Feed aggregator

A SpaceX rocket being tested in Texas exploded Wednesday night, sending a dramatic fireball high into the sky. The company said the Starship "experienced a major anomaly."

(Image credit: Susan Walsh)

The recent spate of cyberattacks targeting major UK retailers has sent shockwaves through the industry, exposing critical vulnerabilities in the sector's IT infrastructure. In just two weeks, high-profile brands including Marks & Spencer, Co-op, and Harrods have fallen victim to sophisticated attacks that have disrupted operations and potentially compromised sensitive data.

These incidents highlight a troubling pattern—threat actors are increasingly setting their sights on retail organizations, which represent lucrative targets due to their vast customer databases and the devastating operational impact of even brief outages. With millions in revenue lost and consumer trust at stake, these attacks serve as a stark warning that the retail sector must fundamentally rethink its approach to cybersecurity.

Security Nightmare Unfolds Across British High Street

The attack sequence began with Marks & Spencer falling victim to what appears to be a ransomware incident attributed to the notorious Scattered Spider group. The timing—over the busy Easter weekend—appeared deliberate, maximizing disruption when the retailer was least prepared to respond.

The consequences were immediate and severe—online ordering systems collapsed, click-and-collect services failed, and contactless payment gateways went offline. Some locations reported empty shelves as inventory management systems faltered, creating a visible manifestation of the digital chaos unfolding behind the scenes.

Within days, Co-op and Harrods reported similar security incidents, suggesting a coordinated campaign or the exploitation of common vulnerabilities across the sector. Co-op took the precautionary step of shutting down significant portions of its IT infrastructure, while Harrods restricted internet access across its operations. Though neither has confirmed the full extent of the breaches, the proximity of these incidents has raised alarms about a potentially systemic vulnerability being exploited.

The financial impact has already proven substantial, with M&S alone facing millions in lost revenue. Yet the long-term consequences—including potential exposure of customer data—may prove far more damaging to brand reputation and consumer trust.

The Industry & Community Responds

The severity of these attacks has prompted a coordinated response. The UK National Cyber Security Centre (NCSC) has emerged as the central coordinating body, working directly with security teams at M&S, Co-op, and Harrods to contain the damage and investigate attack vectors. The agency has simultaneously issued urgent, updated guidance to all retailers, emphasizing that these incidents likely represent a sector-wide threat rather than isolated cases.

Information sharing has become particularly important, with the NCSC working closely with the Information Commissioner's Office (ICO) and law enforcement to establish a unified response framework. Parliamentary committees have also stepped in, seeking assurances that adequate support is reaching affected businesses and that key lessons are being shared throughout the sector.

Industry experts have been blunt in their assessment—the retail sector can no longer afford complacency in cybersecurity matters. Legal and security professionals point to these incidents as evidence that modern attacks involve sophisticated reconnaissance, with threat actors often probing systems for months before launching their primary assault. The sector now faces pressure to fundamentally reconsider its approach to data governance, incident response, and customer transparency.

What Retailers Must Do—Strengthening Defenses Against Cyber Threats

With retail organizations clearly in the crosshairs of sophisticated threat actors, immediate action is essential. Based on security best practices and lessons from these incidents, retailers should implement the following protective measures:

Focus on external attack surfaces. The vast majority of breaches involve external actors exploiting internet-facing assets. Retailers must prioritize continuous monitoring of external systems, particularly ecommerce platforms, payment processing endpoints, and customer-facing applications that represent prime targets.

Implement comprehensive discovery. Security teams can't protect what they don't know exists. Discovery must span all business units, subsidiaries, and acquisitions, including cloud services, on-premise systems, and third-party integrations. Many retailers operate complex technological ecosystems with legacy systems and modern cloud computing infrastructure operating in parallel—each representing potential vulnerability points.

Test continuously, not periodically. The traditional approach of annual penetration testing is insufficient. Implement ongoing security testing across all exposed assets, including regular application security assessments and retail-specific security evaluations that account for the unique threats facing the sector.

Adopt risk-based prioritization. Not all vulnerabilities carry equal weight. Evaluate threats based on potential business impact rather than technical severity alone. Factors like customer data exposure, operational dependencies, and regulatory implications should guide remediation priorities.

Share intelligence broadly. Security isn't just an IT department concern. Integrate exposure management into existing business processes through automation and clear communication channels. Ensure findings reach relevant stakeholders from operations to customer service, creating a culture of security awareness.

These recent attacks are certainly a wake-up call for UK retailers, and other industries. Security can no longer be treated as an afterthought or compliance exercise, especially when sophisticated threat actors stand ready to capitalize on every vulnerability. With proper preparation and a proactive security posture, retailers can significantly reduce their risk profile and protect both operations and customer trust.

We list the best antivirus software in 2025 for PC.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The major storm threatens to unleash destructive winds near where the eye crashes ashore, flash floods and a dangerous storm surge, forecasters said.

(Image credit: Fernando Llano)

The U.S. State Department said it is restarting the process for foreigners applying for student visas but all applicants will now be required to unlock their social media accounts for review.

(Image credit: Alexander F. Yuan)

Here are the answers for The New York Times Mini Crossword for June 19.

Israel's President Isaac Herzog spoke with NPR in his official residence in Jerusalem on Wednesday, as President Trump was still weighing whether to intervene.

(Image credit: Benny Doutsh)

• Google’s new Gemini 2.5 Flash-Lite model is its fastest and most cost-efficient
• The model is for tasks that don't require much processing, like translation and data organization
• The new model is in preview, while Gemini 2.5 Flash and Pro are now generally available

AI chatbots can respond at a pretty rapid clip at this point, but Google has a new model aimed at speeding things up even more under the right circumstances. The tech giant has unveiled the Gemini 2.5 Flash-Lite model as a preview, joining the larger Gemini family as the smaller, yet faster and more agile sibling to the Gemini 2.5 Flash and Gemini 2.5 Pro.

Google is pitching Flash-Lite as ideal for tasks where milliseconds matter and budgets are limited. It's intended for tasks that may be large but relatively simple, such as bulk translation, data classification, and organizing any information.

Like the other Gemini models, it can still process requests and handle images and other media, but the principal value lies in its speed, which is faster than that of the other Gemini 2.5 models. It's an update of the Gemini 2.0 Flash-Lite model. The 2.5 iteration has performed better in tests than its predecessor, especially in math, science, logic, and coding tasks. Flash-Lite is about 1.5 times faster than older models.

The budgetary element also makes Flash-Lite unique. While other models may turn to more powerful, and thus more expensive, reasoning tools to answer questions, Flash-Lite doesn’t always default to that approach. You can actually flip that switch on or off depending on what you’re asking the model to do.

And just because it can be cheaper and faster doesn't mean Flash-Lite is limited in the scale of what it can do. Its context window of one million tokens means you could ask it to translate a fairly hefty book, and it would do it all in one go.

Flash-Lite lit

The preview release of Flash-Lite isn't Google's only AI model news. The Gemini 2.5 Flash and Pro models, which have been in preview, are now generally available. The growing catalogue of Gemini models isn't just a random attempt by Google to see what people like. The variations are tuned for specific needs, making it so Google can pitch Gemini as a whole to a lot more people and organizations, with a model to match most needs.

Flash-Lite 2.5 isn’t about being the smartest model, but in many cases, its speed and price make it the most appealing. You don’t need tons of nuance to classify social media posts, summarize YouTube transcripts, or translate website content into a dozen languages.

That’s exactly where this model thrives. And while OpenAI, Anthropic, and others are releasing their own fast-and-cheap AI models, Google’s advantage in integration with its other products likely helps it pull ahead in the race against its AI rivals.

You might also like

• Google Gemini 2.5 Flash promises to be your favorite AI chatbot, but how does it compare to ChatGPT 4o?
• Gemini's new Scheduled Actions feature puts catching up with ChatGPT on its dayplanner
• Google Gemini 2.5 just got a new 'Deep Think' mode – and 6 other upgrades

At the risk of sounding like someone who’s old before his time, I have a fairly substantial list of tech pet peeves.

At the lower end of the scale, I don’t understand folks who hold their phone at a distance when having a conversation, nor am I a fan of using a phone without a case. But if there’s one thing that I just can’t get my head around, it’s the enduring popularity of Apple's pro-level iPhones.

Don’t get me wrong, I have nothing against the likes of the iPhone 16 Pro. In fact, as a long-time iPhone user, I respect the device for being not just one of the best iPhones yet, but also one of the best phones, period. However, there seems to be a misunderstanding about who these top-tier iPhones are for.

It’s a conundrum that feels far less pronounced in the Android world, particularly as, from my experience, I tend to see tons of people rocking well-priced mid-range phones like the Samsung Galaxy A56. With that in mind, I think it’s time to set the record straight among Apple’s closest devotees.

I’m talking specifically to those who have yet to pick up one of the latest iPhone Pros in the hopes that I can convince you of why you don’t need one, and how you can find a better deal overall by opting for a different Apple device.

The clue is in the name

The iPhone 16 Pro Max running iOS 18 (Image credit: Future / Lance Ulanoff)

I will admit that there are some aspects of the iPhone 16 Pro that make it an alluring buy to an unsuspecting upgrader. As has already been discussed in detail on TechRadar, Apple's 120Hz ProMotion display is gorgeous, and it's a shame that Apple hasn’t yet seen fit to lift the refresh rate on the iPhone 16 beyond 60Hz.

The titanium build of the latest pro-level iPhones also sounds like a tempting concept, particularly if you fall into the category of those who prefer not having a case on their phone, or are liable to drop their handset on a somewhat regular basis.

These are great features to have, but you can’t tell me that they are worth the $200 / $200 / AU$250 upsell against the price of the standard iPhone 16. So, the question remains – what are you really paying for in a phone that costs $999 / £999 / AU$1,849? It’s the cameras.

I’ve been using the iPhone 16 Plus for some time now, and its dual camera setup hasn’t let me down yet.

The triple-sensor array on both the 16 Pro and the iPhone 16 Pro Max is nothing short of exceptional, and while the triangular design they carry has become something of a status symbol in itself, I have to be honest – by going for a Pro, you’re only buying extra features that you don’t need, because the cameras on the iPhone 16 are already great.

I’ve been using the iPhone 16 Plus for some time now, and its dual camera setup hasn’t let me down yet. It’s held up by the constant refinement of Apple’s behind-the-scenes computational processing that makes it nearly impossible to take a bad picture.

The only thing missing on the standard 16/16 Plus phones is the ability to shoot in Apple ProRaw and the LOG video format, but both of these features can only be put to use properly by professionals. If you’re a content creator or a professional photographer, these features are well worth the investment as you’ll get stunning quality in return. But for the average consumer, they're overkill.

Obsessing over cameras also overlooks the most crucial feature of all iPhones, the thing that keeps folks returning to Apple again and again: the software.

iOS is king for a reason

iOS 18 provides a great experience on all recent iPhones (Image credit: Apple)

Speaking for myself, there’s a reason why I’ve found it so hard to go back to Android, and it’s not just the digital ‘walled garden’ that Apple has created that makes such a feat trickier than it should be.

iOS is just easy to use, very intuitive, and brilliantly designed.

Even small things like the precise alignment of widgets are comforting – a feeling that’s exacerbated by Apple having some of the best versions of key apps around. The Weather app, for example, is clean and easy to understand, and Apple News is by far the most comprehensive app out there for staying on top of current events, particularly if you have a subscription to Apple News Plus.

This is why I can confidently recommend the iPhone 15 to friends and family in 2025, knowing that, in spite of the phone having a readily available successor, it can still provide a great overall experience thanks to the optimizations of iOS.

Plus, there’s a case to be made that the way to enjoy Apple’s ecosystem of services at their fullest is to invest in multiple products. So, to that end, I’d recommend picking up the iPhone 16 and putting the money you’ve saved against buying its Pro-level sibling towards a pair of AirPods Pro 2 or the highly underrated Apple Watch SE 2. You'll thank me later.

You might also like

• Best iPhone deals in 2025
• iPhone 17 tipped to get a larger screen thanks to smaller bezels – and that could be its biggest upgrade
• This iPhone 17 Air dummy unit looks incredibly slim next to an iPhone 16 Plus, it’s just a shame about the big camera

• HighPoint Rocket 7604A RAID card is half the size of the previous iteration
• Delivers nearly 60GBps using four Gen5 SSDs with no power cable
• First review shows it offers strong performance across both Intel and AMD platforms

The HighPoint Rocket 7604A is a PCIe Gen5 RAID card which targets professionals needing extreme sequential throughput in compact workstations.

While it builds on the legacy of the larger Rocket 1608A model, it manages to shrink the form factor by nearly half while maintaining similar performance.

The 7604A fits into a single-slot, half-length configuration and is powered entirely by the PCIe bus, with no external power required.

Eclipses previous record-holding models

TweakTown recently reviewed the card, describing it as “a masterpiece of engineering” that delivers 59.8GB/s sequential throughput using just four M.2 Gen5 SSDs.

This performance eclipses even the company's own previous record-holding models. It achieves this with a Broadcom PEX89048A RAID controller and four Gen5 x4 M.2 slots.

Testing spanned both Intel and AMD platforms. Intel systems had the edge in benchmarks like Anvil and Blackmagic, while AMD took the lead in certain file transfer scenarios.

Paired with four Samsung 9100 Pro drives (TweakTown notes that the drives must be bare to fit the card), the Rocket 7604A achieved nearly 60GB/s sequential throughput in CrystalDiskMark. "Better than any AIC we’ve ever encountered,” the site’s Senior Hardware Editor, Jon Coulter, observed.

On ATTO, it delivered up to 54GB/s, more than twice the throughput achieved with the 1608A using eight Crucial T705 drives.

TweakTown also reported that the 7604A broke multiple lab records, scoring 93,000 points in Anvil’s benchmark, far surpassing any previous flash-based AICs.

Users can configure software RAID via Windows, which supports RAID 0 and RAID 1, or use HighPoint’s own configuration utility to unlock additional options like RAID 10. The card also supports PCIe Gen4 SSDs, though throughput is reduced when used in that mode.

At $999, down from its original asking price of $1999, the Rocket 7604A is less expensive than its predecessor and many competitive solutions. It clearly isn’t made for casual users, but for anyone needing peak throughput in a constrained space, this card definitely delivers.

TweakTown awarded it 98% (dropping a few points for performance and value, but scoring the maximum for quality and features) and and named it Editor’s Choice.

You might also like

• These are the fastest SSDs you can buy right now
• What is RAID and JBOD?
• Build your own superfast virtual 32TB Gen5 SSD with this RAID PCIe Gen5 card

Serie A giants kick off their FIFA Club World Cup campaign on Wednesday at Audi Field against Abu Dhabi outfit.

The study, published in JAMA, followed teens for years and evaluated addictive behaviors, as well as suicidality.

(Image credit: Catherine McQueen)

There's nothing quite like the excitement of a new console; feverishly whipping off the packaging, setting up your user account, and loading up your games to settle in for an hours-long induction to your new system.

Thrilling though the process may be, there's a fundamental step all too often skipped: adjusting your settings. From Display and Audio settings to User, Lock, and software settings, there's plenty to tweak in your Switch 2.

I've spent a week with the console, and there are some must-change settings you should adjust before getting started; here are my recommendations.

1. HDR settings

(Image credit: Future / Nintendo)

Nintendo’s latest console supports HDR, and you can easily toggle this on and off within the settings. Simply head to Settings > Display > HDR Output and make sure this setting is on by default.

Don’t stop there, though, because there’s a second setting which allows you to choose which games it’s enabled for. Scroll down in the Display menu, and you'll see (confusingly) another HDR Output option. Select this, and you can choose between 'Always Enabled', 'Compatible Software Only', and 'Disabled'.

I’d recommend switching it on for compatible games instead of the default always-on setting to make sure non-compatible games look as good as ever.

2. Preserve the battery life

(Image credit: Future / Nintendo)

If you’ve suffered from battery degradation on your first-generation Nintendo Switch, you’ll be delighted to know that the Switch 2 offers a setting that caps your battery life at around 90 percent while it's on charge, which should help your battery long-term. Simply head to Settings > System > Stop Charging Around 90%.

You can easily toggle this on and off any time, so if you want a full charge every now and then for a long day of gaming in handheld mode, it’s just a matter of a quick trip to the settings. Alternatively, you can simply outsource the load and try a portable battery for your Nintendo Switch 2.

3. TV resolution

(Image credit: Future / Nintendo)

Gamers, rejoice - the Nintendo Switch 2 can support screen resolutions up to 4K, albeit at a 60Hz refresh rate and 60fps for most titles, but you might have different ideas for your new console. Again, head to Settings > Display > TV Resolution.

Within the settings, you can toggle automatic resolution detection or manually set the resolution for your TV, especially handy if you would prefer the higher refresh rates available in 1440p or 1080p resolutions.

4. Change your lock settings

(Image credit: Future / Nintendo)

(Image credit: Future / Nintendo)

Depending on who else will be using your Switch, you may want to change your Lock Screen settings with the system lock menu.

Head to Settings > User, where you can select to Skip Selection Screen if you're the only one using the console regularly. Alertanitlvey, head to Settings > System > Console Lock. Here, you can set a PIN to keep prying eyes and grubby hands off your new console, but you can also opt to add parental controls using the dedicated Nintendo Switch Parental Controls app.

5. Activate Dark Mode

Sure, this one is a preference-based tip, but personally, I don’t see why you’d prefer to use the standard white theme over dark. Especially if you play mostly in handheld, it’s a great way to conserve power and give your eyes some rest.

Once again, navigate to Settings > Themes and select between Basic White and Basic Black.

You Might Also Like...

• 3 chargers I’ve tested and recommend for giving your Nintendo Switch 2’s battery life a boost
• Missed out on a Nintendo Switch 2? Here's why the original Switch console might still be worth a look instead
• Upcoming Switch 2 games to play in 2025

Find the top internet providers in the Minneapolis area for your budget, speed and neighborhood.

If you purchased the Little Remedies Honey Cough Syrup for your child, discontinue use immediately and contact the company for reimbursement.

The 988 Suicide and Crisis Prevention Lifeline included a service that provided specialized suicide prevention support by phone and text for LGBTQ+ kids. That's ending.

(Image credit: PATRICK T. FALLON/AFP/Getty Images)

• Sysdig exposed how a trusted GitHub feature can silently hand control to attackers
• pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands
• Even top-tier security projects like MITRE’s can fall to simple GitHub workflow misconfigurations

Experts have revealed several critical vulnerabilities in GitHub Actions workflows which could pose serious risks to some major open source projects.

A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the pull_request_target trigger, could let attackers seize control over active repositories or extract sensitive credentials.

The team demonstrated this by compromising projects from well-known organizations such as MITRE and Splunk.

GitHub Actions: A powerful tool with dangerous pitfalls

GitHub Actions is widely adopted in modern software development for its automation capabilities, but this convenience often hides security risks.

“Modern supply chain attacks frequently begin by abusing insecure workflows,” the report states, noting how secrets like tokens or passwords embedded in workflows can be exploited if improperly secured.

Despite available best practices and documentation, many repositories continue to use high-risk configurations, either from oversight or a lack of awareness.

At the core of the problem is the pull_request_target trigger, which runs workflows in the context of the main branch.

This setup grants elevated privileges, including access to GITHUB_TOKEN and repository secrets, to code submitted from forks.

While intended to facilitate pre-merge testing, this mechanism also allows execution of untrusted code, creating an attack surface that is easily overlooked.

The risks are not hypothetical, they are real.

In the Spotipy repository, which integrates with Spotify’s Web API, Sysdig discovered a setup where a crafted setup.py could execute code and harvest secrets.

In MITRE’s Cybersecurity Analytics Repository (CAR), attackers were able to execute arbitrary code by modifying dependencies.

Sysdig confirmed it was possible to take over the GitHub account associated with the project.

Even Splunk’s security_content repository had secrets like APPINSPECTUSERNAME and APPINSPECTPASSWORD exposed, despite the limited scope of the GITHUB_TOKEN.

Developers should reassess the use of pull_request_target, considering safer alternatives - Sysdig recommends separating workflows, using unprivileged checks first, and only allowing sensitive tasks after validation.

Limiting the capabilities of tokens and adopting real-time monitoring with tools like Falco Actions can also provide vital protection.

You might also like

• Take a look at the best malware removal options around
• We’ve rounded up a list of the best endpoint protection tools
• Check out the best antivirus for extra protection too

Get the gains you crave by eating right.

A drug called lenacapavir, administered in two injections a year, offers protection from HIV comparable to daily pills. One looming question: Will it be affordable for lower resource countries?

(Image credit: Nardus Engelbrecht)

Iran's most fortified nuclear facility, called Fordo, is buried deep inside a mountain. Only the U.S. has the 30,000-pound bombs — often referred to as "bunker busters" — capable of reaching it.

(Image credit: AP)

So far, strikes on Iran's facilities have created limited chemical and radiological hazards. Experts say that's not likely to change even if the U. S. uses a big bomb.

(Image credit: Maxar Technologies)