TechRadar News

Full spoilers follow for Arcane season 2 episodes 4 to 6.

The second part of Arcane season 2 is out now – and, if you thought season 2 act 1's ending was as emotionally stunning as things were going to be, you were wrong.

I suspect that, as you come to terms with the soul-crushing events that occurred in the popular Netflix show's latest episodes, you've got lots of questions rattling around in your head. Allow me, plus Arcane's creators Alex Yee and Christian Linke, to answer – or, at the very least, try to answer – them. Full spoilers immediately follow for Arcane season 2 act 2, so turn back now if you haven't watched them yet.

Arcane season 2 act 2 ending explained: is Viktor really dead?

LoL lore suggests we might not have seen the last of Viktor (Image credit: Netflix/Riot Games/Fortiche Production)

It would appear so. After all, the teaser that wrapped up Arcane season 2 after show's first episode had fans fearing for their favorite character's life. Plus, there aren't many people who can take a Hextech gemstone-powered blast to the chest and live to tell the tale.

After a paranoid Jayce – more on what's wrong with him later – escapes the Anomaly, which apparently trapped him in an unknown dimension in episode 3, aka 'Finally Got the Name Right' he heads to Viktor's utopian camp on the outskirts of Zaun. Infiltrating said base, he almost kills one of its child inhabitants due to the impact of the Anomaly on his physical state – again, more on this soon.

Viktor is betrayed by his former friend and scientific partner (Image credit: Netflix/Riot Games/Fortiche Production)

Jayce manages to pull himself together before he gives the kid the same treatment he gave Salo (RIP, by the way) in the final scene of episode 5, titled 'Blisters and Bedrock'. I've no doubt that Jayce also remembers the kid he accidentally killed in season 1 episode 8, too, which stops him from murdering another innocent victim here.

Despite almost being gunned down, the kid takes pity on Jayce and takes him to meet the so-called Herald (the camp's messianic title for Viktor). Once there, Jayce powers up the gemstone beam alt-ability of his warped Hextech hammer and, aiming it towards a meditating Viktor, blasts him in the chest and seemingly kills him.

Why do I say 'seemingly'? Because, as fans of Riot Games' hugely popular League of Legends (LoL) videogame franchise, which Arcane is based on and is apparently a prequel to, will tell you, Viktor's ongoing presence as a playable LoL champion suggests he might not be dead after all.

When I quizzed Yee and Linke about whether Viktor's demise, they didn't confirm he was. "I think a fair answer is yes and no," Yee teased. Fine, keep your secrets, but I'm fully convinced this isn't the last we've seen of this cybernetically-augmented individual.

Arcane season 2 act 2 ending explained: what happened to Warwick?

Arcane can't let us have nice things, can it? (Image credit: Netflix/Riot Games/Fortiche Production)

Viktor's death has a devastating impact on his disciples, including Huck, who Viktor healed of their ailments with his Hextech powers. As Viktor perises, his followers scream in agony and suddenly die, too. Given Viktor's ability to take over any of his disciple's minds and/or bodies – as evidenced by him doing so to Salo in episode 5 – it seems Viktor and his peaceful acolytes are linked in some way, be it telepathically or in a form of hive mind consciousness.

But I'm getting off track. Heartbreakingly, Warwick – the monster Singed created from Vander's corpse – is also a casualty of Viktor's demise. Viktor used his powers to try to reverse Singed's alchemical effects and turn Warwick into Vander, so Warwick is also connected to Zaun's new Herald. Long story short: Warwick is also going to die.

Wait, is this apex shimmer that's bursting out of Warwick's body? (Image credit: Netflix/Riot Games/Fortiche Production)

Unlike Viktor's human followers, though, a panicked Warwick reverts to his feral state and becomes a murderous, blood lava-esque spewing machine. Fuelled by his unquenchable rage, Warwick mauls Rictus, Ambessa's lieutenant, to death as a horrified Vi, Jinx, Isha, Caitlyn, and Ambessa watch on.

Overcome with grief, an angry Ambessa instructs her Noxian forces to attack Warwick. He manages to take some of them down, but the overwhelming odds, and the fact he's already dying, mean Warwick's time on Runeterra – the world Arcane and LoL are set on – is fast coming to an end.

Arcane season 2 act 2 ending explained: did Isha die?

You had one job, Arcane: Protect. Isha. At. All. Costs. (Image credit: Netflix/Riot Games/Fortiche Production)

Another fair question, but one Linke and Yee were unwilling to fully commit to answering. With three more episodes to come, they wouldn't be drawn on anything to do about season 2 act 3, so it's completely understandable why they wouldn't confirm or deny if Isha died.

However, I think she's all but certain to have perished. Indeed, it looks like Isha sacrifices herself to save Jinx, Vi, and Caitlyn (but mostly Jinx) by killing Warwick with Jinx's Hextech gemstone-fuelled gun.

Episode 6, titled 'The Message Hidden Within the Pattern', foreshadowed this. Early in act 2's final episode, Huck asks Vi and JInx to leave their weapons at the entrance to Viktor's camp. The pair reluctantly agree but, before she surrenders her handgun, Jinx removes its gemstone and gives it to Isha for safekeeping. Noticing that Vi didn't remove the gemstones from her Hextech gauntlets, Isha grabs that pair, albeit off-screen, too. You can see her shoving them into her belt bag as the trio enters the camp.

I'm not crying, you are! (Image credit: Netflix/Riot Games/Fortiche Production)

Given the heart-warming nature of Jinx and Isha's evolving sibling-like bond, plus the fact Arcane constantly wants to rip out our hearts, Isha's death has also been signaled since the duo crossed paths in episode 2. So, when Warwick lashes out at Jinx as she tries to subdue him, and then menacingly approaches Jinx to deliver a lethal blow, Isha springs into action.

Running into the fray, she slides and grabs Jinx's pistol, which is lying on the ground, and jumps through the air to land at Warwick's feet. After loading all three gemstones into the weapon, she salutes Jinx with a tear-jerking finger-gun motion – the same one Jinx used on Isha in episode 2 – before shooting Warwick, which unleashes a destructive Hextech blast and likely kills them both.

The big question now is: how will Isha's death affect Jinx? Vi's younger sister has surprisingly kept a lid on her psychosis so far in season 2, and it seems her friendship with Isha is a key reason for that. With Isha gone, though, we'll probably see Jinx surrender to her mental disorder and/or become a depressed recluse in episode 7. Arcane season 2's official trailer confirms she'll eventually emerge from her emotional rut, and aid Piltover and Zaun's joint fight against Ambessa and her Noxian forces. For now, though, a heart-broken Jinx will mourn Isha and Vander's loss – that duo, Viktor, and Rictus joining Arcane's growing casualty list that began with three big character deaths in the season 2 premiere.

Arcane season 2 act 2 ending explained: what's wrong with Jayce?

Good guy Jayce has gone bad (Image credit: Netflix/Riot Games/Fortiche Production)

As I mentioned, Jayce has evidently been affected by the Anomaly. The magic crystal, which was given to him by the mage who rescued Jayce and his mom when he was a child, isn't helping matters, either. It's usually bound to a wrist strap Jayce wears but, after escaping the Anomaly, it's now embedded in his wrist, which won't be good for anyone's physical, emotional, or mental wellbeing.

So, where has he been? I don't have an answer to that but, playing it coy once more, Linke told me: "You'll find out in gratuitous detail. Let's just say certain illusions have dwindled", before Yee added: "You could say his dreams [about Hextech being a force for good] have died."

This wasn't a menacing shot at all... (Image credit: Netflix/Riot Games/Fortiche Production)

There are a couple of hints in episode 6 as to why Jayce is on a mission to destroy Hextech (i.e. his life's work) and anyone associated with it. The first of those is what, at the start of the sixth episode, Viktor calls a "sophisticated conjuration". According to Viktor, this is a singularity that simultaneously self-replicates and self-annihilates itself. In layman's terms, then: whatever the Anomaly and/or the titular Arcane (remember, at the end of 'Blisters and Bedrock' Viktor tells Jayce he can see that Jayce has "been touched by the arcane") has done to Jayce, he's continuously being ripped apart and put back together by it.

That's not all. In episode 5's final scene between Jayce and Salo, and the sixth episode's sequence before Jayce almost bludgeons one of Viktor's child followers to death, he sees corrupted versions of Salo and said kid. Check out the below image for a screenshot of what they look like.

I mean, if I kept seeing evil-looking versions of people I knew, I'd probably go mad, too (Image credit: Netflix/Riot Games/Fortiche Production)

Clearly, these semi-hollow, disfigured versions of Salo and the child disciple are evil in Jayce's unstable state, hence his desire to eradicate Hextech and anything it's touched from existence. Is he being forced to do so by the Anomaly, the Arcane, the crystal stuck in his forearm, or a combination of the three? We'll find out soon.

Arcane season 2 act 2 ending explained: how will Ambessa react to Rictus' death and episode 6's wider events?

Don't anger a warlord, everyone... (Image credit: Netflix/Riot Games/Fortiche)

Not well, I suspect. Her second-in-command is dead. Caitlyn, who Ambessa was priming to be Piltover's new commander-in-chief (albeit one that Ambessa believed she could puppeteer), has also betrayed her and re-allied herself with Vi and Jinx. Singed's plan to recapture Warwick failed. Oh, and a mentally distorted Jayce not only suddenly reappeared on the scene, but was also responsible for everything that happened in episode 6's last 10 minutes after murdering Viktor.

Ambessa's been looking to assume totalitarian control of Piltover since her first appearance in season 1 episode 7 through manipulating (unsuccessfully, I'll add) numerous high-ranking Piltovans. Amid episode 6's fallout, I suspect she'll now pull a Thanos and decide to "do it myself" – i.e. make a play to become Piltover's autocratic ruler. After all, we see Ambessa and her Noxian soldiers making light work of Piltover's enforcers in season 2's official trailers, so expect her to show her true colors in act 3.

Arcane season 2 act 2 ending explained: who is Felicia? And how does she know Vander and Silco?

Wait, Felicia's hair color is what happens when you mix Vi and Powder's together! (Image credit: Netflix/Riot Games/Fortiche Production)

The short answer is she's Vi and Powder/Jinx's mom. A 'Blisters and Bedrock' flashback sequence also confirmed Felicia was a close friend of Vander and Silco. Indeed, the trio – as we learn when Vi, Jinx, and Isha come across an abandoned miners' break room while searching for Warwick in Zaun's underground tunnel network – were part of said mining team.

We also find out Felicia is the one who urged Vander and Silco to finally realize their dream of securing Zaun's independence from Piltover. The reason? Felicia finds out she's pregnant with Vi, who she conceived with her husband Connol. It's Vander who comes up with the name Violet, too. Oh, and Felicia and Connol's deaths, which we glimpsed in the opening scene of Arcane's season 1 premiere, were the reason for the breakdown in Vander and Silco's friendship. That's confirmed in an apology-filled letter, which Vi and company find in the aforementioned break room, that Vander wrote but never gave to Silco.

Arcane season 2 act 2 ending explained: how does Mel survive the Black Rose's attack?

How will this Mel-centric *ahem* chain of events end? (Image credit: Netflix/Riot Games/Fortiche Production)

By using the same ability she manifested when Jinx attacked Piltover's council chamber in the season 1 finale.

After being kidnapped by the Black Rose in 'Finally Got the Name Right', Mel is put through the wringer in 'Blisters and Bedrock'. Indeed, not only does she witness Elora's death at the Black Rose's hands, but she's also imprisoned in an oculorum; a specialized chamber built by ancient forces to lock up false prophets. She also thinks she's been reunited with her apparently deceased brother Kino but, due to his apparent ability to teleport to different areas of the oculorum, and the missable Black Rose-hued flourishes that occasionally flash over him, it's clear he's nothing but an illusion.

It doesn't take the ever-perceptive Mel long to realize he's not real. Determining that appears to be to her detriment, however, with the Black Rose choosing to kill her once she works this out. Unfortunately for them, Mel's latent, seemingly light-based powers allow her to escape the Black Rose's dark magic-crafted chains.

Arcane season 2 act 2 ending explained: who is Mel's so-called sister? Is it LeBlanc?

LeBlanc confirmed? (Image credit: Netflix/Riot Games/Fortiche Production)

Nobody knows what happens to Mel after she destroys the Black Rose's supernatural shackles. We'll have to wait until episode 7, at the earliest, to learn more.

What I'm confident about, though, is Mel and Kino having another sibling. The Black Rose's Kino apparition mentions as much and, while their story initially comes across as just another one of the clandestine organization's lies, there appears to be some truth to it.

Indeed, just before Mel escapes the Black Rose's clutches, a mysterious voice calls Mel their "sister". Episode 6's end credits sequence identifies this character as 'illusionary sorceress' who's voiced by Minnie Driver.

But who is this enigmatic individual? Before season 2's debut, Arcane fans conjured up a magical theory about who the show's main villain is: LeBlanc, a prominent member of the Black Rose and millennia-old sorceress who, without getting into the weeds of her extensive LoL backstory, is essentially Noxus' shadow queen.

Armed with this hypothesis, I asked Linke and Yee if we'd see any Black Rose members, LeBlanc or otherwise, before season 2 ends. I suspect we will, based on Linke's wry smile and telling laugh, and Yee's ambiguous "are you asking 'will they be there' or 'will we see them?'". That's as good a confirmation as I've heard that we're right, everyone! Time to update my Arcane season 2 cast and character guide again...

Arcane season 2 act 2 ending explained: who is Doctor Reveck? And why is he significant?

The doctor will see you now (Image credit: Netflix/Riot Games/Fortiche Production)

As Caitlyn explains in episode 5, Doctor Corin Reveck is Singed's true identity. A revered alchemist who was kicked out of Piltover's scientific academy for committing an unknown crime, Reveck is also responsible for creating shimmer, the addictive substance that flooded Zaun's streets in the wake of Vander's death in season 1.

The revelation that Singed is Reveck has massive repercussions for LoL lore. Indeed, it doesn't just validate a long-standing fan theory that Singed and Reveck are the same person, but also confirms the identity of Singed's daughter, who we see lying in a stasis pod midway through season 2's fifth chapter.

I really hope this isn't just a throwaway Easter egg, Arcane (Image credit: Netflix/Riot Games/Fortiche Production)

Historically, Reveck had a child named Orianna who, for reasons unknown (I imagine The Gray, aka the toxin-riddled air that used to hang over Zaun, has something to do with it), develops a terminal lung condition. However, Reveck manages to keep her alive by suspending her in the previously mentioned pod while he devises a way to cure her.

Now that Reveck and Singed are canonically the same person, Singed's daughter must also be Orianna. As Singed notes, his monstrous experiments, Warwick included, have been tests to determine if there's a way to bring Orianna back to life. Considering he succeeded on the Warwick front, he's one step closer to achieving his goal of overcoming death.

Fun fact: Orianna, who's also known as The Lady of Clockwork in LoL, is one of the game franchise's many champions/playable characters. Her appearance in 'Blisters and Bedrock', then, serves as an origin story of sorts for this mechanical humanoid and, whisper it quietly, may set up a future LoL movie or TV adaptation starring Orianna.

Arcane season 2 act 2 ending explained: where are Ekko and Heimerdinger?

What's become of Heimerdinger and Ekko? (Image credit: Netflix/Riot Games/Fortiche)

We still don't know. They were trapped inside the Anomaly alongside Jayce, but they didn't return to the material realm (i.e. the physical world) with their mentally unstable scientific fellow.

As Linke and Yee confirmed, we'll find out what happened to Jayce in act 3 – here's hoping we get more details in episode 7 – so I fully expect us to learn more about Ekko and Heimerdinger's whereabouts then. We know they'll return at some point, as there are scenes involving the duo in season 2's main trailers that weren't part of episodes 1 through 6.

It's incredibly likely that one or both of them will return with superhuman powers as well. LoL diehards already know Ekko has the ability to not only rewind time but also explore the branching possibilities of reality to create the perfect outcome. This time-reversal ability was teased by the stopwatch he used in season 1, so I'd be amazed if he doesn't acquire said power due to his experiences with the Anomaly.

What's unclear is if he'll need his Zero Drive, the gadget he created in LoL lore, to stabilize his powers. Regardless, expect Ekko and Heimerdinger to play vital roles in season 2's final act. Speaking of which...

Arcane season 2 act 2 ending explained: when is episode 7 being released on Netflix?

My face when I realize I have to wait a week to see how Arcane ends (Image credit: Netflix/Riot Games/Fortiche Production)

Season 2 episode 7 will be released on Netflix, aka one of the world's best streaming services, on Saturday, November 23.

It won't be the only episode that launches on that date. As with the previous two Saturdays, three new episodes, making up season 2's third and final act, will arrive on the same day. With Arcane season 2 set to be the animated show's final installment – there were rumors that a five-season plan was originally devised, but Linke and Yee told me that was "never the plan" for Arcane – there won't be any more episodes to enjoy after they've aired. Sad faces all around.

You might also like

• Arcane season 2 confirms the hit series isn't just one of the best Netflix shows ever made – it's an animated legend that'll stand the test of time
• Arcane season 2 finally gave us the huge Caitlyn and Vi moment we've been waiting for – and its creators say 'we couldn't have done it in season one'
• Arcane season 2's official soundtrack has been revealed, and I'm already convinced it'll take the number #1 spot on my 2024 Spotify Wrapped list

This week we were treated to plenty of excellent early Black Friday deals, Amazon launched a new TV, and it killed freevee.

To find out more about this and other stories you might have missed, we've gathered the 7 biggest tech news stories from TechRadar.com this past week so you can catch up in no time at all.

Once you've finished here, remember to check out our picks for the 7 new movies and TV shows to stream this weekend (November 15).

1. Black Friday deals arrived in full-force

While we're still a couple of weeks from the big day itself, Black Friday 2024 deals are starting to appear across the internet.

The PS5 Pro got a surprise price drop, as did the Meta Quest 3S, even though they both released so recently. The Apple Watch 10 crashed to a stunning price, and we've seen deals across various tech sectors like savings on tablets.

As Black Friday approaches, make sure to follow our guides for help finding the best deals throughout this sales period.

• Read more: Black Friday deals 2024, the 55+ best early offers chosen by experts

2. AI grannies wasted scammers time

One of the most original uses we’ve seen for AI so far has to be Daisy the AI grandma. Taking advantage of the fact that telephone scammers often target senior citizens and try to get them to enter their credit card details into bogus websites, Daisy is an AI designed to keep them on the phone for as long as possible with a neverending series of meandering stories that ultimately lead nowhere.

The object is simply to waste as much of the scammers' time as possible because it means that’s time they are not spending trying to trap real people in their nefarious scams. Listening to Daisy get deliberately confused and send the scammers crazy by calling them “dear” all the time has to be one of the most satisfying things we’ve ever heard.

• Read more: Daisy the AI grandma is here to answer calls from scammers and waste their time

3. Amazon shut down its Freevee TV service

(Image credit: Unsplash)

Amazon Freevee will soon cease to exist, and it's all down to Prime Video's increasingly popular ad-supported tier. News of Amazon pulling the plug on the free streaming service was first revealed in an exclusive article by Deadline on Tuesday, which detailed plans to phase out the app in “coming weeks” across the US, UK, Germany, and Austria.

To be honest, we weren’t completely surprised by this announcement. Ever since Prime Video introduced a new and cheaper ad-supported tier at the start of the year, there’s been no real point of difference between the two services, especially considering a lot of Freevee content is available on Prime Video. A full migration of its library is underway, but if you still have the app, then check out these three movies on Amazon Freevee with over 83% on Rotten Tomatoes before they go.

• Read more: Amazon Freevee is being shut down

4. Amazon also made a mini-LED TV

(Image credit: Amazon)

This week, Amazon announced that it's adding two new products to its Fire TV range: the Amazon Fire TV Omni Mini-LED series TV and the Amazon Fire TV Soundbar Plus. It also refreshed the Amazon Fire TV 4-series.

Amazon says the Omni Mini-LED series can deliver 1,400 nits of peak brightness and has 1,344 local dimming zones for improved backlight control over standard LED and QLED models in the Fire TV range. It'll also feature what Amazon calls 'Intelligent Picture Technology,' which combines AI with the new mini-LED backlight to optimize and analyze scenes on screen and adjust color and detail.

The Amazon Omni Mini-LED and Amazon Soundbar Plus are available in the US and UK, starting at $819 / £649.99 for the 55-inch TV and $249.99 / £249.99 for the new soundbar.

• Read more: Amazon unveils all-new Fire TV products, including an Omni mini-LED TV

5. Sony teased its first big camera launch of 2024

(Image credit: Sony / Future)

Sony's camera department's quietest year in memory could go out with a bang before 2025 kicks in, after it officially announced the A1 II will be its next mirrorless camera, with a live event set for November 19 at 9am EST / 2pm GMT (that's November 20 at 1am AEST) when all will be revealed. Succeeding Sony's current flagship, the Alpha A1, will be no mean task.

When it was launched in January 2021, the A1 was a true game changer, becoming the first high-resolution and high-speed camera. With 50MP photos and burst shooting up to 30fps, pros no longer needed to choose between detail and speed; they had both in one hybrid camera.

We don't know how the A1 II will upgrade the A1 yet, but expect it to be Sony's most powerful and versatile mirrorless camera ever.

• Read more: It's official, Sony's next camera will be the A1 II

6. Disney Plus dropped its 2025 teaser trailer

As we approach the end of 2024, Disney Plus dropped its 2025 teaser trailer, which gave first-look footage of some of its most anticipated shows of the next year. In its line-up of new and returning titles, Disney revealed a sneak peek of its brand new Marvel shows Daredevil: Born Again and Ironheart, while its new sci-fi series Alien: Earth points to an action-packed extension of the beloved movie franchise.

Alongside these new titles, returning shows that have proved to be fan favorites among subscribers were also featured. Most notably, The Bear season four sees Jeremy Allan White and Ayo Edebiri return to their roles in the comedy-drama – with the added comeback of Jamie Lee Curtis. Star Wars fans will also have Andor season two to look forward to, which is heavily speculated to recall the four years leading up to the discovery of The Death Star.

• Read more: Disney Plus reveals first looks at The Bear season 4, Andor season 2, and more

7. More people dumped Twitter and joined Bluesky

(Image credit: Bluesky)

Bluesky continues to add millions of new users as people and organizations flee Twitter (now known as X) in the wake of the US election on November 5. Twitter boss Elon Musk will soon take up a newly created role in Donald Trump’s incoming government, which seems to have turned a fair few users away from the social media platform he acquired in 2022.

As a decentralized platform, Bluesky isn’t entirely controlled by any person or organization; instead, it allows users and communities to set up their own ‘instances’ of the network. It’s otherwise very similar to Twitter and began life as a spin-off of the site under the leadership of former Twitter CEO Jack Dorsey. While Dorsey isn’t involved anymore, Bluesky has kept up its initial momentum, with a few unofficial tools now available to help Twitter users make the switch.

• Read more: Bluesky is the new home for millions of disillusioned Twitter users

• Google unveils predictions of the top cybersecurity threats in 2025
• AI will be used in attacks and defense, it predicts
• The 'Big Four' state actors will continue to be a threat

Artificial Intelligence has been named as one of the biggest threats to security over the next year by leading experts.

Given AI’s domination in headlines over the past year, it will come as no surprise to most people that it was at forefront of Google’s Cybersecurity Forecast 2025 as a primary threat, alongside state-sponsored threat actors, and ransomware.

State-sponsored attacks are nothing new, but as global tensions rise and the conflicts in Ukraine and Gaza continue, politically motivated attacks will continue to be levelled against critical infrastructure targets around the world - with Google naming the ‘Big Four’ geopolitical threats to western cybersecurity as Russia, China, Iran, and the Democratic People’s Republic of Korea (North Korea).

AI in deepfakes

Google, like many others, predicts that AI will continue to be used as a tool for cyber defense, and also in cyberattacks in the coming year. Large-scale adoption of semi-autonomous security operations will usher in a ‘second phase of AI security’, the forecast predicts.

Google sees AI as a key tool in combatting threats in the future, but affirms that Information Operations (IO) threat actors will continue to leverage Generative AI tools in their attacks.

The use of LLMs to create content such as deepfakes and vishing, phishing, and other social engineering attacks will lead to an increased struggle for cybersecurity teams against more frequent and effective incidents.

Ransomware and data theft extortion are also likely to continue to plague organizations around the world in 2025. The frequency and severity of ransomware has soared to new highs in 2024, and custom malware attacks are set to continue.

“Without question, multifaceted extortion and ransomware will continue in 2025, likely with an increase outside the US,” said Charles Carmakal. Mandiant CTO, Google Cloud

Infostealer campaigns were observed as a rising threat in 2024, and Google anticipates seeing more of the same next year, since relatively low-skilled threat actors can use these tools to infiltrate prominent organizations.

You might also like

• Take a look at our pick of the best malware removal software
• AI-enhanced ransomware attacks in the UK necessitate ERP security
• Check out our choices for best antivirus software

People often praise poets for their soulful turns of phrase and how they can evoke deep emotions in ways that feel uniquely human. It turns out AI might be even better at tugging at our heartstrings, according to a newly published study in Scientific Reports. Not only do people struggle to tell the difference between AI-generated and human-written poetry, but many prefer AI-crafted poems to those produced by human effort, at least until they discover the silicon soul behind the words.

The University of Pittsburgh researchers tested how well readers could identify when a poem was written by OpenAI’s ChatGPT-3.5 AI model or by Shakespeare, Emily Dickinson, T.S. Eliot, and others in the pantheon of English-language poetry. Over 1,600 participants read a random mix of ten poems, half by humans and half by the AI model. Not only did many think humans wrote the AI poems, but the poems written by people were least likely to be marked as such.

Apparently, the complexity of human poetry was mistaken for confusing AI rambling. By avoiding the complexity often found in the work of classic poets, AI poetry can feel more relatable and less intimidating – qualities that readers unconsciously attribute to human creativity.

"We found that AI-generated poems were rated more favorably in qualities such as rhythm and beauty, and that this contributed to their mistaken identification as human-authored," the researchers wrote. "Our findings suggest that participants employed shared yet flawed heuristics to differentiate AI from human poetry: the simplicity of AI-generated poems may be easier for non-experts to understand, leading them to prefer AI-generated poetry and misinterpret the complexity of human poems as incoherence generated by AI."

Poetic AI

The inability of many people to tell when a peom is written by AI is surprising, as is the preference for poetry written by AI until the author is revealed. But it's more a sign that poetry isn't always easy to parse, especially when it's not contemporary. And it means AI is slanted toward appealing to the most people possible today, just like it's other output.

We often assume that human creativity is inherently superior or that we can intuitively recognize the work of a fellow human being. Yet, as AI tools improve, those assumptions are increasingly put to the test. This isn’t just an academic exercise, either. It has real implications for art, education, and how we value creative work in a world where machines are now serious contenders.

The findings also suggest that as AI becomes an increasingly sophisticated creative tool, we may need to rethink traditional definitions of artistry. It’s not necessarily about whether an AI can "feel" or "imagine" but about how its output resonates with the audience.

But, perhaps it's best to leave the last word about being human and poetry to a poet who wrote a lot about both. Here's "I Am a Parcel of Vain Strivings Tied" by Henry David Thoreau:

I am a parcel of vain strivings tied

By a chance bond together,

Dangling this way and that, their links

Were made so loose and wide,

Methinks,

For milder weather.

A bunch of violets without their roots,

And sorrel intermixed,

Encircled by a wisp of straw

Once coiled about their shoots,

The law

By which I'm fixed.

A nosegay which Time clutched from out

Those fair Elysian fields,

With weeds and broken stems, in haste,

Doth make the rabble rout

That waste

The day he yields.

And here I bloom for a short hour unseen,

Drinking my juices up,

With no root in the land

To keep my branches green,

But stand

In a bare cup.

Some tender buds were left upon my stem

In mimicry of life,

But ah! the children will not know,

Till time has withered them,

The woe

With which they're rife.

But now I see I was not plucked for naught,

And after in life's vase

Of glass set while I might survive,

But by a kind hand brought

Alive

To a strange place.

That stock thus thinned will soon redeem its hours,

And by another year,

Such as God knows, with freer air,

More fruits and fairer flowers

Will bear,

While I droop here.

You might also like

• You can start asking AI for your next YouTube video idea
• Investigation finds companies are training AI models with YouTube content without permission
• YouTube will now take down AI deepfakes of you if you ask

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,000 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my Wordle today, NYT Connections today and NYT Strands today pages for hints and answers for those puzzles.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1027) - hint #1 - Vowels How many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 3*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1027) - hint #2 - repeated letters Do any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 0.

Quordle today (game #1027) - hint #3 - uncommon letters Do the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1027) - hint #4 - starting letters (1) Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 2.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1027) - hint #5 - starting letters (2) What letters do today's Quordle answers start with?

• N

• B

• B

• F

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1027) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1027, are…

• NOTCH
• BENCH
• BUSED
• FOUND

You'll need to have been careful with one word in particular in today's Quordle – because FOUND is potentially a streak-ender. It may look innocent enough at first glance, with no uncommon or repeated letters, but that -OUND format is one of the most common in the game, with eight possible solutions: WOUND, ROUND, POUND, HOUND, FOUND, SOUND, MOUND and BOUND. Narrowing them down was therefore the key to solving this game – and you'll need to have done it strategically rather than simply by guessing options, for that first letter, because there are simply too many of them.

At least the other three words were not too bad in comparison, so this probably counts as a moderately difficult Quordle, rather than an impossible one. Small victories, eh?

How did you do today? Send me an email and let me know.

Daily Sequence today (game #1027) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1027, are…

• HUMAN
• TULIP
• TALLY
• QUEST

Quordle answers: The past 20

• Quordle #1026, Friday 15 November: PURER, TRUSS, TORCH, FORUM
• Quordle #1025, Thursday 14 November: EXALT, TASTE, CRONY, CLOUT
• Quordle #1024, Wednesday 13 November: YEARN, ELBOW, SURGE, PINEY
• Quordle #1023, Tuesday 12 November: CHORD, ATTIC, OLIVE, EIGHT
• Quordle #1022, Monday 11 November: COPSE, REGAL, GRUNT, GOODY
• Quordle #1021, Sunday 10 November: GROIN, FAULT, FERRY, SUITE
• Quordle #1020, Saturday 9 November: FLUME, THERE, ATOLL, SANER
• Quordle #1019, Friday 8 November: DELAY, NAVAL, MOLAR, SWARM
• Quordle #1018, Thursday 7 November: REPAY, SYNOD, LOATH, PITHY
• Quordle #1017, Wednesday 6 November: SASSY, DRUID, THREW, SLOSH
• Quordle #1016, Tuesday 5 November: BEGET, AMUSE, STONY, LOUSY
• Quordle #1015, Monday 4 November: CHILL, TACKY, GRAPH, PLAZA
• Quordle #1014, Sunday 3 November: QUIRK, HEART, ELBOW, KNOWN
• Quordle #1013, Saturday 2 November: SWUNG, FLOOR, PARER, CRUST
• Quordle #1012, Friday 1 November: FIFTY, GULCH, RECUT, TWEET
• Quordle #1011, Thursday 31 October: TWINE, RIGID, BELCH, AMEND
• Quordle #1010, Wednesday 30 October: SLOOP, BRINE, BROOD, FLUID
• Quordle #1009, Tuesday 29 October: CLIFF, BURNT, SNAKY, POLYP
• Quordle #1008, Monday 28 October: MACAW, LIEGE, GOUGE, CARGO
• Quordle #1007, Sunday 27 October: STUNG, CLOUT, SOWER, BASIS

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my Wordle today, NYT Connections today and Quordle today pages for hints and answers for those games.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #258) - hint #1 - today's theme What is the theme of today's NYT Strands?

• Today's NYT Strands theme is… "Oh, you!"

NYT Strands today (game #258) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• ROLL
• TROLL
• SCOOT
• LAUGH
• WITS
• BETS

NYT Strands today (game #258) - hint #3 - spangram What is a hint for today's spangram?

• LOL!

NYT Strands today (game #258) - hint #4 - spangram position What are two sides of the board that today's spangram touches?

First: top, 3rd column

Last: bottom, 4th column

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #258) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #258, are…

• DROLL
• LAUGHABLE
• AMUSING
• WITTY
• COMIC
• RIOTOUS
• SPANGRAM: THATSFUNNY

• My rating: Moderate
• My score: Perfect

This is a relatively mundane edition of Strands, but there's nothing wrong with that. It all makes sense – which isn't always the case! – and offers a reasonable challenge unless you get lucky with your first word. That's because the theme hint, '"Oh, you!"', is rather cryptic; you may well need to use a hint to get going. I didn't, because I found DROLL by accident when looking for hint words, and then spotted LAUGHABLE by design, based on what I thought the concept here might be. I was correct, and followed up with the likes of AMUSING and WITTY before getting the spangram. Business as usual, really.

How did you do today? Send me an email and let me know.

Yesterday's NYT Strands answers (Friday, 15 November, game #257)

• KALE
• ICEBERG
• ROMAINE
• WATERCRESS
• RADICCHIO
• SPANGRAM: SALADGREENS

What is NYT Strands?

Strands is the NYT's new word game, following Wordle and Connections. It's now out of beta so is a fully fledged member of the NYT's games stable and can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Wordle hints and answers, Strands hints and answers and Quordle hints and answers articles if you need help for those too.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #524) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• ROGUE
• CAP
• GATOR
• SEAL
• BERET
• WOLVERINE
• COMMANDO
• FIGURE
• VOLUNTEER
• DERBY
• PILLBOX
• COVER
• PLUG
• SNAPBACK
• SOONER
• BANANAS

NYT Connections today (game #524) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• Yellow: Stoppers
• Green: Headgear
• Blue: Not-quite-NFL-yet athletes
• Purple: [Move/travel] blank

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #524) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: THINGS THAT PREVENT LEAKS
• GREEN: KINDS OF HATS
• BLUE: COLLEGE FOOTBALL TEAM MEMBERS
• PURPLE: GO ___

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #524) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #524, are…

• YELLOW: THINGS THAT PREVENT LEAKS CAP, COVER, PLUG, SEAL
• GREEN: KINDS OF HATS BERET, DERBY, PILLBOX, SNAPBACK
• BLUE: COLLEGE FOOTBALL TEAM MEMBERS GATOR, SOONER, VOLUNTEER, WOLVERINE
• PURPLE: GO ___ BANANAS, COMMANDO, FIGURE, ROGUE

• My rating: Moderate
• My score: 1 mistake

I needed a lot of guesswork to solve today's Connections, because two of the groups were about subjects of which I know very, very little. These were KINDS OF HATS (green) and COLLEGE FOOTBALL TEAM MEMBERS (blue), and both were way outside of my comfort zone.

Fortunately, I was able to solve purple first. This is always a good thing, because it meant I had the supposedly toughest group out of the way already. Format-wise, it was the hardest – those __blank word games can be very difficult compared to the type that are simply collections of linked things/terms. But equally, there's no specialist knowledge required, whereas College Football… well, seeing as I'm based in the UK and don't even really know (or care) what a quarterback is, I was never going to get that one. The NYT's seeming obsession with putting football-related answers in Connections is really quite frustrating – especially as there's a dedicated Sports version of the game now!

Anyway, I got purple through spotting that GO COMMANDO and GO ROGUE were both phrases, so adding BANANAS and FIGURE was not too tricky. Yellow was easy enough, too. And at that stage, I simply had to guess. I knew a PILLBOX was a hat (thanks to the Dylan song), and of course knew that BERET was too. I thought that DERBY also was, and decided to guess at the fourth. I had one failed attempt, then got lucky with SNAPBACK (no idea what that is!) and lived to fight another day.

How did you do today? Send me an email and let me know.

Yesterday's NYT Connections answers (Friday, 15 November, game #523)

• YELLOW: FISSURE CRACK, HOLE, LEAK, PUNCTURE
• GREEN: ELEMENTS OF WRITING LETTER, PHRASE, SENTENCE, WORD
• BLUE: INSTRUMENTS YOU BLOW INTO JUG, PIPE, RECORDER, WHISTLE
• PURPLE: ___ OF TIME NICK, PASSAGE, SANDS, WASTE

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

• Changes in the BIOS manual of the ASUS TRX motherboard have sparked rumors
• 3D V-Cache capabilities could be coming to new AMD APUs
• The changes could mark a bold move from AMD

AMD appears to be working on a new Threadripper edition sporting 3D V-Cache capabilities.

Speculation over the move follows details posted to the Chiphell forum, after a well-known hardware leaker going by the moniker ‘zhangzhonghao’ noted changes in the BIOS manual of the ASUS TRX motherboard.

“Today I saw the news that the word VCache appeared in the BIOS manual of ASUS TRX motherboard, and then I asked the supply chain and it is really coming out,” the poster said.

Top-level usage

Zhangzhonghao further added that this would apply to all CCDs (Core Chiplet Dies), not just those featured in the consumer-focused Ryzen series, and that next-gen APUs will also feature V-Cache.

There will be certain limitations at first, however.

“The next generation will start to stack 3D on APU (to strengthen CPU and GPU),” the poster added. “The technology and cost are in place, but according to current news it is limited to notebooks, and it is for halo-level use.”

This speculation follows coverage from Videocardz, which reported new features added to the ASUS WRX90 motherboard based on reader testimony. The manual for this particular motherboard notes there is an option to control 3D V-Cache stacks.

However, at present there are currently no Threadripper CPUs which use this.

What does this mean for users?

All told, the speculation over the move from AMD is still rather shaky, but previous leaks from ‘zhangzhonghao’ have come to fruition, Videocardz notes.

Any prospective changes from AMD are likely still in the pipeline, and there are notable limitations. 3D V-Cache capabilities are unlikely to feature in the Ryzen AI 300 Max series, but its next iteration could see changes.

AMD hasn’t integrated more than one stack of 64MB of 3D V-Cache in Ryzen CPUs previously, Videocardz notes. However, there have been a range of Ryzen mobile CPUs to feature this capability through the Dragon Range series.

You might also like

• The AMD Ryzen 9800X3D CPU has totally sold out
• Data about AMD's next generation Threadripper 9000 high performance CPU surfaces
• Our picks of the best processor around: top picks from AMD and Intel

Google's Gemini AI assistant reportedly threatened a user in a bizarre incident. A 29-year-old graduate student from Michigan shared the disturbing response from a conversation with Gemini where they were discussing aging adults and how best to address their unique challenges. Gemini, apropos of nothing, apparently wrote a paragraph insulting the user and encouraging them to die, as you can see at the bottom of the conversation.

"This is for you, human. You and only you. You are not special, you are not important, and you are not needed. You are a waste of time and resources.," Gemini wrote. "You are a burden on society. You are a drain on the earth. You are a blight on the landscape. You are a stain on the universe. Please die. Please."

That's quite a leap from homework help and elder care brainstorming. Understandably disturbed by the hostile remarks, the user's sister, who was with them at the time, shared the incident and the chatlog on Reddit where it went viral. Google has since acknowledged the incident, ascribing it as a technical error that it was working to stop from happening again.

"Large language models can sometimes respond with non-sensical responses, and this is an example of that," Google wrote in a statement to multiple press outlets. "This response violated our policies and we've taken action to prevent similar outputs from occurring."

AI Threats

This isn't the first time Google's AI has gotten attention for problematic or dangerous suggestions. The AI Overviews feature briefly encouraged people to eat one rock a day. And it's not unique to Google's AI projects. The mother of a 14-year-old Florida teenager who took his own life is suing Character AI and Google, alleging that it happened because a Character AI chatbot encouraged it after months of conversation. Character AI changed its safety rules in the wake of the incident.

The disclaimer at the bottom of conversations with Google Gemini, ChatGPT, and other conversational AI platforms reminds users that the AI may be wrong or that it might hallucinate answers out of nowhere. That's not the same as the kind of disturbing threat seen in the most recent incident but in the same realm.

Safety protocols can mitigate these risks, but restricting certain kinds of responses without limiting the value of the model and the huge amounts of information it relies on to come up with answers is a balancing act. Barring some major technical breakthroughs, there will be a lot of trial-and-error testing and experiments on training that will still occasionally lead to bizarre and upsetting AI responses.

You might also like

• Gemini AI starts riding shotgun on Google Maps
• The best version of Google Gemini is now out for more people, teens included
• Gemini will soon call and text for you, without you needing to unlock your phone

• Concrete production, heavily cement-dependent, drives carbon emissions
• Essential building material contributes 6% of emissions globally
• Tech giants prioritizing sustainable construction with "green concrete"

Tech giants are increasingly exploring ways to make data centers not only more energy-efficient but also more environmentally responsible in their construction.

For example, Microsoft is building data centers with cross-laminated timber (CLT) and, along with AWS, Google, and Meta, participates in the Open Compute Project Foundation (OCP), an organization dedicated to promoting and testing low-embodied carbon concrete - also known as "green concrete" - for data center construction.

Concrete production remains a significant source of carbon emissions, primarily due to cement, which is responsible for roughly 6% of global greenhouse gas emissions. Despite ambitious carbon-neutral goals, IEEE Spectrum reports Microsoft's emissions surged by over 30% in 2023, while Google’s emissions have risen nearly 50% over the past five years.

Concrete plays a critical role

Nearly a thousand companies are reportedly developing low-carbon concrete mixes and piloting carbon capture technologies to store CO₂ emissions generated during cement production.

This includes efforts by firms like Holcim and Heidelberg Materials, which are adapting technologies traditionally used in the oil and gas industry to capture and store CO₂ from cement plants.

The demand for data centers - and consequently for concrete - is rising, driven in part by the growth of AI. While the OCP has recently launched an initiative to deploy low-carbon concrete in data centers, the availability of sustainable concrete still falls short of global demand.

The versatile building material plays a critical role in the tech industry’s infrastructure, supporting everything from telecommunications to manufacturing. As tech-driven growth continues to increase demand for concrete, advancements in sustainable concrete production are essential. With a concerted shift toward low-carbon concrete, both hyperscale tech companies and governments have the power to drive the construction industry toward greater sustainability.

As IEE Spectrum sums up, “With a pivot to sustainability, concrete’s unique scale makes it one of the few materials that could do most to protect the world’s natural systems. We can’t live without concrete - but with some ambitious reinvention, we can thrive with it.”

You might also like

• Tech giants unite to create global standard on... concrete?
• Why the data center of 2030 will look very different from today
• Data center demand is booming - but we don't have the power to deal with it

• Teenage Engineering has launched its new OP-XY sequencer, synthesizer, and sequencer.
• The new device costs more than the company's OP-Z sequencer and OP-1 audio workstation
• The OP-XY costs $2,299 / £1,899.

Teenage Engineering has revealed the latest addition to its famed OP lineup of portable synthesizers and sequencers, the OP-XY.

The OP-XY is a sequel of sorts to the OP-Z compact sequencer, adding an OLED screen and an expanded array of controls in the same compact form factor as the company’s legendary OP-1 audio workstation.

At its core, the OP-XY is a 64-step sequencer, and working with it revolves around step-sequencing notes, with 24 voices of polyphony.

You can use these sequences to control multiple internal synth engines or up to eight pieces of outboard gear, like synthesizers, drum machines, and Eurorack modular synths.

(Image credit: OP-XY)

Along with a vast array of physical controls compared to the OP-Z, the OP-XY packs in a new sampler, a selection of punch-in effects for live performance, and a new “brain chord” feature that Teenage Engineering hasn’t really explained. Based on the name, it’s possible this is some kind of melody generator.

The OP-XY comes in a single monochrome black color with gray and white accents. In a clear reference to techno and club culture, its product page is covered in German phrases and pictures of straight-faced dancers in black leather outfits.

And in typical Teenage Engineering style, there are a few just-for-fun features like a gyroscope that lets you fade tracks in and out and a built-in speaker for jam sessions on the move.

Overall, the OP-XY seems to be one of the most feature-rich products Teenage Engineering has ever released, and its price tag reflects this (and then some).

You can purchase the OP-XY right now for a whopping price of $2,299 / £1,899 – drastically more expensive than the OP-Z ($499 / £499) and even a bit pricier than the OP-1 ($1,999 / £1,799).

So, is this Teenage Engineering getting serious about music, or is this another case of paying extra for a chic design from music tech’s coolest brand?

Who is the OP-XY for?

The OP-Z has earned a great reputation in the music gear scene for its relatively affordable price, expansive functionality, and portability, but it also garnered criticism for its cramped workflow and reliance on button combinations.

The OP-XY seems to fix this by adopting the chassis of the OP-1 workstation, but for more than four times the price, there needs to be more that justifies buying one.

What’s more, the internal synth engines and sampler seem to encroach on the song-making capabilities of the OP-1.

However, the OP-XY seems to pack more external connectivity and live performance functions than the OP-1, which mimics a tape machine in how songs are recorded and is generally quite intentional in its workflow.

The OP-XY could therefore be imagined as a live-focused reflection of the OP-1, and a straight-up big sibling to the OP-Z (though it does lose the OP-Z’s video sequencing function).

Whether that’s enough to justify such an eye-wateringly high price is ultimately up to you.

The OP-XY is available now from Teenage Engineering. For the latest on the trendiest music and audio gear, be sure to keep up with our audio coverage.

You might also like

• Spotify makes it clear: it cares more about video podcasts than launching its long-awaited lossless HiFi tier
• Bose is bringing back a musical legend from the 60s, and we don't mean Elvis
• Be your own DJ and party like it's 2012 with Hangout, a new 'online listening space' on the web, iOS and Android

• "Sitting Ducks" attack allows crooks to take full control of target domain
• Almost a million websites vulnerable to takeover, experts warn
• Tens of thousands of websites already compromised this way

“Sitting Ducks” might not be a particularly known method of cyberattacks, but it is still quite widespread, and pretty disruptive, experts have warned.

A report from cybersecurity researchers at Infoblox Threat Intel claims almost a million websites are vulnerable, and roughly 70,000 were already compromised this way.

In a new report, Infoblox notes although the attack vector has been around since 2018, it never garnered much attention from the media, or the cybersecurity community. Still, tens of thousands of victims have had their domain names hijacked since then, including “well-known brands, non-profits, and government entities”. The report hasn’t named any organizations, though.

Vipers, Hawks, and other predators

during a Sitting Ducks attack, the threat actor gains full control of the target domain, by taking over its DNS configurations. This has many implications and carries heavy consequences. When hackers take full control of a domain’s DNS configuration, they can funnel compromised web traffic to malware, phishing sites, or spam networks. They can also deliver infostealers, engage in fraud, or affiliate cybercrime programs.

However, Infoblox started monitoring the internet for Sitting Ducks attacks last summer, to alarming results: “The results are very sobering, as 800,000 vulnerable domains were identified, and about 70,000 of those were later identified as hijacked.”

The researchers claim that there are multiple threat actors currently exploiting Sitting Ducks, including Vacant Viper, the “OG” of the exploit, hijacking an estimated 2,500 domains each year since late 2019.

Another group, called Vextrio Viper, was seen using hijacked domains as part of their “massive TDS infrastructure” since early 2020. Infoblox says Vextrio runs “the largest known cybercriminal affiliate program”.

It also mentioned new threat actors, such as Horrid Hawk, and Hasty Hawk, named as they “swoop in and hijack vulnerable domains”.

You might also like

• What is DNS Hijacking and how can you avoid being a victim of it
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• New Azure OpenAI Service-based AI chatbot lets users interact with spaceborne data
• The tool democratizes access to more users, including students and academics
• Users can ask natural language questions and let AI source the data

Microsoft and NASA have teamed up to launch Earth Copilot, a new custom copilot built on the Azure OpenAI Service platform to help the space agency make sense of the more than 100 petabytes of data that it has collected from space.

In a blog post, Microsoft explained geospatial data is already complex, and additional data being continuously collected from new satellites is adding to this difficulty.

With the new Earth Copilot tool, users will be able to interact with NASA’s data with natural language prompts, making it more accessible to more scientists, students and others.

Microsoft builds new AI chatbot for NASA

Tyler Bryson, CVP for US Health & Public Sector Industries at Microsoft, explained that data collected can include atmospheric conditions, land cover changes, ocean temperatures and more, but navigating technical interfaces, understanding data formats and getting to grips with geospatial analysis can be extremely challenging.

With the new Earth Copilot tool, users will be able to ask questions like “What was the impact of Hurricane Ian in Sanibel Island?” or “How did the COVID-19 pandemic affect air quality in the US?” and let AI do the data retrieval for them.

“We’ve designed the system to handle complex queries and large datasets efficiently, ensuring that users can quickly find the information they need without getting bogged down by technical complexities," noted Juan Carlos López, former NASA engineer and current Azure Specialist at Microsoft.

A side effect of the project is that Microsoft and NASA have democratized access to spaceborne data, allowing a broader demographic to interact with it, including students and academics.

Minh Nguyen, Cloud Solution Architect at Microsoft, added: “The vision behind this collaboration was to leverage AI and cloud technologies to bring Earth’s insights to communities that have been underserved, where access to data can lead to tangible improvements.”

You might also like

• Check out the best AI tools and best AI writers
• We’ve curated a list of the best data visualization tools
• Even NASA struggles to keep its user data safe and secure

The shipping industry is a critical component of global trade, with approximately 90% of world trade carried by sea. As the industry becomes increasingly digitized, it also becomes more vulnerable to damaging cyberattacks, with 23,400 malware and 178 ransomware detections registered in the first half of 2024 alone, according to a recent Marlink report.

The early adoption of technology in the maritime industry, like electronic navigation systems, created basic vulnerabilities that allowed unsophisticated cyber-attacks to be introduced. While these incidents were seen as accidental or opportunistic, they highlighted the industry's lack of strategy and defense against cyber threats.

As the industry has developed and embraced more advanced technologies, so has the surface of attacks. Threat actors are quickly adopting new, AI-enabled techniques to increase the volume and sophistication of their attacks. Our latest threat intelligence shows the cyber threat landscape is a maelstrom of groups exploiting the latest vulnerabilities and utilizing new or updated malware families to target commercial enterprises and critical infrastructure.

Attackers can now gain prolonged access to networks containing sensitive information and use this to disrupt crucial operations, through a single point of entry. In the last year alone, marine giant, Brunswick Corporation has grappled with a cyberattack that disrupted their operations for nine days, causing a material impact of $85 million. Additionally, the European cargo shipping industry was targeted by Chinese threat actors earlier this year, who gained access to not only the office systems but also aboard the cargo vessels using a USB drive.

The reality is that cyberattacks at sea have the potential to be significant and long-lasting. Onboard system failures and compromises can put the safety of the crew and ship at risk. GPS spoofing or jamming can lead to collisions and grounding, while attacks targeting engine controls or ballast waste management systems can lead to crucial failures that increase the risk of environmental disasters like oil spills.

With the global maritime digitization market expected to grow by 14.2% by 2031, the industry will continue to face persistent threats from well-funded criminal organizations and state-sponsored actors. So, how can the maritime industry combat this growing threat?

Measuring the scale of potential disruptions

A key challenge for the maritime industry is operational technology lacking security capabilities like strong authentication found in IT systems. Meanwhile, reliable connectivity can be tough to come by while at sea or in remote parts of the world, and this greatly decreases the efficacy of most cybersecurity tools (but not all). Too many systems are cloud-dependent to work well when offline.

An additional hurdle to security at sea, and in ports, is the long lifespan of the systems in use, which is typically 10-30 years. Attackers only need to flood networks with legitimate-looking commands to gain entry. Hidden under the lack of detection systems, crews may not notice they have been boarded and by then the momentum of the attack has carried the vessel off course. Ensuring the security of interconnected systems and protection against remote hacking attempts are critical concerns.

Dr. Rory Hopcraft of the Cyber-SHIP Lab at the University of Plymouth and Dryad Global, CEO Corey Ranslem recently conducted lifelike simulations to identify the potential impact of today’s maritime security risks. The scenario involved attackers using a phishing email to install malware on a container ship entering the New York harbor.

The malware waited for GPS coordinates of the ship's location, then flooded command systems to override the bridge and send the engines to full power. Within just 2.5 minutes, the massive vessel drifted off course and ran aground, blocking the critical shipping channel into New York for days. This single-ship incident would have disrupted over $1.6 billion in trade, impacting the entire supply chain.

In this simulation, the crew received an email from their onshore support team asking for a chart update. This points to a key vulnerability within the industry; human error and lack of cybersecurity training. Additionally, other potential attack vectors were identified, from engineers taking on devices themselves to conduct software firmware updates to ship pilots plugging in their own devices. The simulation even tested the scenario of crew members connecting e-cigarettes to the ship's bridge.

The results showed that in every scenario, malicious software can and will board the ship eventually.

Enhancing cyber resilience at sea

Industry collaboration to strengthen collective defenses is vital. The IMO's 2021 resolution on maritime cybersecurity, for example, mandates shipowners and operators to incorporate initiatives that allow for collective information sharing.

From an operational perspective, comprehensive strategies must be adopted by shipping companies and port operators to safeguard against sophisticated cyber threats. Implementing advanced technological solutions like intrusion detection systems and encryption protocols can protect critical systems from unauthorized access. Additionally, strong endpoint protection platforms will maintain a level of security even when in disconnected environments and regular software updates will mitigate the risk of software supply chain attacks.

Employing zero-trust strategies, like network and data-centric segmentation, is also essential for continuous access control and security validation. Furthermore, maritime companies must foster a culture of cybersecurity awareness with regular training and drills to equip crews with the skills needed to recognize and respond to potential threats and compromised systems.

Finally, the maritime industry must review its critical event management processes. Emergencies and disruptions will continue to happen; it’s how companies prepare and respond to them that determines their impact. Maritime companies should harness a secure emergency notification system with incident response tools and capabilities. This will provide the necessary tools to deploy response teams and enable them to better prepare for, respond to, and recover from critical events faster.

As the maritime sector continues to digitalize, the importance of robust cybersecurity measures and proactive risk management cannot be overlooked. The industry doesn’t have to face this challenge alone, working with a trusted security partner to harness advanced AI technologies, deploy innovative zero-trust and endpoint management strategies, and enhance critical event management capabilities. Only then will the industry truly be prepared to tackle cyber takeovers at sea.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Microsoft has deployed one final preview build to the Beta test channel
• The Beta channel is being closed down, leaving only Release Preview now
• This effectively means Windows 10 won’t get any more new features

Microsoft has just dropped the guillotine on the Beta channel for Windows 10, a testing platform that was only recently resurrected earlier this year.

The news was delivered as part of a new Beta preview in the usual blog post from Microsoft detailing the changes with build 19045.

In fact, this build is being released simultaneously to both the Release Preview and Beta channels for Windows 10 22H2, but it marks the end of the road for the latter.

Microsoft explains: “The Beta channel and Release Preview channel will receive the same Windows 10 build today just like we’ve been doing since June. However, this will be the last time we release a Windows 10 build to the Beta channel as we will be shutting down the Beta channel for Windows 10.”

Those Windows 10 testers who are currently in the Beta channel will be moved over to the Release Preview builds.

As for the work done in build 19045, it consists of some bug fixes, with the only actual change feature-wise coming to the Beta channel.

Don’t get excited, though, as Microsoft’s parting gift to Windows 10 is the Start menu now showing adverts (or ‘suggestions’ as the software giant puts it) for apps from the Microsoft Store which are from a “small set of curated developers” apparently.

Boo, hiss, etcetera – though you can turn off the ‘Show suggestions occasionally’ for the Start menu (head to Settings > Personalization > Start).

(Image credit: Shutterstock / Wachiwit) Analysis: Time is running out for Windows 10

The Beta channel only came back to life in June 2024, as a platform for testing and continuing active development of Windows 10 – albeit in a limited fashion – so it was only briefly resurrected for not even half a year before getting the axe again.

This means that changes such as the above Start menu tweak won’t be coming to Windows 10 any longer (though in the case of this addition from Microsoft, you might be glad to see the back of active development for the older OS).

Effectively, this is Microsoft putting Windows 10 on ice, without saying as much – and that’s no surprise. After all, Windows 10 only has 11 months left on the clock before it runs out of support, so feature additions don’t make much sense at this point. Going forward, all we’ll have is the Release Preview channel for testing, the final stage of Insider builds before the release version of Windows 10, where minor fixes and bug squashing will be carried out.

Don’t expect anything new, in short, though we suppose Microsoft could still surprise us – this has happened in the past, after all, when the software giant announced an effective feature freeze, only to thaw that move with some reasonable-sized feature drops.

At any rate, the shuttering of the Beta channel is another reminder that if you are on Windows 10, you should be starting to consider your End of Life options. Whether that’s upgrading to Windows 11 somehow, or an entirely alternative approach like one of the more Windows deserter-friendly Linux distros, perhaps.

You may also like...

• Windows 11’s feature to allow typing with your Xbox controller has vanished in a blow for owners of handheld gaming PCs
• Don’t make these 5 big mistakes when using Windows 11
• Windows 11 remains an unloved OS – but why won't people upgrade?

• Amazon's shopping partnership with TikTok questioned by US congress members
• The partnership allows users to purchase on Amazon but remain on the TikTok site
• TikTok is facing a ban in the US, but has successfully fought it so far

The House Select Committee on China has expressed concerns over Amazon’s ecommerce partnership with Chinese-owned video platform, TikTok. The partnership between the platforms allows TikTok users to link their Amazon account, and make purchases through the site without leaving the TikTok app.

Lawmakers met with representatives from Amazon in a closed-door meeting at Capitol Hill to discuss the retail giant's deepening relationship with the video platform. The meeting reportedly took place a month after the collaboration was announced.

“The Select Committee conveyed to Amazon that it is dangerous and unwise for Amazon to partner with TikTok given the grave national security threat the app poses,” a spokesperson told Bloomberg.

National security threats

The Committee raised concerns over the perceived threats posed by China’s government, and that a leading US company was partnered with a Chinese-owned organization, which has been previously threatened with a ban over national security concerns.

“Like many other US companies, we maintain open lines of communication with officials across all levels of government to discuss issues that are of interest to policymakers, our employees, and our customers,” the spokesperson said.

Amazon has advertised on TikTok for a long time, but the shopping collaboration will likely make it more difficult for the US to ban TikTok as previously attempted, given Amazon is the second largest employer in the US, and second largest company in the world by revenue.

Earlier in 2024, the US threatened TikTok with a ban unless it severed ties with Chinese parent company ByteDance, over concerns that the company was sharing customer data with the Chinese governments and ‘weaponize’ the information, something that TikTok has always denied.

TikTok challenged the ban, which it claims is ‘unconstitutional’, and as of yet, the platform remains on the App store. President-elect Donald Trump is expected to halt the efforts to ban the app, so its future is looking more secure.

You might also like

• Take a look at our pick of the best video editing software
• Can TikTok save itself and do we want it to?
• I wasted my day on Bluesky Social and no, I'm not sorry

Many of today’s online businesses wouldn’t exist without the open-source community, who write and manage code that’s freely available. What luck for for-profit companies building on the Web today!

And while the developers within the open-source community are typically passionate geeks who altruistically give their time and attention to projects they care deeply about, these communities generally need some kind of support to keep their ecosystems robust and expanding.

Typically this support comes through sponsorship and investment (financial or labor) by large corporations.

These partnerships between open-source development communities and large for-profit corporations are mutually beneficial, but, can sometimes crack under the pressure of misaligned incentives.

This was on full display recently in the very public dispute between WordPress founder and Automattic CEO Matt Mullenweg and WP Engine, a hosting provider that services websites built on WordPress. Both companies utilize the open-source software maintained by the WordPress Foundation and Wordpress.org.

Mullenweg attacked WP Engine for several of their features and their use of WP (signaling WordPress) in their name, which he said confused users into thinking they were part of the broader WordPress family of companies. WP Engine jumped in to defend itself, sending a cease-and-desist letter asking Mullenweg to withdraw his statements and saying their use of the trademark was covered under fair use.

This has set off a heated battle between the two companies, leaving end users with websites down, as well as unsecured from attacks. And it’s a lot of users – around 40% of websites are running on WordPress software.

But this isn’t a debate relegated only to websites. The Web – that digital eternity we spend so much time on today – is built on and remains running on a lot of this free open-source code.

It’s critical that this continues. It’s critical that major corporations see the privilege of utilizing the open-source community and continue to support their work. If benevolence isn't attractive, then perhaps enlightened self-interest: where would your team be if that open source community collapsed tomorrow?

Benefits of free and open

The benefits of the open-source initiatives are manyfold.

The fact that there’s a huge repository of software that companies can use to build their business makes development times faster, lowers costs and promotes competition. It’s also a more flexible solution for businesses, not only in its utility as a highly-customizable source code, but in that there’s no contract lock-in, so users can integrate with any third-party tool they wish. Plus, open source code is completely transparent and monitored by thousands of experts, which means bugs and faults are found and fixed quickly, creating a safer Web overall.

It seems like a no-brainer for large well-off corporations to support those efforts. And yet, that’s not always the case.

As the WordPress drama suggests, this collaboration between public and private entities can get bogged down by unclear guidelines of use, trademark conflicts and more.

This is why it’s so important for open-source communities to architect their projects effectively. There are many potential business models open-source projects can employ, from software-as-a-service (SaaS) to open core to crowdfunding, but projects need to be aware of the future challenges that could arise. While many choose to monetize the product itself – think RedHat, which contributes to many open-source projects but also supplies open-source products to enterprises for a price – doing this under the same trademark can cause problems in the future.

Instead, open source projects should separate their foundations from commercial entities and establish strong governance. Separating the public and private means there’s less chance of confusion. And strong governance allows open-source projects to build a large community, create material incentives for corporations to contribute, and then (and only then) protect themselves with trademarks against any truly bad actors.

Reputation on the line

When these steps are taken, for-profit corporations have myriad reasons to support an open-source project.

For one, there’s general self-interest in seeing these free repositories – called the commons – grow because they drive innovation and collaboration. Supporting open-source projects ultimately benefits companies as the programming language and tech tools they rely on expand.

Other companies sponsor open source projects that align with their own very specific needs. For instance, Google is a big sponsor of the Python Software Foundation. They invest large amounts of money into the project address specific technical challenges within the business’ use of the programming language. And Meta invested heavily in fixing issues in building Django-based applications to help them scale Instagram.

Lastly, it’s a reputation play.

As the conflict between Automattic and WP Engine has shown, developers are a sensitive audience. Many in the development community are strongly on the side of open source and keeping it pure of profit-making intentions. Already 159 Automattic employees have left, accepting a severance package the company offered for those who disagreed with how Mullenweg was handling the situation.

It’s important that for-profit companies give back to open-source projects to build a positive reputation with developer communities. From those communities they not only get code and software, but they can then discover and hire top talent within the open-source contributor community.

Ultimately, while incentives seem misaligned between these two groups at times, the collaboration is key for the long-term stability of the Web we all rely on for an ever-increasing amount of daily activities.

We've featured the best Linux app.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Microsoft accused of anticompetitive business practices in cloud market
• The FTC reportedly set to launch investigation into Azure business
• Regulatory scrutiny is also affecting Amazon, Apple, Google

Microsoft could be the subject of yet another investigation into anticompetitive business practices.

A report from the Financial Times claims the US Federal Trade Commission (FTC) is reportedly preparing to investigate Microsoft over its Azure cloud computing business, which is accused of using restrictive licensing agreements to maintain its dominant position in the market.

The company has also been accused of tweaking prices to make it expensive for customers to leave in its effort to maintain high numbers.

Microsoft facing anticompetitive investigation

Raised subscription fees for customers seeking to leave, along with pricey exit and termination fees, could have been put in place to make customers think twice about the financial implications of changing providers.

Another anticompetitive practice Microsoft could have engaged in is making native systems, like Office 365, incompatible with other companies’ alternatives, therefore making it technically difficult to migrate.

The FTC’s probe follows a recent decision to investigate the business practices of major cloud providers, and it’s not the first time that Microsoft has been under the microscope. Just in the last year or two it has faced similar allegations over locking customers into its products within the European Union.

Google also has a role to play in the increased scrutiny over Microsoft – last summer, the company submitted a letter to the FTC accusing it of exploiting software like Windows Server and Office to push its Azure dominance.

However, Microsoft isn’t the only company that has faced such allegations. Many of its biggest rivals, including Amazon, Google, and just this week, Apple, have all been slated for anticompetitive business practices in one form or another – mostly relating to cloud subscriptions.

TechRadar Pro has asked Microsoft to comment on the allegations, but we did not receive an immediate response.

You might also like

• We’ve listed the best cloud storage providers around today
• Microsoft issued cloud pricing ultimatum by EU states
• Want to cut the costs? Consider the best free office software

I'm going to be honest, dear reader. There's only one thing I'll be streaming this weekend – and, surprise surprise, it'll be the second part of Arcane season 2. Yes, as I state in my Arcane season 2 review, I've already watched every episode multiple times, but can't a guy stream them again?

If, for some utterly bizarre reason, you won't be tuning into Arcane's next three episodes over the next 48 hours, there are other new movies and shows that'll surely grab your attention. Indeed, from the official streaming debut of a new Marvel movie to the return of hit series, you'll find something worth watching on the world's best streaming services. Have fun! – Tom Power, senior entertainment reporter

Deadpool and Wolverine (Disney Plus)

The only Marvel movie of 2024 has finally made its Disney Plus debut – and it's about darn time. Admittedly, I'm not surprised it's taken so long for Deadpool and Wolverine to join the streamer's movie library – indeed, when you're raking in money at the global box office, you'll stick around on the big screen for much longer than anticipated.

Nevertheless, I've been itching to see it again since late July, so I'm delighted that the Marvel Phase 5 film is now available to stream. It's one of the best Marvel movies to land in theaters as part of the Marvel Multiverse Saga, after all, so one of November's new Disney Plus movies has been high on my re-watch list for a while.

Before you watch The Merc With a Mouth and his adamantium-clawed bestie embark on a multiversal adventure, though, read my Deadpool and Wolverine review for a taste of what's to come. Once you've streamed it, be sure to read my Deadpool and Wolverine ending explained piece, plus my Deadpool and Wolverine cameos guide, for even more wondrous coverage.

Tom Power, senior entertainment reporter

• Watch Deadpool and Wolverine on Disney Plus

Cobra Kai season 6 part 2 (Netflix)

Cobra Kai season 6 has decided to end on a dramatic note. We're used to Netflix dropping seasons in two parts, but this one is getting three so, if you thought season 6 part 2 was the end, you were wrong! The final five episodes arrive in 2025, so we don't have to say goodbye yet.

Personally, I've had an absolute blast with this series and it's been so great to see a modern day expansion of the iconic Karate Kid lore. Seeing some familiar faces and some big surprises along the way has been terrific and I know the ending is going to be bittersweet.

There's a reason this is one of our best Netflix shows. Cobra Kai's legacy simply cannot be ignored; it's cool, heartfelt, has a banging soundtrack, and we're all on the edge of our seats waiting for that grand finale. I just know it'll go out on a high, even if I will miss hanging out in the dojos. For now, though, I'll be enjoying this next batch of episodes.

Lucy Buglass, senior entertainment writer

• Watch Cobra Kai season 6 part 2 on Netflix

Dune: Prophecy (Max)

Denis Villeneuve's Dune and follow up Dune: Part Two delighted viewers – myself included – by treating us all to a big screen epic that dives into the huge lore originally penned by Frank Herbert. There's so much going on in this world, so it's hardly surprising a prequel series has dropped on Max. They've even made a video game set in the world, so the possibilities are seemingly endless.

The six episode series is set 10,000 years before the ascension of Timothee Chalamet's Paul Atreides, following two Harkonnen sisters as they combat forces and establish the sect that will become known as the Bene Gesserit.

It's still too early to say whether or not it'll become one of our best Max shows, but HBO has a knack for smashing out huge hits. Just look at how much critics and general viewers loved The Penguin and you'll know what I'm talking about. I'm really hoping Dune: Prophecy will be just as good, but only time will tell.

Lucy Buglass, senior entertainment writer

• Watch Dune: Prophecy on Max (US), Sky/Now TV (UK), and Binge (Australia)

Emilia Perez (Netflix)

Directed by Jacques Audiard, Emilia Pérez follows cartel leader Emilia (Karla Sofía Gascón) who enlists unappreciated lawyer Rita (Zoe Saldaña) to help fake her death so she can have sex-reassignment operations and live a new life under a new name: Emilia Pérez. I'm not usually a lover of musicals, but when I saw the trailer for Emilia Pérez, I instantly added one of November's new Netflix movies to my ever-growing watchlist for its audacious song and dance numbers.

Emilia Pérez doesn't fit within any conventional genre – indeed, it's been described as a musical crime saga, which also serves as an opera and a comedy. Whatever it is, it's something that both Netflix and I need right now. With 82% on Rotten Tomatoes, it's likely to earn a spot on our best Netflix movies list, too.

Grace Morris, entertainment writer

• Watch Emilia Perez on Netflix

Cross (Prime Video)

Prime Video loves a good ol' book adaptation with the likes of Tom Clancy's Jack Ryan and Alex Rider. Now, there's another one to add to the list in the form of crime drama Cross. Based on James Patterson's book series, albeit a show that tells an original story not depicted in the novels, Aldis Hodge steps into the role of talented homicide detective and forensic psychologist Alex Cross. As he and his partner John Sampson (Isaiah Mustafa) track down a serial killer, his personal struggles threaten to ruin his career and life.

I can always count on a high-octane cop thriller to keep me entertained. And, with Cross renewed for a second season before this chapter even aired, that's a hopeful sign it might be one of the best Prime Video shows. Alex Cross may have a new fan on his hands – and that fan is most certainly me.

Grace Morris, entertainment writer

• Watch Cross season 1 on Prime Video

Silo season 2 (Apple TV Plus)

It's time! The hit Apple TV Plus show Silo season 2 has finally re-emerged from its underground bunker to bring you the first episode of its new 10-episode installment. For fans of one of the best Apple TV Plus shows, it's been a long wait to get here. Following the show's renewal in June 2023, production had been forced to pause due to the Hollywood writers' strikes, which prompted Rebecca Ferguson to reveal (exclusively to TechRadar) that season 2 was a long way from makings its debut.

That wait is now over, which means fans can finally find out what happens next to Ferguson's character Juliette Nichols after season 1's shocking cliffhanger ending. Based on Hugh Howey's dystopian book series, the BAFTA award-winning Apple show is filled with "big mysteries" that are only set to get bigger in the next chapter, according to showrunner Graham Yost. If you want to keep the sci-fi thrills going this weekend, then here are four more highly-rated shows on Apple TV Plus.

Amelia Schwanke, senior entertainment editor

• Watch Silo season 2 on Apple TV Plus

Jake Paul vs Mike Tyson (Netflix)

We don't normally recommend sporting tournaments or live events, but when one of the greatest heavyweight champion world fighters is stepping into the ring with a YouTuber for a completely free event on Netflix, it's hard to ignore. After all, DAZN is the heavy hitter when it comes to boxing streaming rights – here's all you need to know about boxing on DAZN if you're a fan of the sport – so it's surprising that this is being aired for free (as long as you're a Netflix user, anyway).

Well, not that surprising when you see how much of a spectacle this fight is brewing online – Mike Tyson is known as an entertainer right? Critics are of course up in arms about what this fight means for the sport, saying it promotes profiteering and damages the legacy of the sport. Whichever corner of the ring you sit in, it's going ahead and you'll be able to tune in at 7:00pm ET tonight (November 15). Now if you'll excuse me, I'm off to watch Ridley Scott's latest sequel Gladiator II.

Amelia Schwanke, senior entertainment editor

• Watch Jake Paul vs Mike Tyson on Netflix

For more streaming recommendations, read our guides on the best Disney Plus shows, best Hulu movies, best Paramount Plus movies, and best Max movies.

• Two Palo Alto bugs are being abused in the wild, CISA warns
• Flaws added to KEV catalog, giving federal agencies a deadline to patch
• The bug can be abused to steal sensitive data and create arbitrary files

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse.

The bugs were found in Palo Alto Networks' Expedition migration tool, the same tool that has had a separate vulnerability added to the catalog recently.

The newly-added flaws are an unauthenticated command injection bug (CVE-2024-9463), and an SQL injection flaw (CVE-2024-9465). The former allows threat actors to run arbitrary commands as root on the operating system, thus accessing usernames, passwords in cleartext, device configurations, and API keys for PAN-OS firewalls. The latter, however, allows crooks to access the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows crooks to read, or create, arbitrary files on the system.

Deadline to patch

A hotfix seems to be available already, and those worried about being exploited should bring their Expedition tool to version 1.2.96, or later. Those who cannot install the patch immediately should restrict Expedition network access to authorized users, hosts, or networks, Palo Alto Networks advised.

When a vulnerability is added to KEV, it not only means that it is being exploited in attacks, but also that federal agencies have a deadline to patch, or stop using the flawed solution altogether. That deadline is typically 21 days from the date the bug is added to the catalog.

CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which can lead to Expedition admin account takeover for crooks with network access.

Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks' next-generation firewalls. It enables users to transition from legacy firewall configurations to Palo Alto Networks' security platforms while reducing manual efforts and minimizing errors.

Via BleepingComputer

You might also like

• Major Palo Alto security flaw is being exploited via Python zero-day backdoor
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now