apple users never really expected to see. It's quite incredible to think that we now have access to one of the world's best AI chatbots directly from Siri, and best of all, it works seamlessly.

And another one...

(Image credit: Apple)

Yep that's right there's even more new Apple Intelligence additions as part of iOS 18.2. Genmoji isn't the only image generator built into iOS now, Apple also added a new app called Image Playground.

Image Playground is Apple's attempt at the best AI image generator, and it can be used throughout your iPhone's operating system. Simply choose your prompt, choose your art style, and watch as Apple Intelligence creates some image magic.

If you don't use AI image generators like MidJourney, I don't expect you to get much use out of Image Playground. That said, it's a nice to have and it's very simple to use. Who says no to extra features, right?

(Image credit: Apple)

There's also Image Wand, which allows you to circle anything you've drawn in the Notes app and use Apple Intelligence to turn it into an AI generated image.

I could see Image Wand being incredibly useful for students, who want to bring their drawings to live alongside lecture notes or other study info.

It's also a great tool to show to kids, allowing them to see magic as basic drawings become full images right in front of their very own eyes.

Image Wand is very cool, and I actually think it might end up being more useful than Image Playground, just because of how you access it.

(Image credit: Apple)

That has to be everything right? Nope, iOS 18.2 brings a massive overhaul to the Mail app using Apple Intelligence to create Categories that help you determine just how important an email actually is.

I've found this update to Mail genuinely useful and have actually reverted back to using Mail over the Gmail app for the first time in ages. Not only do you get Apple Intelligence summaries built-in, but AI will also decide if an email is important and prioritize it over everything else in your inbox.

If you don't like the way it works, you can always revert back to a more traditional Mail layout.

(Image credit: Future / Apple)

Are you keeping up? My hands are trying to.

If you're in the UK, Australia, or one of the other countries I mentioned below, today is the first day you can use Apple Intelligence without needing a workaround.

So not only are you getting access to everything I listed below as part of iOS 18.2 but you're also getting Writing Tools, Clean Up, a Siri redesign, Notification summaries, and other Apple Intelligence benefits sprinkled throughout your iPhone's operating system.

It might seem like there's too much getting added all at once, but don't worry Apple wants you to use Apple Intelligence when you need it, so expect to see the features pop up naturally throughout iOS rather than you having to look for them.

• False and junk bug reports, written by AI tools, are on the rise
• Reading them all hits maintainer time and energy, report warns
• One maintainer called the alerts “AI slop”

Security report triage worker Seth Larson has revealed many open source project maintainers are being hit by “low-quality, spammy, and LLM-hallucinated security reports.”

The AI-generated reports, often inaccurate and misleading, demand time and effort to review, which is taking away from the already limited time open source software developers and maintainers typically have given that they contribute on a volunteer basis.

Larson added maintainers are typically discouraged from sharing their experiences or asking for help due to the security-sensitive nature of reports, making the unreliable security reports even more time-consuming.

OSS maintainers are being hit hard

Maintainers of open source projects like Curl and Python have faced “an uptick” in such reports recently, revealed Larson, who points to Curl maintainer Daniel Stenberg’s post of a similar nature.

Responding to a recent bug report, Stenberg criticized the reported for submitting an AI-generated vulnerability claim without verification, adding that this sort of behavior adds to the already stretched workload of developers.

Stenberg, who is a maintainer for Curl, said: “We receive AI slop like this regularly and at volume. You contribute to unnecessary load of curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it… You submitted what seems to be an obvious AI slop ‘report’ where you say there is a security problem, probably because an AI tricked you into believing this.”

While the problem of false reports like this is nothing new, artificial intelligence has seemingly worsened it.

AI-generated bug reports are already proving to be draining on maintainers' time and energy, but Larson said that continued false reports could discourage developers from wanting to contribute to open source projects altogether.

To address this issue, Larson is calling on bug reports to verify their submissions manually before reporting, and to avoid using AI for vulnerability detection in the first place. Reporters who can provide actionable solutions rather than simply highlighting vague issues can also prove their worth to maintainers.

For maintainers, Larson says they should not respond to suspected AI-generated reports to same themselves time, and ask reporters to justify their claims if in doubt.

You might also like

• These are the best AI tools and best AI writers
• AI is becoming increasingly vital in software development
• Fancy an upgrade this Christmas? Check out the best laptops for programmers

• SmartThings Music Sync now integrates with YouTube Music
• Sync data comes directly from the app, not an external mic
• Music Sync buttons control playlists and syncs your smart lights

Samsung SmartThings, the tech giant's smart home platform, just got a big audio upgrade. Its Music Sync feature, which enables you to synchronize your smart lighting with your music, now works with YouTube Music.

Music Sync is quite special because unlike some music sync systems it doesn't rely on microphones, which can produce odd results and be affected by non-music sounds. Instead, it integrates directly with the music apps on Galaxy devices, taking the audio information directly from the app in order to synchronize it perfectly with your SmartThings-capable lights such as Philips Hue bulbs and lightstrips.

Light up your life with YouTube Music

The integration of Music Sync with YouTube Music means more than just flashing lights to the rhythm of the kick drum. It enables you to access key YouTube Music features from within the Music Sync app, so for example if you tap the Party button it'll start playing your Party playlist from YouTube Music and shift to a color preset that, according to Samsung, "perfectly matches the vibe".

There are similar features for other key YouTube playlists such as Relax and Workout.

I'm a big fan of smart light syncing – I use the Hue Play Sync Box 8K with Hue bulbs and, right now, a set of Hue Festavia string lights on my Christmas tree; it's quite funny to have your festive fairy lights syncing with Die Hard on the TV – and while it can be a bit much at the most extreme settings or with extreme music there's something wonderfully atmospheric about having your smart home lights reacting to your streaming soundtrack.

You can find out more about Music Sync on the Samsung website.

You might also like

• Philips Hue Festavia vs Nanoleaf: it's the festive fairy light fight
• Our Philips Hue Festavia (2nd gen) review
• Our regularly updated YouTube Music review

• Digital Foundry suggests the Switch 2 will use Nvidia's DLSS upscaling, but likely won't target 1080p or 4K output resolutions
• It's expected to target 720p and 900p in demanding third-party games
• It might not compete with handheld gaming PCs performance-wise as a result

The long-awaited Nintendo Switch 2 has still not been unveiled despite Nintendo's confirmation of an official announcement slated within the fiscal year - and new suggestions reveal that Nvidia's DLSS upscaler for the new handheld could target 720p and 900p output resolutions for third-party titles.

As relayed by Wccftech, the tech genies over at Digital Foundry suggested in a podcast episode that the Nintendo Switch successor will not target 1080p and 4K output resolutions when using DLSS in both handheld and docked modes - it could fall even lower than 720p in some games. This could be the case specifically in demanding triple-A games that often require heavy graphics settings adjustments.

Considering the numerous games that have been released that are more demanding on your hardware (especially those using Unreal Engine 5), the Switch 2 could be in for a rough time when it comes to providing good image quality and performance.

Upscaling methods have already become a huge factor in performance stability for consoles and gaming PCs (and handhelds like the Asus ROG Ally). Despite the purported use of DLSS, it looks like the rumored new Nintendo handheld might not be able to compete with them.

Will the Switch 2 manage to outperform handheld gaming PCs?

When considering the fact that multiple handheld gaming PCs already have access to upscaling methods and frame generation (notably AMD's FSR 3), the Nintendo Switch 2 might not even come close to competing with any of them if these claims are accurate. The ROG Ally is capable of running most games at 1080p with FSR 3 without too much fiddling in the graphics settings, and that's a handheld that launched way back in mid-2023 - not to mention the incoming next-gen Ryzen handheld chips.

It's important to note again that there is no official info on what the Switch 2 will have to offer, but the Nintendo Switch was released in 2017 - I've been expecting a new rendition from Nintendo to at least take a small step to close the performance gap with current-gen consoles and handheld gaming PCs. With rumors like this already circulating, it doesn't look like that'll happen.

Of course, this is all speculation on Digital Foundry's part, and there is a chance that the Switch 2's performance while using DLSS will be noteworthy in comparison to other currently available portable devices, but we should wait for Nintendo's official reveal of the highly anticipated handheld before making any judgment...

You might also like...

• New Nintendo Switch 2 leak may have revealed the first look at the new handheld
• Latest Nintendo Switch 2 leaks suggest relatively unchanged design, but massively improved specs
• Nintendo Switch 2 accessories have reportedly appeared for sale online, but I've seen Bigfoot photos that are more believable

• Cristiano Ronaldo has unveiled his new performance and recovery line
• AVA is a series of products designed to aid athletes in training and recovery
• Products include compression boots, massage guns, and LED light-therapy boots

Global soccer sensation Cristiano Ronaldo has unveiled a new line of recovery and fitness products under his new brand AVA, Advanced Recovery For Athletes.

The venture is a partnership between CR7 and Brazilian outfit Avanutri. AVA's website says its lineup is based on "Experience, in-depth knowledge of needs, and a tireless desire to innovate," and offers "cutting-edge technology in physical recovery."

So what exactly can you buy from Ronaldo's new lineup, and is it any good?

Cristiano Ronaldo's recovery line

(Image credit: AVa )

As you can see on AVA's website, there's a wide range of products including some pretty weird and wonderful stuff. There's home workout gear that can be filled with water for custom weight and strength training during workouts. There's also a slew of fairly generic-looking massage guns with prices to match the best massage guns on the market and accessories like a $150 backpack and $50 compression socks.

My eyebrows were probably raised the highest by the $1,000 inflatable bucket oval ice bath you could definitely get on Amazon for less than $100, but there's also some cool and interesting stuff too.

I'm a recent leg-compression convert, and AVA is offering its own impressive-looking set for muscle recovery and circulation. More impressive still is the red LED technology, including the Deep Light, which can emit LED light to almost any body part to aid recovery, and reduce pain, swelling, and aches.

The coup de grace is a $3,500 pair of LedBoots, compression-looking sleeves that use "photobiomodulation" to accelerate muscle recovery, improve tissue oxygenation, and more.

LED and red-light recovery is a newer, emerging technology that could take off in 2025. Cryotherapy – using ice for recovery – is much more well-established, so if you still think the old ways are the best you can grab a $5,700 pair of Cryo Sport boots that pump the cooling air from an ice reservoir around your legs to aid recovery. Propped up on your $70 inflatable cushion, of course. You can check out AVA's range for yourself on its website.

You may also like

• Ublives' SoleFlux Relax massage boots have convinced me of the benefits of leg compression
• I tried Therabody’s self-massage smart pants to get me ready for the London Marathon
• This Theragun for the face is the all-in-one skincare tool I never knew I needed

• MSI's new Claw 8 AI+ handheld gaming PC surpasses ROG Ally X at 17W
• This comes from MSI's benchmarks across a total of 22 games
• It will launch on January 15th, with pre-orders available now

If it wasn't evident already, the handheld gaming PC scene is constantly shifting with new additions from the likes of Asus and Lenovo - and now, the upcoming MSI Claw 8 AI+'s performance has reportedly surpassed the Asus ROG Ally X's across multiple games.

Highlighted by Wccftech, MSI has released benchmarks of the Claw 8 AI+ pictured below, which reveal the new handheld performing 20% faster than the Asus ROG Ally X at 17W TDP - this is most notable in titles such as Metro 2033 with the Ally X's 44 frames per second compared to the Claw 8 AI+'s 94 at 1080p low graphics settings.

MSI's new device is now available for pre-order for $899.99 at Best Buy using Intel's Series 2 Ultra 7 258V processor, packing 8 GPU cores and an 80Wh battery just like the ROG Ally X (uses the Z1 Extreme APU). With an 8-inch 1200p VRR display, it's also expected to be superior to the Ally X's 7-inch 1080p VRR screen - this will edge closer to the Lenovo Legion Go S and its 8-inch screen based on leaked render images. UK and AU pricing has not yet been released (nor any actual indication it'll be available in those regions), but that price above roughly converts to £705 / AU$1,415.

Ignore the horrible Claw logo, but pay attention to those stats. (Image credit: ETA Prime) What's next for Asus after the ROG Ally X?

If the benchmarks shared by MSI prove to be accurate once gamers get their hands on the Claw 8 AI+, then it's a no-brainer move for most - while the Asus' ROG Ally X does a fantastic job at providing better battery life and performance than its predecessor and most other handhelds, the Claw 8 AI+ is promising both up against the Ally X at a low 17W TDP (adhering to long-lasting battery life).

There's been radio silence regarding Ally X's successor, with little to no rumors surrounding its existence. Considering the reported leap in performance from MSI with its new device, Asus will have to come out swinging - I fully expect it to do so, if rumors of the Z2 Extreme hold any truth.

You might also like...

• AMD Strix Halo leak suggests chips are imminent, but gives me a couple of reasons to worry about the flagship laptop CPU
• Nvidia’s rumored CPU could pack integrated GPU to rival RTX 4070 mobile – should AMD and Intel start to worry now?
• We could be seeing a Lenovo Legion Go successor soon, if the Ryzen Z2 rumors and price drop are anything to go by

• Ivanti finds 10/10 flaw in the Cloud Services Appliance
• It allows hackers to gain administrative privileges
• The bug was fixed in version 5.0.3, with users urged to update now

Ivanti is warning customers an older version of its Cloud Services Appliance (CSA) solution was found vulnerable to a maximum-severity (10/10) security vulnerability, and has urged them to upgrade to the newest version as soon as possible.

The critical flaw is described as an authentication bypass in the admin web console version CSA 5.0.2, and could allow remote, unauthenticated attackers to gain administrative privileges.

The bug, tracked as CVE-2024-11639, was given the maximum severity score since it does not require any user interaction to be abused, whatsoever.

To address the flaw, users should upgrade their appliances to version 5.0.3 - but fortunately there is still no evidence of abuse in the wild.

No evidence of abuse - yet

"We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," Ivanti noted, adding that a PoC was not yet published anywhere. "Currently, there is no known public exploitation of these vulnerabilities that could be used to provide a list of indicators of compromise."

If history is any teacher, though, critical CSA vulnerabilities end up getting exploited sooner or later.

In late September 2024, it was reported that a critical path traversal vulnerability in CSA was being actively exploited in the wild to grant access to restricted product functionalities. The bug was even added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. It was fixed with version 5.0.

Ivanti CSA is a platform that provides cloud-based solutions for security, automation, and operations. It integrates Ivanti’s various IT management capabilities into an all-encompassing cloud environment. The appliance allows businesses to streamline their IT operations, offering features such as endpoint management, patch management, software distribution, and vulnerability scanning in a cloud-based architecture.

Via BleepingComputer

You might also like

• Critical Ivanti Cloud Service Appliance flaw exploited in the wild
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• Google has announced its 12 favorite Chrome Extensions of 2024
• There are extensions for productivity, shopping, and more
• It even recommends a fun browser game

Following Google’s November announcement of its picks for the best Android apps of 2024, the company has now revealed its 12 picks for the top Chrome Extensions of 2024. All of which promise to improve your internet browsing experience with a diverse suite of free upgrades.

The Todoist for Chrome and Evernote Web Clipper make it easier to access your to-do list and virtual notebook from your browser to easily mark off objectives or create new ones with links to sites you might want to revisit later.

Meanwhile, Momentum and Stylish aim to give you more control over your browser's appearance and function. Momentum is designed to keep you focused on your key tasks with a streamlined design, daily inspiration via quotes and images, objective reminders, and website blockers to prevent you from booting up distractions. In contrast, Stylish offers thousands of custom website themes so you can alter how your Chrome browsing experience looks across the web.

If your travels take you to YouTube or other media sites, then these next two will be great pick-ups. Turn Off the Lights turns your Chrome browser into a cinema-like experience by dimming the parts of the webpage that aren’t the video you’re playing so you can focus on the clip, and Volume Master offers greater volume control. It adds voice boost and bass boost options, as well as the ability to turn your volume up to 600%.

Find shopping deals, and improve your productivity

Starting off the back half of the list are two apps that seem perfect for shoppers. Keepa lets you easily track Amazon price history for the stuff it sells, so if you’ve ever wanted to see if an item you’re about to buy has ever been cheaper (and if it’s worth waiting for sale) or if a discount is as good as Amazon says this could be the one for you. CouponBirds is a free coupon-finding app that could help you save money wherever you shop.

If productivity is more your thing, then you have Text Blaze, which lets you set up typing shortcuts and document templates to make your repetitive writing tasks pass by more quickly.

You can also consider Bardeen, which leverages AI to help you create automated workflows across multiple sites and Google apps, and Immersive Translate, which can automatically translate documents, pages, and videos and boasts useful tools like bilingual reading, which shows the translation next to the original words.

Lastly, we have Ice Dodo, a simple yet addictive 3D parkour game you can quickly access from your extension toolbar.

If any of these extensions have tickled your fancy, you can head to the Chrome Store to download them or learn more about them.

You might also like

• The Google Pixel 7 and other older Pixels will now get two extra years of updates
• Chrome could revolutionize search on PC with a big Google Lens upgrade
• Nikon Comedy Wildlife Awards 2024 winners announced

Just about three weeks after Apple revealed the 45 finalists in its 2024 App Store Awards, it’s time to unveil the best of the best. That’s right – Apple just announced the 2024 App Store Award winners, and there are 17 of them, including the best apps and games for the iPhone, iPad, Mac, Apple Watch, Apple TV, and the Apple Vision Pro. Additionally, six apps are walking away as Cultural Impact winners.

Many big names and smaller titles have been chosen to receive the highest honor for an app from Apple. The winners walk away with a hefty – trust us, we briefly held one – aluminum, bright blue App of the Year award engraved with the app's name. It’s roughly the size of an oversized Mac Mini.

We’re sharing a few of our favorites across categories and the full list of winners. But as you might expect, these apps are definitely worth a download, considering Apple’s deemed them to be its 2024 App Store Award Winners.

2024 App Store Award Winners – the full list

• iPhone App of the Year: Kino
• iPhone Game of the Year: AFK Journey
• iPad App of the Year: Moises
• iPad Game of the Year: Squad Busters
• Mac App of the Year: Adobe Lightroom
• Mac Game of the Year: Thank Goodness You're Here!
• Apple Vision Pro App of the Year: What If...? An Immersive Story
• Apple Vision Pro Game of the Year: THRASHER: Arcade Odyssey
• Apple Watch App of the Year: Lumy
• Apple TV App of the Year: F1 TV
• Apple Arcade Game of the Year: Balatro+
• Cultural Impact Winners: Oko, EF Hello, DailyArt, NYT Games, The Wreck, and Do You Really Want to Know? 2

(Image credit: Kino)

You'll likely know the makers of Kino, aka Lux Optics, for their popular camera app Halide, but this one is all about video recording and even packs in support for Apple's Log Recording standard.

Kino is like a Halide for video, but is instead designed for beginners as well as enthusiasts. You can shoot 'cinematic' video – which covers color, tone and motion – by quickly applying what Kino's makes call an 'instant grade'. You can choose from one of many grades created by artists, or instead go into full manual mode with Apple ProRes and tweak settings like frame-rates, shutter speed and more.

As is the theme with most year-end lists, AI is involved here and likely best represented via the iPad App of the Year, Moises. The name is a subtle pun at its ability to separate sounds on a track, and that makes sense as it's for musicians and producers. You can either record sessions within the app or upload files into Moises to have its AI models split instruments, including vocals, on a given track, automatically add an approximately timed metronome, or even change the key.

It's pretty neat, and in a quick demo where we did not sing or play an instrument, it did work quite well on a 13-inch iPad Pro via the built-in microphones. From a generative AI standpoint, a future update will allow it to automatically play on a track, much like session players within Logic Pro for iPad. Similarly, Adobe Lightroom – the 2024 Mac App of the Year – boasts several AI features and runs well on any M-series-powered Mac.

(Image credit: Future/Jacob Krol)

2024 is also the first year that Apple Vision Pro apps are included in the App Store Awards, and we can't agree more with What If...? – An Immersive Story getting the top brass for Apple's spatial computer.

In our hands-on with the story that you basically get immersed in and play through, we called it the "most fun [we’ve] had on the device" and a taste of future impactful, immersive content that would arrive. And if you have a Vision Pro, here is a friendly reminder that this experience is free and a blast.

Of course, considering so many people play the Wordle daily – including TechRadar's Global Editor-in-Chief Marc McLaren – it clearly has had an impact on our culture, and the NYT Games app is an excellently-designed app that not only lets you easily play each title but can also introduce you to other titles you might not have tried – maybe give Connections or Strands a try?

(Image credit: Future/Jacob Krol)

Oko, another one of the cultural impact winners, is super impressive and a key tool for accessibility, as it uses an AI model layered on top of the iPhone's camera to help folks with low vision or who are blind safely navigate streets. It's quite impressive and shows just how impactful an application can truly be.

While these are only a few of the 17 total apps getting the highest honor from the App Store, all of these that made the list are likely worth a try. And that's the case whether you've had an iPhone, Mac, Apple Watch, iPad, Apple Vision Pro, or Apple TV for a while or are maybe getting one – or hoping to get one – this holiday season. Apple's 2024 App App Store Award Winners list is an excellent place to start for what to download first.

You might also like

• Spotify Wrapped 2024 not working? Try these 3 fixes to help it show up
• Marvel’s first immersive story for the Apple Vision Pro is the most fun I’ve had on the device
• Apple iPhone 16 review: elevating the base to new heights

• Xbox has announced a new partnership with Luke ‘The Nuke’ Littler
• He will wear a shirt with Xbox branding throughout the PDC World Darts Championship
• His performance will also unlock community rewards

Xbox has announced a new partnership with professional darts player Luke ‘The Nuke’ Littler ahead of the PDC World Darts Championship. The Championship will take place in Alexandra Palace, London from December 15, 2024, to January 3, 2025.

As part of the partnership, Littler will wear a matching shirt featuring the logos of both Xbox and the Score More with Xbox campaign. For those planning on tuning in, the stakes will be even higher than usual as his performance will be directly tied to some community rewards.

Every 180 score, nine-dart finish, or winning match throughout the Championship will increase the number of goodies up for grabs. Prizes include digital copies of EA Sports FC 25, Xbox Game Pass Ultimate subscriptions, EA Sports FC 25 Points for in-game purchases, and a custom Xbox Series S console and Xbox Wireless Controller.

A new trailer has been released to introduce the partnership, opening with Littler crashing into the earth as a giant Xbox green comet. It gives us a small peek at the custom console that will be up for grabs. It’s an Xbox Series S 1TB in the black colorway, although covered in a neon green graffiti-like design. The small ventilation grille has been decorated to look like a dartboard, which is admittedly quite a cool idea.

Littler, who reportedly loves Xbox gaming, said “I’m looking forward to partnering with Xbox and bringing two of my biggest passions together – darts and gaming. I hope I can provide fans with as many rewards as possible through my performances at the PDC World Darts Championship and help them score more with Xbox."

UK and Ireland Xbox gaming marketing lead Samuel Bateman added that “as a huge Xbox fan, it only made sense for us to team up with Luke and celebrate his love for gaming in a way that felt authentic. We’re wishing him every success in the upcoming PDC World Darts Championship and encourage fans in the UK to keep their eyes on Xbox UK socials to be in with a chance of winning some awesome prizes, all thanks to his extraordinary performances.”

The partnership is part of the Score More with Xbox program, which is intended to “make Xbox the most rewarding platform for all sports fans in the UK”.

You might also like...

• My Xbox Year in Review 2024 features bangers like Microsoft Flight Simulator and Rumble Roses XX, here's how to see yours
• Xbox announces a new Squid Game collaboration with limited edition controllers, Call of Duty event, and more
• Ubisoft has made its loyalty program even better - here’s how it could save you some cash

• Resaearchers uncover large database during routine analysis of available indexes
• Database held sensitive data on more than 1.6 million Kapital customers
• Company is still yet to close the archive

A Mexican fintech startup has been found holding a large database full of sensitive customer data wide open on the internet, available for anyone who knows where to look.

Security researchers from Cybernews found the database in early September 2024 after a routine investigation of publicly available indexes.

The database, belonging to a company called Kapital, contained sensitive data on 1.6 million Mexicans, including voter IDs and selfies.

Database still available online

Mexico City-based Kapital specializes in serving small and medium-sized businesses (SMB) with limited access to bank credit, providing different financial services, such as credit cards, or loans, and counts roughly 80,000 customers in the region, according to Fintech Nexus.

“The documents are integral to voting, identity verification, and accessing various services. Their exposure compromises individuals' immediate safety and privacy and can have negative financial consequences," the Cybernews team noted in its writeup.

When it comes to financial consequences, it was explained that the data can be used in wire fraud, identity theft, and similar money-related crime: “Threat actors can easily obtain and misuse sensitive information for identity theft. Criminals might attempt to create fraudulent accounts or gain unauthorized access to existing ones,” the researchers warned. “Financial fraud could lead to substantial monetary loss and damaged credit scores.”

To make matters worse, Kapital doesn’t seem to care much. Cybernews claims to have reached out “dozens” of times, to no avail. The country’s Computer Emergency Response Team (CERT) was also notified. However, by the time the researchers published their report, which was on November 6, the database was still up and running, three months after initial discovery.

Misconfigured cloud databases continue being one of the key causes of data breaches and leaks, exposing millions of customer records every month.

You might also like

• Hundreds of Google Firebase websites might have leaked data online
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now