Technology

• Browsers are the new frontline, but today’s DLP can’t see the real threats
• Data Splicing Attacks break through enterprise browser security
• Angry Magpie reveals how fragile the current DLP architecture is in a browser-first world

A newly uncovered data exfiltration technique known as Data Splicing Attacks could place thousands of businesses worldwide at significant risk, bypassing all leading data loss prevention (DLP) tools.

Attackers can split, encrypt, or encode data within the browser, transforming files into fragments that evade the detection logic used by both endpoint protection platforms (EPP) and network-based tools - before these pieces are then reassembled outside the protected environment.

By using alternative communication channels such as gRPC and WebRTC, or secure messaging platforms like WhatsApp and Telegram, threat actors can further obscure their tracks and avoid SSL-based inspections.

Threat actors now splice, encrypt, and vanish

The growing reliance on browsers as primary work tools has increased exposure. With more than 60% of enterprise data stored on cloud platforms accessed via browsers, the importance of a secure browser has never been greater.

Researchers demonstrated that proxy solutions used in many secure enterprise browsers simply cannot access the necessary context to recognize these attacks because they lack visibility into user interactions, DOM changes, and browser context.

Additionally, endpoint DLP systems struggle because they rely on APIs exposed by the browser, which do not offer identity context, extension awareness, or control over encrypted content.

These limitations create a blind spot that attackers can exploit without detection, undermining many enterprises’ ability to defend against insider threat scenarios.

What makes this discovery even more urgent is the ease with which these techniques can be adapted or modified. With new code, attackers can easily create variants, further widening the gap between evolving threats and outdated protections.

In response, the team introduced Angry Magpie, an open source toolkit designed to replicate these attacks. Security teams, red teams, and vendors can use the tool to evaluate their defenses.

Angry Magpie allows defenders to assess their systems’ exposure in realistic scenarios, helping identify blind spots in current implementations of even the best DLP solutions.

“We hope our research will serve as a call to action to acknowledge the significant risks browsers pose for data loss,” the team said.

You may also like

• These are the best VPN with antivirus solutions
• Take a look at our pick of the best password managers
• Google blocked over 5 billion ads in 2024 as AI-powered scams skyrocketed

Whether you're a new resident or unsatisfied with your current internet service, you'll want to check out the best ISPs in Winston-Salem.

Hints and answers for the NYT Connections: Sports Edition puzzle, No. 218, for April 29.

Here are hints -- and the answer -- for today's Wordle No. 1,410 for April 29.

Hints and answers for Connections for April 29, #688.

Here are hints and answers for the NYT Strands puzzle No. 422 for April 29.

• Google DeepMind has enhanced and expanded access to its Music AI Sandbox
• The Sandbox now includes the Lyria 2 model and RealTime features to generate, extend, and edit music
• The music is watermarked with SynthID

Google DeepMind has brought some new and improved sounds to its Music AI Sandbox, which, despite sand being notoriously bad for musical instruments, is where Google hosts experimental tools for laying down tracks with the aid of AI models. The Sandbox now offers the new Lyria 2 AI model and the Lyria RealTime AI musical production tools.

Google has pitched the Music AI Sandbox as a way to spark ideas, generate soundscapes, and maybe help you finally finish that half-written verse you’ve been avoiding looking at all year. The Sandbox is aimed mainly at professional musical artists and producers, and access has been pretty restricted since its 2023 debut. But, Google is now opening up the platform to many more people in music production, including those looking to create soundtracks for films and games.

The new Lyria 2 AI music model is the rhythm section underlying the new Sandbox. The model is trained to produce high-fidelity audio outputs, with detailed and intricate compositions across any genre, from shoegaze to synthpop to whatever weird lo-fi banjo-core hybrid you’re cooking up in your bedroom studio.

The Lyria RealTime feature puts the AI's creation in a virtual studio that you can jam with. You can sit at your keyboard, and Lyria RealTime will help you mix ambient house beats with classic funk, performing and tweaking its sound on the fly.

Virtual music studio

The Sandbox offers three main tools for producing the tunes. Create, seen above, lets you describe the kind of sound you're aiming for in words. Then the AI whips up music samples you can use as jumping-off points. If you've already got a rough idea down but can’t figure out what happens after the second chorus, you can upload what you have and let the Extend feature come up with ways to continue the piece in the same style.

The third feature is called Edit, which, as the name suggests, remakes the music in a new style. You can ask for your tune to be reimagined in a different mood or genre, either by messing with the digital control board or through text prompts. For instance, you could ask for something as basic as "Turn this into a ballad," or something more complex like, "Make this sadder but still danceable," or see how weird you can get by asking the AI to "Score this EDM drop like it's all just an oboe section." You can hear an example below created by Isabella Kensington.

AI singalong

Everything generated by Lyria 2 and RealTime is watermarked using Google's SynthID technology. That means the AI-generated tracks can be identified even if someone tries to pass them off as the next lost Frank Ocean demo. It’s a smart move in an industry that’s already gearing up for heated debates about what counts as "real" music and what doesn’t.

These philosophical questions also decide the destination of a lot of money, so it's more than just abstract discussions about how to define creativity at stake. But, as with AI tools for producing text, images, and video, this isn't the death knell of traditional songwriting. Nor is it a magic source of the next chart-topping hit. AI could make a half-baked hum fall flat if poorly used. Happily, plenty of musical talents understand what AI can do, and what it can't, as Sidecar Tommy demonstrates below.

You might also like

• Is AI bad for music or is it just another step in the auto-tune timeline?
• I tried using AI to create the background music for a podcast, but I may stick to music libraries for now
• This high-tech piano wants to teach you to play with the power of AI

This is a direct shot at Google's own Search-powered shopping tools.

We've tested a range of gaming monitors to find the best one for you.

These are our top picks for those looking for reliable internet service in Douglasville.

• Beats is launching its Pill speaker in Blush Pink and Navy Blue
• It's also announced that the Pill is Beats best-selling speaker ever
• You'll still get bold sound and all-day battery life from the Pill

Last summer, Beats brought back its Pill speaker, and after testing it, we found it to be an impressive offering with robust sound and excellent bass. Further, in typical Beats fashion, it launched in a few different shades: Champagne Gold, Matte Black, and Statement Red.

Now, ahead of summer travel in 2025, Beats is expanding the selection of colors for the Pill, and both are stunners. Introducing the Beats Pill in ‘Blush Pink’ and ‘Navy Blue.’ Better yet, these don’t come with a price increase either.

You will need to track down each shade at a specific retailer, though. In the United States, fans of pink will need to visit Target, while those looking for blue will need to head to Walmart. Easier than heading out the door, though, is locking in an order online – both are priced at $149.95 and are shipping now.

(Image credit: Beats)

If you’re in the United Kingdom, you can get ‘Blush Pink’ from John Lewis for £149.99. Those in Canada can head to Walmart, with pricing to be confirmed at a later date.

Now, both of these shades look great, though the Blush Pink is a bit more fun in our opinion, offering a more summer-y shade in a very light shade of the color. Depending on how the light hits it, the speaker might pop even a bit more.

It’s also a full-color job on the rear and front, as well as the attached lanyard and buttons. The Navy Blue is a proper representation of the name, offering a deeper shade of the color.

Either route, ‘Navy Blue’ and ‘Blush Pink’ expand the color options, offering two fun shades alongside the original trio of Champagne Gold, Matte Black, and Statement Red.

Regardless of the color you get the Beats Pill in, you’re scoring what Beats is now confirming is “its bestselling speaker" ever, in that it's sold more of the new Beats Pill in the nine months it’s been out for compared to all past Pill launches.

(Image credit: Beats)

That's quite an accomplishment and speaks to why TechRadar gave it a full four out of five stars.

The excellent audio from the Pill is produced by a new racecourse drive that sits front and center, angled upward. You can also pair two of these speakers together for a stereo and more room-filling experience. You’ll also get up to 24 hours of battery life, and the Pill is quite durable, thanks to its IP67 rating.

Lastly, while you’ll recharge it using the USB-C port on the back, the Pill supports passthrough, allowing you to recharge another device by simply plugging it in.

Now, if you’re sold on Blush Pink or Navy Blue, you can get Pill for $149.99 from Target or Walmart right now. More importantly, though, if you’re okay with black, gold, or red, you can score it for just $129.95 (was $ 149.95) at Walmart right now.

You can get the Beats Pill in black, gold, or red at Walmart for just $129.95.View Deal

If you’re curious as to what else Beats has been up too, check out our first look at Beats Cables – yes USB-C to USB-C cables – here.

You might also like

• Beats Pill review: a Bluetooth speaker with style, great sound and… too few buttons
• I'm actually excited about these new USB-C cables from Beats – here's why
• Sam Altman says OpenAI will fix ChatGPT's 'annoying' new personality – but this viral prompt is a good workaround for now

We tested a bunch of exercise bikes to help you crush your workouts without leaving home.

The two rival e-commerce platforms are known for ultra cheap and discounted products.

• US bans Nvidia's H20 just as Huawei reveals its next-gen Ascend 920 AI chip
• Ascend 920 may fill China’s AI chip gap post restrictions
• Nvidia faces $5.5 billion hit as Huawei seizes opportunity

On April 9, 2025, the United States announced plans to further tighten restrictions on AI chip exports to China, including Nvidia's H20 processor, a reduced-performance chip which the company created to comply with earlier US export regulations while continuing sales in China.

Huawei, which has been positioning itself as China’s answer to Nvidia for some time, was likely waiting for the announcement because just one day later, at a partner conference, it revealed the Ascend 920, its next-generation AI chip.

Set to enter mass production in the second half of 2025, according to DigiTimes Asia, the chip is expected to be built on SMIC’s 6nm process and offer up to 900 TFLOPs of BF16 compute and 4000GB/s of memory bandwidth, supported by HBM3 memory modules. It will also support PCIe 5.0 and next-generation interconnect protocols to aid large-model training.

An effective alternative

With the Nvidia H20 now restricted in China, industry analysts believe Huawei’s new chip could bridge the gap.

Although real-world benchmarks are not yet available, the Ascend 920’s specifications suggest it could be an effective alternative to Nvidia's H20 and may be welcomed by Chinese companies like Tencent and ByteDance, which will now require substitutes for the restricted chip.

While the current Ascend 910C is estimated to deliver about 60% of the Nvidia H100’s inference performance, the Ascend 920 reportedly improves training efficiency by 30% to 40% and is tailored for Transformer and Mixture of Experts models.

Nvidia had been making strong sales in China through the H20, with sales reportedly growing 50% quarter over quarter before the ban. The new license requirement from the U.S. Department of Commerce effectively halts those sales, and Nvidia is expected to write off $5.5 billion in lost business as a result.

Huawei also announced its AI CloudMatrix 384 Supernode solution at the same event.

This rack-scale platform, described as a 'Nuclear-level product', reportedly exceeds the performance of Nvidia’s GB200 but consumes more power, something that is not seen as a major concern in China compared to the West.

You might also like

• US sanctions allow Huawei 'case-by-case' access to chip-making equipment
• Huawei is pairing its supercharged SSD with a 60-year old technology
• Huawei's blueprint for a post-Trump, non-US centric technology world

The first models of the Nest Learning Thermostat are losing all app support this year, removing most of their smart features as a result.

• DragonForce is selling its ransomware as a service that can be rebranded
• The group will handle malware development, leak sites, and more
• RaaS democratizes malware – as if AI hadn't done enough damage

Inspired by drug gangs, ransomware group DragonForce is bringing a new business model to the ransomware scene, and it involves cooperating with other ransomware gangs.

DragonForce has now been observed offering a white-label affiliate model, allowing others to use their infrastructure and malware while branding attacks under their own name.

With this model, affiliates won't need to manage the infrastructure and DragonForce will take care of negotitation sites, malware develpoment and data leak sites.

DragonForce evolves the ransomware scene with a new business model

"Advertised features include administration and client panels, encryption and ransom negotiation tools, a file storage system, a Tor-based leak site and .onion domain, and support services," cybersecurity researchers from Secureworks explained.

Secureworks explained that, in a March 2025 underground post, DragonForce rebranded itself as a "cartel," announcing a shift to a distributed model. DragonForce first appeared in August 2023.

Anubis, a much newer ransomware group that's been operating since December 2024, has also launched its own affiliate scheme, including a traditional ransomware-as-a-service product that nets affiliates 80% of their ransoms.

Much like artificial intelligence has already democratized access to coding, these models are further extending access to ransomware, meaning that less technical threat actors can target victims. The flexibility and reduced operational burdens are also key selling points.

The exact number of affiliates using these schemes is virtually untraceable, however Bleeping Computer has reported that RansomBay has already joined DragonForce's scheme.

"Cybercriminals are motivated by financial gain, so they are adopting innovative models and aggressive pressure tactics to shift the trend in their favor," Secureworks added.

The usual principles apply when it comes to protecting yourself from any type of ransomware – regularly patching internet-facing devices, implementing phishing-resistant multi-factor authentication (MFA), maintaining robust backups and monitoring networks for malicious activity are all important steps to take.

You might also like

• We've listed the best ransomware protection
• Check out our roundup of the best endpoint protection software
• Hacking groups are now increasingly in it for the money, not the chaos

• Asus GPU Tweak III software notifies ROG Astral GPU users of any potential GPU sag
• It's possible thanks to a built-in gyroscope and accelerometer
• The feature appears to be unavailable in the latest version of the application

Considering the multitude of Nvidia and AMD third-party GPUs that come with different designs and sizes, GPU sag is an undeniable issue (even if the recent RTX 5000 series has largely been a move in the right direction from the comically large RTX 4090). Fortunately, a popular GPU and motherboard manufacturer has introduced a solution - well, sort of.

As reported by VideoCardz, Asus' ROG Astral RTX 5000 series GPUs have an 'Equipment Installation Check' feature within the GPU Tweak III software, which alerts users if their GPU has tilted or moved out of place. This is made possible thanks to a built-in gyroscope and accelerometer, effectively helping detect GPU sag.

The strange thing is that this feature hasn't been included in any of the ROG Astral GPU marketing. GPU Tweak III, a GPU monitoring and tuning software, has several features to prevent issues, such as Power Detector+, which indicates any potential issues with the 12VHPWR cable - but this GPU sag preventative measure was only just discovered by users.

This is perhaps even more baffling: according to Asus forums, the Equipment Installation Check feature is no longer available in the latest version of the software. Whether the omission was entirely intentional is unclear at this moment, but it's a feature that GPU and motherboard manufacturers should consider including going forward.

(Image credit: Wirestock Creators / Shutterstock) I see this as nothing but a win, and I'm hoping other manufacturers can follow suit...

There's nothing worse than finding your PC components damaged due to cases of oversight or necessary precautions being forgotten: that's why GPU sag should be taken far more seriously.

Fortunately, I've never had it happen to me since I made it my priority to obtain a good anti-sag stand (I'm using a fairly chunky GPU), but it's easy to see the potential damage to the PCIe slot or the GPU itself in the long run if there isn't any support inside your case for a heavy graphics card.

It's a different conversation if you're using a GPU riser cable (in a mini-ITX build, for example) as the card can be placed vertically to alleviate concerns of sag - but good luck placing some of today's modern beefy third-party GPUs in those cases.

Of course, this won't apply to all GPU owners, as it seems the heavier GPUs are mostly third-party high-end offerings to compensate for cooling: prime examples are my current GPU, the Asus TUF RTX 4080 Super, a triple-slot card, and the ROG Astral RTX 5090.

It's good to see that Asus even thought about a feature to at least notify users of any sag or movement: in my experience, it's not always easy to tell if your GPU is sagging, so while some might see it as a nonsensical addition, I'd argue it's one worth applauding.

However, it's gone at the moment and no one knows if it will return: if it doesn't come back (which I'll be shocked by), then I'll be hoping other GPU manufacturers have at the very least taken note.

You may also like...

• Nvidia's rumored RTX 5080 Super could feature 24GB of VRAM - could it be enough to match the RTX 4090's performance?
• Nvidia and AMD are going to hate me for this - but I'm going to keep telling people not to buy overpriced GPUs
• Nvidia's RTX 5060 8GB GPU is rumored to launch at $299 - but history suggests it will cost more at retailers

• Meta's smart glasses with a screen again tipped for 2025 launch
• They're expected to land in October and cost over $1,000 / £1,000 / AU$1,500
• Apple is also working on smart glasses according to rumors, but they're still some time off from launch

Meta's incoming AR smart glasses could eventually face an Apple-made rival with Apple Intelligence, according to new rumors. The details add credibility to other rumors we’ve heard previously and hint at a big AR glasses battle in the coming decade – though it’s a fight Meta has a big headstart on right now.

The information comes via Mark Gurman’s latest PowerOn newsletter (behind a paywall) where he details some insider reports of what the two companies are apparently working on.

Gurman’s comments support a few details we’ve heard previously about Meta’s upcoming glasses. They’ll be smart glasses like its existing Ray-Bans but will also have a display, they’ll be pricey (we’re talking over $1,000 / £1,000 / AU$1,500), and Meta is targeting an October 2025 release (which is when it usually releases new Quest and smart glasses hardware).

However, Meta is at risk of slipping from this target date. Gurman adds that “top managers on the team” have reportedly told their staff to pick up the pace – and in some cases employees may need to work through their upcoming weekends to achieve Meta’s goals.

Apple glasses incoming (Image credit: Shutterstock / Girts Ragelis)

There’s no word on when the glasses might be released if they miss their October deadline – we’re hoping they’ll fall this side of 2025 rather than 2026, though ideally their release date will arrive without any excessive crunch Meta's employees.

We've also heard the first signs of some potential pressure from Apple’s first smart glasses – codenamed N50.

Based on how Gurman describes them (“an Apple Intelligence device” that can “analyze the surrounding environment and feed information to the wearer” but stops short of proper AR) sounds just like what Meta has and is working on in the smart glasses space.

The issue? Apparently a launch is still some time away.

Gurman isn’t specific on when a launch might follow, but with Meta, Snap and now Google and Samsung (via Android XR) getting involved in the smart glasses space it seriously feels like Apple is giving everyone a major headstart.

(Image credit: Meta) Analysis: Will Apple be late or right on time?

Given its success with the Apple Watch and AirPods from both a portability and fashionability standpoint (the two key areas smart glasses need to succeed in), Apple has the potential to catch up.

But if its non-AR glasses do launch in 2027 that could coincide with when Meta launches full-on AR specs, according to leaked development timetables – which means Apple's rival runs the risk of being dated out of the gate. Then again, Apple’s delayed release will only matter if Meta, Android XR, Snap, and others can capitalize on it.

These other AR glasses might be out in the wild sooner, but if they’re expensive and lack innovative applications, they likely won’t be super popular. This could especially be an issue for Meta’s upcoming XR specs, as the existing Meta Ray-Ban smart specs are already great and only continue to get better thanks to software updates.

(Image credit: Jason Redmond / TED)

A display would be a significant enhancement, sure, but it doesn’t yet seem like an essential one – especially when you consider the display-less specs start at just $299 / £299 / AU$449 and are already the best AI wearable around.

On the other hand, if the upcoming Meta and Google XR glasses can match even half of the cool uses that I experienced on the Snap Spectacles during my demo, then they have the potential to take people’s perception of XR technology to new heights. That would be an exciting prospect, and a high price would seem significantly more justifiable.

We’ll just have to wait and see what Meta, Apple, and Google have up their sleeves, if and when their next-gen XR glasses finally release to the public.

You might also like

• There's no need to wait for Google's Android XR smart glasses – here are two amazing AR glasses I’ve tested that you can try now
• The best smart glasses 2025: the top AI and AR glasses you can find
• Your Ray-Ban Meta smart glasses just became an even better travel companion thanks to live translation

• A breach has impacted thousands of Carolina Anesthesiology PA patients
• Sensitive health information and patient data was exposed
• This leaves anyone affected at risk of identity theft or social engineering

Security researcher Jeremiah Fowler has discovered a non password-protected database, believed to be owned by Carolina Anesthesiology PA - a healthcare firm based out of North Carolina. This dataset contained 21,344 records, was almost 7GB, and spanned multiple states.

The information contained sensitive data, including patient information like names, physical addresses, phone numbers, and email addresses, as well as insurance coverage details, anesthesia summaries, diagnoses, family medical histories, and doctors notes. According to the researcher, there were files marked ‘Billing and Compliance Reports’, which gives an idea of the type of data included.

While there is so far no evidence to suggest the database fell into malicious hands, the potential compromise of the unprotected database could put many at risk of social engineering attacks like phishing, identity theft, or fraud.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)View Deal

Database on show

The researcher outlines that the dataset contained a “detailed analysis and key metrics related to medical billing and healthcare services provided” - but that, when contacted, the healthcare firm indicated that it did not own or manage the database, but that the owner has been notified and public access restricted.

It’s not clear if the information was accessed by a threat actor or third party, as only an internal audit would show this - and as far as we know, the information has not appeared on any dark web sites for sale by cybercriminals. Investigation by the researcher indicate that this folder’s contents was likely affiliated with Atrium Health - a partner of Carolina Anesthesiology PA.

“Our cyber security team immediately launched an internal investigation upon receiving an email tip in mid-February 2025 about a possible data breach. Our investigation found that Carolina Anesthesiology, P.A., who regularly provides anesthesia services at select facilities, misconfigured the technology service used for billing data, exposing some of their patient data,” said Atrium Health in response to the breach.

“We immediately shut down all data feeds to Carolina Anesthesiology and, as a courtesy, notified the regular governing entities. We continue to learn more from the Carolina Anesthesiology team about their plan to notify their patients of this breach. All data feeds remain off until this issue has been satisfactorily addressed.”

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• Almost a million patients hit by Frederick Health data breach

CNET’s experts have rounded up the top internet providers available in Warner Robins.