Feed aggregator

• WhatsApp has commented on its controversial new Meta AI assistant
• The messaging app says it's a "good thing" despite a mixed reception
• WhatsApp has separately rolled out a new 'Advanced Chat Privacy' tool

WhatsApp has defended the wider rollout of its Meta AI assistant inside the popular messaging app, despite some significant pushback from users.

Earlier this month, Meta rolled out the AI assistant – represented by a blue ring in the bottom-right corner of your WhatsApp chats – across several new countries in the EU, the UK, and Australia.

Because WhatsApp is very popular in those regions – more so than the likes of Apple's iMessage – there was a vocal backlash to its arrival on platforms like Reddit, particularly as it isn't possible to turn the feature off. But WhatsApp has now commented on those concerns for the first time.

In a statement to the BBC, WhatsApp said: "We think giving people these options is a good thing and we're always listening to feedback from our users". It added that it considers the feature to be similar to other permanent features in the app, like 'channels'.

Although the Meta AI circle hovers permanently in your chats section, it doesn't actually have access to your chats. Meta's Help pages state that "your personal messages with friends and family are off limits", while the Meta AI chat window states that "it can only read messages people share with it".

Still, some privacy concerns remain, so this week WhatsApp introduced a new feature called "Advanced Chat Privacy" to help soothe any remaining concerns.

A privacy peace offering

(Image credit: WhatsApp)

While it isn't possible to turn off Meta AI in WhatsApp (it's also now integrated into the app's search bar), you will soon be able to use "Advanced Chat Privacy" to prevent others from using your chats in other AI apps.

The new setting, which is "rolling out to everyone on the latest version of WhatsApp", is designed to stop people from taking anything you share in WhatsApp outside of chats and groups. When it's turned on, your friends and contacts are blocked from "exporting chats, auto-downloading media to their phone, and using messages for AI features".

We haven't yet seen the feature in action, but you'll be able to turn it on by tapping on a chat name, then tapping the new "Advanced Chat Privacy" option. WhatsApp says this is also just the first version of the feature, with more protections en route to help you avoid a personal Signalgate fiasco.

That's likely to be a more popular move than baking Meta AI in WhatsApp, although a recent poll on the TechRadar WhatsApp channel shows the latter hasn't been universally condemned.

While the biggest chunk of our poll respondents (42%) said they would "never" use the Meta AI assistant in WhatsApp, a significant number (41%) said they would "maybe, sometimes" tap the blue ring, while 17% said they planned to use Meta's ChatGPT equivalent "regularly". Perhaps, like the prison walls in The Shawshank Redemption, we'll one day grow to depend on it.

You might also like

• From novelty to nuisance: The AI revolution no one wanted is sweeping all before it
• WhatsApp has just dropped these 9 new features – including 2 that I'm not happy about
• WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images

Time Magazine's 100 most influential people of 2025. Above: She accepts an award at Rihanna's 3rd Annual Diamond Ball in 2017.'/>

A kid whose parents couldn't afford school fees is now an "icon" on Time magazine's 2025 list — recognizing her work as CEO of Camfed, a charity that gives millions of girls a chance for an education.

(Image credit: Kevin Mazur / Getty Images)

Mangione is set to appear in federal court on Friday for his arraignment in the killing of UnitedHealthcare CEO Brian Thompson. Prosecutors have filed an intent to seek the death penalty.

(Image credit: Selcuk Acar)

Microsoft is also adding more intuitive search to Windows and shortcuts for summarizing and rewriting text.

• Frederick Health Medical Group was struck with ransomware in late January 2025
• It concluded its investigation and says almost a million people lost sensitive data
• The data includes names, SSNs, health insurance information, and more

We now know how many people are affected by a recent ransomware attack on Frederick Health Medical Group - almost a million.

The healthcare provider reported the new figures to the US Department of Health and Human Services (HHS), noting how on January 27, 2025, it experienced a “ransomware event” on its IT systems.

The information taken varies from person to person, Frederick Health Medical Group added, and while in the notice it does not discuss the number of affected individuals, it did share a figure with the US HHS - 934,326 individuals.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

The subsequent investigation determined that the threat actors managed to steal certain files from a file share server.

These files included patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, health insurance information, and/or clinical information related to patient care.

So far, no threat actors have assumed responsibility for the attack, and the data has not yet surfaced on the dark web, possibly suggesting Frederick Health actually paid the ransom demand.

The organization has roughly 4,000 employees and more than 25 locations. To mitigate the risk of the attack, it also offered all affected individuals free credit monitoring and identity theft protection services through IDX.

Healthcare organizations are a prime target for ransomware operators, given the sensitivity of the data they operate with. In April 2025 alone, we've had stories of a cybersecurity CEO who tried to install malware on hospital computers, attacks on Yale Health and DaVita, and the data leak at Logezy.

Furthermore, Blue Shield of California also recently disclosed a data breach that exposed sensitive data of 4.7 million members.

Via BleepingComputer

You might also like

• United Healthcare data breach may have affected 190 million Americans
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Prepare for the noise and nuisance of the upcoming cicada invasion.

• A security oversight in Linux allows rootkits to bypass enterprise security solutions and run stealthily
• It was found in the io_uring Kernel interface
• Researchers built a PoC, now available on GitHub

Cybersecurity researchers from ARMO recently discovered a security oversight in Linux which allows rootkits to bypass enterprise security solutions and run stealthily on affected endpoints.

The oversight happens because the ‘io_uring’ Kernel interface is being ignored by security monitoring tools. Built as a faster, more efficient way for Linux systems to talk to storage devices, io_uring helps modern computers handle lots of information without getting bogged down. It was introduced back in 2019, with the release of Linux 5.1.

Apparently, most security tools look for shady syscalls and hooking white completely ignoring anything involving io_uring. Since the interface supports numerous operations through 61 ops types, it creates a dangerous blindspot that can be exploited for malicious purposes. Among other things, the supported operations include read/writes, creating and accepting network connections, modifying file permissions, and more.

According to BleepingComputer, the risk is so great that Google turned it off by default both in Android and ChromeOS, which use the Linux kernel.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

To demonstrate the flaw, ARMO built a proof-of-concept (PoC) rootkit called “Curing”. It can pull instructions from a remote server and run arbitrary commands without triggering syscall hooks. They then tested it against popular runtime security tools, and determined that most of them couldn’t detect it.

The researchers claim Falco was completely oblivious to Curing, while Tetragon couldn’t flag it under default configurations. However, the latter’s devs told the researchers they don’t consider the platform vulnerable since monitoring can be enabled to detect the rootkit.

"We reported this to the Tetragon team and their response was that from their perspective Tetragon is not "vulnerable" as they provide the flexibility to hook basically anywhere," they said. "They pointed out a good blog post they wrote about the subject."

ARMO also said they tested the tool against unnamed commercial programs and confirmed that io_uring-abusing malware was not being detected. Curing is now available for free on GitHub.

Via BleepingComputer

You might also like

• Microsoft will now pay you even more to find security bugs in Copilot
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Nebraska residents have a wide range of providers to choose from. These are the area's top options that provide fast and affordable plans.

Game Pass subscribers have two major new releases to choose from -- here's how to decide between them.

A day after the U.N. appealed for restraint following Tuesday's deadly attack in Indian-administered Kashmir, India reported an exchange of fire across the de facto border in the disputed region.

(Image credit: HABIB NAQASH)

• A new Philips Hue Smart Button is likely to launch in the coming months
• Testing documents suggest it'll have a similar design to the original button
• The button might work with the forthcoming Philips Hue AI assistant

It looks like Signify – the company behind Philips Hue – is preparing to launch a new smart button to let you control your lights with a tap from anywhere in your house.

The news comes from Fabian of Hueblog.com, who spotted a listing for a new device from Signify on the website of the Federal Communications Commission (FCC). All devices capable of sending radio signals have to be registered with the FCC before they can be sold in the US, so it's often a good source of early info on products that'll be hitting the shelves soon.

Although there are no photos, we can glean several details from the FCC filing. The product is classified as a 'digital transmission system', and supporting documents (including the location of its FCC approval label and its testing report) reveal that it will be a small, circular device using Zigbee technology, with specifications very similar to the original Hue Smart Button.

"There will be no functional differences to the previous model and the form factor will basically remain the same," concludes Fabian. "However, the second-generation Hue Smart Button will be slightly larger and more angular, and the overall design will be a little more sophisticated."

What to expect

We're big fans of the original Philips Hue Smart Button here at TechRadar. When he reviewed it back in 2023, our reviewer Alistair Charlton appreciated how easy it is to install using either its wall-mounting plate or small adhesive disc. Whichever one you choose, the button itself just snaps into place magnetically, and can be removed and used as a remote whenever you like.

The Smart Button can perform two functions of your choice – one when it's pressed once, and another when it's pressed and held. It's much simpler than the Philips Hue Tap Dial Switch, which works as a dimmer with four programmable buttons in the center, but the Smart Button is a convenient and affordable way to operate your smart lights without using voice commands or an app.

What interests me is the timing. We know that Signify will soon be introducing an AI assistant for Philips Hue lights, which will use generative AI to create custom lighting schemes. It will be interesting to see whether we can use this assistant to program the button, or tap the button to cycle through AI-generated scene options.

Hopefully it will come in black as well. The Tap Dial Switch is available in a choice of colors, and a darker option would make the tiny button an even more discreet way to operate your lights.

You might also like

• I have Philips Hue lights everywhere in my home, and this is what I want to see from its AI assistant
• Your Philips Hue Play HDMI Sync Box is getting a big software update, and it's good news for gamers
• Got Philips Hue lights? A free app update delivers these 3 improvements

• Nvidia's RTX 5060 is set to launch May 19 at $299 according to VideoCardz
• It will use 8GB of VRAM and is expected to be the lowest-tier RTX 5000 series GPU despite the RTX 5050 rumors
• Inflation could drastically affect the GPU's potential success

Nvidia is on the verge of completing its RTX 5000 desktop GPU series launch, with the RTX 5060 on the horizon after its Ti counterpart launched earlier in April - and it's good news for budget gamers... well, sort of.

According to VideoCardz, the RTX 5060 is set to launch on May 19 at $299 (around £220 / AU$470), at the same price as its predecessor, the RTX 4060. It will utilize 8GB of VRAM, but is anticipated to take a decent performance leap over the last-gen card, using GDDR7 VRAM instead of GDDR6.

Its older brother, the RTX 5060 Ti, has both 8GB and 16GB models with the latter being an easy choice for most PC-builders in terms of gaming performance: 8GB of VRAM is much less desirable for running modern games, as plenty of triple-A titles require more VRAM. While VRAM isn't always the quintessential element when it comes to performance, it becomes a bigger factor for lower-end GPUs.

This may be one reason that sways potential consumers from buying the RTX 5060, but its price could be the main reason why. The rumored $299 launch price is certainly appealing for a budget GPU, but the trend of the GPU market suggests partner cards sold by retailers will likely cost more.

Just like the 5060 Ti (and the RTX 5070 Ti), if the RTX 5060 doesn't have a Founders Edition option, then consumers will yet again be left at the hands of retailers with third-party cards - and if you've kept a close eye on GPU prices lately, that's not good at all.

(Image credit: Nvidia) If prices are inflated for partner cards, then just forget about it...

It's bad enough that GPUs like the RTX 5070 Ti or the RTX 5080 have inflated pricing across multiple retailers, but at the very least, these are powerful cards capable of 4K gaming. The RTX 5060, unsurprisingly, isn't a powerhouse GPU: it's expected to be Nvidia's lowest-tier GPU if the RTX 5050 rumors aren't legitimate (at least for the desktop PC space, anyway), so it has no business costing more than the purported $299.

However, the state of the GPU market gives us a clear answer: third-party RTX 5060 cards will more than likely cost more than $299, and I think that will instantly destroy anything good it could potentially have going for it. Gamers are already unwilling to pay more for more powerful hardware, so I'd find it hard to imagine budget gamers will accept any price inflation with this GPU.

Let's not forget that it's only got 8GB of VRAM, which I must stress again is no longer acceptable for gaming in 2025. Games are becoming more demanding, and we're continuously getting PC ports that are poorly optimized, so it's safe to say 8GB won't cut it anymore.

The only hope I do have for the RTX 5060 is that there actually is a Founders Edition model, and that there's a good level of availability (particularly since rumors hint that Nvidia is bolstering stock). If not, it's hard to see where it will succeed...

You may also like...

• Heads up Nvidia fans: multiple RTX 5000 series GPUs are available at retail price on Overclockers UK
• Disappointed about those rumors that AMD’s RX 9070 GRE graphics card won’t appear until late 2025? We’ve got some good news for you
• Nvidia GeForce RTX 5090 review: the supercar of graphics cards

• Motorola has revealed the Moto Watch Fit – a new Android fitness tracker
• It looks a lot like the Apple Watch, but with up to 16 days of battery life
• We got some hands-on time with the watch; here are our initial thoughts

Motorola has revealed its newest smartwatch, the Moto Watch Fit. Sporting a squircle design similar to the Apple Watch, the Moto Watch Fit is a slim, lightweight fitness tracker that works with all Android phones, with a large 1.9-inch AMOLED screen (topped with tough Gorilla glass).

However, unlike the Apple Watch, it can reportedly run for up to 16 days on a single charge – more than 20 times the battery life of your standard Apple Watch Series 10.

While the best Apple Watch, the Apple Watch Ultra 2, tops out at 36 hours of battery life, most Apple Watches only last for 18 hours. This is largely due to the watch running the power-hungry watchOS operating system. They also pack goodies the Watch Fit doesn't, such as a speaker and microphone for taking calls and playing alarm sounds.

We don't yet know whether the Moto Watch Fit will run Wear OS 5 like a true Android smartwatch, but from this first look, I doubt it. I imagine it will be a low-power alternative more like the best fitness trackers, which tend to last about a week. Sixteen days is more like Garmin watch territory; a very impressive achievement.

While it looks similar to an Apple Watch, there are a few other differences aside from the missing speaker and mic. For one thing, there is no digital crown, as Motorola has opted to include a tactile side button instead, like a Fitbit Versa model.

The watch does have onboard GPS for tracking workouts such as running, walking and cycling. There's 5ATM water resistance for swims, and an aluminum frame with a plastic back to save on weight (it's only 25g). Its price and release date are unknown, but based on the specs, we imagine it'll be around the price of an Apple Watch SE 2.

Hands-on thoughts

(Image credit: Philip Berne / Future)

Our US mobile editor Philip Berne got some brief hands-on time with the Moto Watch Fit. He said the following:

"The Motorola Moto Watch Fit was a surprise launch alongside the latest Motorola Razr phones, and it seems decidedly more focused on fitness tracking than smartwatch features.

"It looks and feels like a slimmer Apple Watch, with its squircle shape and square display, and the interchangeable watch bands even look suspiciously like Apple's watch band design. I was surprised that the Moto Watch Fit lacks speakers, so it won't be able to play alarm sounds.

"Still, it lays nice and flat on my arm, it feels very lightweight, and it's durable enough to keep up with any activity you'd throw at a normal smartwatch, including 5ATM of water resistance. Motorola is claiming the Moto Watch Fit will deliver 16 days of battery life, so maybe cutting all those features will have a real benefit for fitness fans."

You might also like...

• Garmin just accidentally leaked its next Forerunner, but it's not the one we were expecting
• One of the best budget Fitbit alts is getting an upgrade
• I wish I was a better runner so I could use more of the features on my Garmin watch

Makers of our food and home essentials, including Pepsi and Procter & Gamble, are cutting their financial forecasts for the year and predicting lower sales or profits than before.

(Image credit: Nam Y. Huh)

• Microsoft has upped the ante in its bug bounty program
• Payouts can now be as high as $30,000
• In some cases, the payout can even be higher

Microsoft is revealed it is now prepared to pay up to $30,000 in bounty to people who discover AI vulnerabilities in its Dynamics 365 and Power Platinum.

The company recently updated its bounty program with the new information.

"We invite individuals or organizations to identify security vulnerabilities in targeted Dynamics 365 and Power Platform applications and share them with our team. Qualified submissions are eligible for bounty rewards of $500 to $30,000 USD," the company said.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

Microsoft is willing to shell out for inference manipulation flaws, model manipulation, and inferential information disclosure. The vulnerabilities need to be either important or critical in their severity.

"To be eligible for AI Bounty Awards, such vulnerability must be Critical or Important severity as defined in the Microsoft Vulnerability Severity Classification for AI Systems and reproducible on a product or service listed in the In Scope Services and Products."

Dynamics 365 is a cloud-based suite of integrated business applications that combines CRM and ERP capabilities, while Power Platform is a low-code development suite that enables users to analyze data, build apps, automate workflows, and create chatbots using Power BI, Power Apps, Power Automate, and Power Virtual Agents.

If $30,000 doesn’t seem like a lot of money for such vulnerabilities, it’s perhaps worth mentioning that Microsoft is also willing to pay more, depending on the impact and the severity of the reported vulnerabilities, as well as the quality of the submission.

This is the second time in 2025 Microsoft has been increasing bounty rewards.

In mid-February 2025, the company announced it was ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward to $5,000.

Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors - and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.

Via BleepingComputer

You might also like

• Microsoft will now pay you even more to find security bugs in Copilot
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

You can buy a lot of cool tech with $300/£250. A pair of AirPods Pro 2, with change to spare, for example. Or two-thirds of a Nintendo Switch 2 pre-order. Or about 50 games in the next Steam sale. Or you could save it and put it towards an OLED TV.

Either way, we're sure you'd find something exciting to spend it on – and that sum could be yours if you simply tell us what you think of TechRadar.

Seriously, that's it – just click the link below, answer a few brief questions, and you'll get the chance to put your name into the pot for a chance to win a $300 / £250 Amazon voucher. The whole thing will only take a few minutes – but it could lead to many hours of tech joy.

Click here to take the TechRadar survey

The survey closes on Wednesday, April 30, and the optional prize draw is entered by submitting your email address once you've completed it. You must be a resident of the US or UK and at least 18 years old to be eligible to win (with some exceptions listed on the survey page). More terms and conditions here.

If you're not eligible for the prize draw, we still want to know what you think, and you're welcome to fill out the survey. Good luck!

The business landscape is shifting, and speed is no longer a competitive advantage but a necessity for survival. Technology is advancing faster than ever pushing businesses to adapt quickly while remaining flexible to the evolving market demands.

Transformation timelines that once spanned three to five years are a thing of the past, as market demands, and competitive pressures push businesses to deliver tangible results in under 12 months. To meet rising demands accelerating time to market, and boosting operational efficiency, organizations must rethink their transformation strategies.

Generative AI is at the heart of this shift, raising the bar with an increased rate of adoption. Companies have already incorporated AI into their processes and according to McKinsey & Co, 92 % of companies plan to increase their AI investments further, in the next three years. Businesses embracing gen AI gain a powerful solution that enhances developer productivity, helps tech teams to adapt and enables them to deliver smarter, faster solutions that drive business impact like never before.

The end of long digital transformation cycles

Despite the market demands for quicker turnaround times, many businesses have long relied on legacy systems and siloed data, making outdated technology and processes a major roadblock to scalability and progress. The issue is that too often IT teams remain accustomed to traditional methods and struggle to adapt to change. These are some of the factors that lead to prolonged digital transformation cycles and hinder innovation.

Another challenge is that, despite accelerating rates of AI adoption, 52% of projects fail to make it to production, with the average prototype to production time taking eight months, according to Gartner. The lengthy production timelines stall progress, making it difficult for businesses to adapt, innovate, and stay competitive in a fast-moving market.

Whatever the reason may be, businesses can no longer afford slow progress – they must embrace change and look for ways to innovate faster to maintain competitive edge. In the face of shrinking timelines, AI has emerged as the accelerant that businesses need - to meet the demand for both speed and efficiency.

AI: The catalyst for business transformation

In the past year, the AI hype has quickly shifted from a theoretical concept to a real-world solution which is transforming how software is built and delivered. A collaborative report from OutSystems and KPMG shows that 93% of executives are planning to boost AI investments. Generative AI unlocks unprecedented capabilities, streamlining software development through automated code generation, rapid prototyping and code translation from one programming language to another.

As businesses embrace these advancements, the role of generative AI extends beyond efficiency, and it becomes a driving force for digital transformation.

The use of generative AI in software development can help businesses accelerate digital transformation by drastically reducing the development time and costs. This shift not only redefines traditional standards but also acts as a catalyst for whole industries to adapt their systems - or risk being left behind.

Combining generative AI with low-code can significantly enhance software development efficiency. Low-code simplifies complex tasks, enabling IT teams to quickly customize, iterate and deploy generative AI solutions. This powerful pairing empowers businesses to build and deploy generative AI-driven applications in record time and with improved workflows—compressing timelines from years to months and delivering tangible business value faster than ever before.

As companies navigate this transformation, they must also consider whether to build or buy software to maximize efficiency. This need to build software faster is also shaping how businesses integrate generative AI force alongside human expertise. This collaboration not only speeds up development but also ensures that companies can stay competitive in a rapidly evolving market.

The need for guardrails

While AI adoption opens new opportunities, it also comes with its own challenges. With the drive for faster software development cycles, there is a risk of technical debt and orphaned code if not properly managed and governed. Without a well-structured governing framework and guidelines, AI-generated code can quickly accumulate technical debt, making it difficult to scale and maintain. Growing technical debt could ultimately hinder businesses’ from staying competitive.

The implementation of generative AI can also bring some serious security concerns. Many generative AI models are trained on datasets which sometimes contain sensitive information, posing potential risks of privacy breaches. Additionally, generative AI may not always account for the latest vulnerabilities leaving systems open to hackers and cyberthreats. This is why it is vital that businesses establish clear AI governance and compliance measures to ensure ethical and secure implantation. This includes safeguarding sensitive information and ensuring transparency.

The new benchmark for success

Today, digital transformation success is measured by key business outcomes such as speed to market, customer satisfaction and cost efficiency. Businesses need generative AI tools to build applications in minutes, but just as crucial are the guardrails that ensure these apps maintain quality, security or governance.

The use of AI-powered low-code platforms is allowing businesses to achieve their goals and deliver these benchmarks. Digital transformation is no longer a lengthy process – generative AI has expanded the possibilities for efficiency of innovation. In a world where speed measures success, businesses that succeed will be those who can transform at the pace of generative AI.

We've featured the best productivity tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• A critical-severity security flaw was found in Commvault Command Center
• It allows threat actors to run arbitrary code remotely and without authentication
• Vulnerability could lead to complete compromise

Cybersecurity researchers from watchTowr recently discovered a critical-severity flaw in Commvault Command Center that could allow threat actors to run arbitrary code remotely and without authentication.

Commvault Command Center is a web-based interface that provides centralized management for data protection, backup, recovery, and compliance across hybrid environments, used by thousands of companies worldwide across industries like healthcare, finance, government, and manufacturing.

The vulnerability is tracked as CVE-2025-34028, and has a severity score of 9.0/10 (critical).

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

“A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication,” the security advisory said.

“This vulnerability could lead to a complete compromise of the Command Center environment. Fortunately, other installations within the same system are not affected by this vulnerability.”

Since this flaw allows remote attackers to execute arbitrary code without authentication, a threat actor could exploit it to gain unauthorized access to, for example, a government agency's backup system.

Once inside, they could manipulate or delete sensitive data, disrupt operations, or install malware to maintain control.

This could lead to data breaches, operational downtime, and loss of public trust. Ultimately, if classified information ends up being exposed, it could turn into a national security issue.

Multiple versions are affected by the vulnerability: 11.38 Innovation Release, from versions 11.38.0 through 11.38.19. Users looking to mitigate the flaw should go for versions 11.38.20 and 11.38.25.

So far, there is no evidence of abuse in the wild, and there is no proof-of-concept (PoC) just yet. However, most threat actors aren’t looking for zero-day vulnerabilities, but are rather waiting for security researchers to find and patch a flaw.

They are betting that many users won’t patch their endpoints on time, remaining vulnerable and thus easily exploitable.

Via The Hacker News

You might also like

• Microsoft will now pay you even more to find security bugs in Copilot
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

The manufacturing move aims to address massive US tariffs against China that could spur higher prices on the company's biggest-selling product.

• A new DJI Mini 5 drone seems to be in the works
• Online leaks suggest it could have LiDAR sensors
• DJI appears to be testing the drone ahead of a summer launch

DJI isn’t one to rest on its laurels. The Mini 4 Pro might top the bill in our round-up of the best drones you can buy right now, but new images leaked online appear to show that the manufacturer is well underway with developing a successor.

The images, shared on DroneXL, appear to show the DJI Mini 5 being tested on public streets in China. Included in an article written by Jasper Ellens, a reliable drone industry source, the grainy shots feature a quadcopter resembling the Mini 4 Pro, albeit with a larger front camera lens and what appears to be a pair of LiDAR sensors above.

This backs up an earlier post from Ellens, shared on X in December 2024, which claims that the Mini 5 will feature LiDAR sensors and “stronger (vented) motors”.

Front-facing LiDAR sensors would give the new model a more effective collision avoidance system. As we saw on the Air 3S last year, LiDAR is better able to navigate obstacles and terrain at night, compared to standard vision tech. Their presence on the Mini 5 would be a first for any sub-250g drone, assuming that the rumored model stays within the same weight class as previous versions.

The pictured drone also has guards around its blades, although these could be in place as a safety measure during testing, rather than a permanent feature.

While DJI hasn’t officially announced a release date for the Mini 5, the appearance of a test unit in public suggests that the company is in the later stages of development. Some sources anticipate that the new drone will break cover in summer 2025. A reveal around August or September would fit with DJI’s established launch cycles, marking two years since the DJI Mini 4 Pro hit the market.

Other features remain the subject of much speculation. Some websites have reported that the DJI Mini 5 could feature a 1-inch sensor and a 50-minute flight time, both of which would be a significant step up from the 1/1.3-inch sensor and 34-minute flight time of the DJI Mini 4 Pro. That said, there’s little in the way of hard evidence to support these claims at present.

I have been extremely skeptical towards the release of a #DJIMINI5. I couldn't find any reason why they should update the Mini 4 without exceeding the 249 gram mark. But today I stand corrected. This summer we will see a new Mini with LiDAR and stronger (vented) motors. Cheers pic.twitter.com/v3kcSasJfODecember 10, 2024

LiDAR, LiDAR?

(Image credit: DroneXL)

The Mini 5 isn’t the only upcoming DJI drone rumored to be getting LiDAR capabilities. Recent intel also suggests that the Mavic 4 Pro will benefit from enhanced obstacle-avoidance sensors. This could indicate that DJI has managed to developed a more compact LiDAR module that can be more easily packaged into drones across its range.

While its presence on a sub-250g would be a game-changer, whether LiDAR alone will warrant an upgrade for owners of the Mini 4 Pro remains to be seen. It would certainly be another feather in a well-strung bow, but LiDAR is of limited use to users who only fly their drones in open space on clear days.

Of course, it’s not the only rumored upgrade for the DJI Mini 5. Stronger or more efficient motors could give the drone improved performance in all conditions, while enhanced flight times would take the series meaningfully forward where the Mini 4 Pro didn’t. A 1-inch sensor also points towards clearer low-light imaging.

Taken together, these enhancements would make a stronger case for investing in the new model. If it really is in testing already, we shouldn’t have too long to wait for more concrete specs. If previous DJI drone development cycles are anything to go by, leaked info about the Mini 5 won’t be in short supply.

You might also like...

• Camera rumors for 2025: new gear we're expecting soon from DJI, Sony, Canon and more
• Best DJI drone: the finest flying cameras from its impressive range
• Upcoming DJI Mavic 4 Pro premium drone could deliver new camera skills and LiDAR