Feed aggregator

The scope of the devastating Los Angeles wildfires comes into focus through smoke-filled satellite imagery from NASA and other agencies.

• Ivanti uncovers two security vulnerabilities, including one critical-severity
• One of the flaws was being abused as a zero-day by a Chinese threat actor
• Researchers uncovered never-before-seen malware being deployed in the attack

Ivanti has warned customers of a critical vulnerability impacting its VPN appliances that is being actively exploited in the wild to drop malware.

In a security advisory, Ivanti said that it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283, both of which are impacting Ivanti Connect Secure VPN appliances.

The former seems to be the more dangerous of the two. It is given a severity score of 9.0 (critical), and is described as an unauthenticated stack-based buffer overflow. “Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network,” it was said.

The second vulnerability, also a stack-based buffer overflow, comes with a 7.0 severity score (high).

New malware deployed

The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools.

In partnership with security researchers at Mandiant, Ivanti determined the first vulnerability has been abused in the wild as a zero-day, most likely by multiple threat actors.

In at least one of the compromised VPNs, Mandiant found the threat actors deploying the SPAWN ecosystem of malware (including SPAWNANT installer, SPAWNMOLE tunneler, and SPAWNSNAIL SSH backdoor).

The group behind this attack was identified as UNC5221, which is apparently, a China-nexus espionage group, active since at least December 2023.

In the past, UNC5221 has been linked to the exploitation of zero-day vulnerabilities in Ivanti Connect Secure VPN appliances, targeting organizations in telecommunications, healthcare, and public sectors. The group focuses on data exfiltration and espionage.

Mendiant has also seen crooks drop previously unseen malware, now tracked as DRYHOOK and PHASEJAM. They were not able to attribute these families to any known threat actor.

“It is possible that multiple actors are responsible for the creation and deployment of these various code families (i.e. SPAWN, DRYHOOK and PHASEJAM), but as of publishing this report, we don't have enough data to accurately assess the number of threat actors targeting CVE-2025-0282,” Ivanti said in the report.

You might also like

• US Treasury declares ‘major incident’ after apparent state-sponsored Chinese hack
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now

The state’s insurance industry was reformed in late 2024 to promote coverage in disaster-prone areas. Tens of billions in fire damage will stress-test the new regime.

The Zero Breeze Mark 3 I saw at CES 2025 is basically a 22-pound heat pump that can run off of a battery.

Plus, we found the best ways to knock a few dollars off the cost of your service plan at the end of the month.

Satellite images show the extent of devastation from multiple wildfires burning in Los Angeles County after one day. The fires have killed at least five people and destroyed thousands of structures.

• The ThinkVision P32UD-40 is Lenovo's new flagship business monitor
• It has 12 ports including a Thunderbolt 4 one and Gigabit Ethernet
• Users can daisy-chain several together for improved productivity

When choosing a business monitor, buyers typically look for a display with sharpcolors and plenty of ports that can simplify everything from creative projects to data analysis and multitasking across multiple devices.

At CES 2025, Lenovo unveiled the ThinkVision P32UD-40, which ticks all of those boxes. The 31.5-inch flagship IPS display has a 3840x2160 resolution, HDR10 support, and a contrast ratio of 1500:1.

The monitor supports up to 98% DCI-P3 and 99% sRGB and BT.709 color gamuts, making it suitable for tasks requiring precise color accuracy, and the screen’s 2.0mm ultra-thin bezel design maximizes screen space for an immersive viewing experience.

A dozen ports, and much more besides

(Image credit: Lenovo)

Elsewhere, the ThinkVision P32UD-40 offers a number of features such as Picture-in-Picture (PiP) and Picture-by-Picture (PbP) modes, along with a KVM switch for managing multiple devices seamlessly. The inclusion of daisy-chaining capabilities allows users to connect multiple monitors, improving multitasking and workspace efficiency.

What stands out for me, though, is the ThinkVision P32UD-40’s impressive array of no fewer than 12 ports, including a Thunderbolt 4 connector capable of 40Gbps transfer speeds, HDMI 2.1, DisplayPort 1.4, a second DP 1.4 for daisy-chaining, USB-B, USB-C, four USB-A ports, and a Gigabit Ethernet port, offering versatility for a range of devices and peripherals.

With a refresh rate ranging from 24Hz to 120Hz, the screen balances smooth motion and energy efficiency, aided by Lenovo’s AI Power Saving Mode, which adjusts backlighting and pixel intensity based on the displayed content. The monitor is certified with ENERGY STAR, EPEAT Gold, and multiple TÜV Rheinland eye comfort standards, including low blue light and flicker-free certifications.

Sustainability is a core focus for Lenovo’s new products, and the ThinkVision P Series is no exception. The P32UD-40 is constructed using 95% post-consumer recycled plastic for its front bezel and covers, while its stand swivel incorporates 100% recycled aluminum. The panel itself uses 20% recycled glass.

The ThinkVision P32UD-40 is expected to be available in Q2 2025, with a starting price of $1,199.

You might also like

• We've rounded up the best business laptops for every budget
• And these are the best monitors for digital design you can buy right now
• Asus launched two business monitors with a unique feature

Communities across LA County have been devastated by fires. There's more than one way you can help.

Tax season is almost here. If you receive Social Security benefits, you'll need your benefit statement to find out if you need to file taxes this year.

A surge in VPN usage is the cause of slow internet speeds in Pakistan, with each megabyte of data routed via these services costing approximately $1 to the country's economy.

This shocking revelation came from a recent report published by the Pakistan Telecommunication Authority (PTA) – local publications, including the Pakistani English-speaking newspaper The Express Tribune could reveal.

While this isn't the first time authorities have condemned unauthorized VPN usage for, among other things, internet slowdowns, experts have long argued that government-imposed censorship is instead to blame for breaking the internet in Pakistan.

The ongoing Pakistan debate

According to the PTA report – as reported by The Express Tribune – the ever-growing reliance on the best VPN apps "has put additional pressure on Pakistan's internet infrastructure."

This is because, authorities explain, virtual private network (VPN) services bypass local content delivery networks (CDNs), causing inefficiencies. Additionally, hefty VPN usage is also behind significant economic losses "due to increased reliance on foreign exchange."

As per the PTA data, VPN bandwidth usage peaked at 634 Gbps in August, 597 Gbps in September, 815 Gbps in October, and 378 Gbps in November.

These numbers certainly do not come as a surprise. Pakistanis have turned en masse to VPNs since the beginning of the year as a means to bypass stringent online restrictions.

X (formerly Twitter) has been inaccessible without a VPN since February. Meta's Facebook and Instagram were also restricted in July 2024 and May 2023, respectively, according to Surfshark's Internet Tracker. Bluesky and WhatsApp were the latest social media platforms blocked in the country this year.

Proton VPN has been recording spike in VPN sign-ups from Pakistan since the beginning of the year, with the most recent increase reaching +2860% over baseline on November 26, 2024. (Image credit: Proton)

It was in this context that the PTA first shared plans to regulate the use of VPNs as a way to curb misuse back in August. Authorities would later deem unregistered VPNs a "security risk" for Pakistan as they can be used to access "sensitive data."

The PTA then set a deadline for November 30, 2024, to begin implementing the new policy, urging businesses and freelance workers to register their services to avoid any disruptions. As the registration deadline expired, however, it was revealed that Pakistan doesn't have any legal grounds to ban VPNs, according to Pakistan's Law Ministry.

On December 19, 2024, the PTA shared some new directives that require VPN companies to obtain a Class License for Data Services to operate within the country. VPN providers will also be forced to collect and share users' information usage with authorities upon request – de facto going against their strict no-log VPN policies.

While it's too early to know if such an attempt to regulate VPN usage will be successful this time, it certainly kicks off a new phase for the PTA's quest to regulate the use of these services in Pakistan.

Defending champs Los Blancos look to claim a place in Sunday's final against Barcelona in Saudi Arabia.

I played some of my favorite tunes in the Cadillac Optiq, a handsome electric SUV, to see how the listening experience is unlocked and evolved by Dolby Atmos audio.

• SonicWall is mailing IT admins, warning them about a high-severity vulnerability in its firewalls
• The bug is "susceptible to actual exploitation" it said
• A patch is available, as well as a few mitigation measures

SonicWall has recently addressed a high-severity vulnerability in its firewalls which is “susceptible to actual exploitation.” The company has since started notifying IT admins, urging them to apply the fix immediately and secure their endpoints.

Citing a few Reddit users who were contacted by SonicWall, BleepingComputer said the vulnerability is an authentication bypass in SSL VPN and SSH management, tracked as CVE-2024-53704.

It has a severity score of 8.2 (high) and impacts multiple generation six and generation seven firewalls, powered by SonicOS 6.5.4.15-117n and older and 7.0.1-5161 and older.

Three more flaws

"We have identified a high (CVE Score 8.2) firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled and that should be mitigated immediately by upgrading to the latest firmware, which will be web-posted tomorrow, Jan 7th, 2025," SonicWall apparently said in the email.

"The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities."

For those running Gen 6 or 6.5 hardware firewalls, SonicOS 6.5.5.1-6n or newer is the firmware they should update to, while Gen 6 / 6.5 NSv firewalls need to look for SonicOS 6.5.4.v-21s-RC2457 or newer. Finally, TZ80 users need at least SonicOS 8.0.0-8037.

In the same patch, the company fixed three additional flaws (CVE-2024-40762, CVE-2024-53705, and CVE-2024-53706), which allow for authentication bypassing, remote code execution, and more.

Those that are unable to install the patch immediately should at least apply the mitigations SonicWall suggested in the security advisory, which include limiting access to trusted sources, or disabling SSLVPN access from the Internet.

To minimize the potential impact of an SSH vulnerability, SonicWall suggests restricting firewall management to trusted sources as well, and disabling firewall SSH management from the internet.

Via BleepingComputer

You might also like

• Thousands of SonicWall VPN devices are facing worrying security threats
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now

This week we break down the new government committee being led by Elon Musk and Vivek Ramaswamy.

• Disney Plus will offer HDR10+ streaming of movies and TV shows
• It joins Prime Video and Apple in offering support for the HDR format
• HDR10+ is supported on Samsung TVs in place of Dolby Vision

Disney Plus will support HDR10+ streaming on movies and TV shows in the future, as reported by Media Play News. There is currently no timeframe for when this will happen.

The announcement was made at a press conference at CES 2025 by a representative of Communication Research Inc

Disney Plus joins some of the best streaming services such as Prime Video, Apple TV Plus, Hulu, Paramount Plus, and YouTube in supporting the premium HDR format. Disney Plus will continue to offer Dolby Vision HDR streaming as well.

HDR10+ is a premium HDR format that allows for a more dynamic, brighter, and more contrast-rich picture than SDR and HDR10. It is not only supported on streaming but also on 4K Blu-ray as well.

Why is this good news for Samsung TV owners? Until now, Disney Plus has only offered Dolby Vision HDR quality, and as Samsung TVs don't support Dolby Vision, instead opting to support HDR10+, viewers couldn't get the most out of their hardware. With HDR10+ support coming to Disney Plus, Samsung TVs, some of the best TVs around, will now get an upgraded picture when watching the best Disney Plus shows.

Samsung TVs aren't the only TVs to support HDR10+. Hisense, TCL, Panasonic, as well as Philips in the UK, all offer models that support HDR10+ as well as Dolby Vision. LG and Sony however do not support HDR10+, not even on more premium sets such as the LG C4 OLED or Sony Bravia 9, instead opting for Dolby Vision HDR support only.

Great news for Samsung

The Samsung S95F (pictured here at CES 2025) will have another streaming service it can present in its best HDR picture. (Image credit: Future)

It has always seemed like an odd decision by Samsung to continuously forego support of Dolby Vision in its TVs; a decision that hasn't changed with its 2025 OLED TVs or its 2025 mini-LED TVs.

Many streaming services such as Netflix and Disney Plus originally opted to only support the Dolby Vision HDR format, meaning Samsung owners would miss out on the best possible picture quality on their TVs. A TV like the Samsung S95D for example, one of the best OLED TVs of 2024, deserves the best quality on a streaming service.

But this decision by Disney means that Samsung TV fans - and crucially potential customers - can now buy with a bit more confidence knowing another streaming service has joined the seemingly growing group of streaming sites to offer HDR10+ streaming.

Whether other streaming services will offer HDR10+ support (looking at you, Netflix and Max) remains to be seen, but until then, Samsung lovers now have one more service they can watch on the best Samsung TVs in the optimum quality.

You might also like

• Everything new on Disney Plus in January 2025
• The 24 best Prime Video movies to stream in January 2025 - another major service that supports HDR10+
• New Disney Plus movies: every new film to stream in January 2025

At this point it’s unusual for a major tech industry event to pass by without a new handful of handhelds – and while the Nintendo Switch 2 might still be just a twinkle in Nintendo’s eye, the PC gaming handheld market is booming.

The latest company to hop aboard this particular gravy train is Acer, bringing its budget Nitro gaming brand to the fore with the new Nitro Blaze 8 and Nitro Blaze 11, officially showcased at CES 2025 this week. Acer is somewhat late to the handheld PC party, with Valve’s Steam Deck ostensibly kicking off proceedings back in 2022 and other manufacturers already entering their second generation, such as Lenovo with the Lenovo Legion Go S, which was also revealed at this year’s CES.

I’ve been holding out hope for an Acer entry into the handheld PC hall of fame for a while now, partly just because I like Acer’s hardware; I’ve long been a fan of the Swift laptop line, and the Predator and Nitro gaming brands have a good track record when it comes to delivering strong performance at reasonable prices. But after seeing what Acer had on show at CES, I’m not entirely convinced…

A monster handheld

Now, we already knew Acer had a handheld in the works, but that was the Nitro Blaze 8 – the Blaze 11 was a CES surprise. The Blaze 8 (which, frankly, should be called the Blaze 9 since it has an 8.8-inch display) looks like Acer’s spin on the traditional gaming handheld formula, with specs that are broadly similar to competitors like the Lenovo Legion Go and Asus ROG Ally X.

In awe at the size of this lad. An absolute unit of a handheld gaming PC. (Image credit: Acer)

But the Blaze 11? That’s got a humungous 10.95-inch 1600p display and will cost you $1,099 (around £1,000 / AU$1,740) – a steep price of admission for a product in a market where the $500 mark seems to be the ideal price point.

An 11-inch display on a handheld is, quite frankly, a bit nuts. Just look at that press shot up top: does that really look comfortable to use? How heavy is it in the hands? Going from something like a Steam Deck or the featherweight Switch Lite to this chunky boy is certainly going to require some adjustment. And despite its massive screen, the Nitro Blaze 11 only packs a 55Whr battery (possibly to keep the overall weight down a bit), compared to the 80Whr battery in the ROG Ally X.

How big is too big?

11 inches is… pretty darn big. (You in the back, stop giggling.) That’s almost the screen size of the laptop I’m writing this review on (a 13-inch HP Spectre x360), and I don’t have to physically grip that by both sides to use it.

I'll concede that the Blaze 11 could offer the best 'detached' portable gaming experience (Image credit: Acer)

I will say this in Acer’s defense: like the Nintendo Switch or Lenovo Legion Go, the Blaze 11 has removable controllers (which I will refrain from calling ‘joy-cons’) that slot into place on either side of the main unit, which itself has a kickstand to let you use it as a sort of portable gaming display. While this is a feature I’ve largely snorted at in the past – I’ve literally never used my own first-gen Switch in this configuration – I’ll admit that it makes more sense with a bigger screen. As seen in Acer’s promo images, the Blaze 11 also comes with a separate connector that can transform those two not-joy-cons (sorry) into a singular gamepad for a better experience.

Still, with so large a screen and so high a price tag, I do have to seriously question the practicality of the Blaze 11 against simply buying a traditional gaming laptop. I’ll reserve my full judgment until I’m able to properly review this odd, beefy device myself; but right now I have to say that this might be the strangest design choice I’ve seen Acer make for a long time.

You might also like...

• Best handheld games consoles in 2025: the top systems we've tried
• Handheld gaming PCs are here to stay: here's why I'd recommend the Asus ROG Ally over a gaming laptop any day of the week
• Move over Steam Deck and forget the Switch 2 - the next-generation of handheld gaming PCs is almost here

CNET gaming experts list the top 15 PlayStation 5 games you can play right now. Astro Bot, God of War and Helldivers 2 make the list.

The fires have forced mass evacuations. Firefighters are struggling to control a patchwork of deadly blazes that have killed at least five people and leveled entire communities.

(Image credit: Ethan Swope)

Gradient's advanced window unit can heat and cool 500 square feet, all without needing any fancy electrical work. I saw it at CES 2025.

A lot can change over the course of a year, especially your music taste - I know mine has. For me, 2024 was the year of fresh music discovery, and compared to January 2024, my new year moods are slightly different. I know this because Spotify’s Playlist in a Bottle is now available to unlock.

In January 2024, Playlist in a Bottle returned to one of the best music streaming services for a second year running, and if you’re a Spotify enthusiast like me then you’ll remember locking away three songs that resonated with you the most this time last year. Now the wait is over, and you can now open your music time capsule and unveil the songs that you had on your radar - but you have until January 31 to claim your Playlist in a Bottle from last year.

This is a pinnacle time of year for Spotify’s personalized features, and Playlist in a Bottle is a soft follow-up to Spotify Wrapped, which is categorically the platform's most anticipated feature. Since its inception in 2023, Playlist in a Bottle is a small but mighty feature that’s not only a fun and quirky in-app experience, but also offers a comparative insight to the shifts in the music that appealed to you at the start of last year. With that said, I’ve opened my 2024 Playlist in a Bottle twice, and it hasn’t given me the option to create one to open next year. Therefore, we can only assume that Playlist in a Bottle is no more, but we've asked Spotify to confirm if it's coming back this year and will update this story when we hear back.

As mentioned above, January 31 is the cut-off for you to open your Playlist in a Bottle capsule from 2024, and if you’re having issues with accessing it, we have you covered.

How to find and open your Spotify Playlist in a Bottle Go to Spotify on your mobile device

(Image: © Future)

You can go to spotify.com/playlistinabottle or open the Spotify app in your phone and use the search hub to look up ‘Playlist in a Bottle’.

Unlock your playlist from 2024

(Image: © Future)

Once you’ve found Playlist in a Bottle, select ‘Claim Your Playlist’ and Spotify will take you on an interactive journey to unveil the songs you locked away a year ago.

Save your 2024 Playlist in a Bottle

(Image: © Future)

After that, you can save, share, and listen to your new playlist - but only until January 31!

You might also like

• I changed this one small Spotify feature and it made my music sound dramatically better
• My top 5 tips to make more of your Spotify playlists – and trust me, I'm a playlist obsessive
• From pop girls to the growth of podcasts, here are 5 interesting things Spotify's 2024 listening report tells us