Technology

The Sony WH-1000XM4 are some of the best headphones we've tested, and now they're almost half price for Labor Day.

We've still got a few days until The Summer I Turned Pretty season 3 episode 9 is released (September 3), but luckily, Prime Video has given us an entirely new trailer (which you can catch below) for the final three episodes of the season. Belly (Lola Tung) is set to have her Emily in Paris moment, fleeing to the city after her wedding to Jeremiah (Gavin Casalegno) fell through at the last minute.

Not to be a hater, but this is exactly what I wanted to happen anyway. The only way Belly was going to turn her life around was to ditch the boys she's been yearning for – but that doesn't mean they won't be following her to Paris in some form. In fact, I think the new trailer tells us exactly how the love triangle is going to shake out.

At the end of season 3 episode 8, Belly spots Conrad (Christopher Briney) at the airport, after spending her entire bachelorette and pre-wedding prep pining for him (and then denying her feelings to anyone who asks). The closing moments set the scene for the start of a new romantic love affair, with the pair whisked away to Europe to start afresh.

I don't think this will happen in The Summer I Turned Pretty season 3 episode 9, and two details in the final trailer prove me right... and I love being right.

The final trailer for The Summer I Turned Pretty season 3 episode 9 proves Belly is imagining Conrad at the airport

The first clue is that Conrad is obviously completely missing from the above trailer, much like Jeremiah. Instead, the emphasis is place on Belly rediscovering who she actually is away from the drama, introducing brand-new characters as she begins to make friends as part of a study abroad scheme.

This only proves my theory of Conrad being a fantasy at the airport right, conjured in Belly mind's of what she wants to see, not who is actually there. I'd put good money on episode 9 opening with Belly looking at Conrad, a figure walking in front of him before his face changes completely, revealed as a stranger who merely looks similar.

The second clue is what we see at the end of the trailer. As Belly arrives back home to her new French pad, she finds a letter from Conrad on the doorstep. That's right, people – his letters are likely to be even more emotional than the one we've already seen from his mom. It's a touch that indicates the kind of person he is, as if routinely going out of his way to make Belly's life better (like the peach stand scene) didn't already tell us.

Writing a letter instead of texting or emailing is the hit of old-school romance we sorely want from the hit Amazon show, completely buying into Belly's visions of a love affair for the ages. It also keeps him at the perfect distance while she continues to find her feet, as well as padding out the remaining three episodes as far as they'll stretch.

I think we're also going to see Belly forcing herself into imagining Jeremiah was there with her, prolonging the inevitable even further. I'm just grateful we're getting a proper break from her indecision in The Summer I Turned Pretty season 3 episode 9... I'm fed up screaming at the TV for her to put herself first.

You might also like

• Stand ready for Invincible season 5's arrival, worm: Amazon confirms the hit Prime Video show's fourth chapter won't be its last
• Ballard season 2 would have a ‘very exciting’ arc says Maggie Q – but the Bosch spin-off might not return, despite being Prime Video’s #1 show
• New to Prime Video? Here are 5 movies and TV shows with over 90% on Rotten Tomatoes to get you started

SolarWinds NPM delivers robust network monitoring with excellent SNMP capabilities and advanced troubleshooting tools, though setup complexity may challenge smaller teams.

The Dell XPS 13 is a great buy if you want a high-end Windows laptop – especially with this huge $350 discount for Labor Day.

The LG xboom Stage 301 is a hit, thanks to its brilliant sound, feature-rich companion app, and versatile design.

The HP OmniBook X Flip is a great value 2-in-1 laptop made even more affordable now that it's discounted at Best Buy.

• New phishing campaign found targeting Google Classroom users
• CheckPoint has detected and blocked the sites
• Hackers often use legitimate services to disguise their attacks

New research by Check Point has revealed a large-scale social engineering campaign which sees hackers using Google Classroom to victimize students and educators across the world.

A range of industries and companies were targeted in five coordinated waves of attack containing over 115,000 phishing emails aimed at 13,500 organizations, with fake invitations sent promoting ‘commercial offers’ such as SEO services or product pitches.

The attack often goes undetected by security software because it piggybacks on Google Classroom’s legitimate infrastructure, bypassing traditional defenses, the experts warned.

Phishing protections

To protect against attacks such as these, CheckPoint reaffirms the need for robust training for employees and members of your organization - and warns users to be very cautious of unexpected invitations or communications.

“This incident underscores the importance of multi-layered defenses,” CheckPoint’s statement confirms. “Attackers are increasingly weaponizing legitimate cloud services—making traditional email gateways insufficient to stop evolving phishing tactics."

The research also recommends using AI-powered detection to analyze content, to extend social engineering protections beyond just messaging and SaaS services, and to continuously monitor cloud applications.

Criminals often utilize legitimate platforms and services to distribute social engineering attacks or malware because it can help to evade detections. Earlier in 2025, hackers were observed bypassing security tools by mimicking legitimate login pages and stealing Microsoft credentials.

Microsoft’s Active Directory Federation Services (ADFS) connects an organization’s internal systems to Microsoft services. In this campaign, malvertising was used to distribute the phishing attack - and since the attack didn’t rely on email, traditional email security filters weren’t effective.

Although social engineering attacks can be potent and convincing, they do primarily rely on human error to be effective - which means that being wary and ensuring all members of your organization are sufficiently trained and tested in spotting attacks is the most effective defense.

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• Google warns Salesloft attack may have compromised Workspace accounts and Salesforce instances

Even for vulnerable jobs like translation and research, that work is more than just the tasks AI may be able to assist with.

Step into the Ring alarm ecosystem with our top-tested picks for the best Ring doorbell cameras, recommended by CNET experts.

• The iPhone 17 could go eSIM-only in more countries
• Changes are tipped for the Apple Clear Case accessory
• The launch is scheduled for Tuesday, September 9

Apple is almost certainly going to make the iPhone 17 official on Tuesday, September 9, but as we count down the days to the big launch event, the leaks are continuing – including fresh rumors around eSIMs and the official Apple Clear Case.

Current iPhone models are eSIM-only in the US, and according to a source speaking to MacRumors, retail employees at Apple Authorized Resellers in the EU are now being told to prepare to handle iPhones without physical SIM cards as well.

We've been hearing for months that the new, super-slim iPhone 17 Air model would only have support for eSIMs and not the physical cards, but it seems that's now going to be extended to other iPhones in more countries.

With eSIMs offering better security and more convenience, the move isn't really much of a surprise. Google has now gone eSIM-only for the first time with the new Google Pixel 10 series, though for now this only applies to phones sold in the US.

New iPhones, new cases

You’ve probably already seen the new iPhone 17 clear case, but here’s another look at it. Would you prefer an all-clear version? pic.twitter.com/jsCPankDkxSeptember 1, 2025

The other iPhone 17 leak doing the rounds today concerns the iPhone 17 Pro Clear Case with MagSafe – one of the official cases Apple is expected to launch for the new handset (and which it already offers for the iPhone 16 Pro).

As per images posted by tipsters @MajinBuOfficial and @SonnyDickson, there will be some tweaks to the design. Less of the case will be transparent, with a panel covering most of the back of the phone and hiding the MagSafe connectors.

We can also see there's a bigger cut-out for the cameras at the top, backing up the leaked renders we've seen of the redesign of this phone. The Apple logo also gets shifted down so it's in the center of the space below the cameras.

It also looks as though the case will support the new Crossbody Strap accessory that's been rumored, which lets you carry your iPhone with a magnetic lanyard. In a little over a week, we'll know for sure what Apple has been working on.

You might also like

• 4 ways the iPhone 17 can improve on the iPhone 16
• There could be a new 3-year plan for the iPhone
• What do you want to see from the iPhone 17?

• Volvo’s XC70 has been designed for China for now, but will hit other markets
• A 1.5-litre engine can be mated to 21.2kWh or 36.9kWh battery packs
• DC fast charging capability will come as standard

Volvo has revealed plans to launch a new XC70 model in China, which will neatly slot between its XC60 and XC90 SUVs, but will be offered in a plug-in hybrid electric vehicle (PHEV) version that’s capable of traveling 124-miles on battery power alone.

While the Swedish company already offers an enticing line up of hybrids in Europe and the US, the company has traditionally opted for smaller and lighter battery packs that offer around 50-miles of range.

Details of the upcoming XC70 suggest that it can be optioned with either 21.2kWh or 36.9kWh battery packs, which is larger than some pure EV city cars, such as the Fiat 500e and the BYD Seagull.

China’s CLTC range test is generally more generous when it comes to efficiency, so you can likely take the 124 miles of range with a pinch of salt in the real world (100-110 miles is more likely), but it is backed up by a 1.5-liter four-cylinder engine should the batteries run dry.

What’s more, Volvo claims the upcoming vehicle is capable of DC fast-charging, so battery packs can be brimmed to around 80 per cent in 28-minutes from the appropriate outlets, while bi-directional charging is also said to feature.

According to Auto Express, the vehicle is destined for China, where long range plug-in hybrids are all the rage, but the Swedish marque hasn’t ruled out bringing it to other markets “at a later date”.

Bridging the gap

(Image credit: Volvo)

Long-range plug-in hybrids, like the Volvo XC70, make a lot of sense — particularly for those with a charging outlet at home. Keeping the battery packs brimmed means the average daily mileage, which is as low as 19 miles per day in the UK, can easily be covered without troubling the engine.

Even much longer commutes can happily be dispatched in EV mode using Volvo’s larger battery packs, meaning only the longest journeys need to resort to fossil fuels.

Currently, public EV charging is expensive in the UK and much of Europe, which has been a key argument for many to not make the switch to EV. If charging is as expensive as filling up with fuel, then what’s the point?

With Volvo’s technology, owners could avoid the eye-watering charging fees found at highway service stations by instead opting to rely on the internal combustion engine. Once at a destination, it then makes sense to seek out cheaper, lower-power charging outlets to refill the battery packs.

Offering this sort of flexibility could be a huge draw for those currently sitting on the pure electric vehicle fence and, so long as it is plugged in and used predominantly as an EV, will reduce local emissions and could save owners money at the pumps.

you might also like

• Leaving Tesla? The Volvo EX30 might just be your ticket
• Volvo’s cars will be the first to get Google Gemini’s ‘conversational’ AI – and I think the in-car tech has massive potential
• Everyone is writing off the new wave of high-performance Chinese EVs – here's why that's a big mistake

For business leaders right now, two small words seem almost impossible to avoid: AI agents. Built on the ‘brain’ of an AI model, and armed with a specific purpose and access to tools, agents are autonomous decision-makers that are being increasingly integrated into live business processes.

Unlike normal AI tools, which rely on user prompts, agent-based – agentic – AI can execute tasks iteratively, making decisions that carry real business consequences, and real governance risk. In short, agents aren’t tools, they’re teammates. As well as sitting in an organization’s tech stack, they sit on its org chart.

Marc Benioff, cofounder, chairman and CEO of Salesforce, the $260 billion valued software giant, says that today’s CEOs will be the last to manage all-human workforces. (Asked if an agent could replace him some day, Benioff responded, half-joking, “I hope so.”) The sooner businesses recognize this shift, the faster they can move to securing and governing AI for accelerated innovation.

Just as human workers come under the umbrella of human resources (HR), it’s useful to think of agents as non-human resources (NHRs). Just like humans, there are costs to employing NHRs – including computing, architecture and security costs – and they need induction, training and appropriate limitations on what they can do, and how.

This is especially true as these NHRs move up the value chain to perform high-skill tasks that once belonged to mid-senior level talent. For example, autonomous agents are actively managing supplier negotiations, handling payment terms, and even adjusting prices based on commodity and market shifts – functions typically handled by teams of trained analysts.

Businesses can’t secure what they don't understand

Introducing NHRs at the enterprise level is requiring an entire rethink of governance and security. That’s because existing cybersecurity focuses on managing human risk, internally and externally; it’s not built for the realities of always-on, self-directed agents that understand, think, and act at machine speed.

Like the best employees, the most effective agents will have access to enterprise data and applications, from staffing information and sensitive financial data to proprietary product secrets. That access opens the organization up the risk of attacks from outside, as well as misuse from within.

In 2024, the global average cost of a data breach was $4.9 million, a 10% jump on the previous year and the highest total ever – and that was before the introduction of agents. In the AI era, bad actors have new weapons at their disposal, from prompt injection attacks to data and model poisoning.

Internally, a misaligned agent can trigger a cascade of failures, from corrupted analytics to regulatory breaches. When failures stem from internally-sanctioned AI, there may be no obvious attacker, just a compliant agent acting on flawed assumptions. In the age of agents, when actions are driven by non-deterministic models, unintentional behavior is the breach – especially if safeguards are inadequate.

Imagine an agent is tasked with keeping a database up to date, and has access and permissions to insert or delete data. It could delete entries relating to Fast Company, for example, by accurately finding and removing the term ‘Fast Company’.

However, it could equally decide to delete all entries that contain the word ‘Fast’ or even entries starting with ‘F’. This crude action would achieve the same goal, but with a range of unintended consequences. With agents, the question of how they complete their task is at least as important as what that task is.

Onboarding agents like employees

As organizations introduce teams of agents – or even become predominantly staffed by agents – that collaborate to rapidly make decisions and take action with a high level of opaqueness, the risk is amplified significantly.

The key to effective agentic adoption is a methodical approach from the start. Simply rebadging existing machine learning or GenAI activity, such as chatbots, as ‘agentic’ – a practice known as ‘agent washing’ – is a recipe for disappointing return on investment

Equally, arbitrarily implementing agents without understanding where they are truly needed is the same as hiring an employee who is unsuited to the intended role: it wastes time, resources, and can create tension and confusion in the workforce. Rather, businesses must identify which use cases are suitable for agentic activity and build appropriate technology and business models.

The security of the AI model underlying the agent should be extensively red-teamed, using simulated attacks to expose weaknesses and design flaws. When the agent has access to tools and data, a key test is its ability to resist agentic attacks that learn what does and doesn’t work, and adapt accordingly.

From there, governance means more than mere supervision; it means encoding organizational values, risk thresholds, escalation paths, and ‘stop’ conditions into agents' operational DNA. Think of it as digital onboarding. But instead of slide decks and HR training, these agents carry embedded culture codes that define how they act, what boundaries they respect, and when to ask for help.

As autonomous agents climb the (virtual) corporate ladder, the real risk isn't adoption – it's complacency. Businesses that treat AI agents as tools rather than dynamic, accountable team members will face escalating failures, eroding trust among customers.

Build cross-functional governance from day one

No smart business would let a fresh grad run a billion-dollar division on day one. Likewise, no AI agent should be allowed to enter mission-critical systems without undergoing structured training, testing, and probation. Enterprises need to map responsibilities, surface hidden dependencies, and clarify which decisions need a human in the loop.

For example, imagine a global operations unit staffed by human analysts, with AI agents autonomously monitoring five markets in real-time, and a machine supervisor optimizing output across all of them. Who manages whom – and who gets credit or blame?

And what of performance? Traditional metrics, such as hours logged or tasks completed, don't capture the productivity of an agent running hundreds of simulations per hour, testing and iterating at scale and creating compounding value.

To help surface and answer these questions, many businesses are hiring Chief AI Officers and forming AI steering committees that have cross-department representation. Teams can collaboratively define guiding principles that not only align with each sector of the business but the company as a whole.

A well-configured agent should know when to act, when to pause, and when to ask for help. That kind of sophistication doesn’t happen by accident, it needs a proactive security and governance approach.

This isn't just a technical evolution; it's a test of leadership. The companies that design for transparency, adaptability, and AI-native governance will define the next era. NHRs aren't coming, they're already here. The only question is whether we'll lead them or be led by them.

We list the best HR outsourcing service and the best PEO service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The Samsung Galaxy Watch7 is down to just $199 at Best Buy – that's a better deal than the budget FE.

There’s a ticking clock in the world of cybersecurity and it’s counting down to what experts call Q Day — the day when quantum computers will theoretically become powerful enough to break some of today's cryptographic methods, and render many existing encryption methods obsolete.

Or at least that’s the theory. In truth, nobody can predict with absolute accuracy when, or even if, quantum computers will reach the level of sophistication and practicality to manifest this threat. But that doesn’t mean businesses shouldn’t be thinking about it.

While some are hearing the tick of the Q Day clock, others remain unaware. So, what is Q Day, is it a big deal, and what do businesses need to know to prepare?

Do businesses need to be aware of Q Day?

The short answer is yes. The potential threat that quantum computers could pose to current cybersecurity methods cannot be understated. What was once academic theory, akin to technology you’d see in a science fiction novel, is making strides towards reality.

Big companies like IBM and Google, as well as governments and startups, are racing to build more powerful quantum machines. These computers are still in the early stages, but they’ve already grown from handling a few quantum bits (or “qubits”) to managing hundreds, and they’re getting better at solving complex, specific problems.

While quantum computers can’t yet break the encryption software and protocols that protects the internet, experts seem to be reaching a consensus that the day that this could be a reality is about 10-15 years away. This is the so-called Q Day.

Aside from the obvious threat that breaking current encryption poses, businesses also need to be aware that the rise in quantum technology is being taken seriously by governments and regulators alike.

Agencies like the National Institute of Standards and Technology (NIST) have standardized post-quantum cryptographic (PQC) algorithms, while Europe’s ENISA is focused on standardizing the implementation and certification of PQC through schemes such as EUCC, all in preparation for Q Day.

When is Q Day?

Unfortunately, as with all things quantum, answering when Q Day will be is not simple, because no one knows for sure. It’s all dependent on when (and if) the technology reaches a specific level of capability and practicality. And it’s not only about the number of qubits.

However, the speed at which quantum computing is moving forward has prompted agencies like the UK National Cyber Security Centre (NCSC) to put timelines in place.

The NCSC’s timeline for migrating to a quantum safe method of encryption has three phases: discovery and planning by 2028, early migration by 2031, and full migration by 2035.

That gives businesses a maximum of six years to plan and prepare to migrate their critical assets. But again, this timeline is not set in stone — Q Day could come sooner than 2035, later, or it could never come.

It’s difficult because we are talking about technology that hasn’t realized its theoretical potential yet, and no-one has a crystal ball. Quantum computers don’t follow Moore’s Law; they scale non-linearly, and quality matters more than quantity when it comes to qubits.

What do businesses need to do to prepare?

Staying calm should be step number one. Quantum technologies can sometimes be subject to scaremongering, pushing people to make premature or misinformed decisions. And I hate this FUD; it doesn’t lead to the best security outcomes.

Of course the threat is theoretically coming, but it isn’t imminent. Even if quantum computing does eventually break common encryption methods, it’s unlikely that everything will change in the blink of an eye — there will be time to prepare.

However, the time to prepare is now, not when the first quantum-powered breach makes headlines. And that starts with getting your basic digital hygiene sorted.

Organizations should begin by auditing their IT estate with two aims: the first being to identify what IT assets they have, because you can’t update or protect what you don’t know you have. The second is to identify which of those assets are most at risk, especially those dependent on public-key encryption or requiring long-term data confidentiality.

This is great security practice anyway - building a decent asset inventory will bring you gains beyond just post-quantum migration planning.

The next step is to prepare the inventory; decide what needs to be end-of-lifed, and prioritize what you have to migrate. It’s a short sentence to write, but a very long exercise. Good luck. Annex A of this ETSI standard has a very helpful set of questions to help.

If you want to follow the latest standards, here’s a quick update on where we are. NIST has published 3 PQC standards: FIPS 203, 204 and 205, with two more on the way: FIPS 206 in draft and a new fifth algorithm recently announced.

The mathematics is there, but we’re lacking the integration into protocols and widely used technologies. Instead of tracking NIST now, I’d recommend the best group to follow is ETSI’s Quantum Safe Cryptography Working Group focuses on the practical implementation of quantum safe primitives, and the IETF’s PQUIP group, which summarizes all the post-quantum efforts in internet standardization today.

When should businesses prepare for Q Day?

The NCSC timelines are very clear: prepare and plan by 2028, so that you can migrate by 2031. But the uncertainty on when/if Q Day will arrive complicates this slightly.

Prepare too early and you risk adopting immature technologies and standards, potentially increasing vulnerabilities. Wait too long and you may leave critical systems exposed.

The key is finding the timing that’s just right — it’s what I call the Goldilocks Theory and again, it comes down to preparedness: making a good asset inventory, while staying on top of the latest post-quantum standards.

Q Day may be uncertain, but your preparation shouldn’t be. Start planning now — not out of fear, but out of foresight.

We list the best software asset management (SAM) tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

AI is having its moment, reshaping how developers work. While the best AI tools enable faster app development and anomaly detection, they also fuel faster, more sophisticated cyberattacks.

The latest headlines are making it clear – no sector is immune. As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse engineer, analyze, and exploit applications at an alarming scale.

Gartner predicts that by 2028, 90% of enterprise software engineers will utilize AI code assistants to transform software development – placing the promise of lightning speed productivity gains in the hands of every developer and the welcome ability to automate repetitive, tedious tasks.

However, despite massive investments in AI, security continues to be a reluctant effort due to the perception that protection measures have the inverse effect, slowing down software innovation and application performance. The fact is AI has already amplified the threat landscape, especially in the realm of client applications, a primary cyberattack target.

Long considered outside the realm of a CISO’s control, software applications --particularly mobile apps --are a preferred entry point for attackers. Why? Because users tend to be less vigilant and the apps themselves “live” in the wild, outside of the enterprise network. CISO’s can no longer afford to ignore threats to these apps.

It’s an App-Happy World

Consumers have a voracious appetite for apps, and they use them as part of their daily routines; the Apple App Store today has nearly 2 million apps and the Google Play Store has 2.87 million apps. According to recent data, the average consumer uses 10 mobile apps per day and 30 apps per month. Notably, 21% of millennials open an app 50 or more times per day, and nearly 50% of people open an app more than 11 times a day.

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities have also made it easier than ever for hackers to effortlessly analyze, and reverse-engineer at an alarming scale. In fact, the majority (83%) of applications were attacked in January 2025, and attack rates surged across all industries, according to Digital.ai’s 2025 State of App Sec Threat Report.

Dozens of apps are installed on each of the billions of smartphones in use worldwide. And each app in the wild represents a potential threat vector. Why? Because applications contain working examples of how to penetrate access to back-end systems. The billions of dollars spent every year on security perimeters is rendered useless in the world of mobile applications.

Every application made and released to customers increases a business's threat surface. Developing multiple mobile apps means more risk—and leaving even one app unprotected isn’t an option. AI tools have made it that much easier for even amateur threat actors to analyze reverse engineered code, create malware, and more.

If adversaries have access to the same robust productivity tools, why wouldn’t they use them to get even better and faster at what they do?

New nefarious attacks are having a moment

New research from Cato Networks threat intelligence report, revealed how threat actors can use a large language model jailbreak technique, known as an immersive world attack, to get AI to create infostealer malware for them: a threat intelligence researcher with absolutely no malware coding experience managed to jailbreak multiple large language models and get the AI to create a fully functional, highly dangerous, password infostealer to compromise sensitive information from the Google Chrome web browser.

The end result was malicious code that successfully extracted credentials from the Google Chrome password manager. Companies that create LLMs are trying to put up guardrails, but clearly GenAI can make malware creation that much easier. AI-generated malware, including polymorphic malware, essentially makes signature-based detections nearly obsolete. Enterprises must be prepared to protect against hundreds, if not thousands, of malware variants.

The Dark Side of LLMs for Code Generation

A recent study by Cybersecurity Ventures predicts that by 2025, cybercrime will cost the world $10.5 trillion annually, a massive increase from $3 trillion in 2015, with much of the rise attributed to the use of advanced technologies like LLMs.

Take attribution - many have used an LLM to write “in the voice of”- but attribution is that much more difficult in an AI world, because threat actors can mimic the techniques, comments, tools, and TTPs. False flag events become more prevalent, such as the attack on U.S. service member wives.

LLMs are accelerating the arms race between defenders and threat actors, lowering the barrier to entry, and allowing attacks to be more complex, more insidious, and more adaptive.

Protecting Apps Running in Production

Enterprises can increase their protection by embedding security directly into applications at the build stage: this involves investing in embedded security that is mapped to OWASP controls; such as RASP, advanced Whitebox cryptography, and granular threat intelligence.

IDC research shows that organizations protecting mobile apps often lack a solution to test them efficiently and effectively. Running tests on multiple versions of an app slows the release orchestration process and increases the risk of delivering the wrong version of an app into the wild.

By integrating continuous testing and application security, software teams gain the game-changing ability to fully test protected applications, speeding up and expanding test coverage by eliminating manual tests for protected apps. This helps solve a major problem for software teams when testing and protecting apps at scale.

Modern enterprise application security is not a nice to have-- while CISOs certainly don’t need more work added to their plates, vectors that used to be outside of their control are now creating fissures inside what they do control.

The good news is that there are now robust, baseline protections that balance the need for security with the need for speed of innovation and performance. These features can be added instantly to almost any app in the wild and go right back into the app store.

1. The ability to protect by inserting security into DevOps processes without slowing down developers by adding security after coding and before testing

2. The ability to monitor via threat monitoring and reporting capabilities for apps in production

3. The ability to react by building apps with runtime application self-protection (RASP)

AI is accelerating code production, breeding applications, and reshaping app security – it’s time to stop thinking like a white knight and think like a hacker.

We list the best online cybersecurity courses.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

In today’s work-anywhere culture, people are more connected than ever. As work becomes more mobile and meetings more virtual, one form of cyber threat is quietly becoming more common: audio surveillance.

Cybersecurity now extends far beyond protecting email accounts and stored files. In a hybrid working environment, where conversations happen over video conferencing, voice messages and shared screens, it’s not only your data that is at risk. The conversation itself can become a target.

And here is the reality, according to Forbes, an overwhelming 95% of all cybersecurity breaches are caused by human error. This includes everything from sharing sensitive information without proper safeguards to joining calls over unsecured networks.

It doesn’t always take a sophisticated hack to cause real damage. Sometimes, the risk comes from the tools we trust, the places we connect from or the assumptions we make about who’s listening.

The illusion of safety

Imagine opening your laptop at a coffee shop, putting on your headset and jumping into a client meeting. The connection seems strong, the audio is crystal clear and everything feels just right. But what if someone else is eavesdropping?

In hybrid work, we often step outside the secure walls of the office and into environments we can’t control. That flexibility is a defining feature of modern productivity, but it also opens the doors to silent risks. An unsecured café Wi-Fi network, for instance, can make it remarkably easy for malicious actors to intercept audio streams or access shared content without detection.

Every call, screen share and calendar invite can include sensitive materials, such as financial data, customer details, upcoming campaigns, or internal strategy. A breach of confidential information could result in serious consequences, including regulatory penalties, disciplinary action, financial and reputational liability, or even job loss.

Recent research published in ScienceDirect highlights just how vulnerable virtual collaboration can be. A comprehensive review of video conferencing platforms revealed persistent security flaws, including weak encryption protocols and insufficient access controls, that leave meetings open to unauthorized access and potential surveillance.

For hybrid professionals working from hotels, shared spaces or home networks, this means even the most routine call could be silently compromised if the right safeguards aren’t in place.

More than just a call

In hybrid work, our headsets, webcams and conferencing tools have become the new endpoints of trust. But here’s the uncomfortable truth; a headset isn’t just a device, it’s a data hub that carries voice, client queries, business sensitive information and, in many cases, biometric data like tone, speech patterns and emotional cues.

The risks aren’t just external either. With the rise of AI, even internal tools are learning from the voices of everyone in a company. If not built securely, they could share that information with more than just your team. We live in a world where what we say can be stored, analyzed and even weaponized.

That’s why companies are rethinking how they protect their people, not just their files. Security isn’t just about firewalls anymore, and IT teams need to consider about everything from what a headset hears to how your video bar streams to the cloud.

The quietest threats are the loudest warnings

It’s easy to spot a phishing email or a suspicious link. But the more subtle threats, like unsecured pairing between a headset and a laptop, or a public connection masking malicious intent, are the ones that slip through the cracks.

Imagine walking into a crowded room and announcing your company’s quarterly results out loud. You’d never do it. But working unprotected in a public space can be equally as revealing.

As reported by Comparitech, cybercrime is projected to cost the global economy $10.5 trillion USD annually by 2025. Businesses need to think beyond whether they will be targeted or not, it’s an inevitability.

Raising the Standard

Business leaders need to adopt the ethos that the only individuals who should be on a call are the ones who’ve been invited. That’s why all devices need to have an emphasis on security.

This includes encrypting conversations, implementing secure device pairing and building-in automated defenses against man-in-the-middle attacks. And implementation alone isn’t enough, IT teams need to stress-test solutions with in-house and contracted ethical hackers. This ensures customer trust is built into the very fabric of the tools we use.

Hybrid work is here to stay, and that’s a good thing. It gives workers freedom, flexibility and balance. But with that freedom comes a new kind of responsibility: to protect the digital spaces businesses occupy, the voices employees share and the people they connect with.

The next time you plug in your headset, ask yourself “who else might be listening?”. The biggest risks don’t always come with red warning signs; sometimes, they arrive quietly, just like a spy among us.

We list the best business phone systems.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Encryption has been on a long journey, transcending centuries, from leather scrolls to quantum-resistant algorithms. But if we look at security requirements for businesses 25 years ago, the world was very different then. I sold encryption software back in 2000 when no one apart from the Government knew they needed it. It was free for home or personal use, so trying to sell encryption in a world where users borrowed it free of charge was tough.

One of the most notable examples at the time was OpenSSL, an open-source project that provided free encryption tools for securing internet communication. Another popular tool was PGP (Pretty Good Privacy), which had both free and commercial versions. The free version was widely used by privacy advocates, journalists, and tech-savvy users to encrypt emails and files.

However, eventually, public-key cryptography and tools like PGP started to gain traction for secure email and online communication. It was a pivotal moment as encryption moved from being a nice-to-have to becoming essential for privacy and trust online.

Unlocking Encrypted Data Without Compromising Security

Fully Homomorphic Encryption (FHE) has also been in the mix for about 15 years. But it has been labelled as too complicated, requiring too much processing, too much disk space, being too slow and more.

But we’ve seen a breakthrough in FHE whereby customers are using it not just to encrypt data, but to query, decrypt and use it. They can also search data faster when it's encrypted than when it's not!

Without going into lengthy explanations as to how the integers (the raw material that makes encryption possible) and cryptographic algorithms work, in simple terms, it’s only the user who has access to and can understand and read the data. Where anyone else is concerned, the data is just garbage.

Why is this so important? If we look at how encryption tools work today, we create data, which we then encrypt. Every time we search, every time we move, we decrypt – because that’s the only way to make the data work for us. Once we have decrypted it, we must re-encrypt it to ensure it is safe. Therefore, we have multiple touch points where data, which we tell users is encrypted, isn’t encrypted.

This might be okay for data-at-rest, but once you migrate data from A to B, in many cases, we send the encryption keys with it. This is the equivalent of sending the keys to the castle with the castle. Also, the moment the user wants to do anything with that data (which is arguably when it is most useful) then all that safeguarding is gone.

Therefore, for us to be able to allow customers to use data whilst it still has a safety net around it and ensure data remains confidential is a huge leap forward. Most importantly, we don't have encryption keys travelling with the data; the keys are generated at the point of login.

Is Bootstrapping FHE The Answer?

Many in the industry advocate bootstrapping FHE as a workaround. This is a clever trick that allows encrypted data to be refreshed so it can be used in computations without becoming too noisy to decrypt. But it’s important to recognize both its promise and its challenges.

Done properly, bootstrapping has significant potential if implemented efficiently. It could unlock powerful capabilities in computation, especially in domains where data sensitivity is paramount.

However, bootstrapping remains computationally intensive. Even with optimized schemes, it can take seconds per operation, which means it cannot be used for real-time applications. Bootstrapping implementations are highly complex.

That said, dismissing bootstrapping outright may be premature. As research and engineering efforts continue - including our own - there’s reason to believe that more efficient, scalable implementations are within reach.

We live in a data-driven world, and FHE is going to be the key to enabling access to data and the use of technology like AI tools. However, I recently read an article in which Elon Musk discussed the fact that we’re running out of real-world data to train AI models.

This idea (often called the “peak data” theory) suggests that the internet no longer offers enough fresh, high-quality data to improve large AI models meaningfully.

In other words, we will hit a point where data is not going to develop in a way that is useful to organizations because of all the rules we put around it, some of which are self-imposed, others which are required by regulators.

Many Cast Caution Aside

Many regulations are vague, which means organizations will interpret these in a way that enables them to reduce risk by taking a more cautious approach. Other companies throw caution to the wind. We're seeing that play out in real-time.

Take Meta as an example. The company has faced multiple fines recently. The most notable in 2025 is a €200 million penalty from the European Commission under the Digital Markets Act (DMA). The fine was issued because Meta’s “pay-or-consent” model, where users had to either pay for ad-free access or consent to data tracking, was found to violate users’ rights to genuine choice.

Regulators argued that this setup pressured users into giving up their data, undermining the DMA’s goal of fair digital competition.

Improving Lives

I would argue that we must make data more usable, particularly where data helps make the world a better place. Clinical trials, for example, have faced challenges due to disparate data, which hampers progress. If a trial is quite niche, the organization needs to be able to get a decent data set to perform tests and analyze the results in a meaningful way.

We are helping organizations keep the data in the jurisdiction it is supposed to be in and still collaborate without moving the data around and without plain text data ever flying across the internet. This means we can make people's lives better; we can stop people dying of illnesses we could prevent because we understand more.

Of course, we want to be able to use data in a way that still respects privacy. This is where we see FHE being an enabler. We can have AI using data that is encrypted to make better decisions without affecting the underlying owner of the data from a user level. It's a brave new world – but an exciting one.

We list the best data recovery software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for Sept. 1, No. 343.

Here are the answers for The New York Times Mini Crossword for Sept. 1.

Looking to access BBC Sounds – the BBC's podcast, radio and music app – from outside the UK? If you're visiting the US, Canada, Australia or indeed anywhere else, you can use a VPN – NordVPN works best – to unblock BBC Sounds and listen as normal.

We'll go into detail below and explain why the BBC's recent announcement that it would block international access to the BBC Sounds app saddened (and angered) many listeners around the world.

Here's a full (and quick) guide to how to get BBC Sounds from abroad...

When did the international BBC Sounds block come into force?

International access to BBC Sounds was shut down on Monday, July 21.

Can I still access BBC Sounds from abroad or on holiday? 

Yes. UK residents will be able to continue accessing the BBC Sounds app from abroad with a VPN. We recommend Nord, which comes with a 30-day trial and over 70% off when you use our deal below...

How to unblock BBC Sounds with a VPN

If you're outside the UK at the moment and blocked from using BBC Sounds, you can still access the app thanks to the wonders of a VPN (Virtual Private Network).

The software allows your devices to appear as if they're back in your home country regardless of where in the world you are. So ideal for listeners away for work or on vacation wanting a taste of home.

NordVPN is our favorite:

Editors Choice

NordVPN – get the world's best VPN
We regularly review all the biggest and best VPN providers and NordVPN is our #1 choice. It unblocked every streaming service in testing and it's very straightforward to use. Speed, security and 24/7 support available if you need – it's got it all.

The best value plan is the two-year deal, which sets the price at $3.39 per month and includes an extra 3 months absolutely FREE. There's also an all-important 30-day no-quibble refund if you decide it's not for you.

- So, try NordVPN 100% risk-free for 30 daysVIEW DEAL ON

Is there a BBC Sounds alternative?

Listeners based outside the UK can now access a limited selection of BBC audio programming via the BBC.com website and the BBC app (iOS / Android).

To put it mildly, however, they're nothing at all like BBC Sounds!

The only live services available through BBC.com and the BBC app are BBC Radio 4 and the BBC World Service English. They also host select podcasts, and news and history programming, such as Global News Podcast, You're Dead to Me and Infinite Monkey Cage.

Although you can listen via BBC.com and the BBC app without an account, you have to sign in on order to download, follow and save shows.

Can I listen to BBC 6 Music and other radio stations from outside the UK?

All, however, is not yet lost. You can still listen to BBC Radio stations from outside the UK by visiting their individual websites directly, through a web browser (links listed below).

It's a crude workaround, but it works.

However, these websites don't support key BBC Sounds features, such as the option to set a radio station as your alarm or even the ability to view a station's schedule.

Furthermore, only select radio content will be made available on-demand through the websites.

BBC Radio 1

BBC 1Xtra

BBC Radio 2

BBC Radio 3

BBC Radio 4 Extra

BBC Radio 5 Live

BBC Asian Network

BBC 6 Music

Click for more BBC Radio stations▼

BBC Live News

BBC Radio Scotland

BBC Radio Scotland Extra

BBC Radio Orkney

BBC Radio Shetland

BBC Radio nan Gaidheal

BBC Radio Ulster

BBC Radio Foyle

BBC Radio Wales

BBC Radio Wales Extra

BBC Radio Cymru

BBC Radio Cymru 2

Local radio

BBC Radio Berkshire

BBC Radio Bristol

BBC Radio Cambridgeshire

BBC Radio Cornwall

BBC CWR

BBC Radio Cumbria

BBC Radio Derby

BBC Radio Devon

BBC Essex

BBC Radio Gloucestershire

BBC Radio Guernsey

BBC Hereford & Worcester

BBC Radio Humberside

BBC Radio Jersey

BBC Radio Kent

BBC Radio Lancashire

BBC Radio Leeds

BBC Radio Leicester

BBC Radio Lincolnshire

BBC Radio London

BBC Radio Manchester

BBC Radio Merseyside

BBC Radio Newcastle

BBC Radio Norfolk

BBC Radio Northampton

BBC Radio Nottingham

BBC Radio Oxford

BBC Radio Sheffield

BBC Radio Shropshire

BBC Radio Solent

BBC Radio Solent Dorset

BBC Radio Somerset

BBC Radio Stoke

BBC Radio Suffolk

BBC Radio Surrey

BBC Radio Sussex

BBC Radio Tees

BBC Three Counties Radio

BBC Radio Wiltshire

BBC Radio WM

BBC Radio York

Further BBC Sounds troubleshooting tips

If you still can't access BBC Sounds, even with the aid of a VPN, there are a few more things you can try.

Make sure your BBC account is associated with a valid UK post code, such as W1A 1AA.

The BBC Sounds app (iOS / Android) won't appear in the Play Store or the App Store outside the UK, but you may be able to get around that by changing your phone's region in the settings menu.

The BBC, like most broadcasters and networks, is engaged in a neverending cat-and-mouse battle with VPN providers.

Although we've ranked the best iPlayer VPNs, something we've worked out through thorough testing, if one of them works today there's no guarantee the same will be true tomorrow, in which case you can raise the issue with your VPN provider's customer support team, and ask them to recommend the best server to connect to.

Why did BBC Sounds get blocked? What's the full story?

So what would compel the corporation to cut one of its most popular and beloved exports? The decision was taken without a consultation, and BBC management has rebuffed calls for an explanation to be provided.

For weeks following the announcement, Andrea Catherwood, the presenter of the BBC Radio 4 podcast Feedback, endeavoured to get a BBC spokesperson onto her show in order to justify the move, without success.

The move has been met with widespread anger and sadness, but above all disbelief. BBC Sounds doesn't just provide a connection to home for Brits living abroad, it's an invaluable purveyor of culture, education and entertainment, which has served as a key platform for musicians, artists and performers, some of whom owe their entire careers to radio.

BBC Sounds' demise has also caused a political storm in Ireland, where listeners north of the border retain full access to the app.

The memorandum of understanding agreed by the UK and Irish governments in 2010 stressed the importance of public service broadcasting on both sides of the border, for "promoting cultural diversity, in providing educational programming, in objectively informing public opinion, in guaranteeing pluralism."

The subject at the time was Irish-language channel TG4, with the MoU advocating its availability in Northern Ireland as well as the Republic of Ireland. However, listeners in the Republic of Ireland have now had their access to BBC Sounds blocked.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.