Feed aggregator

• Researchers find hackers using VMware ESXi's SSH tunneling in attacks
• The campaigns end up with ransomware infections
• The researchers suggested ways to hunt for indicators of compromise

Cybercriminals are using SSH tunneling functionality on ESXi bare metal hypervisors for stealthy persistence, to help them deploy ransomware on target endpoints, experts have warned.

Cybersecurity researchers from Sygnia have highlighted how ransomware actors are targeting virtualized infrastructure, particularly VMware ESXi appliances, enterprise-grade, bare-metal hypervisors used to virtualize hardware, enabling multiple virtual machines to run on a single physical server.

They are designed to maximize resource utilization, simplify server management, and improve scalability by abstracting the underlying hardware. As such, they are considered essential in data centers, cloud infrastructures, and virtualization solutions, and offer a tunneling feature, allowing users to securely forward network traffic between a local machine and the ESXi host over an encrypted SSH connection. This method is commonly used to access services or management interfaces on the ESXi host that are otherwise inaccessible due to network restrictions or firewalls.

Attacking in silence

The researchers say ESXi appliances are relatively neglected from a cybersecurity standpoint, and as such have been a popular target for threat actors seeking to compromise corporate infrastructure. Since they’re not that diligently monitored, hackers can use it stealthily.

To break into the appliance, crooks would either abuse known vulnerabilities, or log in using compromised admin passwords.

“Once on the device, setting up the tunneling is a simple task using the native SSH functionality or by deploying other common tooling with similar capabilities,” the researchers said.

“Since ESXi appliances are resilient and rarely shutdown unexpectedly, this tunneling serves as a semi-persistent backdoor within the network.”

To make matters worse, logs (the cornerstone of every security monitoring effort) are not as easy to track, as with other systems. According to Sygnia, ESXi distributes logs across multiple dedicated files, which means IT pros and forensic analysts need to combine information from different sources.

That being said, the researchers said IT pros should look into four specific log files to detect possible SSH tunneling activity.

Via BleepingComputer

You might also like

• BlackByte ransomware returns with new tactics, targets VMware ESXi
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

We found good deals on utterly giftable WIRED-approved gadgets.

• Security researchers find way to abuse Meta's Llama LLM for remote code execution
• Meta addressed the problem in early October 2024
• The problem was using pickle as a serialization format for socket communication

Meta's Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.

Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database (NVD), carries a severity score of 6.3 (medium).

The bug was discovered in a component called Llama Stack, designed to optimize the deployment, scaling, and integration of large language models.

Meta issues a fix

Oligo described the affected version as “vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by sending malicious data that is deserialized."

NVD describes the flaw like this: “Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution”.

“Socket communication has been changed to use JSON instead,” it added.

The researchers tipped Meta off about the bug on September 24, and the company addressed it on October 10, by pushing versions 0.0.41. The Hacker News notes the flaw has also been remediated in pyzmq, a Python library that provides access to the ZeroMQ messaging library.

Together with the patch, Meta released a security advisory in which it told the community it had fixed a remote code execution risk associated with using pickle as a serialization format for socket communication. The solution was to switch to the JSON format.

LLaMA, or Large Language Model Meta AI is a series of large language models developed by social media giant, Meta. These models are designed for natural language processing (NLP) tasks, such as text generation, summarization, translation, and more.

More from TechRadar Pro

• Meta is letting the US military use its Llama AI model for ‘national security applications’
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Review info

Platform reviewed: PS5
Available on: PS5, Xbox Series X|S, PC
Release date: January 28, 2025

As part of a traveling band of outcast mages known as weavers in a time when magic is shunned, you could be forgiven for assuming that Eternal Strands is a role-playing game (RPG) with a party of richly drawn characters like the Dragon Age games. Not least when developer Yellow Brick Games' creative director is ex-BioWare Mike Laidlaw.

However, rather than dwelling on moral conundrums or building relationships, this is very much a capital A action RPG that has a mix of modern The Legend of Zelda's free-climbing and physics-based smashing and titanic encounters like those in Shadow of the Colossus. And while it may not reach the same heights of its inspirations, it nonetheless offers something unique with how you engage with its magical elements.

Strand game

(Image credit: Yellow Brick Games)

You play as Brynn, a weaver who knows her way around a sword and bow. It's her use of elemental magic powers, strands, that makes her stand out, however.

We all know that fire burns, ice freezes, that fire is effective against ice, and vice versa. But rather than just a simplistic rock, paper, scissors approach, the laws of thermodynamics are carefully applied. You don't just shoot ice to freeze an enemy completely, but if you can encase a dragon's feet with ice then it will stop them from taking off in the air. But get too close yourself and you'll also take damage if you're not properly protected from the cold.

These strands must be earned by felling the big bad monsters and arks (ancient colossal machines) that roam more than half a dozen of the maps that make up a secluded realm known as the Enclave. While you could just keep thwacking them until their health bar's gone – you're also encouraged to deal damage to all parts of their body – figuring out the steps to expose their weakness that allows you to harvest their strand.

It feels especially badass clinging onto these bosses for dear life then reaching into their glowing weak spot, sending the titan crashing down regardless of how much health they still have.

Best bit

(Image credit: Yellow Brick Games)

While there's a strong emphasis on flame and frost, kinetic powers are probably my favorite. Weaver's Grasp is terrific when you can grab and hurl containers or lanterns that set off a chain of explosions, while a strand that unlocks in the latter half creates a kind of speeding warp tunnel that makes it possible to launch yourself in the air – even cooler if you use it to grab onto a flying monster!

It would feel epic if these were one-offs like in Shadow of the Colossus. However, the structure here is designed so that you'll have to fight them multiple times Monster Hunter-style to upgrade your gear, or powers, or to advance the story.

The loop diminishes somewhat on repeat because, once you know how to take down one of them, it becomes very straightforward and I found myself rinsing and repeating the same tactics. What does keep you on your toes is a more deadly enemy type that appears partway through the story that hits harder and requires flame or frost powers to finish off.

A good time, not an eternal time

(Image credit: Yellow Brick Games)

Much of Eternal Strands is divided between a hub where you spend time with your weaverband companions and teleporting to different parts of the Enclave, made up of impressively large buildings to scale or underground caverns to delve deeper into. It's worth exploring every nook and cranny, as you'll find new information about an area, as well as recipes for crafting new gear.

The weaverband and other characters you eventually meet in the Enclave are well-written with their own arcs and issues, tackling topics like mental health and redemption, and there's even a married couple who just about stay on the right side of endearing.

Personally, I was more interested in their function than their chattiness, such as Casmyn's ability to increase the number of tonics I can carry or Sola's forge that doesn't just let you create new gear, but even reforge something you already have with better materials.

(Image credit: Yellow Brick Games)

That said, my gripe comes from having to return to the hub more often than I'd like. There's a stop-start nature to missions where, after you've found something, you just drop what you're doing and have to teleport back to the hub to debrief with the gang before you can continue the story.

You can, of course double, up the mission by fighting a boss too, though because you can't refill your supplies until you're back at camp you're at a disadvantage, and - if you die you lose most of your loot. At the same time, once you've explored these maps, the second half feels a bit padded, as you're just revisiting the same areas as initially optional boss hunts suddenly become mandatory. A day and night cycle that also changes weather and enemy locations does at least things up here.

Nonetheless, these are minor complaints as the story avoids overstaying its welcome. Its mechanics may not sustain a much longer gameplay loop like Tears of the Kingdom or Monster Hunter World but then this is not trying to be an epic timesink.

With its novel use of magic and colossal set pieces, Eternal Strands is a fun and breezy adventure to kickstart 2025.

Should you play Eternal Strands? Play it if...

You like an interesting mix of combat options
The physics-based magic is definitely a highlight in Eternal Strands when it comes to combat and exploring its world.

You like fighting giant monsters and ancient machines
There's a mix of Monster Hunter and Shadow of Colossus in taking on the game's large enemies, identifying their weaknesses, and enjoying the catharsis or taking one down for the first time.

Don't play it if...

You're expecting a choice-driven RPG
As an action RPG, Eternal Strands is very much focused on the action side with an authored story rather than making your own choices. There is nonetheless a rich cast of companions with their own questlines and plenty of optional dialogue for fleshing out the world.

Accessibility

Eternal Strands' options menu provides a suite of accessibility features. Subtitles can be toggled on, off, or only during cinematics and voiceovers, with three font sizes and the option to display on a background. Colorblind options can be set according to type and severity.

If you don't have headphones, there is a night mode, which raises the volume of ambient sound while making explosion sounds less prominent. Game difficulty can be adjusted at any time, which only affects your maximum health and the amount of health recovered from vitality tonics. In easy mode, vitality tonics are restored after defeat.

How I reviewed Eternal Strands

(Image credit: Yellow Brick Games)

I played Eternal Strands for 20 hours on my PS5 Pro, which allowed me to complete the main story and some side quests, although that didn’t include upgrading every strand to max level or completing all companion questlines, which would extend the game’s length.

There are no specific graphics modes apart from an option to turn on and off depth of field in-game.

Throughout, I used an LG C2 OLED TV with the default TV speakers and a DualSense Edge controller.

First reviewed January 2025

Check out Walton Goggins, Jason Isaacs and Natasha Rothwell, reprising her role as Belinda.

• Mark Gurman's latest Power On newsletter notes 'camera-equipped AirPods'
• AirPods are just one wearable product Apple allegedly wants to fit with cameras
• The question is, are IR cameras enough to beat Meta and Samsung?

Like the idea of your AirPods seeing what you see – even if it's just the same tired faces on your daily commute? Apple CEO Tim Cook clearly does, although AirPods are just one Apple product the Cupertino giant is reportedly looking to equip with cameras.

That's according to Mark Gurman's latest Power On newsletter (Sunday, January 26), anyway. The report states that lukewarm demand for Apple's bulky Vision Pro has led Apple execs to concentrate their efforts on AR glasses as the "superior" option, but that those same people in the know at Apple "don’t think a (glasses) product will be ready for three years or more."

So, in the meantime, the company is exploring other types of wearable products that could benefit from cameras, including – but not limited to – camera-equipped AirPods.

This isn't the first time Gurman's mentioned it, either. In February 2024, the noted Apple analyst reported that Apple was exploring AirPods with cameras. Also, six months ago, fellow analyst Ming-Chi Kuo claimed future additions to the best AirPods could be Apple earbuds that include infrared cameras to be paired with your Vision Pro headset and thus create a spatial audio experience to trounce any Meta Orion rivals. And as we know, in the world of rumors and predictions, two noted tipsters saying the same thing is infinitely better than one…

We were warned not to get too excited, though; IR-enabled AirPods aren't going to be available imminently, with mass production not expected to start in 2026 (which had us wondering in October whether Apple can still beat Meta's smart glasses by adding cameras and AI to AirPods Pro).

And just five days ago (January 22), as if to add insult to injury, it was reported that Meta and Samsung are also looking into earbuds with cameras, following Apple's lead with AirPods.

Can Apple win the race to put its eyes in your ears – and will it matter?

With camera-equipped AirPods possibly two to three years away, it feels like the door's wide open for rivals to step in and further dominate the AR space. Even if Meta and Samsung are playing catch-up on actually putting IR cameras in earbuds, the Meta Orion has been slated for a 2027 release (alongside Oakley smart glasses for athletes), and that's just for starters.

Another camera-enhanced rival product that jumps to mind is the hotly-anticipated improved Meta Ray-Ban smart glasses, which could land in 2025 – with a "single small in-lens screen." No, they won't be the full-ticket (and very impressive) Meta Orion AR glasses prototype, but Meta's next step will almost certainly have Apple execs a little rattled.

What about Apple's other plans for its AirPods? Well, the long-promised heart-rate monitor could be one step closer as the company seeks to make its earbuds the most capable earbuds for tracking your health on the market. But it's unlikely that heart-rate monitoring will arrive in AirPods Pro 3 because (also according to Gurman late last year) although Apple's made great strides in this area particularly, the accuracy isn't quite there yet.

Back to the notion of cameras in your AirPods quickly, though, and – because it may not be immediately apparent why you'd want eyes in your ears – it's best to think of them working in conjunction with your other Apple tech rather than simply AirPods that can see.

For example, an IR camera might perform the same function as capacitive sensors for gesture control while offering a wider field of vision for your Vision Pro. Your all-seeing AirPods might also feed data to your Apple Watch or perhaps ping information to your iPhone in future versions of Apple Intelligence – hopefully not just targeted ads about the bar, store, or gym you just glanced at, but let's acknowledge the thought.

Finally, putting cameras in your listening gear could greatly benefit Apple's purported (albeit three years in the pipeline) AR glasses. It goes without saying that they'll need to be light and comfortable to compete. One way of shaving a few grams off the frame? Put the camera in your ears.

Will it be enough to beat the competition, given AirPods undeniable popularity – and most importantly, should we all take a leaf out of the great David Bowie's book and sit right down, waiting for the gift of sound and vision? I'm not so sure, but then again, it wouldn't be the first time Apple's arrived late to the party and then walked all over it…

You may also like

• See our pick of the best earbuds
• Need over-ears? See our roundup of the best headphones
• Sony's next flagship headphones leak in official docs, and now I'm getting excited

• A security vulnerability in Microsoft Exchange servers remains largely unpatched
• A fix was issued four years ago, but some users clearly didn't update
• This flaw may have aided the hacking group Salt Typhoon

Critical security vulnerabilities seem to be a regular occurrence in technology reporting, with countless patches and updates to keep track of - but this Microsoft Exchange Server flaw might be one to take very seriously.

Most of us will be familiar with the major incident in which 9 US telecom giants were breached in what appeared to be a Chinese state sponsored cyber-espionage campaign. The attack, attributed to hacking group Salt Typhoon, is said to have, at least in part, exploited a known critical security flaw in Microsoft Exchange Server.

The vulnerability, nicknamed ProxyLogon, was disclosed by Microsoft in 2021, and a patch has been available for 4 years. Despite this, cyber-risk management company Tenable has calculated in nearly 30,000 instances affected by ProxyLogon, 91% remain unpatched.

CISA guidance

The US Cybersecurity and Infrastructure Security Agency (CISA) previously released in-depth guidance on strengthening visibility and hardening systems and devices in response to the breach, and have emphasized end-to-end encryption for secure communications.

The ProgyLogon is one of five commonly exploited vulnerabilities used by Salt Typhoon. Others include Ivanti Connect Secure Command Injection and Authentication Bypass vulnerabilities, as well as a Sophos Firewall Code Injection Vulnerability.

In light of this, the recommendation and advice for any security teams out there is to always patch where available, and keep as up to date as possible on any software for potential vulnerabilities or fixes.

“In light of the vulnerabilities exposed by Salt Typhoon, we need to take action to secure our networks” said Federal Communications Commission Chairwoman Jessica Rosenworcel.

“Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed. The time to take this action is now. We do not have the luxury of waiting.”

You might also like

• Check out our list of the best firewall software around today
• ‘You’re fired’ - Salt Typhoon investigative body gets the axe in US government cuts
• We've also rounded up the best antivirus on offer right now

• Security researchers spot new piece of malware called J-Magic
• It listens to traffic in anticipation of a "magic package"
• Once detected, J-Magic initiates the deployment of a backdoor

Hackers have been found targeting companies in the semiconductor, energy, manufacturing, and IT sectors, with a unique piece of malware called J-magic, experts have warned.

A new report from the Black Lotus Team at Lumen Technologies revealed unnamed threat actors repurposed cd00r - a stealthy, backdoor Trojan designed to provide unauthorized access to a system, initially designed as an open source proof-of-concept for educational and research purposes in cybersecurity.

The repurposed Trojan, dubbed “J-magic”, was being deployed to enterprise-grade Juniper routers serving as VPN gateways. The researchers don’t know how the endpoints got infected, but in any case, the Trojan was sitting silently until the attackers sent it a “magic” TCP package.

SeaSpy2 and cd00r

“If any of these parameters or “magic packets” are received, the agent sends back a secondary challenge. Once that challenge is complete, J-magic establishes a reverse shell on the local file system, allowing the operators to control the device, steal data, or deploy malicious software,” the researchers explained.

The campaign was first spotted in September 2023, and lasted roughly until mid-2024. Black Lotus could not say who the threat actors were, but said that elements of the activity “share some technical indicators” with a subset of prior reporting on a malware family named SeaSpy2.

“However, we do not have enough data points to link these two campaigns with high confidence,” they said.

In any case, SeaSpy2 is also built on cd00r, and works in similar fashion - scanning for magic packets. This persistent, passive backdoor, masqueraded as a legitimate Barracuda service called "BarracudaMailService," allows threat actors to execute arbitrary commands on compromised Barracuda Email Security Gateway (ESG) appliances.

SeaSpy was apparently built by UNC4841, a Chinese threat actor.

Via BleepingComputer

You might also like

• UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

As the CMA scrutinizes Apple's WebKit restrictions and Google's revenue-sharing deals in the UK, the DOJ proposes Chrome's sale in the US. Could other browsers finally get their chance to innovate?

The mobile browser market isn't working as well as it could for businesses and millions of phone users – that's the verdict not only from the UK's Competition and Markets Authority's (CMA) recent investigation, but also from the US Department of Justice (DOJ), which has proposed forcing Google to sell off Chrome as part of antitrust remedies. As the founder of a privacy and security-focused browser, I've watched this space evolve, and these findings reflect many of the challenges we've observed firsthand.

The numbers tell a striking story. In the UK alone, Safari commands an 88 per cent share of mobile browsers on iOS, while Chrome holds 77 per cent on Android. This dominance mostly stems from two significant market dynamics. The first of these is Apple's requirement that all iOS browsers must use its WebKit engine. This limits what developers can achieve – a restriction that notably doesn't exist on Apple's desktop operating system macOS, or on Android devices.

It's important to note that these limitations can be major, leading to one of the CMA's main points – the stifling of mobile browser innovation. It directly impacts what we can offer users. When browsers want to implement additional security features like 'Safebrowsing mode' for warning users about dangerous sites, or 'site isolation' for protecting against malicious attacks, for example, they're constrained by WebKit's limitations. Even large companies like Meta face these restrictions – the social media giant is unable to build its own customized in-app browser experience on iOS, despite having millions of users through apps like Facebook and Instagram.

To be clear, WebKit is an undoubtedly capable engine, and is one of several excellent options alongside other offerings like Chromium and Mozilla's Gecko. But the issue isn't about WebKit's quality. Rather, it's about the lack of choice. Apple maintains that this requirement is necessary for security, which is a valid concern. Nobody wants malicious browsers accessing banking apps or stealing data, after all. However, Apple already has robust certification processes in place for browsers, including special certificates and extensive checks. As browser developers, we're open to additional security measures – whether that's source code audits or Apple employees visiting our offices to verify our practices. The mechanisms for ensuring browser security already exist – they just need to be applied to non-WebKit browsers as well.

Stifling innovation

The second, and perhaps more fundamental issue, involves the revenue-sharing arrangement between Google and Apple for mobile browsers on iOS. According to the CMA's findings, Google pays Apple a significant share of the search advertising revenue earned from traffic on both Safari and Chrome on iOS. This creates an unusual competitive dynamic – the revenue share that each company earns from their competitor's product is lower, but similarly significant to what they earn from their own browsers.

Or to put it another way – the current arrangement fundamentally reduces the financial incentives for browser competition on iOS. The motivation to compete aggressively with innovative features is diminished when the financial gain from winning new users is minimal. This helps explain why, despite the mobile web being such a crucial part of our daily lives, we've seen relatively limited innovation in core browsing functionality. The CMA's investigation marks the first time a major regulator has specifically scrutinized these revenue-sharing arrangements, and their impact on browser competition. With the UK's Digital Markets, Competition and Consumers Act coming into force in 2025, these findings could lead to significant changes in how mobile browsers operate and compete in the UK.

This landmark legislation will establish a new digital competition regime similar to the EU's Digital Markets Act, while also expanding consumer protection through updated commercial practice regulations and strengthened consumer rights. Crucially, it will also give the CMA direct enforcement powers, including the ability to fine businesses for breaches. Ultimately, this could finally address the competition issues that have long concerned smaller browser developers, creating an environment more conducive to innovation.

The impact of these revenue-sharing arrangements has caught regulators' attention beyond the UK. In the United States, the Department of Justice has proposed that Google sell Chrome as part of remedies following an antitrust ruling. The DOJ's proposal would prohibit Google from offering money to make its search engine the default on any platform – a move that could dramatically reshape the browser market's economics. This aligns with growing global scrutiny of how search revenue influences browser competition. The DOJ's proposal goes even further than the CMA's investigation, suggesting Google should be required to share its search index with competitors at marginal cost. Such changes could accelerate the transition toward new business models in the browser market.

For browsers, the impact of potential future legislation changes could be huge. Consider Mozilla Firefox, which has been in the market for decades. Its 2021-2022 financial statements reveal the sheer scale of these arrangements – of Mozilla's $593 million in revenue, $510 million came from its Google search deal. This stark reality shows how browser companies could lose around 80 per cent of their revenue overnight if these arrangements were to end. Such a change would force a fundamental rethinking of how browsers operate – they would need to either adopt subscription models, aggressively increase donations, or resort to advertising, which could compromise user privacy. With that in mind:

What might a more competitive future look like?

I envision a landscape where browser choice is more transparent and accessible to users. When someone gets a new phone, they should be presented with clear, unbiased options for their default browser. Android already demonstrates that this is possible, allowing browsers to use different engines and giving users more control over their browsing experience.

With regulators on both sides of the Atlantic targeting search revenue arrangements, the shift toward subscription-based models may come sooner than expected. While this might initially raise eyebrows given the prevalence of free browsers, it's worth considering the broader context. Many users already pay separately for VPNs, password managers, and privacy tools. A browser subscription wouldn't necessarily mean yet another monthly payment – instead, it could consolidate these existing services into one comprehensive package. This model enables browsers to focus purely on user interests rather than advertising revenue. Innovation, in short, becomes more feasible when browsers can invest in development without relying on search engine revenue sharing.

We're already seeing examples of what's possible when browsers prioritize user needs. Our browser, for example, recently introduced a Cookie Consent Management feature which automatically handles cookie preferences based on user settings. This addresses a real pain point – the constant interruption of cookie pop-ups – while maintaining true privacy protection rather than just hiding the prompts. The future of mobile browsing isn't just about technical capabilities however – it's about creating an environment where innovation can flourish while respecting user privacy and choice. Whether through regulatory changes or evolving business models, the goal should be to enable browsers to compete on their merits, offering users genuine alternatives rather than variations on the same theme.

We're at a pivotal moment where the decisions made by regulators and industry players will shape how we access the internet for years to come. The CMA and DOJ’s investigations have highlighted the challenges, but it's up to browser developers, platform holders, and users to work together to create a more open, innovative, and user-focused mobile web. And here’s to hoping they do.

We've featured the best secure browser.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

These useful accessories help AirTag users find their car keys, track their luggage and more.

TopMate C12 Laptop Cooling Pad review

The TopMate C12 Laptop Cooling Pad is a mid-range cooling pad for high-performance gaming and creative laptops. Not only does it rock three 110mm fans and three 70mm fans, but it offers six different fan speeds, with the smaller fans capable of hitting 2400rpm. As such, I was expecting to see some seriously frosty cooling here.

Unfortunately, in our standard 3DMark stress test run on our Acer Predator Helios 300 with an Nvidia GeForce RTX 3080, I found the TopMate C12 more Chicago than Siberia in terms of chilliness. Our baseline test of the laptop alone saw it rise from 20.2ºC to 52.1ºC, an increase of 31.9ºC, while the TopMate on full fan power curbed its heating from 21.2ºC to 44ºC. While this reduced 22.8ºC temperature rise is a definite improvement, it’s nowhere near as impressive as the Liangstar Laptop Cooling Pad, for example, which reduced this down to 15.3ºC.

On the plus side, the TopMate C12 Laptop Cooling Pad runs about as quiet as you could realistically expect. Ten minutes into our stress test, I used a sound level meter to measure the combined noise of the cooling pad and laptop – it registered 58.5dB from three inches away and 45dB from my head height at 21 inches away. That’s bang in line with any of the best laptop cooling pads I’ve tested, and better than the 60dB produced by the uncooled laptop.

Offering eight adjustable heights, you can adjust the angle of your laptop from 6.5 to 50 degrees, which really enabled me to position things at the most ergonomic angle for my height. Chunky flip-up rests keep the laptop firmly in position; however, while these were fine for a bulky gaming laptop, I did find they dug into my wrists when typing on an Ultrabook that these dug into my wrists, so bear this in mind if your laptop is on the slimmer side. In terms of additional flourishes, the RGB lighting is well designed and offers 10 different settings if psychedelic gaming rainbows aren’t your thing.

All in all, the TopMate C12 Laptop Cooling Pad offers perfectly decent performance and a solid, aesthetically pleasing build. This may convince that it’s as good a choice as any other, but there’s one other factor I’d urge you to consider before making your purchase: its price. At $29.99 / £29.77 / AU$49.77, it costs more than some of the other cooling pads I’ve reviewed while offering marginally weaker performance. If you really want something that delivers great bang for your buck, I’d argue that the $19.99 / £19.99 Tecknet N5 Laptop Cooling Pad or $19.99 / £19.93 / AU$47.95 Liangstar Laptop Cooling Pad offer a better deal.

(Image credit: Future) TopMate C12 Laptop Cooling Pad review: price & availability

• Released January 19, 2022
• MSRP of $29.99 / £29.77 / AU$49.77

First launched on January 19, 2022, the TopMate C12 Laptop Cooling Pad is now available for $29.99 / £29.77 / AU$49.77. It’s worth keeping your eyes peeled for better prices, though: it has occasionally been reduced to £25.30 / AU$42.30 – while this is a modest drop, it does help it compete better with some of the best cooling pads for value.

But, for the most part, it’s easy to find similarly powerful cooling pads that cost a bit less – both the Tecknet N5 Laptop Cooling Pad and the Liangstar Laptop Cooling Pad performed better in our benchmarking tests, while also costing less at $19.99 / £19.99 and $19.99 / £19.93 / AU$47.95 respectively.

(Image credit: Future) Should I buy the TopMate C12 Laptop Cooling Pad? Buy if if…

You want stable, ergonomic design
Not only is this cooling pad adjustable and comfortable to use, but it’s also rock-solid. Thanks to its flip-up rests, your laptop shouldn’t slip or slide about, even during frantic Counter-Strike matches.

You want competitively quiet running
The TopMate runs as quietly as the best laptop cooling pads we’ve tested. Even at max cooling, it should kick out less noise than your laptop’s fans straining on their own.

Don’t buy it if…

You want the best cooling
Despite the fact it comes packing an array of six fans, some of which top out at 2400rpm, I didn’t find the TopMate capable of as effective cooling as some comparable pads we tested. So if you only care about how many degrees you can shave off, you should probably look elsewhere.

You want a bargain
Don’t get me wrong: this is still an affordable cooling pad, especially compared to the $150 / £125 / AU$150 you'll pay for some products. Nevertheless, this pad is still more expensive than some others we’ve tested, and falls short of their cooling power. So you can definitely get better cooling for your cash.

(Image credit: Future) TopMate C12 Laptop Cooling Pad review: also consider

Liangstar Laptop Cooling Pad
If you’re after the cheat codes for affordable yet arctic cooling, this is my personal tip. The Liangstar Laptop Cooling Pad is reasonably priced, costing just $19.99 / £23.59 / AU$65.66, and yet during tests it kept our laptop from rising any more than 15.3 degrees – that’s a full seven degrees cooler than the TopMate. It’s well worth a look.

How I tested the TopMate C12 Laptop Cooling Pad

• Tested it over several days
• Ran a stress test and measure temperature difference with a thermal camera
• Measure fan noise 10 minutes into test using a sound level meter

Testing the TopMate C12 Laptop Cooling Pad, I ran it through several all of the standardised benchmarks we use for all laptop cooling pads. First, I checked the hottest point of our Acer Predator Helios 300 with an Nvidia GeForce RTX 3080 testing laptop, ran a 3DMark stress test for 15 minutes with the cooling pad set to max speed, and then re-checked the temperature.

I also tested how noisy it was with a sound level meter. Ten minutes into the test, I measured sound levels from three inches away, as well as from head height to get the absolute and subjective volumes of the pads fans combined with the gaming laptop’s cooling system. I then compared this to benchmarks of the noise generated during a stress test by the laptop’s fans alone.

I also used the laptop cooling pad while gaming and conducting everyday office tasks to test its overall design, sturdiness and ergonomics. For this, I drew on my 30 years experience as a gamer and laptop user, not to mention my 10 years’ experience covering tech and gadgets.

• First review January 2025
• Read more about how we test

In The Boscombe Valley Mystery by Arthur Conan Doyle, Sherlock Holmes comments that, “There is nothing more deceptive than an obvious fact.” When it comes to risk, it’s obvious that companies should want to remove or reduce risk as much as possible. But the process - how you actually carry out the actions to eliminate risk, and how you collaborate to make that risk reduction work across the business - is not obvious. To improve this, we have to look at how we consider risk across the whole organization. This requires a Risk Operations Center, or ROC.

What's in a name?

When CISOs hear the phrase “Risk Operations Center” they invariably ask, “How is a ROC different from a Security Operations Center?” Let’s begin answering this question with a concise definition for what a ROC aims to achieve: A ROC orchestrates risk elimination.

I can hear risk purists objecting, “You can never eliminate risk – only control it!” I have two responses. First, I was being purposefully terse as a means of easing readers into a fuller definition. Second, I suspect objections stem from not completely aligning on terms. Let’s fix that by defining what I mean by risk and elimination.

For the definition of risk I will turn to How To Measure Anything In Cybersecurity Risk: “Risk is a state of uncertainty where some of the possibilities could lead to loss, catastrophe, or some other undesirable outcome.” Here is a thought experiment: If you completely remove your uncertainty, have you eliminated risk?

Imagine I am driving an SUV. I’ve just been told there is a small tunnel ahead. I don’t know what small means in this context. I just know I’m driving a high occupancy vehicle full of children and my spouse. I’m now uncertain if my vehicle will fit. As I approach the tunnel I see a sign overhead that says the tunnel is twenty feet by twenty feet – and I can also clearly see that my SUV will fit. Using “measurement” I just eliminated my state of uncertainty about possible future “loss, catastrophe or some other undesirable outcome.”

Risk measurement moderates our uncertainty. We define risk measurement as, “A quantitatively expressed reduction of uncertainty based on one or more observations.” In the case of tunnel versus SUV, my state of uncertainty was reduced 100%. Unfortunately, in business environments, not all risks are this cut and dry or easy to understand with one fact. This is why we need to clarify what elimination means.

For elimination I’m using its “risk oriented” word origin. In Latin, elimination is “ex limine.” The “ex” means “off or out.” And “limine” is limit or boundary. In short, to eliminate risk is to set a boundary or limit that should not be exceeded. This ties nicely with the concept of a cyber insurance limit and risk tolerance. Indeed, a limit is a mathematically unambiguous and contractually binding expression of business risk tolerance.

With our terms defined I can expand my overly pithy ROC definition to something acceptable even by the most ardent of risk purists: “A ROC continuously orchestrates the remediation, mitigation and or transfer of cybersecurity risk that may exceed business tolerance.”

What differentiates a ROC to a SOC is that the SOC is specifically focused on security alerts and managing responses to issues within the technology stack. A ROC, conversely, takes all that information and provides it to the whole business, including finance and compliance leaders, so the organization can manage and understand risk mitigation in that wider context.

What's a ROC platform?

I have the unique pleasure of engaging with CISOs and their teams around the globe on all things cybersecurity risk management. A growing majority of enterprise level CISOs are attempting to stand up DIY ROCs, because they have to put risk into that wider business context. Perhaps you are one of these CISOs. How might you know?

One of the first tells for this approach is that you are aggregating comprehensive “Risk Data” into a data lake, so you can make sense of that data for risk purposes. This includes a complex approach to handling data so that it can be used, from de-duplicating IT asset records to consuming full-stack vulnerability data and rationalizing disparate scores for those assets over time. This includes integrating multiple threat intelligence feeds and correlating compensating controls for risks that cannot be fixed immediately. Alongside this, you may look at how to use this data to trigger automated mitigation and remediation actions, whether that is through patching or deploying best practice deployment frameworks.

If you answered yes – even in part – then you are likely embarking on your own ROC journey. It’s a non-trivial DIY proposition. Consider that the average enterprise level firm has 76 security tools deployed, according to Panaseer. Getting each stage of this process right with each investment would most likely be out of reach, even for those with outsized budgets.

It is also essential to distinguish risk data from security data, as they should be purposefully thought of differently. I distinguish “risk data” from threat oriented “event data” that materializes in your SOC. SOC event data consists of streams of arrival time stamps with light weight meta-data. Due to its volume and millisecond velocity it’s invariably light on context. Event data is best persistent and modeled via time series data structures and related analysis. This is similar to what is used in real-time trading and network analysis. It’s for specific IT security decision making around threats.

Risk data is the other end of the spectrum when it comes to context. Consider all the rich content and context that you are putting in place around those IT security signals so that other teams can use it, and how it turns into understandable metrics for the board.

At the same time, all this analysis and reporting is usually done in some form of OLAP structure enriched with high context graph connected data. Indeed, graph comprehension is a must as cloud native data and other ephemeral “assets” aren’t IP addressable. The days of first and third party assets always being tied to a machine – and its IP – are fading. It would seem that the only thing the industry can agree on when it comes to assets is that they are probably nouns.

You can still do time series analysis with ROC data. You would do this to baseline metrics and do other forms of change analysis. The event grain for ROC data is not meant to duplicate log aggregation and/or observability solutions that back-end SOC systems create and consume. The ROC - and the data it provides - will carry out sophisticated analysis around potential risks and responses, but that complexity will be hidden from view so that the emphasis is on protecting value and reducing potential loss.

What's different around risk?

The ROC actually sits at the nexus of value and loss exposure. Consider that a successful business is in the business of exposing more value, to more people, through more channels with higher velocities. In other words, businesses want to make more revenue and more profits. You can call this “digital and AI transformation,” but it is a process that every business will go through in the pursuit of growth. At the same time, any new venture or investment increases the potential risk back to the organization. In this sense, successful businesses are risk exposure machines.

The ROC is in the center of risk flowing into and out of your “risk surface” where value flows in and losses flow out. The ROC controls the “loss exposure” portion of that flow. It does that using both sentient and or artificially intelligent means of risk analysis. That analysis in turn automates actions (or enables workflows) for remediation, mitigation and risk transfer. Remediation and mitigation are controlled within the attack surface domain.

Alongside these technology elements, there are other controls that you would implement, like cyber insurance to transfer potential risk response outside the business, which is within the broader risk surface domain. This combination of security measures and cyber insurance for response is where you can take practical, proactive steps as a defender and invest in capabilities for controlling loss.

Are you ready to ROC?

The ROC is not your SOC. They work together but at different levels of your overarching risk surface. The SOC exclusively operates on event data within the attack surface domain. And the ROC? It continuously orchestrates the remediation, mitigation and or transfer of cybersecurity risk that may exceed business tolerance.

The interesting news is that enterprises are already feeling their way towards this concept of the ROC as they try to implement more effective risk controls. The challenge is that implementing a ROC is still at the early stages of development, where DIY approaches are still nascent and partial compared to what companies actually need. Assembling ROC will depend on collaboration between those within companies - CISOs, CFOs and compliance in particular - but also between peers and vendors.

According to the Risk Management Association, cybersecurity risk is the number one issue that companies face in the coming years. The rise of cyber risk quantification continues to help in this process, yet many of these projects will fail because they do not get the right support or deliver effective risk data that the business can use. To overcome this challenge, ROC deployments ensure that risk data can be used to control and respond to risk as part of that wider business approach. Where the SOC should deliver insight for security operations, the ROC should deliver risk operations that cover the whole business.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Razer Blue Screen: one-minute review

The Razer Blue Screen is a premium and convenient solution for those wanting a pro-grade green screen that's easy to set up and provides marvellous results. Think of it as a competitor to Elgato's similarly-specced solution, with the key (pun intended) difference being its colour.

The reason for this being a blue screen is because, according to Razer, it's easier to key out than the classic green - a statement that I found accurate in my testing. In addition, it's also more in line with what the professionals use in the name of giving your content more of a pro-grade appearance with the right care and attention.

The Blue Screen can extend up to 94-inches, or 2.38 metres, in height, making it suitable for head, or even full body, shots. In addition, it features quality fixtures and fittings with a sturdy metal frame and seam-free polyester material. While expensive, it remains one of the best green screens we've tested.

(Image credit: Future) Razer Blue Screen: Price and availability

• $149.99 / £159.99
• Sold only via Razer directly
• Available in the UK & US

The Razer Blue Screen clocks in at £159.99 / $149.99 and has been around since October 2022 as a more premium option for those looking for a simple pull-up blue screen for keying out backgrounds in a professional manner.

Other peripheral brands have leaned into the green screen space in the past, with the likes of Elgato's Green Screen offering a similarly priced package with a pull-up screen designed for streamers.

The key difference between the pair of these screens is color. A blue screen is arguably closer to what's used in some professional environments and is generally better in low light conditions than a green screen.

Otherwise, the premium price tag attached to Razer's option will also buy you some entire kits from the likes of Neewer that include a green sheet held up with its included stands, as well as a pair of soft-box lights, bulbs, umbrellas, and more. You do have to have a fair amount of space for a full kit like that, whereas the Blue Screen pulls up and down and thus can be stowed away easily.

(Image credit: Future) Razer Blue Screen: Specs Razer Blue Screen: Design and features

• Wonderfully easy to set up
• Tall enough for head and full-body shots
• High-quality polyester fabric

The Razer Blue Screen is a sleek and modern entry into what can often be quite a clunky enterprise. Setting up a green screen isn't the easiest if you're using one of those kits that's simply a piece of green fabric that needs to be clipped to a surface or attached to a stand.

With this in mind, Razer's choice makes it all easy, simply pulling up out of its enclosure to a height of 94 inches, or 2.38 meters. To erect it, you push against a tab on the top side, and pull up. The screen is on runners, so it almost pulls up itself with minimal effort required.

It's a stable setup, too, with the entire stand comprised of thick metal, and a pair of fold-out plastic legs that prevent the Blue Screen from falling over. In addition, the pull-up portion is reinforced with cross-braces on the reverse side that keep it straight and true.

In addition, as with the Elgato Green Screen and other similar pull-up options, Razer's Blue Screen is easily stowable in a cupboard or the corner of a room as it slides down to nothing into its base. It's a lot easier than dealing with a full-size kit, that's for sure.

The screen itself is made of polyester and is both seamless and wrinkle-free out of the box. Being totally smooth means it's easier to key out in the editing stage for a more professional look to your content.

(Image credit: Future) Razer Blue Screen: Performance

• Fantastic keying results
• Works well in low-light conditions
• Simple set-up is brilliant

The Razer Blue Screen is, in one word, convenient. Other green screens I've tested in the past have come in the form of sheetings with additional stands, which can take more than a few minutes to set up.

With Razer's choice, it's as easy as pulling it up in a matter of seconds, sitting down in a chair, recording some content, and then booting up the software to key the background out.

The mere fact it's blue made keying out easier in lower light conditions, especially when I only have space for a single key light off to the left of my desk. Once I had balanced the correct color to key out in my software, the Razer Blue Screen produced wonderfully clean and smooth results on Windows or MacOS.

With this in mind, as a literal piece of pull-up fabric, compatibility isn't an issue with the Blue Screen. It'll work with whatever software and operating system you're using for keying the background out, such as Final Cut Pro on macOS or DaVinci Resolve on Windows, as I used in my testing.

(Image credit: Future) Should I buy the Razer Blue Screen? Buy it if...

You want a convenient setup
The Razer Blue Screen excels on the simple fact of convenience. Being a pull-up means there's no faffing around with stands or sheeting.

You want solid construction
The metal base and cross-reinforced plastic braces on the Blue Screen provide a reliable and sturdy finish, and you won't have to worry about it falling over.

Don't buy it if...

You want a more affordable choice
The quality and convenience of the Blue Screen come at quite a price, and if you want a more wallet-friendly choice, then there are plenty of other options available.

Also consider...

Still not sold on the Razer Blue Screen? Here's how it compares to two similar products.

Elgato Green Screen
This is a great alternative because it offers a similarly convenient solution from a trusted brand in the streaming / content creation space with the benefit of a pull-up stand. It is also slightly shorter if you don't need a 94-inch screen.

Stay tuned for our full review of the Elgato Green Screen in the future.

Neewer Green Screen Kit
This is a great alternative because it offers the complete package for a more professional, and permanent, backdrop with stands, different color screens, and soft-box lights. It also offers an even larger area for capturing even more.

Stay tuned for our full review of the Neewer Green Screen Kit in the future.

How I tested the Razer Blue Screen

• Used and tested for more than one week
• Tested it with Windows and macOS editing software
• Evaluated against other green screens

I used the Razer Blue Screen for a week as a screen for recording test film that was captured in OBS as if I was streaming for keying the blue screen out. I also recorded test footage that was edited in both DaVinci Resolve on Windows and Final Cut Pro on macOS to best utilize the blue screen.

Throughout my period testing the blue screen, I compared it against the Elgato Green Screen and Neewer Green Screen Kit, as well as a similar full-size kit I had purchased myself prior to the review.

Read more about how we test

First reviewed January 2025.

• Global data consumption is up 15% YoY, 113% in five years, DE-CIX report claims
• 2024 traffic stood at 68 exabytes, a staggering amount of data
• Sporting events and video gaming are responsible

Global data traffic hit a new record of 68 exabytes in 2024, marking a considerable 15% jump from 2023’s 59 exabytes, a report from a major data handler has claimed.

New figures from DE-CIX show overall traffic has more than doubled since 2020, when the pandemic caused millions of workers to be sent home and adopt new hybrid and remote working patterns.

In 2020, global data traffic stood at just 32 exabytes – now, DE-CIX says five years later, we’ve seen 113% growth, as consumption subsequently rose to 38 exabytes in 2021, 48 exabytes in 2022, and 59 exabytes in 2023.

Global data traffic rise

To put it into perspective, 2024’s 68 exabytes of data, exchanged across 3,400 global networks, would equate to a stack of paper 20 times higher than Mount Everest if printed. The same amount of data equates to streaming a high-definition video for two million years continuously.

The company also noted the impact of the UEFA Champions League and video gaming on internet traffic, with 2024 peaking at 24.92 terabits/second on November 20 to coincide with multiple game launches.

Although gaming accounted for the largest share of traffic in 2024, peaking in the third and fourth quarters, video conferencing also saw a post-summer uptick with hybrid working as the 'new normal' despite tech giants’ best efforts to bring people back into the office.

The data comes specifically from DE-CIX, the world’s leading Internet Exchange operator, which operates 60 locations across Europe, North America, South America, Africa, the Middle East, and Asia.

The news comes shortly after Cloudflare announced similar findings, claiming global internet traffic rose 17% year-over-year. Its study emphasized Google’s dominance of both the browser and the search markets, while also exploring the prevalence of artificial intelligence and social media.

You might also like

• Many businesses really need to boost their "digital health"
• Get yourself online with the best free website builders
• We’ve listed the best web hosting providers

• DeepSeek is now the most popular free app in the US and UK Stores
• But the ChatGPT rival appears to be struggling to cope with demand
• The Chinese start-up is experiencing server outages and login issues

DeepSeek is the most popular app in the world right now and the AI chatbot might be struggling to meet demand.

The new ChatGPT competitor created by a Chinese start-up is experiencing service outages and the company's status page claims it is investigating possible causes.

The AI chatbot has gained worldwide acclaim over the last week or so for its incredible reasoning model that's completely free and on par with OpenAI's o1 model. According to the company's status page, there's an issue that is preventing users from signing up and accessing DeepSeek and its DeepThink R1 AI model.

While I've not experienced any issues with the app or website on my iPhone, I did encounter issues on my Pixel 8a when writing a DeepSeek vs ChatGPT comparison earlier today. It appears that creating new accounts is causing DeepSeek issues, often showing errors when a user attempts to send a prompt.

The latest incident appears to be resolved as of 9:32pm Chinese local time (8.32am ET / 1.32pm GMT). But considering the huge influx of users, there could be further issues throughout Monday and the rest of the week.

Teething issues

(Image credit: Future)

DeepSeek has taken the world by storm by offering an AI chatbot that's as good, if not better, than OpenAI's class-leading ChatGPT.

While that's excellent for people looking to get their hands on a free AI with immense capability, it could lead to issues and outages more frequently as the servers struggle to cope with demand.

We'll be monitoring this outage and potential future ones closely, so stay tuned to TechRadar for all your DeepSeek news.

You may also like

• OpenAI starts the release of its o3 mini AI model for ChatGPT, and it's got a nice speed boost over o1
• 12 Days of OpenAI - Everything that was announced, including ChatGPT, Sora, o1, o3 and more
• Sam Altman reveals your biggest requests for OpenAI in 2025 and there are two I'd love to see happen

• One of Your Friendly Neighborhood Spider-Man's producers has revealed why it has a "unique" release schedule
• Brad Winderbaum says it's because there's "a lot of Marvel content in 2025"
• He's denied that Daredevil: Born Again's forthcoming release is to blame for YFNSM's compressed release format

Your Friendly Neighborhood Spider-Man's "unique" release schedule isn't a byproduct of Daredevil: Born Again's forthcoming launch, one of its executive producers has said.

Brad Winderbaum, who's also a producer on Daredevil's upcoming standalone series, told TechRadar that the latter isn't to blame for its sibling series' compressed release date format. Instead, Marvel's head of TV and streaming revealed that Your Friendly Neighborhood Spider-Man's (YFNSM) is simply down to the company's ongoing "experimentation of how episodic shows are released".

Ever since WandaVision, the first Marvel Cinematic Universe (MCU) show, debuted on Disney Plus, the comic book giant has trialled new ways of delivering its small-screen content to fans. So far, it's tested launching new shows with one-episode or two-episode premieres, and releasing new installments of series on a daily basis, which it did with What If...?'s second and third seasons.

A post shared by Spider-Man (@spiderman)

A photo posted by on

YFNSM's release schedule is another example of that experimentation. Confirmed on Instagram (see above), Spider-Man's latest animated series will arrive in four, multi-episode parts. The Marvel Phase 5 project's first two entries arrive on launch day (January 29), chapters three to five will debut one week later on February 5, episodes six and eight land on February 12, before the final two installments air on February 19.

With Daredevil: Born Again due out on one of the world's best streaming services just two weeks after YFNSM's first season ends, some fans have theorized that Marvel is pushing the latter out of the door early to make room for the highly-anticipated former's arrival. However, Winderbaum suggests that, while YFNSM's multi-episode schedule differs from the studio's traditional release format, this couldn't be further from the truth.

Your Friendly Neighborhood Spider-Man's first season will be released in four parts (Image credit: Marvel Studios)

"I think that you can see with many streamers, including Disney Plus, there is a lot of experimentation going on with how episodic shows are released," he told me. "I'm a big fan of week over week. Part of that [reason] is that anticipation and the other is having to go through the week between [last episode's] cliff hanger to get the payoff. That's the TV show experience, so I like some sort of week over week cadence.

"But, there's a lot of Marvel content [being released] in 2025," he added. "We want to make sure that everything has room to stand on its own feet, so that was the reason to release it [YFNSM] over four weeks instead of ten. It's also a very unique show that has a high school soap opera element to it. You know, it's kind of our version of [Canadian high school series] Degrassi High in a lot of ways and there's a feeling of wanting to see that next step in the character journey, especially when you get into the into the latter two thirds of the of the season You really start to get used to those characters. You want to start seeing them interact and seeing those character setups pay off, so I'm excited for fans to get a different kind of viewing experience."

I'll be covering YFNSM in more detail throughout its first season. For now, find out why its showrunner has defended its divisive animation style in the wake of fierce fan criticism, or get the lowdown on everything we know about Daredevil's TV return by reading my Daredevil: Born Again guide.

You might also like

• Find out how to watch the Spider-Man movies in order
• Or see if you agree with our ranking of the best Spider-Man movies
• Alternatively, learn how to watch the Marvel movies and TV shows in order

• AMD FSR 4 will supposedly be a ‘drop in’ replacement for FSR 3.1
• In theory, that means all FSR 3.1 games should support the newer tech
• This is just a rumor, though it chimes with hints AMD has already dropped

AMD could have a whole bunch of games lined up for FSR 4 support, its frame rate boosting tech exclusive to incoming RDNA 4 graphics cards, right from the get-go (one of which will be Call of Duty: Black Ops 6, pictured above).

So far, there’s been something of a guessing game as to how FSR 4 support could shake out – especially given that Nvidia has a lot of PC games lined up for its rival DLSS 4 from launch – but this is the best news Team Red fans could’ve hoped for.

The theory is – and it is just a rumor, floated on X by a regular hardware leaker, Kepler – that AMD is just going to replace the existing FSR 3.1 DLL file with the new FSR 4 one.

The RDNA4 driver replaces FSR 3.1 DLL with FSR4January 25, 2025

What that means, as a drop-in replacement, is that FSR 4 will be compatible with all existing FSR 3.1 games, without the game developers needing to do anything. In other words, it’ll ‘just work’ with the existing titles that are covered for FSR 3.1 support.

Or this ‘should’ be the case, as Kepler phrases it, so we must note that they aren’t fully sure on this. As ever with rumors, we should exercise caution around them, but in this case, AMD has already hinted that FSR 3.1 games would get FSR 4 in marketing materials (during the FSR 4 reveal at CES 2025).

As VideoCardz, which noticed the above post, points out, there are in excess of 50 games which currently support FSR 3.1, so should be good to go with FSR 4.

If you’re wondering why that support is based on FSR 3.1, rather than FSR 3, it’s because AMD made the move to include frame generation with the former, so the latter being brought up to FSR 4 would require a lot more work than just dropping in a new DLL file.

(Image credit: Shutterstock) Analysis: Good news, but with that RDNA 4 catch

This is seemingly good news, then, for those looking at buying an RX 9070 graphics card, which will be the first boards to use FSR 4 when these next-gen GPUs are released in March. Indeed, AMD has already said that the reason it’s taking a bit more time with these RDNA 4 graphics cards is to get them right for launch, and perfect the graphics drivers as well as enabling more FSR 4 games.

This sounds like a smart move to me, especially given the rumors around Nvidia’s RTX 5000 range, which currently make it seem like there’s no a big rush to get RX 9070 on sale. I’d like all these next-gen GPUs to be on sale sooner rather than later, ideally, but if I have to wait for a good product, then so be it.

AMD’s FSR 4 sounds like a sizeable stride forward for frame rate boosting from Team Red, but the catch, of course, is that it’s exclusive to RDNA 4. This goes against the grain for FSR in that the tech has previously been open in nature and available for Nvidia RTX GPUs, as well as previous-gen AMD graphics cards (back to the RX 5000 series, technically, albeit not with frame generation).

So, it’s a definite shame to lose that aspect, but that’s seemingly the price Team Red has had to pay for making FSR 4 offer better quality upscaling (and frame generation). Given the constant chatter from gamers about how AMD is behind DLSS in this respect, I’m hardly surprised Team Red made this call, but as we’ve discussed in the past, it’s a compromise which some PC gamers could find difficult to accept.

You might also like...

• Nvidia RTX 5090 review: the supercar of graphics cards
• Still worried RTX 5000 GPUs don’t have enough VRAM? Nvidia’s secret weapon is powerful AI texture compression, and it’s calmed some of my fears
• AMD vs Nvidia: who is the graphics card champion?

• A new menu has been spotted when you drag-and-drop files in Windows 11
• Currently only available in a (very) early version of an upcoming Windows 11 update
• Could it be enough to convince Windows 10 users to upgrade?

Microsoft is struggling to convince some people to upgrade to Windows 11 – but a new feature that’s currently being tested out could make people change their minds.

The feature is known as ‘Drag Tray’, and as Tom’s Hardware points out, it will appear when the user selects and drags a file in File Explorer, offering quick options to send the file via email, or to your smartphone.

The Drag Tray was spotted by X user phantomofearth in an early version of an upcoming Windows 11 update, known as Insider Preview Build 22635.4805.

Microsoft is experimenting with a new file sharing UI in Windows 11: the "Drag Tray". When dragging a file, the tray shows up at the top of the screen with a drag here to share hint and lists a few apps. Has a more options button to open the share sheet. (hidden, Beta 22635.4805) pic.twitter.com/LXpkTwKZu2January 24, 2025

As you can see from the video, dragging a file from File Explorer and dropping it on an icon of an app within the Drag Tray will open up the app and automatically attach the file. It looks pretty slick, and being able to drag and drop a file from your Windows 11 PC to your smartphone could prove to be incredibly helpful.

However, judging by the video, it looks like this feature will work best with Microsoft’s own apps – it uses the Phone Link app to send files to your phone, and either Outlook or Mail to send the file via an email attachment.

This shouldn’t be too surprising, as it’s obviously easier for Microsoft to integrate new features like this with its own apps, but if you use a different email client, such as Thunderbird, then you might not get the best experience. All is not lost, however, as in the video, we can see a ‘More options’ button, which looks like it’ll allow you to choose other apps.

It’s also worth bearing in mind that this is just a short video clip without much context – so we don’t know if you’re able to choose and rearrange the apps that are displayed in the Drag Tray, or if third-party apps appear if you have them installed, and they are simply not in the video as the user only uses Microsoft apps.

When will we get it?

Another important consideration is that this looks like it’s a very early glimpse of the Drag Tray feature, and that means the finished product could look and behave a lot differently from what we see here – and that also means more apps could be supported.

It certainly looks like it could be a very useful addition to Windows 11, and if it works well, it could convince people still using Windows 10 to upgrade to the newer operating system. This is a key aim for Microsoft, as there are still a significant number of Windows 10 users who don’t want to switch, but after October 14, 2025, the company will stop supporting Windows 10 with free updates, and that could leave Windows 10 holdouts in a tricky situation.

Adding cool new features like this to Windows 11 is a much better way to convince people to move to the operating system than some of Microsoft’s more heavy-handed attempts in the past.

However, we don’t currently know when we can expect Drag Tray to arrive. As Tom’s Hardware points out, Microsoft didn’t even mention Drag Tray in its release notes for the update, and it’s currently only found by using a third-party app called ViVeTool.

This suggests that the feature is very early in development, so don’t expect it any time soon. Presumably, Microsoft will continue to work on the feature and release it to Windows Insiders for testing over the coming months, where people who have signed up to be Insiders can test it out and report back if there are any bugs or issues.

Assuming that all goes to plan, then Microsoft could roll out Drag Tray to all Windows 11 users in the future. How long that will take is anyone’s guess, and there’s also the risk that the company doesn’t continue to work on it, and quietly drops the feature altogether.

That would be a shame, as adding new features like this to make Windows 11 easier to use is the best way Microsoft can convince people to upgrade from Windows 10 – and it’ll also benefit those of us who are already using Windows 11.

You may also like...

• Windows 11 remains an unloved OS – but why won't people upgrade?
• Upgrade to Windows 11 or take the risk: Microsoft warns about Windows 10’s end-of-life date once again
• Businesses are still stuck on Windows 10, refusing to update to Windows 11

• Security researchers find new ad for the sale of a stolen database
• The database belongs to the American National Insurance Company, and was first stolen in 2023
• It contains information belonging to thousands of customers and employees

Sensitive information belonging to thousands of customers and employees of the American National Insurance Company is being sold online after initially being stolen years ago, experts have claimed.

American National Insurance Company (ANICO) is a financial services organization providing a wide range of insurance and financial products, including life insurance, health insurance, property and casualty insurance, annuities, and pension plan services.

In 2023, the company suffered a cyberattack and lost sensitive customer and employee data. Now, almost two years later, the stolen information seems to be surfacing.

Plenty of sensitive information

The team at SafetyDetectives discovered the ad for the sale on a hacking forum, noting the seller was offering a 90MB CSV file, which, judging by a shared screenshot, seems to have been posted on BreachForums, one of the most popular hacking communities out there.

The seller claims the file contains 279,332 lines of sensitive customer and employee data. They also shared a small sample to prove their claims.

The data contains customer account ID numbers, status, email addresses, full names, birth dates, age, gender, marital status, generation, occupation, phone numbers, language, postal address, Inforce Premium amount, Inforce Premium amount annuity, and type of policy.

Employees have also lost information on their years in force, agent names, agent emails, MLGA/RGA names, and MLGA/RGA emails.

“This report issued by data breach lawyers at Console & Associates, P.C probing the 2023 data breach asserts that Social Security Numbers, financial account information and medical information was also exposed,” the researchers said.

“However, our cybersecurity team cannot verify if the data shared in this forum post includes such sensitive information or is linked to the reported breach as the author does not specify the exact source of the data beyond mentioning its presence on the dark web.”

More from TechRadar Pro

• Data broker has database of over 100 million people swiped and put up for sale online
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

When Sniper Elite 5 was released back in 2022, it really felt like Rebellion had finally nailed down its World War 2 stealth sim. Clearly, the team felt the same way as Sniper Elite: Resistance is more of Sniper Elite 5.

This time around the mantle is handed over to Karl’s long-time co-op partner Harry Hawker, who just so happens to also be on a mission in France in 1944. Despite feeling like a bit of an expansion pack, Sniper Elite: Resistance is a full-blown entry, with even more to do than in the previous game.

Review info

Platform reviewed: PC (Via Steam)
Available on: PS5, PS4, Xbox Series X|S, Xbox One, PC
Release date: January 28, 2025

In typical Sniper Elite fashion, Resistance follows the well-trodden plotline of ‘the Nazis have developed a new superweapon that could turn the tide of World War 2; you’ve got to stop it’ that we’ve seen before in Sniper Elite 3 and 5.

This time around Harry is working with the local resistance fighters to take down the Kliene Blume nerve agent, which could have devastating effects should the Germans follow through with it. It’s a somewhat predictable storyline, but that’s not really why you’re here anyway.

In the Sniper Elite series you play through missions, each one containing its own miniature open world or sandbox packed with specific objectives and hidden secrets for you to take at your own leisure. I absolutely loved this approach in previous entries, and it’s just as good in Sniper Elite: Resistance.

One fear I had going in was whether the levels would feel too similar to Sniper Elite 5 due to both games being set in 1944 France, but for the most part, things feel distinct enough to warrant a return trip. Although some stages are a touch familiar – this game’s Lock, Stock, and Barrel mission feels extremely similar to the previous entry’s Occupied Residence.

Plus, there are familiar areas like Chateau houses and train stations not only returning from 5 but, multiple appearing across the game. It’s not a dealbreaker by any means, and the levels themselves are still jam-packed and varied (outside of level four just being an expanded version of the first stage).

We bring the boom

(Image credit: Rebellion)

And of course, there’s the gunplay. As you would expect from a series named after it, the sniping is the star of the show once again. There are a tonne of helpful features – like the slowdown reticule that shows you where the bullet will land – that allow even a first-time player to nail satisfying long-range shots.

This is complimented by the X-Ray system, which shows a slow-motion animation of the bullet impacting with your chosen Nazi, and you’re treated to an in-depth look at how your shot obliterates their skull, guts, or testicles in graphic detail. It can be a bit off-putting at times (the teeth animation is horrid), but it’s just over the top enough to not feel disturbing.

However, the most impressive – and satisfying – bit of Sniper Elite is when you disregard these and work with wind markers and bullet drop estimates built into your scope to nail that perfect shot yourself. You also have access to the likes of machine guns, pistols, and explosive weaponry to cause a bit of fuss with or to get you out of scrapes when things awry. You could absolutely play the game running around with a machine gun, but the non-sniping weapons aren’t quite as satisfying as the main event.

I’m also a big fan of close-quarters combat; being able to sneak up on enemies for a takedown is a great risk/reward that allows you to stay silent while taking the risk to approach an enemy. Sniper Elite: Resistance is a great sniping game, but it's possibly even better as a stealth game.

Spy vs. Spy

(Image credit: Rebellion)

There are a few multiplayer modes available in Sniper Elite: Resistance, including a wave survival mode and standard multiplayer modes like Free For All and Team Deathmatch. However, I was unable to find a match of these during the review period, with no option for bot matches available.

But I did get some matches of the returning Axis invasion mode, which allows you to invade or be invaded during a single-player game. Once you get the pop-up alerting you that a Sniper Jaeger has arrived, it immediately changes the tone of a mission. While you can try and complete your objectives as normal, that extra layer of tension can either allow the Sniper Jaeger to get the drop on you or inadvertently alert the existing enemies as you search for them.

Both sides of this mode are the absolute highlight of the game; the one-versus-one cat-and-mouse game that is introduced is such a satisfying addition that completely changes the game. And there’s nothing better than being able to outdo your opponent and take them out via a well-placed snipe or sneaking up on them for a close-range takedown.

Have a propa-ganda

(Image credit: Rebellion)

Sprinkled throughout the maps of Sniper Elite: Resistance are propaganda posters for the French resistance fighters. Collecting these in each map will unlock a new mission set in that map in the brand new Propaganda Challenge mode.

These are bite-sized arcade-style encounters that challenge your skills in the game's various departments to take down a number of enemies within a time limit.

There’s stealth – which arms you with just a pistol and a dream – where unseen takedowns will add time to your clock. The sniping challenges give you a great look across the map as you pick off enemies one by one, with each headshot adding time.

Best bit

(Image credit: Rebellion)

Axis Invasions continue to be the greatest addition to the series. Invading or being invaded by another player mid-mission is always a treat, and the multiplayer stealth and sniping battles are incredibly satisfying, especially when you sneak in that perfect headshot.

While these only last a few minutes, and are only available in seven of the game’s missions, the Propaganda Challenge mode is a great new addition. It gives me the same feeling that Resident Evil’s mercenaries mode does.

Running through a stage and planning the optimal route adds a nice bit of extra replayability as you aim to boost your score each time. I would love to see this mode be expanded on, either via DLC (downloadable content) or whatever the next game is, because it left me wanting more.

I played Sniper Elite: Resistance at 1440p/120fps with HDR on PC. The settings on Ultra for texture detail and Medium for the other options. The game itself ran pretty much perfectly, with only a few noticeable drops here and there.

However, there were a few glitches in my experience. I had a few moments where Harry would get himself stuck on stairs or ledges. A particularly annoying one was in a mission where I had the option to poison a target; however, the prompt to use the poison in his drink never appeared, leading me to be locked out of the bonus kill option for that mission.

Should you play Sniper Elite: Resistance? Play it if...

You want more Sniper Elite 5
Sniper Elite: Resistance is an expansion of the mechanics and modes introduced in the last entry. The return to France makes some maps feel familiar, but the new levels stand up to the high standards of Sniper Elite 5.

You’re looking for a fun stealth game
While the name may imply a focus on sniping, Sniper Elite: Resistance is a level-based open-zone stealth game with a lot in common with the likes of Metal Gear Solid 5 and Hitman: World of Assassination.

Don't play it if...

You got your fill of Sniper Elite 5
On the other side of the coin, if you have played Sniper Elite 5 or simply got your fill of it three years ago, Sniper Elite: Resistance is more of that. The French setting doesn’t reuse levels from 5, but some feel extremely familiar. Plus, there are no new mechanics to speak of.

You don’t have patience
Sniper Elite Resistance can be extremely punishing if you don't plan things out carefully. While I revel in the challenge of stealth, I can imagine the game getting quite frustrating if you aren’t attuned to it. Plus, with the propaganda missions and weapon upgrades being spread across the maps, the slow pace may make things drag. View Deal

Accessibility

Sniper Elite: Resistance has a number of accessibility features, including subtitle options, auto-run and climb, HUD opacity settings, and aim assist. The game also features adjustable difficulty and settings like Automatic skill upgrades.

You can adjust the subtitle colors, and there are three color-blind settings; however, these are just labeled 1, 2, and 3 rather than listing the name of the specific color blindness. There is a diagram shown to help you decide, however.

How I reviewed Sniper Elite: Resistance

(Image credit: Rebellion)

I played roughly 15 hours of Sniper Elite: Resistance. During this time I completed the main campaign, completed every Propaganda Challenge mode mission with a gold rating, and played a number of rounds of Axis Invasion as an attacker.

I reviewed the game on a gaming PC, which runs with a Nvidia RTX 3060Ti graphics card and an AMD Ryzen 7 5800X processor. I used a Samsung Odyssey G5 27" Curved Gaming Monitor with a Sony 3D Pulse Headset and played the game using a DualSense wireless controller.

First reviewed January 2025