Meta has received yet another GDPR fine, with the parent company of Facebook, Instagram and WhatsApp facing a €251 million (around $263 million) hit following a 2018 data breach which exposed around 29 million Facebook accounts globally, 3 million of which were EU-based users.
Ireland’s Data Protection Commission (DPC) has been one of Europe’s leading regulatory bodies when it comes to holding tech firms to account, handing out huge penalties for GDPR violations, including the largest ever GDPR fine, a $1.3 billion charge, also against Meta, for data handling.
The most recent violations refer to the attack in which malicious actors used the ‘view as’ feature, which ordinarily allows users to see what their account looks like to their friends and family, to steal access tokens in order to take over the users account.
Millions of users affectedOf the users whose tokens were stolen, 15 million had their phone numbers and email addresses exposed, and a further 14 million also had their usernames, gender, relationship status, and location check-ins accessed. One million lucky users targeted had no data stolen.
Following the breach, the DPC found Facebook infringed GDPR by not including enough information in its breach notification, failing to properly document the facts of the incident. The DPC also found the company failed to ensure the data protection principles were protected, and that Facebook had failed in its ‘obligation as controllers’ to ensure that only necessary personal data is processed.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” said DPC Commissioner Graham Doyle.
This may seem like a hefty fine, and it is, but the reality of these GDPR fines is not quite what it seems. So far, only 1% of these DPC fines have been collected, so there's a chance this fine could also get tied up in the appeals process indefinitely.
You might also likeIs it a bird? Is it a plane? No, it's the first official footage from James Gunn's Superman movie!
Well, sort of. The DC Cinematic Universe (DCU) film's inaugural trailer isn't here yet – indeed, the first Superman movie trailer won't actually be released publicly until tomorrow (December 19). But, to whet our appetite ahead of its arrival, DC Studios co-chief James Gunn has given us a taste of what's to come by way of a 30-second teaser.
There's not a lot we can glean from the DCU Chapter One movie's first round of footage. The teaser is filled with sweeping shots, such as an overhead view of a 3D version of The Daily Planet's iconic logo that sits atop its Metropolis-based building, and crowds of people staring up at an unknown object. Among those present in one group is Rachel Brosnahan's Daily Planet reporter Lois Lane, aka Clark Kent/Superman's perennial love interest.
It's not until the 0:10 mark that we actually catch the briefest of glimpses at Corenswet's Man of Steel. It's a blink and you'll miss it moment, which shows the camera closely following Superman as he flies over an icy location. The legendary DC hero's Fortress of Solitude base is often found in remote areas of the world, such as the Arctic, so this shot is likely taken from a part of the film that shows Kent in his home away from home.
Gunn's Superman film takes flight in cinemas worldwide in July 2025 (Image credit: DC Studios/Warner Bros. Pictures)The rest of the teaser comprises similar shots to those mentioned above. Indeed, there are a couple more crowd shots, one of which shows people running away from... something. I'm willing to bet they're not fleeing from the Kryptonian metahuman, but rather the main villain who was seemingly teased in Superman's first image and who'll appear in one of 2025's most anticipated new movies.
Anyway, the final clip shows Superman launching himself into the sky to hide among the clouds. My best guess is this is part of a montage depicting his first flight in his iconic blue and red supersuit, or in a bit to hide from prying eyes. Either way, you'll believe a man can fly once Superman takes flight in theaters on July 11, 2025.
For more Superman movie coverage, read my articles on the film's various on-set leaks, which gave us our first looks at Kent's fellow superheroes. Alternatively, see which Superman movies, all of whom are available on Max (US), Sky/Now TV (UK), and Binge, Foxtel, and iView (Australia), made it onto my best superhero movies list.
You might also likeGoogle has announced a handy update to its Gemini Code Assist platform, expanding the AI-powered coding assistant’s capabilities even further by including support for third-party data sources.
“[Gemini Code Assist tools] enable developers to retrieve information from, or act on any part of their engineering system, which is especially helpful for services outside the IDE," noted a blog post update by Senior Director for Product Management Ryan J Salva and Group Product Manager Prithpal Bhogill.
The news comes shortly after the tech giant announced its latest Gemini Flash 2.0 model, which the company hopes will produce higher-quality responses with lower latency.
Gemini Code Assist is even more powerfulSalva and Bhogill highlighted how the update will enable developers to work more seamlessly with uninterrupted flows; third-party integrations will surface information and tools from other applications without having to leave the IDE.
Google also says that by having access to more data and insights, more efficient development cycles, reduced errors and better software are all possible.
Already, Atlassian (Rovo), GitHub, GitLab, Google Docs, Sentry and Snyk have all been announced as launch partners, offering full support for Gemini Code Assist tools.
Atlassian Head of Product for Agile and DevOps AI, Josh Devenny, commented: “This integration ensures every developer can instantly access technical specifications, tasks in progress, blockers, or even identify the right person to ask for help, all without leaving their coding environment.”
Google also boasted about how it can support other businesses, saying the launch of its new tools will enhance developers’ productivity and “[provide] immense value to [its] partners, offering exciting new opportunities for growth and engagement.”
Developers can express their interest in joining the Gemini Code Assist tools private preview, and signups are also open to use Gemini 2.0 Flash in Gemini Code Assist.
You might also likeOne of my absolute favorite shows on any of the best streaming services this year was Bad Monkey on Apple TV Plus. It's one of the reasons Apple's streaming service was one of our Techradar award winners this year, and my determination to talk endlessly about it at every opportunity may explain why I haven't been invited to any Christmas parties this year.
One of the problems with falling in love with a streaming show is the Netflix curse, which sadly applies to all streamers: it's a business as cut-throat as any of the baddies you'll find in Bad Monkey and many favorite shows end up sleeping with the fishes.
But it looks like Apple is the good guy this time around, because Bad Monkey, one of the best Apple TV Plus shows, is coming back. Back! BACK!
Bad Monkey. Good news. pic.twitter.com/GEzPMd4xiHDecember 17, 2024
More monkey businessThe news was posted on the official Apple TV account on X with just four words: "Bad Monkey. Good news." The post included a short clip of Vince Vaughn and John Ortiz on their familiar beachside chairs before cutting to black and the words: "renewed for season 2".
If you haven't already seen Apple TV Plus' next big comedy from Ted Lasso's co-creator, stop what you're doing and binge it right now. You can thank me later. Based on the book by Carl Hiaasen it's an absolute blast of a Floridian crime caper that's often very funny, occasionally heartbreaking and never less than gripping.
Part of the reason it's such a good show is that every single member of the cast is exceptional. Vaughn as kinda-cop Andrew Yancy is funny and just the right side of annoying to remain likeable rather than insufferable; Jodie Turner-Smith is astonishing as the fierce and frightening Dragon Queen; Rob Delaney and Ronald Peet were spectacular as two very different people whose lives end up in collision; and Crystal the Monkey, who plays Driggs (a monkey), is very good at being a monkey.
I could go on, and often do.
And if news of a second season wasn't enough, it looks like there could be a third. According to writer Bill Lawrence, the show was pitched with a three-season arc in mind. "They were really receptive to it," he says.
As for plot details, they're currently under wraps. But given that Carl Hiaasen's Bad Monkey has a sequel, Razor Girl, that also features Andrew Yancy – and given that Lawrence has previously said he intends to use that book to inspire the second season, you know where to go if you want some spoilers.
Season 1 of Bad Monkey is streaming now on Apple TV Plus.
You might also likeRegulators from the European Union have revealed that they are investigating whether TikTok breached the Digital Services Act in regards to its ‘obligation to properly assess and mitigate systemic risks linked to election integrity’, particularly in regards to the Romanian election.
The investigation will focus on TikTok’s ‘recommender systems’, and the risks associated with ‘coordinated inauthentic manipulation or automated exploitation of the service’. Also being investigated, are TikTok’s policies surrounding paid for political content and advertising.
The Romanian election was recentl annulled following a series of cyberattacks which targeted electoral systems. In the run up to the first round of the contest, the electoral systems suffered over 85,000 attacks, in which access credentials for electoral sites were stolen by threat actors.
Freedom of speech or election interference?The probe has already sparked outrage from members of far-right groups in the European Parliament, with Poland’s Patryk Jaki calling the investigation ‘censorship’ and France's Catherine Griset accusing the EU of looking like a ‘totalitarian regime’ in its fight against misinformation.
Foreign interference into elections has been seen across the world this year, and social media has been a catalyst for the spread of propaganda and misinformation. This EU investigation could potentially lead to action against the platform and set a precedent for other tech organizations.
“We must protect our democracies from any kind of foreign interference. Whenever we suspect such interference, especially during elections, we have to act swiftly and firmly," said Ursula von der Leyen, President of the EU Commission.
“Following serious indications that foreign actors interfered in the Romanian presidential elections by using TikTok, we are now thoroughly investigating whether TikTok has violated the Digital Services Act by failing to tackle such risks. It should be crystal clear that in the EU, all online platforms, including TikTok, must be held accountable.”
Via Politico
More from TechRadar ProPakistan won't block VPNs, despite having the ability to do so.
This was the main takeaway from the country's telecom watchdog, Pakistan Telecommunication Authority (PTA), during its annual end-of-the-year ceremony on Monday, December 16, 2024.
"We had said earlier that we can block VPNs but we won’t do it," said PTA Chairman Maj Gen (retd) Hafeez Ur Rehman, adding that they didn't block any services until today – Pakistani news channel Geo News reported.
The PTA originally set the deadline for November 30 to begin implementing a new policy regulating VPN usage, calling businesses and freelancers to register their service to evade blocks. The Pakistan VPN ban was then withdrawn due to a lack of legal grounds.
Pakistan VPN: a crucial resourceSince the beginning of 2024, Pakistanis have turned en masse to the best VPN apps to navigate an increased censored internet.
Social media access has been the main target for authorities. Residents couldn't use X ( formerly Twitter) without a VPN since February, in fact. Facebook and Instagram were also restricted in July 2024 and May 2023, respectively, according to Surfshark's Internet Tracker. WhatsApp and Bluesky were also blocked in November.
In this context – where circumventing services like VPNs are a crucial resource for residents and visitors – authorities began to crack down on their usage.
For starters, VPNs were reportedly targeted during the year as users faced temporary connectivity issues since February (exactly when X was first restricted). Plans to regulate the use of VPNs to curb their misuse were first shared in August.
Do you know?(Image credit: Shutterstock)A virtual private network (VPN) is security software that encrypts your internet connections to prevent snooping. It also spoofs your real IP address location to boost anonymity and grant access to otherwise geo-restricted content.
Authorities would later deem unregistered VPNs a "security risk" for Pakistan as they can be used to access "sensitive data," with Pakistan's top religious body even saying that using a VPN is "against the Islamic law."
Despite these strong stances, authorities have always stressed that VPN usage is permitted for legitimate purposes such as banking, foreign missions, corporate enterprises, universities, IT companies, call centers, and freelance professionals. Not many guidelines were shared, however, about their non-commercial use.
This is probably why the PTA decided to extend the registration deadline the day it was set to expire. Then, the final verdict – a Pakistan VPN ban goes against the law, according to the country's Law Ministry.
As per sources close to the Interior Ministry, under the Prevention of Electronic Crimes Act (PECA) 2016, the government can block content but not tools (like VPNs, in this instance).
"Eventually, it has been noted that the reading of the Interior Ministry in this regard was weak, and the courts would allow the functioning of the VPNs," the source told the Pakistani English-language newspaper Dawn.
In the meantime, Pakistan has also reportedly implemented a China-like internet firewall that "has the ability to block VPNs" – a Ministry of Defence official, familiar with the new deployments, told Al Jazeera.
The PTA chairman, however, refused to comment on potential shutdowns. "We don’t have answers when we are asked about internet shutdown owing to national security," he said, as per Geo News. "Questions related to national security should be asked from policymakers."
GenAI is being hailed as a revolutionary coding tool. Yes, it creates enormous opportunities for development teams, but we must remember that AI is a junior developer, not an engineer.
The idea that AI will take over app development overlooks a core aspect of a developer’s job. There’s a reason we call them developers or engineers and not code typists. Writing commands has never been the hard part. The challenge lies in ensuring the code solves the problem at hand within the product’s constraints and domain. The current generation of GenAI doesn’t accomplish this.
The developer role is not dead — it’s evolving. With AI assisting with code generation, human developers’ creativity, strategic thinking and contextual understanding will be even more crucial in shaping successful software solutions.
GenAI’s limitations in software developmentDevelopers have long used code templates, generators and auto-complete to expedite programming. GenAI can take these tools one step further by writing entire functions or blocks of code from natural language prompts. However, AI does not fully understand logic and lacks context on business problems and the software’s purpose, resulting in mediocre code.
For example, GenAI can create a code that calculates total sales revenue. However, the output may fail to account for organization-specific variables, such as including returns and rebates in the equation and formatting results to meet reporting requirements. The code technically works, but it does not actually solve the problem.
Additionally, GenAI tools often generate bad code. The training data for the large language models (LLMs) contains both high and low quality data, and the algorithm cannot decipher the difference. Research from Bilkent University measured performance in terms of code quality metrics and found that ChatGPT only wrote correct code 65% of the time, with GitHub Copilot and Amazon CodeWhisperer performing even worse.
AI-generated code can also introduce vulnerabilities and compromise data security by neglecting to follow security protocols. This risk is made more dangerous by many developers' misplaced confidence in the algorithms.
A Stanford University study found that developers who used AI to write code were more likely to believe it was secure when, in fact, it was less so than teams that were not using an AI tool. These results suggest that programmers may become less vigilant in reviewing their work as a result of relying on AI. More than 90% of security leaders have concerns about using AI in coding, but less than half have policies in place to ensure its safe use.
In light of these challenges, experienced human developers will always be necessary in application development.
What does the developer of the future look like?Gartner projects that 90% of enterprise software engineers will use AI code assistants by 2028, shifting developers into strategic advisory roles. However, developers’ core responsibilities — maintaining code quality, strategically adapting systems to changing environments and meeting specific project demands — will remain essential.
Developers and engineers will increasingly act as architects who specify high-level requirements and constraints while AI fills in the detailed coding. This means developers must focus less on writing low-context, low-value code and more on understanding business requirements, system architecture, edge cases and performance testing.
The cooperative relationship between AI and humans could resemble pair programming. AI will play the role of a less-experienced partner performing basic tasks, leaving developers to spend more time guiding and suggesting code improvements.
AI integration might push dev teams to shift further left on traditional code review practices like linting, testing and compliance checks. Since GenAI can produce functional but contextually inaccurate or insecure code, incorporating checks earlier in development allows teams to catch issues proactively. This approach enhances code quality, reduces the risk of errors and maintains consistency.
While GenAI can deliver many benefits, it presents a conundrum for the professional pipeline. With AI functioning as a junior developer, companies may need to hire fewer entry-level developers. This situation limits opportunities for human employees to advance their skills, which results in fewer people equipped to oversee code quality. This scenario remains a problem without a solution — one that needs to be answered soon.
Developer fundamentals will endureA developer’s value lies in understanding the broader purpose and structure of code, not just in the act of writing it. Fundamentally, GenAI will not alter the skills required for this job, though developers may spend less time with their hands on the keyboard. Critical thinking and adaptability will become even more essential for success. With AI managing the bulk of the tedious tasks, developers must master the skills to instruct and correct AI to achieve the desired outcome.
We've featured the best web development tool.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
With AI capabilities compounding cyber attack sophistication, any organization not making it a priority to effectively prepare for potential data breaches could be placing their business at considerable risk.
Incident response refers to the scope of actions and procedures to be taken during an incident. Essentially this is a set of measures taken to deal with security breaches of various types. A robust incident response strategy can not only make a significant difference in preventing data loss, it can also enable firms to respond rapidly in the event of an incident; communicate to the relevant stakeholders; minimize damage to the company reputation; ensure regulations are met, and reduce the costs of a data breach. Sadly, many organizations (tending to be SMEs rather than larger corporations), do not have a well-prepared, up-to-date incident response strategy in place.
Also referred to as IT incidents and security incidents, such events are to be handled in a way to reduce recovery time and costs. To mitigate risks and be prepared for as wide a range of events as possible, it is therefore vital that organizations create a detailed and comprehensive incident response plan.
Incident response vs disaster recoveryAn incident response plan should be incorporated into a disaster recovery plan. These are two components of a comprehensively developed data protection strategy. A common mistake organizations typically make is to create these two plans independently. The right practice is to develop, deploy, and test them as a complex set of measures to protect data security and integrity.
At the same time, even though the objectives of incident response and disaster recovery plans are related, they are not the same. The key difference between incident response and disaster recovery plans lies in the type of events they address. The former defines an incident response team’s roles and responsibilities to ensure smooth running of incident response processes. In turn, a disaster recovery plan focuses on bringing your production environment back to an operational state after an incident occurs and successfully recovering from any caused damage.
An incident response specialist should ensure a uniform approach and make certain that none of the outlined steps are skipped. Another important task is to determine where the problem comes from in order to prevent similar incidents in the future. Finally, it is important to regularly update the incident response plan to make sure it addresses both the ever-evolving cyber threats and current needs of your infrastructure.
If an incident response plan is successfully integrated within the disaster recovery plan, organizations will be able to respond to any disaster in a much faster and more efficient manner.
Building an incident response strategySecurity vulnerabilities, human errors, and technological malfunctions are all possible to avoid, which is why employee training should be a key part of the strategy. In addition, the needs of the environment should be analyzed and it should be ensured that your plans meet them.
Organizations should consider preparing a plan tailored for the possible failure of a VM, network, cloud, data center, and so on. As an example, an effective data protection solution could save quite a lot of time and costs. It should also be considered that there is a risk of a disaster affecting the organization's physical server, office, the entire building, or even a region. Even though some of these scenarios may seem unlikely, it is better to be prepared for as wide a range of unexpected events as possible.
In this way, the purpose of both incident response and disaster recovery plans is to minimize the impact of an unexpected event, recover from it, and return to the normal production level as fast as possible. Also, both of them contain an element of learning: it is important to identify the roots of a problem and, in such a way, decide how to prevent similar incidents in future. The principal difference is their primary objectives. The purpose of an incident response plan is to protect sensitive data during a security breach, while a disaster recovery plan serves to ensure continuity of business processes after a service disruption. While it is key to remember that incident response and disaster recovery are not two separate disciplines, a good practice is to document two plans separately. Even though it may seem that having one document that covers all possible scenarios is a better idea, consolidated plans might lack depth and contain contradictions. This will simplify the process of document creation, as well as enable IT teams to find an appropriate action scope faster, both during testing and in a real-life situation.
Types of security threatsOne of the key principles of incident response and disaster recovery is to carefully develop plans to cover as many recovery scenarios as possible. Naturally, the key point is to do this before a disaster strikes and such a plan is urgently required. To begin with, an attentive look at the types of security incidents is needed. Some of the most common threats are:
DDoS attack
The aim of a distributed denial-of-service (DDoS) attack is to disrupt services and traffic of a target server, network, or website. To carry out an attack, one needs a network of computers infected with malware, or a botnet. The attacker controls bots remotely and sends them the necessary instructions. During a DDoS attack, machines in a botnet start sending simultaneous requests to the target. The flood of malicious traffic can potentially slow down or completely crash the target system. If successful, a DDoS attack renders the service unavailable to users and often results in significant financial damage, as well as the loss or theft of sensitive data.
Malware and ransomware
Malware is a broad term that refers to viruses, worms, spyware, and other types of malicious programs. In some cases, it can act in a relatively inoffensive way (change screen background or delete files), but sometimes it remains hidden and steals sensitive information. Ransomware is a subset of malware, and the key difference is that the system’s user receives a notification with a demand to pay a ransom. As an example, the victim may find their disks or files encrypted, while the attacker normally promises to restore the machine to its previous state after they receive the payment.
Cybersecurity professionals insist that companies should never pay in such cases. On our part, we emphasize that an adequate backup solution is an effective weapon against ransomware. After all, the main reason why a victim might pay a ransom is because they don’t have an alternative.
Phishing
This is a form of cyber fraud with its purpose being to access personally identifiable information (PII). As a rule, attackers use social engineering techniques. The victim might receive an email or text, or come across a social media post containing a link to a page where the visitors are asked to submit their personal details. The key idea is to make the victim believe that they are dealing with a reputable entity like a bank, government agency, or legitimate organization. Incident response in the event of a phishing attack should include both preparation and post-incident phases. It is also important to educate your colleagues so that they can recognize the signs of a phishing attempt and avoid putting the network at risk.
Insider threat
Security threats of this type come from people related to the workflow of an organization, such as its employees, former employees, third parties, contractors, business associates, and so on. In most cases, their main motivation factor is personal gain. However, sometimes malicious insiders want to harm an organization and disrupt its services out of revenge.
A common scenario is when data is stolen on behalf of external parties, such as competitors or business partners. Careless workers who mishandle data or install unauthorized apps pose a threat as well. In other words, all the possible attack vectors must be carefully analyzed to design comprehensive incident response and disaster recovery plans. Once again, training employees and implementing a set of security procedures are two important steps which can help protect the corporate network.
Incident response key takeawaysWhen it comes to building an incident response strategy, the key thing to remember is that the approach is definitely not one size fits all. Incident response development can be a phased and measured, continuous process. And even for smaller organizations on a tight budget, creating an effective plan is achievable, as long as priority is given to protecting the data that is critical to the business. A firm understanding of regulatory liabilities, escalation processes, and adherence to the reporting requirements, is of course vital. The strategy should ensure the inclusion of rules covering the specific incident scenarios detailed above. The incident scenarios and their applicable responses should be practiced regularly to ensure the IT team is up-to-speed and fully prepared to take the necessary action, and that the procedure will be effective in tackling existing threats.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
A critical vulnerability in the Apache Struts 2 application framework is now under active exploitation, security researchers have warned, urging users to apply the patch or run the latest version as soon as possible.
Apache Struts 2 is an open source web application framework for developing Java-based web applications. It aims to simplify the creation of interactive web applications and is often used by large enterprises and government agencies.
Apache recently reported finding a “file upload logic” flaw in versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2. Versions 6.4.0 and 7.0.0 were deemed safe. The bug is tracked as CVE-2024-53677, and has a severity score of 9.5/10 (critical), since it can be used to manipulate upload parameters, and thus enable path traversal. As a result, malicious actors can upload arbitrary files into restricted directories, enabling remote code execution (RCE), and thus data theft and system takeover.
Patching the flawApache has released a patch for the flaw, but at the same time, a proof-of-concept (PoC) exploit was made publicly available.
The bare minimum users should do is upgrade to version 6.4.0, since this one does not use the flawed Struts' File Upload Interceptor component.
In their writeup, cybersecurity researchers from Vulcan stressed Apache Struts flaws were “prime targets for attackers”, reminding their readers about the Equifax breach from 2017, which was attributed to a similar flaw. They also said that Struts 2 has significant download volume - roughly 300,000 monthly requests - meaning the attack surface is quite large.
Finally, they said CISA already added multiple Struts RCE flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Via The Register
You might also likeA Thousand Blows is looking like it'll be even more of a knockout new show when it arrives on Hulu in the US and Disney Plus internationally next year, following the release of new artwork.
Alongside the reveal of the new images (see above and below), which show BAFTA award-wining actor Malachi Kirby playing the boxer Hezekiah Moscow aka 'Ching Hook', Disney also confirmed that the show will premiere on February 21, 2025, which means it'll arrive two days after the new Pixar series Win or Lose debuts.
With such a stacked February lineup, it's probably safe to assume that our best Disney Plus shows and best Hulu shows guides will be in need of an overhaul.
(Image credit: Disney; Robert Viglasky)A Thousand Blows is made by Peaky Blinders creator Steven Knight, so you can count on it to fill that British period drama-shaped hole in your life when it arrives, because (yes, you guessed it) it's another period piece, centered around the world of boxing in Victorian London this time.
While the show is fictionalized, it's loosely based on the real lives of a group of East Londoners in the 1880s, who find themselves in the criminal underbelly of a bare-knuckle boxing scene. Such a setting requires a gritty cast that can pull it off and Kirby looks fighting ready in the new images.
According to Disney's plotline for the show, Hezekiah Moscow will find fortune and fame in the boxing ring but his new-found attention also attracts an infamous crime leader Mary Carr (Erin Doherty) and self-declared leader of East London boxing Sugar Goodson (Stephen Graham), who sets out to exploit him.
With such a talented cast onboard, I can't wait to stream A Thousand Blows when it arrives on Disney Plus in the UK on February 16, 2025.
You might also likeWhen Franklin Leonard posted about his experience of AirPods Pro 2's hearing aid mode, he wasn't trying to go viral. But 250,000 views and over 3,000 likes later, that's exactly what happened. And his post, which we've embedded below, is well worth reading if you're interested in Apple's hearing aid mode.
Leonard is a well-known figure in the entertainment industry and founded The Black List, the famous list of unproduced screenplays that could well include the next big blockbuster. Watching movies – lots of movies – is what Leonard does, but when an illness damaged his hearing two years ago he started struggling to hear the dialog in the movies he loves so much.
As he wrote in his post, "I considered getting hearing aids, but even the cheapest good ones cost thousands of dollars, and health insurance does not cover their cost, even when you have a documented need."
Enter AirPods Pro 2 and their hearing aid feature.
I never post anything this long on Twitter, and I don’t foresee myself doing it again any time soon, but yeah it’s happening. Also, this is not an ad. It's an explanation: For the foreseeable future, it's very likely that you're going to be seeing me wearing Airpods in social… pic.twitter.com/pCNBcUXLggDecember 9, 2024
AirPods Pro 2 hearing aid mode: the good and the not so goodLeonard's folks saw the Apple AirPods Pro 2 ad and bought him a pair for Christmas. "They're already a game changer for me," he wrote. While they're not cheap, they're a fraction of the cost of hearing aids – "and that alone is a potential game changer". Leonard is "overjoyed" by the benefits of hearing aid mode.
That said, he's also identified something that Beats already does but Apple doesn't. Copying in Apple's account, he said "let's talk about skin toned color product" and showed a picture of the AirPods Pro in his ears, where they couldn't look more distractingly white if they were a Hollywood star's teeth.
I know that the pearly whiteness of AirPods is part of the branding, a marketing thing that goes back to the very first iPod and its associated ads. But for people buying AirPods for their hearing aids feature, that visibility may be a downside because it draws attention to them.
It'd be really nice if Apple could take a leaf out of its Beats division's book and offer some colors that are less "look at my AirPods" against olive, brown and black skin. The reaction to the skin toned Beats Fit Pro was very positive, and I'm sure there are lots of people who'd buy skin-toned AirPods in a snap.
You might also likeCybercriminals have been spotted impersonating Google Calendar, sending emails which look to steal victim's private, and business, information.
A report from Check Point Security notes how the criminals would tweak the sender email header to make the message look as if it’s a Google Calendar invite coming from a known contact. In the body itself, they would add a .ics attachment, a calendar app file, together with a link to either Google Forms, or Google Drawings. On these links, the victims would then be asked to click on another link, which usually looks like a reCAPTCHA, or support, button.
This link would lead the victim to a website that looks like a cryptocurrency mining, or Bitcoin support site.
Successful attack"These pages are actually intended to perpetrate financial scams," Check Point Research said in its report. "Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details."
The campaign seems to have been a success, with Check Point claiming roughly 300 brands have been infected so far, and more than 4,000 phishing emails sent over the course of four weeks.
Commenting on the findings, Google said the best way to defend is to enable “known senders” in the Calendar. This feature helps, since it will alert the user when they get an invitation from someone who is not in their contacts list, or from someone with whom they’ve not interacted before.
“Known senders” aside, users should also use common sense, and just be careful when receiving any unsolicited message, particularly around those that come with attachments or links. If they are unsure if the message is legitimate or not, they should reach out to the alleged sender via other means, and confirm the authenticity of the received message.
You might also likeThe long-awaited OnePlus 13 is officially launching worldwide on January 7, alongside its newly-announced midrange sibling, the OnePlus 13R.
OnePlus confirmed the phone's release date for the US and the rest of the world in a press release following the launch of the OnePlus 13 in China on December 4.
A January launch date positions the OnePlus 13 and 13R as direct competitors to the Samsung Galaxy S25 lineup, which we expect to launch in the same month next year.
With this announcement, we also have some newly confirmed official specs for the global versions of the OnePlus 13 and 13R.
The OnePlus 13 in Arctic Dawn (Image credit: OnePlus)The OnePlus 13 will come equipped with the class-leading Snapdragon 8 Elite chipset, and a display with a 2k resolution, a 1-120Hz variable refresh rate, and 4500nits of maximum brightness. It is the first OnePlus phone to have both an IP68 and IP69 water and dust resistance rating.
OnePlus says the display used for the OnePlus 13 is the first to be rated A++ by DisplayMate, an independent display rating organization.
The OnePlus 13 will be available in three color options at launch: Black Eclipse, Arctic Dawn (white) and Midnight Ocean (blue). The Midnight Blue option is apparently the first phone to feature micro-fiber vegan leather, which improves scratch resistance.
The OnePlus 13R features a triple-camera system, a 6,000mAh battery, and Gorilla Glass 7i on the front and rear panels. It features a flat display – unusual for OnePlus – and measures in at 8mm thick.
The OnePlus 13R will launch in two colorways: Nebula Noir and Astral Trail – though we don’t have any confirmation of what these titles exactly describe.
We expect OnePlus to announce the price of both phones at the OnePlus 13 launch event on January 7, but the latest rumors suggest the 13 will cost as much or a little more than its predecessor, the OnePlus 12, which still starts at $899 / £849 (it’s not available in Australia).
The announcement also marks the first time OnePlus has confirmed the existence of the OnePlus 13R, the latest addition to the company’s lower-end flagship phone series a la the Samsung Galaxy S24 FE.
In our OnePlus 12 review, we found the most globally available Chinese phone to be a stylish, speedy, and altogether superb handset, and hype for its follow-up has been building over the last few months (as our OnePlus coverage can attest).
If you find yourself intrigued by this one-of-a-kind brand, feel free to check out our guide to the best OnePlus phones.
You might also likeIf you're looking for a Christmas present for the LGBTQIA+ folks in your life, Disney would very much like to sell you items from its Pride collection: there's a Pride version of Mickey Mouse, a Disney Pride pin, a Disney Stitch... you get the idea. As the page says: "The Walt Disney Company proudly works with nonprofits throughout the year to support the LGBTQIA+ community globally."
So, it's a shame that that pride doesn't seem to extend to including LGBTQIA+ characters in the best Disney Plus shows or best Disney Plus movies any more. The Hollywood Reporter has learnt that Disney has excised a trans storyline from the upcoming Pixar series Win or Lose, which follows a softball team and focuses on a different character each episode.
All the lines referring to the trans character's gender identity have been excised, and the decision was made months ago – possibly while LGBTQIA+ people were spending their pink pounds at the Disneyland After Dark Pride Nite in California.
Why has Disney removed trans representation from its Pixar show?If you ask the people on my socials, many of whom are working in the entertainment industry and many of whom are LGBTQIA+, the answer is simple: they think it's cowardice. LGBTQIA+ inclusion in TV shows, media and pretty much anything else has been the subject of orchestrated pile-ons by right-wing "anti-woke" activists, and all kinds of firms from Budweiser to Target have rolled back or abandoned inclusion altogether. With the incoming administration determined to wage a "war on woke" and diversity under attack, you'd need to be as brave as a Disney princess to stand up for the LGBTQIA+ community.
Disney's management, it seems, are not as brave as their princesses.
Speaking to The Hollywood Reporter, Disney said: “When it comes to animated content for a younger audience we recognize that many parents would prefer to discuss certain subjects with their children on their own terms and timeline.”
This isn't the first time Disney has self-censored, although it denies that that's what it's doing: earlier this year, the Disney Channel series Moon Girl and Devil Dinosaur cancelled an episode centered on a recurring trans character. Disney says it hasn't banned it; it's just decided not to show this particular episode because reasons.
This isn't just bad news for LGBTQIA+ viewers. It's bad news for LGBTQIA+ talent: the character whose storyline Disney cut from Win or Lose is played by Chanel Stewart, who is trans – the casting call was specifically for a trans actress – and is now "very disheartened". If Disney is scared of simply featuring trans characters for fear of backlash it doesn't bode well for the actors, animators and other employees currently working for the company – or for the LGBTQIA+ folks hoping to see even a sliver of representation in Disney's shows and movies.
You might also likeApple Maps and Google Maps have been rivals for years, and each one can lay claim to doing certain things better than the other. Both services let you view maps from a pedestrian’s perspective, but until now Apple’s version has been limited to the Apple Maps app, not its web view (which launched in July 2024). With the latest update, though, that’s all changing.
As noted by Chris Carley on Threads (via 9to5Mac), you can now get Apple’s Street View rival (called Look Around) when using Apple Maps in any of the best web browsers, including Safari, Chrome, Edge, and Firefox. According to 9to5Mac, this feature was likely added around December 11.
Look Around lets you take a street-level look at any area that’s covered, moving the view around 360 degrees and moving up and down along streets and paths. It’s currently available in the US, Canada, UK, the European Union, Australia, Japan, and a handful of other locations. Apple has a full list of its available locations on its website.
Breaking free of Apple’s apps (Image credit: Apple)With Look Around now supported in browsers, you’re no longer limited to using the feature on Apple devices. Previously, you needed to have the Apple Maps app on your iPhone, iPad or Mac, but now that you can access it from a browser you can use Look Around from a Windows PC if you want to (although it still doesn’t work on any of the best Android phones).
That could help make Look Around a much more popular feature, as it won’t be dependent on the user having an Apple device. Instead, anyone can now use it, provided they have a compatible web browser.
Carley added that the web version of Look Around doesn’t appear to have the parallax effect (whereby background objects appear to move more slowly relative to your viewpoint than foreground ones) that can be seen when moving the view around in the iOS and macOS versions. This effect does seem to work when you move forward or backwards in Look Around, however, and it seems probable that Apple will update the web view to bring this in line with its app versions of Apple Maps.
Apple Maps’ web view is currently in beta, and many features – like transit maps, viewing 3D buildings, and signing in and saving locations, are unavailable. But with addition of Look Around, you’ve just got another reason to switch over from Google Maps.
You might also likeBrace yourself for price rises if you're signed up to one of the Adobe Photoshop or Lightroom photography plans – these are the subscription options that just give you access to the photo applications, rather than the whole of Creative Cloud.
As per the Adobe blog (via PetaPixel), these new prices come into effect from January 15, 2025. At the moment we just have US pricing, but you can calculate the equivalent price rise for your region. Long story cut short: the users currently paying Adobe the least money will have to cough up more cash, or start paying annually.
The new pricing structure – the plan on the left is going away for new subscribers (Image credit: Adobe)The Photography plan with 20GB of storage (including Photoshop, Lightroom, and Lightroom Classic) will be $14.99 a month rather than $9.99 – a bump of over 50%. You'll need to commit for a year ($179.88) or pay an unspecified termination fee, or switch to the $119.88-per-year plan, which remains unchanged (and locks you in for longer).
On top of all that, this cheapest plan is going away, and won't be available to new subscribers next year, so these changes are only for existing subscribers. If you're signing up for Photoshop after January 15, the cheapest option will be twice as much as it currently is (though you do get 50 times as much cloud storage).
Going up Photoshop recently added a reflection removal tool (Image credit: Adobe)There's no change to the more expensive monthly ($19.99) or yearly ($239.88) Photography plans with 1TB of storage, which of course send more revenue Adobe's way. As mentioned above, from January 15, these plans will be the only way to just get Photoshop without the rest of Creative Cloud.
Prices for the Lightroom-only plan with 1TB of storage are going up too, though you will now get Lightroom Classic as well as Lightroom. Going forward you need to pay $11.99 per month rather than $9.99 a month – so it's 20% more expensive. Again, you need to commit for a year ($143.88) or pay a penalty.
Adobe would prefer you to lock yourself in to the $119.88-per-year plan, the cost of which remains unchanged. If these prices are now a little too rich for your blood, then you might want to check out our guides to the best Adobe Lightroom alternatives and the best Adobe Photoshop alternatives.
These new prices "better reflect the value that the apps deliver" Adobe says, noting it hasn't raised subscription prices since it started demanding continuous monthly or yearly payments for Photoshop rather than one-off fees for each version. If you're an existing subscriber, look out for an email from Adobe close to renewal time.
You might also likeThe biggest fight of the year, Fury vs Usyk 2, is just a few days away and the heavyweight title fight will go down in history as the first boxing bout to feature an AI judge.
The AI experiment will be "free from bias and human error" according to Turki Alalshikh the man behind the tool branded by Ring Magazine, which he purchased in November.
Alalshikh has yet to reveal the technology behind the AI-powered judging, although according to Forbes it could be Jabbr, a company that has provided AI-powered stats for combat sports for a while now.
This is an interesting move for the world of boxing, considering the human-error that is often criticized when it comes to scoring fights. While the AI judge will not be used for the official scorecards in Fury vs Usyk 2, it could ultimately be incorporated into future title fights down the line.
This opens up a lot of discussion about using AI in sports, especially without human input. In Premier League Soccer, VAR (Video Assistant Referee), while controversial due to human error, is still overseen by a qualified team of officials who use the technology to come to a decision. Automated offside decisions are used across European soccer leagues, however, there's no room for interpretation with the offside rule: it's either onside or offside. With boxing, however, there's an element of subjectivity that comes into play, like the intent of a fighter for example, so relying solely on AI could in fact be a hindrance.
AI judging in boxingAI models are trained on huge amounts of data, but that means there's a human element to the training that ultimately decides how any AI reacts to certain situations. Would an AI boxing judge's model lean in favor of specific fight styles? Would this lead to athletes evolving their skills to cater to an AI judge rather than the traditional aspects of the sport?
An AI judge in boxing is an intriguing development and one that might end up making its way into official scoring cards further down the line. I expect the best compromise is AI-powered monitoring of judges' scorecards to remove contentious decisions from the sport for good.
Looking for how to watch Fury vs Usyk 2? The first fight in May saw Oleksandr Usyk win by split decision in 12 rounds (115–112, 114–113, 113–114). As we head towards the second fight Fury is very slightly favored to win by some, but most critics find it hard to separate the two.
You might also like...Samsung appears to be following in Apple's footsteps by taking a 'screens everywhere' approach to smart-home tech – and it's starting with your kitchen. Samsung has revealed four new smart appliances that it will be showing off at CES 2025 in Las Vegas: a refrigerator, a washing machine, a dryer, and an oven, all of which are equipped with screens and AI assistants.
Samsung already sells fridges with 21.5-inch and 32-inch Family Hub smart displays built in, which let you control compatible devices (such as Samsung's robot vacuums and air conditioners) without an extra display unit cluttering up your countertop, but with its new appliances the company is focusing less on screen size and more on smarts.
Instead of the Family Hub, each of the new appliances is equipped with one of Samsung's much smaller AI Home screens, which range in size from 9 inches to just 4.3 inches.
Samsung's smart ovens offer recipe suggestions, cooking temperatures and times, and let you check on your meal via your smartphone (Image credit: Samsung)So why would you want AI in your oven as well? Well, it could potentially make you a better cook. Samsung's new Bespoke Wall Oven, for example, can recommend times and temperatures for specific recipes, monitor your food while it's cooking, and let you check in on its progress via the SmartThings app and the oven's internal camera. No more worrying about your cake sinking if you open the door too soon.
It can also suggest recipes based on the ingredients you have to hand, help you prepare a shopping list for those you don't have, and even suggest dishes based on your workout stats and diet goals when connected to Samsung Health.
The updated Bespoke Fridge lets you control third-party devices compatible with the SmartThings ecosystem (such as Ring video doorbells and Philips Hue lights), see their locations, and control everything using voice commands.
Meanwhile, the Bespoke AI washer and dryer set gives you real-time updates on washing cycles and energy monitoring. We'll aim to bring you a good look at all four new appliances when we see them in person at CES, so stay tuned.
Built-in or standalone?Last month, rumors emerged suggesting that Apple is planning to release a new smart-home display, potentially running a new operating system and sporting a 6-inch screen.
Building screens into appliances is an interesting approach that means you won't need additional devices cluttering up your home, though it does raise the issue of upgrades. If Apple does indeed release a new smart home display next year, it might have a regular update schedule, similar to the company's tablets, with a new model launched every few years.
You won't be able to replace your fridge's built-in smart hub so easily, meaning you'll be stuck with the same hardware for a lot longer. Samsung does release regular updates for its smart appliances, improving security and adding new features, but opting for a standalone tablet means you can benefit from advances in hardware more quickly.
On the other hand, how advanced does even the best smart display really need to be? You aren't going to be running Photoshop or generating AI videos on your washing machine, and any truly heavy lifting could be done in the cloud.
Both systems have their merits, and it'll be interesting to see how the two compare when (and if) Apple unveils its new 'screens everywhere' system in the new year.
You might also likeSalesforce has revealed the second generation of its AI agent platform in the latest sign of the technology becoming a truly transformational change for businesses everywhere.
The launch of Agentforce 2.0, just three months after the platform's initial launch in September 2024, promises even more tools and services for companies looking to get to grips with growing AI demand.
Set to be available in February 2025, although some tools will get an earlier release, Agentforce 2.0 offers more customization options for enterprises eyeing up the next step in their AI journey.
Agentforce 2.0The launch of Agentforce 2.0 forms part of what Salesforce calls its "digital labor platform", which looks to augment and boost worker experiences and productivity.
The release will include a new library of customizable pre-built skills and workflow integrations for Salesforce's entire portfolio, covering its CRM, Slack, Tableau, MuleSoft and more, alongside advancements in agentic reasoning and retrieval augmented generation (RAG), greatly improving the response time and accuracy of agents.
There's also new CRM skills to make agents smarter and more effective, such as helping sales teams nurture leads and even join calls to provide instant feedback on interactions with customers.
There will also be the ability to deploy Agentforce in Slack, with Slack Actions now available in Agent Builder, meaning the platform could send a direct message providing a summary of a project's status.
Agent Builder has also been give a major upgrade that will let users create a new agent in seconds using natural language descriptions, and can even auto-generate relevant topics and instructions from its skills library to get your work up and running.
“Agentforce 2.0 takes our revolutionary Salesforce digital labor platform to another level, with new reasoning, integration and customization features that supercharge autonomous agents with unprecedented levels of intelligence, precision and accuracy,” said Marc Benioff, Chair and CEO, Salesforce.
“The demand for Agentforce has been amazing — no other company comes close to offering this complete AI solution for enterprises. We’re seamlessly bringing together AI, data, apps, and automation with humans to reshape how work gets done. Agentforce 2.0 cements our position as the leader in digital labor solutions, allowing any company to build a limitless workforce that can truly transform their business.”
You might also likeGemini 2.0 launched last week with the release of 2.0 Flash Experimental, but now the full version is finally available to the public via the Gemini home page, so long as you are a subscriber to Gemini Advanced, Google's AI subscription service.
Both of the Gemini 2.0 LLMs you can choose are still in beta version. The new Gemini 2.0 LLMs available are 2.0 Flash Experimental, the new lightweight LLM designed for everyday help, and 2.0 Experimental Advanced, designed for tackling complex tasks.
When Gemini Advanced customers go to the home page they'll now get the options for 2.0 Flash Experimental and 2.0 Experimental Advanced from the drop-down menu at the top of the screen. Options to use the older 1.5 Pro, 1.5 Flash 1.5 Pro with Deep Research, still exist.
The drop-down menu on the Gemini homepage now has two options for Gemini 2.0. (Image credit: Google)If you choose either Gemini 2.0 Flash Experimental or Gemini 2.0 Experimental Advanced, you'll continually get warnings that the AI "might not work as expected" before every answer, indicating that this is still very much a beta version. Mobile users of the Gemini app are currently still on the 1.5 Flash LLM.
I've tried the new 2.0 Experimental Advanced and it seems to work as well as the older LLMs for most things, although 2.0 Flash Experimental did keep trying to generate an image of whatever I'd asked it, even though I hadn't asked it for an image.
The new Gemini 2.0 LLM is described by Google as having "significantly improved performance on complex tasks such as coding, math, reasoning and instruction following."
Gemini Advanced costs $19.99 (£18.99/AU$32.99) per month and comes as part of the Google One AI Premium subscription.
You might also like...