TechRadar News

• Teenage Engineering has launched its new OP-XY sequencer, synthesizer, and sequencer.
• The new device costs more than the company's OP-Z sequencer and OP-1 audio workstation
• The OP-XY costs $2,299 / £1,899.

Teenage Engineering has revealed the latest addition to its famed OP lineup of portable synthesizers and sequencers, the OP-XY.

The OP-XY is a sequel of sorts to the OP-Z compact sequencer, adding an OLED screen and an expanded array of controls in the same compact form factor as the company’s legendary OP-1 audio workstation.

At its core, the OP-XY is a 64-step sequencer, and working with it revolves around step-sequencing notes, with 24 voices of polyphony.

You can use these sequences to control multiple internal synth engines or up to eight pieces of outboard gear, like synthesizers, drum machines, and Eurorack modular synths.

(Image credit: OP-XY)

Along with a vast array of physical controls compared to the OP-Z, the OP-XY packs in a new sampler, a selection of punch-in effects for live performance, and a new “brain chord” feature that Teenage Engineering hasn’t really explained. Based on the name, it’s possible this is some kind of melody generator.

The OP-XY comes in a single monochrome black color with gray and white accents. In a clear reference to techno and club culture, its product page is covered in German phrases and pictures of straight-faced dancers in black leather outfits.

And in typical Teenage Engineering style, there are a few just-for-fun features like a gyroscope that lets you fade tracks in and out and a built-in speaker for jam sessions on the move.

Overall, the OP-XY seems to be one of the most feature-rich products Teenage Engineering has ever released, and its price tag reflects this (and then some).

You can purchase the OP-XY right now for a whopping price of $2,299 / £1,899 – drastically more expensive than the OP-Z ($499 / £499) and even a bit pricier than the OP-1 ($1,999 / £1,799).

So, is this Teenage Engineering getting serious about music, or is this another case of paying extra for a chic design from music tech’s coolest brand?

Who is the OP-XY for?

The OP-Z has earned a great reputation in the music gear scene for its relatively affordable price, expansive functionality, and portability, but it also garnered criticism for its cramped workflow and reliance on button combinations.

The OP-XY seems to fix this by adopting the chassis of the OP-1 workstation, but for more than four times the price, there needs to be more that justifies buying one.

What’s more, the internal synth engines and sampler seem to encroach on the song-making capabilities of the OP-1.

However, the OP-XY seems to pack more external connectivity and live performance functions than the OP-1, which mimics a tape machine in how songs are recorded and is generally quite intentional in its workflow.

The OP-XY could therefore be imagined as a live-focused reflection of the OP-1, and a straight-up big sibling to the OP-Z (though it does lose the OP-Z’s video sequencing function).

Whether that’s enough to justify such an eye-wateringly high price is ultimately up to you.

The OP-XY is available now from Teenage Engineering. For the latest on the trendiest music and audio gear, be sure to keep up with our audio coverage.

You might also like

• Spotify makes it clear: it cares more about video podcasts than launching its long-awaited lossless HiFi tier
• Bose is bringing back a musical legend from the 60s, and we don't mean Elvis
• Be your own DJ and party like it's 2012 with Hangout, a new 'online listening space' on the web, iOS and Android

• "Sitting Ducks" attack allows crooks to take full control of target domain
• Almost a million websites vulnerable to takeover, experts warn
• Tens of thousands of websites already compromised this way

“Sitting Ducks” might not be a particularly known method of cyberattacks, but it is still quite widespread, and pretty disruptive, experts have warned.

A report from cybersecurity researchers at Infoblox Threat Intel claims almost a million websites are vulnerable, and roughly 70,000 were already compromised this way.

In a new report, Infoblox notes although the attack vector has been around since 2018, it never garnered much attention from the media, or the cybersecurity community. Still, tens of thousands of victims have had their domain names hijacked since then, including “well-known brands, non-profits, and government entities”. The report hasn’t named any organizations, though.

Vipers, Hawks, and other predators

during a Sitting Ducks attack, the threat actor gains full control of the target domain, by taking over its DNS configurations. This has many implications and carries heavy consequences. When hackers take full control of a domain’s DNS configuration, they can funnel compromised web traffic to malware, phishing sites, or spam networks. They can also deliver infostealers, engage in fraud, or affiliate cybercrime programs.

However, Infoblox started monitoring the internet for Sitting Ducks attacks last summer, to alarming results: “The results are very sobering, as 800,000 vulnerable domains were identified, and about 70,000 of those were later identified as hijacked.”

The researchers claim that there are multiple threat actors currently exploiting Sitting Ducks, including Vacant Viper, the “OG” of the exploit, hijacking an estimated 2,500 domains each year since late 2019.

Another group, called Vextrio Viper, was seen using hijacked domains as part of their “massive TDS infrastructure” since early 2020. Infoblox says Vextrio runs “the largest known cybercriminal affiliate program”.

It also mentioned new threat actors, such as Horrid Hawk, and Hasty Hawk, named as they “swoop in and hijack vulnerable domains”.

You might also like

• What is DNS Hijacking and how can you avoid being a victim of it
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• New Azure OpenAI Service-based AI chatbot lets users interact with spaceborne data
• The tool democratizes access to more users, including students and academics
• Users can ask natural language questions and let AI source the data

Microsoft and NASA have teamed up to launch Earth Copilot, a new custom copilot built on the Azure OpenAI Service platform to help the space agency make sense of the more than 100 petabytes of data that it has collected from space.

In a blog post, Microsoft explained geospatial data is already complex, and additional data being continuously collected from new satellites is adding to this difficulty.

With the new Earth Copilot tool, users will be able to interact with NASA’s data with natural language prompts, making it more accessible to more scientists, students and others.

Microsoft builds new AI chatbot for NASA

Tyler Bryson, CVP for US Health & Public Sector Industries at Microsoft, explained that data collected can include atmospheric conditions, land cover changes, ocean temperatures and more, but navigating technical interfaces, understanding data formats and getting to grips with geospatial analysis can be extremely challenging.

With the new Earth Copilot tool, users will be able to ask questions like “What was the impact of Hurricane Ian in Sanibel Island?” or “How did the COVID-19 pandemic affect air quality in the US?” and let AI do the data retrieval for them.

“We’ve designed the system to handle complex queries and large datasets efficiently, ensuring that users can quickly find the information they need without getting bogged down by technical complexities," noted Juan Carlos López, former NASA engineer and current Azure Specialist at Microsoft.

A side effect of the project is that Microsoft and NASA have democratized access to spaceborne data, allowing a broader demographic to interact with it, including students and academics.

Minh Nguyen, Cloud Solution Architect at Microsoft, added: “The vision behind this collaboration was to leverage AI and cloud technologies to bring Earth’s insights to communities that have been underserved, where access to data can lead to tangible improvements.”

You might also like

• Check out the best AI tools and best AI writers
• We’ve curated a list of the best data visualization tools
• Even NASA struggles to keep its user data safe and secure

The shipping industry is a critical component of global trade, with approximately 90% of world trade carried by sea. As the industry becomes increasingly digitized, it also becomes more vulnerable to damaging cyberattacks, with 23,400 malware and 178 ransomware detections registered in the first half of 2024 alone, according to a recent Marlink report.

The early adoption of technology in the maritime industry, like electronic navigation systems, created basic vulnerabilities that allowed unsophisticated cyber-attacks to be introduced. While these incidents were seen as accidental or opportunistic, they highlighted the industry's lack of strategy and defense against cyber threats.

As the industry has developed and embraced more advanced technologies, so has the surface of attacks. Threat actors are quickly adopting new, AI-enabled techniques to increase the volume and sophistication of their attacks. Our latest threat intelligence shows the cyber threat landscape is a maelstrom of groups exploiting the latest vulnerabilities and utilizing new or updated malware families to target commercial enterprises and critical infrastructure.

Attackers can now gain prolonged access to networks containing sensitive information and use this to disrupt crucial operations, through a single point of entry. In the last year alone, marine giant, Brunswick Corporation has grappled with a cyberattack that disrupted their operations for nine days, causing a material impact of $85 million. Additionally, the European cargo shipping industry was targeted by Chinese threat actors earlier this year, who gained access to not only the office systems but also aboard the cargo vessels using a USB drive.

The reality is that cyberattacks at sea have the potential to be significant and long-lasting. Onboard system failures and compromises can put the safety of the crew and ship at risk. GPS spoofing or jamming can lead to collisions and grounding, while attacks targeting engine controls or ballast waste management systems can lead to crucial failures that increase the risk of environmental disasters like oil spills.

With the global maritime digitization market expected to grow by 14.2% by 2031, the industry will continue to face persistent threats from well-funded criminal organizations and state-sponsored actors. So, how can the maritime industry combat this growing threat?

Measuring the scale of potential disruptions

A key challenge for the maritime industry is operational technology lacking security capabilities like strong authentication found in IT systems. Meanwhile, reliable connectivity can be tough to come by while at sea or in remote parts of the world, and this greatly decreases the efficacy of most cybersecurity tools (but not all). Too many systems are cloud-dependent to work well when offline.

An additional hurdle to security at sea, and in ports, is the long lifespan of the systems in use, which is typically 10-30 years. Attackers only need to flood networks with legitimate-looking commands to gain entry. Hidden under the lack of detection systems, crews may not notice they have been boarded and by then the momentum of the attack has carried the vessel off course. Ensuring the security of interconnected systems and protection against remote hacking attempts are critical concerns.

Dr. Rory Hopcraft of the Cyber-SHIP Lab at the University of Plymouth and Dryad Global, CEO Corey Ranslem recently conducted lifelike simulations to identify the potential impact of today’s maritime security risks. The scenario involved attackers using a phishing email to install malware on a container ship entering the New York harbor.

The malware waited for GPS coordinates of the ship's location, then flooded command systems to override the bridge and send the engines to full power. Within just 2.5 minutes, the massive vessel drifted off course and ran aground, blocking the critical shipping channel into New York for days. This single-ship incident would have disrupted over $1.6 billion in trade, impacting the entire supply chain.

In this simulation, the crew received an email from their onshore support team asking for a chart update. This points to a key vulnerability within the industry; human error and lack of cybersecurity training. Additionally, other potential attack vectors were identified, from engineers taking on devices themselves to conduct software firmware updates to ship pilots plugging in their own devices. The simulation even tested the scenario of crew members connecting e-cigarettes to the ship's bridge.

The results showed that in every scenario, malicious software can and will board the ship eventually.

Enhancing cyber resilience at sea

Industry collaboration to strengthen collective defenses is vital. The IMO's 2021 resolution on maritime cybersecurity, for example, mandates shipowners and operators to incorporate initiatives that allow for collective information sharing.

From an operational perspective, comprehensive strategies must be adopted by shipping companies and port operators to safeguard against sophisticated cyber threats. Implementing advanced technological solutions like intrusion detection systems and encryption protocols can protect critical systems from unauthorized access. Additionally, strong endpoint protection platforms will maintain a level of security even when in disconnected environments and regular software updates will mitigate the risk of software supply chain attacks.

Employing zero-trust strategies, like network and data-centric segmentation, is also essential for continuous access control and security validation. Furthermore, maritime companies must foster a culture of cybersecurity awareness with regular training and drills to equip crews with the skills needed to recognize and respond to potential threats and compromised systems.

Finally, the maritime industry must review its critical event management processes. Emergencies and disruptions will continue to happen; it’s how companies prepare and respond to them that determines their impact. Maritime companies should harness a secure emergency notification system with incident response tools and capabilities. This will provide the necessary tools to deploy response teams and enable them to better prepare for, respond to, and recover from critical events faster.

As the maritime sector continues to digitalize, the importance of robust cybersecurity measures and proactive risk management cannot be overlooked. The industry doesn’t have to face this challenge alone, working with a trusted security partner to harness advanced AI technologies, deploy innovative zero-trust and endpoint management strategies, and enhance critical event management capabilities. Only then will the industry truly be prepared to tackle cyber takeovers at sea.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Microsoft has deployed one final preview build to the Beta test channel
• The Beta channel is being closed down, leaving only Release Preview now
• This effectively means Windows 10 won’t get any more new features

Microsoft has just dropped the guillotine on the Beta channel for Windows 10, a testing platform that was only recently resurrected earlier this year.

The news was delivered as part of a new Beta preview in the usual blog post from Microsoft detailing the changes with build 19045.

In fact, this build is being released simultaneously to both the Release Preview and Beta channels for Windows 10 22H2, but it marks the end of the road for the latter.

Microsoft explains: “The Beta channel and Release Preview channel will receive the same Windows 10 build today just like we’ve been doing since June. However, this will be the last time we release a Windows 10 build to the Beta channel as we will be shutting down the Beta channel for Windows 10.”

Those Windows 10 testers who are currently in the Beta channel will be moved over to the Release Preview builds.

As for the work done in build 19045, it consists of some bug fixes, with the only actual change feature-wise coming to the Beta channel.

Don’t get excited, though, as Microsoft’s parting gift to Windows 10 is the Start menu now showing adverts (or ‘suggestions’ as the software giant puts it) for apps from the Microsoft Store which are from a “small set of curated developers” apparently.

Boo, hiss, etcetera – though you can turn off the ‘Show suggestions occasionally’ for the Start menu (head to Settings > Personalization > Start).

(Image credit: Shutterstock / Wachiwit) Analysis: Time is running out for Windows 10

The Beta channel only came back to life in June 2024, as a platform for testing and continuing active development of Windows 10 – albeit in a limited fashion – so it was only briefly resurrected for not even half a year before getting the axe again.

This means that changes such as the above Start menu tweak won’t be coming to Windows 10 any longer (though in the case of this addition from Microsoft, you might be glad to see the back of active development for the older OS).

Effectively, this is Microsoft putting Windows 10 on ice, without saying as much – and that’s no surprise. After all, Windows 10 only has 11 months left on the clock before it runs out of support, so feature additions don’t make much sense at this point. Going forward, all we’ll have is the Release Preview channel for testing, the final stage of Insider builds before the release version of Windows 10, where minor fixes and bug squashing will be carried out.

Don’t expect anything new, in short, though we suppose Microsoft could still surprise us – this has happened in the past, after all, when the software giant announced an effective feature freeze, only to thaw that move with some reasonable-sized feature drops.

At any rate, the shuttering of the Beta channel is another reminder that if you are on Windows 10, you should be starting to consider your End of Life options. Whether that’s upgrading to Windows 11 somehow, or an entirely alternative approach like one of the more Windows deserter-friendly Linux distros, perhaps.

You may also like...

• Windows 11’s feature to allow typing with your Xbox controller has vanished in a blow for owners of handheld gaming PCs
• Don’t make these 5 big mistakes when using Windows 11
• Windows 11 remains an unloved OS – but why won't people upgrade?

• Amazon's shopping partnership with TikTok questioned by US congress members
• The partnership allows users to purchase on Amazon but remain on the TikTok site
• TikTok is facing a ban in the US, but has successfully fought it so far

The House Select Committee on China has expressed concerns over Amazon’s ecommerce partnership with Chinese-owned video platform, TikTok. The partnership between the platforms allows TikTok users to link their Amazon account, and make purchases through the site without leaving the TikTok app.

Lawmakers met with representatives from Amazon in a closed-door meeting at Capitol Hill to discuss the retail giant's deepening relationship with the video platform. The meeting reportedly took place a month after the collaboration was announced.

“The Select Committee conveyed to Amazon that it is dangerous and unwise for Amazon to partner with TikTok given the grave national security threat the app poses,” a spokesperson told Bloomberg.

National security threats

The Committee raised concerns over the perceived threats posed by China’s government, and that a leading US company was partnered with a Chinese-owned organization, which has been previously threatened with a ban over national security concerns.

“Like many other US companies, we maintain open lines of communication with officials across all levels of government to discuss issues that are of interest to policymakers, our employees, and our customers,” the spokesperson said.

Amazon has advertised on TikTok for a long time, but the shopping collaboration will likely make it more difficult for the US to ban TikTok as previously attempted, given Amazon is the second largest employer in the US, and second largest company in the world by revenue.

Earlier in 2024, the US threatened TikTok with a ban unless it severed ties with Chinese parent company ByteDance, over concerns that the company was sharing customer data with the Chinese governments and ‘weaponize’ the information, something that TikTok has always denied.

TikTok challenged the ban, which it claims is ‘unconstitutional’, and as of yet, the platform remains on the App store. President-elect Donald Trump is expected to halt the efforts to ban the app, so its future is looking more secure.

You might also like

• Take a look at our pick of the best video editing software
• Can TikTok save itself and do we want it to?
• I wasted my day on Bluesky Social and no, I'm not sorry

Many of today’s online businesses wouldn’t exist without the open-source community, who write and manage code that’s freely available. What luck for for-profit companies building on the Web today!

And while the developers within the open-source community are typically passionate geeks who altruistically give their time and attention to projects they care deeply about, these communities generally need some kind of support to keep their ecosystems robust and expanding.

Typically this support comes through sponsorship and investment (financial or labor) by large corporations.

These partnerships between open-source development communities and large for-profit corporations are mutually beneficial, but, can sometimes crack under the pressure of misaligned incentives.

This was on full display recently in the very public dispute between WordPress founder and Automattic CEO Matt Mullenweg and WP Engine, a hosting provider that services websites built on WordPress. Both companies utilize the open-source software maintained by the WordPress Foundation and Wordpress.org.

Mullenweg attacked WP Engine for several of their features and their use of WP (signaling WordPress) in their name, which he said confused users into thinking they were part of the broader WordPress family of companies. WP Engine jumped in to defend itself, sending a cease-and-desist letter asking Mullenweg to withdraw his statements and saying their use of the trademark was covered under fair use.

This has set off a heated battle between the two companies, leaving end users with websites down, as well as unsecured from attacks. And it’s a lot of users – around 40% of websites are running on WordPress software.

But this isn’t a debate relegated only to websites. The Web – that digital eternity we spend so much time on today – is built on and remains running on a lot of this free open-source code.

It’s critical that this continues. It’s critical that major corporations see the privilege of utilizing the open-source community and continue to support their work. If benevolence isn't attractive, then perhaps enlightened self-interest: where would your team be if that open source community collapsed tomorrow?

Benefits of free and open

The benefits of the open-source initiatives are manyfold.

The fact that there’s a huge repository of software that companies can use to build their business makes development times faster, lowers costs and promotes competition. It’s also a more flexible solution for businesses, not only in its utility as a highly-customizable source code, but in that there’s no contract lock-in, so users can integrate with any third-party tool they wish. Plus, open source code is completely transparent and monitored by thousands of experts, which means bugs and faults are found and fixed quickly, creating a safer Web overall.

It seems like a no-brainer for large well-off corporations to support those efforts. And yet, that’s not always the case.

As the WordPress drama suggests, this collaboration between public and private entities can get bogged down by unclear guidelines of use, trademark conflicts and more.

This is why it’s so important for open-source communities to architect their projects effectively. There are many potential business models open-source projects can employ, from software-as-a-service (SaaS) to open core to crowdfunding, but projects need to be aware of the future challenges that could arise. While many choose to monetize the product itself – think RedHat, which contributes to many open-source projects but also supplies open-source products to enterprises for a price – doing this under the same trademark can cause problems in the future.

Instead, open source projects should separate their foundations from commercial entities and establish strong governance. Separating the public and private means there’s less chance of confusion. And strong governance allows open-source projects to build a large community, create material incentives for corporations to contribute, and then (and only then) protect themselves with trademarks against any truly bad actors.

Reputation on the line

When these steps are taken, for-profit corporations have myriad reasons to support an open-source project.

For one, there’s general self-interest in seeing these free repositories – called the commons – grow because they drive innovation and collaboration. Supporting open-source projects ultimately benefits companies as the programming language and tech tools they rely on expand.

Other companies sponsor open source projects that align with their own very specific needs. For instance, Google is a big sponsor of the Python Software Foundation. They invest large amounts of money into the project address specific technical challenges within the business’ use of the programming language. And Meta invested heavily in fixing issues in building Django-based applications to help them scale Instagram.

Lastly, it’s a reputation play.

As the conflict between Automattic and WP Engine has shown, developers are a sensitive audience. Many in the development community are strongly on the side of open source and keeping it pure of profit-making intentions. Already 159 Automattic employees have left, accepting a severance package the company offered for those who disagreed with how Mullenweg was handling the situation.

It’s important that for-profit companies give back to open-source projects to build a positive reputation with developer communities. From those communities they not only get code and software, but they can then discover and hire top talent within the open-source contributor community.

Ultimately, while incentives seem misaligned between these two groups at times, the collaboration is key for the long-term stability of the Web we all rely on for an ever-increasing amount of daily activities.

We've featured the best Linux app.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Microsoft accused of anticompetitive business practices in cloud market
• The FTC reportedly set to launch investigation into Azure business
• Regulatory scrutiny is also affecting Amazon, Apple, Google

Microsoft could be the subject of yet another investigation into anticompetitive business practices.

A report from the Financial Times claims the US Federal Trade Commission (FTC) is reportedly preparing to investigate Microsoft over its Azure cloud computing business, which is accused of using restrictive licensing agreements to maintain its dominant position in the market.

The company has also been accused of tweaking prices to make it expensive for customers to leave in its effort to maintain high numbers.

Microsoft facing anticompetitive investigation

Raised subscription fees for customers seeking to leave, along with pricey exit and termination fees, could have been put in place to make customers think twice about the financial implications of changing providers.

Another anticompetitive practice Microsoft could have engaged in is making native systems, like Office 365, incompatible with other companies’ alternatives, therefore making it technically difficult to migrate.

The FTC’s probe follows a recent decision to investigate the business practices of major cloud providers, and it’s not the first time that Microsoft has been under the microscope. Just in the last year or two it has faced similar allegations over locking customers into its products within the European Union.

Google also has a role to play in the increased scrutiny over Microsoft – last summer, the company submitted a letter to the FTC accusing it of exploiting software like Windows Server and Office to push its Azure dominance.

However, Microsoft isn’t the only company that has faced such allegations. Many of its biggest rivals, including Amazon, Google, and just this week, Apple, have all been slated for anticompetitive business practices in one form or another – mostly relating to cloud subscriptions.

TechRadar Pro has asked Microsoft to comment on the allegations, but we did not receive an immediate response.

You might also like

• We’ve listed the best cloud storage providers around today
• Microsoft issued cloud pricing ultimatum by EU states
• Want to cut the costs? Consider the best free office software

I'm going to be honest, dear reader. There's only one thing I'll be streaming this weekend – and, surprise surprise, it'll be the second part of Arcane season 2. Yes, as I state in my Arcane season 2 review, I've already watched every episode multiple times, but can't a guy stream them again?

If, for some utterly bizarre reason, you won't be tuning into Arcane's next three episodes over the next 48 hours, there are other new movies and shows that'll surely grab your attention. Indeed, from the official streaming debut of a new Marvel movie to the return of hit series, you'll find something worth watching on the world's best streaming services. Have fun! – Tom Power, senior entertainment reporter

Deadpool and Wolverine (Disney Plus)

The only Marvel movie of 2024 has finally made its Disney Plus debut – and it's about darn time. Admittedly, I'm not surprised it's taken so long for Deadpool and Wolverine to join the streamer's movie library – indeed, when you're raking in money at the global box office, you'll stick around on the big screen for much longer than anticipated.

Nevertheless, I've been itching to see it again since late July, so I'm delighted that the Marvel Phase 5 film is now available to stream. It's one of the best Marvel movies to land in theaters as part of the Marvel Multiverse Saga, after all, so one of November's new Disney Plus movies has been high on my re-watch list for a while.

Before you watch The Merc With a Mouth and his adamantium-clawed bestie embark on a multiversal adventure, though, read my Deadpool and Wolverine review for a taste of what's to come. Once you've streamed it, be sure to read my Deadpool and Wolverine ending explained piece, plus my Deadpool and Wolverine cameos guide, for even more wondrous coverage.

Tom Power, senior entertainment reporter

• Watch Deadpool and Wolverine on Disney Plus

Cobra Kai season 6 part 2 (Netflix)

Cobra Kai season 6 has decided to end on a dramatic note. We're used to Netflix dropping seasons in two parts, but this one is getting three so, if you thought season 6 part 2 was the end, you were wrong! The final five episodes arrive in 2025, so we don't have to say goodbye yet.

Personally, I've had an absolute blast with this series and it's been so great to see a modern day expansion of the iconic Karate Kid lore. Seeing some familiar faces and some big surprises along the way has been terrific and I know the ending is going to be bittersweet.

There's a reason this is one of our best Netflix shows. Cobra Kai's legacy simply cannot be ignored; it's cool, heartfelt, has a banging soundtrack, and we're all on the edge of our seats waiting for that grand finale. I just know it'll go out on a high, even if I will miss hanging out in the dojos. For now, though, I'll be enjoying this next batch of episodes.

Lucy Buglass, senior entertainment writer

• Watch Cobra Kai season 6 part 2 on Netflix

Dune: Prophecy (Max)

Denis Villeneuve's Dune and follow up Dune: Part Two delighted viewers – myself included – by treating us all to a big screen epic that dives into the huge lore originally penned by Frank Herbert. There's so much going on in this world, so it's hardly surprising a prequel series has dropped on Max. They've even made a video game set in the world, so the possibilities are seemingly endless.

The six episode series is set 10,000 years before the ascension of Timothee Chalamet's Paul Atreides, following two Harkonnen sisters as they combat forces and establish the sect that will become known as the Bene Gesserit.

It's still too early to say whether or not it'll become one of our best Max shows, but HBO has a knack for smashing out huge hits. Just look at how much critics and general viewers loved The Penguin and you'll know what I'm talking about. I'm really hoping Dune: Prophecy will be just as good, but only time will tell.

Lucy Buglass, senior entertainment writer

• Watch Dune: Prophecy on Max (US), Sky/Now TV (UK), and Binge (Australia)

Emilia Perez (Netflix)

Directed by Jacques Audiard, Emilia Pérez follows cartel leader Emilia (Karla Sofía Gascón) who enlists unappreciated lawyer Rita (Zoe Saldaña) to help fake her death so she can have sex-reassignment operations and live a new life under a new name: Emilia Pérez. I'm not usually a lover of musicals, but when I saw the trailer for Emilia Pérez, I instantly added one of November's new Netflix movies to my ever-growing watchlist for its audacious song and dance numbers.

Emilia Pérez doesn't fit within any conventional genre – indeed, it's been described as a musical crime saga, which also serves as an opera and a comedy. Whatever it is, it's something that both Netflix and I need right now. With 82% on Rotten Tomatoes, it's likely to earn a spot on our best Netflix movies list, too.

Grace Morris, entertainment writer

• Watch Emilia Perez on Netflix

Cross (Prime Video)

Prime Video loves a good ol' book adaptation with the likes of Tom Clancy's Jack Ryan and Alex Rider. Now, there's another one to add to the list in the form of crime drama Cross. Based on James Patterson's book series, albeit a show that tells an original story not depicted in the novels, Aldis Hodge steps into the role of talented homicide detective and forensic psychologist Alex Cross. As he and his partner John Sampson (Isaiah Mustafa) track down a serial killer, his personal struggles threaten to ruin his career and life.

I can always count on a high-octane cop thriller to keep me entertained. And, with Cross renewed for a second season before this chapter even aired, that's a hopeful sign it might be one of the best Prime Video shows. Alex Cross may have a new fan on his hands – and that fan is most certainly me.

Grace Morris, entertainment writer

• Watch Cross season 1 on Prime Video

Silo season 2 (Apple TV Plus)

It's time! The hit Apple TV Plus show Silo season 2 has finally re-emerged from its underground bunker to bring you the first episode of its new 10-episode installment. For fans of one of the best Apple TV Plus shows, it's been a long wait to get here. Following the show's renewal in June 2023, production had been forced to pause due to the Hollywood writers' strikes, which prompted Rebecca Ferguson to reveal (exclusively to TechRadar) that season 2 was a long way from makings its debut.

That wait is now over, which means fans can finally find out what happens next to Ferguson's character Juliette Nichols after season 1's shocking cliffhanger ending. Based on Hugh Howey's dystopian book series, the BAFTA award-winning Apple show is filled with "big mysteries" that are only set to get bigger in the next chapter, according to showrunner Graham Yost. If you want to keep the sci-fi thrills going this weekend, then here are four more highly-rated shows on Apple TV Plus.

Amelia Schwanke, senior entertainment editor

• Watch Silo season 2 on Apple TV Plus

Jake Paul vs Mike Tyson (Netflix)

We don't normally recommend sporting tournaments or live events, but when one of the greatest heavyweight champion world fighters is stepping into the ring with a YouTuber for a completely free event on Netflix, it's hard to ignore. After all, DAZN is the heavy hitter when it comes to boxing streaming rights – here's all you need to know about boxing on DAZN if you're a fan of the sport – so it's surprising that this is being aired for free (as long as you're a Netflix user, anyway).

Well, not that surprising when you see how much of a spectacle this fight is brewing online – Mike Tyson is known as an entertainer right? Critics are of course up in arms about what this fight means for the sport, saying it promotes profiteering and damages the legacy of the sport. Whichever corner of the ring you sit in, it's going ahead and you'll be able to tune in at 7:00pm ET tonight (November 15). Now if you'll excuse me, I'm off to watch Ridley Scott's latest sequel Gladiator II.

Amelia Schwanke, senior entertainment editor

• Watch Jake Paul vs Mike Tyson on Netflix

For more streaming recommendations, read our guides on the best Disney Plus shows, best Hulu movies, best Paramount Plus movies, and best Max movies.

• Two Palo Alto bugs are being abused in the wild, CISA warns
• Flaws added to KEV catalog, giving federal agencies a deadline to patch
• The bug can be abused to steal sensitive data and create arbitrary files

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse.

The bugs were found in Palo Alto Networks' Expedition migration tool, the same tool that has had a separate vulnerability added to the catalog recently.

The newly-added flaws are an unauthenticated command injection bug (CVE-2024-9463), and an SQL injection flaw (CVE-2024-9465). The former allows threat actors to run arbitrary commands as root on the operating system, thus accessing usernames, passwords in cleartext, device configurations, and API keys for PAN-OS firewalls. The latter, however, allows crooks to access the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows crooks to read, or create, arbitrary files on the system.

Deadline to patch

A hotfix seems to be available already, and those worried about being exploited should bring their Expedition tool to version 1.2.96, or later. Those who cannot install the patch immediately should restrict Expedition network access to authorized users, hosts, or networks, Palo Alto Networks advised.

When a vulnerability is added to KEV, it not only means that it is being exploited in attacks, but also that federal agencies have a deadline to patch, or stop using the flawed solution altogether. That deadline is typically 21 days from the date the bug is added to the catalog.

CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which can lead to Expedition admin account takeover for crooks with network access.

Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks' next-generation firewalls. It enables users to transition from legacy firewall configurations to Palo Alto Networks' security platforms while reducing manual efforts and minimizing errors.

Via BleepingComputer

You might also like

• Major Palo Alto security flaw is being exploited via Python zero-day backdoor
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Prime Video has partnered with PBS to host its free channels
• The news comes after the recent closure of Amazon Freevee
• This is the first time PBS shows are available to stream for free on a major streaming service

Prime Video has announced a partnership with PBS, following its recent decision to close the free streaming service Amazon Freevee. The loss of Freevee might come as a surprise to some viewers, but it looks like the streaming service is making up for that by bringing some exciting new things in the form of PBS channels.

The recent announcement confirms that one of the best streaming services will soon have more than 150 local PBS channels as well as PBS Kids as a free ad-supported TV offering. This is exciting news for both companies, as PBS confirmed this is the first time it'll be free on a major streaming service.

“PBS member stations will be able to tap into a leading streaming service to offer quality local programming viewers know and love for free,” said PBS chief digital and marketing officer, Ira Rubenstein. “It’s part of the PBS commitment to make trusted content available to all households across as many platforms as possible. We thank Amazon for giving PBS Member Stations a new and exciting way to grow their digital footprint while engaging with audiences old and new.”

What else should we know about the Prime Video and PBS partnership?

Call the Midwife is one of the many great shows to watch on PBS (Image credit: BBC)

PBS confirmed it's also launching two FAST channels available exclusively on Prime Video, PBS Drama and PBS Documentaries. These will be available exclusively on the streaming service for a limited time, and will launch on November 26.

There's so much to watch on PBS so it's an exciting way for subscribers to make the most of their Prime Video membership. Most notably, the network carries iconic British TV titles such as Call the Midwife, Downton Abbey and Poldark, for international fans wanting to enjoy those. They have plenty of original programming too including dramas, documentaries, cartoons, and more.

Prime Video is growing increasingly popular, to the point where one TechRadar writer Carrie Marshall said she's pausing her Max subscription for Prime Video in November. Now feels like a great time to dive into some of the best Prime Video shows and best Prime Video movies.

You might also like

• Prime Video might steal YouTube TV’s best sports streaming feature
• Why Apple TV Plus beat Netflix and Prime Video for our Streaming Service of the Year award
• Prime Video releases new trailer for its Cruel Intentions TV remake and first images for The Rig season 2, but I'm not thrilled by either of them

Japan has been at the forefront of technology for more than 50 years, with iconic products such as the Sony Walkman and the Nintendo Switch becoming integral parts of the cultural fabric of the Western world. It now wants to attract the world’s smartest minds to come and collaborate with local, like-minded tech entrepreneurs; this is where the Tokyo Innovation Base (TIB) comes into play.

Launched last November, this is the official platform, backed by the Tokyo Metropolitan Government, where any foreign startup and solopreneurs wanting to operate in the land of the rising sun can find advice and support, from business to daily life and beyond. TIB is a place where major companies, investors, universities, and government agencies from all over Tokyo gather, allowing you to meet various key people for doing business in Japan.

At the heart of this project is SusHi Tech, an annual startup conference that puts the concept of “Sustainable High City Tech Tokyo” at its core. Its next edition will take place in Tokyo from 8th to 10th May 2025; however, on November 21st, the Tokyo Metropolitan Government will host a special Tokyo "SusHi" Night event for startups and investors at Newlab in New York where the Vice Governor of Tokyo will be speaking.

Key links

:: Check out the SusHi Tech webpage and LinkedIn page

:: Visit the Tokyo Innovation Base website and LinkedIn page

:: Have a look at the Invest Tokyo resource center and LinkedIn page for more information

The purpose of the event will be to provide New York investors and ecosystem members with "a deeper understanding of the Japanese startup ecosystem, leading to investment opportunities in Japan, and to convey the appeal of the Japanese market to NY startups, leading to opportunities to enter Japan and collaborate with Japanese companies."

We’ve listed four reasons why we believe Tokyo is an outstanding place for overseas startups to kickstart their Asian journey.

1. An economic powerhouse

Japan is the second-largest economy in Asia and enjoys a relatively stable macro environment with a high GDP. Tokyo, as its capital and its most populous region, enjoys the benefits of a large market for startups to emerge and thrive. The metropolitan area of Tokyo accounts for around a quarter of the entire population of Japan, at just over 35 million.

2. Business-friendly environment

Japan has developed world-leading infrastructure across telecommunications, transport, and logistics. Tokyo has benefited significantly from this drive. The Japanese government has also introduced various schemes to encourage foreign companies to invest locally. This includes tax incentives, streamlined business registration processes and comprehensive legal protection when it comes to intellectual property rights, one of the most exhaustive across Asia.

3. Innovation by design

Tokyo is home to almost 150 universities that have produced over decades, a highly-skilled, experienced, workforce, transforming Japan into the technological behemoth it is today. Technology companies such as Rakuten, Hitachi, Sony, Fujitsu, NTT Data, Sega and Line Corporation are headquartered there and benefited from this local brain power; smaller companies and Japanese startups can also tap into this talent pool.

4. The Asian advantage

Within a few hours of airplane travel, startups have access to a market of nearly two billion potential customers or users, one of the highest concentrations anywhere in the world. Tokyo is the perfect base for foreign startup companies seeking to expand in Asia, operating on a different timezone and in one of the safest cities in the world.

• Check out the SusHi Tech webpage and LinkedIn page
• Visit the Tokyo Innovation Base website and LinkedIn page
• Have a look at the Invest Tokyo resource center and LinkedIn page for more information

• Start-Rite notifies customers of a major data breach which saw credit card data exposed
• The details about the attackers are unknown at this time
• Users with purchases between October 14 and November 7 should scrutinize their bank statements

Children's footwear brand Start-Rite has confirmed suffering a painful data breach in which it lost customer payment information.

The company confirmed the breach in a message to affected customers, The Register revealed, however, not all details about the breach are known at this time, so we don’t know who the attackers were, how many people were affected, or how the breach occurred.

What we do know is that the incident happened between October 14 and November 7, as Start-Rite told customers in its data breach notification email. The information stolen includes full names - as seen on credit and debit cards - postal addresses to which the cards are registered, card numbers, expiry dates, and the CVV numbers. In other words - whoever took this information has everything they need to make online card purchases, commit wire fraud, identity theft, and more.

NHS and friends

"On 11 November, Start-Rite Shoes became aware that it had suffered a security incident via a third-party application code on www.startriteshoes.com," the company told The Register. "The breach potentially provided access to customer bank card information. The website is now secure and the malicious code and third-party app have been removed."

The company’s social channels, and its website, say nothing about the incident just yet, but Start-Rite advised customers to disable the cards and ask their banks for a new one, noting, "we would advise you to contact your bank or credit card provider and ask them to stop the card you used to pay us and issue you with a replacement. You may be able to do this immediately via your mobile banking or credit card app.”

The company also advised users to double-check all transactions from October 14 onward. “If you do see anything which appears strange, you should contact your bank or credit card provider, tell them that you did not authorize the transaction, and ask for a refund. You may wish to provide them with a copy of this email to support your request.”

Given the wording of the statement, this seems to have been a credit card skimmer code installed on the company’s ecommerce site, such as the one MageCart crooks used to drop.

You might also like

• MageCart attacks return to target hundreds of outdated ecommerce sites
• Here's a list of the best firewalls around today
• These are the best endpoint protection tools right now

• Microsoft gaming CEO confirms the company wants to make more Xbox consoles
• Phil Spencer also hinted at "other devices"
• Spencer shuts down the possibility of a mid-generation Xbox console

Microsoft gaming boss Phil Spencer has confirmed there will "definitely" be more Xbox consoles in the future but has seemingly shut down the idea of a mid-generation Xbox Series X.

That's according to a recent interview with Rolling Stone, following the launch of Microsoft's new Xbox advertisement campaign titled 'This is an Xbox', where Spencer discussed the company's ongoing multi-platform push.

"Our biggest growth in Xbox players is on PC and cloud," Spencer said. "The console space all up isn’t growing, across all of them. We love those customers, but in terms of continuing to expand and grow Xbox, it’s about PC, it’s about cloud, and it’s about making our games more available in more places."

However, this doesn't mean Microsoft is ready to leave Xbox consoles behind in favor of PC gaming and the Cloud.

"We’ll definitely do more consoles in the future, and other devices," Spencer confirmed.

The "other devices" seem to hint at a handheld console, which has been rumored to be in development for quite some time.

Later, when asked about the possibility of a mid-generation upgrade for the current Xbox consoles similar to the PS5 Pro, Spencer suggested it wasn't worth it as there doesn't seem to be a major difference in performance.

"We think about hardware that can create unique value for our players or creators on our platform,” he told Rolling Stone. "We don’t need to do incremental hardware for our own benefit.

"Does a new device really give you a unique experience on screen in some way? [It’s] less like the old days, going from the original Xbox to 360 - that was standard definition to high definition. Now [it’s] harder to show the benefits."

Earlier this week, Spencer shared some insight on what Xbox is planning behind the scenes and was able to verify that Microsoft is currently working on handheld prototypes.

The Xbox boss has asked his team to look at the current market to develop its vision of a handheld based on what it learns and also set player expectations by saying an actual device is a few years away.

You might also like...

• Best Xbox Game Pass games to play in 2024
• Xbox Series S 1TB review: the best option for console buyers on a budget
• Phil Spencer says Microsoft will release more Xbox games on other platforms - "I do not see sort of red lines in our portfolio that say ‘thou must not'"

Google has just updated its popular Fitbit Ace LTE with a new family communication feature that makes it more useful than ever.

The Fitbit Ace LTE is a cheap kids' smartwatch designed to keep the whole family connected without the need to spend big on one of the best smartphones for your kids.

Now, the Fitbit Ace LTE is receiving a big upgrade that makes it even more useful as a family communication device. Announced November 13, Google's new Family chat feature means you can have a whole family conversation across your Google smartwatch ecosystem. Messages sent via the Ace app or from your device now reach everyone in your Google family, so you can all stay connected throughout the day.

There's also new support for direct messages between siblings, so they can argue err send each other messages, or call each other via their Fitbit Ace LTEs.

Fitbit Ace gets new Family Quests

(Image credit: Google)

Fitbit Ace now also includes new Family Quests, which are fun ways to help get your family more active. There are new challenges and rewards for kids, and the more your family moves and hits its goals, the more tickets your kids will get to spend on eejie items.

If you're in the market for your first Fitbit Ace LTE, Google is planning a Black Friday sale where you can save $50 on the Fitbit Ace LTE from November 21 through December 4. So it's likely worth waiting a few days if you want to score one.

If you're after your own Fitbit, the best Black Friday Fitbit deals are a great starting point to save you big on some of Fitbit's top fitness trackers and smartwatches, including the Versa 4 and Sense 2, which Google is sunsetting in favor of its own Pixel line.

You may also like

• Looking for a cheap Fitbit smartwatch this Black Friday? This year could be your last chance
• Don’t fall for cheap Apple Watch and Fitbit clones this Black Friday - buy these solid budget picks instead
• RIP Fitbit smartwatches – an end we could see coming a mile away

The Samsung Galaxy S25 series could land very soon, with leaks pointing to a January launch – so hopefully you’ve been saving, as these are sure to be expensive phones.

Exactly how expensive remains to be seen, but based on a mix of leaks and past form, we’ve predicted the approximate prices we think you’ll have to pay.

Below then, you’ll find price predictions for the Samsung Galaxy S25 itself, along with the Samsung Galaxy S25 Plus, the Samsung Galaxy S25 Ultra, and even the Samsung Galaxy S25 Slim.

Samsung Galaxy S25 price predictions

The Samsung Galaxy S24 (Image credit: Future | Roland Moore-Colyer)

To figure out how much the Samsung Galaxy S25 might cost, it’s helpful to first look at the price of the Samsung Galaxy S24.

You can see prices for all configurations of that phone in the chart below, but it starts at $799 / £799 / AU$1,399.

So we’d expect the Samsung Galaxy S25 will cost at least that much, but there’s a high chance it will cost more, as most rumors suggest it will have a Snapdragon 8 Elite chipset, and that itself reportedly costs more than the Snapdragon 8 Gen 3 used by some Galaxy S24 models.

Qualcomm (which makes the chipset) claimed ahead of its launch that the price would probably be higher, and leakers have variously said that the Snapdragon 8 Elite might cost roughly $40 (around £30 / AU$60) more than the Snapdragon 8 Gen 3, or that it would cost around 20% more than the Snapdragon 8 Gen 3.

It’s likely that Samsung will pass any price rises on to consumers, so we could perhaps see the Samsung Galaxy S25 retail for more like $840 / £840 / AU$1,460 (with the UK price mirroring the US one, as that was the case with the Galaxy S24). With inflation it’s possible that the price could be even higher.

For now, we can’t confidently predict exactly what the Samsung Galaxy S25 will cost, so take the estimate above with a pinch of salt, but we expect it will cost at least slightly more than its predecessor.

Samsung Galaxy S25 Plus price predictions

The Samsung Galaxy S24 Plus (Image credit: Future)

As with the Samsung Galaxy S25, the Samsung Galaxy S25 Plus will probably cost at least as much as its predecessor, and there’s a high chance it will cost more.

For reference then, the Samsung Galaxy S24 Plus starts at $999.99 / £999 / AU$1,699, and you can see its full pricing for every configuration in the table below.

So the Samsung Galaxy S25 Plus might mirror this, and we’d be surprised if it cost less anyway. But with the price of its chipset likely being higher than last year’s (as detailed in the Galaxy S25 price section above), if anything we’d think it might cost a little more.

One leak states that the Snapdragon 8 Elite chipset it’s using will cost Samsung roughly $40 (around £30 / AU$60) more, so that sort of amount could be added to the price of the Samsung Galaxy S25 Plus.

In which case, we might be looking at something like $1,040 / £1,040 / AU$1,760. However, that’s just a rough guess. For now though, expect it to probably cost slightly more than the Galaxy S24 Plus anyway.

Having said that, a price increase would push the price into four digits in the US and UK, which might be something Samsung would want to avoid, so it’s not impossible that the price will remain the same as last year.

Samsung Galaxy S25 Ultra price predictions

The Samsung Galaxy S24 Ultra (Image credit: Future | Alex Walker-Todd)

The same factors as above are likely to affect the Samsung Galaxy S25 Ultra’s pricing, meaning that it will probably cost more than the Samsung Galaxy S24 Ultra.

The current Ultra starts at $1,299.99 / £1,249 / AU$2,199, and you can see complete pricing for that phone in the chart below.

That’s a lot of money then, but with the Samsung Galaxy S25 Ultra’s chipset possibly costing around $40 (roughly £30 / AU$60) more than its predecessor’s – as detailed above – the price of the phone might increase accordingly.

In that case, the Samsung Galaxy S25 Ultra could start at around $1,340 / £1,280 / AU$2,260. As with the other S25 models we’re not confident of that exact price, but we do think it’s likely the phone will cost more than its predecessor.

Samsung Galaxy S25 Slim price predictions

The Samsung Galaxy S24 (Image credit: Future | Roland Moore-Colyer)

One leak suggests the Samsung Galaxy S25 Slim could launch at the same time as the rest of the Samsung Galaxy S25 line, so with that possibly coming soon it’s worth considering how much this could cost too.

However, it’s a lot harder to predict than with the rest of the Galaxy S25 series, since there aren’t any previous ‘Slim’ models to compare it to.

But based on leaked model numbers for the Galaxy S25 line, it’s likely that the Samsung Galaxy S25 Slim would be positioned between the Samsung Galaxy S25 Plus and the Samsung Galaxy S25 Ultra.

In which case, it will probably cost more than the $999.99 / £999 / AU$1,699 starting price of the Samsung Galaxy S24 Plus, but less than the $1,299.99 / £1,249 / AU$2,199 starting price of the Samsung Galaxy S24 Ultra.

You might also like

• Samsung Galaxy S24 review: the Galaxy's pocket powerhouse
• Samsung Galaxy S24 FE review: an AI phone that's light on sacrifices
• Best Samsung phones: top Galaxy handsets ranked

• Xobin left a database publicly exposed online for at least three months
• The database was filled with the PII of over 500,000 job applicants
• Identification documents and passports were included in the files

Days after a database containing the personally identifiable information (PII) of millions of jobseekers was uncovered, another half million may have been exposed by a different company.

The unprotected files were found by Cybernews researchers, and contain the PII of over 500,000 job applicants, including resumes, scans of passports, and copies of identification documents.

The files were left exposed by AI-powered HR tech company Xobin, and despite numerous alerts to the public database, remained open and accessible for almost three months.

Xobin responsible for some big names

The researchers say Xobin counts Toyota, Ericsson, the University of Toronto, and Domino’s as some of its clients, among many other companies and organizations.

It isn’t known how long the database was left exposed before discovery, but Cybernews first discovered the database on August 5 and issued an immediate alert, with the database only being taken down on November 4.

The files were stored in a misconfigured Google Cloud Storage bucket. In total, 18,000 CSV and XLSX files were uncovered which included the job applications of 523,074 people, with each application including full names, phone numbers, and email addresses.

Moreover, 3,129 copies of passports and IDs with Permanent Account Numbers - the Indian equivalent of US social security numbers.

18,629 resumes were found, each containing further details on each applicant. If the database was accessed by malicious actors, it could be used along with other PII for social engineering, spearphishing attacks, extortion, financial fraud, and account takeover, particularly if an individual is known to be seeking or earning a high wage.

“You can name all the cyber threats: identity theft, spear phishing, doxxing, social engineering, and many other forms of fraud. The leaked personal information includes sensitive details, and job seekers are particularly vulnerable. Scammers can impersonate legitimate recruiting agencies, offer enticing fraudulent jobs, and perform other targeted fraudulent activities leading to potentially devastating financial and personal repercussions,” Cybernews researchers said.

You might also like

• Take a look at the best identity theft protection
• Millions of sensitive data records exposed online due to settings fault with this top Microsoft tool
• These are the best firewalls

• Coca-Cola's UK TV ad campaign for the 2024 holiday season has launched
• The iconic 'Holidays Are Coming' ad has been recreated using AI
• Coca-Cola CMO Javiet Mexa says, "we want to bring Holidays Are Coming into the present."

Holidays are coming… but this time Coca-Cola has opted to strip the soul out of its iconic 1995 UK TV ad and use generative AI to recreate it.

The 16-second ad, which is set to run in the UK instead of the beloved original, has been entirely created using AI without any human input. The ad shows the famous Coca-Cola truck driving through a snow-covered landscape and arriving in a town, and Santa’s hand passing out bottles of the fizzy drink to happy people excited at the thought of the taste of Coca-Cola Zero Sugar.

Coca-Cola’s European CMO Javier Meza told Marketing Week, “We didn’t start by saying: ‘OK, we need to do this with AI'. The brief was, we want to bring Holidays Are Coming into the present, and then we explored AI as a solution to that.”

Interestingly, and unlike the original ad, Coca-Cola’s new AI version omits Santa’s face entirely. Whether this was intentional, or because AI’s recreation of Santa Claus was deemed too eerie, we’re not quite sure.

Meza added that Coca-Cola tested the AI-generated ad with consumers prior to release, and said they "loved" it, leading the multi-billion dollar company to push on with the idea.

Festive spirit generated by AI

The advert was generated using Coca-Cola’s own Real Magic AI, which was launched last year in collaboration with Bain & Company and OpenAI. The AI model combines the capabilities of OpenAI's GPT-4 and Dall-E, and learns from Coca-Cola’s creative assets created over the brand’s 138-year history.

The 'Create Real Magic' campaign from last year invited digital artists to use the AI model to create digital billboards for the brand, with the winners appearing in New York’s Times Square and London’s Piccadilly Circus. At the time, I don’t think anyone expected Coca-Cola to use the same technology for a TV ad, but then a lot has changed since March 2023, and now Coca-Cola wants to show that it’s evolving with the times.

AI can be incredibly useful and often magical, but many people – myself included – will feel that some things, like Coca-Cola’s cozy and magical holiday ad, should remain untouched by technology.

you might also like

• I've seen the new AI dog collar that lets you talk to your dog
• Best Super Bowl commercials including Coca-Cola
• You can finally use Gemini Live on iPhone

• Xbox has unveiled a new marketing campaign
• It focuses on the many devices that can be used to play Xbox games
• Some online argue it dilutes the brand's identity

Xbox has launched a new advertising campaign titled ‘This is an Xbox’ that showcases the many devices that players can use to enjoy Xbox games.

Among them is both the Xbox Series X and Xbox Series S, plus more unconventional choices like a Samsung Smart TV, Amazon Fire TV Stick, mobile phone, the Meta Quest 3 VR headset, and more. A few humorous additions including a bento box and cat litter box are thrown in there too.

According to the company, the campaign “invites people to play with Xbox across multiple devices and screens” and “showcases the evolution of Xbox as a platform that extends across devices, with bold, iconic, fun visuals and a light-hearted tone.”

Xbox has also partnered with several brands for amusing crossovers, aiming to “bring the campaign to life in unexpected and entertaining ways.” As part of this, Samsung Smart TV owners will be able to see some ‘This is an Xbox’ branding on their home screens. An advertisement showing a Samsung Smart TV will also be featured in Times Square.

The campaign follows a wave of efforts to make Xbox titles playable on a wide range of platforms. Xbox Cloud Gaming is available on most PCs, while the Xbox TV app and Game Pass Ultimate were made accessible via Amazon Fire TV Sticks earlier this year.

What’s an Xbox now?

Reception to the ads has certainly been a little mixed so far, with some online commentors feeling like it strays too far from the brand’s core identity. “The downfall of the Xbox brand and its identity is so depressing,” responded one user on X / Twitter. “Surely this is the Xbox team now saying ‘we give up’,” replied another.

Other reactions have been more positive, though, with one online poster saying that “this is good Xbox marketing” and that it has “a nostalgic mid 2000's vibe.”

All things considered, I think that it’s a pretty effective campaign. The Xbox brand has been drifting towards a more software focused business model for some time, driven partially by a move to release more Xbox games on other platforms.

The option to jump into the latest Xbox games via a low-cost piece of hardware like a Fire TV Stick could be hugely enticing to more casual gamers. It also helps reduce the financial barriers associated with needing to purchase a full console, which can only be a good thing.

You might also like

• Phil Spencer says Microsoft will release more Xbox games on other platforms - "I do not see sort of red lines in our portfolio that say ‘thou must not'"
• Xbox Series S 1TB review: the best option for console buyers on a budget
• Phil Spencer confirms Xbox handheld prototypes are now being worked on, but a console is years away

• Researchers from AppOmni found a misconfiguration bug in sites built with Microsoft Power Pages
• As a result, data on millions of people was leaking on the web
• UK NHS among affected firms, with other urged to investigate immediately

Businesses in both the private and public sector have been leaking personally identifiable information (PII) on millions of people due to a fault with a Microsoft website builder platform.

Experts from AppOmni revealed the leak stems from misconfigurations in Microsoft’s Power Pages, a low-code platform within the Microsoft Power Platform suite that allows users to build websites without needing to be expert coders.

However, due to misconfigured access controls - namely excessive permissions granted to the Anonymous role - many websites were leaking “significant amounts of data”. That information included full names, email addresses, phone numbers, and home addresses.

NHS among those affected

Power Pages is especially geared toward business users and developers who need to build sites that integrate with business data from sources like Microsoft Dataverse, and apparently has more than 250 million monthly users.

“During my research, I’ve uncovered several million records of sensitive data being exposed to the public internet from authorized testing alone,” the researcher said, suggesting that the leak is probably even bigger (since this was found from “authorized testing alone”). The primary nature of this data are internal organization files and sensitive PII belonging to both internal organization users and other users registered on the website.

Among the leaksters was the NHS - UK’s National Health Service - which allegedly leaked sensitive information belonging to more than 1.1 million employees. The healthcare giant has since plugged the hole. The researchers did not want to name any other organizations leaking the data, possibly because the holes have not yet been plugged.

Misconfigured databases are one of the main causes of data leaks. Over the years, there were many instances of organizations keeping large archives of sensitive customer files without even a weak password, let alone a strong one.

You might also like

• Hot Topic data breach thought to have hit nearly 54 million customers
• Here's a list of the best firewalls around today
• These are the best endpoint protection tools right now