Technology

In 2024, cybersecurity experts started to warn of a new threat to the software supply chain. Named 'slopsquatting', it is a type of cyber attack where bad actors create fake packages containing malicious code that is inadvertently added to legitimate code.

However, unlike other forms of digital squatting, in this case, the attackers use packages that are hallucinated by large language models (LLMs). This means increased risks of attack, as all it takes is a programmer running code generated by an LLM without first evaluating and validating it.

To safeguard themselves from the new generation of cyber attackers, companies need to understand what package hallucinations are and what can be done about them.

What are package hallucinations?

Coding languages like Python and JavaScript draw heavily on dependencies – pre-written code that is bundled together into packages such as libraries and modules. Developers import these packages from public code repositories (such as the npm registry for Node and PyPi for Python).

With the rise of AI usage for coding, programmers and researchers started to identify a new threat: package hallucination. This is when tools built on LLMs, such as ChatGPT, Claude, Mistral or DeepSeek, add references to the code for packages that do not exist.

These hallucinations, according to recent research, are occurring more frequently than one might expect. Researchers from the University of Oklahoma, Virginia Tech and the University of Texas at San Antonio analyzed over half a million fragments of code generated by LLMs. Alarmingly, 19.7% of packages referenced in this code were hallucinations.

These code samples, totaling 576,000, were generated in two programming languages (Python and JavaScript) using models including ChatGPT-4, Claude, Mistral, DeepSeek, and CodeLlama. While commercial models, such as Claude and ChatGPT-4, generated fewer package hallucinations in their code than open-source models, all faced the problem of package hallucination to varying degrees.

Opening the door for a new form of attack – "slopsquatting"

Concerningly, 43% of the package hallucinations in the study were recurrent, continuing to appear when the same prompts were used. Furthermore, 38% of them had similar names to real packages or the same name as packages used in other coding languages. It is these two factors – recurrence and similarity – that create the potential for a new form of cyber attack, dubbed "slopsquatting."

The name is derived from typosquatting, which originated as a form of scam where bad actors register domains with a similar name to legitimate websites, for example, those related to free software. Then, internet users entering URLs or search prompts containing typos become exposed to malicious websites.

The same idea can be adjusted to exploit typos developers make when installing open-source packages. White hat hackers used similar tactics, leveraging errors and creating packages on public registries with the same name as internal company packages to infiltrate the likes of Shopify, Apple, PayPal, Netflix, Yelp, and Uber.

In Slopsquatting the approach is similar but the packages used are hallucinated by LLMs. Because some hallucinations are recurrent, hackers can hone in on specific package names that are likely to be repeated. Then, they create a fake package using this name that contains malicious code. And because many package hallucinations have similar names to real packages, they can be hard to detect.

Mitigating the risks of slopsquatting using pre-generation techniques

The most effective way to protect against the risk of slopsquatting is to use pre-generation techniques – strategies that preemptively reduce the number of package hallucinations created.

Self-refinement

Some models are already capable of detecting their own hallucinations with a good degree of accuracy. In the study cited above, the models GPT 4 Turbo, GPT 3.5 and DeepSeek were all able to identify hallucinations with an accuracy of over 75%.

This opens the possibility for self-refinement. This is when a programmer instructs an LLM to check and refine its own output to weed out package hallucinations. After the model has generated package names, it is asked to confirm that each package is valid. If not, the response is regenerated with instructions not to use the invalid package.

This approach is not flawless. For example, a model may mistakenly classify a valid package as an invalid one. It should also be remembered that some hallucinations can be persistent. Nevertheless, by iterating this process multiple times, one can increase the chances of successfully identifying and removing invalid packages.

Unfortunately, the success of this approach is highly dependent on the model used. For example, Meta's CodeLlama was found to have a bias towards treating hallucinated packages as valid.

Fine-tuning the model

Another pre-generation technique that is possible with open-source models, such as DeepSeek and CodeLLama, is fine-tuning the model. This involves tweaking the model itself to improve performance on tasks prone to hallucinations.

The issue with this approach, however, is that it can impact the actual performance of the code. So, while a fine-tuned model may produce fewer package hallucinations, the code quality is likely to be worse.

Retrieval-Augmented Generation

In another notable pre-generation technique, Retrieval-Augmented Generation (RAG), prompts for LLMs are enriched with information from specific data sources. This could occur at the stage of the initial prompt or during refinement and iteration.

In the case of package hallucinations, it is possible to augment prompts with a database of valid packages and descriptions of what these packages are relevant for. The LLM can then query the database and add relevant answers to the prompt, which will help it accurately identify valid packages.

Naturally, this approach requires an initial investment of time to create a dataset and structure it so an LLM can effectively search it to identify relevant valid packages. However, this approach has been shown to reduce the number of hallucinations when using models such as DeepSeek.

Post-generation techniques for mitigating package hallucination

A second, and arguably less effective, approach to mitigation is to filter out package hallucinations after they have been generated.

For example, one option would be to take a master list of valid packages and then cross reference this with the output from an LLM. This approach would eliminate invalid package names. However, it is only as reliable as the master list used. An attacker could simply add their invalid package to any public master list that is used, making it ineffective as a defense. It is also possible to curate the list using metrics that estimate validity, such as their popularity, but this would be far from foolproof.

Other post-generation techniques, such as scanning for malicious content, are also unlikely to provide 100% security. Packages could be legitimate at the outset but could beacon to a command control server at a later date, which then updates the package and adds the malicious code.

Robust internal practices to verify code

Ultimately, this threat relies on internal agents running code received from an LLM without first validating it. So, one of the most effective approaches an organization can take in order to mitigate the risk of slopsquatting is to ensure they have robust verification practices in place.

First and foremost, code should be tested in secure environments to avoid the risk of the supply chain being poisoned. It is also crucial to train programmers on the potential risks of package hallucinations and implement procedures for peer code reviews.

Notifying reviewers about which parts of the code have been generated by LLMs will enhance the effectiveness of peer reviews. Additionally, dependency analysis tools can help by identifying potential vulnerabilities and alerting about suspicious packages.

Summing up: tackling new threats

LLM's are revolutionizing the way programmers work. However, as the example of package hallucinations shows, with every new development in these models, new risks occur. By employing a combination of pre- and post-generation techniques and ensuring best internal practices are in place, companies can continue to enjoy the benefits of LLM-generated code while mitigating the risk of slopsquatting.

We list the best Linux distro for developers.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• An independent audit confirmed that ExpressVPN never stores user data as indicated in its privacy policy
• Cybersecurity experts at KPGM inspected ExpressVPN's TrustedServer is designed to never log such data as claimed
• It's the 23rd time that ExpressVPN has put its software under third-party scrutiny

Cybersecurity experts at KPGM have confirmed that ExpressVPN never logs any of your identifiable information, as stated in its privacy policy. The experts specifically checked ExpressVPN's server infrastructure design, checking that it effectively prevents the collection of such logs.

Rated by us as one of the best VPN services right now, this audit marks the 23rd time ExpressVPN has put its software under scrutiny, with the latest audit confirming ExpressVPN's claims as of February 2025.

"No exception noted"

The team at KPGM thoroughly checked that ExpressVPN TrustedServer acts as it should. Testing its description, design, and implementation of controls.

Developed in 2019, ExpressVPN TrustedServer is the provider's technology at the base of its no-log claims. All VPN servers run entirely on RAM, for example, meaning that nothing is stored on the server after a reboot.

ExpressVPN's servers are also designed so that every time the server is rebooted, the newest version of the code stack (which includes the operating system (OS) and the VPN infrastructure above it) is loaded as a unique block, minimizing the risks of bugs, other vulnerabilities, and misconfiguration.

As of February 28, 2025, KPGM confirmed that ExpressVPN's infrastructure doesn't present any anomalies in its design or implementation, as "no exception noted" during tests. You can see the full report here.

"Having KPMG evaluate our technologies and assess our privacy protections again demonstrates our unwavering commitment to maintaining the highest standards of user privacy protection," said ExpressVPN's Chief Information Security Officer, Aaron Engel, commenting on the findings.

"Independent assurance isn't just a checkbox for us—it's fundamental in our efforts towards trust and transparency," he added.

A regularly audited no-log privacy policy and security infrastructure aims to provide a guarantee that none of your personal information or usage data is collected, leaked, and then linked to you or your online activities.

It's worth remembering, however, that even no-log VPNs collect some basic data. This includes information such as your email address and the number of users connected to a server, for example. Yet, these details should not be enough to identify you or your activities when using the VPN.

You might also like

• Themes land on ExpressVPN mobile apps – with full Dark Mode now available for iOS
• ExpressVPN faces a class action in the US over alleged "illegal" auto-renewal fees
• “Once you have the data, you have to cooperate” – Windscribe CEO speak out against global threats to no-log VPNs

• The cast for the live-action The Legend of Zelda movie has been unveiled
• Nintendo's Shigeru Miyamoto has confirmed who will play Zelda and Link
• Some fans are disappointed Hunter Schafer didn’t land the role of Zelda

Production on the live-action The Legend of Zelda movie is very much underway as two members of the lead cast have officially been confirmed.

The news was posted on social media by Nintendo legend Shigeru Miyamoto, who revealed a picture of the actors that will play the eponymous princess of 'Hyrule' (the fictional kingdom in the video game series), Zelda, and legendary swordsman Link in costume.

Benjamin Evan Ainsworth, who made his debut in Mike Flanagan's horror series The Haunting of Bly Manor on Netflix, has been cast as Link, while Bo Bragason from the period drama Renegade Nell on Disney+ will play Zelda.

This is Miyamoto. I am pleased to announce that for the live-action film of The Legend of Zelda, Zelda will be played by Bo Bragason-san, and Link by Benjamin Evan Ainsworth-san. I am very much looking forward to seeing both of them on the big screen. (1/2) pic.twitter.com/KA5XW3lwulJuly 16, 2025

Nintendo and Sony casting two young actors to play the lead characters of the Zelda franchise is one of our first indications of which direction the movie could take. Indeed, such a young cast could mean that we see an earlier game in the franchise, such as The Legend of Zelda: The Wind Waker, as the central plot of the film.

Of course, that's just speculation. It could be that there's still a chance that The Legend of Zelda: Ocarina of Time is the subject matter for the first live-action movie adaptation, but that would mean that we're expecting a second Link to be cast for when the character grows up in the game.

This first casting announcement also arguably suggests that we could be in store for a series of movies. Having such a young cast gives the actors room to grow with their characters over multiple films, and means there won't be any issues like Stranger Things now has with its cast of adults playing teenagers in season 5.

Nothing else surrounding the production of The Legend of Zelda adaptation has been confirmed yet, but we do know the release date of the live-action movie: March 26, 2027. We can therefore expect more casting announcements in the months to come.

What are fans saying about the cast of the live-action The Legend of Zelda movie?

In the lead-up to today's announcement, there were quite a few rumors about who would play Zelda and Link in the live-action The Legend of Zelda movie. One of the frontrunners for Zelda's role was Hunter Schafer (Euphoria), but it seems that Wes Ball, who's directing the film, ruled her out by going for a younger cast.

Indeed, going off an interview that Nintendo's veteran game designer Takashi Tezuka did with MTV over nine years ago, there was even a chance that Link could have been played by a woman. "This is just personally, [but] it would be very fun and awesome if Link was played by a female actress," Tezuka said, "a boyish female actress."

The direction that Ball has decided to take the movie in instead has been met with a lot of praise on social media, with many expecting another quality film in the vein of Nintendo's last hit, the Super Mario Bros. Movie. While some have expressed disappointment that Schafer didn't land the role of Zelda, others say that this suggests the movie will be part of a trilogy.

Comment from r/gaming

Some users also appear to be pleased that both actors are English, as it offers some continuity to the video game – many of the voice actors are English in the series (except Link, of course). However, this does vary from game to game.

Overall, the reception appears to be positive, especially as it gives fans of the video game who are excited for the live-action movie their first real indication of what to expect. Could such a young cast mean we get a Zelda movie trilogy? Does it narrow down our speculation about which video game will form the basis of the story? There's a lot to chew on here.

You might also like

• Two big Netflix video game movie adaptations just got exciting updates
• Director Alex Garland is making an Elden Ring movie
• Here are 3 video game adaptations with over 90% on Rotten Tomatoes

The final season releases across November and December.

It's been a few weeks since Scoliosis Awareness Month, but it's not too late to learn the signs, symptoms and causes of scoliosis from experts.

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Connections hints and answers for Wednesday, July 16 (game #766).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #767) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• HARD FEELINGS 
• MARIO WORLD
• DRUM AND BASS
• WU-TANG
• POKE
• SWEAT
• CAPE COD
• BIGGIE
• PAC
• POWER
• PRY
• CAMISOLE
• SNOOP
• GLUE
• WORRIES
• NOSE AROUND

NYT Connections today (game #767) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Nosey
• GREEN: The opposite of yes
• BLUE: Preceded by a great word (but missing man) 
• PURPLE: Angling for an answer

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #767) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: MEDDLE 
• GREEN: WORDS AFTER "NO" TO MEAN "IT'S ALL GOOD" 
• BLUE: SUPER__ 
• PURPLE: ENDING WITH FISH 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #767) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #767, are…

• YELLOW: MEDDLE NOSE AROUND, POKE, PRY, SNOOP
• GREEN: WORDS AFTER "NO" TO MEAN "IT'S ALL GOOD" BIGGIE, HARD FEELINGS, SWEAT, WORRIES
• BLUE: SUPER__ GLUE, MARIO WORLD, PAC, POWER
• PURPLE: ENDING WITH FISH CAMISOLE, CAPE COD, DRUM AND BASS, WU-TANG

• My rating: Hard
• My score: 1 mistake

A work colleague recently mentioned that they really disliked the phrase “no WORRIES”, so I made an effort to stop saying it.

I found it incredibly hard and realized that I say it virtually every time someone says thank you. I struggled to find a decent alternative – “my pleasure” makes it sound too much like I enjoyed whatever it was a bit too much, “no sweat” made it appear as if it was too easy, and “not a problem” sounds like it was a problem. I wrestled over it for a few days then decided it wasn’t worth worrying about.

Anyway back to the puzzle. This was my ideal type of Connections, just about tricky enough to be satisfying, but not too tricky that it became time consuming. 

I was delighted to get the purple group – ENDING WITH FISH – but it came after my one mistake of the round, when I panicked after seeing no links in the eight words I had left at that point.

Then I remembered to do what we should always do when the words seem too random and look at the end of each one. Sweet joy and relief followed.

Yesterday's NYT Connections answers (Wednesday, July 16 game #766)

• YELLOW: PARTS OF A COLLEGE CAMPUS CAFETERIA, DORM, LIBRARY, QUAD
• GREEN: EXAGGERATED, AS A PERFORMANCE CAMP, DRAMATIC, HAMMY, OVERDONE
• BLUE: CLOSE IN ON CORNER, SURROUND, TRAP, TREE
• PURPLE: STARTS OF GREEK LETTERS BET, DELT, LAMB, THE

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Looking for a different day?

A new Quordle puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: Quordle hints and answers for Wednesday, July 16 (game #1269).

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,100 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1270) - hint #1 - VowelsHow many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 3*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1270) - hint #2 - repeated lettersDo any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #1270) - hint #3 - uncommon lettersDo the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1270) - hint #4 - starting letters (1)Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1270) - hint #5 - starting letters (2)What letters do today's Quordle answers start with?

• C

• T

• P

• H

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1270) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1270, are…

• CRESS
• TABOO
• POWER
• HATER

While I was playing this game I thought that I was making some wild, inspired guesses and getting them right every time, but on reflection those guesses were the only options – I just got to them before I had to do much thinking.

POWER was my only real lucky guess as it could have been boxer or foyer on a different day.

Daily Sequence today (game #1270) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1270, are…

• SOLVE
• CABAL
• GIDDY
• OVERT

Quordle answers: The past 20

• Quordle #1269, Wednesday, 16 July: UNCLE, NADIR, REMIT, BROOM
• Quordle #1268, Tuesday, 15 July: VILLA, FLECK, TIGER, CRANE
• Quordle #1267, Monday, 14 July: SURGE, PIZZA, PAPER, POPPY
• Quordle #1266, Sunday, 13 July: KAYAK, DECRY, RUDDY, HATER
• Quordle #1265, Saturday, 12 July: WREAK, NANNY, CLASP, STAIN
• Quordle #1264, Friday, 11 July: LAPEL, DRAIN, FROND, GROSS
• Quordle #1263, Thursday, 10 July: CROSS, WHEEL, UNDID, PENCE
• Quordle #1262, Wednesday, 9 July: SHIRE, SIXTH, SINGE, IMAGE
• Quordle #1261, Tuesday, 8 July: PLIED, PRANK, GAWKY, OXIDE
• Quordle #1260, Monday, 7 July: DROLL, TRUCE, TWIRL, SINCE
• Quordle #1259, Sunday, 6 July: AMPLY, SPAWN, EXTOL, RIDGE
• Quordle #1258, Saturday, 5 July: HAVEN, SNAKE, DREAM, TORUS
• Quordle #1257, Friday, 4 July: FAVOR, SKUNK, GAWKY, FLUFF
• Quordle #1256, Thursday, 3 July: DANCE, EYING, GLAZE, EGRET
• Quordle #1255, Wednesday, 2 July: INANE, SCOUR, ELITE, ULCER
• Quordle #1254, Tuesday, 1 July: REBAR, YEARN, FORTH, CROWD
• Quordle #1253, Monday, 30 June: INGOT, INFER, TAPIR, CLUED
• Quordle #1252, Sunday, 29 June: MIRTH, APTLY, SCRUB, SMACK
• Quordle #1251, Saturday, 28 June: AWOKE, SMOKY, DEVIL, SWING

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Strands hints and answers for Wednesday, July 16 (game #500).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #501) - hint #1 - today's themeWhat is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Find your seat

NYT Strands today (game #501) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• ZANY 
• CLAM
• BONY
• WING
• CROSS
• HEATER

NYT Strands today (game #501) - hint #3 - spangram lettersHow many letters are in today's spangram?

• Spangram has 8 letters

NYT Strands today (game #501) - hint #4 - spangram positionWhat are two sides of the board that today's spangram touches?

First side: right, 2nd row

Last side: left, 2nd row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #501) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #501, are…

• BOXES
• MEZZANINE
• LOBBY
• BALCONY
• WINGS
• ORCHESTRA
• SPANGRAM: THEATERS

• My rating: Easy
• My score: 1 hint

I didn’t see the THEATERS spangram straight away – possibly because I am hardwired to see the UK spelling. Instead, I saw several non-game words in heat, heater, and heaters. So, I took the lazy option of starting with a hint.

BOXES didn’t help me narrow things down much, but it did make me think that we were looking for something about venues and auditoriums. Seeing two letter Zs together helped me get MEZZANINE – a lovely sounding word – and once I got LOBBY I knew that we were looking for words associated with theaters.

It’s a little odd that “stage” is missing from the search as you can’t have a theater without one, but that’s my only quibble.

Yesterday's NYT Strands answers (Wednesday, July 16, game #500)

• CASE
• SPEAKER
• STAND
• STYLUS
• CHARGER
• KEYBOARD
• FOLIO
• SPANGRAM: TABLET

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

• zLabs spots new version of the Konfety Android malware
• This version uses distorted APKs to avoid being detected and analyzed
• It also uses the "evil twin" tactic to remain hidden in plain sight

The infamous Konfety Android malware has apparently been updated, with new versions hiding in plain sight through tampered APK structure, experts have warned.

Security researchers zLabs have found new Konfety variants were adopting “increasingly advanced” techniques to evade detection and hinder reverse engineering efforts.

In ZIP files (which APKs are based on), every file includes a so-called General Purpose Bit Flag, a two-byte field that stores metadata about how the file should be handled (either 0 or 1). One of the bits in the flag indicates if the file is encrypted or not.

Norton 360 with Genie

Today’s cyberthreats are more sophisticated and scams are harder to detect. That’s why we made our all-in-one security more powerful to keep you safer online. Norton 360 now with Genie AI-powered scam detection. Advanced tech for advanced threats starting at $29.99 the first year.View Deal

Evil twins and dual-app deception

In Konfety’s case, the attackers intentionally set bit 0 to 1, even though the file wasn’t actually encrypted, causing decompression tools to misinterpret the files, analysis tools to crash thinking it was unreadable or corrupted, and reverse engineers to waste time troubleshooting.

But that’s not all. Each file entry in a ZIP archive also includes a compression method identifier (0x000 for no compression, 0x000C for an uncommon compression standard, etc.)

With Konfety, the attackers managed to declare files compressed using 0x000C, which wasn’t really the case. Since the files can’t decompress properly, it leads to partial extraction, parsing errors, or even crashes, which complicates reverse-engineering and analysis.

There are other ways Konfety tries to hide and maintain persistence. zLabs said that the attackers are also using so-called “dual-app deception”, in which there’s a legitimate app on major app stores, and a malicious one elsewhere.

The app also hides its icon when installed, and applies geofencing to make sure certain analysts and researchers can’t get to it.

Konfety works by using CaramelAds SDK to fetch ads, deliver payloads, and maintain communication with attacker-controlled servers. It redirects users to malicious websites, prompts unwanted app installs, and triggers persistent spam-like browser notifications.

“The threat actors behind Konfety are highly adaptable, consistently altering their targeted ad networks and updating their methods to evade detection,” the researchers warned.

“This latest variant demonstrates their sophistication by specifically tampering with the APK's ZIP structure. This tactic is designed to bypass security checks and significantly complicate reverse engineering efforts, making detection and analysis more challenging for security professionals.”

Via BleepingComputer

You might also like

• This dangerous new malware is hitting iOS and Android phones alike - and it's even stealing photos and crypto
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

We’ve been hearing for months that Apple is planning to bring AAA game Cyberpunk 2077: Ultimate Edition to macOS, and yesterday we finally got a release date: it’s due to arrive tomorrow, July 17. It’s the news Mac gamers have been waiting a tortuously long time to hear.

As someone who games on both a PC and a Mac – and who absolutely loves Cyberpunk 2077 and has been playing it for years – I’m super excited to try out one of the best single-player games on my Mac. Because this isn’t just one of my favorite games on one of my favorite computers. No, it looks like Apple and CD Projekt Red are going above and beyond to make this an experience custom-built for Mac gamers. And that means there’s a lot to look forward to.

Game-changing performance

(Image credit: Jacob Krol/Future)

As an Apple gamer, I’m used to performance that lags behind my PC. Don’t get me wrong, Apple silicon has been an absolute gamechanger for Mac gaming, and I can still get decent frame rates in most games on my MacBook Pro. But despite Apple’s lofty claims, it’s always seemed like wishful thinking to imagine that the integrated GPU you find in Apple’s Mac chips can compete with any of the best graphics cards.

That’s why the key detail that leapt out at me from Apple’s announcement was the claim that Cyberpunk 2077 will be able to run on a Mac at 120 frames per second (fps) when using ultra settings. Considering how incredibly demanding Cyberpunk 2077 is, that’s bona fide gaming PC performance and would be a massive step up for Mac players.

If that’s what you can potentially eke out of a game like Cyberpunk 2077, then other, less-demanding games could perform even better. Sure, MacBook Pro displays are limited to 120fps, but you might be able to max out all settings and still hit that refresh rate in other titles. It’s an enticing thought.

(Image credit: CD Projekt Red)

Of course, everything depends on which chips will be able to achieve this kind of output. Apple hasn’t given any specifics here, but when we went hands-on with Cyberpunk 2077 on a Mac, it reached 120fps at ultra settings using an M4 Max chip. It’s unlikely that lower-rated chips will hit those numbers too – I’m not holding out too much hope for my M1 Pro MacBook Pro – but we’ll have to see how they perform when we get some testing time with the game.

Interestingly, software is seemingly just as important here as hardware. Yes, a high-end chip will undoubtedly help you reach those sky-high numbers, but some of the most interesting tidbits from Apple’s Cyberpunk 2077 announcement were related to software.

For instance, Apple said that MetalFX Upscaling would be available on launch, with MetalFX Frame Interpolation and MetalFX Denoising coming later this year. Starting with MetalFX Upscaling, this renders the game at a lower level than your display’s native resolution, then uses artificial intelligence (AI) to scale it up. Nvidia and AMD already have similar techs, and they do a fantastic job (in some cases, the upscaled version actually looks better than the original), so this could be a major boost for macOS.

MetalFX Denoising, meanwhile, will allow “real time path tracing on the game’s highest quality graphics settings,” Apple says, and that’s something that could provide an incredible boost to visual fidelity.

The AI revolution

(Image credit: CD Projekt Red)

What’s fascinating to me is that these are all AI technologies. They come at a time when Apple’s headline AI (specifically, Apple Intelligence) is widely perceived to be seriously lagging behind rivals like ChatGPT and Copilot.

Yet while most people envisage chatbots when they think of AI, artificial intelligence is actually far broader, as these gaming techs show. Apple has long been a strong AI performer – its image processing and Siri suggestions being two examples you’ve likely encountered on an iPhone.

Of course, we don’t yet know how well all of these MetalFX techs will perform, with MetalFX Frame Interpolation and Denoising not expected until later this year. But they could counter the argument that Apple is falling behind in AI (a contention that was never the full picture anyway).

Of these AI features, MetalFX Frame Interpolation is the one that has piqued my interest the most. Apple says this generates a new frame for every two input frames, resulting in much smoother gameplay than you would normally be able to achieve.

This is sure to reignite the impassioned “fake frames” debate that has been playing out ever since Nvidia and AMD introduced their own frame-generation features. Yet provided Apple can avoid stutters and jerkiness, I think this is unlikely to bother Mac gamers – for most Apple fans, being able to enjoy smooth framerates on Mac hardware is likely to outweigh any high-level concerns about whether the frames are “real” or “fake.” The true test will be at more modest hardware levels rather than the M4 Max and M3 Ultra we’ve seen Cyberpunk played on so far.

A serious gaming test

(Image credit: Jacob Krol/Future)

And then there are all the other interesting additions that are unique to the Apple edition. This version comes with “dynamically calibrated HDR optimized for Apple XDR displays,” Apple says, alongside Spatial Audio with head tracking (providing you’re listening with a pair of the best AirPods), plus “For this Mac” graphical presets that are “individually optimized for every Apple Silicon Mac model.”

That all makes me think that Apple is trying to do this the right way. It’s making use of its other products and adding its own techs that are tailor-made for its devices, rather than just plugging in upscaling and frame generation tools from Nvidia or AMD and hoping for the best.

The last few years have shown that Apple is taking Mac gaming seriously. Cyberpunk 2077 will be the sternest test of that commitment – but if Apple does it right, it could also be its biggest success story so far.

You might also like

• Cyberpunk 2077 launches on macOS as Apple completes its Mac gaming redemption arc
• I just experienced super-smooth Cyberpunk 2077 at Ultra settings on a Mac, but the developers say there’s more to ‘squeeze out’ of Apple Silicon
• Cyberpunk 2077 will be the biggest test for Mac gaming yet

Good news, teen drama fans! The Summer I Turned Pretty season 3 is finally off and running, with the first two episodes now available to stream on Prime Video. Annoyingly, this is the final ever season we’re going to get, but the coming-of-age drama isn’t bowing out without setting off some fireworks.

The new TV show is easily top of the list when it comes to everything coming to Prime Video in July 2025, and the results speak for themselves. After the second season aired, the show was third in the streaming service’s global acquisition rankings, doubling its viewership with each passing season.

With this in mind, it doesn’t massively make sense for The Summer I Turned Pretty to end with season 3, but we might partially have the original book series to blame for that. This means the show has to pull out all the stops before saying goodbye, and the first two episodes are already almost too ridiculous to be believed.

Is it just me or is The Summer I Turned Pretty season 3’s Prime Video debut already ridiculously unhinged?

Spoilers for The Summer I Turned Pretty season 3 ahead.

Got whiplash? Me too. In just two episodes, we’ve seen Jeremiah (Gavin Casalegno) not managing to graduate on time, then proposing haphazardly to Belly (Lola Tung) without a ring, but has also cheated on her in the interim… twice. Add to this the fact that Belly’s brother Steven (Sean Kaufman) woke up from a coma after being in a car accident on exactly the same day Jeremiah chose to propose, and you’ve got a lot to unpack in a much-needed therapy session. It’s getting messy, and in exactly the way we want to see.

However, it gets worse when you consider everything that’s happening from the other perspective. While Jeremiah thrives (in his own mind), Belly is having to give up her dreams to be with the boy who’s unknowingly cheating on her. Taking drugs, getting drunk at endless houseparties and then wondering why he’s not graduating with his friends clearly is a full-time job in itself, meaning the fallout later on in the season is going to be nasty.

In fact, it’s safe to say that Jeremiah’s storyline is already going above and beyond what we saw happen in the books. It’s worth pointing out that we have seen the same things happen in both the book and TV show, but seeing his behaviour brought to life in front of our eyes is nothing short of diabolical. He becomes an uglier version of the monster we already know he is, and depending on what Belly decides to do in future episodes, could grow to be even worse.

For now, Belly’s agreed to marry Jeremiah, which makes me want to simultaneously throw up and shout at my TV. Absolutely anybody can see it’s a bad decision, setting us up for what will surely be a chaotic episodes 3 and 4 when more characters find out about the news. There will be (rightful) judgement, scorn and plenty of tears in the immediate future, and boy I cannot wait to watch it all unfold.

You might also like

• Prime Video got it hugely wrong with Bosch Legacy, but Ballard gets the franchise back on track – and a 100% Rotten Tomatoes rating proves it
• New to Prime Video? Here are 5 movies and TV shows with over 90% on Rotten Tomatoes to get you started
• The Boys season 5: everything we know so far about the popular Prime Video show's final entry

What's new in Fortnite?

(Image credit: Epic Games)

Epic Games just launched the full Superman collab, with a special item granting Superman powers like flight, heat vision, and super-strength. You can read more about it here. In terms of the OG mode, there's set to be a live event on July 26 centered around a rocket launch. Until then, there's the new Thermal Rifle to try out, as well as a whole new OG Battle Pass to work through.

Fortnite OG wowed players when it first returned, offering up retooled versions of various classic seasons, which changed each week. It proved to be a massive hit, with player counts absolutely skyrocketing in the month or so Fortnite OG was live.

It's no surprise then, that it's now come back as a permanent fixture, continuing into 2025, and Epic has confirmed that the next season of Fortnite OG will begin in August.

Thankfully, the ongoing battle royale title receives regular updates from its developers teasing what's coming, and we do now know that Fortnite OG is going to cycle through seasons. Now that the new season of Fortnite battle royale has launched, the runway is clear for OG to take the spotlight.

Here's everything you need to know about when Fortnite OG Season 5 launches. We'll cover everything officially revealed by Epic Games, some info on what to expect, as well as a round-up of how things played out last time. As news comes out, this page will be updated.

Fortnite OG Season 5 release date

(Image credit: Epic Games)

Fortnite OG Season 5 will launch on August 8, 2025. This is according to the in-game Battle Pass screen. Recently, Epic Games has started to detail a live event that'll arrive on July 26. We'll have to wait and see where it lands this time around.

Fortnite OG is now a dedicated mode moving forward, cycling through Chapter 1 seasons in a similar way to how things worked at the end of 2023, though slightly elongated. Chapter 1 Season 2 ended on March 25, 2025, with Season 3 came to a close on June 8, 2025. This recreates the pattern of the original run, adding loot pool changes and feature introductions. You can read more in the full Fortnite OG Chapter 1 Season 4 blog post.

The best place to keep up on specific updates closer to the launch of the new season of Fortnite OG is the Fortnite Status X / Twitter account. We'll be sure to keep this page up to date as well.

What is Fortnite OG?

(Image credit: Epic Games)

Fortnite OG launched in November 2023 and switched the game all the way back to the 2018 map. Specifically, it started in Season 5, with the return of Tilted Towers, a throwback weapon loot pool, and several OG skins to buy in the store. Each week, Epic Games moved the clock forward to the next season, rotating through Season 6, Season 7/8, and then Season 9/10.

The map went back to a more classic style, visually and in terms of level design. Iconic locations like Frosty Flights came back, as did old-school vehicles like the X-4 Stormwing. This lasted until December 2, 2023, when the game switched over to a new season. Fortnite OG returned on December 6, 2024 and is now a permanent mode, with its own seasons cycle.

Fortnite OG map

(Image credit: Epic Games)

Above, you can see the current Fortnite OG map. It's been meticulously recreated, with every tree, car, chest and object is right where you remember it. Ziplines and ascenders have been added in Zero Build to aid movement. As the seasons change, we'll likely see the map change with it, as well. With Season 4, you'll be able to jump into Dusty Divot, and Risky Reels.

Fortnite OG weapons loot pool

(Image credit: Epic Games)

Here's the weapons added as part of Fortnite OG season 3:

• Shopping Carts (live now)
• Thermal Scoped Assault Rifle (live now!) - Spot your enemies easier. It’ll also highlight Chests and Supply Drops for you!
• Apples (live now!) - As tasty as they are useful, these foraged items provide a nice lil’ 5 Health once eaten.
• Hop Rocks (live now!) - Prepare for lift-off! These meteor fragments grant you the power to perform gravity-defying leaps. It won’t last forever though, so use those hops carefully!
• Mushrooms - There’s no funny business here, these fungi’s provide 5 Shield and can be the difference between a slim victory or swift elimination…
• Bouncer - Spring into action! Whether you’re looking for a bouncy escape or setting up an aerial ambush, the Bouncer Trap is a friend.
• Drum Gun - Rapid fire your way to dominance like someone’s supporting you with a drum roll
• Dual Pistols - This pair of pistols packs a punch if you’re willing to get up close and personal.
• Jetpack - Take to the sky and get an aerial advantage over your opponents. Be warned though — it’s a long way to the ground when you’re all out of fuel
• Stink Bomb - Clear the way with a gaseous grenade that creates a lingering cloud of noxious fumes. Who said winning had to smell good?

Note that while these weapons and items are planned on being added this season, they're not all available at launch. Items like the Drum Gun will be added as the season progresses. The following weapons carry over from the previous season:

• Assault Rifle
• Burst Assault Rifle (Epic and Legendary rarities have arrived!)
• Scoped Assault Rifle
• Light Machine Gun
• Minigun
• Revolver
• Pistol
• Suppressed Pistol
• Suppressed Submachine Gun
• Tactical Submachine Gun
• Pump Shotgun
• Tactical Shotgun
• Heavy Shotgun
• Bolt-Action Sniper Rifle
• Semi-Auto Sniper Rifle
• Hunting Rifle
• Grenade Launcher
• Rocket Launcher
• Guided Missile
• Boogie Bomb
• Bushes
• Cozy Campfire
• Clingers
• Grenade
• Impulse Grenade
• Remote Explosives
• Port-A-Bunker
• Damage Trap
• Launch Pad (non-throwable version)
• Bandages
• Med Kits
• Shield Potions
• Small Shield Potions
• Slurp Juice
• Chug Jugs

FAQsHow long is Fortnite OG back for?

In excellent news for fans, Fortnite OG is a permanent game mode for the online battle royale game. It'll stay live in perpetuity, and follow its own seasonal cycle, which means it'll evolve regularly like other Fortnite modes.

Will Fortnite OG rotate seasons?

As well as Fortnite OG being a permanent game mode, it will absolutely have its own seasonal content that will help keep things fresh. Expect the seasonal cycle to change things up regularly.

How much does the Fortnite OG Pass cost?

The Fortnite OG Pass costs 1,000 V-Bucks. This gives you the chance to earn three skins, as well as a host of other items. It's worth pointing out that unlike the main Battle Pass, the Fortnite OG pass does not feature any V-Bucks, so you won't earn any back while working through it.

You Might Also Like...

• Our picks for the best free games to play in 2025
• Fortnite Chapter 4 review
• Best crossplay games

• Google says it will spend £3 billion on 670MW in hydroelectricity PPAs
• The deal could end up producing up to 3,000MW of hydroelectricity
• Google data center energy consumption is up 27%, emissions are down 12%

Google has agreed to spend at least $3 billion as part of an agreement to boost its renewable energy portfolio as demands increase in line with demand for artificial intelligence and cloud computing.

The deal with Brookfield Renewable Energy Partners includes 20-year power purchase agreements for 670 megawatts of clean energy via two Pennsylvania hydroelectric plants at Holtwood and Safe Harbor.

Although Google has been bidding big on renewable energy in recent years, this marks the world's largest corporate clean power deal for hydroelectricity.

Google strikes the biggest-ever corporate hydroelectricity deal

Already a considerable starting point, Brookfield noted the Hydro Framework Agreement will support the provision of up to 3,000 megawatts of carbon-free hydroelectric capacity across the United States.

The move aligns with Google's efforts to power its data centers with carbon-free energy around the clock, and comes during an era of increased green energy investments. Hyperscaler rivals like Amazon, Meta, and Microsoft have also been splurging on nuclear, gas and renewables to meet demand.

"Hydropower is a proven, low-cost technology, offering dependable, homegrown, carbon-free electricity that creates jobs and builds a stronger grid for all," Google Head of Data Center Energy Amanda Peterson Corio explained.

Brookfield Asset Management President Connor Teskey welcomed the investment, noting that hyperscalers will need to diversify their energy production to meet demand at scale.

Although surges in AI and cloud computing have resulted in higher demand for data centers, Google's most recent 2025 sustainability report revealed how the company managed to cut data center emissions by 12% despite a 27% rise in energy consumption. In its most recent full year, the company procured more than eight gigawatts of clean energy.

Energy efficiency improvements to its AI systems, including power-hungry GPUs, have also resulted in a reduction in water consumption, typically used for cooling. However, having only replenished 64% of the water it used in 2025, there's still clearly a long way to go.

You might also like

• Google's data centers using more power than ever before as AI surge continues
• These are the best cloud computing providers with powerful chips
• Check out our roundup of the best AI tools and best AI writers

I wore the Oura, Ultrahuman and Evie smart rings during my daily life and workouts to find out which one provides the best health and fitness tracking. Here's what I found.

Samsung's Running Coach questioned my running skills. But Gemini may have just restored my faith in voice assistants.

A direct follow-up to the first two movies, the new sequel welcomes back some original stars. Here’s how to stream the franchise to get in the slasher spirit.

DK is helping me punch my way through summer.

Are you looking for great internet options in Naperville but have no idea where to start? Our team here at CNET is here to help.

Commentary: Why are we dedicating a day to tech that's filling the internet with slop, burning through clean water, and destabilizing creative industries?

• Claude for Financial Services launches specifically for the financial industry
• Users can access powerful Claude 4 models and other Claude AI tools
• The system integrates with internal and external data sources

Anthropic has launched a special edition of its Claude AI platform designed for the highly regulated financial industry, with a focus on market research, due diligence, and investment decision-making.

The OpenAI rival hopes for financial institutions to use its tool for financial modelling, trading system modernisation, risk modeling, and compliance automation, with pre-built MCP connectors offering seamless access to entperise and market data platforms.

The company boasted that Claude for Financial Services offers a unified interface, combining Claude's AI powers with internal and external financial data sources from the likes of Databricks and Snowflake.

Claude for Financial Services

Anthropic highlighted four of the tool's key benefits: powerful Claude 4 models that outperform other frontier models, access to Claude Code and Claude for Enterprise, pre-built MCP connectors, and expert support for onboarding and training.

Testing revealed Claude Opus 4 passed five of the seven Financial Modeling World Cup competition levels, scoring 83% accuracy on complex excel tasks.

"Access your critical data sources with direct hyperlinks to source materials for instant verification, all in one platform with expanded capacity for demanding financial workloads," the company shared in a post.

Anthropic also stressed user data is not used for training its generative models in the name of intellectual property and client information confidentiality.

Besides Snowflake for data and Databricks for analytics, Claude for Financial Services also connects with the likes of Box for document management and S&P Global for market and valuation data, among others.

Among the early adopters is the Commonwealth Bank of Australia, whose CTO Rodrigo Castillo praised Claude for its "advanced capabilities" and "commitment to safety." The Australian banking giant envisions using Claude for Financial Services for fraud prevention and customer service enhancement.

You might also like

• Financial leaders still rely on regular tools like Excel for automation tasks over AI
• We've listed the best AI tools and best AI writers for different industries
• Boost output with the best productivity tools