Feed aggregator

Here are hints and answers for the NYT Strands puzzle No. 419 for April 26.

The defense department has announced new senior level positions after recent firings and resignations. But with Pentagon head Pete Hegseth under fire for missteps, the way ahead is still unclear.

(Image credit: Chip Somodevilla)

These are CNET editors’ top picks for best desktop computers, including Macs and Windows PCs, plus advice on what you should look for in your next desktop.

Over the last half-century, the political leanings of the Supreme Court, Congress, and the presidency contributed to dramatically different approaches to the federal death penalty.

(Image credit: Spencer Platt)

Don't waste your time with internet providers that won't give you the best speed, prices or connection. These are the top picks our CNET experts suggest for Tacoma residents.

It's a "ready-to-use therapeutic food" that's had remarkable success in treating malnourished kids. The State Department says it's still available. Factories and field workers have a different view.

(Image credit: Gabrielle Emanuel/NPR)

• Phison Pascari X200E sets a new benchmark with PCIe Gen5 and extreme throughput
• X200E becomes the first flash SSD to break the one million IOPS milestone
• Built for AI, not gaming, X200E dominates data center workloads effortlessly

Phison has set a new benchmark in enterprise storage performance with its Pascari X200E 6.4TB SSD, breaking records in sequential read speed, well beyond what even the fastest external hard drives can deliver.

TweakTown lab tests found the drive achieved a sequential throughput of 15,025MB/s, the highest ever recorded. In the 8K 70/30 test, which simulates database traffic, the X200E also became the first flash-based SSD to surpass 1 million IOPS.

The X200E is part of Phison’s Pascari Performance X-Series, designed specifically for extreme write intensity in data-heavy environments. It ships in U.2 and E3.S form factors, with capacity options ranging from 1.6TB to 30.72TB.

Enterprise DNA means enterprise demands

Built around the 16-channel Phison PS5302-X2-66 controller and equipped with Hynix 176-layer eTLC NAND, the X200E runs on a PCIe Gen5 x4 interface. Most desktop PCs support M.2 SSDs rather than the enterprise-grade U.2 interface, making them physically and technically incompatible with the X200E.

Even with an adapter, most consumer motherboards lack the queue depth and thermal management required to take full advantage of the hard drive's capabilities. Given these requirements, the X200E isn’t designed for typical users, it’s built for data centers, not desktops or gaming rigs.

Phison rates the X200E at up to 14,800MB/s sequential read and 8,700MB/s sequential write performance. In addition to raw speed, the drive excels in mixed workload scenarios, delivering up to 3.2 million IOPS with consistent performance across multiple queue depths, further underscoring its enterprise focus.

The X200E is engineered to support modern AI workloads and hyperscale data center operations, which often demand performance beyond the traditional queue depth of 32 used in legacy SSD benchmarks. Test results show the drive maintains steady-state performance even under random workloads with queue depths as high as 4096.

As AI models continue to generate massive volumes of reads and writes across complex workflows, SSDs like the X200E will help power everything from video delivery platforms to real-time analytics pipelines.

You may also like

• These are the fastest SSDs you buy right now
• Take a look at some of the best external hard drives
• Palantir to develop “ImmigrationOS” for ICE to speed up deportations

During Syria's long civil war, the White Helmets were known for running into harms way, rescuing civilians from the aftermath of regime attacks. Now with the regime gone, the famed organization is finding a new mission with new challenges. We go to Damascus to see them in action.

Commerce Department employees caught up in a legal battle over their mass firings are now learning that their health care coverage was cut off weeks ago, even though they were paying their premiums.

(Image credit: Andrea Hsu)

Pope Francis will be buried in St. Mary Major church, not Saint Peter's Basilica, in a break with tradition.

(Image credit: Vatican)

• North Korean hackers are using GenAI to hold jobs in western firms
• New research from Okta reveals AI written CVs and messages
• This is an escalation from an existing fake interview campaign

New research from Okta has revealed that hackers from the Democratic People’s Republic of Korea (DPRK), are using generative AI in its malicious interview campaign - a series of tactics that involve gaining employment in remote technical roles in western firms, usually in industries with sensitive security data like defense, aerospace, or engineering.

This isn’t the first time North Korean fake job hackers have gone the extra mile with their campaigns, but the new research has found that GenAI is playing an integral role in the employment schemes.

The AI models are used to “create compelling personas at numerous stages of the job application and interview process” and then, once hired, GenAI is again used to assist in maintaining multiple roles, all earning revenue for the state.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)View Deal

Malicious interview

AI was used by these hackers in a number of ways, including generating CVs and cover letters, conducting mock interviews via chat and webcam, translating, translating, and summarising messages, as well as managing communications for multiple jobs from different accounts and services.

To assist, the hackers have a sophisticated network of ‘facilitators’ that provide in-country support, technical infrastructure, and “legitimate business cover” - helping the North Koreans with domestic addresses, legitimate documents, and support during the recruitment process.

The campaign is growing ever more sophisticated, especially given that hackers are now using both sides of the job seeking process, targeting job seekers with fake interviews, in which they deliver malware and infostealers.

These elaborate schemes often start on legitimate platforms like LinkedIn or Upwork - with the attackers reaching out to victims to discuss potential opportunities. Anyone on the job hunt or in the hiring process should be extra vigilant about who they are speaking to, and should be careful not to download any unfamiliar software.

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• One of the most powerful ransomware hacks around has been cracked using some serious GPU power

• WhatsApp has commented on its controversial new Meta AI assistant
• The messaging app says it's a "good thing" despite a mixed reception
• WhatsApp has separately rolled out a new 'Advanced Chat Privacy' tool

WhatsApp has defended the wider rollout of its Meta AI assistant inside the popular messaging app, despite some significant pushback from users.

Earlier this month, Meta rolled out the AI assistant – represented by a blue ring in the bottom-right corner of your WhatsApp chats – across several new countries in the EU, the UK, and Australia.

Because WhatsApp is very popular in those regions – more so than the likes of Apple's iMessage – there was a vocal backlash to its arrival on platforms like Reddit, particularly as it isn't possible to turn the feature off. But WhatsApp has now commented on those concerns for the first time.

In a statement to the BBC, WhatsApp said: "We think giving people these options is a good thing and we're always listening to feedback from our users". It added that it considers the feature to be similar to other permanent features in the app, like 'channels'.

Although the Meta AI circle hovers permanently in your chats section, it doesn't actually have access to your chats. Meta's Help pages state that "your personal messages with friends and family are off limits", while the Meta AI chat window states that "it can only read messages people share with it".

Still, some privacy concerns remain, so this week WhatsApp introduced a new feature called "Advanced Chat Privacy" to help soothe any remaining concerns.

A privacy peace offering

(Image credit: WhatsApp)

While it isn't possible to turn off Meta AI in WhatsApp (it's also now integrated into the app's search bar), you will soon be able to use "Advanced Chat Privacy" to prevent others from using your chats in other AI apps.

The new setting, which is "rolling out to everyone on the latest version of WhatsApp", is designed to stop people from taking anything you share in WhatsApp outside of chats and groups. When it's turned on, your friends and contacts are blocked from "exporting chats, auto-downloading media to their phone, and using messages for AI features".

We haven't yet seen the feature in action, but you'll be able to turn it on by tapping on a chat name, then tapping the new "Advanced Chat Privacy" option. WhatsApp says this is also just the first version of the feature, with more protections en route to help you avoid a personal Signalgate fiasco.

That's likely to be a more popular move than baking Meta AI in WhatsApp, although a recent poll on the TechRadar WhatsApp channel shows the latter hasn't been universally condemned.

While the biggest chunk of our poll respondents (42%) said they would "never" use the Meta AI assistant in WhatsApp, a significant number (41%) said they would "maybe, sometimes" tap the blue ring, while 17% said they planned to use Meta's ChatGPT equivalent "regularly". Perhaps, like the prison walls in The Shawshank Redemption, we'll one day grow to depend on it.

You might also like

• From novelty to nuisance: The AI revolution no one wanted is sweeping all before it
• WhatsApp has just dropped these 9 new features – including 2 that I'm not happy about
• WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images

Time Magazine's 100 most influential people of 2025. Above: She accepts an award at Rihanna's 3rd Annual Diamond Ball in 2017.'/>

A kid whose parents couldn't afford school fees is now an "icon" on Time magazine's 2025 list — recognizing her work as CEO of Camfed, a charity that gives millions of girls a chance for an education.

(Image credit: Kevin Mazur / Getty Images)

Mangione is set to appear in federal court on Friday for his arraignment in the killing of UnitedHealthcare CEO Brian Thompson. Prosecutors have filed an intent to seek the death penalty.

(Image credit: Selcuk Acar)

Microsoft is also adding more intuitive search to Windows and shortcuts for summarizing and rewriting text.

• Frederick Health Medical Group was struck with ransomware in late January 2025
• It concluded its investigation and says almost a million people lost sensitive data
• The data includes names, SSNs, health insurance information, and more

We now know how many people are affected by a recent ransomware attack on Frederick Health Medical Group - almost a million.

The healthcare provider reported the new figures to the US Department of Health and Human Services (HHS), noting how on January 27, 2025, it experienced a “ransomware event” on its IT systems.

The information taken varies from person to person, Frederick Health Medical Group added, and while in the notice it does not discuss the number of affected individuals, it did share a figure with the US HHS - 934,326 individuals.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

The subsequent investigation determined that the threat actors managed to steal certain files from a file share server.

These files included patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, health insurance information, and/or clinical information related to patient care.

So far, no threat actors have assumed responsibility for the attack, and the data has not yet surfaced on the dark web, possibly suggesting Frederick Health actually paid the ransom demand.

The organization has roughly 4,000 employees and more than 25 locations. To mitigate the risk of the attack, it also offered all affected individuals free credit monitoring and identity theft protection services through IDX.

Healthcare organizations are a prime target for ransomware operators, given the sensitivity of the data they operate with. In April 2025 alone, we've had stories of a cybersecurity CEO who tried to install malware on hospital computers, attacks on Yale Health and DaVita, and the data leak at Logezy.

Furthermore, Blue Shield of California also recently disclosed a data breach that exposed sensitive data of 4.7 million members.

Via BleepingComputer

You might also like

• United Healthcare data breach may have affected 190 million Americans
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Prepare for the noise and nuisance of the upcoming cicada invasion.

• A security oversight in Linux allows rootkits to bypass enterprise security solutions and run stealthily
• It was found in the io_uring Kernel interface
• Researchers built a PoC, now available on GitHub

Cybersecurity researchers from ARMO recently discovered a security oversight in Linux which allows rootkits to bypass enterprise security solutions and run stealthily on affected endpoints.

The oversight happens because the ‘io_uring’ Kernel interface is being ignored by security monitoring tools. Built as a faster, more efficient way for Linux systems to talk to storage devices, io_uring helps modern computers handle lots of information without getting bogged down. It was introduced back in 2019, with the release of Linux 5.1.

Apparently, most security tools look for shady syscalls and hooking white completely ignoring anything involving io_uring. Since the interface supports numerous operations through 61 ops types, it creates a dangerous blindspot that can be exploited for malicious purposes. Among other things, the supported operations include read/writes, creating and accepting network connections, modifying file permissions, and more.

According to BleepingComputer, the risk is so great that Google turned it off by default both in Android and ChromeOS, which use the Linux kernel.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)View Deal

Second increase

To demonstrate the flaw, ARMO built a proof-of-concept (PoC) rootkit called “Curing”. It can pull instructions from a remote server and run arbitrary commands without triggering syscall hooks. They then tested it against popular runtime security tools, and determined that most of them couldn’t detect it.

The researchers claim Falco was completely oblivious to Curing, while Tetragon couldn’t flag it under default configurations. However, the latter’s devs told the researchers they don’t consider the platform vulnerable since monitoring can be enabled to detect the rootkit.

"We reported this to the Tetragon team and their response was that from their perspective Tetragon is not "vulnerable" as they provide the flexibility to hook basically anywhere," they said. "They pointed out a good blog post they wrote about the subject."

ARMO also said they tested the tool against unnamed commercial programs and confirmed that io_uring-abusing malware was not being detected. Curing is now available for free on GitHub.

Via BleepingComputer

You might also like

• Microsoft will now pay you even more to find security bugs in Copilot
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Nebraska residents have a wide range of providers to choose from. These are the area's top options that provide fast and affordable plans.

Game Pass subscribers have two major new releases to choose from -- here's how to decide between them.