Feed aggregator

Pakistan won't block VPNs, despite having the ability to do so.

This was the main takeaway from the country's telecom watchdog, Pakistan Telecommunication Authority (PTA), during its annual end-of-the-year ceremony on Monday, December 16, 2024.

"We had said earlier that we can block VPNs but we won’t do it," said PTA Chairman Maj Gen (retd) Hafeez Ur Rehman, adding that they didn't block any services until today – Pakistani news channel Geo News reported.

The PTA originally set the deadline for November 30 to begin implementing a new policy regulating VPN usage, calling businesses and freelancers to register their service to evade blocks. The Pakistan VPN ban was then withdrawn due to a lack of legal grounds.

Pakistan VPN: a crucial resource

Since the beginning of 2024, Pakistanis have turned en masse to the best VPN apps to navigate an increased censored internet.

Social media access has been the main target for authorities. Residents couldn't use X ( formerly Twitter) without a VPN since February, in fact. Facebook and Instagram were also restricted in July 2024 and May 2023, respectively, according to Surfshark's Internet Tracker. WhatsApp and Bluesky were also blocked in November.

In this context – where circumventing services like VPNs are a crucial resource for residents and visitors – authorities began to crack down on their usage.

For starters, VPNs were reportedly targeted during the year as users faced temporary connectivity issues since February (exactly when X was first restricted). Plans to regulate the use of VPNs to curb their misuse were first shared in August.

Do you know?

(Image credit: Shutterstock)

A virtual private network (VPN) is security software that encrypts your internet connections to prevent snooping. It also spoofs your real IP address location to boost anonymity and grant access to otherwise geo-restricted content.

Authorities would later deem unregistered VPNs a "security risk" for Pakistan as they can be used to access "sensitive data," with Pakistan's top religious body even saying that using a VPN is "against the Islamic law."

Despite these strong stances, authorities have always stressed that VPN usage is permitted for legitimate purposes such as banking, foreign missions, corporate enterprises, universities, IT companies, call centers, and freelance professionals. Not many guidelines were shared, however, about their non-commercial use.

This is probably why the PTA decided to extend the registration deadline the day it was set to expire. Then, the final verdict – a Pakistan VPN ban goes against the law, according to the country's Law Ministry.

As per sources close to the Interior Ministry, under the Prevention of Electronic Crimes Act (PECA) 2016, the government can block content but not tools (like VPNs, in this instance).

"Eventually, it has been noted that the reading of the Interior Ministry in this regard was weak, and the courts would allow the functioning of the VPNs," the source told the Pakistani English-language newspaper Dawn.

In the meantime, Pakistan has also reportedly implemented a China-like internet firewall that "has the ability to block VPNs" – a Ministry of Defence official, familiar with the new deployments, told Al Jazeera.

The PTA chairman, however, refused to comment on potential shutdowns. "We don’t have answers when we are asked about internet shutdown owing to national security," he said, as per Geo News. "Questions related to national security should be asked from policymakers."

GenAI is being hailed as a revolutionary coding tool. Yes, it creates enormous opportunities for development teams, but we must remember that AI is a junior developer, not an engineer.

The idea that AI will take over app development overlooks a core aspect of a developer’s job. There’s a reason we call them developers or engineers and not code typists. Writing commands has never been the hard part. The challenge lies in ensuring the code solves the problem at hand within the product’s constraints and domain. The current generation of GenAI doesn’t accomplish this.

The developer role is not dead — it’s evolving. With AI assisting with code generation, human developers’ creativity, strategic thinking and contextual understanding will be even more crucial in shaping successful software solutions.

GenAI’s limitations in software development

Developers have long used code templates, generators and auto-complete to expedite programming. GenAI can take these tools one step further by writing entire functions or blocks of code from natural language prompts. However, AI does not fully understand logic and lacks context on business problems and the software’s purpose, resulting in mediocre code.

For example, GenAI can create a code that calculates total sales revenue. However, the output may fail to account for organization-specific variables, such as including returns and rebates in the equation and formatting results to meet reporting requirements. The code technically works, but it does not actually solve the problem.

Additionally, GenAI tools often generate bad code. The training data for the large language models (LLMs) contains both high and low quality data, and the algorithm cannot decipher the difference. Research from Bilkent University measured performance in terms of code quality metrics and found that ChatGPT only wrote correct code 65% of the time, with GitHub Copilot and Amazon CodeWhisperer performing even worse.

AI-generated code can also introduce vulnerabilities and compromise data security by neglecting to follow security protocols. This risk is made more dangerous by many developers' misplaced confidence in the algorithms.

A Stanford University study found that developers who used AI to write code were more likely to believe it was secure when, in fact, it was less so than teams that were not using an AI tool. These results suggest that programmers may become less vigilant in reviewing their work as a result of relying on AI. More than 90% of security leaders have concerns about using AI in coding, but less than half have policies in place to ensure its safe use.

In light of these challenges, experienced human developers will always be necessary in application development.

What does the developer of the future look like?

Gartner projects that 90% of enterprise software engineers will use AI code assistants by 2028, shifting developers into strategic advisory roles. However, developers’ core responsibilities — maintaining code quality, strategically adapting systems to changing environments and meeting specific project demands — will remain essential.

Developers and engineers will increasingly act as architects who specify high-level requirements and constraints while AI fills in the detailed coding​. This means developers must focus less on writing low-context, low-value code and more on understanding business requirements, system architecture, edge cases and performance testing.

The cooperative relationship between AI and humans could resemble pair programming. AI will play the role of a less-experienced partner performing basic tasks, leaving developers to spend more time guiding and suggesting code improvements.

AI integration might push dev teams to shift further left on traditional code review practices like linting, testing and compliance checks. Since GenAI can produce functional but contextually inaccurate or insecure code, incorporating checks earlier in development allows teams to catch issues proactively. This approach enhances code quality, reduces the risk of errors and maintains consistency.

While GenAI can deliver many benefits, it presents a conundrum for the professional pipeline. With AI functioning as a junior developer, companies may need to hire fewer entry-level developers. This situation limits opportunities for human employees to advance their skills, which results in fewer people equipped to oversee code quality. This scenario remains a problem without a solution — one that needs to be answered soon.

Developer fundamentals will endure

A developer’s value lies in understanding the broader purpose and structure of code, not just in the act of writing it. Fundamentally, GenAI will not alter the skills required for this job, though developers may spend less time with their hands on the keyboard. Critical thinking and adaptability will become even more essential for success. With AI managing the bulk of the tedious tasks, developers must master the skills to instruct and correct AI to achieve the desired outcome.

We've featured the best web development tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

With AI capabilities compounding cyber attack sophistication, any organization not making it a priority to effectively prepare for potential data breaches could be placing their business at considerable risk.

Incident response refers to the scope of actions and procedures to be taken during an incident. Essentially this is a set of measures taken to deal with security breaches of various types. A robust incident response strategy can not only make a significant difference in preventing data loss, it can also enable firms to respond rapidly in the event of an incident; communicate to the relevant stakeholders; minimize damage to the company reputation; ensure regulations are met, and reduce the costs of a data breach. Sadly, many organizations (tending to be SMEs rather than larger corporations), do not have a well-prepared, up-to-date incident response strategy in place.

Also referred to as IT incidents and security incidents, such events are to be handled in a way to reduce recovery time and costs. To mitigate risks and be prepared for as wide a range of events as possible, it is therefore vital that organizations create a detailed and comprehensive incident response plan.

Incident response vs disaster recovery

An incident response plan should be incorporated into a disaster recovery plan. These are two components of a comprehensively developed data protection strategy. A common mistake organizations typically make is to create these two plans independently. The right practice is to develop, deploy, and test them as a complex set of measures to protect data security and integrity.

At the same time, even though the objectives of incident response and disaster recovery plans are related, they are not the same. The key difference between incident response and disaster recovery plans lies in the type of events they address. The former defines an incident response team’s roles and responsibilities to ensure smooth running of incident response processes. In turn, a disaster recovery plan focuses on bringing your production environment back to an operational state after an incident occurs and successfully recovering from any caused damage.

An incident response specialist should ensure a uniform approach and make certain that none of the outlined steps are skipped. Another important task is to determine where the problem comes from in order to prevent similar incidents in the future. Finally, it is important to regularly update the incident response plan to make sure it addresses both the ever-evolving cyber threats and current needs of your infrastructure.

If an incident response plan is successfully integrated within the disaster recovery plan, organizations will be able to respond to any disaster in a much faster and more efficient manner.

Building an incident response strategy

Security vulnerabilities, human errors, and technological malfunctions are all possible to avoid, which is why employee training should be a key part of the strategy. In addition, the needs of the environment should be analyzed and it should be ensured that your plans meet them.

Organizations should consider preparing a plan tailored for the possible failure of a VM, network, cloud, data center, and so on. As an example, an effective data protection solution could save quite a lot of time and costs. It should also be considered that there is a risk of a disaster affecting the organization's physical server, office, the entire building, or even a region. Even though some of these scenarios may seem unlikely, it is better to be prepared for as wide a range of unexpected events as possible.

In this way, the purpose of both incident response and disaster recovery plans is to minimize the impact of an unexpected event, recover from it, and return to the normal production level as fast as possible. Also, both of them contain an element of learning: it is important to identify the roots of a problem and, in such a way, decide how to prevent similar incidents in future. The principal difference is their primary objectives. The purpose of an incident response plan is to protect sensitive data during a security breach, while a disaster recovery plan serves to ensure continuity of business processes after a service disruption. While it is key to remember that incident response and disaster recovery are not two separate disciplines, a good practice is to document two plans separately. Even though it may seem that having one document that covers all possible scenarios is a better idea, consolidated plans might lack depth and contain contradictions. This will simplify the process of document creation, as well as enable IT teams to find an appropriate action scope faster, both during testing and in a real-life situation.

Types of security threats

One of the key principles of incident response and disaster recovery is to carefully develop plans to cover as many recovery scenarios as possible. Naturally, the key point is to do this before a disaster strikes and such a plan is urgently required. To begin with, an attentive look at the types of security incidents is needed. Some of the most common threats are:

DDoS attack

The aim of a distributed denial-of-service (DDoS) attack is to disrupt services and traffic of a target server, network, or website. To carry out an attack, one needs a network of computers infected with malware, or a botnet. The attacker controls bots remotely and sends them the necessary instructions. During a DDoS attack, machines in a botnet start sending simultaneous requests to the target. The flood of malicious traffic can potentially slow down or completely crash the target system. If successful, a DDoS attack renders the service unavailable to users and often results in significant financial damage, as well as the loss or theft of sensitive data.

Malware and ransomware

Malware is a broad term that refers to viruses, worms, spyware, and other types of malicious programs. In some cases, it can act in a relatively inoffensive way (change screen background or delete files), but sometimes it remains hidden and steals sensitive information. Ransomware is a subset of malware, and the key difference is that the system’s user receives a notification with a demand to pay a ransom. As an example, the victim may find their disks or files encrypted, while the attacker normally promises to restore the machine to its previous state after they receive the payment.

Cybersecurity professionals insist that companies should never pay in such cases. On our part, we emphasize that an adequate backup solution is an effective weapon against ransomware. After all, the main reason why a victim might pay a ransom is because they don’t have an alternative.

Phishing

This is a form of cyber fraud with its purpose being to access personally identifiable information (PII). As a rule, attackers use social engineering techniques. The victim might receive an email or text, or come across a social media post containing a link to a page where the visitors are asked to submit their personal details. The key idea is to make the victim believe that they are dealing with a reputable entity like a bank, government agency, or legitimate organization. Incident response in the event of a phishing attack should include both preparation and post-incident phases. It is also important to educate your colleagues so that they can recognize the signs of a phishing attempt and avoid putting the network at risk.

Insider threat

Security threats of this type come from people related to the workflow of an organization, such as its employees, former employees, third parties, contractors, business associates, and so on. In most cases, their main motivation factor is personal gain. However, sometimes malicious insiders want to harm an organization and disrupt its services out of revenge.

A common scenario is when data is stolen on behalf of external parties, such as competitors or business partners. Careless workers who mishandle data or install unauthorized apps pose a threat as well. In other words, all the possible attack vectors must be carefully analyzed to design comprehensive incident response and disaster recovery plans. Once again, training employees and implementing a set of security procedures are two important steps which can help protect the corporate network.

Incident response key takeaways

When it comes to building an incident response strategy, the key thing to remember is that the approach is definitely not one size fits all. Incident response development can be a phased and measured, continuous process. And even for smaller organizations on a tight budget, creating an effective plan is achievable, as long as priority is given to protecting the data that is critical to the business. A firm understanding of regulatory liabilities, escalation processes, and adherence to the reporting requirements, is of course vital. The strategy should ensure the inclusion of rules covering the specific incident scenarios detailed above. The incident scenarios and their applicable responses should be practiced regularly to ensure the IT team is up-to-speed and fully prepared to take the necessary action, and that the procedure will be effective in tackling existing threats.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Security researchers warn an Apache Struts 2 flaw is being actively exploited
• The attack surface is relatively big, with companies worldwide possible affected
• A patch is available, and users are urged to apply it

A critical vulnerability in the Apache Struts 2 application framework is now under active exploitation, security researchers have warned, urging users to apply the patch or run the latest version as soon as possible.

Apache Struts 2 is an open source web application framework for developing Java-based web applications. It aims to simplify the creation of interactive web applications and is often used by large enterprises and government agencies.

Apache recently reported finding a “file upload logic” flaw in versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2. Versions 6.4.0 and 7.0.0 were deemed safe. The bug is tracked as CVE-2024-53677, and has a severity score of 9.5/10 (critical), since it can be used to manipulate upload parameters, and thus enable path traversal. As a result, malicious actors can upload arbitrary files into restricted directories, enabling remote code execution (RCE), and thus data theft and system takeover.

Patching the flaw

Apache has released a patch for the flaw, but at the same time, a proof-of-concept (PoC) exploit was made publicly available.

The bare minimum users should do is upgrade to version 6.4.0, since this one does not use the flawed Struts' File Upload Interceptor component.

In their writeup, cybersecurity researchers from Vulcan stressed Apache Struts flaws were “prime targets for attackers”, reminding their readers about the Equifax breach from 2017, which was attributed to a similar flaw. They also said that Struts 2 has significant download volume - roughly 300,000 monthly requests - meaning the attack surface is quite large.

Finally, they said CISA already added multiple Struts RCE flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Via The Register

You might also like

• Sneaky malware abuses CAPTCHA to bypass browser protections
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

Laura Dillard is a rodent's worst enemy. We asked her about the best ways to stop mice from getting in and tips for trapping them when they breach a boundary.

We round up the best favorite, most electrifying concept cars of 2024. From ultra-luxury icons to autonomous coupes to an all-electric, tire-smoking drifting machine, each gives us a different vision of the future of automotive technology.

One fifth of all wine sold worldwide could be fake. Now tech similar to similar MRI scans and gas-smelling, aroma-analyzing equipment might yield the answer.

The commission says the new rules will save people time and money, with more transparent pricing and fewer hidden fees.

Elemind uses artificial intelligence to read your brain waves and responds in real-time to help you fall asleep.

The world's first AI-powered automatic litter box dares to ask the question: What does it look like inside the box when my cat poops?

If you want to upgrade your TV with better access to your favorite streaming services, then you should move quickly to get this media streamer for just $22.

Alien: Rogue Incursion is a prime example of horror done well in a VR game. It doesn’t simply bung you in a pitch-black space and spook you with jumpscare after jumpscare, no, the whole title exudes an inescapable tension that’s an amalgam horror of its setting, sound design, and game mechanics.

The specific nature of the chaotic, labyrinthine Gemini Exoplanet Solutions facility your two-person party – Zula Hendricks and her synth companion Davis – is stranded in doesn't overly matter, but its design and decoration certainly do.

It boasts a jumbled network of crawlspaces that are perfect for Xenomorphs to exploit to sneak up on you, and even with the motion detector it can be a challenge to track them down before they break cover and launch an attack at you – with the sound of their clambering serving as a constant reminder that the monsters are close, even if you can’t see them.

Review Info

Platform reviewed: PSVR 2
Available on: PSVR 2, PC, and later Meta Quest 3, Meta Quest 3S
Release date: December 19, 2024 (February 13, 2025 on Quest)

Sneaking around the facility yourself is advised then to avoid unnecessary combat, but what makes that a challenge is commonplace workplace debris. On any other day a few boxes, a creaky locker door, or a trash can would be mundane items you hardly consider, but they’re transformed into your enemy by Rogue Incursion as any noise has a chance to summon your alien foes.

This ties in perfectly with the intrinsic risk-reward structure which should be at the core of a survival horror campaign like this one. Yes, you can explore a few additional rooms to try to restock your dwindling supplies, but the noise you’ll create could mean you’ll spend more resources than you’ll regain if you aren't careful.

Concept art of Davis weilding his shotgun (Image credit: Survios / 20th Centuary Fox)

I also appreciated that, as someone who is relatively unfamiliar with the Alien universe – I know what a Xenomorph is, how their parasitic nature relies on facehuggers and chestbusters to violently reproduce, and I could pick one out in a lineup of sci-fi heels, but I’ve never seen an Alien movie, and the closest I’ve come to playing an Alien game before is eliminating Xenomoprophs and Ripley in Fortnite – I never felt locked-out of the story.

This was aided by the admittedly trope-heavy plot, but while there were clear references to characters and events who meant very little to me the well-crafted dialogue contained enough context clues that I could follow along without feeling lost. So don’t feel this isn’t a game for you if you’re new to the Alien franchise like I was.

Bark worse than their bite

Ironically, however, the least scary aspect of this whole scenario was the eponymous Aliens. As you’re well stocked with military-grade rifles, shotguns, and revolvers Xenomorphs can be dispatched by Zula and Davis with enough shots to the chest or head.

And there are no variants to keep you on your toes mechanically speaking. Once you’ve fought one Xenomorph, you’ve fought them all making otherwise tense fights feel a little repetitive.

Best Bit

(Image credit: Survios / 20th Centuary Fox)

Whenever Xenomorphs approach your motion detector lets off a whistle-like alert which never failed to put me on edge. The ending is also very strong, but I can’t talk about it in this spoiler-free medium.

As a result, the fear of combat comes not from its challenges but from resource management and unforgiving save points.

You can kill any alien, sure, provided you have ammo – the supply of which is far from endless. And if a group of Aliens does catch you off guard while you’re low on healing items you’ll be sent back to the last time you saved at a panic room – and from experience, I can say it’s not unlike having your college essay reset by a computer crash after not saving for over an hour.

Xenomprophs are frightening in a way, then, but it’s a little immersion-breaking as the in-universe monster isn’t what’s scary, instead it’s the metacontext of the monster as a video game foe that is terrifying.

Concept art of the Xenomorphs (Image credit: Survios / 20th Centuary Fox)

At the same time, while I feel Rogue Incursion would have done well to start you on a weaker footing to let you truly experience the threat Xenonorphs pose, or throw in a few variants (which the facility's Xenomorph experiments would have played into from a story perspective) I never once felt at ease in this world.

And at the end of the day, that's what you really want from a survival horror excursion. To that extent this title reminds me greatly of Resident Evil 7 which similarly suffers with enemy variety outside of boss fights, but that doesn’t ever mean you want to run into the Molded or feel safe on the Baker estate. So if that was a game you enjoyed like I did, I can see you also finding a lot to love about Rogue Incursion.

Alien's own Kobayashi Maru

Story-wise, Rogue Incursion doesn’t reinvent the wheel, but its plot serves as an excellent driving force for your adventure with the ideal balance of hope and despair to keep you pushing on without ever feeling too happy about your situation.

Additionally, I appreciated that the nuggets of world-building you can glean from email logs and audio recordings bring not only additional context to the facility’s SNAFU for lore fans to chew on, but directly tie into the ending which has left me desperately excited to dive into a sequel.

I will keep this review spoiler-lite, as we always do, but I want to quickly air my grievances at the only frustrating moment I faced: the story’s mid-game no-win scenario.

It’s certainly an interesting way to play on the world’s general sense of hopelessness as you’re outgunned in an epic fight against wave after wave of Xenomorph, but not knowing I couldn’t win I had actually manually reset a few times thinking a different strategy would serve me better – the first-person death animations are a bit much for me so I preferred to use the pause menu to return to a save point than let the death play out.

Going down with too much of a fight (Image credit: Survios / 20th Centuary Fox)

Eventually, after several failed attempts I did quickly loosen the headset to check the reviewer’s guide on my phone to see if there was a walkthrough that could tell me what I was missing, and while there wasn’t a walkthrough it did mean I had finally not reset manually, and instead of returning to a panic room save point, I discovered I had progressed the story as I was always meant to lose.

It then leads into a pivtol "oh damn" moment of the game which I was not expecting at all, but the impact was unfortunately a little lost in my irrattation.

Should you play Alien: Rogue Incursion? Play it if…

You love Alien
Even as a newcomer, it’s clear this game is a love letter to the Alien series and will delight players who (for whatever reason) want to immerse themselves in the horror-filled setting.View Deal

You’re a fan of survival horror
This game is a very good example of the survival horror genre and one of the better in VR specifically as a solid blend of Metroid and Resident Evil 7.View Deal

Don’t play it if…

You want something unique
Rogue Incursion is fun, but a little bit too tropey and repetitive at times which could bother some gamers.View Deal

You want a relaxed experience
Even on its easiest difficulty there’s nothing relaxed about Alien: Rogue Incursion.View Deal

Accessibility

Alien: Rogue Incursion, like other VR games, requires a full range of upper body motion to be playable as you’ll need to be able to interact with door handles, wire puzzles, and weapon controls.

It also uses smooth motion which can be a challenge for VR newcomers, however, its strong suite of vignette options meant I was able to play for hours at a time without feeling like I was about to lose my lunch.

How I tested Alien: Rogue Incursion

I played through the whole Alien: Rogue Incursion campaign on a standard PSVR 2 setup using a regular PS5. I tried a few different difficulty settings to get a sense of the level of challenge they provided, and tried the game from both standing and seated positions to see if there were any major benefits of challenge to one style over another – there weren’t, so choose whichever you prefer.

A Thousand Blows is looking like it'll be even more of a knockout new show when it arrives on Hulu in the US and Disney Plus internationally next year, following the release of new artwork.

Alongside the reveal of the new images (see above and below), which show BAFTA award-wining actor Malachi Kirby playing the boxer Hezekiah Moscow aka 'Ching Hook', Disney also confirmed that the show will premiere on February 21, 2025, which means it'll arrive two days after the new Pixar series Win or Lose debuts.

With such a stacked February lineup, it's probably safe to assume that our best Disney Plus shows and best Hulu shows guides will be in need of an overhaul.

(Image credit: Disney; Robert Viglasky)

A Thousand Blows is made by Peaky Blinders creator Steven Knight, so you can count on it to fill that British period drama-shaped hole in your life when it arrives, because (yes, you guessed it) it's another period piece, centered around the world of boxing in Victorian London this time.

While the show is fictionalized, it's loosely based on the real lives of a group of East Londoners in the 1880s, who find themselves in the criminal underbelly of a bare-knuckle boxing scene. Such a setting requires a gritty cast that can pull it off and Kirby looks fighting ready in the new images.

According to Disney's plotline for the show, Hezekiah Moscow will find fortune and fame in the boxing ring but his new-found attention also attracts an infamous crime leader Mary Carr (Erin Doherty) and self-declared leader of East London boxing Sugar Goodson (Stephen Graham), who sets out to exploit him.

With such a talented cast onboard, I can't wait to stream A Thousand Blows when it arrives on Disney Plus in the UK on February 16, 2025.

You might also like

• I wish Disney was as brave as its princesses after learning it cut a trans story from the new Pixar show Win or Lose
• Star Wars: Skeleton Crew creators explain why the Disney Plus show sits where it does on the Star Wars timeline
• Malcolm, Malcolm, Malcolm! Yes, 'Malcolm in the Middle' is being revived for Disney Plus

This year, the animal kingdom was filled with triumph, loss and new discoveries. Here is a look at NPR's top animal stories of 2024.

Find the fastest broadband speeds and most affordable pricing with the best internet providers in Houston.

Score a great gift for everyone on your list without breaking the bank. Every one of these gifts comes WIRED-recommended.

Nab yourself or someone you love this powerful 20,000-mAh capacity multipoint charger for just $78 with this hefty 40% discount.

The right essential oil diffuser can elevate your space with pleasant scents and wellness benefits. Here's our CNET-tested best.

Luigi Mangione is charged with murder as an act of terrorism in the killing of the UnitedHealthcare CEO. Here's what that means. And, could reality TV stars unionize? Why it could be hard.

(Image credit: Jeff Swensen)

Brevo, formerly known as Sendinblue, is among the most budget-friendly and best email marketing platforms available today. It's tailored for small to medium-sized businesses, combining email marketing, automation tools, and CRM features into one easy-to-use platform. With professional-grade templates and strong automation workflows, it's already established itself as a firm favorite among marketers.

Brevo provides a free plan for beginners and budget-conscious businesses, allowing unlimited contacts and up to 300 emails daily. It also includes SMS and WhatsApp marketing, which isn't usually found in basic tools.

However, Brevo has its downsides. Users might face minor data import issues and find the landing page features somewhat limited. This could be frustrating for those seeking a more comprehensive tool. Despite this, Brevo's affordability and user-friendliness make it a strong contender in the market.

Brevo review: Core capabilities

Brevo provides a suite of features to simplify email marketing and customer relationship management. At its core is a user-friendly email builder, offering over 60 professional templates that can be tailored to match your brand's look. Users can customize layouts, images, and text, and boost engagement by using recipients' names, locations, or other personalized details.

Brevo shines in automation, allowing users to create workflows that respond to triggers like sign-ups, purchases, or website visits. This automation simplifies managing multiple campaigns by handling repetitive tasks and enabling targeted outreach on a large scale.

A key feature is Brevo's integrated CRM tools, which let you directly manage your customer database within the platform. These tools give detailed insights into user behavior and interaction history, helping you segment your audience for more focused campaigns.

(Image credit: Brevo)

Beyond email, Brevo supports SMS and WhatsApp marketing, enabling engagement with customers across different channels. This multi-channel strategy increases chances to connect with customers where they prefer.

Brevo also offers strong analytics tools for marketing performance insights. Essential metrics like email open rates, click-through rates, and bounce rates are provided, along with heat maps and device-based reports for thorough analysis.

Although these features meet most business needs, some users may find the lack of advanced landing page creation a drawback, limiting full campaign management.

Brevo: Ease of use

Brevo is often praised for its easy-to-use interface. Signing up is quick and takes just a few minutes. The onboarding process includes helpful prompts and guidance, perfect for first-time users.

The email editor is intuitive, with drag-and-drop features that make building email marketing campaigns easy, even if you're not technical. Tasks like uploading a contact list or designing an email campaign are quick and efficient.

New users can also access resources such as tutorials, blogs, and webinars, offering step-by-step guidance to maximize the platform's benefits. However, some users occasionally experience lags and tricky data imports, which can disrupt an otherwise smooth experience.

Brevo customer support

Brevo offers solid customer support with live chat, email, and a detailed knowledge base. However, the tiered approach gets a mixed reception.

Free plan users get basic support, while paid subscribers enjoy faster response times through priority channels. Most users have positive experiences with the support team, but sometimes, responses can be slow during busy periods.

The absence of phone support might be another downside for those needing immediate help. The knowledge base is well-organized and full of tutorials, guides, and FAQs — but that may not be enough for every situation.

Brevo pricing

(Image credit: Brevo)

Brevo uses a flexible pricing model that charges based on emails sent, not the number of contacts. The Free Plan costs $0 per month and allows up to 300 emails per day with up to 100,000 contacts, but includes Brevo branding.

The Starter Plan starts at $9 per month, offering 5,000 emails monthly, with an option to remove branding for an extra fee. In some ways the Starter Plan doesn’t add up. After all, if the free plan allows 300 emails a day, that is around 9,000 emails a month if you max it out - 4,000 more than the paid plan. But with no daily limits (you can send all 5,000 emails on one day if you want) and the ability to add up to 500,000 contacts, you get a much greater level of flexibility with the Starter Plan.

The Business Plan starts at $18 per month, providing advanced features like A/B testing, reporting, and additional automation tools.

For businesses with high-volume campaigns or specific needs, the Enterprise Plan offers custom pricing and tailored solutions. Brevo’s pricing adjusts based on email volume, making it suitable for businesses of any size. It offers good value for smaller businesses or those new to email marketing, but heavy senders should evaluate the cost of higher tiers.

Brevo review: Verdict

Brevo offers a great mix of affordability and functionality. With powerful automation tools, CRM integration, and an intuitive design, it's accessible for small and medium-sized businesses. Its multi-channel marketing features also give it an edge over competitors.

However, some downsides include limited landing page capabilities and occasional lags, which might annoy users looking for a more comprehensive solution. Brevo is ideal for businesses that prioritize email marketing over full campaign management.

Brevo FAQs What makes Brevo different from other email marketing tools?

Brevo offers competitive pricing and charges based on email volume instead of contact count, making it more cost-effective for businesses with large databases. Its built-in CRM and support for SMS/WhatsApp marketing also distinguish it.

Is Brevo good for beginners?

Yes, Brevo is beginner-friendly thanks to its intuitive interface, robust tutorials, and generous free plan. Its drag-and-drop editor simplifies email creation, and the automation tools are easy to implement even for novices.

Does Brevo support advanced marketing automation?

Absolutely. Brevo's automation tools allow users to create workflows triggered by various customer actions, such as email opens or website visits. Advanced users can set up custom workflows for deeper personalization.

Is there a free trial?

Brevo offers a free plan instead of a time-limited trial. This free tier supports up to 300 emails per day, giving users a chance to explore core features before committing to a paid plan.

Can I create landing pages with Brevo?

Brevo allows for basic landing page creation, but it lacks the sophistication and customization options found in dedicated tools like Unbounce or Instapage. For businesses heavily reliant on lead pages, this could be a disadvantage.