Feed aggregator

This fire pit makes for an excellent Christmas gift, but the deal is only valid until the end of the day.

• Researchers found a malicious package on NPM, uploaded a year ago
• It was benign at first, and introduced malware later via an update
• The malware stole hundreds of thousands of secrets and installed cryptojackers on dozes of computers

For roughly a year, hackers have been infecting red teamers, penetration testers, security researchers, as well as other hackers, with a piece of malware that steals WordPress credentials and other sensitive data, and installs cryptominers on compromised endpoints.

As a result, login credentials for some 390,000 WordPress accounts were stolen, and dozens of systems were found mining Monero.

Cybersecurity researchers Datadog Security Labs spotted the attack on the NPM package repository, and in GitHub, after researchers from Checkmarx also sounded the alarm on the same campaign recently.

The package was pretending to be an XML-RPC implementation, and was first uploaded to the repository in October 2023. Until November 2024, when it was finally discovered as malicious, it received 16 updates.

Legitimate at first

Datadog noted ho the attackers were tactical in their approach, first uploading a package that was legitimate and worked as intended. The malicious code was introduced in later versions, and designed to steal SSH keys, bash history, and other data, every 12 hours. The data it collects would get extracted either via Dropbox, or File.io.

To make matters worse, researchers and security pros that would introduce XML-RPC into their own products would just expand the reach of the malware, turning it into a full-blown supply chain attack.

Datadog said that ultimately, the team found 68 compromised systems that were actively mining the Monero currency. Monero, with the XMR ticker, is most often mined with a cryptojacker called XMRig. This is a popular currency among thieves since it’s fully anonymous and very difficult to trace.

The identity of the threat actors was not discovered, but the researchers dubbed the group MUT-1224, which is short for Mysterious Unattributed Threat.

Major code repositories remain a vital platform for cybercriminals, the researchers concluded, stressing that developers should be extra careful when using open-source software.

Via BleepingComputer

You might also like

• Hundreds of malware-laden fake npm packages posted online to try and trick developers
• Here's a list of the best antivirus tools on offer today
• These are the best endpoint protection tools right now

From beach days to board meetings, these top totes are designed to protect your valuables, and then some.

Comics, social etiquette and myth-busting stories ruled Life Kit in 2024. That includes guidance on what to do if a partner cheats — and how to tip at fast food joints.

• TechRadar is delighted to reveal an exclusive clip from The Secret Lives of Animals
• The footage shows two kangaroos sparring for control of some key territory in the Australian outback
• The Apple TV Plus nature docuseries will be released on December 18

I love a good natural history docuseries, so you can bet I'm excited to watch The Secret Lives of Animals.

The forthcoming Apple TV Plus show, which arrives this Wednesday (December 18), has the makings of being an incredibly fun, educational, and at-times heart-wrenching watch. Indeed, the first trailer for The Secret Lives of Animals suggests that'll be the case – and so does this Kangaroo-starring clip, which TechRadar can exclusively reveal below.

Taken from the Apple series' ninth episode, which is titled 'Mastering Your Talent', the first-look clip depicts a bruising encounter between two of Australia's most recognizable marsupial. Vying for control of a key piece of territory in the Australian outback, a young upstart takes the fight to a veteran 'roo, who currently holds dominion over said land. Will the young pretender overthrow his more experienced opponent, or will the wily old-timer use a trick or two to see off his hot-headed peer? You'll have to watch to find out!

According to an Apple press release, The Secret Lives of Animals "highlights 77 unique species in 24 countries over three years, revealing stunning, never-before-seen animal behaviours and highlighting the remarkable intelligence of the natural world". Hugh Bonneville, star of recent hits projects including period TV drama Downton Abbey and the beloved Paddington movie series, will narrate the 10-part series.

The Secret Lives of Animals was produced for Apple TV Plus, aka one of the world's best streaming services and the winner of TechRadar's 2024 streaming platform award, by BBC Studios' Natural History Unit. Matt Brandon, who oversaw development on the BBC's Blue Planet III docuseries, serves as showrunner on this one, too. Considering how great the BBC's numerous natural history programs are, I'm intrigued to see how The Secret Lives of Animals compares to its UK peers. If it's as good as I hope it'll be, you can expect it to join our best Apple TV Plus shows list shortly.

You might also like

• Severance season 2's stunning new trailer will make you want to praise Kier over the return of the hit Apple TV Plus show's adorable baby goats
• New Apple TV Plus movie The Gorge sees Miles Teller and Anya Taylor-Joy with literal jobs from hell in official trailer
• Apple TV Plus scores the streaming rights to All of You, a sci-fi romance from the co-creator of Shrinking – and it sounds like it could be my new favorite movie in 2025

Tens of thousands of years ago, modern humans mated with Neanderthals. But exactly how and when that happened, and who those groups of humans were, was less known. New research adds some clues.

(Image credit: Mike Kemp)

Firsty is a new player in the eSIM market. A Dutch startup launched in 2024, Firsty offers a very innovative freemium model — a basic free plan with speed-capped data, followed by paid plans with full-speed access starting at €1.98 or $2.10/day.

Despite being a newcomer, Firsty is quickly gaining popularity among budget-conscious travelers and those seeking a backup data option. The service now covers over 160+ countries worldwide, offering both a free basic plan and premium paid options

After testing Firsty across several scenarios, we're impressed with its unique ad-supported free tier, which provides usable, if slow, data for essential tasks. Paid plans offer reliable full-speed connectivity at competitive prices.

Firsty: Pricing and plans

(Image credit: Firsty)

Firsty offers two main plans: Firsty Free and Firsty Fast. Firsty Free provides a basic, ad-supported data connection at no cost, allowing users to access essential services like messaging and email at extremely slow speeds. Firsty Fast, the premium paid tier, offers 2GB of high-speed data per day starting at €1.98 or $2.10 per day.

Firsty's freemium model and global plans set it apart from most eSIM providers, which require switching plans and subscriptions whenever you move from one location to another. While not the cheapest eSIM option on the market, Firsty's always-on connectivity and singular pricing make it a good option for most travelers looking for flexibility.

• We've rounded up the best eSIMs for Europe.

Firsty: Features

Firsty is a unique eSIM provider that stands out from the competition mainly thanks to its freemium model and transparently-priced global plan. Here are some key features:

Freemium Model

One of Firsty's most distinctive features is its freemium model. With Firsty Free, users can enjoy a basic, ad-supported data connection at no cost, allowing them to stay connected for essential tasks like messaging and email. This sets Firsty apart as one of the few providers offering a truly free tier.

Seamless Global Connectivity

Firsty’s global plan provides seamless connectivity across borders. Users can automatically connect to the best available network without the need to manually switch SIMs or purchase local eSIM plans. This makes staying connected while traveling a breeze, eliminating the hassle of traditional roaming.

Affordable High-Speed Data

For users who need faster speeds, Firsty Fast offers high-speed data at competitive prices. Plans start at just €1.98 per day for 2GB of data, with transparent tracking and fair top-up options. This allows travelers to enjoy streaming, video calls, and other data-intensive tasks without breaking the bank.

Firsty: Installation and activation

(Image credit: Firsty)

Firsty makes it incredibly easy to get started with their eSIM service. The onboarding process is designed to be user-friendly and intuitive, guiding you through each step with clear instructions.

Simply download the Firsty app, select your plan, and scan the provided QR code to install the eSIM profile on your compatible device.

The app walks you through the necessary settings to activate your eSIM, such as labeling it and setting it as your preferred line for data. Firsty provides ample resources to assist new users, including detailed FAQs, step-by-step guides, and responsive customer support.

One key aspect new users should be aware of is the importance of having a strong internet connection, preferably Wi-Fi when installing and activating the eSIM. Additionally, it's crucial to turn off data switching after activation to prevent unintended usage of your home carrier's data.

• We've rounded up the best eSIMs for Thailand.

Firsty: Coverage and speed

As of 2024, Firsty currently offers eSIM services in over 160 countries, including the US, Europe, and Asia. It leverages partnerships with local telecom operators to ensure reliable connections and competitive data speeds in most regions. Firsty is available in:

• United States
• United Kingdom
• Germany
• France
• Spain
• Italy

While Firsty's coverage is not as extensive as some of its more established competitors like Airalo, the company is rapidly growing its network. Speed tests indicate that Firsty's paid "Fast" plans deliver good performance, with download speeds around 200+ Mbps and upload speeds around 25-30 Mbps, depending on the local network conditions. However, the free ad-supported tier is notably slow at around 0.05 Mbps download and 0.10+ Mbps upload, sufficient only for basic messaging and email.

Compared to other eSIM providers, Firsty stands out for its unique freemium model, offering a basic always-free plan alongside competitively priced paid options. While its coverage and top speeds may not match the most comprehensive providers, Firsty's flexibility and affordability make it an attractive choice for budget-conscious travelers.

Firsty: Support

(Image credit: Firsty)

Firsty offers multiple support channels to assist users, including email support via support@firsty.app, an online help center with FAQs, and troubleshooting guides. The app also provides in-app instructions to guide users through setup and usage.

Customer reviews suggest that Firsty's support team is responsive and helpful. One user on the App Store mentioned that the support team was "dedicated" and "available 24/7 to assist." A reviewer on Trustpilot was impressed with the service, finding it "very useful as a backup" and "very easy" to use.

However, some users on Reddit reported mixed experiences, with a few encountering issues during installation and configuration. It's important to ensure you have a strong internet connection, preferably Wi-Fi, when setting up the eSIM to avoid issues.

• We've rounded up the best eSIMs for Turkey.

Firsty: Final verdict

Firsty is different from other eSIM providers. There’s no marketplace to purchase region-specific plans depending on your travel destination, nor is there a need to activate and reactivate as you move.

Instead, there are only two plans, a free one and a paid one. While the free plan offers enough functionality to perform basic tasks, the paid plan is competitively priced and follows the same pricing model irrespective of your location.

We found Firsty to be a reliable eSIM provider with good speeds and reliable coverage, despite its offbeat approach to pricing eSIMs. While its uniform global plan may be expensive for certain areas, you may well find it to be cost-effective depending on the regions you are targeting for your international trip.

Firsty: FAQs What is Firsty?

Firsty is a mobile app that provides seamless global connectivity for travelers using eSIM technology. It offers two main products:

Firsty Free: Provides a basic speed connection for free, allowing you to email, message, and use essential apps. You get 60 minutes of free data, after which you need to watch a 30-second ad to reconnect.

Firsty Fast: The premium paid tier offers high-speed data up to 2GB per day, perfect for streaming and video calls. Prices start at around €1.98/day in Europe.

How does Firsty eSIM work?

Firsty utilizes eSIM (embedded SIM) technology to provide connectivity. An eSIM is a digital SIM built into your phone, enabling you to download Firsty and instantly connect to mobile networks without needing a physical SIM.

How much is the Firsty app?

Firsty’s app itself is completely free to download and use. There are no costs to install the eSIM profile.

On the free tier, you can use unlimited data at a restricted speed for essential tasks. After 60 minutes, you watch a short ad to reconnect for another hour.

If you upgrade to Firsty Fast for high-speed data, prices start at €1.98 per day for 2GB in Europe. You only pay for the days of high-speed access you need, with no monthly fees or subscription.

Breathe easy with our top WIRED-tested picks for room comfort and preventing illness.

• Paramount Plus has released the new trailer for the Yellowstone prequel series 1923 season 2
• It sees the Dutton family face rivals threatening to destroy their legacy
• The trailer dropped as the Yellowstone season 5 finale aired

As we potentially say goodbye to Yellowstone, we can say hello to 1923 season 2 after Paramount Plus unveiled a gripping new trailer.

The trailer for theYellowstone prequel series was released on Sunday night (December, 15) just as the Yellowstone season 5 finale aired on the Paramount Network and Peacock in the US, Paramount Plus in the UK and Stan in Australia, wrapping another season of the Dutton family's story.

But while the main series is reportedly ending (no season 6 renewal has been confirmed), Deadline has since reported that Yellowstone is getting another spin-off that will be led by fan-favorites Kelly Reilly and Cole Hauser, who will reprise their roles as Beth Dutton and Rip Wheeler.

While all sorts of deadly cowboy conflict unfolded in the fifth season of the hit Taylor Sheridan series, the Dutton elders are set to – Jacob (Harrison Ford) and Cara (Helen Mirren) – prepare for a full-blown ranch war in the 1923 season 2 trailer (see below). "This ranch will drive you to your death!" Cara warns Jacob, proving that the family will do whatever it takes to protect their legacy even decades later.

What is 1923 season 2 about?

1923 follows the next generation of Duttons after the events of the first Yellowstone prequel series 1883.

The official plot synopsis of 1923 season 2 reads: "A cruel winter brings new challenges and unfinished business to Jacob (Ford) and Cara (Mirren) back at Dutton ranch. With harsh conditions and adversaries threatening to end the Dutton legacy, Spencer (Brandon Sklenar) embarks on an arduous journey home, racing against time to save his family in Montana. Meanwhile, Alexandra (Julia Schlaepfer) sets off on her own harrowing trans-Atlantic journey to find Spencer and reclaim their love.”

The second and presumed final season of one of the best Paramount Plus shows features Timothy Dalton (Licence to Kill) as an evil land baron, with Jerome Flynn (Game of Thrones) playing his henchman. Jennifer Carpenter (Dexter) also joins the cast in a recurring role.

Sheridan has managed to transform Paramount Plus into the home of neo-Western dramas, and it's set to grow even bigger with even more Yellowstone spin-offs coming such as The Madison, which is set to air sometime in 2025, led by Michelle Pfeiffer. Meanwhile, other series that have been greenlit are Lawmen: Bass Reeves, 6666 and 1944.

1923 season 2 streams on Paramount Plus on February, 23, 2025.

You might also like

• Yellowjackets season 3 trailer teases more spine-chilling savagery when the hit Paramount Plus show returns on Valentine's Day
• Everything new on Paramount Plus in December 2024
• Does Paramount Plus have a free trial?

• RIBridges benefits system has been hit by a cyberattack
• The attacker shared images of the compromised systems with Deloitte
• PII and banking information has likely been stolen in the attack

A cyberattack which hit the RIBridges system may have compromised the data of thousands of Rhode Island citizens who have applied for, or are on, a range of health coverage, human services, or benefit programs.

Rhode Island Governor Dan McKee confirmed the breach, noting in a statement posted on the Governor’s official site in response to the “major security threat,” the RIBridges system has been taken down, with all those seeking to apply for benefits needing to do so on paper.

The attack likely occurred on December 5, according to the statement, with the system subsequently being taken down on December 13, with the confirmation statement being issued on December 14.

Benefits services hit, personal data stolen

The states’ vendor, Deloitte, informed the Rhode Island governor there was a “high probability” that the attacker had successfully exfiltrated the personally identifiable information (PII) of thousands of people belonging to a number of benefits programs, including:

• Medicaid
• Supplemental Nutrition Assistance Program (SNAP)
• Temporary Assistance for Needy Families (TANF)
• Child Care Assistance Program (CCAP)
• Health coverage purchased through HealthSource RI
• Rhode Island Works (RIW)
• Long-Term Services and Supports (LTSS)
• General Public Assistance (GPA) Program

At the time of the attack, Deloitte notified federal authorities about a potential cyberattack against the RIBridges system. On December 10, Deloitte received a screenshot of internal RIBridges files from the attacker, confirming that the breach had likely resulted in the theft of PII. Deloitte further confirmed the presence of malicious code within the RIBridges system, resulting in the shutdown of the service.

The PII may include names, addresses, dates of birth and Social Security numbers, Deloitte stated, with potential compromise of certain banking information, but nothing has been confirmed as of yet. No one has come forward to claim responsibility for the attack, and no PII from the attack has been spotted online yet.

The governor’s statement recommended that RIBridges customers remain vigilant and be on the lookout for potential fraud and suspicious banking transactions, change passwords in line with cyber hygiene standards, and those affected should contact their bank for further recommendations on account security.

A multilingual customer hotline has been set up in a collaborative effort between Deloitte and Experian, with affected citizens being contacted to provide free credit monitoring services. Subsequent updates on the attack can be found here.

You might also like

• Take a look at the best identity theft protection
• We've also rounded up the best identity theft protection for families
• Identity fraud attacks using AI are fooling biometric security systems

Get up to speed on the rapidly evolving world of AI with our roundup of the week's developments.

If you've ever wanted to see a shooting star, you'll have ample opportunities in 2025.

The music studio that made the Beatles famous hits the road in Volvo's new electric SUV. I visited Abbey Road Studios in London to check Volvo and Bowers & Wilkins' Abbey Road Studio Mode.

Here's how next-generation "agentic AI" will change your smartphone life.

Streaming, gaming or traveling? You might want a VPN. Out of dozens of VPN services, our expert testing team has spent thousands of hours evaluating these top VPNs for privacy, speed and more.

CenturyLink might be cheaper, but Xfinity boasts faster speeds and overall long-term value. Here’s the full run-down on CenturyLink and Xfinity.

ABC News agreed to a $15M settlement in a defamation lawsuit with President-elect Donald Trump. Here's a look at why. And, multiple factors have led to renewed hope for an Israel-Hamas ceasefire deal.

(Image credit: Eyad Baba)

• Nvidia RTX 5090 has been rumored to guzzle 600W in the past
• A leaker on X has suggested it might use ‘slightly’ less power
• This comes alongside assurances that RTX 5070 Ti won’t be a power hog

Nvidia’s RTX 5090 might not be quite as much of a power hog as some PC gamers fear based on the latest nugget from the GPU grapevine.

As you may recall, the rumor mill has previously insisted that the Blackwell flagship graphics card might tip the scales at a weighty 600W of power use.

According to some fresh info from regular leaker on X, Kopite7kimi, we can at least be somewhat hopeful that the RTX 5090 may not make quite so heavy a demand on your PC’s power supply.

This info popped up in a thread on X which was discussing the purported RTX 5070 Ti – a GPU that could be launched third by Nvidia, after the RTX 5090 and 5080 – and specifically that graphics card’s power requirements of 350W.

Kopite7kimi noted that while 350W is a possible configuration Nvidia is exploring, the latest the leaker has heard is that it’ll be 285W, so considerably less – which prompted an X user to question whether the RTX 5090 might’ve had its power use revised downwards (from 600W), too.

The leaker replied to indicate that yes, this “may” be the case, although it might only be a “slight decrease” in the power chugged by the next-gen flagship.

There may be a slight decrease.December 14, 2024

(Image credit: Gigabyte) Analysis: You’ll still need a mighty power supply

Clearly, take all this with plenty of seasoning, but doubtless PC enthusiasts looking at this mighty next-gen flagship will take anything that sounds like remotely good news for the power consumption of the RTX 5090.

The catch is that the leaker sounds uncertain, and if there’s some downward movement, it’s not likely to be a great deal. So, are we looking at 570W or 580W maybe? Or something more towards 550W if we’re lucky, perhaps? Obviously it’s guesswork at this point, and Nvidia may not have finalized the exact spec itself (or more likely has just done so, maybe – and the rumor mill is yet to catch up).

With the RTX 5090 about to launch, in theory, inside a few weeks at CES 2025, everything about the board is likely nailed down right about now, and we could hear some more definitive sounding leaks in the next week or so. While the flagship is expected to be a seriously powerful graphics card, aside from the power usage worries, the other main concern is pricing – and how far Nvidia might push that.

We can believe a 550W power usage a lot more readily than Nvidia sticking with the same MSRP as the RTX 4090, and not hiking it at all, put it this way.

You might also like

• Nvidia’s RTX 5090 now rumored to have superfast clock speeds – as well as being super-slim – could this GPU be too good to be true?
• The best graphics card in 2024: our picks for all budgets
• Best PC games: must-play titles you don't want to miss

Whether your travels take you deep into the wilderness or just to the part of your city that doesn't have cell service, you can stay connected by using your iPhone to text from orbit.

• RCS encryption is still months away following a major US telecomms breach
• Global mobile industry body GSMA is spearheading work on this security update
• The FBI recommends using encrypted messaging apps like WhatsApp and Telegram

The developers of the Rich Communication Services (RCS) messaging standard has warned that bringing encryption to the standard could take months, after the FBI warned users to switch to encrypted messaging services.

The GSMA, the world’s leading mobile networks industry organization and developers of RCS, is reportedly spearheading work to bring encryption to the universal standard following a major telecommunications breach in the US at the beginning of December.

A spokesperson for the organization told CNBC: “Work with key industry stakeholders is progressing well and we look forward to updating the market in the coming months.”

That’s a positive outlook, but the fact we’re looking at months rather than weeks may worry some given the scale of the breach reported in early December. As Android Authority notes, no specific timeline has been given

As we previously covered, hacking group known as Salt Typhoon was able to gain broad access to US mobile networks including those operated by Verizon and AT&T, which enabled the group to spy on user activity.

The FBI has advised all users to use end-to-end encryption when messaging, and if possible when making calls. End-to-end encryption scrambles information into code that is decipherable by a key that only the sender and receiver have access to.

Encrypted messaging apps include WhatsApp, Telegram, and Signal, all three of which support encryption across different mobile platforms. The default Messages apps found on both iPhone and Android handsets also support encryption, but generally only between phones of the same operating system.

Using default apps, iPhones and Android phones will use RCS to communicate with one another, which as mentioned does not yet support encryption.

My analysis

Growing up, I remember the iPhone-Android rivalry as a bit of fun, one of the great tech feuds of the 21st century next to Xbox versus PlayStation and Mac versus PC – now, though, it seems that rivalry has come back with a nasty payoff.

Apple and Google have substantially improved their collaboration over the years, recognizing each other as essential parts of the wider tech ecosystem by, for example, implementing Apple Music as an Android app, or using Google for various Apple Intelligence features.

That said, there are elements of the two platforms that don’t merge. In this case, Google would have you believe that Apple has at least neglected making texting between iPhone and Android phones easier, with RCS introduced to the iPhone just this year.

It’s hard to say whether the two companies would have been able to implement cross-platform encryption had there been the mutual will to do so, as the GSMA controls and develops RCS. But events like the Salt Typhoon data breach remind us that we live in a world where all devices are increasingly interconnected and inter-reliant, regardless of which logo is printed on the back.

In this sort of world, security needs to come before the exclusivity of any one phone maker’s ecosystem. It’d be great to see some public commitments to inter-platform security from Apple and Google in the near-future.

And though we may still be a way off from RCS encryption, it’s encouraging to know this essential feature is on the way.

You might also like

• New iPhone 17 Air price rumor could tempt buyers away from the Samsung Galaxy S25 Slim
• The Samsung Galaxy S25 is tipped to come with a huge Bixby AI upgrade
• We just got a hint that we might have to pay more for the iPhone 17