Online advertisements can be an annoying interruption to our normal browsing habits. However, they are often necessary because they serve as the primary funding source for the otherwise free websites we use daily. Ever wonder how those ads end up on your screen? Well, there’s a fascinating supply chain behind the ads, and it’s interesting to pick apart.
Typically, a website that serves ads does not hand-pick the specific advertisements displayed on its platform. Instead, it chooses ad categories to block, allocates ad space, and then displays whichever ads its advertising vendor provides. Advertisement vendors are responsible for sourcing advertisers and websites to display their advertisements. But what if those advertisers aren't legitimate? What if they're threat actors or scammers looking to lure potential victims with seemingly legitimate software or help fixing your computer? This malicious use of ads is referred to as malvertizing.
Malvertizing uses many of the same tactics as social engineering, relying heavily on persuasive language and attention-grabbing images to drive a sense of urgency or fear. This encourages victims to act quickly without inspecting the legitimacy of the website linked in the ad. Malvertizing attacks are becoming increasingly sophisticated, with cybercriminals leveraging trusted platforms like Facebook and other social media networks to distribute malicious content. By exploiting the trust and reach of these platforms, attackers can reach a wider audience and potentially compromise more victims. This also makes it more challenging for users to distinguish between legitimate and malicious ads.
Adding to the complexity, threat actors employ techniques to mask their identities and evade detection. This can include social engineering tactics such as phishing, token theft, or infostealers to gain access to legitimate ad accounts. By hijacking trusted accounts, attackers can bypass security measures designed to prevent malicious organizations from buying ad space.
Three common types of malvertizing attacks that users should be aware of are:Scam Malvertizing: Attackers will display ads with language similar to “Your computer is infected, call us immediately to remediate!”. Once a victim calls, the scammers will typically convince their victim to install software to initiate a remote control session of the victim’s computer. They’ll then overwhelm the victim with misinformation, hoping to confuse them into believing that the situation is too complex to understand, and then ask them to pay money to remediate the non-existent security concern.
Fake Installer Malvertizsing: A common technique that delivers malware directly to the victim, posing a more significant threat. Attackers disguise themselves as legitimate software vendors to deliver a modified version of the software that typically includes an infostealer or initial access mechanism. These attacks aim to catch the victim while they are in a hurry to install the software. Often, we see QuickBooks used as a lure, with attackers sponsoring malicious ads designed to be displayed next to legitimate QuickBooks links. The malicious ads then lead to a cloned QuickBooks website that serves users as a compromised installer. Similarly, fake browser extensions imitate legitimate ones, tricking users into installing them. Once installed, they can capture sensitive data, including browsing history, passwords, and credit card information, putting both individuals and businesses at significant risk.
Drive-by-download Malvertizing: These malicious ads require no engagement from the viewer; simply loading them in your browser is enough to install a new web extension or download malware. This tactic heavily relies on the victim not keeping their browser up to date and utilizes previously known and patched vulnerabilities. There is a reason your browser is constantly asking you to update it; these updates keep the browser secure against newly discovered weaknesses. Keep your browser updated, and don’t make attackers’ jobs easier.
Avoiding attacksTo avoid falling prey to malvertizing attacks such as scam malvertizing, it's essential to think critically before engaging with any suspicious ads. If you receive an ad claiming you are a victim and need to call for support, stop and ask if the claim even makes sense at face value. How would this vendor be aware you had a virus on your computer? Does Microsoft really have a division of staff proactively buying ad space to inform its customers there may be a virus on their computer? While answering these questions generally requires at least some level of technical acumen, there are other tale-tale signs that an ad may be a scam. Many of these scams claim to be Microsoft technician support or their security team. Check to see where the ad is going to take you. If the domain is not www.microsoft.com, then you can almost guarantee it is going to be a scam, especially when coupled with a message claiming it is time-sensitive or extremely critical.
Preventing yourself from falling victim to malvertizing requires a careful eye, taking a moment to stop and think about the claims of an ad, ensuring you are being redirected to a legitimate site, and clicking that ‘update’ button every time it shows up in your browser. To defend against malvertizing, advertisers should implement more rigorous checks on the advertisers and their content to ensure legitimacy. Additionally, employees should be trained to identify suspicious emails, websites, and online ads, empowering them to avoid falling victim to these attacks. Threat actors are using more and more legitimate tools maliciously, advertisements included. A healthy dose of skepticism never hurt anyone, so the next time you see a suspicious ad, be cautious and ensure it’s legitimate before clicking on it.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
A Korean website is reporting that Samsung and OpenAI are collaborating together on an AI TV. The website describes it as an “open partnership” between the two companies. There's no mention of new hardware, but a software integration with ChatGPT has precedent since ChatGPT has already been integrated into Apple's operating systems as part of Apple Intelligence.
Samsung TVs currently run on the Tizen OS, and the Korean company has already introduced several AI features to them like AI Upscaling and AI Sounds, not to mention its new Vision AI, which was introduced at CES 2025. Vision AI can do things like ‘see’ what dish is on screen and find you the recipes for cooking it, then link to the Samsung food app. It can also do live translation.
Samsung vs Google TVSamsung integrating ChatGPT into its TV range might sound as if it comes out of the blue, but it makes strategic sense. The move comes as Google is about to add Gemini AI to its Google TV operating system, so that you can talk to your TV without a remote.
Announced at CES 2025, Google TV is a successor to Android TV, but has as cleaner interface, better recommendations for TV programs and also Gemini baked in, so you can activate it with the “Hey Google” voice control, and simply speak your requests, instead of having to use a TV remote.
Next generation Google TV devices aren’t expected to enter the market until towards the end of 2025, so we’d imagine a similar time frame for any OpenAI and Samsung collaboration.
Google TV points the way to the future of entertainment. (Image credit: Future) NPersonally I’d love the ability to talk to my TV, especially if it has something like ChatGPT or Gemini inside. I’d like to be able to ask it questions beyond the usual functional TV operation like asking it to record a program or find something on a streaming service. Recently it was revealed that Gemini could be available as you watch YouTube videos, so you can ask it questions about what you’re watching. Just imagine the ability to be able to ask your TV, “Who is this actor, and what else have I seen him in?” It could settle so many of the debates we have in our household about where we’ve seen so and so before. Not to mention eliminating the time it takes to currently pause the TV program, find our phones, and then look them up. Yes, software like Prime Video's X-ray exists, but it's not nearly as cool.
And that’s not even counting my biggest bug bear with my current AI-less TV experience – losing the remote. Every TV remote seems to be designed to be lost - they’re usually black, for a start, so impossibly hard to locate when the lights are low and you’re watching TV in the evening. Yes, I know there are tracking devices you can stick to your remote to help you locate them with your phone, but then you have to find your phone first!
While having ChatGPT or Gemini in your TV might sound a bit excessive to some people, I can genuinely say that I’d find it useful, and I’m looking forward to finally being able to lose my TV remote control for good.
You might also likeThe digital age has changed how financial services operate, pushing the industry to stay tech-savvy just to keep up. Yet, this tech-driven shift isn’t without its issues. Old legacy systems, tight regulations, and the demand for real-time data handling have put pressure on conventional solutions, making them feel outdated. But all-photonic networks, which connect endpoints directly with optical paths, could be the answer, helping the financial world stay fast, flexible, and sustainable.
The challenges financial services face todayTechnology is woven deeply into financial services, but that also adds complexity. One major obstacle is performance and latency issues. High-frequency trading, cross-border payments, and fraud detection all require real-time data processing, yet existing electronic networks, built on copper wires and fiber optics, struggle with delays, making it challenging to meet the accuracy needed for time-sensitive transactions. Another challenge is meeting regulatory demands. Compliance with regulations like Europe’s Digital Operational Resilience Act (DORA) is both tricky and costly. The laws in financial services demand strong data protection and operational stability, but current networks can sometimes fall short. Finally, sustainability pressures are becoming increasingly prominent. As sustainability becomes a core business goal, energy consumption from data centers and network infrastructures has emerged as a major concern, often clashing with firms’ eco-friendly ambitions.
So, what are photonic networks?Simply put, photonics is about using light - specifically photons - to transmit data. Unlike electrical signals in copper cables or even regular fiber optics, photonic networks use light to send data directly, skipping the usual electronic conversions. The result? Faster speeds, more data capacity, and far less energy consumption.
All-photonic networks send data as light without converting it back and forth between electrical signals. This setup reduces delays and improves energy efficiency, making photonics perfect for industries where fast, reliable data transfer is critical - like financial services.
How photonic networks could transform financePhotonic networks enable more predictable network pathways, ensuring consistently low latency. That’s a huge plus for financial firms that need every edge to stay competitive in their markets.
Staying compliant with rules like DORA isn’t easy; it requires institutions to be highly resilient and flexible. Photonic networks can help meet these demands by enabling real-time data oversight and faster data replication. This means better disaster recovery capabilities and more robust backup strategies.
These networks also support interconnected data centers with low-latency failover options, ensuring that operations can shift seamlessly during maintenance or outages. This flexibility makes it easier for financial institutions to meet recovery time objectives (RTO) and recovery point objectives (RPO) set by regulators.
Photonics and the path to sustainabilityData centers and networks consume vast amounts of power, which is a roadblock for companies aiming to reduce their environmental impact. Photonic networks offer a solution, using light for data transmission and avoiding the energy-hungry electronic conversion steps.
Adopting photonic systems helps firms cut down on energy costs by requiring less power for data transfer, ultimately lowering operational expenses. Additionally, by enabling more reliable data transfer, photonic networks would allow financial service institutions (FSIs) to relocate their data centers to rural areas, where sources of renewable energy are more accessible. This would help these organizations to align more closely with their ESG goals without having any negative impact on the speed of operations.
In an industry where meeting sustainability targets is linked to investor trust and public approval, this is no small thing.
Looking aheadWhile photonic technology is still finding its footing, its potential to reshape finance is clear. Embracing photonic networks can help financial firms address today’s issues while unlocking opportunities for innovation down the road. With better support for distributed computing, real-time analytics, and stronger data protection, FSIs can become more resilient, meet tough compliance standards, and hit sustainability goals - all while keeping costs under control.
The financial firms that choose to invest in photonic networks now will likely lead the pack in a rapidly changing market. With unmatched speed, reliability, and energy efficiency, photonics isn’t just a solution to today’s problems; it’s a way to future-proof operations for whatever comes next.
We've featured the best productivity tool.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
In one of his last acts as President of the United States, Joe Biden has signed an executive order aimed at strengthening US national cybersecurity.
The order lays out a series of checks and reviews on third-party software providers for both government systems and critical infrastructure in order to ensure they are adhering to established cybersecurity standards and making active efforts to eradicate existing vulnerabilities.
The executive order posits the People’s Republic of China is the main threat to vulnerable networks, likely referencing numerous attacks against US critical infrastructure in early 2024 by the Chinese state-sponsored Volt Typhoon group, and subsequent attacks against US telecommunications networks by the group.
New security standards“I am ordering additional actions to improve our Nation’s cybersecurity, focusing on defending our digital infrastructure, securing the services and capabilities most vital to the digital domain, and building our capability to address key threats,” President Biden's order said.
It also builds upon previous requirements laid out in the Executive Order on Improving the Nation’s Cybersecurity from 2021, and implements greater security checks on third-party providers to ensure “software providers that support critical Government services are following the practices to which they attest.”
Third-party providers will therefore have to provide frequent demonstrations that their software and supply chains are secure, with the contracting agency being notified of those failing to meet security requirements.
The federal government is also mandated to adopt identity management software, phishing-resistant authentication, and end-to-end encrypted communications by default across DNS protocols, email, voice and video conferencing, and instant messaging.
Biden also looks to address the future threat of cryptanalytically relevant quantum computers (CRQC) which, when viable, will be able to break many of the encryption algorithms in use today. US agencies will be required to adopt quantum-safe encryption methods authorised by the National Institute of Standards and Technology (NIST).
You might also likeThe decision resolves a long-running legal dispute between the Department of Justice and TikTok. But experts say President-elect Donald Trump will now have considerable sway over the platform's future in the U.S.
(Image credit: Jacquelyn Martin)
Leaseweb has announced the launch of a new virtual private server (VPS) hosting service aimed at improving flexibility and scalability for customers.
The infrastructure as a service (IaaS) specialist said the new VPS solution is specifically designed for businesses that require a “combination of exceptional price-performance, fast local storage, and easy deployment”.
The service will be delivered via a self-service portal, making it a click and go solution requiring “limited technical expertise” for setup and management, which the company says makes the solution ideal for firms seeking an entry-level service to the firm’s public cloud offerings.
What to expect from Leaseweb’s new VPS service“Our new VPS solution has been designed from the ground up to offer the ideal balance of performance, usability and cost,” said Mathijs Heikamp, Director Product Management at Leaseweb Global.
“By combining the latest hardware, advanced automation and an intuitive self-service portal, we're delivering a cloud infrastructure solution that can effortlessly adapt to customer requirements.”
The VPS service also provides users with built-in security and reliability features, according to Leaseweb. This includes firewalls, DDoS protection, and hosting via ISO-certified data centers.
A backup solution is also available, but as an add-on service.
The new Leaseweb VPS service includes six distinct packages for customers ranging in size and technical expertise.
The entry-level package, dubbed VPS 1, starts at $3.74 (£3.06) per month. This provides users with 4 vCPUs, 6GB of vRAM, and 100Gb of NVMe SSD storage, complete with 30TB of bandwidth and 10Gbps uplink.
Meanwhile, VPS 3 gives users double the vCPU capacity alongside 24GB of vRAM and 300GB of NVMe storage.
At the higher end of the spectrum, the VPS 6 package certainly kicks things up a notch, offering users 24 vCPUs, 120GB of vRAM, and 600GB of NVMe SSD storage capacity.
There’s quite a price jump between the mid-range and upper-tier packages, with VPS 6 setting users back $55.34 (£45.24).
All packages across the range guarantee 30TB of bandwidth and 10Gbps uplink, according to Leaseweb.
You might also likeTo come into effect, the constitutional amendment would need to be formally published or certified by the National Archivist who has declined to do so in the past. What happens now is unclear.
(Image credit: Jose Luis Magana)
The first Trump administration tried to scale back who gets food benefits, and allies aim to try again. Food pantries say they're already busier than ever.
(Image credit: Dee Dwyer)
A major fire erupted south of San Francisco at the Moss Landing Power Plant, forcing hundreds to evacuate. So far, the fire has stayed in the facility, which stores thousands of lithium batteries.
(Image credit: KSBW)
We were spoiled when it came to horror last year, and I'm hoping 2025 gets off to a strong start now we've got trailers for two exciting new movies. Whenever I reflect on TechRadar contributor Gem Seddon's best horror movies of 2024, I wonder how we're going to top that. Considering we had huge hits like The Substance and, my personal favorite, I Saw the TV Glow, I feel like it's going to take a lot to top that this year. I have already put together my most anticipated horror movies of 2025, and it looks like I'll be adding The Monkey and Until Dawn to the list.
Oz Perkins freaked everyone out with his horror-crime hit Longlegs last year, and hopefully, The Monkey will do just as well for him. Meanwhile, the PlayStation horror game sensation Until Dawn is getting the big screen treatment with a very important twist.
Here's what you need to know.
The MonkeyLonglegs was everywhere last year, and even if you weren't brave enough to watch Nicolas Cage as the titular serial killer, you've no doubt heard plenty about it. Choosing not to rest on his laurels, director Oz Perkins is back with another offering in the form of The Monkey. It's got my attention already since Saw and The Conjuring director James Wan is also involved as a producer.
The Monkey has a brilliant cast including Elijah Wood and Tatiana Maslany, with Theo James in a dual role as twin brothers who find their father's vintage toy monkey in the attic which, unfortunately for them, is cursed. We've had loads of creepy dolls like Chucky, Annabelle, and M3GAN on the big screen so I'm keen to see if this scary-looking monkey can reach similar heights. There's not long to wait either as the movie arrives on February 21.
Until DawnThis one is definitely going to divide people. Until Dawn is one of the best horror games out there, so it's natural people are going to feel apprehensive about the movie adaptation. Recently, it was confirmed that Until Dawn would follow a different story to the game and I personally think that's a smart decision. Setting the movie in the universe but surprising us with a narrative that differs from the game means it's new and exciting, although others aren't convinced!
In what is shaping up to be the most talked about horror adaptation right now, this one is heading to cinemas on April 25, so there's a little wait. But if you want some scares this spring, it might be worth giving Until Dawn a chance.
You might also likeMillions of VPN servers, home routers, and other internet hosts could be carrying multiple vulnerabilities which could allow threat actors to perform anonymous attacks and could grant them access to private networks, experts have warned.
New research from Mathy Vanhoef, a professor at the KU Leuven university in Belgium, PhD student Angelos Beitis, and Top10VPN discovered the vulnerabilities in multiple tunneling protocols: IPIP/IP6IP6, GRE/GRE6, 4in6 and 6in4, and were given these identifiers: CVE-2024-7595, CVE-2025-23018, CVE-2025-23019 and CVE-2024-7596.
VPN tunneling protocols are methods used to securely transmit data between a user's device and a VPN server by encapsulating it within an encrypted tunnel. Common protocols include PPTP, L2TP/IPsec, OpenVPN, and WireGuard, each offering varying levels of speed, security, and compatibility.
Millions of potential victimsThe vulnerable ones primarily function to encapsulate one type of IP packet (IPv4 or IPv6) within another for network routing purposes. Unlike VPN-specific protocols, these are generally used for network transport rather than encryption or secure communication.
The research argues the misconfigured systems accept tunneling packets without confirming the identity of the sender, making it, "trivial to inject traffic into the vulnerable protocols’ tunnels."
A malicious actor could send a packet encapsulated using one of the affected protocols with two IP headers, in which the outer header contains the attackers’ source IP with the vulnerable host’s IP as the destination. The inner header’s source IP is that of the vulnerable host IP, while the destination IP is of the target.
So, when the vulnerable host receives the packet, it strips the outer IP header and forwards the inner packet to its destination, paving the way for the creation of a one-way proxy, and abusing the bug to run DoS attacks, DNS spoofing, and more.
The researcher said they scanned the internet for vulnerable hosts and found 4.26 million, including various VPN servers, ISP-provided home routers, core internet routers, mobile network gateways and nodes, and CDN nodes, most of which were located in China.
“All vulnerable hosts can be hijacked to perform anonymous attacks, as the outer packet headers containing an attacker’s real IP address are stripped. These attacks are easily traceable to the compromised host, however, which can then be secured,” the researchers explained.
“Spoofing-capable hosts can have ANY IP address as the source address in the inner packet, so not only does an attacker remain anonymous, but the compromised host also becomes much harder to discover and secure,” they added.
You might also likeIsrael's security cabinet has voted to approve a ceasefire deal to end the fighting in Gaza. Full cabinet approval is expected later today.
(Image credit: Hasan N. H. Alzaanin)
The Israeli security cabinet meeting to vote on a ceasefire deal with Hamas, which was delayed yesterday, is set for today. And, frigid temperatures are expected to envelop much of the U.S. next week.
(Image credit: Ariel Schalit)