radar-rss

AWS is introducing central management for root credentials to minimize malicious use and the burden on security teams.

AWS is introducing a central management tools to AWS OrganizationsThe tool will allow security teams to manage root user accessRoot sessions are also being introduced for short-term root access

AWS Identity and Access Management is helping businesses boost multi-factor authentication (MFA) adoption and organizational security by introducing a centrally managed security feature.

The tool will help organizations and security teams manage root credentials and root sessions through AWS Organizations.

AWS hopes the tool will help reduce the risk of lateral movement and privilege escalation in the event of a cyberattack, while also making day to day security easier and scalable.

Boosting MFA and account security

AWS has taken several steps recently to enhance account security, initially introducing MFA for management account root users before launching FIDO2 passkey support which resulted in a 100% increase in MFA adoption for AWS Organizations users with more than 750,000 AWS root users enabling the phishing-resistant authentication method.

Now, security teams will also be able to remove long-term root credentials to prevent them from being abused, and will also stop them from being recovered and used maliciously.

“This will improve the security posture of our customers while simultaneously reducing their operational effort,” the blog post stated.

The centralized management tool will also allow security teams to create accounts without root credentials, making them secure-by-default and removing the need for additional security measures. The tool will also assist with compliance-related issues by allowing security teams to closely monitor and remove long-term root credentials.

As an additional preventative measure against the misuse of root credentials, AWS is also introducing ‘root sessions’ that provide short-term access for specific tasks and actions, relying on the principle of least privilege to minimize the possibility of malicious use.

Root sessions will also reduce the burden on security teams by helping them adhere to AWS best practices, and perform privileged root actions from a single central dashboard, rather than having to manually log in to each user account.

Central root account management is available through IAM console, AWS CLI or AWS SDK, with additional details for obtaining root credentials on the AWS blog.

You might also like

Take a look at the best password managersHere is our guide to the best endpoint protectionApple says Mac users are being targeted by dangerous zero-day attacks, so update now

Read More 

Alien: Earth, the first TV series set in the sci-fi horror franchise’s universe, will emerge from its ovomorph sometime between June and September.

Are you ready to be terrified by xenomorphs and face huggers galore again? You better be, because Alien: Earth – the first-ever TV series set in the sci-fi horror franchise’s universe – has secured a mid-2025 release window.

Announced in a Disney press release, the show, which is being helmed by Fargo creator Noah Hawley, will officially make its debut on Hulu (US) and Disney Plus (internationally) sometime between June and September next year. Indeed, confirmation comes by way of a brand-new teaser for the Alien franchise’s inaugural small screen project, which revealed Alien: Earth will emerge from its ovomorph in summer 2025 (that’s winter for southern hemisphere dwellers).

Unfortunately, the series’ latest teaser doesn’t contain any new footage for fans to pore over. That’ll be a grave disappointment to many people, myself included, too, especially after Alien: Earth‘s first teaser was the most underwhelming one I’d seen in a long time.

To be fair to this newest trailer – if it can be labeled as such – there are some quick-flash clips that appear around its midway point. The blurry nature of these snippets, though, mean it’s incredibly difficult to determine what’s being shown. Indeed, the only thing I could pick out was a person screaming at around the 0:24 mark. It’s a bizarre way to market what’s like to be one of the best Hulu shows and best Disney Plus shows of 2025, too, especially after a ‘new on Disney Plus in 2025’ trailer, which arrived in mid-November, actually showed some proper footage from Alien: Earth. Why not include those clips in this new teaser, then?

What is Alien: Earth about?

Sydney Chandley’s Wendy will be the latest in a long line of female heroes who’ll face off against a xenomorph or two (Image credit: FX/Hulu/Disney Plus)

But enough of my complaining. You want to know what to expect from Alien: Earth‘s plot, don’t you? Lucky for you, FX/Disney has provided new details concerning its story.

“When a mysterious space vessel crash-lands on Earth,” the plot synopsis reads, “a young woman and a ragtag group of tactical soldiers make a fateful discovery that puts them face-to-face with the planet’s greatest threat in the sci-fi horror series Alien: Earth.

“As members of the crash recovery crew search for survivors among the wreckage, they encounter mysterious predatory life forms more terrifying than they could have ever imagined. With this new threat unlocked, the search crew must fight for survival and what they choose to do with this discovery could change planet Earth as they know it.”

Alien: Romulus, the sci-fi horror franchise’s latest entry, was released in theaters in August (Image credit: 20th Century Studios)

Sydney Chandler (Sugar) leads an all-star cast as Wendy, a woman with the consciousness of a child who’ll likely be part of the aforementioned crash recovery team. She’ll be joined by numerous other recognizable faces, including Alex Lawther (Andor), Timothy Olyphant (The Mandalorian), Essie Davis (One Day), Samuel Blenkin (The Sandman), Babou Ceesay (Into the Badlands), David Rysdahl (Oppenheimer), Adrian Edmondson (3 Body Problem), Adarsh Gourav (The White Tiger), Jonathan Ajayi (Vigil), Erana James (The Wilds), Lily Newmark (Sex Education), Diem Camille (Psychosia), and Moe Bar-El (Honour).

As well as creating the show, Hawley is also on lead scriptwriting and directing duties. Ridley Scott, who created the Alien franchise, joins Hawley on the executive producing front, too.

It’s a somewhat busy time for the Alien series. A brand-new film entry, titled Alien: Romulus, was one of 2024’s many new movies and, after its solid box office performance, a sequel is believed to be in the works. Alien: Romulus is set to make its streaming debut on Hulu this Thursday (November 21), too, but there’s no word on when it’ll arrive on Disney Plus in overseas territories.

You might also like

See if you agree with our ranking of the best Alien moviesAlien: Romulus wants everyone to hear you scream over the sci-fi horror series’ frightfully bold evolutionGet the lowdown on the best Hulu movies to watch before Alien: Romulus arrives

Read More 

Dell and Iron Bow accused of artificially inflating US Army contract prices, violating the False Claims Act.

Dell and Iron Bow accused of violating the False Claims Act by overcharging the US ArmyTogether, the two firms will pay out $4.35 million in settlementsA Dell whistleblower will get 6.6% of Dell’s payout

Dell Technologies and Iron Bow Technologies have agreed to pay more than $2 million each to resolve allegations that they overcharged the US Army under a government computing contract.

The settlements, confirmed in an announcement by the US Department of Justice, address claims of “non-competitive bids” submitted by the companies to secure army contracts at overinflated charges.

Dell will pay out $2.3 million, with Virginia-based Iron Bow set to pay $2.05 million, to settle the claims.

Dell and Iron Bow settlements

According to the DOJ, Dell operated a deal registration program that gave Iron Bow preferential pricing for Dell computer hardware. This subsequently let Iron Bow offer lower bids to the Army, while Dell submitted higher bids to guide the army towards Iron Bow.

Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, stated: “The United States relies on competition to get the best value and price for the American taxpayers.”

US Attorney Prim F. Escalona for the Northern District of Alabama added: “Fraud in the government contracting process costs taxpayers untold dollars each year… We will continue to work with our federal law enforcement partners to investigate and pursue those who commit government contracting fraud.”

The settlement also aims to resolve a whistleblower lawsuit filed by Brent Lillard, an executive of another IT reseller, under the False Claims Act. A $345,000 slice of Dell’s $2.3 million payout is destined for Lillard.

This isn’t the first time that software and hardware providers have been accused of overcharging the US government and its agencies. Earlier this month, the DOJ shared two instances of fraudulent IT contracts which resulted in six individuals being charged or indicted.

German company SAP was also raided by the FBI amid a longstanding investigation into allegations that the company had overcharged the US government and military for use of its software.

You might also like

Microsoft claims Google is running “shadow campaigns” to discredit its cloud work in EuropeNeed an upgrade? These are the best workstations and mobile workstationsWe’ve listed the best cloud computing providers

Read More 

Open-source AI faces increasing security threats; learn how LLM vulnerabilities impact software supply chains.

Recently, DevOps professionals were reminded that the software supply chain is rife with risk, or as I like to say, it’s a raging dumpster fire. Sadly, this risk now includes open source artificial intelligence (AI) software. Especially after further investigations into Hugging Face (think GitHub for AI models and training data) uncovered up to one hundred potentially malicious models residing in its platform, this incident is a reality check regarding the ever-present vulnerabilities that can too easily catch unsuspecting dev teams by surprise as they work to acquire machine learning (ML) or AI models, datasets, or demo applications.

Hugging Face does not stand alone in its vulnerability. PyTorch, another open-source ML library developed by Facebook’s AI Research lab (FAIR), is widely used for deep learning applications and provides a flexible platform for building, training, and deploying neural networks. PyTorch is built on the Torch library and offers strong support for tensor computation and GPU acceleration, making it highly efficient for complex mathematical operations often required in ML tasks.

However, its recent compromise raises specific concerns about blindly trusting AI models from open-source sites for fear the content has been previously poisoned by malicious actors.

This fear, while justified, is starkly contrasted with the long-standing belief in the benefits of open-source platforms, such as fostering community through collaboration on projects and cultivating and promoting other people’s ideas. Any benefits to building secure communities around large language models (LLMs) and AI, seem to evaporate with the increased potential for malicious actors to enter the supply chain, and corrupt CI/CD pipelines or change components that were believed to have initially come from trusted sources.

Software security evolves from DevOps to LLMOps

LLMs and AI have expanded concern over supply chain security for organizations, particularly as interest in incorporating LLMs into product portfolios grows across a range of sectors. For cybersecurity leaders whose organizations are looking to adapt to the broad availability of AI applications, they must stand firm against risks introduced by suppliers not just for traditional DevSecOps, but now for ML operations (MLOps) and LLM operations (LLMOps) as well.

CISOs and security professionals should be proactive about detecting malicious datasets and responding quickly to potential supply chain attacks. To do that, you must be aware of what these threats look like.

Introduction to LLM-specific vulnerabilities

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation working to improve the security of software, through community-led open-source projects including code, documentation, and standards. It is a true global community of greater than 200,000 users from all over the world, in more than 250+ local chapters, and provides industry-leading educational and training conferences.

The work of this community has led to the creation of the OWASP Top 10 vulnerabilities for LLMs, and as one of its original authors, I know how these vulnerabilities differ from traditional application vulnerabilities, and why they are significant in the context of AI development.

LLM-specific vulnerabilities, while initially appearing isolated, can have far-reaching implications for software supply chains, as many organizations are increasingly integrating AI into their development and operational processes. For example, a Prompt Injection vulnerability allows adversaries to manipulate an LLM through cleverly crafted inputs. This type of vulnerability can lead to the corruption of outputs and potentially spread incorrect or insecure code through connected systems, affecting downstream supply chain components if not properly mitigated.

Other security threats are caused by the propensity for an LLM to hallucinate, causing models to generate inaccurate or misleading information This can lead to vulnerabilities being introduced in code that is trusted by downstream developers or partners. Malicious actors could exploit hallucinations to introduce insecure code, potentially triggering new types of supply chain attacks that propagate through trusted systems. This can also create severe reputational or legal risks if these vulnerabilities are discovered after deployment.

Further vulnerabilities involve insecure output handling and the challenges in differentiating intended versus dangerous input to an LLM. Attackers can manipulate inputs to an LLM, leading to the generation of harmful outputs that may pass unnoticed through automated systems. Without proper filtering and output validation, malicious actors could compromise entire stages of the software development lifecycle. Implementing a Zero Trust approach is crucial to filter data both from the LLM to users and from the LLM to backend systems. This approach can involve using tools like the OpenAI Moderation API to ensure safer filtering.

Finally, when it comes to training data, this information can be compromised in two ways: label poisoning which refers to inaccurately labeling data to provoke a harmful response; or training data compromise, which influences the model’s judgments by tainting a portion of its training data, and skewing decision making. While data poisoning implies that a malicious actor might actively work to contaminate your model, it’s also quite possible this could happen by mistake, especially with training datasets distilled from public internet sources.

There is the possibility that a model could “know too much” in some cases, where it regurgitates information on which it was trained or to which it had access. For example, in December of 2023, researchers from Stanford showed that a highly popular dataset (LAION-5B) used to train image generation algorithms such as Stable Diffusion contained over 3,000 images related to “child sexual abuse material.” This example sent developers in the AI image generation space scrambling to determine if their models used this training data and what impact that might have on their applications. If a development team for a particular application hadn’t carefully documented the training data they’d used, they wouldn’t know if they were exposed to risks that their models could generate immoral and illegal images.

Tools and security measures to help build boundaries

To mitigate these threats, developers can incorporate security measures into the AI development lifecycle to create more robust and secure applications. To do this, they can implement secure processes for building LLM apps, identified in five simple steps:

1) foundation model selection; 2) data preparation; 3) validation; 4) deployment; and 5) monitoring.

To enhance the security of LLMs, developers can leverage cryptographic techniques such as digital signatures. By digitally signing a model with a private key, a unique identifier is created that can be verified using a corresponding public key. This process ensures the model’s authenticity and integrity, preventing unauthorized modifications and tampering. Digital signatures are particularly valuable in supply chain environments where models are distributed or deployed through cloud services, as they provide a way to authenticate models as they move between different systems.

Watermarking is another effective technique for safeguarding LLMs. By embedding subtle, imperceptible identifiers within the model’s parameters, watermarking creates a unique fingerprint that traces the model back to its origin. Even if the model is duplicated or stolen, the watermark remains embedded, allowing for detection and identification. While digital signatures primarily focus on preventing unauthorized modifications, watermarks serve as a persistent marker of ownership, providing an additional layer of protection against unauthorized use and distribution.

Model Cards and Software Bill of Materials (SBOMs) are also tools designed to increase transparency and understanding of complex software systems, including AI models. A SBOM is essentially a detailed inventory of all software product components and focuses on listing and detailing every piece of third-party and open-source software included in a software product. SBOMs are critical for understanding the software’s composition, especially for tracking vulnerabilities, licenses, and dependencies. Note that AI-specific versions are currently in development.

A key innovation in CycloneDX 1.5 is the ML-BOM (Machine Learning BOM), a game-changer for ML applications. This feature allows for the comprehensive listing of ML models, algorithms, datasets, training pipelines, and frameworks within an SBOM, and captures essential details such as model provenance, versioning, dependencies, and performance metrics, facilitating reproducibility, governance, risk assessment, and compliance for ML systems.

For ML applications, this advancement is profound. The ML-BOM provides clear visibility into the components and processes involved in ML development and deployment, to help stakeholders grasp the composition of ML systems, identify potential risks, and consider ethical implications. In the security domain, it enables the identification and remedy of vulnerabilities in ML components and dependencies, which is essential for conducting security audits and risk assessments, contributing significantly to developing secure and trustworthy ML systems. It also supports adherence to compliance and regulatory requirements, such as GDPR and CCPA, by ensuring transparency and governance of ML systems.

Finally, use of strategies that extend DevSecOps to LLMOps are essential like model selection, scrubbing training data, securing the pipeline, automating the ML-BOM build, building an AI Red Team, and properly monitoring and logging the system with tools to help you. All of these suggestions provide the appropriate guardrails for safe LLM development while also embracing the inspiration and broad imagination for what is possible using AI, with an emphasis for maintaining a secure foundation of Zero Trust.

We’ve featured the best network monitoring tool.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Thomas Kriebernegg, General Manager, SplitMetrics Agency, shares his top tips on how to launch a super app.

Whether you work in the mobile world or not, you probably heard of the term “super app” and that these apps are very popular in certain markets, especially Asia. These all-in-one platforms integrate multiple functionalities beyond a company’s core offering. They usually have a complete, all-encompassing user experience that normally would require multiple smaller apps.

While in the West this type of app is not as popular as in other markets, there is a growing appetite with apps such as Uber and Revolut at the vanguard. It is unsurprising as the potential is massive with the super app market projected to reach a staggering $714.73 billion by 2032. Our own research at SplitMetrics has also found that in 2024 (until the end of September) super apps added 370 million new users globally, with a global lifetime user base of 4.7 billion.

That is super competitive and can be daunting for anyone launching a new app but with the right user experience and marketing, you can still make your new super app a success.

A crowded market – how do you disrupt the established?

You’ve got to start by identifying your app’s Unique Selling Proposition (USP). This differentiation doesn’t have to be a radical change; it can be an improvement in functionality, cost, or user experience.

To differentiate effectively, new super apps should:

Identify a clear USP: Highlight how your app improves upon existing solutions, whether through innovative features or better value.

Combine services creatively: Offer a unique mix of services that aren’t currently bundled together by competitors.

Invest in marketing: Launch a well-resourced and optimized marketing campaign to gain visibility and enter the conversation.

Target untapped markets: Consider focusing on regions outside of Asia where super apps are gaining popularity but competition is less intense. Building a sizable user base in these markets can provide a strong foundation before entering the more competitive Asian landscape.

Adapt to change

The app industry is among the most competitive and dynamic sectors around. Consumer preferences are in a constant state of flux and there are literally thousands of new apps launched every single day. This means that even very successful apps can’t stay still – they need to be constantly reevaluating both their offering and their marketing initiatives. What is important to remember is that the average consumer does not think about using a Super App or a specialized app as a binary choice. Most wouldn’t even recognize an app like Uber as a super app.

The critical factor is that every aspect of the app works as well as it can because if it doesn’t there are plenty of competitors that a user can switch to. The key to ensuring the best user experience is responding to change. This means knowing what new innovations can enhance your app or how it is marketed, what your competitors are doing and how market conditions and consumer demands are changing. If you stay ahead of the curve, you will be able to stay competitive.

Do your market research

Although we often talk about Asia or Western markets as a homogeneous block, the reality is that there are huge variations between each country. What may work well in France, might not appeal to an audience in Australia. Knowing the market and tailoring the app offering and how it is marketed to the demands of consumers in each country is fundamental.

App developers will naturally know their home market the best, so that’s the most obvious place to start. From there, it is about identifying the next most similar market and modifying the app and how you promote it to that audience. It may seem appealing to go after the most lucrative markets first, for example, the US. However, not only will they be the most competitive, they will also likely be the most expensive places to do business. It is better to take an incremental, pragmatic approach to growth – learning lessons on the way – and build up your audience and capabilities on this journey.

Don’t forget the app marketing basics

Once your app is launched, the journey is far from over. While organic growth is valuable, a robust paid user acquisition (UA) strategy is essential to maintain competitiveness in today’s bustling app market. A strong foundation in App Store Optimization (ASO), coupled with strategic paid UA, can drive quality conversions and optimize costs.

Remember, these two strategies are interconnected. A well-optimized app store listing can amplify the impact of your paid campaigns, leading to increased organic visibility and downloads. By analyzing performance metrics, making data-driven decisions, and staying attuned to market trends, you can ensure your app’s continued success.

Super apps offer a unique opportunity to disrupt the app landscape. By focusing on a strong USP, creative service bundles, and strategic marketing, you can carve out your niche in this booming market. But remember, it’s not just about launching an app – it’s about constant adaptation, innovation, and a deep understanding of your target market. Stay ahead of the curve, and you can build a super app that stands the test of time.

We’ve featured the best business intelligence platform.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Will launch day stock appear? Join us live to find out

The PS5 30th Anniversary Collection release date is nearly here and we’re quietly hopeful – though not expectant – of seeing some PS5 30th Slim or PS5 30th Anniversary DualSense stock appearing.

As a result, we’re starting early today by providing some information on what the 30th Anniversary Collection is, what products might be available tomorrow, providing all the best stock check links, and then keeping track of all the major retailers tomorrow when stock might go live.

It’s been tough going since the PlayStation 30th Anniversary pre-orders opened, with the PS5 Slim 30th Anniversary pre-orders being particularly popular along with folks really wanting to know where to buy the PS5 30th Anniversary DualSense since too. While we have seen a restock for both since the initial pre-orders sold out, it’s been barren ever since, and stock goes very quickly.

The 30th Anniversary Collection launched for pre-orders the same day as the PlayStation 5 Pro too – but the latter has proved easy to get, and anyone can buy a PS5 Pro right now from pretty much any retailer of their choosing.

Anyway, getting back to it: with us only less than 12 hours from release day in the UK, there’s going to be nothing stopping retailers from going live with any launch day stock they may have been saving. If we see anything at all, then I think we’re most likely to see PS5 30th Anniversary restocks and stock drops on the PS5 Slim console bundle, and the DualSense controller. However, it could also be a total no-show for restocks – we just don’t know, but we’re here to save you the work anyway, and make it as easy as possible for you to check quickly.

US 30th Anniversary Collection Quick Links

PS5 Slim 30th Anniversary Edition Bundle: Check stock at Walmart ($499)PS5 Slim 30th Anniversary Edition Bundle: Check stock at Amazon ($499.99)PS5 Slim 30th Anniversary Edition Bundle: Check stock at Best Buy ($499.99)PS5 Slim 30th Anniversary Edition Bundle: Check stock at Target ($499.99)PS5 Slim 30th Anniversary Edition Bundle: Check stock at PS Direct ($499.99)30th Anniversary DualSense: Check stock at Amazon ($79.99)30th Anniversary DualSense: Check stock at Walmart ($79.99)30th Anniversary DualSense: Check stock at Best Buy ($79.99)30th Anniversary DualSense: Check stock at Target ($79.99)30th Anniversary DualSense: Check stock at GameStop ($79.99)30th Anniversary DualSense: Check stock at PS Direct ($79.99)PS5 Pro 30th Anniversary Edition Bundle: Check stock at PS Direct ($999.99)30th Anniversary DualSense Edge: Check stock at PS Direct ($219.99)30th Anniversary PlayStation Portal: Check stock at PS Direct ($219.99)

UK 30th Anniversary Collection Quick Links

PS5 Slim 30th Anniversary Digital Edition: Check stock at Amazon (£429.99)PS5 Slim 30th Anniversary Digital Edition: Check stock at Argos (£429.99)PS5 Slim 30th Anniversary Digital Edition: Check stock at Very (£429.99)PS5 Slim 30th Anniversary Digital Edition: Check stock at EE (£439.99)PS5 Slim 30th Anniversary Digital Edition: Check stock at PS Direct (£433.99)PS5 Slim 30th Anniversary Digital Edition: Check stock at Currys30th Anniversary DualSense: Check stock at Amazon (£69.99)30th Anniversary DualSense: Check stock at Argos (£69.99)30th Anniversary DualSense: Check stock at Very (£69.99)30th Anniversary DualSense: Check stock at Currys (£69.99)30th Anniversary DualSense: Check stock at Game (£69.99)30th Anniversary DualSense: Check stock at PS Direct (£69.99)30th Anniversary PS5 Pro bundle: Check stock at PS Direct (£959.99)30th Anniversary DualSense Edge: Check stock at PS Direct (£219.99)30th Anniversary PlayStation Portal: Check stock at PS Direct (£219.99)

Complete US stock checks

Complete UK stock checks

Hello and welcome to our live build-up coverage to the PlayStation 30th Anniversary Collection release day!

We’re here to look forward to and celebrate the collection’s release date and cheer on fans who finally get their hands on the gear. But we’re also here with fingers crossed that we might see some launch day stock drops or restocks at retailers who may have kept their powder dry on some inventory, or have specific release day units to sell.

It’s by no means guaranteed but that’s not going to stop us hoping and doing constant checks for you nonetheless./. We’ve got all the best and most important links to check above, and will be keeping this post as up to date as we can with restock news and links to stock itself should any pop up.

(Image credit: Sony/PlayStation)

So what’s all the fuss about then?

Well, back in September, along with the official announcement of the PS5 Pro, Sony revealed its pretty expansive 30th Anniversary Collection. This is a collection of limited edition PS5 hardware that’s all styled in the original PS1 aesthetic and all looks excellently slick.

The grey-color stylings are perfect for igniting that nostalgia in long-term PlayStation fans and celebrating the original PlayStation made for perfect PS5 consoles and accessories.

The collections covered the PS5 Pro, PS5 Slim, DualSense, DualSense Edge, and PlayStation portal specifically, though you did get a DualSense charger in the same style with the PS5 Pro bundle – the latter only being made to the tune of 12,300 units in honor of the PS1’sd December 3 release date.

The Collection was extremely popular with plenty of hype building before pre-orders went live. When the opportunity to bag a pre-order did come for fans, it was all over in a matter of minutes, however, and many have been left disappointed since. Which is part of the reason for our live coverage starting today.

(Image credit: PlayStation/Sony)

With only 12,300 units on offer, anticipation was intense and the PS5 Pro bundle barely stuck around for a few minutes when fans got past the virtual waiting room at PlayStation Direct.

The other bits of hardware soon followed suit, and all sold out pretty quickly indeed. When other retailers could release their own pre-orders two weeks later on October 10 (but only for the PS5 Slim and DualSense controller), the action was equally intense and stock flew off the virtual shelves. We have seen some fleeting restocks at retailers like Amazon and Target in the US, and Argos and Currys in the UK, but there’s been nothing substantial or long-lasting.

Which brings us to today, 30th Anniversary Collection release date eve. I think that release date might well be a good bet for some stock drops or retailer restocks for the 30th Anniversary Collection. It’s not guaranteed by any means, and is based largely on my own hunch and experience – there was indeed PS5 stock released on launch day after all, when few people actually expected it then – but we also have a couple of retailer-specific reasons to hold out hope. Let me explain…

Read More 

Amazon has launched two new, wall-mountable Echo Show smart displays – including a huge one with a 21-inch screen.

Amazon has launched its biggest-ever smart display – the Echo Show 21It combines a 21-inch screen with new features like improved audioThe Echo Show 15 has also been upgraded with the same new features

If you like the idea of having a wall-mounted smart display for video calls, photo sharing, and family organization, Amazon has just launched two tempting new options – an upgraded Echo Show 15 and its biggest-ever smart screen, the new Echo Show 21.

The Echo Show series is already available in bewildering array of screen sizes, starting with the Echo Show 5. But these two new models are unique – not only are they Amazon’s largest options, with 15-inch and 21-inch screens respectively, they’re also designed to be wall-mountable. That makes them particularly suitable for busy kitchens with cluttered worktops.

The original Amazon Echo Show 15 launched in September 2021, but it’s been updated with several upgrades, which are also in the new Echo Show 21. The first of those directly addresses one of our main criticisms of the first Echo Show 15, which is improved audio quality. Rather than two 1.6-inch tweeters, the displays combine dual 2-inch woofers with two 0.6-inch tweeters for a bassier sound.

Combined with some new noise reduction tech and improved auto-framing skills, this should make the Echo Show 15 and 21 much better for video calls. Amazon also says that both displays now offer double the field-of-view compared to the first Echo Show 15 and “65% more zoom”, although this is presumably still just digital zoom.

The final two improvements should boost Echo Shows’ streaming and smart home powers. They now have Wi-Fi 6E, which offers better speeds and lower latency compared to Wi-Fi 6. Depending on your router, that should boost the streaming experience from YouTube, Netflix, and Prime Video.

Lastly, the Echo Show 15 and 21 have a built-in smart home hub with Matter support. The original Echo Show 15 already supports Matter, but connecting to your various smart home devices should be easier thanks to direct support for Wi-Fi, Thread, or Zigbee protocols. Both are powered by an octa-core processor with Amazon’s AZ2 neural network engine.

On the downside, the price of getting a large, wall-mountable Echo Show has gone up since the original Echo Show 15 was launched. The new Echo Show 15 costs $299 / £299 (around AU$460) – a $50 increase from the original – while the Echo Show 21 will set you back $399 / £399 (around AU$615).

We’ll update this story when we get the official Australia pricing – and we’ll also be testing both soon to let you know if they’re new contenders for our best smart displays guide.

Analysis: The battle for your wall space heats up

The new Amazon Echo Show 21’s size (above) and improved speakers should make it a good option for video calls. (Image credit: Amazon)

We’ve seen rumors grow in recent months that Apple is planning to launch a wall-mounted smart display in early 2025 – and it seems that Amazon has pre-empted that by launching its new Echo Show 21 and refreshing its Echo Show 15.

Both of these new displays are built on the same idea as Apple’s rumored Apple Intelligence-powered screen – namely, letting you easily video call family, watch YouTube, and control your smart home from one unobtrusive kitchen hub.

As our Amazon Echo Show 15 review noted, the original kitchen nerve center wasn’t perfect. Our main complaints were the disappointing speakers, average display with weak colors and brightness, lack of resizable widgets, and the fact that the tilt stand was sold separately.

Amazon certainly seems to have addressed the criticisms of audio quality in these new Echo Shows. But while they do both come with an Alexa Voice Remote, you still need to buy the pricey stand separately (for $99 / £99).

The other big unknown is the future state of voice assistants on these devices. The upgraded Alexa AI seems to be perpetually delayed, Apple won’t be meaningfully upgrading Siri until iOS 18.4 in 2025, and Google is being characteristically non-committal with its smart home plans, despite our pleas for it to upgrade its aging Nest Hub.

Still, Amazon certainly has the most experience in making big, wall-mountable smart home displays – and on paper, the Echo Show 15 and 21 look like its best efforts yet.

You might also like

Everything you need to know to set up your smart homeAmazon Echo Hub review: Alexa finally puts smart home firstDevices that Matter: these products work with the new smart home connectivity standard

Read More 

Users are getting a powerful new way to streamline the website creation process, Wix claims.

Wix Studio adds AI visual sitemap and wireframe generatorThe results can be tweaked and customized in many waysAny changes are synced in real-time, from both ends

Wix Studio has gotten richer for yet another AI-powered feature – a visual sitemap and wireframe generator.

In a press release shared with TechRadar Pro earlier this week, Wix, one of the best website builders on the market, said the new offering “allows agencies and enterprises to accelerate site planning” with the new tool.

A visual sitemap is a graphical representation of a website’s structure, showing the relationships and hierarchy of its pages and content. It provides an organized overview of how the site is laid out, helping to plan navigation, user flow, and content distribution. To create such a sitemap with Wix Studio, agencies, and web professionals can now simply input project details such as business type, site description, goals, target audience, and tone of voice.

After that, the AI takes over, generating a tailored sitemap with pages and sections. Users can then refine and customize the design, add or remove sections and pages, or shuffle things around. The final step is to export the solution for easy sharing with clients, partners, and search engines.

This is a new feature that helps further position Wix Studio as one of the best website builders for agencies.

Adding AI to website builders

Users can also opt for a sitemap with wireframes – simplified, low-fidelity visual guides that represent the layout and structure of a website or app.

“With the visual sitemap and wireframe generator, we’re offering users a powerful new way to streamline the website creation process,” said Gali Erez, Head of Wix Studio. “By automating the initial site planning and structuring, users can now focus more on the creative aspects of their work, delivering fully-customized, client-ready websites faster than ever before.”

Wix also said that any changes can be synchronized in real time. If a user makes a change to the visual sitemap, it instantly gets reflected on the site, and vice-versa.

The new offering will come pre-installed with Wix’s business solutions, the company added, stressing that it will be available on Wix Studio to users “on a rolling basis.”

Over the last couple of months, most website builders have implemented generative artificial intelligence (GenAI) solutions in one form or another. Bluehost, Crazy Domains, GoDaddy, Wix, and many others, have recently introduced chat-based website building capabilities, helping agencies and web professionals create sites faster and more seamlessly, thus freeing up valuable time to focus on more pressing matters.

More from TechRadar Pro

Bluehost adds AI to its WordPress website builderCheck out our roundup of the best AI website builders on the marketGet a great deal on your Wix subscription with our Wix coupon codes

Read More 

Two zero-day vulnerabilities have been found and patched by Apple, with both potentially exploited in the wild.

Apple has issued a patch to a number of its operating systemsThe patch addresses two critical vulnerabilities in JavaScriptCore and WebKitUsers should install the patches immediately

Apple has issued a patch for macOS following the exposure of two critical zero-day vulnerabilities found in the software.

The macOS Sequoia 15.1.1 update looks to mitigate a vulnerability in JavaScriptCore that would allow attackers to create malicious web content that could result in arbitrary code execution.

A second vulnerability found in WebKit would allow attackers to also use malicious web content for cross site scripting attacks, with Apple stating for both vulnerabilities, it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”

Patch now, warns Apple

While the vulnerability may have only been potentially exploited on Intel-based Mac systems, Apple has also issued patches across its range of operating systems, including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The JavaScriptCore and WebKit vulnerabilies could allow attackers to compromise vulnerable devices and steal data or install malware.

The vulnerabilities are tracked as CVE-2024-44308 and CVE-2024-44309, and have not yet received a severity score from NVD. However, due to the nature of the vulnerabilities and the fact that they were previously unknown to Apple, they are likely to be deemed critical and users should apply patches immediately.

The vulnerabilities were discovered by Google’s Threat Analysis Group which typically deals with state-sponsored threats, suggesting that a government or state-sponsored actor was responsible for the exploitation of the vulnerabilities.

Mac users can apply the patch by searching for updates in the usual manner by using the Apple menu to navigate to System Settings > General > and then clicking Software Update. iPhone users can apply the patch by navigating to Settings > General > and then clicking Software Update. Be aware that older devices that use older operating systems may not have a patch available.

Via TechCrunch

You might also like

Here is our guide to the best Mac antivirusTake a look at some of the best Black Friday antivirus dealsUpdate now — Fortinet Windows VPN hacked to steal user data

Read More 

Nike has just unveiled the new Vomero 18 running shoe as it seeks to overhaul its road running lineup.

Nike, maker of some of the best running shoes out there, has today unveiled its new transformed lineup of road running shoes for 2025, and the new Vomero 18 is leading the charge.

The Vomero 18 is Nike’s new maximum-cushioning shoe for the most comfortable ride possible, expanding the benefits of Nike’s current cushioning king, the Invincible 3. That’s Nike’s version of shoes like the ASICS Gel Nimbus 25. The new Vomero offers more cushion than ever before and the tallest stack height in its history, using a combo of Nike’s ZoomX and ReactX foams double stacked for maximum comfort.

The stack height stands at 46mm, 6mm tallest than the Vomero 17. Most notably, Nike has extensively tested the shoe with women runners. The sole is made from durable rubber for traction, and the upward curve delivers increased rocker geometry for a smoother heel-to-toe transition.

(Image credit: Nike)

Nike’s new 2025 running lineup

As mentioned, the Vomero now sits in Nike’s new, simplified road running lineup for 2025. The Vomero is the maximum cushioning option, and sits alongside the Pegagus, Nike’s responsive ride option. The final offering is the Structure, offering supportive cushioning and stability for runners who overpronate.

Each of these three lines will feature an “Icon” shoe (like the Pegasus 41 or the Vomero 18), alongside Plus and Premium silhouettes. Nike’s Pegasus 41 and Pegasus Plus are already available at Nike.com, while the Pegasus Premium is launching in January 2025.

The Vomero 18 drops globally on February 27, with Plus and Premium models coming later in 2025. Next year will also deliver new Structure silhouettes.

Today’s announcement also includes new running essentials, Nike Swift for women and Nike Stride for men.

(Image credit: Nike)

Read More