Feed aggregator

• TransUnion reported a data breach with 4.4 million Americans affected
• The threat actors claim the attack is much larger
• Users should be wary of incoming emails

TransUnion, a major American credit reporting company, suffered a data breach in which it lost personally identifiable information (PII) on more than 4.4 million American citizens.

In a new report, filed with the Maine Attorney General’s Office, the company said it was struck on July 28, 2025, and that it spotted the intrusion two days later.

The data lost in the incident is “limited”, TransUnion said, without detailing the type. It did stress that credit reports and core credit information was not exposed in this attack. It still decided to give affected individuals 24 months of free credit monitoring and identity theft protection.

Save up to 68% for TechRadar readers on Aura's Identity theft protection

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.View Deal

ShinyHunters

At the same time, BleepingComputer discovered that the attack was the work of ShinyHunters, who broke into the company’s Salesforce account to steal the information.

“A wave of Salesforce data theft attacks has impacted numerous companies this year, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas,” the publication said. ShinyHunters confirmed with the publication that they stole more than 13 million records, with the 4.4 million mentioned above relating only to US citizens.

The group shared a sample, as well, showing people’s names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security numbers (SSN). This type of information can hardly be described as “limited”, as it is more than enough to use in identity theft, phishing, and other forms of cybercrime. Crooks can open bank accounts in people’s names, take out loans, and even apply for tax cuts and returns.

The data also includes the reason for the customer transaction, such as a request for a free credit report, which can also be used to target the victims with convincing phishing attacks, deploying malware or stealing even more information.

ShinyHunters also told BleepingComputer they stole customer support tickets and various messages stored in Salesforce.

TransUnion is one of the three major consumer credit reporting agencies in the US (alongside Experian and Equifax). It collects and maintains credit information on individuals and businesses, then provides credit reports, scores, and identity protection services to lenders, businesses, and consumers.

How to stay safe

To mitigate potential risks, users should place a credit freeze (or fraud alert) with all three credit bureaus, preventing new credit accounts from being opened in their name without approval.

They should also monitor their credit reports, and use TransUnion's offer of free identity theft monitoring.

Finally, they should watch their financial accounts closely, and be extra cautious with incoming emails and other communication. Since attackers now know their contact info, they might send convincing fake emails, texts, or calls pretending to be banks, government agencies, or even TransUnion itself.

Via BleepingComputer

You might also like

• TransUnion's data stolen in major data breach
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

When North Korean leader Kim Jong Un visits China next week for a military parade, it will be his debut at a gathering of foreign leaders for a rare meeting of China, Russia and North Korea.

(Image credit: Korean Central News Agency)

It's official – Harlan Coben's Lazarus is coming to Prime Video on October 22, with all six episodes set to drop on the streaming service at once. Starring Bill Nighy and Sam Claflin, the new crime thriller will follow a forensic pathologist (Claflin) who investigates cold-case murders after returning to his family home following the death of his father (Nighy).

Crime bods among us will know this is far from the first time we've been able to stream a Coben story. Fool Me Once, Missing You, and Stay Close are all among those adapted from his novels. The difference is, we've typically been streaming the crime dramas on Netflix for the past few years.

So why has Lazarus crossed over to Prime Video? Not only is the answer much more straightforward than you think, but it's going to be easier than ever for new and old fans alike to watch the new series, and that's a good thing.

Harlan Coben's Lazarus isn't the first adaptation that's been made for Amazon

Cast your mind back to 2018. Coben had just signed a five-year deal with Netflix to adapt 14 of his existing novels for the streaming service, which include the titles I've mentioned above. As they started appearing from 2020 (beginning with The Stranger), he's officially reached the end of the five year period.

But even before that, Coben's Shelter had already been adapted for Prime Video in 2023 (you can catch the trailer above). Because the Mickey Bolitar books weren't part of what was outlined in the Netflix contract, Coben had total free reign to do this. Two years later, and that seemingly started an entirely new streaming partnership.

It's also worth bearing in mind that Lazarus won't be an adaptation from an existing book, but instead comes from a script written by Coben and Danny Brocklehurst. This is another huge difference from the TV shows we've seen come before, and potentially highlights a new avenue of original ideas that the Prime Video partnership can explore.

Personally, I think Coben shifting from Netflix to Prime Video is an incredibly smart move. We're never going to lose the bank of content created for the former, but Prime Video is a service that has a lot of casual viewers thanks to its connection to Amazon Prime. My grandmother can watch Lazarus, so can my mum, alongside those who now think the other best streaming services are a rip off and want to cancel their subscriptions.

Even I, who normally wouldn't gravitate towards a crime procedural, feel more compelled to give Lazarus a go. And that, my friends, is savvy business planning.

You might also like

• It’s a bad week to be Jeremiah as The Summer I Turned Pretty season 3 episode 8 stops the wedding of the season
• A shocking lawsuit against Amazon makes me want to cancel my Prime Video subscription immediately
• 007: Road to a Million season 2 is better than any new James Bond idea Amazon could ever come up with

Whether you prefer a top-load washer or a front-loader, CNET's experts have identified the best washing machines you can buy today.

• Passwordstate's latest version patches an authentication bypass flaw
• It could be abused to access the Passwordstate Administration section without authentication
• There are workarounds, too

Passwordstate, an enterprise-grade password manager tailored for organizations and IT and security teams, is urging users to update their instances to the newest version and mitigate risks of potential authentication bypass attacks.

“Today we have released build 9972, which includes 2 security updates,” Click Studios, the company behind Passwordstate, said in its security advisory. “We recommend customers upgrade as soon as possible.”

The changelog for Passwordstate 9.9 - Build 9972, talks about a “potential authentication bypass when using a carefully crafted URL against the core Passwordstate Products’ Emergency Access page”.

Workarounds and mitigations

The CVE ID for the vulnerability is currently pending, so we don’t know the severity at the moment, but we do know that exploiting it allows threat actors to gain access to the Passwordstate Administration section. Depending on how easy it is to pull off, the severity score could be quite high.

Speaking to BleepingComputer, Click Studios also said there was a workaround for those who cannot patch that fast: "The only partial work around for this is to set the Emergency Access Allowed IP Address for your webserver under System Settings->Allowed IP Ranges. This is a short term partial fix and Click Studios strongly recommends that all customers upgrade to Passwordstate Build 9972 as soon as possible."

Passwordstate is a secure password vault used to store, organize, and control passwords, API keys, certificates, and other secrets. It is primarily an on-prem solution, although cloud-based options are available, as well. It is praised for its enterprise-level functionality and affordability versus higher-priced PAM tools, but also criticized for its steeper technical learning curve, setup, server requirements, and UI complexity.

Click Studios claims it is used by more than 370,000 users working in 29,000 companies, including government agencies, financial institutions, global enterprises, Fortune 500 companies, and others.

Via BleepingComputer

You might also like

• Hackers are distributing a cracked password manager that steals data, deploys ransomware
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Let's be honest. When movies leave your favorite streamer, some of them will be missed more than others – so when Rappin' leaves Prime Video in just under a week from now, there probably won't be people openly crying in the streets.

But while you can probably live without Mario Van Peebles showing his neighbors "how to drive out riffraff with rap music", there are some real gems leaving Prime Video at the end of this month and there are three in particular I think are must-watch movies.

For my picks this week I've tried to cover a wide range of movies, and I think it's fair to say that other than their impressive Rotten Tomatoes ratings these films don't exactly have much in common: there aren't many killer clowns in the literary biopic Capote or the urgent, suspenseful The Taking of Pelham One Two Three. But all three movies are guaranteed to entertain, albeit in very different ways.

Capote

Philip Seymour Hoffman is superb as the titular writer, and this dramatization of real events follows Truman Capote as he investigates the murder of a Kansas family. The big-city writer travels to small-town America with his friend, Harper Lee, and his research into the case and the friendship he forms with one of the killers lead to the creation of one of the classics of American literature, 1965's In Cold Blood.

The movie has a very high 89% rating from the Rotten Tomatoes critic roundup, and it comes with high praise from The New York Review of Books: "Capote is the only movie I know of that comes close to suggesting successfully what the complex process of creating a literary work actually looks like."

The Village Voice rated it too (no link available), saying: "Capote is a cool and polished hall of mirrors reflecting the ways in which Truman Capote came to write (and be written by) In Cold Blood." And Empire gave the movie the full five stars. It's "an outstanding film, anchored by a great central performance."

Terrifier 2

This is unlikely to appear in a double bill with Capote, but Damien Leone's slasher sequel has a whopping 87% rating from critics with strong stomachs. Once again Art the Clown targets teenagers in a small town, and over its two-plus hours the film delivers a stylish and genuinely frightening horror story.

This is not a movie for the faint hearted. "Skip dinner before you watch," LA Weekly recommends, "and maybe shower and then go do something nice for humanity afterward?" And HorrorBuzz was cautious in its praise, saying: "Mae West was once quoted as saying, 'Too much of a good thing can be wonderful!'. Here it depends entirely on how you felt about the first Terrifier."

But even Common Sense Media was won over. "The heinous Art the Clown returns in this intensely gory sequel that tries much harder – and is much smarter – than the original movie."

The Taking of Pelham One Two Three

This classic thriller was remade, largely unsuccessfully, as a Denzel Washington vehicle in 2009. But the one you want is the 1974 original starring Walter Matthau, which is currently sitting with an entirely deserved 98% on Rotten Tomatoes. It's the story of an audacious crime: four men get on a New York subway train, separate the carriage and hold 17 passengers hostage. If their demands aren't met, they'll shoot a hostage every hour.

Matthau's "wonderfully weary sense of irony is perfect," says The Hollywood Reporter, while the late Roger Ebert told Chicago Sun-Times readers that "What's good about Pelham's example of the form is that the performances are allowed enough leeway so that we care about the people not the plot mechanics. And what could have been formula trash turns out to be fairly classy trash, after all."

As Empire put it, it's "the kind of gritty, relentless thriller that could only come from the ‘70s" and it's influenced lots of culture: "Quentin Tarantino would later nick the criminals using colors as codenames gambit for Reservoir Dogs; the Beastie Boys reference it in the song Sure Shot."

You may also like

• A shocking lawsuit against Amazon makes me want to cancel my Prime Video subscription immediately
• I can’t wait for Fallout season 2 to dive into New Vegas – here are 6 things I’m desperate to see when the Prime Video show returns
• I’ve seen all the best Prime Video movies coming in August 2025 and this horror comedy is one you shouldn’t miss

• Nvidia’s China-specific H20 chips are off-sale, but scaled-down Blackwell chips could be approved
• China is a $50 billion opportunity for Nvidia, with potential for 50% annual growth
• China may not want to buy Nvidia chips over supposed security risks and US comments

Nvidia CEO Jensen Huang said that discussions with the US Government on allowing scaled-down Blackwell GPU sales to China have started, but it could take time to reach a deal.

According to Reuters reporting, Trump indicated that Nvidia could sell a less powerful version of Blackwell to China that’s 30-50% less capable than the regular version.

However, the White House fears that even stripped-down AI chips could support China’s military and technological strength, hence the delays that Nvidia is facing with regards to a decision.

Nvidia may be able to start selling low-performance Blackwell chips in China again

Huang estimates that China represents a $50 billion opportunity for Nvidia, potentially growing 50% annually if access to sell chips in the country is allowed. For a company with $46.7 billion in quarterly revenue, that’s a considerable opportunity.

Nvidia had already made the H20 AI chip for China to meet Biden-era export restrictions, but that got banned over security concerns when Trump came to power. Sales of the H20 in China are still on pause, but at an expense to Nvidia which is losing out on billions in sales.

In the meantime, China has been promoting the use of domestic chips to plug the gap left by stalled Nvidia sales. The country has also reportedly been asking local firms to avoid Nvidia’s chips, citing security risks.

China’s reluctance to buy Nvidia chips could be heightened further following comments from US Commerce Secretary Howard Lutnick, who said the plan is to make China addicted to American tech.

On the flip side, Huang argues that enabling American companies to sell AI chips in China helps the US set the standards and win the global race.

Nvidia recently posted a 56% year-on-year rise in quarterly revenue, noting a lack of H20 sales in China and a $180 million release of previously reserved H20 inventory from around $650 million in unrestricted H20 sales.

Huang commended Blackwell’s performance gains, adding that Blackwell Ultra production “is ramping at full speed.”

You might also like

• We’ve listed the best AI tools and best AI writers
• Access the world’s most powerful chips with the best cloud computing providers
• 15% of Nvidia and AMD China chip sales to go to US government - new export licenses subject to ‘unprecedented’ sales tariff despite ‘national security problem’

• A PlayStation 6 handheld is reportedly on the way
• The information comes from a reliable hardware leaker
• The handheld will allegedly be like the Nintendo Switch 2 and compatible with a dock

A reliable hardware leaker claims that Sony is working on a handheld version of the PlayStation 6, and it sounds an awful lot like a Nintendo Switch 2.

This information comes from the YouTube channel 'Moore's Law is Dead', which has previously accurately detailed PlayStation hardware ahead of its official reveal.

The handheld will allegedly be powered by an AMD system on a chip (SoC) codenamed 'Canis'. The leaker claims that Canis will feature four Zen 6c cores and two Zen 6 Low Power cores for running system tasks.

This apparently will be paired with a 16x Compute Unit RDNA 5 GPU.

Interestingly, the leaker says that the handheld will be compatible with a dock - one of my favorite features of the Nintendo Switch 2. In handheld mode, its GPU will run at 1.2GHz, which is then boosted to 1.65GHz when docked, to presumably support a higher output resolution.

They also speculate on the potential price, arguing that it will be around $500 in order to compete with the Switch 2.

Given the high cost of other Sony hardware, I think this price prediction might be a little far-fetched, but we'll just have to wait and see.

In related news, the company recently revealed a slate of pricey Ghost of Yōtei PS5 hardware and announced that it would be increasing the price of the console by $50 in the US.

You might also like...

• Call of Duty Next event – start date for the next Black Ops 7 reveal
• Kirby and The Forgotten Land’s Star-Crossed World expansion is a Nintendo Switch 2 upgrade that’s well worth the money
• Warhammer: 40,000 - Dawn of War 4 looks like a return to the glory days of the original real-time strategy game

• A rumor claims the Steam Deck 2 may not be here until 2028
• However, this feels like tentative speculation for a couple of reasons
• It's entirely possible that we might be in for a long wait for the Steam Deck sequel, though

The Steam Deck 2 might not arrive until 2028, or that's the latest theory floating down from the rumor mill regarding the sequel to Valve's handheld.

KitGuru noticed that Kepler has again dropped another rumor via the Neogaf forums (there've been a few hardware-related nuggets this week), and it's a very short and not-so-sweet revelation that: "Steam Deck 2 is 2028".

The comment came in a post that's actually about the Asus ROG Xbox Ally, when somebody commented about buying one of those - the portable arrives in October - weighed against the prospect of Valve bringing out something better in the near(ish) future.

Kepler quickly put paid to the idea that the Steam Deck 2 might be even remotely on the horizon. If the leaker is correct, we are going to be waiting three years for the next take on Valve's gaming portable - with it arriving six years after the original Steam Deck debuted - but that is, of course, a significantly sizeable if as I'll discuss next.

(Image credit: Future)Analysis: Speculation drawn from AMD, not Valve?

Obviously, this is just a rumor, and the nature of it - a throwaway one-liner in a forum post - should give more than a brief pause for thought.

As KitGuru points out, Kepler probably didn't tap a Valve contact for this info - though we don't know that for sure, it seems likely to be the case. This is because Kepler primarily deals in GPU (or CPU) rumors and so the likelihood is that they're basing this on information drawn from an AMD roadmap - which pertains to the expected chip to be used as the engine of the next Steam Deck.

So, that makes this speculation feel a littler shakier, but that said, Kepler has proved to be one of the more reliable leakers for GPU info - so I wouldn't dismiss this nugget out of hand, by any means.

Valve is already rumored to be working on a Steam Deck 2 - which is hardly a surprise - but seemingly the development road could be a long one. Back in 2023, a year after the Steam Deck launched, the expectation was a next-gen version of Valve's handheld wouldn't arrive for a few years from then - meaning people were hoping for 2026, not 2028.

If this rumor is true, what it also indicates is that Valve is planning on making the Steam Deck 2 a huge uplift with performance, with a much beefier SoC inside - the hardware available in 2028 is going to be a lot beefier, of course. And that aligns with previous chatter suggesting the company doesn't want an incremental release with the sequel to the Steam Deck, but a big stride forward.

All that said, I would underline that we should be very cautious around this speculation for now.

You might also like...

• Where to buy the Asus ROG Xbox Ally handhelds: latest pre-order details, key information, and best early retailer links to bookmark now
• Best Steam Deck games 2025: top picks for Valve's handheld console
• The Razer Handheld Dock Chroma offers Steam Deck owners a premium design and, of course, plenty of RGB

• Fly More Combo contents and Euro pricing seemingly unearthed
• Launch accessory list also revealed
• DJI Mini 5 Pro is expected to officially launch in September

As the rumored DJI Mini 5 Pro launch looms ever closer, what was one a steady stream of leaks has become more like a raging torrent.

This week has seen lots of interesting information spill out of the online rumor mill. For starters, there’s the emergence of a new video animation apparently showing the ultra-lightweight drone folding and unfolding, as posted on X (formely Twitter) by trusted drone tipster Jasper Ellens.

Unexpectedly the #Mini5Pro #Flymore might cost exactly the same as the current #Mini4Pro. Also, this video was found in DJI Beta software today hinting on a mid-September release? Let's break down these leaks: https://t.co/UbE9bldXeV Cheers! pic.twitter.com/18r6QbuHCqAugust 26, 2025

Ellens has also found evidence, hidden in the code of certain European web stores and posted on his website DroneXL, that points at the pricing for the DJI Mini 5 Pro Fly More Combo bundle. At €1129, it’s exactly the same as the current retail price for the DJI Mini 4 Pro Fly More Combo – which is great news considering the Mini 5 Pro seems set to offer quite an upgrade over its predecessor. (For reference, the current US and UK prices for the Mini 4 Pro Fly More Combo are $1758 and £979 respectively.)

Previous rumors strongly point to the Mini 5 Pro coming with on-board LiDAR and a camera with a 1-inch sensor – two major feature bumps over what’s been available on previous models in the Mini series.

Plus points

The DJI Mini 4 Pro has decent battery life – but the Mini 5 Pro may support much longer flight times (Image credit: DJI)

Ellens then followed up those leaks with yet another, tweeting out an image of what appears to be the retail packaging DJI Mini 5 Pro Fly More Combo itself – or, rather, the Fly More Combo Plus. This bundle apparently includes the RC 2 controller and three Flight Battery Plus units, each of which provide enough power for up to 52 minutes of flight.

A retail box image seems to show the DJI Mini 5 Pro #drone packaged with the @DJIGlobal RC 2 controller featuring a built‑in screen, reinforcing ongoing leak coverage from DroneXL’s #DJIRumors hub and reporting from @JasperEllens.https://t.co/88YCMGiANNAugust 28, 2025

It seems likely that buyers will have a choice between a regular Fly More Combo featuring standard batteries, and this one, which offers more flight time. It’ll be interesting to see if these Plus batteries are heavier and increase take-off weight beyond the magic 250g limit. My guess is that they will, and thus won’t be of much use to buyers who want to take advantage of the reduced paperwork and restrictions surrounding ultra-lightweight drones.

Packaging doesn’t usually emerge until very close to launch, so if this leak is genuine, I’d expect DJI to be officially announcing the Mini 5 Pro in the next few weeks. With a mid-September release date rumored, we may have confirmation of all the drone’s features, specs and price very soon.

• DJI Mini 5 Pro rumored specs
• 1-inch image sensor supporting up to 4K 120fps video
• 24mm lens with f/1.8 aperture
• 48mm medium telephoto shooting mode
• Gimbal supporting 225º movement, including vertical shooting
• Forward-facing LiDAR and omnidirectional infrared vision sensors
• 36-minute battery life

You might also like

• Crowdfunding begins for the world's first 'water-born flying camera' – here's what you need to know about the HoverAir Aqua
• I review drones for a living and I’m more excited about the DJI Mini 5 Pro than the Insta360 Antigravity A1 – here’s why
• Another DJI rival bites the dust as Autel quits consumer drones – here’s what you need to know

In today’s technology landscape, AI is a key catalyst driving innovation and new business models. What began as basic text and image generation has evolved into sophisticated agentic AI, autonomous systems enhanced by human oversight, delivering scalable, efficient solutions that give businesses a competitive edge.

If we look back over the decades, virtual assistants such as Amazon's Alexa and Apple's Siri were primarily designed as single-skill tools. Their functionalities were often limited to specific commands, such as playing music, setting reminders, or providing basic information.

While groundbreaking at their inception, these virtual assistants operated within clearly defined parameters, lacking the ability to integrate information across different domains or perform complex reasoning. Their utility, though significant, was circumscribed by their specialized nature.

However, the current trajectory of AI development points towards a profound shift, the emergence of autonomous agents that are now being embedded into the enterprise fabric agents. These advanced AI systems are designed to process and synthesize information from various sources, allowing them to tackle more complex assignments and engage in nuanced interactions.

This transition is not merely an incremental improvement but a fundamental redefinition of AI's potential, enabling agents to understand context, anticipate needs, and even learn from interactions to enhance their performance over time. This leap in capability allows for a more fluid and intuitive user experience, bridging the gap between isolated functions and integrated problem-solving.

Consumer and enterprise AI

The broader world of AI can be broadly categorized into two principal domains, each with distinct applications and implications:

Consumer AI: Everyday AI, like ChatGPT, found in personal devices, boosts individual productivity and convenience. However, these are largely reactive tools that require user prompts.

Enterprise AI: Business-focused AI, optimizing operations, decision-making, and automation across industries. Examples include AI for healthcare diagnostics, financial fraud detection, or manufacturing predictive maintenance. It aims to create efficiencies and competitive advantages.

The distinction between consumer and enterprise AI, while useful for categorization, is becoming increasingly blurred as AI technologies mature and become more interoperable. The advancements in natural language processing and machine learning, initially driven by consumer demand, are now finding profound applications in enterprise settings, and vice-versa.

This synergistic development is accelerating the overall progress of AI, paving the way for even more sophisticated and integrated AI agents capable of navigating the complexities of both our personal and professional lives.

Agentic AI reframes the AI landscape by moving beyond traditional consumer and enterprise applications toward autonomous decision-making systems that act with purpose and context.

It's vital to recognize these distinct verticals and manage expectations accordingly. A common pitfall in enterprise AI is the assumption that business tools will function with the same seamlessness as consumer AI.

This “expectation gap” necessitates adjusting our approach to integrating these technologies into enterprise settings. Understanding this distinction is fundamental to defining a clear roadmap for agentic AI adoption in the business world.

Embracing the XDO blueprint for enterprise implementation

For effective agentic AI implementation in an enterprise context, the XDO Blueprint is highly recommended:

X (Experience): AI's primary purpose should be to enhance human experiences. This includes improving customer experience, employee experience, partner experience, and even machine-to-machine interactions within connected systems.

D (Data): Enterprises can only leverage AI effectively if they thoroughly understand and manage their data. A significant obstacle is that enterprise data is often siloed within applications. Organizations must prioritize separating data from applications, defining metadata, and structuring their data catalogues, marketplaces, and contracts efficiently.

O (Operations): This encompasses two broad areas: IT Operations: AI agents can significantly automate IT tasks, from problem detection and correction to fulfilling requests and deploying resources. They bridge the gap between humans and machine data, generating valuable insights.

Business Operations: Agentic AI can drive autonomous, intelligent operations, leading to unprecedented efficiency and agility. It can transform workflows, decision-making, and customer experiences, enabling proactive adaptation and strategic growth. Without this framework, agentic AI risks becoming merely another underutilized tool in the enterprise arsenal.

The importance of agentic orchestration

Given the regulatory and governance frameworks under which businesses operate, orchestration is critical. Unlike deterministic business processes, agentic systems are inherently probabilistic.

Companies will soon contend with a growing number of AI agents from diverse vendors, built on various technologies. The challenge extends beyond mere deployment to orchestrating these agents across the entire enterprise.

While many SaaS companies are pushing AI agents and enterprises are developing their own on hyperscaler platforms, current AI orchestration solutions often focus on managing only their proprietary agents.

The real need is for enterprise-wide orchestration, connecting disparate subsystems and ensuring AI-driven processes function seamlessly across the entire business.

Companies that adopt the XDO approach, linking experience, data, and operations, are more likely to achieve effective agentic AI implementation.

We've featured the best AI chatbot for business.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

So far this year, M&S, Co-op, Cartier, Harrods and most recently, LVMH, have become victims of cyber attacks. While these events involving big name brands have captured headlines, they’re not the only ones.

New research has revealed that over half of UK businesses have experienced a cyber attack in the past three years alone, proving no organization is beyond the reach of cybercriminals. More startlingly, they’ve suffered a staggering £64bn loss in direct and indirect costs as a result.

As the cyber landscape continues to evolve, AI continues to democratize attacks, cyber groups become more entrepreneurial, and attacks from hostile nation states escalate, that figure is only set to rise.

Reports suggest M&S singlehandedly suffered a £300m profit loss due to the attack on its systems carried out by ScatteredSpider. This must serve as a warning to others. Businesses of all types must act to minimize the devastating impact attacks can have on business growth. Because it doesn’t matter how big or well-known you are. Everyone is at risk.

Shifting from a reactive to proactive cybersecurity strategy can help organizations stay ahead of evolving threats. The investment can mitigate the need to pay out potentially huge sums of money in the wake of the attack, and what’s more, there’s proof it has a positive impact on turnover.

Under preparation increases cyber costs

The rise of AI, increased exposure to international threats and the emergence of Cybercrime-as-a-Service (CaaS) are making the cyber landscape more challenging than ever.

The growing threat of attack methods like ransomware, phishing and supply chain attacks continue to impact businesses of all sizes. Despite this, businesses are often reluctant to implement advanced security measures due to initial high costs involved.

While these costs do initially appear steep for businesses with stretched budgets and other pressing priorities, they pale in comparison to the potential fallout of a cyber attack. The average cost of an attack can reach £721,000 for small to mid-size enterprises (SMEs) and run into the millions for large businesses. For SMEs in particular, this cost can be crippling.

Despite these potentially devastating costs, nearly half of UK businesses still admit to managing cybersecurity fully in-house. But faced with evolving and highly sophisticated threats, a fully in-house approach lacks the external expertise that is vital for keeping pace with cybercriminals.

Resiliency is a cyber must-have

Another major financial challenge for businesses is soaring cyber insurance premiums. But, it has to be said that they are a necessary investment in today’s threat landscape. In fact, the Cyber Security and Resilience Bill, due to be implemented in the second half of 2025, will require businesses to demonstrate cyber resilience, of which comprehensive cyber insurance is a crucial component. With the new bill coming into effect imminently, businesses must prioritize attaining proper insurance sooner rather than later.

And yes, premiums can be high. But having the right cyber protection in place can help to drastically reduce them. In fact, personal experience has shown that implementing measures like an extended detection and response (XDR) platform, multi-factor authentication and vulnerability scanning, can lead to a reduction in insurances premiums of up to 75%.

Cybersecurity as a revenue driver

More UK businesses are considering cybersecurity a strategic priority, with 77% planning to increase their cyber budget over the next year, and for good reason. On average, UK businesses generate an estimated £27bn in additional revenue annually from investing in cybersecurity.

While well-established and widely known brands can rectify the reputational damage breaches can cause, for smaller or less well-known companies, a negative reputation could be devastating. You cannot put a price on reputation.

So, by implementing measures like expert-managed solutions and robust threat detection, businesses can not only reduce their own cyber risk, but prove strong cyber credentials. As customers become increasingly cyber aware, this can now we a deciding factor in winning new business over competitors.

What’s more, outsourcing cybersecurity is cited by 68% of businesses to improve information technology (IT) systems in efficiency, increased performance and reduced IT downtime. Nearly half of respondents also said robust cyber security infrastructure had enabled them to take on more risk such as entering new markets or adopting emerging technologies.

Previously only viewed as a protection measure, businesses are gradually adopting the mindset of strong cybersecurity ultimately boosting streams of revenue and internal efficiencies, providing benefits beyond ‘simple’ security.

As cyber threats evolve, cybersecurity must as well

Reactionary cybersecurity can cost more than 10 times as much when recovering from an attack as businesses would spend on proactive measures.

By implementing cybersecurity, businesses can maximize efficiency, enhance customer trust and position themselves for sustained competitive advantage in an increasingly digital economy.

Early investment carries immense financial and operational benefits, but businesses must be well supported and educated on the necessary cyber measures to suit their specific business needs.

Cybersecurity is evolving as the threat landscape continues to be a growing concern. For some businesses, adopting cyber measures to protect against perceived threats is not enough and only by shifting mindset to see security as a revenue driver will UK businesses fully adopt the necessary measures.

We've featured the best endpoint protection software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• At least five Google ads campaigns were running, promoting spoofed software
• Someone trojanized different PDF editors to deliver infostealers
• Defenders are warning about the TamperedChef infostealing malware

Be careful when downloading a program called “AppSuite PDF Editor” - there are poisoned variants circulating around the web.

In late June, security researchers Truesec saw multiple websites, all spoofing the program, being published. At the same time, at least five different Google ads campaigns were set up to promote the websites.

Therefore, whoever searched for ‘AppSuite PDF Editor’ could have ended up on one of the many sites that were serving a trojanized version of the app. Those that downloaded it would get the usual installation process and user license agreements prompts in the foreground, while in the background, an infostealer and backdoor called TamperedChef was being deployed.

PDF Editors loaded with malware

What makes this malware particularly sinister is the deceptive delay with which it operates. It will wait for approximately 56 days before activating, most likely to give threat actors enough time to distribute the infostealer to as many victims as possible, before being spotted by the defenders.

"The length from the start of the [ad] campaign until the malicious update was also 56 days, which is close to the 60-day length of a typical Google advertising campaign, suggesting the threat actor let the ad campaign run its course, maximizing downloads, before activating the malicious features," Truesec said.

In the meantime, it will achieve persistence via Windows Registry modifications, and will create different scheduled tasks. Once activated, TamperedChef can collect browser credentials, session cookies, and other sensitive data, mostly by terminating browser processes and exploiting Windows Data Protection API (DPAPI).

It also performs system reconnaissance to detect which antivirus or malware protection tools the victim is running, and can function as a backdoor to deploy additional malware.

AppSuite is not the only PDF editor being spoofed in this campaign, either. PDF OneStart, and PDF Editor, have all been observed abused in the same (or adjacent) campaign.

Via The Hacker News

You might also like

• Criminals are impersonating a popular online PDF converter service to trick users into downloading malware
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Your weekend football-viewing plans can continue as scheduled.

Data is the cornerstone of successful modern businesses. From tailored marketing messages to personalized customer experiences, data-driven strategies have dramatically reshaped the competitive landscape.

However, the flip side of these advances is increasing scrutiny from customers over privacy concerns. The fundamental challenge facing businesses today is how to leverage valuable customer insights without eroding the trust that’s essential for long-term customer relationships.

Trust isn't just an ethical imperative, it is a tangible business advantage. According to a 2023 PwC survey, 87% of consumers say they would abandon brands that mishandle their personal information. Conversely, businesses that excel in transparency about their data practices are more likely to experience increased customer loyalty and stronger brand reputation.

Here’s how your organization can build and maintain customer trust in this delicate balancing act between personalization and privacy:

Make transparency a core principle

One of the simplest yet most impactful steps a business can take is to communicate clearly and transparently. Avoid drowning customers in legalese-heavy privacy policies. Instead, provide straightforward explanations:

- Use everyday language to explain clearly how and why customer data is collected.

- Clearly outline the benefits customers receive when they share data.

- Provide easy-to-understand visual aids or summaries alongside detailed privacy documents to improve understanding.

Research from the University of Michigan indicates simplified privacy disclosures significantly boost consumer understanding, satisfaction, and trust.

Practice thoughtful data minimization

Customers become wary when companies request unnecessary information. Implementing thoughtful data minimization can alleviate this concern:

- Continuously question whether each piece of collected data directly contributes to improving customer experience.

- Regularly review data collection practices to eliminate unnecessary or outdated requests.

- Minimize tracking technologies to essential functionalities.

Reducing data collection to the bare minimum simplifies security and compliance, lessens customer apprehension, and enhances your brand’s reputation.

Empower customers with real choices

Today’s consumers expect genuine control over their data. Surface-level control mechanisms no longer suffice. Instead:

- Create intuitive privacy preference centers allowing customers granular control.

- Clearly demonstrate how each privacy choice affects their experience.

- Facilitate easy processes for accessing, modifying, or deleting personal information.

A powerful example of this approach was Apple's App Tracking Transparency, which forced businesses to clearly articulate the value of data sharing and actually improved customer relations through transparent communication.

Show your security commitment clearly

Transparency around security measures significantly bolsters customer confidence. Without revealing sensitive details, clearly communicate:

- General data protection approaches and commitments.

- Security certifications and routine assessments conducted by your organization.

- Vetting procedures for third-party vendors handling customer data.

- Action plans and protocols for handling data breaches.

According to Experian, businesses that respond promptly and transparently to breaches retain significantly higher levels of trust.

Clearly articulate the value exchange

Consumers are more inclined to share personal data if they clearly see the benefits. Go beyond vague promises and explicitly communicate the tangible advantages of data sharing:

- Illustrate specific ways data enhances their experience, such as personalized recommendations or faster transactions.

- Demonstrate immediate value or convenience linked directly to specific data-sharing activities.

Making the value exchange explicit encourages customers to willingly participate in data sharing.

Cultivate an internal culture of data responsibility

Effective transparency and data privacy begin internally. Employees at all levels should be trained to prioritize customer trust:

- Regularly educate teams on the importance of customer privacy and transparent data usage.

- Ensure employees can confidently address customer questions about data practices.

- Establish clear guidelines and escalation paths for privacy concerns.

A knowledgeable and trained team is essential for building genuine customer trust.

Continuously listen and adapt

Maintaining customer trust is an ongoing process. Regular feedback mechanisms are crucial:

- Conduct frequent surveys specifically addressing data privacy and transparency concerns.

- Monitor customer interactions with privacy settings and adapt based on insights.

- Track privacy-related customer inquiries and complaints, using these insights for continuous improvement.

Companies responsive to customer feedback consistently maintain higher levels of trust and satisfaction.

Invest in advanced data governance tools

Adopting sophisticated data governance tools could streamline your privacy efforts. These tools offer capabilities such as real-time data tracking, automated compliance checks, and efficient audit trails. Such technology not only simplifies compliance but also proactively identifies potential privacy risks before they escalate into larger issues, thus further reinforcing customer trust.

Long-term strategic advantage through trust

In a market increasingly driven by data yet equally wary of privacy violations, trust has become a significant competitive differentiator. Enterprises that successfully balance personalized experiences with robust data privacy best practices will not only foster customer loyalty but also achieve sustainable competitive advantages.

By embedding transparency deeply into their customer relationships, businesses can convert privacy concerns from potential vulnerabilities into enduring strengths.

We've featured the best privacy app for Android.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Call of Duty Next will return next month (September 30), bringing a whole host of reveals related to Black Ops 7, Warzone, and Call of Duty Mobile. The start date has been revealed, and we can expect there to be a huge live event featuring all of the biggest Call of Duty streamers.

Black Ops 7 is likely to be the focus of Call of Duty Next, given that we've still got a fair bit to learn about the new FPS game. There's set to be a Black Ops 7 beta later this year, too, so hopefully we'll see more on what's included and how to participate. If early signs are anything, Black Ops 7 is a new direction for the series, one that could end up hitting with fans. The game could even end up on our best PC games list by the end of the year.

Here's the Call of Duty Next start date, as well as some info on what to expect based on last year's event. As we move into September, Activision is likely to announce more details on the streamers involved and the show length. For now, here's everything we know so far.

Call of Duty Next start date

(Image credit: Activision)

Call of Duty Next airs September 30, 2025. Precise timings have yet to be revealed, but given that it's usually held in Los Angeles, expect it to revolve around Pacific US Time.

Call of Duty Next - what to expect

Activision is yet to announce the full details for Call of Duty Next. What we do know is that it'll be a live event that shows off what's next for the franchise. This means Black Ops 7 reveals, Warzone updates, and details on future Call of Duty Mobile content. Here's what's been said about the event so far:

• First look at what's ahead for the COD franchise
• Black Ops 7 Multiplayer and Zombies gameplay and streamer access
• All new experiences in Warzone
• The latest content coming to Call of Duty Mobile

Call of Duty Next - predictions and what I'd like to see

(Image credit: Activision)

Call of Duty Next events are always a great mix of extended gameplay sessions and reveals around the new games. Personally, I'm not sold on Black Ops 7 yet, especially given we only got Black Ops 6 last year. I loved BO6, but dropped off shortly after launch, mostly pulled away by other games like Marvel Rivals.

I need to see more information on the Campaign, as the 'online co-op' aspect is ringing some alarm bells. Namely, reminding me of Modern Warfare 3, the last game that followed only a year after its predecessor. This Campaign was an underbaked and largely recycled mix of Warzone areas and open-ended gameplay. Hopefully, Treyarch can convince me that Black Ops 7 is indeed a full game, but I'll need to be shown proof at the Call of Duty Next event.

I expect there to be a focus on Multiplayer at the event, with map reveals and a look at the new movement mechanics. This will then be followed by a switch to streamer gameplay, as they'll likely all be in the same hall playing at individual stations. Call of Duty usually saves Campaign deep dives for later, but it's possible we'll see a short mission or get interviews with some of the actors that feature in the story.

You Might Also Like...

• Black Ops 6 review
• Call of Duty Warzone Mobile review
• The best crossplay games to play in 2025

Parishioner Cathrine Spandel said worshippers at Annunciation Catholic Church in south Minneapolis had just finished a psalm when gunfire erupted. "It seemed like it went on forever," she said.

(Image credit: Scott Olson)

The main thing I use my Quest for is workouts, and it's Meta's most unique calling card right now. Why isn't more being done with it?

Sure there could be AirPods and Watches, but what's with the thermal tease?

The father of a boy killed in the Minneapolis church shooting speaks out on how he wants his son to be remembered. And, a new acting CDC director has been announced.

(Image credit: Scott Olson)