Feed aggregator

• Security researchers found two flaws affecting Xerox Versalink MFP printers
• The flaws could be used in "pass-back" attacks to steal login credentials
• Patches and workarounds are already available, so update now

Some Xerox printers are vulnerable to a “pass-back” attack which can be used to steal login credentials, experts have warned.

Cybersecurity researchers Rapid7 discovered the vulnerability and reported it in an in-depth analysis, saying that during security testing, it found a vulnerability affecting Xerox Versalink MFP printers. This flaw can be abused either via LDAP, or SMB/FTP, to mount a pass-back attack, and with that in mind, it was given two CVEs: CVE-2024-12510 for LDAP, and CVE-2024-12511 for SMB/FTP. The vulnerabilities were given severity scores of 6.7/10 (medium) and 7.6/10 (high) respectively, and affect firmware versions 57.69.91 and earlier.

“This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP device to send authentication credentials back to the malicious actor,” the researchers explained. “This style of attack can be used to capture authentication data.”

Capturing login credentials

The technical details can be found in the blog post here, but the gist is that if a threat actor gains access to a printer’s admin settings, and LDAP is used for authentication, they can change the LDAP server to the one they control, capturing login credentials.

They can also hijack the printer’s scan-to-file feature to steal SMB or FTP credentials, potentially compromising Windows Active Directory and other critical systems.

"For this attack to be successful, the attacker requires an SMB or FTP scan function to be configured within the user's address book, as well as physical access to the printer console or access to remote-control console via the web interface," the researchers stressed.

"This may require admin access unless user level access to the remote-control console has been enabled."

After being tipped off, Xerox issued Service Pack Service Pack 57.75.53, which fixed the problem for VersaLink C7020, 7025, and 7030 series printers.

Those who are unable to apply the patches immediately are advised to set stronger passwords for their admin accounts, refrain from using Windows authentication accounts with high privileges, and disable the remote-control console for unauthenticated users.

You might also like

• Microsoft says Russian hackers are exploiting an ancient printer security flaw
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

The Belgian champions have a slender advantage heading into this knockout second leg in Bergamo.

The Portuguese team have a one-goal advantage heading into this home leg at the Estádio da Luz.

A year after Reddit went public, the company's efforts to monetize its popular message boards continue.

• A Redditor has received a third-party RTX 5070 Ti before its launch on February 20
• This comes before its February 19 review embargo
• Recent reports suggest that the new GPU will suffer from similar stock issues seen with the RTX 5090 and RTX 5080

Nvidia's RTX 5000 GPU series launch has been a tangled affair, due to numerous issues like limited retailer supply and scalping. Now, if it wasn't bad enough for Team Green already, the RTX 5070 Ti is only two days away from its launch - but one of its third-party models is unfortunately already out in the wild.

Spotted by VideoCardz, a Redditor claims they have already received the Asus RTX 5070 Ti Prime OC GPU, before both the review embargo and the actual launch of the Founders Edition card, which are set for February 19 and February 20 respectively. Leaks and speculation circulating around the new Blackwell GPUs aren't exactly anything extraordinary, but a card actually landing with a buyer days before launch is a pretty wild turn of events.

While it may not prove to be heavily detrimental to the RTX 5070 Ti's launch, it does further underline exactly how messy Team Green's latest GPU launch has been - more reports highlighted by VideoCardz suggest the upcoming GPU could also face the same supply issues seen with the RTX 5090 and RTX 5080, potentially leaving scalpers salivating once again.

The Redditor also mentioned paying more than the retail price, which doesn't come as a surprise - multiple online retailers currently feature inflated prices for third-party RTX 5090 and RTX 5080 cards, so even though the recipient likely paid extra (with the unexpected benefit of getting the RTX 5070 Ti early), there's a high chance the same price inflation will occur for the 5070 family.

(Image credit: Nvidia) It's probably best to stick with your RTX 4000 series GPU for now

Acknowledging the ongoing issues with RTX 5000 availability, the easiest solution is to stick with your RTX 4000 series GPU if you have one. If you're lucky enough, you may even find third-party models of AMD's Radeon RX 7900 XTX (which is only slightly weaker than the RTX 5080) at discounted prices, or you could just wait for Team Red's new Radeon RX 9000 series lineup (assuming those don't get the scalper treatment too).

The only disadvantage you may have with Team Red's RX 7000 series flagship GPU, is potentially no access to FSR 4 - I say this with heavy emphasis on 'potentially', as the upscaling method might not end up being exclusive to the RX 9000 series forever.

While I'm not downplaying the effectiveness of DLSS 4 with Multi Frame Generation on the new Blackwell GPUs, it's just not worth the hassle to overpay to pre-order any of the cards at this point. There will more than likely be restocking in order for RTX 5090 and RTX 5080 GPUs at some point (and likely the same once the 5070 family sells out), but who knows how long that will take.

Right now, if you own an RX 7900 XTX or the likes of an RTX 4080 Super, rest assured, you're not missing out...

You may also like...

• One Redditor spotted an AMD Ryzen 7 7800X3D for $99 in the wildest price drop I've ever seen
• We've barely seen AMD's RDNA 4 GPUs in action yet, but a new rumor suggests we could be getting an Nvidia RTX 5090 competitor at last
• Intel's rumored 'Celestial' GPUs could finally give Nvidia and AMD cause for concern

Can the Scottish champions battle back at the Allianz Arena?

Money no object

We love to give practical buying advice on the latest gadgets here at TechRadar. But sometimes what we love even more is to indulge in the most ridiculous, high-end, cutting-edge, luxurious tech on the planet. That's what we bring you in these Money No Object columns – you can read the whole series here.

If you're reading this (thank you for that, by the way) you're no newbie to the hi-fi game. You know McIntosh – you remember the US specialist's MA6300 integrated amplifier, from the mid noughties, noted the firm's much more recent striking Bluetooth speaker, considered the compact, good-for-anything audiophile amp with streaming smarts and perhaps even visited the company's elite House of Sound venue. But this proposition is new again.

This is the McIntosh DS200, and this big chunk of metal, buttons and classy casework is specifically a streaming DAC. It's the separate for you if you've already got a compatible power amp and preamp (if not, might I suggest Moon's North 791 and 761 solution?) and of course speakers – here, let's go for the Focal Diva Utopia, because this is our hedonistic hi-fi haven and we can imagine whatever we like. Just missing the high-end streaming component to complete it all? McIntosh's got it covered with the DS200.

(Image credit: McIntosh) What makes a McIntosh separate? For me, the sound

As you'd expect, it's compatible with wireless protocols Spotify Connect, Tidal Connect, Apple AirPlay 2 and Google Cast plus Bluetooth. It's equipped with two Wi-Fi antennas and one Bluetooth antenna, as well as an Ethernet port for wired connections.

What about the DAC? It's good: the DS200 features a Quad Balanced eight-channel, 32-bit digital-to-analog converter, so in addition to its streaming capabilities, the DS200 boasts high-resolution digital audio playback via its eight digital audio inputs, including DSD512 and DXD up to 384kHz via USB and 24-bit/192kHz via coax and optical ins. There's also an HDMI (ARC) input to level up your TV and movie audio experiences, which can convert Dolby and DTS multi-channel formats into two-channel audio for optimized playback on your particular system, should you wish.

The DS200 also sports both balanced and unbalanced analog outputs, meaning it'll fit in with pretty much any existing audio system. For instance, it's factory-set in fixed output mode, with an option to switch to variable for direct connection to a power amp, allowing the DS200 to control volume in a fully digital audio setup.

And I can't end this piece without mentioning McIntosh's design language. The DS200 Streaming DAC is every bit the black glass faceplate, rotary control knobs, illuminated logo and custom-machined aluminum end caps I love about the company.

Ready for the big question? The DS200 be available in March through authorised McIntosh dealers with an official price of $4,000 / £5,890 / €5,990, which is around AU$6,302, if we take the US dollars figure as a guide. Look, I can't afford it. But that doesn't mean I wouldn't want to buy it…

You may also like

• I heard Rotel's ultra-luxe CD player and Hi-Res Audio DAC, and I'd buy it in a second if I could (even if it won't play my SACDs)
• Technics SL-G700M2: a high-achieving network streamer that's also a high-end CD player
• Forget vinyl LPs – the Hegel Viking will take your CD collection to Valhalla

With Idaho's city-owned fiber network, there's no shortage of internet options available.

The way I listen to music is functional. I have playlists for the gym, background music for work, and upbeat tracks to push me through an afternoon slump. My choices are tied to specific activities and times of day, so when Spotify introduced Daylist in September 2023, I was hooked.

Daylist is a dynamic, personalized playlist that updates throughout the day based on your listening habits. It curates tracks that match past choices, adjusting to different times and, in theory, moods. It’s ideal – open it, laugh at the AI-generated playlist names, hit shuffle, and go, no thinking required.

But is that a good thing? At first, I loved it. But over time, it shifted from something I enjoyed to something I heavily relied on without realizing. And now, I’ve started to notice a pattern – the same themes, the same kinds of tracks appearing again and again.

Which makes me wonder: Am I stuck in an AI-curated loop, feeding the same preferences back into the system until my tastes become a closed circuit? Is Spotify’s recommendation algorithm making me predictable – and, dare I say it, boring?

(Image credit: Shutterstock) How do recommendations work?

Personalized content is a huge part of Spotify’s success, and Daylist is just one of many recommendation-driven features. There’s Discover Weekly, Release Radar, Daily Mix, On Repeat, Repeat Rewind, Your Daily Podcasts, and more.

Seasonal playlists, like Spotify Wrapped, also keep things fresh. Spotify’s approach has been so successful that other streaming services have followed suit, refining their own playlist and recommendation engines to compete.

Some playlists are curated by actual humans at Spotify, but most rely on recommendation algorithms. The system pulls from several inputs: what you listen to, what you skip, what you save, your location, age, broader listener behavior, and general trends. One key method is collaborative filtering, which analyzes users with similar habits to recommend music you might like.

Another technique, content-based filtering, examines song characteristics – like tempo, genre, and instrumentation – to find patterns and suggest similar tracks. Then there’s context-aware filtering, which considers time of day, location, and past listening behaviors – this is what powers Daylist.

These techniques work together to keep recommendations fresh but still personal. Even when it feels like the algorithm is just recycling my old favorites, it’s actually introducing new songs that fit my tastes – just with enough variety to keep things interesting.

(Image credit: Spotify) The filter bubble

There’s a downside to all this personalization. The more I listen to algorithmic recommendations, the more my choices get reinforced, creating what’s known as an echo chamber or filter bubble.

And it’s not just Spotify. Netflix, YouTube, news apps – they all work the same way, feeding us more of what we already like, sometimes at the expense of real discovery.

This isn’t new. For years, our digital experiences – and even our tastes – have been shaped more by recommendations than by our own curiosity. Convenience is baked in, making it harder to break free. And let’s be honest – these platforms are designed to keep us scrolling, watching, and listening, not questioning what’s next.

Breaking free from The Algorithm

If AI-driven recommendations are keeping me in a musical rut, what’s the solution? The fixes are simple – almost embarrassingly so – but I needed the reminder.

Lately, I’ve been making an effort to seek out new music. I’m listening to more music podcasts, radio stations, and asking friends for recommendations. Even just recognizing that I might be stuck is a step forward.

I’ve also been using Spotify more intentionally – shuffling through my library to rediscover old favorites, searching for artists instead of mindlessly clicking on the dreamy color gradient of Daylist. This morning, instead of opening Daylist, I played a new music playlist. Not a huge step, but a small one.

(Image credit: Future)

Because as much as I love the convenience of an algorithm telling me what to listen to, what to like, what to care about, I don’t love how it commodifies music. These platforms aren’t designed to help us discover hidden gems or support emerging artists – they champion what’s already trending. Their real goal? Keeping us engaged and making money.

And yet, there’s something magical about human curation, randomness, and chance discoveries. But that kind of exploration takes effort, patience, and a willingness to get it wrong sometimes. Can we ever code that into an algorithm? It feels too messy, too human – but maybe one day.

Then again, maybe I’ve got it all wrong. Maybe these recommendation engines do understand something deeply human – just not the part we like to admit. We say we love discovery, that we crave newness. But when it comes to entertainment – movies, TV, music – maybe we’re not that adventurous. Maybe we just like things to feel familiar.

Maybe it’s not Spotify making me boring. Maybe I’m just boring.

• PLL Electric Utilities confirms data leaked online
• It was stolen from a third-party vendor during MOVEit hack
• No banking or payment information was leaked

It has been almost two years since the MOVEit MFT data breach fiasco, but businesses and their customers are still feeling the consequences.

PLL Electric Utilities is the latest to confirm information stolen back in 2023 has now been leaked online, as one of its vendors was exposed through MOVEit.

“The information did not extend beyond basic information such as name, address, phone number, email address and account number,” a company spokesperson said. Banking or credit card information, social security numbers or account passwords were not disclosed, since PPL did not share this data with the compromised vendor in the first place - but the information can still be used in phishing attack, identity theft, social engineering, and more.

Millions of victims

“This issue is completely unrelated to PPL’s systems and critical infrastructure across all our service areas,” the company said.

The 2023 MOVEit data breach was a large-scale cyberattack exploiting a zero-day vulnerability in MOVEit Managed File Transfer, a file transfer software built by Progress Software. It was discovered in late May 2023, when the flaw allowed attackers to execute SQL injection attacks and gain unauthorized access to sensitive data.

Ransomware actors known as Cl0p were the ones exploiting the bug to steal data from organizations worldwide. The attack impacted more than 600 organizations and roughly 40 million individuals, including governments, financial institutions, healthcare providers, and major corporations. Among more notable victims are U.S. federal agencies, British Airways, Shell, and BBC.

The Cl0p ransomware gang is estimated to have extorted between $75 million and $100 million. Despite a low percentage of victims opting to pay, the group secured substantial sums from a select few who met their high ransom demands.

Via The Record

You might also like

• Profit over privacy? Google gives advertisers more personal info in major ‘fingerprinting’ U-turn
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

Hamas says it has agreed to Israel's request to speed up release of Israeli hostages, including two men held around a decade. The bodies of members of a young family are among those it will hand over.

(Image credit: AHMAD GHARABLI)

• Epic Games has confirmed that Mortal Kombat's Sub-Zero will be coming to Fortnite in the next season
• This makes it the first game to feature characters from both Street Fighter and Mortal Kombat at the same time
• Sub-Zero will be featured in the battle pass for Chapter 6: Season 2

Fortnite will officially get characters from the Mortal Kombat universe in Chapter 6 Season 2.

Epic Games shared the announcement in a recent X / Twitter post, where artwork confirmed that the next season will add Mortal Kombat icon Sub-Zero as an earnable skin in the game's new Battle Pass.

The addition of Sub-Zero makes Fortnite the first game to allow for a Mortal Kombat vs Street Fighter showdown by featuring characters from both fighting game franchises at the same time.

The popular battle royale welcomed Street Fighter's Ryu and Chun-Li back in 2021, followed by Cammy, Blanka, and Sakura later. With both fighting games now finally represented in Fortnite, we can probably expect some creative one-on-one battles between players, minus the bloody violence, of course.

Step forward and state your name. Except you, Sub-Zero. We know who you are...C6S2 | 2.21.25 pic.twitter.com/A6B9YjVHyYFebruary 14, 2025

So far, Sub-Zero is the only Mortal Kombat to be confirmed for the game, but there's a chance more characters will be added in the future, like Scorpion, Mileena, Johnny Cage, and Raiden.

Fortnite Chapter 6 Season 2: Lawless is scheduled to kick off on February 21, 2025. The new season will take place in Crime City and will also let you play as a pickle called Big Dill, as well as returning character Midas.

You might also like...

• Best battle royale games 2024 - be the last one standing in these titles
• Marvel Rivals Season 1.5 will add Human Torch and The Thing later this month as NetEase walks back its plans for a mid-season rank reset
• Ubisoft announces Rainbow Six Siege X, 'the biggest transformation' the tactical shooter has ever seen that will overhaul gameplay and graphics

I'm really gonna miss the iPhone SE. Oh, I know it's not going anywhere, but that iconic design with its last vestige of a home button is sure to disappear, and be replaced by something elegant and also very similar to all other current iPhone 16 models. That technical and aesthetic shift could sap the iPhone SE of what made it special (or Special Edition), and that would be a crying shame.

When, if the rumors are true, Apple unveils the iPhone SE 4 tomorrow (February 19), the Cupertino tech giant will have its work cut out for it. No one expects the 4.7-inch screen, single rear camera, and arguably very iPhone 8 design to survive. But unveiling a $500 iPhone SE that looks almost exactly like an iPhone 16 mini but with no defining characteristics would be a mistake, and it's one I truly hope Apple doesn't make.

There are signs that things could go a different way. Chief among them is Apple CEO Tim Cook's teaser post, which included a GIF that appeared to show the reflection of… something. Some believe they can clearly see the reflection of the next SE in that Apple logo. I, however, see something different.

Get ready to meet the newest member of the family.Wednesday, February 19. #AppleLaunch pic.twitter.com/0ML0NfMeduFebruary 13, 2025

I wonder if Apple was teasing an all-white iPhone with a design that splits the difference between the flat edges of the iPhone 16 lineup and that classic iPhone SE of 2022. At the very least, it would mean the iPhone SE 4 looks unlike anything else in the iPhone lineup.

Realistically, if Apple doesn't do something unexpected with the design, I struggle to see how the SE can be a 'Special Edition'. We're already fairly certain that it will get the Dynamic Island (or at least the dreaded notch) and Face ID. It will, by European Union decree, be a USB-C port design, and will have at least an A17 Pro so it can support Apple Intelligence, because Apple wants that AI stuff everywhere.

It won't have class-leading cameras. If the iPhone SE 4 follows in the footsteps of its predecessors, it will have a single rear camera (but it might be 48MP) and a 12MP front-facing FaceTime camera.

This is all expected.

Mini SE

I suppose there is a chance that the iPhone SE will instead take up the mini mantle and be a reskinned iPhone 13 mini. Back in 2022, the iPhone 13 mini was a little powerhouse with a dual-camera system and the A15 Bionic driving almost all the same photographic experiences you could get on the full-size iPhone 13. At 5.4 inches, the iPhone 13 mini screen is still larger than the iPhone SE's 4.7-inch display.

If Apple goes that route, it would just have to update the screen to accommodate the Dynamic Island (or notch). I don't know if Apple would go fully Super Retina on what is supposed to be a $500 phone. The iPhone 13 mini, by the way, cost $699 / £679 / AU$1,199.

Apple's iPhone mini line never sold well, but this was likely due to that price. The cheaper iPhone SE 4 could fare better. Still, none of the changes I've described put this phone in the 'special' realm.

To be fair, I really don't know what could make the iPhone SE 4 'special'. It's unlikely that Apple would introduce some out-of-band innovation that none of the iPhone 16 models have. That's not Apple's way. The SE line is a trickle-down model; it gets what the other phones have in due course, and tech innovation does not flow upstream.

Still, I'm excited about this mid-year iPhone unveil. Apple doesn't do it very often, and it could be a great opportunity for it to surprise us, and make the iPhone SE 4 as truly special as I want it to be.

You might also like

• The iPhone SE 4 seemingly appears in leaked images
• March 2025 has long been predicted as the iPhone SE 4 launch month
• These are the best iPhones at the moment

A real estate developer-turned-Middle East envoy, Witkoff has been credited with helping broker the Israel-Hamas ceasefire and free an American from Russian prison. Here's what to know about him.

(Image credit: Chris Kleponis)

2025 is a watershed moment for AI in the enterprise, especially generative AI. Businesses across industries are integrating the technology at scale and with their critical systems and objectives. By the end of the year, more than three-quarters of enterprises will have deployed the technology, according to Gartner – up from just five percent in 2023.

This is the year that AI truly becomes entwined with business’ most coveted data, influencing their strategic decisions and interfacing directly with their customers. Meanwhile, AI regulations are proliferating: The EU AI Act is rolling out across Europe and several U.S. states have introduced AI bills.    

More than ever, enterprises must ensure their AI systems are trustworthy: explainable, fair, robust, transparent, and privacy-respecting. Only then can AI be a net positive for business. But how do they do so?

Trustworthy AI requires a framework with two important perspectives: AI governance, which sets and enforces rules to ensure AI systems are safe and ethical. And AI security, which monitors AI behavior, securing AI models, data, and applications.   

When approached together, AI governance and AI security provide a 1 + 1 = 3 effect, bridging business imperatives with compliance requirements, enterprise risk, and CISO mandates. Safe, ethical systems are easier to secure; and secure systems are easier to govern. But enterprises are often overwhelmed and underprepared, and their governance and security efforts are frequently siloed – which can seriously undermine AI initiatives and investments.

Without governance + security, trust falls apart

Here is an analogy: Imagine a food manufacturer with a meticulous governance process. They carefully oversee how ingredients are grown, procured, stored, and mixed. Yet that same company keeps their factory doors unlocked and does not place tamper-proof seals on their products. Do you trust them?

On the flipside: Imagine a food manufacturer that carefully secures its factories and products – but does little to govern how food is grown, procured, stored, and mixed. Do you trust them? 

This same logic apples to AI. You cannot govern a system that is not secure. And you cannot secure a system without proper oversight.

A mix of fragmented tooling, poor communication, and skills gaps are driving this problem. There are a dearth of integrated, end-to-end tools and processes for AI security and AI governance. In many businesses, data scientists and model validators are using ad-hoc security and governance point solutions, sometimes not even formally supported by the organization. Recent IBM research revealed that fewer than half of companies surveyed are taking key steps towards trustworthy AI like reducing bias (27%), tracking data provenance (37%), making sure they can explain the decisions of their AI models (41%), or developing ethical AI policies (44%).

There is also a major skills gap: The people who create and maintain AI models are not cybersecurity experts. And security experts generally are not versed in AI. That may be why only 24% of current generative AI projects have a component to secure the initiatives, according to the IBM Institute for Business Value.

These shortcomings carry steep costs. Enterprises not only miss the full potential of AI, but also invite a range of risks and threats. Improper AI governance and security can result in incorrect outputs, including hallucinations, bias, hate, and profanity. Data breaches can become more common – costing businesses millions of dollars and violating compliance mandates. And vulnerabilities can proliferate, creating attractive targets for bad actors.

 Bridging the gap

AI governance and AI security are shared responsibilities. The two disciplines have common objectives: heightening visibility and mitigating risk. Both are also closely tied to data: Properly governing AI requires data governance. And properly securing AI requires data security.

To properly entwine the two, collaboration must happen both at the table and in the tech. Security experts need a seat at the governance table, and vice versa; CISOs, CROs, CCOs, and CSOs should be in regular communication. Their respective frameworks and strategies should be interoperable, and their investments should complement each other to avoid gaps and redundancies.

Meanwhile, the underlying technology for security and governance must be one unified, cross-functional experience. This allows employees working on day-to-day model governance and cybersecurity to stay in constant contact with shared visibility. The problem of shadow AI – unauthorized models running within an organization – provides a clear example. If just one AI model eludes governance, it undermines the whole governance strategy. AI security products can help eliminate this risk, pinpointing shadow AI models and automatically feeding them into the requisite AI governance tool. This interplay can also apply to misconfigurations and vulnerabilities.

As businesses race toward generative AI adoption, it is not enough to have individual approaches to AI governance and AI security. Businesses should have one shared approach, from the executive level down to their tactical tools. This collaboration enables businesses to unlock the power of AI – safely and securely.

We've featured the best AI website builder.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Netskope uncovers new Go-built backdoor spreading malware
• It uses Telegram as its C2 infrastructure to send commands
• The backdoor is most likely of Russian origin, experts warn

A new backdoor threat has been spotted using Telegram as its command-and-control (C2) infrastructure, researchers have warned.

Cybersecurity researchers from Netskope observed a new backdoor built in Golang, also known as Go, a programming language best known for its simplicity, concurrency support, and efficiency in building scalable backend systems, cloud services, and networking applications.

The backdoor is capable of executing PowerShell commands, can self-destruct, and checks for and executes predefined commands. However, what makes it really stand out from the crowd is its C2 infrastructure - it uses a special function to create a bot instance, using a Telegram API token generated via Botfather. Then, it uses a separate function to continuously listen for incoming commands from a Telegram chat. Before executing any predefined actions, the malware verifies the received command’s validity.

Challenging defense

Using Telegram, or other cloud services, as a C2 server is nothing new, the researchers explained, but it is dangerous, since it is difficult for security pros to differentiate between malicious and benign information flow.

“Although the use of cloud apps as C2 channels is not something we see every day, it’s a very effective method used by attackers not only because there’s no need to implement a whole infrastructure for it, making attackers’ lives easier, but also because it’s very difficult, from a defender perspective, to differentiate what is a normal user using an API and what is a C2 communication,” Netskope said in the article.

Besides Telegram, threat actors often use OneDrive, GitHub, Dropbox, and similar cloud apps, making defenders’ lives difficult.

Netskope did not discuss the number of potential victims, but did stress that the malware is most likely of Russian origin.

You might also like

• Microsoft says Russian hackers are exploiting an ancient printer security flaw
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

Elon Musk is not the legal administrator in charge of the "Department of Government Efficiency," the White House said in a court filing, and has "no actual or formal authority" to make decisions.

(Image credit: Andrew Harnik)

• A small amp promising supreme sound
• The AP-507 joins TEAC's Reference 500 Series
• Due out in spring, it costs $2,299 / £1,899

Money no object

We love to give practical buying advice about the latest gadgets here on TechRadar. But sometimes what we love more is to indulge in the most ridiculous, high-end, cutting-edge, luxurious tech on the planet. That's what we bring you in these Money no object columns – you can read the whole series here.

Are you a hardcore audiophile who has just won the lottery? Then great news! TEAC has just announced a super-high end amp that promises to bring big sounds to your surround system all wrapped up in a compact box.

From a specs perspective, TEAC’s AP-507 stereo power amplifier is exactly the sort of luxury product we love to attach our Money No Object label to.

Due out later this spring and priced at an eye-watering $2,299 / £1,899, the AP-507 promises to deliver top-tier audio engineering squeezed into a small form-factor design that won’t dominate your living room.

TEAC claims that despite its adorable “letter size” footprint, the AP-507 will embody “the pinnacle of audio design”, joining the firm’s Reference 500 Series of luxury sound gear. Like the rest of the range, the AP-507 amp – which will be available in black and silver – has been “designed to give music enthusiasts complete control and flexibility” when it comes to fine-tuning their sound systems.

The Japanese audio expert is making some impressive claims that would seem to justify the AP-507’s bank balance-obliterating price tag. Sporting the firm’s next-gen custom tuned ‘NCOREx’ power amplifier module, it could be a dream amp to pair with some of the best stereo speakers.

Amped up

(Image credit: TEAC)

This tech will supposedly deliver an ultra-immersive three-dimensional soundstage, and TEAC says the AP-507 will deliver super-accurate, high efficiency, low distortion sounds thanks to its proprietary dual-mono buffer amplifier. Which is a lot of techy audio terms in order to get across that the AP-507 should make your existing speaker system sound pretty damn glorious.

Designed to be both compact and flexible, the AP-507 offers a trio of listening modes: stereo, Bi-AMP and BLT mono, all delivered at 170 watts, which really is a lot for something so small.

It’s also a lovely-looking piece of audio equipment. Then again, you’d expect that from a high-end amp that costs this kind of money – still, I love the classy aluminum chassis. Its 2.8mm thick, semi-floating top plate – also made from aluminum – is also rather eyeball-arousing.

Obviously that $2,300 / £1,899 price point is going to mean the TEAC AP-507 is a cute and compact amp that is going to be for hardcore audiophiles who've simply run out of space for a big rack system.

You might also like...

• I reviewed Sonus Faber's luminous Lumina II stereo speakers, and they're a winner for Italian-crafted sound and looks
• Wharfedale's new strictly limited-edition stereo speakers are custom-crafted and surprisingly affordable (for this kind of thing)
• Ever wish you had a tube amp with you everywhere for your headphones? Now you can

Stay connected to multiple devices at once with the best multipoint earbuds and headphones. Here are CNET's top picks.

Review info

Platform reviewed: PS5
Available on: PS5, PS4, Xbox Series X|S, Xbox One, PC
Release date: February 21, 2025

Like a Dragon: Pirate Yakuza in Hawaii is a game that I’m stunned even exists. In the AAA gaming space, it’s so rare to see a franchise just let loose with a genuinely absurd premise. Yet with action-adventure game Pirate Yakuza in Hawaii, developer Ryu Ga Gotoku Studio pulls it off with such unabashed confidence that you really just have to respect it.

And still upon reflection, it’s a premise that manages to make perfect sense for protagonist Goro Majima. For the most unhinged of the series’ legendary yakuza - a guy who’s previously had success running a cabaret club and a construction company - taking up the mantle of a pirate captain and sailing the high seas in search of lost treasure is something he’d probably do in a heartbeat. With or without the amnesia he’s struck with at the start of this game.

It’s a concept that elevates Pirate Yakuza in Hawaii from any old spinoff to a truly memorable adventure and one that absolutely stands out confidently against the backdrop of the long-running series. It’s still a Like a Dragon title through and through - with an abundance of minigames, side quests, and a massive open hub to explore - but the backdrop of piracy and treasure hunting makes Pirate Yakuza in Hawaii one of a kind.

Setting the stage

(Image credit: Sega)

Six months on from the events of Like a Dragon: Infinite Wealth, we find Majima washed up on the beach of a remote island off the coast of Hawaii. Near death and with little in the way of memories to his name, he’s mercifully saved by a child named Luke, who lives on the island with his dad and older sister.

Over the course of the first chapter, Majima repays Luke’s kindness by helping the island deal with a rather major pirate problem. And we’re talking pirates in the strictest sense: galleons outfitted with powerful cannons and menacing sails, staffed by salty treasure-hungry sea dogs. It turns out the whole thing is quite the racket in the waters surrounding Hawaii (in the Like a Dragon universe at least).

After a stint doing errands on the island, it’s not too long before Majima gets a pirate ship - the Goromaru - and a ragtag crew of his own. And so properly begins an adventure that successfully weds a Treasure Island-esque narrative with Like a Dragon’s political and faction-based intrigue. While it’s not as big on throwing you wild curveballs as the mainline series, it’s a tale that’s nonetheless entertaining and thrilling from start to finish, with an absolutely phenomenal finale to boot.

White whale, holy grail

(Image credit: Sega)

Gameplay and exploration in Like a Dragon: Pirate Yakuza in Hawaii is split into two distinct segments, those being land and sea. When you’re ashore, it’s perhaps unsurprisingly like most other Like a Dragon titles; Majima gets to fully explore the city of Honolulu (returning from Infinite Wealth) and engage in all kinds of minigames, side stories, and combat.

As in prior entries, clueless goons are more than keen to make a beeline for Majima should they spot him out and about, which is where his two distinct combat styles come into play. I’ve covered them extensively in my previews beforehand, but what you need to know is that the Mad Dog and Sea Dog styles offer incredibly unique ways to engage your foes.

Mad Dog is closer to the Majima you expect. Wielding his iconic knife, he employs rapid attacks, a powerful gap closer, throws, and more. It’s ideal for whittling down a single target or a small squad of baddies. Sea Dog is the more interesting of the two, as Majima dons his pirate garb, wields two cutlasses, and has access to a flintlock pistol and a hook. It’s much better suited to the larger-scale fights you’ll have during story missions and deck battles.

Best bit

(Image credit: Sega)

It’s hard to single out any one aspect of Like a Dragon: Pirate Yakuza in Hawaii as its absolute best bit, but the sheer variety of content on offer is undoubtedly a swashbuckler’s dream. Even better, you can take it all at your own pace. Want to tick off some substories or chill with some minigames? Or do you want to take things up a notch by sinking some lily-livered sailors in the Pirates’ Coliseum? Outside of major story beats, it’s all available to you at any time.

Overall, Majima feels exceptionally powerful here, to the point where the Normal difficulty setting was honestly quite a breeze. Throw in some hilariously strong Heat Actions, Mad Dog’s Doppelganger mode, and Sea Dog’s Dark Instruments (both available via the chargeable Madness Gauge) and we have what is certainly among the most overpowered move sets in series history.

But by Davy Jones is Majima such a joy to play as. Whether it’s blasting away entire scores of lads with a charged flintlock shot or wreaking havoc with a giant ethereal chimpanzee (no, really), combat rarely feels like a drag. Enemies aren’t necessarily pushovers though, with some types wielding spears or shields to counter specific abilities.

However, as powerful as Majima feels, you’ll still need to play smart. That’s especially so when you chase after Honolulu’s bounty targets - a piece of side content that provides plenty of cash with which you can use to invest in upgrades for Majima and his ship.

Those spear guys can poke you out of the air, for example, while shielded foes will need to be robbed of their protection with the hook before significant damage can be dealt. And that’s before we’ve even gotten to kickboxers, gunners, tigers, bears, and enemies that drop a grenade on defeat. Believe it or not, they’re actually worse than the tigers and bears.

Waterworld

(Image credit: Sega)

Majima’s as much a terror out at sea, if not more so. Captaining the Goromaru is the other half of Like a Dragon: Pirate Yakuza in Hawaii, and it’s unlike anything we’ve seen from the series yet. Well, perhaps besides the vehicle combat of Fist of the North Star: Lost Paradise, but that’s obviously even more of a spinoff than this game is.

There’s a ton to do out on the high seas, with exploring the vast waters surrounding Hawaii and other notable locales forming a good chunk of the playthrough. You can engage in ship battles, explore uncharted islands for lost treasure, and even undertake a massive side story that has Majima and crew taking down the Devil Flags - a notorious pirate armada.

One thing to note is that content with the Goromaru is noticeably harder than anything else in the game. Enemy ships can pack a punch, especially those of higher ranks. So, you’ll need to do some groundwork in order to make your ship as powerful as possible. That’ll come in the form of scouting new crew members you can find dotted around Honolulu, as well as upgrading the ship’s durability and firepower.

Your shipmates will also level up when they’re staffed on the ship, and certain members can provide unique First Mate or Squad Leader buffs if they’ve been assigned to those positions. Such buffs include increasing damage you deal to an enemy ship’s stern, or increasing the number of times you can shoot out a smokescreen to obscure enemy vision while you resuscitate downed crewmates or put out hazards like fires or poison mist.

(Image credit: Sega)

You’ll also be able to take your crew into the Madlantis Pirates’ Coliseum, a substantial bit of side content where you’ll engage in ship battles of escalating difficulty. Defeating the enemy ship will then transition you to a deck battle, where your entire crew faces off against the enemy’s on their own ship. It’s a genuine thrill to see so many characters clash against each other in combat like this, and while it can get quite messy and nonsensical, it’s still great chaotic fun.

Manning the Goromaru is a part of the game that I found to be the most engrossing. Ticking off content and participating in minigames to unlock new crew members always feels fulfilling, and definitely incentivizes you to try out activities like Dragon Kart, Crazy Delivery, and the usual smattering of side activities to unlock even more goodies.

There are a few stubborn barnacles to deal with out on the ocean, though. Engagements with enemy ships can get quite lengthy later on in the game, which does add to overall sea travel time. And while the Goromaru can boost and make use of air currents to sail swiftly, the simple act of traveling from A to B can still take a good chunk of time. Especially when you’re constantly running into other fleets.

The sea is also the only place in the game where you’ll experience notable performance drops (at least I did on the PS5 review version I tested), especially when inclement weather such as rain storms get involved. It’s nothing horrible or unplayable, but definitely worth noting if you’re playing on console.

Should I play Like a Dragon: Pirate Yakuza in Hawaii?

(Image credit: Sega) Play it if...

You want a compact Like a Dragon adventure
Similar to Like a Dragon Gaiden: The Man Who Erased His Name before it, Pirate Yakuza in Hawaii’s run time is shorter than the length of its name, making for a much more digestible experience.

You love pirates
It really is as simple as that. If you’re pining for a swashbuckling adventure the likes of which we seldom see in video games, Pirate Yakuza in Hawaii will scratch that itch and then some.

Don't play it if...

You’re not caught up on the series
While the game is generally friendlier to newcomers than others, it does still mention and feature characters and events from prior entries, and spoils major story beats from Infinite Wealth, so play at your own risk if you’re still making your way through the wider series.

Accessibility

The accessibility options in Pirate Yakuza in Hawaii are something of a treasure trove, too, with plenty on offer to accommodate gamers of all stripes.

Some highlights include options for automatic quick time events, stick control swapping, reducing the motion of waves out at sea, thorough subtitle options (including backgrounds and character names), and three distinct color vision assistance settings (deuteranopia, protanopia, and tritanopia). Full button configuration is also supported.

How I reviewed Like a Dragon: Pirate Yakuza in Hawaii

My full playthrough of Like a Dragon: Pirate Yakuza in Hawaii took 25 hours to finish on PS5, playing on an LG CX OLED TV with the DualSense Wireless Controller.

While I finished the main story, the Goro Pirates side story, and tackled the majority of available side content, this was by no means a completionist run. If you’re going for 100% - that’s fully completing all side content including the exhaustive challenge list - expect to sink in anywhere between 30-40 hours.

First reviewed February 2025