Feed aggregator

Web.com was founded in 1999 and worked its way to become one of the leading web hosting technology companies, as well as one of the largest providers of online marketing services in the USA. It was a part of the Web.com Group which also owned a whole portfolio of brands including Network Solutions and Register.com. Their main aim was (or so they claim) to “help customers of all sizes build an online presence that delivers results”.

In 2021 web.com merged with Endurance Web Presence resulting in a new company Newfold Digital. Then, in 2025 web.com was absorbed by Network Solutions.

Plans and pricing

Web.com services aim to cover all the bases when it comes to hosting, website design and the problem of security. Besides shared hosting, they provide domain registration (and transfer) services, their own website builder and WordPress-optimized hosting (managed and unmanaged).

At first, the pricing seems cheap and cheerful, but if you decide to dig a bit deeper you’ll reveal that the displayed price is valid for the first month only. From the second month onward, the price will be more than doubled and if you haven’t read everything through and through, you might feel like you’ve been played for a fool. For instance, the cheapest hosting package (labeled as “Essential Hosting”) is priced at $5.95 per month, yet this goes for the first month only and the second one is going to cost you $14.95, which is a broad daylight robbery in comparison. Well, at least you should get a “free” domain name registration with every package in addition to their beginner-friendly website builder.

As for supported payment methods, they accept all major credit/debit cards and PayPal. If you are wondering about their refund policy, they are rather rigorous about not providing any, although you can cancel their services at any time.

Yes

No

Small business hosting

Colocation hosting

Managed hosting

Free hosting

Linux hosting

s://www.techradar.com/web-hosting/best-green-web-hosting">Green hosting

Shared hosting

Video hosting

WordPress hosting

Cloud hosting

E-commerce hosting

Email hosting

Managed WordPress Hosting

VPS hosting

Website builder

Bare metal hosting

Windows hosting

Dedicated hosting

Reseller hosting

Web.com gives you access to a website builder and even an online store (Image credit: Web.com)Ease of use

To kick off your website, you’ll first have to decide which is the right hosting solution for you and whether you want to build your website by yourself (there are several ways to do so) or you would rather put it in the hands of experts (by opting for the “Build It For Me” option). If the latter is the one you want, you should schedule a call with Web.com’s team to get a consultation on the matter (at no cost).

Anyhow (sooner or later), you’ll have to pick out a plan and, since they are well presented, this should be as easy as anything. If you are new to all this, the FAQ section below might be of some help. After adding this plan to the cart, you’ll be asked (as expected) to register a new domain (all of them are free for a year, except for “.co”) or use the one you possess. However, keep in mind that after the renewal period your domain can cost you up to $38 per year, which is a handsome sum of money. There, you can apply a promotional code (if you are lucky to have one), enter your name,e-mail address and password and proceed to create your Web.com’s account.

With all shared hosting packages, Web.com provides its users with an access to cPanel, which is great news. Thanks to its intuitive and beginner friendly interface and one-click installer (for about 25 open-source applications), your website will be on fire in a heartbeat. If you haven’t had much experience with coding and yet you want to develop your website by yourself, Web.com offers a newbie-friendly drag-and-drop website builder which should do the trick.

We used GTmetrix to measure the uptime and response time of our Web.com site (Image credit: GTmetrix)Speed and experience

Although Web.com is quite keen on presenting itself in the best possible light, it (curiously) doesn’t emphasize blazing speed performance as one of its greatest assets. Nevertheless, after putting Web.com’s main website to the test, we learned that they have nothing to worry about concerning this. After taking into account all of the vital web metrics, GTmetrix (our speed testing tool) rated speed performance of Web.com’s website with a B (95%), which is a pretty good result.

Web.com promises an industry-standard uptime of 99.9%. However, after consistent monitoring of Web.com’s main website for a month we got a less favorable outcome resulting in 99.83%. There were four instances of downtime and together they lasted for 67 minutes, the longest one persisting for 28 minutes straight. Although this is not the most dreadful performance we’ve seen, it’s needless to say that we were hoping for better results.

Web.com has an extensive Online Help Center that offers similar functionality to a knowledgebase (Image credit: Web.com)Support

If you find yourself in need of help, proceed to Web.com‘s “Online Help Center'', which has familiar functionality of a knowledgebase. There, the articles are sorted out into eight fitting categories and each of them is rated by a system involving stars, from one to five. Most of these are beginner-oriented and offer solutions to various potential problems described in great detail, more often with pictures than without. Using the search box should get you a good deal of hits, although a number of them might be rather loosely connected to the actual problem.

As an addition, there is a FAQ section on Web.com‘s site for each product type presented and it provides some helpful insight for all the newcomers.

As a more human-centered alternative, you can reach out to Web.com's technical team via telephone, ticket and live chat, all of which should be available day-and-night. Other than that, you can get in touch with them via text messages on Facebook and Twitter, which is a nice touch for all the users out there.

The competition

As children of the same parent company, Network Solutions and Web.com are somewhat similar. Both try to be accessible to new users and offer some affordable hosting solutions without the need for compromising the quality. That being said, Web.com gives its users an access to cPanel (probably the user-friendliest solution of its kind out there), while Network Solutions doesn’t, so the choice might be up to that.

Both Bluehost and Web.com have packages aimed at new users in particular, and pretty good ones to boot.  Nevertheless, if you’re looking to save some bucks, Bluehost is a better choice, since its entry-level plan goes for $2.95 per month, while it is $5.95 with Web.com. However, if you fail to read about the renewal rates after the promotional period, both hosts might make you jump out of your skin.

While both HostGator and Web.com are more than able to cover everything needed to launch a small business, HostGator can do the same for medium-sized businesses as well. In addition to shared hosting, it provides several options for reseller, VPS and dedicated servers, which is a must-have for a growing business.

WestHost is a fellow US-based web hosting provider with more than two decades of experience in the industry. The smallest plans with both of them are beyond budget-friendly at start (especially WestHost’s entry-level plan which is going for $0.99 at the moment), but they will raise the price after the promotional period to its fullest capacity. Even so, Web.com’s starter plan (which comes as no surprise) puts less restriction on its features and throws in a free domain registration to even the odds.  

Final verdict

At the end of the day, Web.com is pleasantly honest in not trying to be something more than it actually is. Their hosting solutions are primarily aimed at newcomers, which they try to supply with everything it takes so they can quickly kickstart their website across the virtual web highway. Hence, if you consider yourself one of them, Web.com’s hosting packages might provide you with a good value for money.

However, if you have bigger plans for your website (or are determined to save some money for the rainy days), your dream website might find a forever home with more celebrated companies like Hostgator, Bluehost or GoDaddy.

• We've also highlighted the best web hosting

It's another bundle, and this one comes with the new ESPN service.

• Clair Obscur: Expedition 33 director Guillaume Broche confirmed that the game is the first in a new franchise
• Broche said, "This is not the end of the Clair Obscur franchise"
• He also teased new Expedition 33 DLC, saying, "We may be cooking"

Sandfall Interactive has confirmed that Clair Obscur: Expedition 33 is the first game in a new franchise.

Speaking with YouTube channel MrMattyPlays (via TheGamer), game director Guillaume Broche revealed that Expedition 33 is "not the end" of the series.

"Clair Obscur is the franchise name," Broche said. "Expedition 33 is one of the stories that we want to tell in this franchise. Exactly what it will look like and what the concept will be is still too soon to announce, but what is sure is that this is not the end of the Clair Obscur franchise."

Broche couldn't reveal any more details, but did hint later on in the interview that he tends to forget his previous work when he "writes sequels," suggesting the studio's next game won't be a direct sequel.

Elsewhere in the discussion, Broche was asked about the possibility of Clair Obscur receiving any post-launch downloadable content (DLC). While the game director didn't outright say "Yes", he did tease Sandfall's plans, saying "There may be," and it's "a bit too early to say."

"We may be cooking," he added (thanks, PC Gamer).

Sandfall has previously stated that it was "exploring a wide range of future improvements" including accessibility features, "new content", and "all sorts of bits and bobs".

Just last month, the studio released an update that added a Battle Retry feature.

You might also like...

• New Resident Evil Requiem gameplay teaser solidifies it as my most anticipated game of 2026 so far
• Final Fantasy 14 director has a pretty simple explanation for why the Monster Hunter Wilds collab will feature Omega – 'In the Monster Hunter team, there are many Warriors of Light'
• Here are the three biggest things we learned from the Hollow Knight: Silksong release date trailer

The Honor Magic V5 is incredibly slim but it's got more to like than just its size. Shame you can't buy it in the US.

In an age where cybersecurity threats dominate headlines and sustainability tops boardroom agendas, enterprise IT disposal practices are under renewed scrutiny. For years, physically destroying end-of-life hardware - shredding hard drives, crushing servers - was the default method to guarantee data couldn’t be recovered. It felt final. Reassuring. Safe.

But that instinct is now being questioned. According to new research, there’s a growing disconnect between how organizations dispose of data-bearing assets and the financial, environmental, and compliance pressures they now face. Many still default to destruction, even as that approach becomes harder to justify—financially, ethically, and environmentally.

The cost of destruction

The financial argument against destruction is becoming harder to ignore. While physical destruction feels secure, it comes with a hidden bill. There are the direct costs of certified physical destruction services. Then there are indirect losses - reusable or resalable hardware is destroyed, prompting early replacements.

Just 22.3 % of the 62 million tons of e‑waste generated in 2022 was formally collected and recycled - a figure projected to fall to 20 % by 2030 as disposal volumes continue to outpace recycling efforts.

Latest industry research shows that 67% of organizations still rely on physical destruction for SSDs and HDDs, despite the financial and environmental drawbacks.

If a large enterprise refreshes its servers every three years, destroying even a portion instead of reselling or redeploying them can waste millions over a typical lifecycle. At a time when budgets are under constant pressure, that scale of waste is increasingly hard to defend.

As Techbuyer COO Mick Payne told the FT, he once offered a six-figure sum to buy and wipe thousands of used drives at a London data center - only to watch them get shredded instead. “It was a complete waste.”

And the financial toll is just one part of the problem - the environmental cost of destruction is just as severe.

The environmental toll

Beyond the financial impact, physical destruction takes an enormous toll on the environment. In 2024, UK households purchased over 1.14 billion small electronic devices - often referred to as "fast tech", with approximately half (589 million) discarded within the same year. And business waste is also significant.

Research shows UK businesses discarded up to 200,000 tons of electrical equipment, including laptops and servers, in just one year, with only about 108,000 tons entering proper recycling streams through authorized treatment facilities.

Destroying equipment removes the chance to recirculate valuable materials; from copper and aluminum to rare earth metals - triggering further mining, processing, and manufacturing fresh parts, dramatically expanding the carbon footprint of every new device.

As more businesses face scrutiny over their carbon reduction claims, sending reusable equipment straight to the shredder increasingly looks incompatible with their public commitments.

A proven alternative

For many IT leaders, the sticking point is data security. If a hard drive is destroyed, there is zero risk of data recovery - simple. But certified data erasure, or sanitization, now provides equivalent security while preserving the hardware for reuse.

Certified software-based erasure methods comply with international standards such as NIST 800-88, and meet the UK GDPR’s data protection requirements for safe disposal of personal information (ICO). These techniques ensure data is permanently overwritten and unrecoverable, even with advanced forensic methods.

The Information Commissioner’s Office specifically highlights secure overwriting as an approved, robust form of data destruction that includes a full audit trail, critical for regulated sectors like finance and healthcare.

Rather than destroying valuable drives, enterprises retain certified, clean assets that can be redeployed internally or sold on the secondary market, extracting further ROI.

Why the change is accelerating

Three powerful forces are accelerating this rethink. Globally, businesses are under mounting stakeholder pressure to prove their environmental credentials. The UK government’s sustainability strategies, including its commitment to a more circular economy, explicitly encourage reuse and refurbishment over destruction.

Second, the economic picture is shifting. According to Gartner, worldwide IT spending is projected to reach $5.61 trillion in 2025, an increase of 9.8% compared to 2024. This surge reflects a growing investment in digital transformation and advanced technologies - but it also means CIOs will be under pressure to maximize ROI.

Reselling or redeploying equipment can help extend budgets further, while destruction locks in a sunk cost, wasting the opportunity to capture residual hardware value and reinvest in innovation.

Third, the maturity of secure erasure technology has eliminated previous technical barriers. Until recently, many organizations avoided software-based erasure due to concerns around reliability and compliance. Today, however, certified erasure tools are globally trusted - backed by regulators, embedded in industry standards, and proven to deliver the same level of data security as physical destruction.

Time to break the habit

There will always be rare cases where physical destruction is necessary - such as devices exposed to state-level espionage. But for most enterprise assets, secure sanitization offers the same peace of mind without the destruction.

By moving away from blanket destruction, businesses can reduce emissions, cut unnecessary costs, and demonstrate a more responsible, circular approach. They’ll also be better prepared for tighter regulation and rising ESG expectations.

In short, “destroy first, ask questions later” is an outdated reflex. Today, secure data sanitization lets businesses shred less and save more - protecting both budgets and the planet.

We've featured the best green web hosting.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

AI, like any technology, is neither inherently good nor bad. As always, it depends on who is using it and what they’re using it for. However, what is undeniable is that AI is evolving faster than its risk averse cousin, regulation, as legislators continue to struggle to keep pace.

Of course, it doesn’t help that AI is innovating within AI, which is in turn leading to unprecedented acceleration in technological development.

All of this is creating a new set of security challenges, the latest of which is vibe coding. As with any innovation cycle within AI, it’s critical that we understand what it is, and what the security implications are.

Vibe coding explained

At its core, vibe coding is a modern approach to software development. This shift is best understood through the changing role of the software developer. Previously, a developer would have been tasked with manually writing each line of code, before commencing the usual process of inspecting, testing, fixing and launching.

Now, with the introduction of vibe coding, a software developer – and your average Joe – is able skip the first step, have AI write the code in their stead, and simply guide, test, and refine it.

On paper, the benefits are plain to see. Devs can work more efficiently, it democratizes and opens up the act of coding beyond trained developers, and encourages creativity and experimentation, with new consumer-facing applications being created that are intuitive and easy to use.

Even Google’s CEO, Sundar Pichai has been having a go, stating that “it feels delightful to be a coder”, after letting slip that he had been playing around with building a web app.

As with any AI innovation – and given the ever-growing accessibility of AI tools – it comes to the forefront of the industry, habits change, and new tools and companies are developed. Just a few weeks ago, vibe coding company Lovable was in talks for a $1.5 billion valuation.

What’s clear is that you can’t stop the tide. It’s about working with it, building suitable guardrails and managing the associated risks appropriately. But what are these risks?

The security risks

As equally as vibe coding can be used for innovative purposes, it can also perpetuate cyber threats. To be robust in today’s threat landscape, businesses require secure, compliant, and maintainable code. The reality is that malicious code does not need to be high quality or long-lasting to have an impact.

In today’s AI-driven threat landscape, bad actors can even use verbal commands to generate malicious code and target vulnerabilities. To extrapolate this issue one step further, AI agents will add another dangerous dimension.

While generative AI can provide coding capabilities as part of vibe coding, it still needs to be deployed and executed in isolation. That is until an AI agent takes on the responsibility.

Vibe coding also has the potential to cause issues within security teams themselves. Often, it’s done individually, therefore undermining the collaborative and agile nature of DevOps practices. Without structured programming and security awareness, vibe coding can introduce hidden risks.

Defensive strategies

Vibe coding represents a leap in abstraction, allowing programmers to generate code using natural language. And while it lowers the barrier to entry and democratizes access to coding, it ultimately increases the risk of misuse by unqualified users. Businesses must set themselves up with a long-term view.

Vibe coding is just the latest iteration of AI-driven attacks and while it’s easy to focus on the technology of the moment, organizations must be set up to defend against vibe coding and whatever the next innovation may be.

The first and foremost defensive strategy is deploying zero trust architecture. At its core, Zero Trust is a security process that assumes that no entity should be trusted by default, even if within the network perimeter. The old adage of “if you can reach it, you can breach it” rings true here, so by reducing or removing your attack surface you’re going a long way to protecting yourself.

Secondly, there’s incredible value in platform-based technologies. The intelligence that platform providers get from serving millions of customers is invaluable. Think of it somewhat like herd immunity. If a solution is applied to one, it is applied to the many. Essentially, you’re benefiting from the participation of others in the platform model.

Finally, it’s vital that businesses be proactive in security, shifting from defense to offence, or as we like to call it threat hunting. By mitigating risk before it escalates, enterprises can improve their overall security posture.

Looking ahead

Ultimately, due to reasons like cost efficiency, AI will continue to disrupt the ways that we work and therefore influence the ways that we protect ourselves against the evolving threat landscape. In the future, vibe coding might involve multiple AI agents handling different aspects of the process, with one agent for pillars such as creativity, security, and the structure.

Security when done right can be a revenue enabler, allowing for market expansion, agility and better business practices. When done poorly, it renders businesses vulnerable to the latest AI innovation and trend. By adopting a long-term view of the threat landscape, deploying Zero Trust and taking a proactive approach to their security posture, enterprises can thrive.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

A creator’s Instagram inbox used to be a beautiful mess. One minute it was quiet. The next, a product Reel pops off and they get buried in fire emojis, product questions, and a dozen “Is this still in stock?” DMs.

It was certainly exciting. And a bit overwhelming? Manually keeping up often meant lost sleep, missed sales, and a lot of copy-pasting.

But now, that chaos is being turned into opportunity: For creators and entrepreneurs alike, the DM is the new storefront, help desk, and loyalty engine, all rolled into one. It's where trust is built, products get discovered, and sales happen at the speed of a double tap.

As conversational commerce takes off, more creators and entrepreneurs are building entire revenue engines inside their DMs. And equipped with smart automation, they’ve honed their social platforms to evolve beyond customer engagement to driving discovery, conversion, and customer loyalty in real time.

Historically, traditional businesses have enjoyed a rich ecosystem of tools, whether that be automations, webhooks, email integrations, and marketing funnels. They made scaling and systematizing their customer journeys seamless. Social media, by contrast, was long a closed garden: a powerful engagement space but one that limited creators’ ability to fully build and scale businesses because of restricted access.

But that’s all changing. Social platforms are opening up, and integrating with search engines and third-party tools. Creators and entrepreneurs can build sophisticated marketing and sales systems within these once closed environments – meaning social media channels are ultimately leveling the playing field. They’re transformed into robust business platforms where engagement, discovery, and conversion seamlessly intertwine.

From clicks to conversations, why funnels are flattening

The old-school path to a sale was long: social post → link in bio → website → maybe a sale. But let's face it, we’re living in the age of instant gratification. People expect responses yesterday. Slow replies can lead to frustration, while quick, helpful answers leave a lasting impression.

Enter: automation.

Automation ensures no message gets lost, keeping your audience happy and engaged. It's reshaping the sales funnel. Instead of sending traffic away, creators are closing the loop inside the platforms themselves, often in one message. In fact, 71% of consumers say they expect to interact with brands via messaging platforms. And with an average response time of 2 minutes (vs. 17 hours for email), DMs are simply faster and smarter.

To be clear, this shift isn’t about ditching websites. Rather, brands need to meet their buyers where they’re at – and remove the friction between intent and action. DMs essentially pre-qualify intent to purchase. By the time a consumer clicks through to a link provided via DM, they’re warmer and more likely to convert.

And the numbers back it up. Some creators report conversion rates as high as 85–98% when routing sales through DMs. Others have seen revenue spike by tens of thousands of dollars in a single month, simply by automating responses they once handled manually. One campaign helped drive over 100,000 page views from just a single trigger. These are all proof that messaging is a real growth engine.

As buyers spend more time in chat-based environments, the most agile businesses are revamping their approach to building and driving action.

Personalization that scales:

Customers crave human connection and messaging platforms deliver it. With tools that pull in browsing behavior, purchase history, and real-time context, entrepreneurs and creators alike can now offer VIP-style service to every shopper. Think: automated coupon drops, back-in-stock alerts, or custom product recommendations – all within the chat thread.

This is the major shift automation enables: authentic presence at scale. For the first time, creators and entrepreneurs no longer have to choose between being responsive and being real. With AI, they can stay present in thousands of conversations without losing the tone, timing, or trust that made a brand reputable in the first place.

However, the power of this movement lies in the timing. Automations show up exactly when they’re needed. Whether that’s a discount sent at the moment of hesitation or a restock alert that feels like it was sent by a personal shopper. The result? Higher open rates, faster response times, and better conversion across the board.

Even solo creators are now delivering high-touch experiences that rival big brands. The difference is, it’s happening one-to-one and in real time, without a massive team.

Where there’s a DM, there’s a purchasing decision

Website analytics can tell that someone clicked. That they spent 42 seconds on the product page. Maybe they even added something to the cart. But that’s still guesswork. An entrepreneur is left interpreting behavior, hoping it means something. But a DM that says, “Hey, do you have this in stock?” That’s clear as day: a customer is getting ready to buy.

Conversations are becoming the new top-of-funnel. When a customer initiates a message, they’re sending a clear intent signal. One you can act on immediately. Share a size guide. Offer a promo. Drop a product link right into the thread. No forms, no delays.

To be clear: By no means does this replace the website. In fact, quite the opposite. DMs often serve as the warm introduction that makes the click-through more valuable. The result? Higher intent traffic, better conversion rates, and fewer missed opportunities.

Because when someone takes the time to message a brand, they’re making active purchasing decisions and creating opportunities to act on an intent signal in real-time: Offer a discount. Suggest the right size. Trigger a purchase link. That’s why more entrepreneurs are shifting from pageviews to conversations. And when entrepreneurs and creators have automation set up, they can act on those signals instantly.

The smartest businesses — and creators — aren’t waiting around for clicks or form fills. They’re meeting their audience where the conversation is already happening: in the DMs.

Because in today’s attention economy, speed matters. Relevance matters. And connection always matters. Together, they create real moments of engagement that build trust, strengthen relationships, and drive meaningful revenue, all without slowing down momentum.

We've featured the best ecommerce software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• When a token with publishing rights was stolen, multiple poisoned Nx variants were released
• The malware stole secrets and other important data
• The attack lasted a few hours, but could be causing damage still

Countless software developers, likely including those within Fortune 500 companies, were victims of a supply chain attack after Nx, the open source build system and development toolkit, was compromised.

In an announcement posted on GitHub, Nx said, “malicious versions of Nx and some supporting plugins were published” on NPM.

At the same time, security researchers Wiz released a separate announcement, saying the malicious versions were carrying infostealing malware, grabbing secrets such as GitHub and NPM tokens, SSH keys, crypto wallet information, and more, from attacked developers.

Thousands of leaked tokens

How Nx was compromised remains unknown - Wiz believes the threat actors managed to get ahold of a token with publishing rights, which enabled them to push malicious versions to NPM, despite all maintainers having two-factor authentication (2FA) enabled at the time of the attack. Apparently, 2FA was not needed to publish the packages.

The attack lasted approximately four hours, before NPM removed all of the poisoned versions.

Nx did not discuss how many companies might have been struck in this supply chain attack, but Wiz told The Register via email that more than 1,000 valid GitHub tokens were leaked. Furthermore, the attackers stole around 20,000 files and “dozens” of valid cloud credentials and NPM tokens.

Affected users should reach out to Nx’s support team for help.

Both NPM and Nx are hugely popular in the software development community, with more than 70% of Fortune 500 companies are allegedly using it, so it’s perhaps not surprising it is under constant attack.

However, security researchers Step Security found something unique: the malware “weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration - marking the first known case where attackers have turned developer AI assistants into tools for supply chain exploitation.”

"This technique forces the AI tools to recursively scan the file system and write discovered sensitive file paths to /tmp/inventory.txt, effectively using legitimate tools as accomplices in the attack."

You might also like

• When ransomware hits home: putting your people first
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Looking for a different day?

A new Quordle puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Thursday's puzzle instead then click here: Quordle hints and answers for Thursday, August 28 (game #1312).

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,100 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1313) - hint #1 - VowelsHow many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 5*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1313) - hint #2 - repeated lettersDo any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 1.

Quordle today (game #1313) - hint #3 - uncommon lettersDo the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1313) - hint #4 - starting letters (1)Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 2.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1313) - hint #5 - starting letters (2)What letters do today's Quordle answers start with?

• F

• T

• F

• P

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1313) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1313, are…

• FLAIR
• TAROT
• FRAIL
• PRUNE

I have never before experienced today’s phenomenon when an incorrect guess for one word turns out to be a correct guess for another. 

This is what happened with FLAIR and FRAIL, which feature the same letters but in a different order. My wrong guess for FLAIR gave me the unusual sensation of annoyance at coming so close and simultaneous pleasure after realizing it didn’t matter.

Daily Sequence today (game #1313) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1313, are…

• REGAL
• BULGE
• QUELL
• FURRY

Quordle answers: The past 20

• Quordle #1312, Thursday, 28 August: AFOOT, TANGO, LUMEN, NAVAL
• Quordle #1311, Wednesday, 27 August: TWEED, SCRAP, SHEIK, AWOKE
• Quordle #1310, Tuesday, 26 August: BEGET, WRATH, HEARD, INDEX
• Quordle #1309, Monday, 25 August: GEEKY, SHALT, CHIEF, JIFFY
• Quordle #1308, Sunday, 24 August: ROVER, GONER, ANTIC, OUTDO
• Quordle #1307, Saturday, 23 August: DEMON, GRATE, FLYER, SHEEP
• Quordle #1306, Friday, 22 August: TROOP, SCOPE, TORSO, BRINY
• Quordle #1305, Thursday, 21 August: QUEST, SPARK, WHITE, ACUTE
• Quordle #1304, Wednesday, 20 August: DOLLY, MERRY, BUGLE, WORST
• Quordle #1303, Tuesday, 19 August: KNAVE, SMART, CARRY, MAMMA
• Quordle #1302, Monday, 18 August: FIBER, TRADE, RAYON, TEASE
• Quordle #1301, Sunday, 17 August: FUNGI, AMITY, DRIER, CHECK
• Quordle #1300, Saturday, 16 August: OWING, QUAKE, SLIDE, ELITE
• Quordle #1299, Friday, 15 August: WHALE, PRISM, DRAKE, TEPEE
• Quordle #1298, Thursday, 14 August: LAPEL, IDIOM, RENEW, LIVER
• Quordle #1297, Wednesday, 13 August: CACTI, HOMER, EMAIL, ALBUM
• Quordle #1296, Tuesday, 12 August: SPOOL, TITLE, JAUNT, OVINE
• Quordle #1295, Monday, 11 August: ADULT, BROOM, PURER, CRUEL
• Quordle #1294, Sunday, 10 August: SCRUM, PIPER, TROLL, SPORE
• Quordle #1293, Saturday, 9 August: NOOSE, INLET, ELEGY, VIRUS

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Thursday's puzzle instead then click here: NYT Strands hints and answers for Thursday, August 28 (game #543).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #544) - hint #1 - today's themeWhat is the theme of today's NYT Strands?

• Today's NYT Strands theme is… A long time in the making

NYT Strands today (game #544) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• RAIL
• CHOP
• CORE
• SPEAR
• LIAR
• TRED

NYT Strands today (game #544) - hint #3 - spangram lettersHow many letters are in today's spangram?

• Spangram has 13 letters

NYT Strands today (game #544) - hint #4 - spangram positionWhat are two sides of the board that today's spangram touches?

First side: left, 6th row

Last side: right, 6th row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #544) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #544, are…

• SPIRE
• ARCH
• MESA
• BUTTE
• GORGE
• PILLAR
• SPANGRAM: ROCK FORMATION

• My rating: Hard
• My score: 2 hints

The theme made me think about buildings and I thought I was on the right track when I got SPIRE straight away after beginning my search in the left-hand corner. Next, I got ARCH and was convinced we were looking for parts of buildings.

The spangram came after I thought I’d got two non-game words before putting them together and realizing I was on the wrong track. From here I hit a wall and struggled to find anything.

Two hints gave me MESA and BUTTE, which was very helpful as these are two types of formation that were unfamiliar to me. From here I was able to complete the board.

Yesterday's NYT Strands answers (Thursday, August 28, game #543)

• GABBY
• VERBOSE
• VOLUBLE
• TALKATIVE
• LOQUACIOUS
• SPANGRAM: CHATTERBOX

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Thursday's puzzle instead then click here: NYT Connections hints and answers for Thursday, August 28 (game #809).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #810) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• SHELL
• MUSHROOM
• WAX
• BANANA
• STAR
• STOCK
• FIGURE
• BALLOON
• GULF
• MOUNT
• 7-10
• 7-ELEVEN
• PERSONALITY
• CHEVRON
• LICKETY
• NAME

NYT Connections today (game #810) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Notable human
• GREEN: Growing
• BLUE: Petrol stops
• PURPLE: Pull apart

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #810) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: FAMOUS PERSON
• GREEN: INCREASE
• BLUE: PLACES THAT SELL GAS
• PURPLE: SPLIT

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #810) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #810, are…

• YELLOW: FAMOUS PERSON FIGURE, NAME, PERSONALITY, STAR
• GREEN: INCREASE BALLOON, MOUNT, MUSHROOM, WAX
• BLUE: PLACES THAT SELL GAS 7-ELEVEN, CHEVRON, GULF, SHELL
• PURPLE: SPLIT 7-10, BANANA, LICKETY, STOCK

• My rating: Hard
• My score: Fail

I crashed out today after cobbling together the yellow group having already made a couple of errors.

Annoyingly, I was on the right track for three of the groups. I thought that SPLIT was the link but I had PERSONALITY and CHEVRON instead of 7-10 and STOCK. Not even getting one away tricked me into thinking I was off track.

Then, with just one mistake left, I had BALLOON, MUSHROOM, and MOUNT but had STOCK instead of WAX.

Being based in the UK I think I can be forgiven for missing PLACES THAT SELL GAS, but, regardless, this was a poor round for me.

Yesterday's NYT Connections answers (Thursday, August 28, game #809)

• YELLOW: PLACES TO GET TRAPPED NET, SNARE, TANGLE, WEB
• GREEN: USED FOR TEA CUP, KETTLE, TEABAG, WATER
• BLUE: ASSOCIATED WITH HARDNESS DIAMOND, NAILS, ROCK, STEEL
• PURPLE: ENDING WITH KEYBOARD KEYS CANTAB, CYBERSPACE, ICECAPS, MAKESHIFT

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

• Resident Evil Requiem director Koshi Nakanishi has explained why the game offers both a third-person and first-person mode
• Nakanishi says Resident Evil 7 may have been "too scary" for some players, so a third-person option was added to Requiem partly for this reason
• He also hopes the option will offer a more enjoyable experience for those who "either couldn't finish or didn't even start" Resident Evil 7

Resident Evil Requiem has a third-person mode for players who couldn't handle first-person in Resident Evil 7, according to game director Koshi Nakanishi.

In an interview with GamesRadar at Gamescom 2025, Nakanishi acknowledged that his previously directed game, Resident Evil 7, might have been too scary and decided to offer two options in the upcoming entry to allow for a more enjoyable experience.

"Looking back at Resident Evil 7's first person perspective, I implemented that as a way to make it more immersive and more scary than ever before, which I think most you know media and players agreed it was an incredibly scary game, but it was possibly too scary," Nakanishi said.

"I think some people couldn't handle it, and either couldn't finish or didn't even start it. And that's something that I look back on thinking that, you know, I want to make sure that people can enjoy this game."

Resident Evil Village introduced a third-person mode through downloadable content (DLC) post-launch, and like that game, Requiem will also allow the option to switch between first and third-person while playing, which Nakanishi hopes will make the jumpscares and horror more manageable.

"So if you started the game off in first person perspective, and you're finding it's too much, then third person is almost a way to step slightly back from that level of horror and make it slightly easier to deal with by having the character on screen as a kind of avatar of yourself," he explained.

Resident Evil Requiem is set to launch on February 27, 2026, for PlayStation 5, Xbox Series X, Xbox Series S, and PC.

You might also like...

• New Resident Evil Requiem gameplay teaser solidifies it as my most anticipated game of 2026 so far
• Final Fantasy 14 director has a pretty simple explanation for why the Monster Hunter Wilds collab will feature Omega – 'In the Monster Hunter team, there are many Warriors of Light'
• Here are the three biggest things we learned from the Hollow Knight: Silksong release date trailer

• US Secretary of Defense Pete Hegseth calls for investigation into Microsoft's 'digital escort' system
• The system saw Chinese nationals coding for DoD software vendors
• Reports called this scheme 'inherently risky'

United States Secretary of Defense Pete Hegseth has ordered a review of the involvement of Chinese nationals in managing cloud services for the Pentagon and wider US military.

“For nearly a decade, Microsoft has used Chinese coders, remotely supervised by US contractors to support sensitive Department of Defense cloud systems - and if you’re thinking America First and common sense, this doesn’t pass either of those tests," Hesgeth said.

The declaration comes after a ProPublica report claimed Microsoft’s use of Chinese engineers to maintain Department of Defense computer systems with ‘minimal supervision by US personnel’ was ‘inherently risky’ - but Microsoft has said it will soon stop using these China based-engineers for US military tech support.

Digital escorts

These workers were supervised by ‘digital escorts’ - who were found to be mainly low-skilled and low-paid workers with very little coding experience.

One such escort told ProPublica; ‘we’re trusting that what they’re doing isn’t malicious, but we really can’t tell.’

“The use of Chinese nationals to service Department of Defense cloud environments, it’s over,” Hegseth went on. “We’re requiring a third-party audit of Microsoft’s digital escort program, including the code and the submissions by Chinese nationals.”

Not only that, but Hegseth will also require the Department of Defense to carry out a separate investigation of the digital escort program and the Chinese Microsoft employees involved.

“The program was designed to comply with contracting rules, but it exposed the department to unacceptable risk,” he argued.

“These investigations will help us determine the impact of this digital escort workaround. Did they put anything in the code that we don’t know about? We’re going to find out.”

Going forward, all software vendors for the DoD will also have to identify and terminate any Chinese involvement in DoD systems.

“It blows my mind that I’m even saying these things, that we allowed it to happen - that’s why we’re attacking it so hard,” Hegseth said.

You might also like

• Take a look at our picks for the best AI tools around
• Check out our choice for best antivirus software
• Microsoft restricts access to its cyber early warning systems for some Chinese firms

Everything you need to know to stream this week's games and the rest of the Banana Ball season.

Plaud AI has already sold over a million AI devices. Is it time for you to add it to your tech collection?

• Microsoft and Cloudflare want websites to behave like conversational AI apps
• Cloudflare’s AutoRAG indexes content automatically, promising seamless updates for website data
• NLWeb introduces structured MCP endpoints for AI agents seeking reliable access

Microsoft and Cloudflare have announced a new collaboration which seeks to make websites easier for both people and automated systems to query.

The initiative merges Microsoft’s “NLWeb” standard with Cloudflare’s “AutoRAG” infrastructure, providing a model for conversational search.

Instead of keyword-based navigation, the system allows natural language interaction, presenting direct answers rather than lists of links.

From search engines to answer engines

The goal of the new launch is to make any site function like an AI app, where human visitors and AI agents can ask questions and receive structured responses.

“Together, NLWeb and AutoRAG let publishers go beyond search boxes, making conversational interfaces for websites simple to create and deploy,” said R.V. Guha, creator of NLWeb, CVP, and Technical Fellow at Microsoft. “This integration will enable every website to easily become AI-ready for both people and trusted agents.”

Traditional search relies on keywords, leaving users to sift through multiple links to reach relevant information, but advocates of this new approach argue the model no longer matches expectations shaped by tools such as ChatGPT, Copilot, and Claude.

These systems provide immediate answers, and people increasingly expect websites to do the same.

However, while that framing is compelling, it assumes that all users prefer conversational responses over browsing.

The partnership also emphasizes the role of AI agents as a new class of “visitors.”

These automated systems typically scrape pages or follow keyword queries, but NLWeb introduces a structured “MCP” endpoint that gives them controlled access to site data.

This could reduce the inefficiency of scraping while allowing website owners to define the terms of access.

Yet questions remain about whether site operators will see tangible benefits or primarily additional technical burdens.

Cloudflare’s AutoRAG component handles crawling, indexing, and embedding site content into a managed vector database.

The system promises to keep information fresh with continuous updates and provide observability through Cloudflare’s AI Gateway.

While this sounds efficient, it effectively places indexing and access pipelines in the hands of a third-party infrastructure provider.

That raises concerns about cost, dependency, and whether site owners will cede too much control over how their data is handled.

By framing websites as first-class data sources for AI tools, Microsoft and Cloudflare are positioning themselves in direct competition with traditional search engines, particularly Google.

If AI writer models and LLM systems increasingly rely on structured access rather than scraping, search traffic patterns could change significantly.

To enable conversational search on a website through Cloudflare’s AutoRAG, users log into the Cloudflare Dashboard, create a new AutoRAG instance using the NLWeb Website quick deploy option, select the desired domain, and start indexing.

Once the process is complete, the site’s content becomes searchable through natural language queries, and owners can preview or embed the conversational interface to test how it will appear to visitors.

You might also like

• Check out the best AI phones on the market
• Here is our list of the best AI website builders on the web
• Mysterious Internet Speed Booster could be the perfect reason to jump on Parallels 26 if you're on Mac

• Browsers are the weak link that attackers now exploit for control
• SquareX shows how trivial scripts can intercept and hijack passkey flows
• From a user’s perspective, fake passkey prompts look entirely genuine

For years, the shift away from passwords toward passkeys has been framed as the future of secure authentication.

By relying on cryptographic key pairs instead of weak or reused strings, passkeys promised to remove the risks that have long plagued password systems.

However at the recent DEF CON 33 event, SquareX researchers presented new findings which challenge this view, claiming the very browsers relied upon to manage passkey workflows can be exploited in ways that bypass their protections.

The mechanics of passkeys

Passkeys operate through a system where a private key remains on a user’s device while a public key is stored by the service provider.

To log in, the user verifies identity locally with biometrics, a PIN, or a hardware token, and the server authenticates the response against its stored public key.

This structure should eliminate many of the classic risks, such as phishing or brute force attacks, yet the entire process assumes the browser serves as a trustworthy mediator, a role that SquareX researchers now argue is dangerously fragile.

They showed how attackers can manipulate the browser environment with malicious extensions or scripts, allowing them to intercept the registration flow, substitute keys, and even trick users into re-registering under attacker-controlled conditions.

From the victim’s perspective, the login process looks indistinguishable from a legitimate passkey operation, with no warning signs that credentials are being compromised.

Established enterprise security tools, whether endpoint protection or network defenses, do not provide visibility into this level of browser activity.

“Passkeys are a highly trusted form of authentication, so when users see a biometric prompt, they take that as a signal for security,” said SquareX researcher Shourya Pratap Singh.

“What they don’t know is that attackers can easily fake passkey registrations and authentication by intercepting the passkey workflow in the browser. This puts pretty much every enterprise and consumer application, including critical banking and data storage apps, at risk.”

With the majority of enterprise data now stored in SaaS platforms, passkeys are being rapidly adopted as the default authentication method.

SquareX’s findings suggest this transition introduces a new dependency on browser security, an area where oversight has traditionally been weak.

Passkeys may still represent progress beyond traditional credentials, yet the SquareX researcg shows no system is completely free from flaws, and organizations may have moved too quickly to embrace passkeys as a universal solution.

How to stay safe

• Use a trusted antivirus to detect and block hidden malicious code.
• Install extensions only from verified sources and review their permissions regularly.
• Keep browsers updated to ensure the latest security fixes are applied.
• Employ a password manager to securely handle legacy accounts that still rely on passwords.
• Pair sign-in processes with an authenticator app to strengthen verification steps.
• Regularly audit browser settings to minimize exposure to untrusted scripts or add-ons.
• Limit the number of devices used for sensitive logins to reduce attack opportunities.

You might also like

• These are the best AI website builders around
• Take a look at our pick of the best internet security suites on offer
• Hackers could take over millions of Dahua cameras because of two critical flaws

The Gilded Age season 4 is nowhere near being released yet, but I already feel incredibly sorry for Bertha (Carrie Coon). Granted, she hasn't been my favorite person during the last three seasons of the hit HBO Max show, nor is she usually the most agreeable.

However, she's got the weight of the world on her shoulders after the shocking last moments in the season 3 finale.

Let's rewind for a second. In episode 7, Bertha's husband George (Morgan Spector) was left on death’s door after being shot by a 19th century hitman disguised as a courier. We learn in episode 8 that he (just about) pulls through, but later uses his brush with death to tell Bertha he doesn't love her.

Well, at least he's no longer sure if he does. While he mulls it over, George leaves for New York without so much as an amicable thought between them. Meanwhile, Gladys (Taissa Farmiga) has got hitched to the Duke of Buckingham, announcing her pregnancy in the season's final moments.

In short, this all means Bertha's living her dream life vicariously through her daughter, sans husband. The Gilded Age season 4 will surely be her redemption arc, but I think there are two other potential foes in her way that we've not even considered.

Agnes and Enid could both be coming for Bertha in The Gilded Age season 4

Christine Baranski's Agnes could cause new trouble in The Gilded Age season 4. (Image credit: HBO)

Instead of Bertha peacefully trying to assimilate into the British Royal family, she's potentially got two other fights on her hands: with longstanding rival Enid (Kelley Curran) and a new potential sparring partner in Agnes (Christine Baranski).

Let's start with Agnes first. By the time the season 3 finale rolled around, niece Marian (Louisa Jacobson) and Larry Russell (Harry Richardson) hadn't officially got their engagement back on track, though both have said they want to do so. This is a nightmare for Agnes because up until now, she's merely tolerated the new money that the Russell family represent.

If the marriage goes ahead, there's sure to be arguments galore as the two families try to blend into one. Bertha had Agnes' approval after winning the season 2 opera war against Mrs. Astor (Donna Murphy), but that tolerance can be taken away in an instance.

This is where Enid comes in. Agnes’ son, Oscar (Blake Ritson) has potential nuptials on the cards with Enid, the woman who was fired from being Bertha's maid by sexually propositioning George. Oops.

Once again, she's new money, and after Oscar was scammed out of all of the family's money (that came up again in the season 3 Haymarket double-cross), that's bad news. Larry and Marian marrying would make Enid essentially a part of the Russell family, so there are more issues to stoke the potential fire of feud.

We've currently got no idea if George is coming back for The Gilded Age season 4, but again, this could cause further problems. Bertha would have to welcome Enid back into the family if the nuptials go ahead, and that's set to open old wounds if George is still kicking around (and worse, if he decides he no longer wants to be with Bertha).

Is any of this what Bertha needs in The Gilded Age season 4? Absolutely not. Are the potential new rivalries going to make new episodes even juicier for us? You can count on it.

All three seasons of The Gilded Age are streaming on HBO Max in the US, NOW TV in the UK and Paramount+ in Australia.

You might also like

• IT: Welcome to Derry – everything you need to know about the new Max horror series
• Harry Potter TV show: everything we know so far about the upcoming HBO adaptation
• The Last of Us season 3: everything we know so far about the hit HBO Max show's next chapter

• Microsoft warns of Storm-0501, a ransomware group targeting mostly cloud platforms
• This approach allows them to be faster and more efficient
• There are ways to defend against this threat, so stay alert

Microsoft is warning users about a ransomware operator that is more interested in compromising cloud infrastructure than on-premise devices since it’s faster, more efficient, and more disruptive.

In a new report, the company highlighted Storm-0501, a financially motivated group observed to go primarily for hybrid cloud environments. The group would first compromise on-premise Active Directory domains via domain trust relationships, and then use Entra Connect Sync servers to pivot towards the cloud and into Microsoft Entra ID tenants.

From there, the group would exploit a non-human synced identity with Global Admin rights, and no multi-factor authentication (MFA) set up, to gain full cloud access which, in turn, allowed them to create a backdoor using malicious federated domains, and by abusing SAML tokens.

Weathering the storm

Compromising Azure this way is an alarming turn of events, since crooks can gain owner role across subscriptions, map critical assets using AzureHound, exfiltrate data via AzCopy CLI, delete backups and storage using Azure operations and, in some instances, even encrypt the files using custom Azure Key Vault keys.

Attacking the cloud rather than on-prem infrastructure allows for faster data exfiltration, as well as the destruction of backups. Adding insult to injury, it also allows them to reach out to their victims via Microsoft Teams to and demand a ransom payment.

"Leveraging cloud-native capabilities, Storm-0501 rapidly exfiltrates large volumes of data, destroys data and backups within the victim environment, and demands ransom — all without relying on traditional malware deployment," Microsoft wrote.

To mitigate the threat, businesses should - before doing anything else - enforce MFA for all users, especially for privileged accounts. Then, they should restrict Directory Synchronization Account permissions, use TPM on Entra Connect Sync Servers, and apply Azure resource locks and immutability policies.

Finally, Microsoft advises enabling Defender for Endpoint and Defender for Cloud across all tenants, and naturally - monitoring with Azure activity logs and advanced hunting queries.

You might also like

• When ransomware hits home: putting your people first
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Commentary: Which top-tier Android phone offers the best camera system? I took hundreds of photos in and around Seattle to find out.