TechRadar News

Artificial intelligence has rapidly become a cornerstone of modern business, driving innovation and efficiency across industries. Yet, as companies increasingly rely on AI tools to handle sensitive tasks, they are also opening themselves up to new security vulnerabilities.

Businesses integrating AI into their operations means AI entities are becoming more autonomous and gaining access to more sensitive data and systems. As a result, CISOs are facing new cybersecurity challenges. Traditional security practices, designed for human users and conventional machines, fall short when applied to AI. So, it’s vital for companies to address emerging vulnerabilities if they are to prevent security issues from unchecked AI integration and secure their most valuable data assets.

AI: more than just machines

Every single type of identity has a different role and capability. Humans usually know how to best protect their passwords. For example, it seems quite obvious to every individual that they should avoid reusing the same password multiple times or choosing one that’s very easy to guess. Machines, including servers and computers, often hold or manage passwords, but they are vulnerable to breaches and don’t have the capability to prevent unauthorized access.

AI entities, including chatbots, are difficult to classify with regard to cybersecurity. These nonhuman identities manage critical enterprise passwords yet differ significantly from traditional machine identities like software, devices, virtual machines, APIs, and bots. So, AI is neither a human identity nor a machine identity; it sits in a unique position. It combines human-guided learning with machine autonomy and needs access to other systems to work. However, it lacks the judgment to set limits and prevent sharing confidential information.

Rising investments, lagging security

Businesses are investing heavily in AI, with 432,000 UK organizations – accounting for 16% – reporting they have embraced at least one AI technology. AI adoption is no longer a trend; it’s a necessity, so spending on emerging technologies is only expected to keep rising in the coming years. The UK AI market is currently worth over £16.8 billion, and is anticipated to grow to £801.6 billion by 2035.

However, the rapid investment in AI often outpaces identity management security measures. Companies don’t always understand the risks posed by AI. As such, following best practices for security or investing enough time in securing AI systems is not always top of the priority list, leaving these systems vulnerable to potential cyberattacks. What’s more, traditional security practices such as access controls and least privilege rules are not easily applicable to AI systems. Another issue is that, with everything they already have going on, security practitioners are struggling to find enough time to secure AI workloads.

CyberArk’s 2024 Identity Security Threat Landscape Report reveals that while 68% of UK organizations report that up to half of their machine identities access sensitive data, only 35% include these identities in their definition of privileged users and take the necessary identity security measures. This oversight is risky, as AI systems, loaded with up-to-date training data, become high-value targets for attackers. Compromises in AI could lead to the exposure of intellectual property, financial information, and other sensitive data.

The threat of cloud attacks on AI systems 

The security threats to AI systems aren’t unique, but their scope and scale could be. Constantly updated with new training data from within a company, LLMs quickly become prime targets for attackers once deployed. Since they must use real data and not test data for training, this up-to-date information can reveal valuable sensitive corporate secrets, financial data, and other confidential assets. AI systems inherently trust the data they receive, making them particularly susceptible to being deceived into divulging protected information.

In particular, cloud attacks on AI systems enable lateral movement and jailbreaking, allowing attackers to exploit a system’s vulnerabilities and trick it into disseminating misinformation to the public. Identity and account compromises in the cloud are common, with many high-profile breaches resulting from stolen credentials and causing significant damage to major brands across the tech, banking and consumer sectors.

AI can also be used to perform more complex cyberattacks. For example, it enables malicious actors to analyze every single permission that’s linked to a particular role within a company and assess whether they can use this permission to easily access and move through the organization.

So, what’s the sensible next step? Companies are still at the beginning of the integration of AI and LLMs, so establishing robust identity security practices will take time. However, CISOs can’t afford to sit back and wait; they must proactively develop strategies to protect AI identities before a cyberattack happens, or a new regulation comes into place and forces them to do so.

The key steps for strengthening AI security

While there is no silver bullet security solution for AI, businesses can put certain measures in place to mitigate the risks. More specifically, there are some key actions that CISOs can take to enhance their AI identity security posture as the industry continues to evolve.

Identifying overlaps: CISOs should make it a priority to identify areas where existing identity security measures can be applied to AI. For example, leveraging existing controls such as access management and least privilege principles where possible can help improve security.

Safeguarding the environment: It’s crucial that CISOs understand the environment where AI operates to protect it as efficiently as possible. While purchasing an AI security platform isn’t a necessity, securing the environment where the AI activity is happening is vital.

Building an AI security culture: It’s hard to encourage all employees to adopt best identity security practices without a strong AI security mindset. Involving security experts in AI projects means they can share their knowledge and expertise with all employees and ensure everyone is well aware of the risks of using AI. It’s also important to consider how data is processed and how the LLM is being trained to encourage employees to think of what using emerging technologies entails and be even more careful.

The use of AI in business presents both great opportunities and unprecedented security challenges. As we navigate this new landscape, it becomes clear that traditional security measures are insufficient for the unique risks posed by AI systems. The role of CISOs is no longer simply about managing conventional cybersecurity threats; it now involves recognising the distinct nature of AI identities and securing them accordingly. So, businesses must make sure they invest time and resources in finding the right balance between innovation and security to keep up with the latest trends while protecting their most valuable assets.

We've listed the best Objectives and Key Results (OKR) software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

At a time when the risks of AI-powered and advanced email-borne cybersecurity threats dominate the news agenda, it might be easy to overlook the dangers of some of the age-old attack vectors that continue to be exploited by cybercriminals.

For industries that rely on removable media – such as USB drives – there is a continued need for vigilance as these devices have the potential to trigger damaging and highly costly cyberattacks.

The resurgence of USB-based attacks

USB devices are commonly used in a number of core Critical National Infrastructure (CNI) sectors such as manufacturing, utilities and healthcare. These sectors rely on USB drives to transfer data in environments with limited or no internet access, such as air-gapped systems that isolate critical assets and data from external networks for security purposes.

In operational technology (OT) environments USB drives are often the only practical way to transfer data between systems that are deliberately kept offline, making them a common tool for software updates or data migration.

This widespread use makes USB drives a prime target for cyberattacks. One prominent example is the Sogu malware, deployed by the hacker group UNC53, which used infected USB drives to infiltrate multiple organizations last year. This campaign targeted industries in countries like Egypt and Zimbabwe, where USB drives are integral in day-to-day business operations.

Recent USB-based attack techniques have grown in sophistication, often bypassing advanced security layers by exploiting the inherent trust between the USB device and the host.

Longstanding techniques like “Rubber Ducky” keystroke attacks, which silently copy user activity and send information back to the attacker’s host system, are being deployed in new ways. For example, some human interface devices (HIDs) like mice and keyboards can have their firmware modified to inject the keystrokes to install covert malware.

A favorite for penetration testers and social engineers alike looking to entice unwary employees or visiting partners to pick up and insert a compromised USB device.

Why securing removable media presents a unique challenge

Managing removable media presents several challenges, particularly in OT-heavy environments.

USB-based attacks bypass traditional network security, allowing attackers to exfiltrate sensitive data or gain long-term access to systems. These attacks are especially dangerous in isolated systems, where the lack of network connectivity can delay detection and prolong attackers' dwell time.

This makes them a perfect vector for malware infections, data breaches, and unauthorized access. Infected USB drives can easily introduce malicious software into systems that aren’t regularly monitored, leading to potential data loss or operational disruptions. Without strict device and data controls, USB drives can introduce malware or allow unauthorized access to sensitive systems.

One of the key challenges that organizations have in addressing these security risks is that they often lack visibility into what people and what devices they connect to their systems or how data is transferred, making policy enforcement more challenging.

It’s not only the security risks of malware that present a problem; the theft or loss of unencrypted data on removable media, poses a significant risk, particularly in highly secure environments.

How to keep malicious data from USB drives out of the system

Mitigating these risks requires a multi-layered approach to security that combines both technical and policy-based solutions. Real-time monitoring of devices is essential; any USB connected to a system should be scanned for malware and suspicious activity, enabling threats to be detected before they compromise the network.

Data sanitization plays a key role in this process. By cleaning files transferred via USB, organizations can remove any hidden malware or malicious content, ensuring that only safe data enters their network.

For organizations in the CNI sector, a more robust solution might include air-gapped systems combined with a cybersecurity kiosk that scans and sanitizes all incoming and outgoing media. Cleaning all files of malicious content using Content Disarm and Reconstruction (CDR) techniques and placed in secure isolated data vaults. Only sanitized and validated data from these vaults being allowed access into the operational technology networks. These systems ensure that any device entering a secure environment is first cleared of potential threats, adding an extra layer of protection.

Controller access and policies are key

In addition to these technical controls, policy measures governing the use of removable media are a vital component of a strong defense.

Organisations should implement strict controls over which USB devices can access critical systems and regulate the types of files that can be transferred onto any removable media. By limiting access to authorised personnel and approved data, companies can minimise the risk of devices compromising their network. Policies and procedures should mandate that any USB drive should be scanned and its contents sanitised before its data is allowed into the organisations. This can be achieved at scale using a dedicated scanning kiosk application.

Employee and supply chain partner education is also crucial. The root cause of USB-based attacks can often be traced back to human error - such as using unsecured or unauthorized devices - and comprehensive training can help mitigate these risks. Users should be taught about encryption, the dangers of using unknown USB devices, and best practices for safely ejecting devices to prevent data corruption or malware. In high-risk sectors, regular audits of how USB drives are being used and how security protocols are being followed can further strengthen an organization's defenses.

Keeping USB drives on the cybersecurity agenda

USB devices remain a significant security threat, especially in sectors where they are essential for data transfer. Even organizations that don’t routinely use removable media in their workflows should be aware of the threat they pose.

A comprehensive approach that combines real-time monitoring, device control, and data sanitization, along with strict access policies and user education, will cover all the bases and minimize the chances of falling victim to USB-borne threats.

We've rated the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

We’re heading right into the Black Friday sales season, with major online retailer Amazon already kicking off seasonal deals, but with such a savings blitz on the horizon, be wary of malicious websites and services online that could mislead you and put your personal data in danger. We keep a vigilant eye on the current threat of scams every month, but we’re lending a spotlight to coupon scams that could promise a good deal and result in nothing of the sort.

Before we get too into the weeds, you can trust TechRadar when it comes to the best coupons on tech products. We’re always updating our articles on HP discount codes, Dyson coupons, Samsung promo codes and more, with our discount codes sourced from brands and retailers directly. We don’t deal in dodgy discounts, and if it’s listed on one of our coupon pages, it’s a tested and verified coupon (though obviously keep in mind that such codes expire and will not last forever).

However there are plenty of sources for coupons out there that can pose a risk to you. The physical act of entering a dud code into a box at the checkout likely won’t result in any backlash, but the act of obtaining said coupon is another story.

We’re drilling our advice on staying coupon scam safe down into three easy to understand points. Read on to learn the best practices when it comes to fake discount code scams online.

1. Trust only legitimate websites, emails and social media posts

Call me biased, but TechRadar is a very good website, and as already mentioned, you can trust the coupon codes and deals that we mention in our articles. When it comes to lesser known websites that may offer ‘too good to be true’ deals, display a frenzy of ads or demand sign-ups or payments before displaying codes, things get murky.

A quick tell of a website’s legitimacy is its URL. If a fake coupon website were attempting to impersonate TechRadar, for example, the URL may be spelled differently or have a different address to .com (such as .xyz, .gg, or .tv). However, some scam websites won’t go down the impersonation route and will instead skip fake legitimacy entirely. This makes things difficult, so a good rule of thumb is that if you don’t know it, don’t click it.

If the website in question has received positive reviews or has been linked to by other trustworthy websites, then that’s a different story altogether and you could lend the website some trust based on these points, but it’d be a mistake to trust a website entirely, only to have your email inbox filled with spam after entering your personal information, or your money drawn out of your account for making a payment to sign up.

This tip goes for emails and social media posts too. Say for example Dell is running a Black Friday sale and you’re a regular customer; you’d probably see emails in your inbox from Dell advertising the sale, along with posts on social media to the same effect. A bad actor might impersonate Dell’s email addresses or social media accounts to advertise fake discount codes. Check the validity of these things against what Dell has on its websites and official ‘verified’ social media accounts.

2. Don’t sign up for discount codes, and especially don’t give up your credit card information

This is an easy tip to recommend because it’ll stop cybercriminals in their tracks; do not give up your credit card information, and unless the website is one that’s trusted, don’t even create an account with them.

When it comes to coupon codes, A dodgy website might have it set up so that discounts are partially visible, but will only be revealed when you create an account with credit card information revealed. Don’t do this, there’s no reason why a coupon code aggregator would need your card information, and unless you trust the website, do not sign up for an account, otherwise you could curse your email inbox and phone number to be constant spam targets.

3. Coupon extensions are great, but know the risks

A popular shopping tool that has really started to gain traction in the past five years is discount coupon browser extensions, such as Honey and Cently. Such browser extensions can be very useful, but because of their deep embedded nature into your browser of choice, such as Google Chrome or Mozilla Firefox, they can pose a risk to your personal and financial security.

ExpressVPN, the creators of TechRadar’s recommended best VPN for beginners, has done an excellent job assessing the legitimacy of discount coupon browser extensions. Here’s a quick explainer on ExpressVPN’s assessment for a handful of browser extensions:

• Honey: Data on purchases is collected and shared with parent company PayPal. It’s overall a safe extension to use, but you might want to skip it if you’re concerned about data harvesting.
• Cently: Data on purchases and shopping habits is shared with partners mostly for marketing purposes. It’s still a relatively safe extension to use, but your data isn’t private.
• Coupert: Again, personal shopping behavior is tracked across the web and shared with partners. It’s still a safe extension to use, and it encrypts the data that it shares, but be aware that they are being shared in the first place.

These are legitimate coupon extensions that could score you some genuine savings at the checkout, but before signing up to all of them at once, keep an eye out for the less-than-legitimate ones. Extensions listed on the Chrome Web Store, for example, may say they track coupons across the internet, but in reality they just flood your browser with spam. Only install legitimate extensions with a verifiably proven track record, and if you’re unsure, check extension reviews on their listing page.

Remember in this Black Friday period: if a deal appears too good to be true, then it probably is. Stay safe online and happy bargain shopping.

• Find more discounts in our live coverage of the best Black Friday deals as well as the best Amazon Black Friday deals

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Wordle hints and answers, Strands hints and answers and Quordle hints and answers articles if you need help for those too.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #536) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• QUACK
• GOBBLE
• THANKS
• GIVING
• FAT
• TACO
• BOLT
• PRAISE
• SUPER
• CREDIT
• CON
• DOWN
• CHEAT
• SCARF
• FAKE
• RECOGNITION

NYT Connections today (game #536) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• Yellow: Well done!
• Green: Not what they seem
• Blue: Devour
• Purple: Black [weekday]

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #536) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: APPRECIATION
• GREEN: FRAUDSTER
• BLUE: EAT VORACIOUSLY
• PURPLE: ___ TUESDAY

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #536) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #536, are…

• YELLOW: APPRECIATION CREDIT, PRAISE, RECOGNITION, THANKS
• GREEN: FRAUDSTER CHEAT, CON, FAKE, QUACK
• BLUE: EAT VORACIOUSLY BOLT, DOWN, GOBBLE, SCARF
• PURPLE: ___ TUESDAY FAT, GIVING, SUPER, TACO

• My rating: Easy
• My score: Perfect

Happy Thanksgiving to those of you in the US! And er, happy Black Friday Eve to everyone else. Inevitably, the NYT threw in some misdirection on the grid today, placing QUACK, GOBBLE, THANKS and GIVING as the first four words on the top row.

But of course this was a red herring. QUACK went with CHEAT, CON and FAKE for the green group (FRAUDSTER), while GOBBLE was grouped with BOLT, DOWN and SCARF for the timely EAT VORACIOUSLY (blue).

Yellow, as is usually the case, was simpler still – APPRECIATION was simply a bunch of synonyms including the aforementioned THANKS, which meant I didn't need to solve the hardest purple group. This included GIVING, which formed a group of the blank kind with FAT, SUPER and TACO. The connection was apparently ___ TUESDAY, but given that SUPER TUESDAY was the only one of the four I've heard of, there was no way I was ever going to get that.

How did you do today? Send me an email and let me know.

Yesterday's NYT Connections answers (Wednesday, 27 November, game #535)

• YELLOW: NOT WORKING RELIABLY BUGGY, ERRATIC, GLITCHY, SPOTTY
• GREEN: CAR PARTS BUMPER, GRILLE, MIRROR, RIM
• BLUE: WHAT A SITTER MIGHT SIT BABY, HOUSE, PET, PLANT
• PURPLE: ___ BAND BOY, RUBBER, TRIBUTE, WEDDING

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

• Researchers from Aqua Security discover new Matrix botnet
• The botnet runs IP cameras, DVRs, routers, and similar
• Matrix was built using off-the-shelf and open source tools

Cybersecurity researchers have spotted a new malicious botnet running distributed denial of service (DDoS) attacks against victims worldwide.

Named “Matrix” by experts at Aqua Security, the botnet was created by a lone hacker gathering up different open source and otherwise free-to-use tools to create it from scratch.

The creator scanned the internet for vulnerable Internet of Things (IoT) devices such as IP cameras, DVRs, routers, and telecom equipment - they could either have a known software flaw, or could simply have an easy-to-break password.

Script kiddie

After identifying the vulnerable endpoints, the hacker would deploy Mirai - an infamous, almost decade-old malware that was behind some of the most disruptive DDoS attacks in history. Besides Mirai, the attacker would also deploy PYbot, pynet, DiscordGo, Homo Network, and other malicious tools.

Ultimately, this led to the creation of Matrix, a widespread botnet that was later offered for other crooks as a service. The sale was being facilitated via a Telegram channel called “Kraken Autobuy”, with the attacker being paid in cryptocurrency.

Its victims are scattered all over the world - from China and Japan, to Argentina, Australia, and Brazil. Egypt, India, and the US also found themselves on the list.

However, while the threat actor seems to be of Russian origin, there is a notable absence of Ukrainian targets, as the researchers believe this is because the Matrix’s “Architect” is after money, and not political or ideological agendas.

Aqua has also made an interesting observation, calling the attacker a “script kiddie”. This is a derogatory term in the cybersecurity community, usually describing an inexperienced, or unskilled hacker. The researchers did it because the attacker used off-the-shelf solutions, rather than building custom solutions on their own.

However, they also hinted that script kiddies could become a much bigger threat in the future:

"This campaign, while not highly sophisticated, demonstrates how accessible tools and basic technical knowledge can enable individuals to execute a broad, multi-faceted attack on numerous vulnerabilities and misconfigurations in network-connected devices," they said.

"The simplicity of these methods highlights the importance of addressing fundamental security practices, such as changing default credentials, securing administrative protocols, and applying timely firmware updates, to protect against broad, opportunistic attacks like this one."

You might also like

• Zyxel VPN security flaw targeted by new ransomware attackers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• New phishing scam looks like an official email from Apple
• Links to fake Apple login screen that will steal your credentials
• Double-check that the email comes from an Apple.com address

Scammers are always trying new tactics to steal your personal information. The latest phishing scam is no exception: cybercriminals are sending out emails which appear to be from Apple, claiming that your Apple ID is suspended, requiring urgent action.

The email, which appears convincing, demands that you take action to recover your suspended Apple ID (which has been rebranded your 'Apple Account' from iOS 18). Clicking the link in the email will take you to a fake Apple login screen. If you enter your details here, hackers will steal your credentials and potentially be able to gain access to your Apple account.

Depending on how securely your Apple account is set up, your username and password could allow these cybercriminals to make fraudulent purchases with your saved payment methods. They could also give them access to personal data, such as files and photos saved in your iCloud account.

The scam relies on all of the techniques used in classic phishing scams. The email is designed to look exactly like an official email from Apple, with logos, colors and fonts that make it highly believable. This consistency is intended to gain your trust.

The account alert also causes an emotional response. You might experience fear or panic at the thought that your Apple ID has been suspended. This is the hook that could cause you to act. The scam combines this with a sense of urgency, requiring you to act quickly to recover your account. The idea behind this is to make you act hastily, overlooking any inconsistencies in the email.

Don’t take the bait

An official email from Apple will end with '@email.apple.com' like the one above. (Image credit: Apple)

With more than two billion active Apple devices worldwide, it’s no surprise that scammers are targeting users of these products. Whether you own an iPhone, an iPad, a MacBook or something else, an Apple ID is your key to the Apple ecosystem. If this is compromised, cybercriminals can potentially access a trove of your data.

This isn’t the first Apple ID scam we’ve seen: earlier this year we reported on an SMS attack which attempted to steal user details. With phishing attacks becoming increasingly common, complex and harder to detect, particularly with the use of artificial intelligence, we don’t expect Apple ID (or Apple Account) scams to go away any time soon.

TL;DR How to stay safe

(Image credit: Konstantin Savusia via Shutterstock)

1. Check the email's address (Apple emails will end in '@email.apple.com').
2. Watch out for inconsistencies in the email (like grammatical errors).
3. Remember that Apple will never ask you to log in to a website.
4. Turn on two-factor authentication for extra security.

There are a few things you can do to keep yourself and your Apple ID secure. First, whenever you receive an email about your Apple ID, check the address that the email has been sent from. If it’s a genuine email from Apple, the account will end in @email.apple.com. If it doesn’t, it’s almost certainly fraudulent.

Secondly, you should also check the email thoroughly for inconsistencies. Look for spelling mistakes, grammatical errors and formatting issues, all of which are tell-tale signs of a fraudulent email.

As a general rule, you should view account alert emails with a healthy dose of suspicion. Apple has published an article about how to stay safe from scams, in which it offers the following advice: “If you're suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safer to presume that it's a scam — contact that company directly if you need to.”

Apple also makes clear that it will never ask you to log in to a website, provide your passcode or bypass two-factor authentication. If an email is asking you to do any of these things, you know that it’s a scam.

If you believe that an email you’ve received about your Apple ID isn’t authentic, don’t click any links contained in it. Instead, you can forward this email to reportphishing@apple.com, then mark the message as spam.

If you believe your Apple ID has been compromised, you should change your password by heading directly to the Apple website. It’s also best-practice to turn on two-factor authentication, which will make it much harder for hackers to access your Apple account, even if they have your username and password.

You might also like...

• Everything you need to know about phishing
• How to add extra security to your Apple ID
• How to switch Apple ID

Anthropic is rolling out new ways for you to change how your Claude AI chatbot communicates with a new range of pre-set and custom writing styles. Instead of explaining in every prompt how you want the AI to respond, you'll be able to tailor its conversation to your needs. That means Claude will be as formal or casual, verbose or concise as you wish. It’s a major step to making talking to an AI feel more natural and more like talking to a person, in this case, a person who speaks in a way you prefer.

There are three preset options you can pick from right away. The names are pretty much on the nose. Formal style is for professional, precise responses; Concise is for shorter and direct answers; and Explanatory style is more about explaining and teaching, with extra context and details.

However, the new custom style option is the real eye-catcher. You can create your own personal communication styles for Claude to mimic by uploading samples in the tone and style you want, along with your own words describing the way you want Claude to write. Over time, you can fine-tune and improve the descriptions to make the AI chatbot a perfect mimic. You can see how it works below.

(Image credit: Anthropic) AI at home

"Whether you're a developer writing technical documentation, a marketer crafting specific brand guidelines, or a product team planning extensive project requirements, Claude can adapt to your preferred way of writing," Anthropic explained in a blog post. "With styles, Claude adapts to your unique context and communication choices, helping you achieve more while working in a way that feels natural to you."

For those keen on consistent style, like in business or professional communications, the new feature has obvious appeal. Anthropic pointed to customers like GitHub, which is using the style options to improve internal operations and create marketing copy. It's worth raising questions about how customizable AI might reshape communication in professional and creative spaces. Could this blur the line between human-authored and AI-generated content? And in scenarios where tone and voice are crucial—like legal documents or sensitive communications—how much responsibility should fall on the AI versus the user to ensure accuracy and appropriateness?

Anthropic's approach is somewhat unique, but customizing AI responses isn’t entirely new. ChatGPT, Google Gemini, and Microsoft Copilot all have features for customizing tone and voice. Still, Anthropic's option to infer your preferred style from uploaded content could make it a lot easier to teach the AI how you want it to write.

You might also like

• A new AI feature can control your computer to follow your orders
• You and your friends can now share and remix your favorite conversations with the Claude AI chatbot
• Anthropic wants its AI assistant Claude to be your favorite coworker

• Dash Pro Flash Drive delivers up to 4TB storage with high speeds
• Achieves 1050MBps on USB 3.2; supports USB-C and Thunderbolt
• Includes adapters, and features durable aluminum housing

Despite the rise of cloud storage, a USB flash drive remains a practical and reliable tool for data storage and transfer.

Their portability, ease of use, and ability to operate without an internet connection make them invaluable for creatives and professionals, whether sharing large files, backing up critical data, or accessing information on the go. If there’s a drawback to flash drives, it might be capacity, but the Dash Pro from Oyen Digital solves this by offering sizes up to 4TB.

Measuring just 3.1 x 0.97 x 0.33 inches and weighing 2 ounces, the drive supports USB-A, USB-C, and Thunderbolt 3 & 4 connections and the internal NVMe PCIe 4.0 x4 interface, powered by the Phison E21 controller, offers speed and reliability.

Heat protection

Pre-formatted with exFAT, the drive is ready to use with Windows, macOS, and Linux operating systems.

By using 3D TLC NAND, the USB 3.2 Gen2 Dash Pro achieves speeds of up to 1050MBps when connected via USB-C, USB 3.2, or Thunderbolt 3 & 4 (it is not compatible with Thunderbolt 1 or 2), and up to 525MBps with USB 3.0.

The Dash Pro has a durable aluminum housing that effectively absorbs and dissipates heat, preventing the internal components from overheating. With an operating temperature range of 32°F to 158°F, the drive promises dependable performance even in harsh conditions.

Included with the Dash Pro are a USB-A to USB-C adapter, a USB-A extender, and a lanyard, which should hopefully prevent you from losing the drive. Certified by CE and FCC, Dash Pro is backed by a three-year warranty.

The Dash Pro is available for purchase from B&H in 1TB, 2TB, and 4TB capacities, with the largest drive priced at $439. Whether you need fast transfers, secure data storage, or wide compatibility, the Dash Pro Flash Drive is a versatile and high-performance option.

You might also like

• These are best Black Friday mini PC deals right now
• And these are best USB flash drives on the market
• I challenge anyone to find a better USB flash drive for less than $70

It's Black Friday week, and you know what that means: pretty much every retailer on the planet is offering "super mega deals" on gadgets and accessories. But savvy shoppers know where to go for even bigger savings – while also reducing their environmental impact.

Whether you're looking for iPhones or headphones, PCs or tablets, smartwatches or Nintendo Switches, Back Market is the place to go for the very best tech deals – not just during Black Friday week, but every week. With savings of up to 50% on new prices in the UK and up to 70% in the US, it's the perfect place to get the very best tech for the very best prices.

(Image credit: Back Market) Serious savings on the most tempting tech

You can save serious amounts of cash by shopping at Back Market. Today*, the Samsung Galaxy S23 is down from £831.51 to just £371, a saving of over £460. For US buyers, it's down from $799 to $353.09.

The incredibly powerful iPhone 15 Pro Max is down from £1,199 to £702.09 in the UK and from $1,199 to $833.87 in the US.

And the iPhone 14 is down to just £355.93 from the usual £599. In the US, it's down from $599 to $335.95.

That's not all. You can get a full-size iPad for just £102.05 / $78.20 and an Apple Watch Ultra for £597.17 / $443.16, down from the normal £982.16 / $799. The M-powered MacBook Air is available for just £510.40 / $477.63 and the M1 Pro starts at £562.32 / $515.

You can pick up a Nintendo Switch for £197 / $232, a pair of Beats Solo 3 for £129 / $98, and Beats Studio3 for less than half price at just £205.97. In the US they're even cheaper: $117.34, down from $469.53.

And those prices don't include trade-ins, which are available on many items and which bring the price you pay down even more. And if you trade-in this Black Friday, Back Market are giving an extra £20 / $30 off all orders over £250 / $250.

Back Market's UK site also does great deals on appliances. Looking for a fancy coffee machine? There are great deals on espresso and Nespresso machines alike, such as Sage's The Barista Touch. That one's down from £1,199.95 to just £684.99. A great Russell Hobbs air fryer is yours for just £35, down from £178.47. Fancy a juicer? £89.99 instead of £229.95.

It isn't too good to be true, and it doesn't come with a catch. It's just a better way to buy.

(Image credit: Back Market) Why Back Market is better

Back Market is the leading global marketplace for refurbished electronics, devices and accessories. It works with over 1,500 carefully vetted sellers to bring you the very best technology at the very best prices, saving you cash while also helping reduce your environmental footprint: when you buy refurbished you're reducing the amount of raw materials, water and energy used to deliver your digital delights.

So what does refurbished mean? It means taking pre-loved devices and restoring them to perfect working condition according to industry standards. You get all the benefits of buying pre-loved without any of the risk, so you can be confident that your device won't arrive locked, with a duff battery, or with a dodgy history. If there are any faults they're fixed professionally, and then the device is fully tested and checked by industry professionals. Not only that but it comes backed with a 1-year warranty and a 30-day return policy.

The big benefit of buying refurbished is that it saves you tons of money compared to the cost of buying new. But it should also help you sleep with a clean conscience: buying a refurbished device means producing up to 92% fewer CO2 emissions than buying new.

(Image credit: Back Market) How to save serious sums on essential electronics

Whether you're looking for headphones or a hair dryer, a console or a coffee machine, a smartphone or a shaver, simply pick your product and decide how much money you'd like to save. To do that it's just a matter of choosing the appropriate category: Fair, Good, Excellent or for phones, Premium.

Every device Back Market sells is 100% functional and fully guaranteed, but you can choose how pristine you want its appearance to be. The very cheapest items, classified as Fair, may have some minor cosmetic imperfections and some signs of use but offer the most massive savings; Good ones look great, Excellent are even better and Premium phones look factory-fresh.

You'll see a lot of so-called crazy deals during the Black Friday frenzy. But if you're serious about saving money and want to get great tech that's better for the environment too, there's only one place you need to know. Click here to find your new favourite device for a price you'll really like: here's the Back Market site for the UK, and here's the Back Market site for the US.

• Researchers from AmberWolf find two flaws in popular VPN products
• Flaws can be abused to get the VPNs to connect to malicious servers
• The servers can use the connection to steal login credentials, drop malware, and more

Hackers have been using compromised VPN servers to steal sensitive information from connected VPN clients, security researchers are warning.

Earlier this year, cybersecurity experts from AmberWolf discovered criminals were tricking people into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to VPN servers under their control.

The criminals were using malicious websites, or documents in social engineering and phishing, to get people to connect.

Fixing the problem

Since the vulnerable VPN clients fail to properly authenticate or verify the legitimacy of the VPN server, attackers get to impersonate trusted servers, and are allowed several malicious actions, including stealing the victims’ login credentials, running arbitrary code with elevated privileges, installing malware through software updates, and more.

AmberWolf named the vulnerabilities “NachoVPN”, and reported them to the respective organizations.

On SonicWall’s side, the bug was tracked as CVE-2024-29014, and was fixed in July 2024, while on Palo Alto Networks’ side, it was tracked as CVE-2024-5921, and was addressed in November 2024.

The first clean version of NetExtender Windows is 10.2.341. For Palo Alto, users should either install GlobalProtect 6.2.6, or run their VPN client in FIPS-CC mode.

Besides reporting the bugs to SonicWall and Palo Alto Networks, AmberWolf also shared an open-source tool, also called NachoVPN, which simulates the attack, BleepingComputer has found.

"The tool is platform-agnostic, capable of identifying different VPN clients and adapting its response based on the specific client connecting to it. It is also extensible, encouraging community contributions and the addition of new vulnerabilities as they are discovered," AmberWolf said.

"It currently supports various popular corporate VPN products, such as Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti Connect Secure," the company concluded in its announcement.

Via BleepingComputer

You might also like

• Zyxel VPN security flaw targeted by new ransomware attackers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Next year’s iPhone 17 Air may contain Apple’s own modem
• This component could have some near-term performance drops
• But it might also pave the way for a new era of Apple products

Apple is on the verge of what could be the most significant iPhone revamp in years, with a speculated “iPhone 17 Air” slimming down the phone to unheard-of proportions when it’s expected to launch next year. It parallels past Apple devices where thinness has been a priority, but will the iPhone 17 Air become a powerhouse like the MacBook Air or a flop like the 12-inch MacBook?

Key to this dilemma is the most unlikely of components: the iPhone’s modem. Rumors have been flying that Apple is building its own mobile modem and could include it in iPhones as soon as early next year. But there could be a noticeable performance hit to your phone calls and internet connections, with The Information reporting that “its peak speeds are lower and its ability to stay connected to cellular networks is slightly less reliable” compared to the modems in existing iPhones.

Does that mean the iPhone 17 Air will be a device that makes costly sacrifices on the altar of thinness and lightness? There have certainly been some people who have pre-emptively warned of a new “antennagate,” harking back to the call connection scandal that plagued the iPhone 4.

It’s probably too early to make comparisons like that – even if The Information’s report is correct. We don’t know whether the performance difference between old and new modems will even be noticeable, let alone disastrous. However, it illustrates how Apple’s move could prove risky but rewarding.

MacBook Air or 12-inch MacBook?

(Image credit: Future)

Past reports, including those from Bloomberg’s Mark Gurman and Apple analyst Ming-Chi Kuo, have made it clear that the modem switch-up is a long-term project for Apple. While the company is seemingly willing to accept performance costs in the short term, the long-term goal is to lessen Apple’s reliance on third-party manufacturers and cut costs.

Apple’s chip team is one of the best in the world, and judging by the roaring success of its Apple silicon chips, we have little to worry about long-term when it comes to Apple-made modems.

If that contention proves correct, the iPhone 17 Air could follow in the footsteps of another svelte experiment come good: the MacBook Air. When Apple launched the MacBook Air in 2008, it was an astonishing creation that redefined the meaning of thin and light. Sure, it had its drawbacks – low power output, restrictive internal storage, disappointing speakers – but in the years since Apple has improved all of those aspects to such an extent that it’s now one of the best laptops you can buy. Its cut-down frame had its detractors, but it’s proved to be more of a help than a hindrance.

But there’s also a risk that the iPhone 17 Air could turn out like another slimline Apple laptop: the 12-inch MacBook. This device was the ultimate expression of Apple’s obsession with minimalism: it was almost impossibly thin and light, but it came at the cost of power – its thermal envelope was so restrictive that Apple could only outfit it with a mobile processor, despite its eye-wateringly high price. Unsurprisingly, it flopped and was withdrawn from sale just a few years later.

We’ll have a better idea of what direction the iPhone 17 Air goes in when it is expected to arrive next fall, but the real test will be seeing how both it and its successors fare in the years to come. Apple will no doubt be hoping that it takes after the MacBook Air, not the 12-inch MacBook.

You might also like

• Apple could launch its thinnest-ever iPhone next year, but where is the foldable iPhone?
• Big, baffling design changes are reportedly planned for the iPhone 17 series
• Apple’s 5G modem looks destined for the iPhone 18

• New report reveals widespread employee monitoring sensors
• Some students have already successfully resisted them
• These sensors enable “intrusive behavioral monitoring and profiling”

A new study led by Cracked Labs has warned physical office spaces have become hubs of surveillance, where sensors and wireless technology monitor employees’ movements and behaviors to keep track of office use and productive output.

“As offices… become networked environments, there is a growing desire among employers to exploit data gathered from their existing digital infrastructure," the study notes.

While data collection can serve genuinely useful operational purposes, it can also include personal data about employees, raising privacy concerns.

Offices are being used to track workers

Cracked Labs, together with AlgorithmWatch, Jeremias Prassl (Oxford), UNI Europa and GPA as collaborators, noted how networking companies like Cisco and Juniper, can track individuals’ movements via devices connected to the Wi-Fi.

Such systems can be useful for optimizing office spaces and improving safety, however granular tracking such as monitoring when employees enter and leave a room, desk occupancy patterns and time spent in specific areas could be used to employees’ detriment.

The report also highlights software company Spacewell’s use of under-desk and ceiling-mounted motion sensors, door sensors and AI-based visual sensors, which are intended to provide a live data floorplan but instead pose a significant employee privacy risk.

The consequences have been worker protests and media debates, with some headline examples including the UK’s Daily Telegraph and banking giant Barclays. Additionally, students at Northeastern University successfully resisted the deployment of motion sensors, citing concerns that they were “intimidating” and “unnecessary.”

In summary, Cracked Labs accuses companies that employ such monitoring technologies of “intrusive behavioral monitoring and profiling.” The Austrian nonprofit also states that, by normalizing these types of sensors in everyday environments, it enables them to “creep into other purposes.”

You might also like

• The White House is looking at cracking down on employee monitoring tools
• We’ve listed the best employee monitoring software
• Check out our roundup of the best HR software

• Recall has a number of bugs in initial testing (unsurprisingly)
• One glitch means it isn’t saving snapshots
• The cure for that is to reboot the PC (and it’s the fix for another bug, too)

Windows 11’s controversial Recall feature is finally in play – well, in testing anyway – and some folks are encountering glitches, one of which has an age-old solution provided by Microsoft. Yes – turn it off, then turn it back on again.

As a quick reminder, when Recall was first revealed it caused a major storm on the privacy and security fronts, being an AI-driven powerful search feature (for Copilot+ PCs) that takes regular screenshots (called snapshots) of the activity on your PC (leveraging those grabs for its natural language search powers). It was then pulled, and delayed several times, before eventually being put back on the table by Microsoft last week.

One of the main problems some initial testers of Recall are now experiencing is a failure to save snapshots at all, as Tom Warren of The Verge complains about on Bluesky, as flagged by TweakTown.

CNBC further observed that right now, Recall can go for “several minutes” between taking the screenshots it uses to power its AI search, which can leave gaps in its timeline of snapshots, potentially weakening those search powers.

Microsoft has acknowledged the issue with snapshots being delayed, or not appearing at all, and advises a restart of the PC to cure the latter glitch.

In the known issues for the preview build carrying Recall (in the Dev channel for Windows Insiders), Microsoft advises: “Some users experience a delay before snapshots first appear in the timeline while using their device. If snapshots do not appear after 5 minutes, reboot your device. If saving snapshots is enabled, but you see snapshots are no longer being saved, reboot your device.”

Turn it off. Turn it on again.

(Image credit: fizkes / Shutterstock) Analysis: Expected problems

Recall has only just been deployed into testing, and with such a complex feature, we can expect teething problems. You might argue that Microsoft has been further working on Recall since the functionality was pulled from release in June, when it was originally supposed to arrive (in preview for Copilot+ PCs) – so shouldn’t it be pretty well polished by now?

It’s not as simple as that, though, as obviously a good deal of changes have been implemented in that time – shoring up various security and privacy elements – and so all that fresh work needs to be put through its paces. And only limited (internal) testing has been conducted up until now, which only goes so far.

Other notable issues according to Microsoft include Recall not working with some accessibility apps, and the feature telling you to ‘Make sure Recall is saving snapshots’ when snapshots are, in fact, turned on. That latter problem is again resolved by rebooting your PC, apparently. So, we’re back to that old chestnut – turn it off, then on again.

You might also like...

• My week so far with Copilot+ PC laptops: they might be the future, but not for the reasons Microsoft wants
• I've been using Google Search for 25 years and AI overview is the one thing that could ruin it for me
• Don’t make these 5 big mistakes when using Windows 11

• Researchers found two flaws in a popular WordPress plugin
• Flaws allow threat actors to install malicious plugins and run arbitrary code
• A patch is already available, so WordPress users should update now

A major anti-spam plugin for top website builder WordPress carried a pair of critical severity vulnerabilities which allowed threat actors to install plugins at will, and even execute arbitrary code, remotely.

The bugs have since been patched, and users are advised to deploy them as soon as possible.

The vulnerable plugin is called “Spam protection, Anti-Spam, and Firewall”, and was built by CleanTalk, a company developing spam protection for WordPress, Joomla, Drupal, and other website builders.

Popular plugin

The plugin carried two flaws: one tracked as CVE-2024-10542, and one tracked as CVE-2024-10781. The first has a severity score of 9.8 - critical, while the second 8.1 - high.

The former is an unauthorized Arbitrary Plugin Installation bug, that occurs due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function. As a result, unauthenticated attackers get to install and activate arbitrary plugins which, in some scenarios, can be leveraged to achieve remote code execution.

The latter, on the other hand, is an unauthorized Arbitrary Plugin Installation that occurs due to an missing empty value check on the 'api_key' value in the 'perform' function. The results are the same - achieving remote code execution in certain scenarios (when another vulnerable plugin is installed and activated).

Spam protection, Anti-Spam, and Firewall is a major WordPress plugin, installed on more than 200,000 websites, at press time. The bug was first spotted by a researcher with the alias ‘mikemyers’ who reported their findings to WordFence, a project that researches WordPress vulnerabilities.

WordFence reached out to CleanTalk in late October 2024 who, a few days later, came forward with a patch. “We would like to commend the CleanTalk team for their prompt response and timely patch,” WordFence said.

Users are urged to update their sites with the latest patched version, which was 6.45.2 at press time.

You might also like

• Another top WordPress plugin has a major security flaw — and millions of sites could be affected
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Netflix has dropped the main trailer for the highly anticipated Squid Game season 2 a month ahead of its release on December 26. One of the best streaming services has been teasing the arrival of the follow-up series, and now we've had a full glimpse at what to expect when the smash-hit Korean drama series returns.

Squid Game set the bar high with season 1, but if this gripping new trailer is anything to go by, it looks like the follow-up has the potential to be just as good. The trailer has even teased that a mother and son have entered the game together, suggesting there'll be more heartbreaking scenes to come. I can't see it moving from our best Netflix shows round-up any time soon.

None of us have recovered from that traumatic game of marbles, where people were told to choose a partner for a game only to find out that one of them would be killed, and putting together literal family members definitely suggests they won't be getting a happy ending.

Take a look at the trailer below.

What do we know about Squid Game season 2?

Instead of running off with his prize money and living it up, Gi-hun has decided to give up on his trip to the US and get revenge on the game masters instead. As the sole survivor in his group of participants, Gi-hun wants to take down the games from the inside as he heads back into the ominous children's games, where a fresh group of desperate hopefuls are gathered to win the prize of ₩45.6 billion.

We will see some familiar faces returning too, as a previous teaser revealed that fan-favorite Gong Yoo would be back. Lee Byung-hun also returns as the Front Man, where he'll be overseeing a host of new stars. Last time, there were 456 contestants and with Gi-hun back in his old number, we are expecting the number to be the same again.

You might also like

• Netflix is making non-English movies and shows better – and now I'm even more excited for Squid Game season 2
• New Star Wars: Skeleton Crew trailer confirms it'll be the perfect festive Disney Plus palette cleanser to Squid Game season 2 on Netflix
• Squid Game season 2 cast talks fan theories for the returning Netflix show… sort of

• Dell and HP both expect poor revenue growth in next quarters
• Computing giants say consumer market outlook for PCs is weak
• A shift to AI PCs may signal shift in outlook, however

Two of the world's largest PC makers have signalled caution for growth over the next few months as the demand for new devices declines.

Despite seeing its most recent quarterly revenue rise 10% year-over-year to $24.4 billion, Dell is now predicting its next and final fiscal quarter will see revenue stagnate around the $24-25 billion mark, with much of the uncertainty coming from weak consumer demand.

HP also announced its quarterly revenue had fallen 0.3% year-over-year, with CEO Enrique Lores stating the company is preparing to “capitalize on the commercial opportunity” given the same weak consumer demand it faces, too.

HP and Dell struggles

Together, the two companies account for more than a third (35.2%) of the global PC market (via Canalys), putting them in second and third place. In first place is Lenovo, which saw quarterly revenue increase 24% year-over-year earlier this month. It occupies nearly a quarter (24.8%) of the market.

For HP, its revenue decrease was heavily influenced by a drop in Consumer Personal Systems revenue, which was down 4%. To that tune, Commercial Personal Systems revenue was up 5%, highlighting the strong business-to-business market.

Dell’s Consumer Client Solutions Group revenue was down a more worrying 18%, with its Commercial counterpart up just 3%. Its Commercial business is also about five times greater than its Consumer business in terms of monetary value.

COO Jeff Clarke said that artificial intelligence, an emerging technology that shows “no signs of slowing down,” represents an opportunity for the company.

However, while the outlook might not be great for the two companies, research firm Canalys reckons “modest” growth in the consumer market could be seen over the festive period, with companies forced to enact promotions.

Following the disappointing news, shares in HP fell 8% in extended trading, with Dell shares down 10% in a mark of lost investor confidence.

You might also like

• PC sales are stalling as worries over costs and upgrade hassle hit hard
• These are the best business laptops and best mobile workstations
• Check out our roundup of the best workstations

December is a month where we can settle down with friends and family to finally get through those watchlists full of movies and TV shows that are surely piling high by now. Fortunately, Netflix is happy to oblige by dropping a whole load of new content for streamers to enjoy.

It's not as festively fancy as you may imagine for this time of year, especially compared to the titles that joined the platform during the November 2024 schedule. For December, there's a real lack of Christmas additions, but have no fear, there's still a mix of content aside from the usual best Netflix movies to enjoy, with comedy specials, documentaries, live events, and even a music special from Sabrina Carpenter joining Netflix next month.

While we're disappointed by the lack of Christmas classics coming to one of the best streaming services, we are excited for Netflix's new Christmas spy thriller, Black Doves, and one of the best Netflix shows returning for season 9, Queer Eye. Let's take a look at what the streamer has to offer as 2024 draws to a close.

Everything new on Netflix in December 2024

Arriving on December 1

Bunk’d season 7 (TV show)
Burlesque (movie)
Daddy Day Care (movie)
The Happytime Murders (movie)
Little (movie)
Midway (movie)
Project X (movie)
We’re the Millers (movie)
Zero Dark Thirty (movie)

Arriving on December 2

30 for 30: Bad Boys (TV show)
30 for 30: Celtics/Lakers: The Best of Enemies (TV show)
30 for 30: Sole Man (TV show)
30 for 30: This Magic Moment (TV show)
30 for 30: This Was the XFL (TV show)
30 for 30: Winning Time: Reggie Miller vs. The New York (TV show)

Arriving on December 3

Fortune Feimster: Crushing It (comedy special)

Arriving on December 4

The Children’s Train (movie)
Churchill at War (documentary)
The Only Girl in the Orchestra (documentary)
Tomorrow and I (TV show)
That Christmas (movie)
The Ultimatum: Marry or Move On season 3 (TV show)

Arriving on December 5

BEASTARS final season: part 1 (TV show)
Black Doves (TV show)
Compliance (movie)
Jentry Chau vs the Underworld (TV show)
Subservience (movie)
Top Chef: Boston (TV show)
Top Chef: Kentucky (TV show)
Top Chef: Seattle (TV show)

Arriving on December 6

A Nonsense Christmas with Sabrina Carpenter (music special)
Biggest Heist Ever (documentary)
Camp Crasher (movie)
Echoes of the Past (TV show)
Mary (movie)

Arriving on December 9
The Great British Baking Show: Holidays season 7 (TV show)
Rubble and Crew season 1 (TV show)

Arriving on December 10

Jamie Foxx: What Had Happened Was… (comedy special)
Polo (TV show)
Rugged Rugby: Conquer or Die (TV show)

Arriving on December 11

The Kings of Tupelo: A Southern Crime Saga (documentary)
Makayla’s Voice: A Letter to the World (documentary)
Maria (movie)
One Hundred Years of Solitude: Part 1 (TV show)
Queer Eye season 9 (TV show)

Arriving on December 12

La Palma (TV show)
No Good Deed (TV show)

Arriving on December 13

1992 (TV show)
Carry-On (movie)
Disaster Holiday (movie)

Arriving on December 16

The Dead Don’t Die (movie)
The Equalizer seasons 1-3 (TV show)

Arriving on December 17

Aaron Rodgers: Enigma (TV show)
Ronny Chieng: Love To Hate It (comedy special)

Arriving on December 18

Julia's Stepping Stones (documentary)
The Manny season 2 (TV show)

Arriving on December 19

The Dragon Prince season 7 (TV show)
Project Runway seasons 18 & 19 (TV show)
Virgin River season 6 (TV show)

Arriving on December 20

Ferry 2 (movie)
The Six Triple Eight (movie)
Umjolo: Day Ones (movie)
UniverXO Dabiz (documentary)

Arriving on December 21

Flipping Out seasons 6-8 (TV show)

Arriving on December 24

Your Friend Nate Bargatze (comedy special)

Arriving on December 25

NFL on Christmas: Baltimore Ravens vs. Houston Texans (live event)
NFL on Christmas: Kansas City Chiefs vs. Pittsburgh Steelers (live event)

Arriving on December 26

Squid Game season 2 (TV show)

Arriving on December 28

Maestro in Blue season 3 (TV show)

Arriving on December 30

Mad Max: Fury Road (movie)

Arriving on December 31

Avicii - I'm Tim (documentary)
Avicii - My Last Show (movie)
Evil season 3 (TV show)
Michelle Buteau: A Buteau-ful Mind at Radio City Music Hall (comedy special)
The Millionaire Matchmaker seasons 5-7 (TV show)

You might also like

• Virgin River has reportedly been renewed for season 7 and I can't wait to see the next chapter of Netflix's best love story
• Netflix confirms Beef season 2 and gives fans a taste of what to expect from the feuding anthology series
• New Netflix movies: the biggest films to stream right now

• ESET discovers two zero-day vulnerabilities that can lead to remote code execution
• The researchers spot Russian hackers abusing the flaws to deploy backdoors
• Fixes for both flaws are already available to download

A Russian advanced persistent threat (APT) group known as RomCom has been exploiting two zero-day vulnerabilities to hit its victims with potent backdoor malware, security experts have said.

ESET said its researchers first found a use-after-free bug in the animation timeline feature in Firefox. Since the bug forces the browser to use memory that has already been freed, it can lead to all sorts of undefined behavior, including executing code in the restricted context of the browser. This bug was discovered on October 8, and was assigned CVE-2024-9680. It was fixed a day later, on October 9.

Further investigation led to the discovery of a second vulnerability, this time in Windows, tracked as CVE-2024-49039, WHICH allows previously authenticated crooks to run arbitrary code in the system. By chaining the two vulnerabilities together, the attackers were able to deploy backdoors on target devices.

Targeting Europe and North America

In practice, thIS means embedding a website with code that is capable of exploiting the vulnerabilities, redirect the victims to a server where the backdoor is hosted, and have the operating system infected. The worst part is that the attack is “zero-click” - meaning besides visiting the malicious website, the exploit requires no interaction from the victim’s side.

While ESET does not discuss how many people, or entities, fell victim to the attack, they say that the majority of victims tracked between October 10 and November 4 were located in Europe and North America.

It is also worth pointing out that patches for both flaws have been available for more than a month now, and the best way to defend against the attack is to have Firefox, Thunderbird, and the Tor Browser (which were all said to have been vulnerable) all patched, together with Windows.

You might also like

• Russian hackers are attacking innocent companies to get access to their neighbors
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Spotify has released a new teaser for its Wrapped 2024 roundup
• It's "right around the corner" according to the new in-app notice
• Rumors are predicting the release date for the musical recap

Your Spotify Wrapped 2024 musical recap is "right around the corner", according to a new teaser (above) that many users are now seeing in the official app.

Spotify's unsubtle hint, which appeared for us today when reopening the iOS app, says its popular Wrapped roundup is almost here and that "your 2024 Wrapped to-do list" is, strangely, to listen to your top songs from the past two years.

Most Spotify fans are probably more focused on finessing their end-of-year listening so their Wrapped is fit for public consumption. But news that Wrapped 2024 is close is exciting for anyone who likes indulging in its personalized, and sometimes insightful, reflective mirror.

So when exactly can we expect to see Wrapped 2024? Last year, it landed on November 29, which was a Wednesday – that's now the typical weekday for Wrapped to be launched, as shown by the last four years.

But as spotted by Wrapped detectives on Reddit, there's a chance it could land later this year. That's because Spotify Indonesia appears to have announced a Wrapped concert for December 5, prompting speculation that Wrapped 2024 could roll out on December 4.

So when will Wrapped 2024 land?

Spotify Wrapped has become increasingly sophisticated in the past few years, including features like artist messages (above). (Image credit: Spotify)

The combination of this new Spotify teaser and those hints from Spotify Indonesia mean that, if we were betting folk, we'd err towards next Wednesday, December 4 now being the most likely Wrapped 2024 release date.

For the last four years, Wrapped has rolled out on a Wednesday – so unless Spotify is going to quickly follow up its new teaser with a full Wrapped release in the next few hours, we can probably rule out today being the launch date.

Next Wednesday is December 4 and Spotify has previously rolled out its musical recap around that time – Spotify Wrapped 2019 landed on December 5, while Wrapped 2018 was released on December 6.

So unless Spotify breaks its recent Wednesday trend or goes super-late on December 11, it looks like that'll be judgment day for Spotify fans. Spotify has never publicly commented on when the cut-off is for its Wrapped stats, but we'll be fine-tuning our listening over the next week to be safe.

You might also like

• Spotify Wrapped 2024 – our release date predictions plus what to expect
• The YouTube Music 2024 Recap has launched before Spotify Wrapped 2024 – here's how to find it
• What will Spotify Wrapped 2024 look like? Here are my 3 predictions for this year's music roundup

• Apple's next iPad Pro could appear in 2025
• An M5 chipset upgrade is rumored
• The M4 version of the tablet launched this year

Read our 13-inch iPad Pro (2024) review and you'll see that we've been very impressed with the tablet Apple launched back in May – but it seems that something even better is in the pipeline, and it might arrive sometime before the end of 2025.

This information comes from well-known tipster @Jukanlosreve, based on comments made by senior LG Display researcher Park Kyung-woo about an increase in the number of OLED panels being used in iPads next year.

There's another interesting prediction here, which is that these new iPad Pros will come running the as-yet-unannounced M5 chipset that's currently in development. The Apple M4 chip that powers the latest iPad Pros and Macs was also unveiled in May.

If we are getting an M5-powered OLED iPad Pro sometime in 2025, then that's a tight turnaround – so it's probably not going to show up before the second half of the year, and may well appear around October time (ready for the holiday shopping season in the US).

The future of iPads

I believe this is a sign that the M5 OLED iPad Pro will be released next year. Moreover, there are other signs pointing to its release as well. https://t.co/Y1lwsiZeTzNovember 27, 2024

The same tipster says there are "other signs" pointing to the appearance of this slate in 2025 – and indeed, noted Apple reporter Mark Gurman has previously said he expects the next iPad Pro, with an M5 chipset fitted inside, to land in late 2025 or early 2026.

However, it doesn't sound as though major changes are coming, besides that boost in processor speed. Apple gave the iPad Pro some design tweaks with the 2024 model, so it seems likely that the look of the tablet will stay the same for another generation at least.

Apple is certainly making up for lost time considering it didn't launch any new iPads at all during 2023. We've also seen a new iPad Air make an appearance this year, while the entry-level iPad is expected to be refreshed within the next 12 months.

However, don't hold your breath for a foldable iPad – plans for a launch have apparently been pushed back to 2026 at the earliest, and there's a decent chance that we're going to see a foldable iPhone arrive before Apple adapts its tablet line.

You might also like

• New affordable iPad also tipped for 2025 launch
• The iPad Pro continues to thrash the iPad Air in sales
• There's no way Apple is shelving the foldable iPhone