TechRadar News

In 2024, cybersecurity experts started to warn of a new threat to the software supply chain. Named 'slopsquatting', it is a type of cyber attack where bad actors create fake packages containing malicious code that is inadvertently added to legitimate code.

However, unlike other forms of digital squatting, in this case, the attackers use packages that are hallucinated by large language models (LLMs). This means increased risks of attack, as all it takes is a programmer running code generated by an LLM without first evaluating and validating it.

To safeguard themselves from the new generation of cyber attackers, companies need to understand what package hallucinations are and what can be done about them.

What are package hallucinations?

Coding languages like Python and JavaScript draw heavily on dependencies – pre-written code that is bundled together into packages such as libraries and modules. Developers import these packages from public code repositories (such as the npm registry for Node and PyPi for Python).

With the rise of AI usage for coding, programmers and researchers started to identify a new threat: package hallucination. This is when tools built on LLMs, such as ChatGPT, Claude, Mistral or DeepSeek, add references to the code for packages that do not exist.

These hallucinations, according to recent research, are occurring more frequently than one might expect. Researchers from the University of Oklahoma, Virginia Tech and the University of Texas at San Antonio analyzed over half a million fragments of code generated by LLMs. Alarmingly, 19.7% of packages referenced in this code were hallucinations.

These code samples, totaling 576,000, were generated in two programming languages (Python and JavaScript) using models including ChatGPT-4, Claude, Mistral, DeepSeek, and CodeLlama. While commercial models, such as Claude and ChatGPT-4, generated fewer package hallucinations in their code than open-source models, all faced the problem of package hallucination to varying degrees.

Opening the door for a new form of attack – "slopsquatting"

Concerningly, 43% of the package hallucinations in the study were recurrent, continuing to appear when the same prompts were used. Furthermore, 38% of them had similar names to real packages or the same name as packages used in other coding languages. It is these two factors – recurrence and similarity – that create the potential for a new form of cyber attack, dubbed "slopsquatting."

The name is derived from typosquatting, which originated as a form of scam where bad actors register domains with a similar name to legitimate websites, for example, those related to free software. Then, internet users entering URLs or search prompts containing typos become exposed to malicious websites.

The same idea can be adjusted to exploit typos developers make when installing open-source packages. White hat hackers used similar tactics, leveraging errors and creating packages on public registries with the same name as internal company packages to infiltrate the likes of Shopify, Apple, PayPal, Netflix, Yelp, and Uber.

In Slopsquatting the approach is similar but the packages used are hallucinated by LLMs. Because some hallucinations are recurrent, hackers can hone in on specific package names that are likely to be repeated. Then, they create a fake package using this name that contains malicious code. And because many package hallucinations have similar names to real packages, they can be hard to detect.

Mitigating the risks of slopsquatting using pre-generation techniques

The most effective way to protect against the risk of slopsquatting is to use pre-generation techniques – strategies that preemptively reduce the number of package hallucinations created.

Self-refinement

Some models are already capable of detecting their own hallucinations with a good degree of accuracy. In the study cited above, the models GPT 4 Turbo, GPT 3.5 and DeepSeek were all able to identify hallucinations with an accuracy of over 75%.

This opens the possibility for self-refinement. This is when a programmer instructs an LLM to check and refine its own output to weed out package hallucinations. After the model has generated package names, it is asked to confirm that each package is valid. If not, the response is regenerated with instructions not to use the invalid package.

This approach is not flawless. For example, a model may mistakenly classify a valid package as an invalid one. It should also be remembered that some hallucinations can be persistent. Nevertheless, by iterating this process multiple times, one can increase the chances of successfully identifying and removing invalid packages.

Unfortunately, the success of this approach is highly dependent on the model used. For example, Meta's CodeLlama was found to have a bias towards treating hallucinated packages as valid.

Fine-tuning the model

Another pre-generation technique that is possible with open-source models, such as DeepSeek and CodeLLama, is fine-tuning the model. This involves tweaking the model itself to improve performance on tasks prone to hallucinations.

The issue with this approach, however, is that it can impact the actual performance of the code. So, while a fine-tuned model may produce fewer package hallucinations, the code quality is likely to be worse.

Retrieval-Augmented Generation

In another notable pre-generation technique, Retrieval-Augmented Generation (RAG), prompts for LLMs are enriched with information from specific data sources. This could occur at the stage of the initial prompt or during refinement and iteration.

In the case of package hallucinations, it is possible to augment prompts with a database of valid packages and descriptions of what these packages are relevant for. The LLM can then query the database and add relevant answers to the prompt, which will help it accurately identify valid packages.

Naturally, this approach requires an initial investment of time to create a dataset and structure it so an LLM can effectively search it to identify relevant valid packages. However, this approach has been shown to reduce the number of hallucinations when using models such as DeepSeek.

Post-generation techniques for mitigating package hallucination

A second, and arguably less effective, approach to mitigation is to filter out package hallucinations after they have been generated.

For example, one option would be to take a master list of valid packages and then cross reference this with the output from an LLM. This approach would eliminate invalid package names. However, it is only as reliable as the master list used. An attacker could simply add their invalid package to any public master list that is used, making it ineffective as a defense. It is also possible to curate the list using metrics that estimate validity, such as their popularity, but this would be far from foolproof.

Other post-generation techniques, such as scanning for malicious content, are also unlikely to provide 100% security. Packages could be legitimate at the outset but could beacon to a command control server at a later date, which then updates the package and adds the malicious code.

Robust internal practices to verify code

Ultimately, this threat relies on internal agents running code received from an LLM without first validating it. So, one of the most effective approaches an organization can take in order to mitigate the risk of slopsquatting is to ensure they have robust verification practices in place.

First and foremost, code should be tested in secure environments to avoid the risk of the supply chain being poisoned. It is also crucial to train programmers on the potential risks of package hallucinations and implement procedures for peer code reviews.

Notifying reviewers about which parts of the code have been generated by LLMs will enhance the effectiveness of peer reviews. Additionally, dependency analysis tools can help by identifying potential vulnerabilities and alerting about suspicious packages.

Summing up: tackling new threats

LLM's are revolutionizing the way programmers work. However, as the example of package hallucinations shows, with every new development in these models, new risks occur. By employing a combination of pre- and post-generation techniques and ensuring best internal practices are in place, companies can continue to enjoy the benefits of LLM-generated code while mitigating the risk of slopsquatting.

We list the best Linux distro for developers.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• An independent audit confirmed that ExpressVPN never stores user data as indicated in its privacy policy
• Cybersecurity experts at KPGM inspected ExpressVPN's TrustedServer is designed to never log such data as claimed
• It's the 23rd time that ExpressVPN has put its software under third-party scrutiny

Cybersecurity experts at KPGM have confirmed that ExpressVPN never logs any of your identifiable information, as stated in its privacy policy. The experts specifically checked ExpressVPN's server infrastructure design, checking that it effectively prevents the collection of such logs.

Rated by us as one of the best VPN services right now, this audit marks the 23rd time ExpressVPN has put its software under scrutiny, with the latest audit confirming ExpressVPN's claims as of February 2025.

"No exception noted"

The team at KPGM thoroughly checked that ExpressVPN TrustedServer acts as it should. Testing its description, design, and implementation of controls.

Developed in 2019, ExpressVPN TrustedServer is the provider's technology at the base of its no-log claims. All VPN servers run entirely on RAM, for example, meaning that nothing is stored on the server after a reboot.

ExpressVPN's servers are also designed so that every time the server is rebooted, the newest version of the code stack (which includes the operating system (OS) and the VPN infrastructure above it) is loaded as a unique block, minimizing the risks of bugs, other vulnerabilities, and misconfiguration.

As of February 28, 2025, KPGM confirmed that ExpressVPN's infrastructure doesn't present any anomalies in its design or implementation, as "no exception noted" during tests. You can see the full report here.

"Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection," said ExpressVPN's Chief Information Security Officer, Aaron Engel, commenting on the findings.

"Independent assurance isn't just a checkbox for us—it's fundamental in our efforts towards trust and transparency," he added.

A regularly audited no-log privacy policy and security infrastructure aims to provide a guarantee that none of your personal information or usage data is collected, leaked, and then linked to you or your online activities.

It's worth remembering, however, that even no-log VPNs collect some basic data. This includes information such as your email address and the number of users connected to a server, for example. Yet, these details should not be enough to identify you or your activities when using the VPN.

You might also like

• Themes land on ExpressVPN mobile apps – with full Dark Mode now available for iOS
• ExpressVPN faces a class action in the US over alleged "illegal" auto-renewal fees
• “Once you have the data, you have to cooperate” – Windscribe CEO speak out against global threats to no-log VPNs

• The cast for the live-action The Legend of Zelda movie has been unveiled
• Nintendo's Shigeru Miyamoto has confirmed who will play Zelda and Link
• Some fans are disappointed Hunter Schafer didn’t land the role of Zelda

Production on the live-action The Legend of Zelda movie is very much underway as two members of the lead cast have officially been confirmed.

The news was posted on social media by Nintendo legend Shigeru Miyamoto, who revealed a picture of the actors that will play the eponymous princess of 'Hyrule' (the fictional kingdom in the video game series), Zelda, and legendary swordsman Link in costume.

Benjamin Evan Ainsworth, who made his debut in Mike Flanagan's horror series The Haunting of Bly Manor on Netflix, has been cast as Link, while Bo Bragason from the period drama Renegade Nell on Disney+ will play Zelda.

This is Miyamoto. I am pleased to announce that for the live-action film of The Legend of Zelda, Zelda will be played by Bo Bragason-san, and Link by Benjamin Evan Ainsworth-san. I am very much looking forward to seeing both of them on the big screen. (1/2) pic.twitter.com/KA5XW3lwulJuly 16, 2025

Nintendo and Sony casting two young actors to play the lead characters of the Zelda franchise is one of our first indications of which direction the movie could take. Indeed, such a young cast could mean that we see an earlier game in the franchise, such as The Legend of Zelda: The Wind Waker, as the central plot of the film.

Of course, that's just speculation. It could be that there's still a chance that The Legend of Zelda: Ocarina of Time is the subject matter for the first live-action movie adaptation, but that would mean that we're expecting a second Link to be cast for when the character grows up in the game.

This first casting announcement also arguably suggests that we could be in store for a series of movies. Having such a young cast gives the actors room to grow with their characters over multiple films, and means there won't be any issues like Stranger Things now has with its cast of adults playing teenagers in season 5.

Nothing else surrounding the production of The Legend of Zelda adaptation has been confirmed yet, but we do know the release date of the live-action movie: March 26, 2027. We can therefore expect more casting announcements in the months to come.

What are fans saying about the cast of the live-action The Legend of Zelda movie?

In the lead-up to today's announcement, there were quite a few rumors about who would play Zelda and Link in the live-action The Legend of Zelda movie. One of the frontrunners for Zelda's role was Hunter Schafer (Euphoria), but it seems that Wes Ball, who's directing the film, ruled her out by going for a younger cast.

Indeed, going off an interview that Nintendo's veteran game designer Takashi Tezuka did with MTV over nine years ago, there was even a chance that Link could have been played by a woman. "This is just personally, [but] it would be very fun and awesome if Link was played by a female actress," Tezuka said, "a boyish female actress."

The direction that Ball has decided to take the movie in instead has been met with a lot of praise on social media, with many expecting another quality film in the vein of Nintendo's last hit, the Super Mario Bros. Movie. While some have expressed disappointment that Schafer didn't land the role of Zelda, others say that this suggests the movie will be part of a trilogy.

Comment from r/gaming

Some users also appear to be pleased that both actors are English, as it offers some continuity to the video game – many of the voice actors are English in the series (except Link, of course). However, this does vary from game to game.

Overall, the reception appears to be positive, especially as it gives fans of the video game who are excited for the live-action movie their first real indication of what to expect. Could such a young cast mean we get a Zelda movie trilogy? Does it narrow down our speculation about which video game will form the basis of the story? There's a lot to chew on here.

You might also like

• Two big Netflix video game movie adaptations just got exciting updates
• Director Alex Garland is making an Elden Ring movie
• Here are 3 video game adaptations with over 90% on Rotten Tomatoes

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Connections hints and answers for Wednesday, July 16 (game #766).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #767) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• HARD FEELINGS 
• MARIO WORLD
• DRUM AND BASS
• WU-TANG
• POKE
• SWEAT
• CAPE COD
• BIGGIE
• PAC
• POWER
• PRY
• CAMISOLE
• SNOOP
• GLUE
• WORRIES
• NOSE AROUND

NYT Connections today (game #767) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Nosey
• GREEN: The opposite of yes
• BLUE: Preceded by a great word (but missing man) 
• PURPLE: Angling for an answer

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #767) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: MEDDLE 
• GREEN: WORDS AFTER "NO" TO MEAN "IT'S ALL GOOD" 
• BLUE: SUPER__ 
• PURPLE: ENDING WITH FISH 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #767) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #767, are…

• YELLOW: MEDDLE NOSE AROUND, POKE, PRY, SNOOP
• GREEN: WORDS AFTER "NO" TO MEAN "IT'S ALL GOOD" BIGGIE, HARD FEELINGS, SWEAT, WORRIES
• BLUE: SUPER__ GLUE, MARIO WORLD, PAC, POWER
• PURPLE: ENDING WITH FISH CAMISOLE, CAPE COD, DRUM AND BASS, WU-TANG

• My rating: Hard
• My score: 1 mistake

A work colleague recently mentioned that they really disliked the phrase “no WORRIES”, so I made an effort to stop saying it.

I found it incredibly hard and realized that I say it virtually every time someone says thank you. I struggled to find a decent alternative – “my pleasure” makes it sound too much like I enjoyed whatever it was a bit too much, “no sweat” made it appear as if it was too easy, and “not a problem” sounds like it was a problem. I wrestled over it for a few days then decided it wasn’t worth worrying about.

Anyway back to the puzzle. This was my ideal type of Connections, just about tricky enough to be satisfying, but not too tricky that it became time consuming. 

I was delighted to get the purple group – ENDING WITH FISH – but it came after my one mistake of the round, when I panicked after seeing no links in the eight words I had left at that point.

Then I remembered to do what we should always do when the words seem too random and look at the end of each one. Sweet joy and relief followed.

Yesterday's NYT Connections answers (Wednesday, July 16 game #766)

• YELLOW: PARTS OF A COLLEGE CAMPUS CAFETERIA, DORM, LIBRARY, QUAD
• GREEN: EXAGGERATED, AS A PERFORMANCE CAMP, DRAMATIC, HAMMY, OVERDONE
• BLUE: CLOSE IN ON CORNER, SURROUND, TRAP, TREE
• PURPLE: STARTS OF GREEK LETTERS BET, DELT, LAMB, THE

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Looking for a different day?

A new Quordle puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: Quordle hints and answers for Wednesday, July 16 (game #1269).

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,100 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1270) - hint #1 - VowelsHow many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 3*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1270) - hint #2 - repeated lettersDo any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #1270) - hint #3 - uncommon lettersDo the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1270) - hint #4 - starting letters (1)Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1270) - hint #5 - starting letters (2)What letters do today's Quordle answers start with?

• C

• T

• P

• H

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1270) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1270, are…

• CRESS
• TABOO
• POWER
• HATER

While I was playing this game I thought that I was making some wild, inspired guesses and getting them right every time, but on reflection those guesses were the only options – I just got to them before I had to do much thinking.

POWER was my only real lucky guess as it could have been boxer or foyer on a different day.

Daily Sequence today (game #1270) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1270, are…

• SOLVE
• CABAL
• GIDDY
• OVERT

Quordle answers: The past 20

• Quordle #1269, Wednesday, 16 July: UNCLE, NADIR, REMIT, BROOM
• Quordle #1268, Tuesday, 15 July: VILLA, FLECK, TIGER, CRANE
• Quordle #1267, Monday, 14 July: SURGE, PIZZA, PAPER, POPPY
• Quordle #1266, Sunday, 13 July: KAYAK, DECRY, RUDDY, HATER
• Quordle #1265, Saturday, 12 July: WREAK, NANNY, CLASP, STAIN
• Quordle #1264, Friday, 11 July: LAPEL, DRAIN, FROND, GROSS
• Quordle #1263, Thursday, 10 July: CROSS, WHEEL, UNDID, PENCE
• Quordle #1262, Wednesday, 9 July: SHIRE, SIXTH, SINGE, IMAGE
• Quordle #1261, Tuesday, 8 July: PLIED, PRANK, GAWKY, OXIDE
• Quordle #1260, Monday, 7 July: DROLL, TRUCE, TWIRL, SINCE
• Quordle #1259, Sunday, 6 July: AMPLY, SPAWN, EXTOL, RIDGE
• Quordle #1258, Saturday, 5 July: HAVEN, SNAKE, DREAM, TORUS
• Quordle #1257, Friday, 4 July: FAVOR, SKUNK, GAWKY, FLUFF
• Quordle #1256, Thursday, 3 July: DANCE, EYING, GLAZE, EGRET
• Quordle #1255, Wednesday, 2 July: INANE, SCOUR, ELITE, ULCER
• Quordle #1254, Tuesday, 1 July: REBAR, YEARN, FORTH, CROWD
• Quordle #1253, Monday, 30 June: INGOT, INFER, TAPIR, CLUED
• Quordle #1252, Sunday, 29 June: MIRTH, APTLY, SCRUB, SMACK
• Quordle #1251, Saturday, 28 June: AWOKE, SMOKY, DEVIL, SWING

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Strands hints and answers for Wednesday, July 16 (game #500).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #501) - hint #1 - today's themeWhat is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Find your seat

NYT Strands today (game #501) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• ZANY 
• CLAM
• BONY
• WING
• CROSS
• HEATER

NYT Strands today (game #501) - hint #3 - spangram lettersHow many letters are in today's spangram?

• Spangram has 8 letters

NYT Strands today (game #501) - hint #4 - spangram positionWhat are two sides of the board that today's spangram touches?

First side: right, 2nd row

Last side: left, 2nd row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #501) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #501, are…

• BOXES
• MEZZANINE
• LOBBY
• BALCONY
• WINGS
• ORCHESTRA
• SPANGRAM: THEATERS

• My rating: Easy
• My score: 1 hint

I didn’t see the THEATERS spangram straight away – possibly because I am hardwired to see the UK spelling. Instead, I saw several non-game words in heat, heater, and heaters. So, I took the lazy option of starting with a hint.

BOXES didn’t help me narrow things down much, but it did make me think that we were looking for something about venues and auditoriums. Seeing two letter Zs together helped me get MEZZANINE – a lovely sounding word – and once I got LOBBY I knew that we were looking for words associated with theaters.

It’s a little odd that “stage” is missing from the search as you can’t have a theater without one, but that’s my only quibble.

Yesterday's NYT Strands answers (Wednesday, July 16, game #500)

• CASE
• SPEAKER
• STAND
• STYLUS
• CHARGER
• KEYBOARD
• FOLIO
• SPANGRAM: TABLET

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

• zLabs spots new version of the Konfety Android malware
• This version uses distorted APKs to avoid being detected and analyzed
• It also uses the "evil twin" tactic to remain hidden in plain sight

The infamous Konfety Android malware has apparently been updated, with new versions hiding in plain sight through tampered APK structure, experts have warned.

Security researchers zLabs have found new Konfety variants were adopting “increasingly advanced” techniques to evade detection and hinder reverse engineering efforts.

In ZIP files (which APKs are based on), every file includes a so-called General Purpose Bit Flag, a two-byte field that stores metadata about how the file should be handled (either 0 or 1). One of the bits in the flag indicates if the file is encrypted or not.

Norton 360 with Genie

Today’s cyberthreats are more sophisticated and scams are harder to detect. That’s why we made our all-in-one security more powerful to keep you safer online. Norton 360 now with Genie AI-powered scam detection. Advanced tech for advanced threats starting at $29.99 the first year.View Deal

Evil twins and dual-app deception

In Konfety’s case, the attackers intentionally set bit 0 to 1, even though the file wasn’t actually encrypted, causing decompression tools to misinterpret the files, analysis tools to crash thinking it was unreadable or corrupted, and reverse engineers to waste time troubleshooting.

But that’s not all. Each file entry in a ZIP archive also includes a compression method identifier (0x000 for no compression, 0x000C for an uncommon compression standard, etc.)

With Konfety, the attackers managed to declare files compressed using 0x000C, which wasn’t really the case. Since the files can’t decompress properly, it leads to partial extraction, parsing errors, or even crashes, which complicates reverse-engineering and analysis.

There are other ways Konfety tries to hide and maintain persistence. zLabs said that the attackers are also using so-called “dual-app deception”, in which there’s a legitimate app on major app stores, and a malicious one elsewhere.

The app also hides its icon when installed, and applies geofencing to make sure certain analysts and researchers can’t get to it.

Konfety works by using CaramelAds SDK to fetch ads, deliver payloads, and maintain communication with attacker-controlled servers. It redirects users to malicious websites, prompts unwanted app installs, and triggers persistent spam-like browser notifications.

“The threat actors behind Konfety are highly adaptable, consistently altering their targeted ad networks and updating their methods to evade detection,” the researchers warned.

“This latest variant demonstrates their sophistication by specifically tampering with the APK's ZIP structure. This tactic is designed to bypass security checks and significantly complicate reverse engineering efforts, making detection and analysis more challenging for security professionals.”

Via BleepingComputer

You might also like

• This dangerous new malware is hitting iOS and Android phones alike - and it's even stealing photos and crypto
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

We’ve been hearing for months that Apple is planning to bring AAA game Cyberpunk 2077: Ultimate Edition to macOS, and yesterday we finally got a release date: it’s due to arrive tomorrow, July 17. It’s the news Mac gamers have been waiting a tortuously long time to hear.

As someone who games on both a PC and a Mac – and who absolutely loves Cyberpunk 2077 and has been playing it for years – I’m super excited to try out one of the best single-player games on my Mac. Because this isn’t just one of my favorite games on one of my favorite computers. No, it looks like Apple and CD Projekt Red are going above and beyond to make this an experience custom-built for Mac gamers. And that means there’s a lot to look forward to.

Game-changing performance

(Image credit: Jacob Krol/Future)

As an Apple gamer, I’m used to performance that lags behind my PC. Don’t get me wrong, Apple silicon has been an absolute gamechanger for Mac gaming, and I can still get decent frame rates in most games on my MacBook Pro. But despite Apple’s lofty claims, it’s always seemed like wishful thinking to imagine that the integrated GPU you find in Apple’s Mac chips can compete with any of the best graphics cards.

That’s why the key detail that leapt out at me from Apple’s announcement was the claim that Cyberpunk 2077 will be able to run on a Mac at 120 frames per second (fps) when using ultra settings. Considering how incredibly demanding Cyberpunk 2077 is, that’s bona fide gaming PC performance and would be a massive step up for Mac players.

If that’s what you can potentially eke out of a game like Cyberpunk 2077, then other, less-demanding games could perform even better. Sure, MacBook Pro displays are limited to 120fps, but you might be able to max out all settings and still hit that refresh rate in other titles. It’s an enticing thought.

(Image credit: CD Projekt Red)

Of course, everything depends on which chips will be able to achieve this kind of output. Apple hasn’t given any specifics here, but when we went hands-on with Cyberpunk 2077 on a Mac, it reached 120fps at ultra settings using an M4 Max chip. It’s unlikely that lower-rated chips will hit those numbers too – I’m not holding out too much hope for my M1 Pro MacBook Pro – but we’ll have to see how they perform when we get some testing time with the game.

Interestingly, software is seemingly just as important here as hardware. Yes, a high-end chip will undoubtedly help you reach those sky-high numbers, but some of the most interesting tidbits from Apple’s Cyberpunk 2077 announcement were related to software.

For instance, Apple said that MetalFX Upscaling would be available on launch, with MetalFX Frame Interpolation and MetalFX Denoising coming later this year. Starting with MetalFX Upscaling, this renders the game at a lower level than your display’s native resolution, then uses artificial intelligence (AI) to scale it up. Nvidia and AMD already have similar techs, and they do a fantastic job (in some cases, the upscaled version actually looks better than the original), so this could be a major boost for macOS.

MetalFX Denoising, meanwhile, will allow “real time path tracing on the game’s highest quality graphics settings,” Apple says, and that’s something that could provide an incredible boost to visual fidelity.

The AI revolution

(Image credit: CD Projekt Red)

What’s fascinating to me is that these are all AI technologies. They come at a time when Apple’s headline AI (specifically, Apple Intelligence) is widely perceived to be seriously lagging behind rivals like ChatGPT and Copilot.

Yet while most people envisage chatbots when they think of AI, artificial intelligence is actually far broader, as these gaming techs show. Apple has long been a strong AI performer – its image processing and Siri suggestions being two examples you’ve likely encountered on an iPhone.

Of course, we don’t yet know how well all of these MetalFX techs will perform, with MetalFX Frame Interpolation and Denoising not expected until later this year. But they could counter the argument that Apple is falling behind in AI (a contention that was never the full picture anyway).

Of these AI features, MetalFX Frame Interpolation is the one that has piqued my interest the most. Apple says this generates a new frame for every two input frames, resulting in much smoother gameplay than you would normally be able to achieve.

This is sure to reignite the impassioned “fake frames” debate that has been playing out ever since Nvidia and AMD introduced their own frame-generation features. Yet provided Apple can avoid stutters and jerkiness, I think this is unlikely to bother Mac gamers – for most Apple fans, being able to enjoy smooth framerates on Mac hardware is likely to outweigh any high-level concerns about whether the frames are “real” or “fake.” The true test will be at more modest hardware levels rather than the M4 Max and M3 Ultra we’ve seen Cyberpunk played on so far.

A serious gaming test

(Image credit: Jacob Krol/Future)

And then there are all the other interesting additions that are unique to the Apple edition. This version comes with “dynamically calibrated HDR optimized for Apple XDR displays,” Apple says, alongside Spatial Audio with head tracking (providing you’re listening with a pair of the best AirPods), plus “For this Mac” graphical presets that are “individually optimized for every Apple Silicon Mac model.”

That all makes me think that Apple is trying to do this the right way. It’s making use of its other products and adding its own techs that are tailor-made for its devices, rather than just plugging in upscaling and frame generation tools from Nvidia or AMD and hoping for the best.

The last few years have shown that Apple is taking Mac gaming seriously. Cyberpunk 2077 will be the sternest test of that commitment – but if Apple does it right, it could also be its biggest success story so far.

You might also like

• Cyberpunk 2077 launches on macOS as Apple completes its Mac gaming redemption arc
• I just experienced super-smooth Cyberpunk 2077 at Ultra settings on a Mac, but the developers say there’s more to ‘squeeze out’ of Apple Silicon
• Cyberpunk 2077 will be the biggest test for Mac gaming yet

Good news, teen drama fans! The Summer I Turned Pretty season 3 is finally off and running, with the first two episodes now available to stream on Prime Video. Annoyingly, this is the final ever season we’re going to get, but the coming-of-age drama isn’t bowing out without setting off some fireworks.

The new TV show is easily top of the list when it comes to everything coming to Prime Video in July 2025, and the results speak for themselves. After the second season aired, the show was third in the streaming service’s global acquisition rankings, doubling its viewership with each passing season.

With this in mind, it doesn’t massively make sense for The Summer I Turned Pretty to end with season 3, but we might partially have the original book series to blame for that. This means the show has to pull out all the stops before saying goodbye, and the first two episodes are already almost too ridiculous to be believed.

Is it just me or is The Summer I Turned Pretty season 3’s Prime Video debut already ridiculously unhinged?

Spoilers for The Summer I Turned Pretty season 3 ahead.

Got whiplash? Me too. In just two episodes, we’ve seen Jeremiah (Gavin Casalegno) not managing to graduate on time, then proposing haphazardly to Belly (Lola Tung) without a ring, but has also cheated on her in the interim… twice. Add to this the fact that Belly’s brother Steven (Sean Kaufman) woke up from a coma after being in a car accident on exactly the same day Jeremiah chose to propose, and you’ve got a lot to unpack in a much-needed therapy session. It’s getting messy, and in exactly the way we want to see.

However, it gets worse when you consider everything that’s happening from the other perspective. While Jeremiah thrives (in his own mind), Belly is having to give up her dreams to be with the boy who’s unknowingly cheating on her. Taking drugs, getting drunk at endless houseparties and then wondering why he’s not graduating with his friends clearly is a full-time job in itself, meaning the fallout later on in the season is going to be nasty.

In fact, it’s safe to say that Jeremiah’s storyline is already going above and beyond what we saw happen in the books. It’s worth pointing out that we have seen the same things happen in both the book and TV show, but seeing his behaviour brought to life in front of our eyes is nothing short of diabolical. He becomes an uglier version of the monster we already know he is, and depending on what Belly decides to do in future episodes, could grow to be even worse.

For now, Belly’s agreed to marry Jeremiah, which makes me want to simultaneously throw up and shout at my TV. Absolutely anybody can see it’s a bad decision, setting us up for what will surely be a chaotic episodes 3 and 4 when more characters find out about the news. There will be (rightful) judgement, scorn and plenty of tears in the immediate future, and boy I cannot wait to watch it all unfold.

You might also like

• Prime Video got it hugely wrong with Bosch Legacy, but Ballard gets the franchise back on track – and a 100% Rotten Tomatoes rating proves it
• New to Prime Video? Here are 5 movies and TV shows with over 90% on Rotten Tomatoes to get you started
• The Boys season 5: everything we know so far about the popular Prime Video show's final entry

What's new in Fortnite?

(Image credit: Epic Games)

Epic Games just launched the full Superman collab, with a special item granting Superman powers like flight, heat vision, and super-strength. You can read more about it here. In terms of the OG mode, there's set to be a live event on July 26 centered around a rocket launch. Until then, there's the new Thermal Rifle to try out, as well as a whole new OG Battle Pass to work through.

Fortnite OG wowed players when it first returned, offering up retooled versions of various classic seasons, which changed each week. It proved to be a massive hit, with player counts absolutely skyrocketing in the month or so Fortnite OG was live.

It's no surprise then, that it's now come back as a permanent fixture, continuing into 2025, and Epic has confirmed that the next season of Fortnite OG will begin in August.

Thankfully, the ongoing battle royale title receives regular updates from its developers teasing what's coming, and we do now know that Fortnite OG is going to cycle through seasons. Now that the new season of Fortnite battle royale has launched, the runway is clear for OG to take the spotlight.

Here's everything you need to know about when Fortnite OG Season 5 launches. We'll cover everything officially revealed by Epic Games, some info on what to expect, as well as a round-up of how things played out last time. As news comes out, this page will be updated.

Fortnite OG Season 5 release date

(Image credit: Epic Games)

Fortnite OG Season 5 will launch on August 8, 2025. This is according to the in-game Battle Pass screen. Recently, Epic Games has started to detail a live event that'll arrive on July 26. We'll have to wait and see where it lands this time around.

Fortnite OG is now a dedicated mode moving forward, cycling through Chapter 1 seasons in a similar way to how things worked at the end of 2023, though slightly elongated. Chapter 1 Season 2 ended on March 25, 2025, with Season 3 came to a close on June 8, 2025. This recreates the pattern of the original run, adding loot pool changes and feature introductions. You can read more in the full Fortnite OG Chapter 1 Season 4 blog post.

The best place to keep up on specific updates closer to the launch of the new season of Fortnite OG is the Fortnite Status X / Twitter account. We'll be sure to keep this page up to date as well.

What is Fortnite OG?

(Image credit: Epic Games)

Fortnite OG launched in November 2023 and switched the game all the way back to the 2018 map. Specifically, it started in Season 5, with the return of Tilted Towers, a throwback weapon loot pool, and several OG skins to buy in the store. Each week, Epic Games moved the clock forward to the next season, rotating through Season 6, Season 7/8, and then Season 9/10.

The map went back to a more classic style, visually and in terms of level design. Iconic locations like Frosty Flights came back, as did old-school vehicles like the X-4 Stormwing. This lasted until December 2, 2023, when the game switched over to a new season. Fortnite OG returned on December 6, 2024 and is now a permanent mode, with its own seasons cycle.

Fortnite OG map

(Image credit: Epic Games)

Above, you can see the current Fortnite OG map. It's been meticulously recreated, with every tree, car, chest and object is right where you remember it. Ziplines and ascenders have been added in Zero Build to aid movement. As the seasons change, we'll likely see the map change with it, as well. With Season 4, you'll be able to jump into Dusty Divot, and Risky Reels.

Fortnite OG weapons loot pool

(Image credit: Epic Games)

Here's the weapons added as part of Fortnite OG season 3:

• Shopping Carts (live now)
• Thermal Scoped Assault Rifle (live now!) - Spot your enemies easier. It’ll also highlight Chests and Supply Drops for you!
• Apples (live now!) - As tasty as they are useful, these foraged items provide a nice lil’ 5 Health once eaten.
• Hop Rocks (live now!) - Prepare for lift-off! These meteor fragments grant you the power to perform gravity-defying leaps. It won’t last forever though, so use those hops carefully!
• Mushrooms - There’s no funny business here, these fungi’s provide 5 Shield and can be the difference between a slim victory or swift elimination…
• Bouncer - Spring into action! Whether you’re looking for a bouncy escape or setting up an aerial ambush, the Bouncer Trap is a friend.
• Drum Gun - Rapid fire your way to dominance like someone’s supporting you with a drum roll
• Dual Pistols - This pair of pistols packs a punch if you’re willing to get up close and personal.
• Jetpack - Take to the sky and get an aerial advantage over your opponents. Be warned though — it’s a long way to the ground when you’re all out of fuel
• Stink Bomb - Clear the way with a gaseous grenade that creates a lingering cloud of noxious fumes. Who said winning had to smell good?

Note that while these weapons and items are planned on being added this season, they're not all available at launch. Items like the Drum Gun will be added as the season progresses. The following weapons carry over from the previous season:

• Assault Rifle
• Burst Assault Rifle (Epic and Legendary rarities have arrived!)
• Scoped Assault Rifle
• Light Machine Gun
• Minigun
• Revolver
• Pistol
• Suppressed Pistol
• Suppressed Submachine Gun
• Tactical Submachine Gun
• Pump Shotgun
• Tactical Shotgun
• Heavy Shotgun
• Bolt-Action Sniper Rifle
• Semi-Auto Sniper Rifle
• Hunting Rifle
• Grenade Launcher
• Rocket Launcher
• Guided Missile
• Boogie Bomb
• Bushes
• Cozy Campfire
• Clingers
• Grenade
• Impulse Grenade
• Remote Explosives
• Port-A-Bunker
• Damage Trap
• Launch Pad (non-throwable version)
• Bandages
• Med Kits
• Shield Potions
• Small Shield Potions
• Slurp Juice
• Chug Jugs

FAQsHow long is Fortnite OG back for?

In excellent news for fans, Fortnite OG is a permanent game mode for the online battle royale game. It'll stay live in perpetuity, and follow its own seasonal cycle, which means it'll evolve regularly like other Fortnite modes.

Will Fortnite OG rotate seasons?

As well as Fortnite OG being a permanent game mode, it will absolutely have its own seasonal content that will help keep things fresh. Expect the seasonal cycle to change things up regularly.

How much does the Fortnite OG Pass cost?

The Fortnite OG Pass costs 1,000 V-Bucks. This gives you the chance to earn three skins, as well as a host of other items. It's worth pointing out that unlike the main Battle Pass, the Fortnite OG pass does not feature any V-Bucks, so you won't earn any back while working through it.

You Might Also Like...

• Our picks for the best free games to play in 2025
• Fortnite Chapter 4 review
• Best crossplay games

• Google says it will spend £3 billion on 670MW in hydroelectricity PPAs
• The deal could end up producing up to 3,000MW of hydroelectricity
• Google data center energy consumption is up 27%, emissions are down 12%

Google has agreed to spend at least $3 billion as part of an agreement to boost its renewable energy portfolio as demands increase in line with demand for artificial intelligence and cloud computing.

The deal with Brookfield Renewable Energy Partners includes 20-year power purchase agreements for 670 megawatts of clean energy via two Pennsylvania hydroelectric plants at Holtwood and Safe Harbor.

Although Google has been bidding big on renewable energy in recent years, this marks the world's largest corporate clean power deal for hydroelectricity.

Google strikes the biggest-ever corporate hydroelectricity deal

Already a considerable starting point, Brookfield noted the Hydro Framework Agreement will support the provision of up to 3,000 megawatts of carbon-free hydroelectric capacity across the United States.

The move aligns with Google's efforts to power its data centers with carbon-free energy around the clock, and comes during an era of increased green energy investments. Hyperscaler rivals like Amazon, Meta, and Microsoft have also been splurging on nuclear, gas and renewables to meet demand.

"Hydropower is a proven, low-cost technology, offering dependable, homegrown, carbon-free electricity that creates jobs and builds a stronger grid for all," Google Head of Data Center Energy Amanda Peterson Corio explained.

Brookfield Asset Management President Connor Teskey welcomed the investment, noting that hyperscalers will need to diversify their energy production to meet demand at scale.

Although surges in AI and cloud computing have resulted in higher demand for data centers, Google's most recent 2025 sustainability report revealed how the company managed to cut data center emissions by 12% despite a 27% rise in energy consumption. In its most recent full year, the company procured more than eight gigawatts of clean energy.

Energy efficiency improvements to its AI systems, including power-hungry GPUs, have also resulted in a reduction in water consumption, typically used for cooling. However, having only replenished 64% of the water it used in 2025, there's still clearly a long way to go.

You might also like

• Google's data centers using more power than ever before as AI surge continues
• These are the best cloud computing providers with powerful chips
• Check out our roundup of the best AI tools and best AI writers

• Claude for Financial Services launches specifically for the financial industry
• Users can access powerful Claude 4 models and other Claude AI tools
• The system integrates with internal and external data sources

Anthropic has launched a special edition of its Claude AI platform designed for the highly regulated financial industry, with a focus on market research, due diligence, and investment decision-making.

The OpenAI rival hopes for financial institutions to use its tool for financial modelling, trading system modernisation, risk modeling, and compliance automation, with pre-built MCP connectors offering seamless access to entperise and market data platforms.

The company boasted that Claude for Financial Services offers a unified interface, combining Claude's AI powers with internal and external financial data sources from the likes of Databricks and Snowflake.

Claude for Financial Services

Anthropic highlighted four of the tool's key benefits: powerful Claude 4 models that outperform other frontier models, access to Claude Code and Claude for Enterprise, pre-built MCP connectors, and expert support for onboarding and training.

Testing revealed Claude Opus 4 passed five of the seven Financial Modeling World Cup competition levels, scoring 83% accuracy on complex excel tasks.

"Access your critical data sources with direct hyperlinks to source materials for instant verification, all in one platform with expanded capacity for demanding financial workloads," the company shared in a post.

Anthropic also stressed user data is not used for training its generative models in the name of intellectual property and client information confidentiality.

Besides Snowflake for data and Databricks for analytics, Claude for Financial Services also connects with the likes of Box for document management and S&P Global for market and valuation data, among others.

Among the early adopters is the Commonwealth Bank of Australia, whose CTO Rodrigo Castillo praised Claude for its "advanced capabilities" and "commitment to safety." The Australian banking giant envisions using Claude for Financial Services for fraud prevention and customer service enhancement.

You might also like

• Financial leaders still rely on regular tools like Excel for automation tasks over AI
• We've listed the best AI tools and best AI writers for different industries
• Boost output with the best productivity tools

• A reputable source claims the first public iOS 26 beta will land on or around July 23
• That would be later in the year than usual
• There's already an iOS 26 developer beta

It’s now over a month since iOS 26 was announced, and although it’s available in developer beta, the public beta is yet to launch. But we do now have a good idea of when the first public beta might land.

According to Apple watcher Mark Gurman in a reply to a post on X by @ParkerOrtolani, the first iOS 26 public beta will probably land on or around July 23.

That’s a bit unusual, as typically we’d have had the first public beta before then. For example, the first public beta of iOS 18 launched on July 15 last year, following its announcement on June 10. So this year, with iOS 26 having been unveiled on June 9, we’d if anything have expected to already have the first public beta.

around the 23rdJuly 15, 2025

A worthwhile wait

Still, if Gurman is right there’s not too much longer to wait, and it should be worth the wait too, as iOS 26 is a significant upgrade for Apple’s smartphone operating system.

It includes a completely new look, with more rounded and transparent elements, plus redesigned phone and camera apps, a new Apple Games app, and more.

Of course, we’d take the claim of it landing on or around July 23 with a pinch of salt, especially with that being later than normal. But Gurman has a superb track record for Apple information, and either way we’d expect it to land soon.

If you can’t wait a little big longer though, you can always grab the developer beta – the next version of which may well even land before July 23. To get that, check out how to install the iOS 26 developer beta.

You might also like

• iOS 26: new features, a new design, and everything you need to know
• iOS 26 is official – here are the 5 biggest new features coming to your iPhone
• iOS 26 compatibility – does your iPhone support it? Here's the full list of supported devices

AI isn’t just something to adopt; it’s already embedded in the systems we rely on. From threat detection and response to predictive analytics and automation, AI is actively reshaping how we defend against evolving cyber threats in real time. It’s not just a sales tactic (for some); it’s an operational necessity.

Yet, as with many game-changing technologies, the reality on the ground is more complex. The cybersecurity industry is once again grappling with a familiar disconnect: bold promises about efficiency and transformation that don’t always reflect the day-to-day experiences of those on the front lines. According to recent research, 71% of executives report that AI has significantly improved productivity, but only 22% of frontline analysts, the very people who use these tools, say the same.

When solutions are introduced without a clear understanding of the challenges practitioners face, the result isn’t transformation, it’s friction. Bridging that gap between strategic vision and operational reality is essential if AI is to deliver on its promise and drive meaningful, lasting impact in cybersecurity.

Executives love AI

According to Deloitte, 25% of companies are expected to have launched AI agents by the end of 2025, with that number projected to rise to 50% shortly thereafter. The growing interest in AI tools is driven not only by their potential but also by the tangible results they are already beginning to deliver

For executives, the stakes are rising. As more companies begin releasing AI-enabled products and services, the pressure to keep pace is intensifying. Organizations that can’t demonstrate AI capabilities, whether in their customer experience, cybersecurity response, or product features, risk being perceived as laggards, out-innovated by faster, more adaptive competitors. Across industries, we're seeing clear signals: AI is becoming table stakes, and customers and partners increasingly expect smarter, faster, and more adaptive solutions.

This competitive urgency is reshaping boardroom conversations. Executives are no longer asking whether they should integrate AI, but how quickly and effectively they can do so, without compromising trust, governance, or business continuity. The pressure isn’t just to adopt AI internally to drive efficiency, but to productize it in ways that enhance market differentiation and long-term customer value.

But the scramble to implement AI is doing more than reshaping strategy, it’s unlocking entirely new forms of innovation. Business leaders are recognizing that AI agents can do more than just streamline functions; they can help companies bring entirely new capabilities to market. From automating complex customer interactions to powering intelligent digital products and services, AI is quickly moving from a behind-the-scenes tool to a front-line differentiator. And for executives willing to lead with bold, well-governed AI strategies, the payoff isn’t just efficiency, it’s market relevance.

Analysts distrust AI

If anyone wants to make their job easier, it’s a SOC analyst, so their skepticism of AI comes from experience, not cynicism. The stakes in cybersecurity are high, and trust is earned, especially when systems that are designed to protect critical assets are involved. Research shows that only 10% of analysts currently trust AI to operate fully autonomously. This skepticism isn’t about rejecting innovation, it’s about ensuring that AI can meet the high standards required for real-time threat detection and response.

That said, while full autonomy is not yet on the table, analysts are beginning to see tangible results that are gradually building trust. For example, 56% of security teams report that AI has already boosted productivity by streamlining tasks, automating routine processes, and speeding up response times. These tools are increasingly trusted for well-defined tasks, giving analysts more time to focus on higher-priority, complex threats.

This incremental trust is key. While 56% of security professionals express confidence in AI for threat detection, they still hesitate to let it manage security autonomously. As AI tools continue to prove their ability to process vast amounts of data and provide actionable insights, initial skepticism is giving way to more measured, conditional trust.

Looking ahead

Closing the perception gap between executive enthusiasm and analyst skepticism is critical for business growth. Executives must create an environment where analysts feel empowered to use AI to enhance their expertise without compromising security standards. Without this, the organization risks falling into the hype cycle, where AI is overpromised but underdelivered.

In cybersecurity, where the margin for error is razor-thin, collaboration between AI systems and human analysts is critical. As these tools mature and demonstrate real-world impact, trust will grow, especially when their use is grounded in transparency, explainability, and accountability.

When AI is thoughtfully integrated and aligned with practitioner needs, it becomes a reliable asset that not only strengthens defenses but also drives long-term resilience and value across the organization.

We list the best cloud firewall.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

It’s a scenario that plays out far too often: A mid-sized company runs a routine threat validation exercise and stumbles on something unexpected, like an old infostealer variant that has been quietly active in their network for weeks.

This scenario doesn’t require a zero-day exploit or sophisticated malware. All it takes is one missed setting, inadequate endpoint oversight, or a user clicking what they shouldn’t. Such attacks don’t succeed because they’re advanced. They succeed because routine safeguards aren’t in place.

Take Lumma Stealer, for example. This is a simple phishing attack that lures users into running a fake CAPTCHA script. It spreads quickly but can be stopped cold by something as routine as restricting PowerShell access and providing basic user training. However, in many environments, even those basic defenses aren’t deployed.

This is the story behind many breaches today. Not headline-grabbing hacks or futuristic AI assaults—just overlooked updates, fatigued teams and basic cyber hygiene falling through the cracks.

Security Gaps That Shouldn’t Exist in 2025

Security leaders know the drill: patch the systems, limit access and train employees. Yet these essentials often get neglected. While the industry chases the latest exploits and talks up advanced tools, attackers keep targeting the same weak points. They don’t have to reinvent the wheel. They just need to find one that’s loose.

Just as the same old techniques are still at work, old malware is making a comeback. Variants like Mirai, Matsu and Klopp are resurfacing with minor updates and major impact. These aren’t sophisticated campaigns, but recycled attacks retooled just enough to slip past tired defenses.

The reason they work isn’t technical, it’s operational. Security teams are burned out. They’re managing too many alerts, juggling too many tools and doing it all with shrinking budgets and rising expectations. In this kind of environment, the basics don’t just get deprioritized, they get lost.

Burnout Is a Risk Factor

The cybersecurity industry often defines risk in terms of vulnerabilities, threat actors and tool coverage, but burnout may be the most overlooked risk of all. When analysts are overwhelmed, they miss routine maintenance. When processes are brittle, teams can’t keep up with the volume. When bandwidth runs out, even critical tasks can get sidelined.

This isn’t about laziness. It’s about capacity. Most breaches don’t reveal a lack of intelligence. They just demonstrate a lack of time.

Meanwhile, phishing campaigns are growing more sophisticated. Generative AI is making it easier for attackers to craft personalized lures. Infostealers continue to evolve, disguising themselves as login portals or trusted interfaces that lure users into running malicious code. Users often infect themselves, unknowingly handing over credentials or executing code.

These attacks still rely on the same assumptions: someone will click. The system will let it run. And no one will notice until it’s too late.

Why Real-World Readiness Matters More Than Tools

It’s easy to think readiness means buying new software or hiring a red team, but true preparedness is quieter and more disciplined. It’s about confirming that defenses such as access restrictions, endpoint rules and user permissions are working against the actual threats.

Achieving this level of preparedness takes more than monitoring generic threat feeds. Knowing that ransomware is trending globally isn’t the same as knowing which threat groups are actively scanning your infrastructure. That’s the difference between a broader weather forecast and radar focused on your ZIP code.

Organizations that regularly validate controls against real-world, environment-specific threats gain three key advantages.

First, they catch problems early. Second, they build confidence across their team. When everyone knows what to expect and how to respond, fatigue gives way to clarity. Thirdly, by knowing the threats that matter, and the ones focused on them, they can prioritize those fundamental activities that get ignored.

You may not need to patch every CVE right now, just the ones being used by the threat actors targeting you. What areas of your network are they actively doing reconnaissance on? Those subnets probably need more focus to patching and remediation.

Security Doesn’t Need to Be Sexy, It Needs to Work

There’s a cultural bias in cybersecurity toward innovation and incident response. The new tool, the emergency patch and the major breach all get more attention than the daily habits that quietly prevent problems.

Real resilience depends on consistency. It means users can’t run untrusted PowerShell scripts. It means patches are applied on a prioritized schedule, not “when we get around to it.” It means phishing training isn’t just a checkbox, but a habit reinforced over time.

These basics aren’t glamorous, but they work. In an environment where attackers are looking for the easiest way in, doing the simplest things correctly is one of the most effective strategies a team can take.

Discipline Is the New Innovation

The cybersecurity landscape will continue to change. AI will keep evolving, adversaries will go on adapting, and the next headline breach is likely already in motion. The best defense isn’t more noise or more tech, but better discipline.

Security teams don’t need to do everything. They need to do the right things consistently. That starts with reestablishing routine discipline: patch, configure, test, rinse and repeat. When those fundamentals are strong, the rest can hold.

For CISOs, now is the time to ask a simple but powerful question: Are we doing the basics well, and can we prove it? Start by assessing your organization’s hygiene baseline. What patches are overdue? What controls haven’t been tested in months? Where are your people stretched too thin to execute the essentials? The answers won’t just highlight the risks, they’ll point toward the pathway to resilience.

We list the best patch management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• WeTransfer users were outraged when it seemed an updated terms of service implied their data would be used to train AI models.
• The company moved fast to assure users it does not use uploaded content for AI training
• WeTransfer rewrote the clause in clearer language

File-sharing platform WeTransfer spent a frantic day reassuring users that it has no intention of using any uploaded files to train AI models, after an update to its terms of service suggested that anything sent through the platform could be used for making or improving machine learning tools.

The offending language buried in the ToS said that using WeTransfer gave the company the right to use the data "for the purposes of operating, developing, commercializing, and improving the Service or new technologies or services, including to improve performance of machine learning models that enhance our content moderation process, in accordance with the Privacy & Cookie Policy."

That part about machine learning and the general broad nature of the text seemed to suggest that WeTransfer could do whatever it wanted with your data, without any specific safeguards or clarifying qualifiers to alleviate suspicions.

Perhaps understandably, a lot of WeTransfer users, who include many creative professionals, were upset at what this seemed to imply. Many started posting their plans to switch away from WeTransfer to other services in the same vein. Others began warning that people should encrypt files or switch to old-school physical delivery methods.

Time to stop using @WeTransfer who from 8th August have decided they'll own anything you transfer to power AI pic.twitter.com/sYr1JnmemXJuly 15, 2025

WeTransfer noted the growing furor around the language and rushed to try and put out the fire. The company rewrote the section of the ToS and shared a blog explaining the confusion, promising repeatedly that no one's data would be used without their permission, especially for AI models.

"From your feedback, we understood that it may have been unclear that you retain ownership and control of your content. We’ve since updated the terms further to make them easier to understand," WeTransfer wrote in the blog. "We’ve also removed the mention of machine learning, as it’s not something WeTransfer uses in connection with customer content and may have caused some apprehension."

While still granting a standard license for improving WeTransfer, the new text omits references to machine learning, focusing instead on the familiar scope needed to run and improve the platform.

Clarified privacy

If this feels a little like deja vu, that's because something very similar happened about a year and a half ago with another file transfer platform, Dropbox. A change to the company's fine print implied that Dropbox was taking content uploaded by users in order to train AI models. Public outcry led to Dropbox apologizing for the confusion and fixing the offending boilerplate.

The fact that it happened again in such a similar fashion is interesting not because of the awkward legal language used by software companies, but because it implies a knee-jerk distrust in these companies to protect your information. Assuming the worst is the default approach when there's uncertainty, and the companies have to make an extra effort to ease those tensions.

Sensitivity from creative professionals to even the appearance of data misuse. In an era where tools like DALL·E, Midjourney, and ChatGPT train on the work of artists, writers, and musicians, the stakes are very real. The lawsuits and boycotts by artists over how their creations are used, not to mention suspicions of corporate data use, make the kinds of reassurances offered by WeTransfer are probably going to be something tech companies will want to have in place early on, lest they face the misplaced wrath of their customers

You might also like

• New judge’s ruling makes OpenAI keeping a record of all your ChatGPT chats one step closer to reality
• I don't like the idea of my conversations with Meta AI being public – here's how you can opt out
• Microsoft Copilot is putting eyes on your screen, and I don't mind it – as long as it stays private

• An employee used a very bad AI-generated image to advertise graphic designer jobs at Xbox
• The image shows a woman writing code that somehow appears on the back of a computer monitor, among other problems
• The ad is especially awkward as Microsoft recently completed laying off more than 9,000 people

A post on LinkedIn seeking graphic designers for Xbox is going viral for the irony of terrible AI-generated graphics. Principal Development Lead for Xbox Graphics, Mike Matsel, shared a post announcing the roles, accompanied by what at first glance appears to be an innocuous cartoon of a woman at a workstation typing code. Except the code is on the back of her monitor, and that's just the beginning of the issues with the image.

The fact that Microsoft concluded the latest of several rounds of layoffs, affecting a total of more than 9,000 people, including many in the Xbox division, just a few weeks ago, makes it even more awkward.

(Image credit: LinkedIn/Mike Matsel)

The more you examine the image, the more obvious it becomes that it was (poorly) produced with AI. The computer is unconnected to anything, the desk sort of fades away into nothingness, and the shadows don't make sense. Plus, would Microsoft want a graphic of someone clearly using Apple headphones? Not to mention the fact that, in 2025, you're very unlikely to see someone with the corded iPhone headphones of nearly 20 years ago.

The image does at least sell the idea that Microsoft desperately needs graphic designers, or at least people who know when graphics are very wrong. The dozens of comments on the post emphasize just how annoying many people find the post. A lot are from developers and graphic designers who might otherwise be interested in the positions.

Awkward AI

The fact that this wasn’t just a bad image, but one that undermines the entire point of the job being advertised, is truly mind-boggling. It’s like handing out flyers for a bakery that uses clip art of a melting candle with "bread" written on the attached label.

It's so bizarrely bad that more than a few commenters wondered if it was on purpose. It might be a way to draw attention to the open positions, or, unlikely as this may be, a form of malicious compliance from someone instructed to use AI to announce the open jobs after their colleagues in those positions were recently let go. Or maybe it was the sharpest satire ever seen on LinkedIn.

Those are wildly unlikely theories, but it's telling that they aren't totally impossible. An ad symbolizing everything people are worried about, especially regarding the very artistic jobs being advertised, would be far too blatant to use in a joke. Still, apparently, that's just reality now.

The fact that Microsoft is currently investing billions of dollars in AI only adds to the dissonant reaction. Even if it wasn't formally approved by Microsoft, it still has their Xbox logo on it. Then again, even senior executives can faceplant when discussing and using AI.

Just last week, Executive Producer at Xbox Game Studios Publishing Matt Turnbull suggested that people recently let go could turn to AI chatbots to help get over their emotional distress and find new jobs. He took down the essay encouraging former employees to use AI tools to both find jobs and for "emotional clarity," eventually, but this graphic disaster remains visible to the public, as opposed to the code hiding behind the back of the monitor.

You might also like

• AI can provide 'emotional clarity and confidence' Xbox executive producer tells staff after Microsoft lays off 9,000 employees
• How to use ChatGPT to prepare for a job interview
• Microsoft Paint brushes up on AI

• AWS unveils Kiro, an agentic AI way to code
• Kiro looks to help solve typically issues seen in "vibe coding"
• Kiro is in preview now, with three tiers set to be available

Amazon Web Services (AWS) has unveiled Kiro, an IDE which uses AI agents to streamline the development process.

Available now in preview, Kiro looks to cut down on potential issues with "vibe coding", the process where agents are being asked to create and build software with minimal human interaction.

As well as helping with coding, Kiro can also automatically create and update project plans and technical blueprints, solving one of the most troublesome issues for developers who are still getting to grips with the potential AI brings.

AWS Kiro

Announcing the launch, AWS said Kiro is looking to help transition from “vibe coding to viable code.”

It works by breaking down prompts into structured components, which can then be used to guide implementation and testing, as well as tracking any changes as the code evolves, ensuring no inconsistencies break through.

There's also Model Context Protocol (MCP) support for connecting specialized tools, steering rules to guide AI behavior across your project, and agentic chat for ad-hoc coding tasks.

Finally, it can also automatically check through code to make sure nothing is amiss, making sure developers can submit or launch code without fear of any problems.

Kiro looks, “to solve the fundamental challenges that make building software products so difficult — from ensuring design alignment across teams and resolving conflicting requirements, to eliminating tech debt, bringing rigor to code reviews, and preserving institutional knowledge when senior engineers leave," Nikhil Swaminathan, Kiro’s product lead, and Deepak Singh, Amazon’s vice president of developer experience and agents, said.

"Kiro is great at ‘vibe coding’ but goes way beyond that—Kiro’s strength is getting those prototypes into production systems with features such as specs and hooks."

For now, Kiro is free to use during the preview period, but it seems AWS is looking at introducing three pricing tiers: a free version with 50 agent interactions per month; a Pro tier at $19 per user per month with 1,000 interactions; and a Pro+ tier at $39 per user per month with 3,000 interactions.

"Kiro is really good at "vibe coding" but goes well beyond that," Amazon CEO Andy Jassy wrote in a post on X.

"While other AI coding assistants might help you prototype quickly, Kiro helps you take those prototypes all the way to production by following a mature, structured development process out of the box. This means developers can spend less time on boilerplate code and more time where it matters most – innovating and building solutions that customers will love.

You might also like

• Understanding the vibe coding trend and considerations for developers
• We've rounded up the best laptop for programming options out there
• And these are the best business laptops around

• Hackers only need cheap hardware and basic skills to stop a moving freight train remotely
• The American Association of Railways dismissed the threat until federal pressure forced a response
• The system still isn’t fixed, and full updates won’t arrive until at least 2027

A critical flaw in the wireless systems used across US rail networks has remained unresolved for more than a decade, exposing trains to remote interference.

The vulnerability affects End-of-Train (EoT) devices, which relay data from the last carriage to the front of the train, forming a link with the Head-of-Train (HoT) module.

Although the issue was flagged in 2012, it was largely dismissed until federal intervention forced a response.

Ignored warnings and delayed responses

Hardware security researcher Neils first identified the flaw in 2012, when software-defined radios (SDRs) began to proliferate.

The discovery revealed that these radios could easily mimic signals sent between the HoT and EoT units.

Since the system relies on a basic BCH checksum and lacks encryption, any device transmitting on the same frequency could inject false packets.

In a concerning twist, the HoT is capable of sending brake commands to the EoT, which means an attacker could stop a train remotely.

“This vulnerability is still not patched,” Neils stated on social media, revealing it took over a decade and a public advisory from the Cybersecurity and Infrastructure Security Agency (CISA) before meaningful action was taken.

The issue, now catalogued as CVE-2025-1727, allows for the disruption of U.S. trains with hardware costing under $500.

Neils's findings were met with skepticism by the American Association of Railways (AAR), which dismissed the vulnerability as merely “theoretical” back in 2012.

Attempts to demonstrate the flaw were thwarted due to the Federal Railway Authority's lack of a dedicated test track and the AAR denying access to operational sites.

Even after the Boston Review published the findings, the AAR publicly refuted them via a piece in Fortune.

By 2024, the AAR’s Director of Information Security continued to downplay the threat, arguing that the devices in question were approaching end-of-life and didn’t warrant urgent replacement.

It wasn’t until CISA issued a formal advisory that the AAR began outlining a fix. In April 2025, an update was announced, but full deployment is not expected until 2027.

The vulnerability stems from technology developed in the 1980s, when frequency restrictions reduced the risk of interference, but today’s widespread access to SDRs has altered the risk landscape dramatically.

“Turns out you can just hack any train in the USA and take control over the brakes,” Neils said, encapsulating the broader concern.

The ongoing delay and denial mean US trains are probably sitting on a keg of gunpowder that could lead to serious risks at any time.

Via TomsHardware

You might also like

• These are the fastest SSDs you can buy right now
• Take a look at some of the best external hard drives available
• This popular WordPress plugin has been hijacked to push potential malware

• Only 2% of enterprises are highly ready for AI, report claims
• Fewer than one-third have deployed AI firewalls to date
• Another one in three could do with diversifying their AI models

Although more and more applications are getting AI overhauls, new F5 research had claimed only 2% of enterprises are highly ready for AI.

More than one in five (21%) fall into the low-readiness category, and while three-quarters (77%) are considered moderately ready, they continue to face security and governance hurdles.

This comes as one in four applications use AI, with many organizations splitting their AI usage across multiple models including paid models like GPT-4 and open-source models like Llama, Mistral and Gemma.

Enterprises aren't benefitting from the AI they have access to

Although 71% of the State of AI Application Strategy Report respondents said they use AI to enhance security, F5 highlighted ongoing challenges with security and governance. Fewer than one in three (31%) have deployed AI firewalls, and only 24% perform continuous data labelling, potentially increasing risks.

Looking ahead, one in two (47%) say they plan on deploying AI firewalls in the next year. F5 also recommends that enterprises diversify AI models across paid and open-source opens, scale AI usage to operations, analytics and security, and deploy AI-specific protections like firewalls and data governance strategies.

At the moment, it's estimated that two-thirds (65%) use two or more paid models and at least one open-source model, demonstrating considerable room for improvement.

"As AI becomes core to business strategy, readiness requires more than experimentation—it demands security, scalability, and alignment," F5 CPO and CMO John Maddison explained.

The report highlights how enterprises that lack of maturity can stifle growth, introduce operational bottlenecks and present compliance challenges.

"AI is already transforming security operations, but without mature governance and purpose-built protections, enterprises risk amplifying threats," Maddison added.

You might also like

• Why not consider the best AI tools and best AI writers
• Make your workers more efficient with the best productivity tools
• Many SMBs say they can't get to grips with AI, need more training