Feed aggregator

• Samsung has announced an event on September 4
• We'll likely see the Galaxy Tab S11 series and the Samsung Galaxy S25 FE
• Other leaks have given us a clear idea of what to expect from the Galaxy Tab S11 series

It’s a busy time for smartphone launches, because not only has the Google Pixel 10 series just launched, with the iPhone 17 series likely to land in a matter of weeks, but Samsung has also now announced a new launch event.

This will take place on September 4 at 5:30am ET / 2:30am PT / 10:30am BST / 7:30pm AEST, and it will be streamed live on Samsung’s YouTube channel.

So what can you expect? Well, Samsung hasn’t named any specific devices in its event invite, but it has said that we’ll see “premium AI tablets” and “the newest member of the Galaxy S25 family”, which almost certainly means the Samsung Galaxy Tab S11 series and the Samsung Galaxy S25 FE respectively.

Specs and images are already out in the wild

Thanks to leaks and rumors we also have a good idea of what to expect from these devices, and in fact there are some new leaks about the Galaxy Tab S11 series.

First up, leaker @MysteryLupin has shared a full specs list for the Samsung Galaxy Tab S11. This mentions an 11-inch 1,600 x 2,560 display with a 120Hz refresh rate, an included S Pen stylus, a MediaTek Dimensity 9400 Plus chipset, 12GB of RAM, 512GB of storage, a microSD card slot, an IP68 rating, and an 8,400mAh battery with 45W charging.

The list also mentions a 13MP rear camera, a 12MP front-facing one, four stereo speakers, a thickness of just 5.5mm, and a weight of 484g.

So the Samsung Galaxy Tab S11 sounds like an accomplished slate going by this specs list, and the Samsung Galaxy Tab S11 Ultra should be even better. For that, Android Headlines has shared some renders and videos, providing a good sense of what it might look like.

(Image credit: Android Headlines)

You can see the slate in gray and silver colors, and it’s shown with slim bezels and a small notch, with a dual-lens camera on the back. An S Pen stylus and a keyboard accessory are also pictured.

Some of these images also include specs, mentioning a 14.6-inch display, which based on previous leaks will probably have an 1,848 x 2,960 resolution. We’ve also heard in previous leaks that the Galaxy Tab S11 Ultra could have a MediaTek Dimensity 9400 Plus chipset, 16GB of RAM, a 12MP main camera, a 13MP ultra-wide one, and an 11,600mAh battery with 45W charging.

As for the Samsung Galaxy S25 FE, there’s no new information on that, but previous S25 FE leaks point to a 6.7-inch 120Hz screen, an Exynos 2400 chipset, 8GB of RAM, and 128GB or 256GB of storage.

They also mention 50MP, 12MP, and 8MP cameras on the back, a 12MP one on the front, a battery of either 4,500mAh or 4,900mAh, and 45W charging.

You might also like

• The Samsung Galaxy S26 Ultra could have major changes to its cameras and design, but one key spec might be lacking
• The Samsung Galaxy S26 Ultra could have a privacy-boosting AI trick built into its screen – here’s how it works
• Two key specs leak for the Galaxy S26 – and we may get a battery upgrade at last

Fortect may not be one of the biggest names when it comes to the best antivirus and security, but this German business demands attention thanks to an ethos that prizes transparency, trust and user empowerment.

They’re all good qualities when trying to identify your next piece of security software, and it means that we’re eager to evaluate the company’s specific antivirus credentials in this review.

If you need a free antivirus product, then Fortect does have one option available – but it’s very limited. You can view and fix issues one-by-one using a manual repair system, but automatic repairs are only supported in the paid versions of the product.

Fortect’s paid antivirus module is found within a wider product called PC Suite, which also includes a slate of PC tweaking, optimization and repair tools alongside security features.

Fortect’s most affordable paid product, Essential, protects one system for one year and includes all of the app’s core features for $38.

Upgrade to the multi-device plan for $47 and you get unlimited annual usage for three devices. The Ultimate product, which costs $65, includes licenses for five devices.

Those single-device and three-device plans are priced reasonably, but the Ultimate product feels a tad expensive: Norton 360 Deluxe supports five devices for $49, for instance, and you can get Sophos Home Premium protection for ten devices for $44.99.

(Image credit: Fortect)Fortect: Interface

Installation is easy and, once it’s complete, Fortect runs through a comprehensive system scan. Because this is a PC suite rather than just an antivirus scanner, its results outlined a host of issues, but Fortect was comprehensive when tackling security: it detected a vast array of potential privacy issues, for instance.

Get beyond that initial scan and Fortect has one of the best interfaces we’ve seen on a PC security and tweaking app.

It’s modern and mature, with navy blue shades throughout, and the dashboard has a huge “On” button that starts a full system scan.

The front page has indicators so you can see if malware and real-time protection are both activated, and on the left-hand side there are links to the app’s performance, security, privacy and VPN modules.

(Image credit: Fortect)

Delve into the Security section and you can deploy quick and custom scans and toggle malware and real-time protection, and drag and drop folders and files for custom scans.

In the Security settings menu you can enable real-time protection, cloud-based analysis and the browsing shield, which blocks harmful sites. You can also customize the frequency of security reports and tweak file quarantine settings.

The app’s Privacy module includes browser cache cleanup, and a unique tool that enables users to remove traces of Office apps from their system. You’re also invited to install an effective, free Chrome browser extension that monitors your browsing activity and highlights any issues.

(Image credit: Fortect)Fortect: Antivirus and Protection

Fortect’s Antivirus module delivers real-time malware and web browser protection, comprehensive scanning for malware and unwanted apps, and cloud-based technology that provides the app with updates of new and emerging threats.

The app automatically fixes and removes threats, repairs your system if it becomes unstable, and can be used to create system restore points. Malicious files, folders and apps can also be quarantined.

Fortect’s macOS version also includes real-time protection, cloud-based security, full system scanning, quarantine management and detailed security reports, and its Android and iOS apps include all of those abilities alongside network scanning, website blocking, data breaches alerts and a system advisor.

To access these features across multiple devices, you’ll have to pay for one of the pricier tiers that supports multi-device usage.

(Image credit: Fortect)

Most of the antivirus products we cover have been independently tested by AV-Comparatives and AV Test – or a reputable alternative like SE Labs.

Sadly, none of those organizations have evaluated Fortect, so we’re turning to Virus Bulletin and AppEsteem.

VirusBulletin is a global authority on the antivirus industry and has been testing consumer and enterprise security software for over two decades. VirusBulletin’s publications include reports by leading researchers and details about new threats, with archives going back to 1989.

VirusBulletin’s VB100 certification is awarded to apps that “meet the basic standards required to be recognized as legitimate and properly functioning anti-malware solutions.” Fortect has earned that certification with a Grade A result, with 99.19% of malware detected and only 0.007% false positives.

AppEsteem certifies apps using the Anti-Malware Testing Standards Organization’s protocols to provide consumers can see which apps offer effective antivirus performance without false positives and over-aggressive monetization tactics.

AppEsteem’s testing saw Fortect rated as a Contender, with an 88% rating for Deceptors and a 94% pass mark for certification. That’s not the best score and it means you’ll likely see some upselling attempts in this app – and we can vouch for that, given that upon installation we were presented with an offer to upgrade to a multi-device app.

Apps from Avast, AVG, Sophos and others provided a cleaner experience than Fortect, but tools from Malwarebytes, Bitdefender and Norton received poorer ratings – so Fortect is not the worst offender here, and you shouldn’t let the occasional special offer put you off.

(Image credit: Fortect)Fortect: Other features

As Fortect Antivirus is included in a wider PC Suite, that means you get a solid range of additional features in the app.

Fortect’s Performance Scan identifies junk files and crashed apps that can slow your PC down, and the app also has a Driver Updater that will make sure your system is always up to date.

Those PC performance features are not particularly extensive, though, and there are plenty of features missing elsewhere if you compare Fortect to apps like Norton 360 and Sophos Home Premium.

(Image credit: Fortect)

Norton, for instance, included an unlimited VPN, dark web monitoring, parental controls, a password manager and a private browser. Sophos had more in-depth web filtering. None of that is available with Fortect.

Support options are underwhelming, too. If you need help with Fortect, you can complete a web form and get a response within 48 hours – below the industry standard in 2025. Norton has live chat and phone support options and paid options for more extensive help, and Sophos has chat options.

It’s worth mentioning that Fortect is a slightly different product to those two rivals: it concentrates on PC optimization and security. But given the pricing parity between all of these tools, it makes Fortect’s value proposition look a little underwhelming.

Fortect: Final verdict

The antivirus testing that we’ve found indicates that Fortect does an excellent job of protecting devices from the latest threats.

That said, its lack of testing from our favored testing sites means that we’re reluctant to give a wholehearted recommendation when compared to tools that have scored well across a wider array of testing services.

There’s no doubt that this app is a slick, easy to use tool: it’s got an excellent interface with straightforward design and sensible organization. But that does mean that Fortect lacks the in-depth tweaking and customization options that are commonplace on tools that will appeal for a more technical audience.

Go beyond its core antivirus and PC performance functionality, though, and there’s not much on offer here compared to other tools – rivals routinely include VPNs, password managers, parental controls and more, alongside better support.

Fortect may do a good job with antivirus abilities, but rivals offer more functionality and customization. Fortect is not bad, but there are better options available.

We've listed the best firewall software.

Local authorities recovered additional firearms at three residences in the Minneapolis area that are linked to the shooter.

(Image credit: Abbie Parr)

As famine plagues Gaza, NPR exclusive reporting looks at the U.S.'s role in the humanitarian crisis. Many former officials NPR interviewed share a common refrain: Did we do enough to prevent this?

(Image credit: Khames Alrefi)

Critics say that "slop" videos made with generative AI are often repetitive or useless. But they get millions of views — and platforms are grappling with what to do about them.

(Image credit: @funntastic_AI/Youtube)

The Southern Nevada Water Authority has investigators who patrol Las Vegas neighborhoods in search of wasted water.

(Image credit: RJ Sangosti/MediaNews Group)

The NextGen Acela trains, as Amtrak calls them, are faster and lighter than the current fleet. They're scheduled to start revenue service along the Northeast Corridor on Thursday.

On Friday, the U.S. is ending its de minimis rule that made it easy for cheap goods to reach consumers. The change will affect roughly 4 million such packages processed each day.

(Image credit: Spencer Platt)

It's been 70 years since Emmett Till, a Black teenager visiting relatives in Mississippi, was killed by white men because he whistled at a white woman. Now the gun used in his death is in a museum.

(Image credit: Scott Olson)

In Mike Johnson's district, not only could thousands of Louisianians lose coverage, health centers are bracing for a financial hit. They're hoping for additional funding to make up for Medicaid cuts.

(Image credit: Kevin Dietsch)

If Zero Trust actually worked like the industry said it would, VPNs would’ve disappeared years ago. Instead, they’re booming. We’ve all heard the warnings, seen the vendor pitches, and read enough LinkedIn posts to fill several lifetimes: Zero trust is supposed to be here.

And yet, despite all that hype, the business VPN market isn’t just alive — it's thriving, projected to nearly double from $5.7 billion in 2024 to well over $10 billion by 2033.

The Comfort of the Familiar

I wrote my first VPN — Tunnel Vision — back in 1998, for the first customer of my first startup. Later we replaced it with an IPsec key manager. Then I wrote sshuttle, a sort of VPN built on top of SSH. At Google, I ended up writing a multicast VPN tool we called "frobnicast" (don’t ask). And finally, I co-founded yet another VPN company to try fixing this once and for all. That makes it five VPNs so far. As the meme goes, we have become exceedingly efficient at it.

Why do we keep writing new VPNs? Because the old ones suck. But honestly, it's not just VPNs that suck — it’s TCP/IP that sucks. If IPv4 had been encrypted by default and access-controlled from the beginning and didn't run out of IP addresses and IPv6 had successfully rolled out, we wouldn’t need VPNs. Every generation of these tools has been a workaround for something broken further down the stack.

Still, businesses don’t let go of familiar tools easily. I once wrote that “not changing stuff is amazingly powerful as a product strategy.” VPNs are dependable. Or at least, they’re the devil we know. They’re built into enterprise security bundles, they’re in the onboarding checklist, and they’ve been “good enough” for long enough that most teams have figured out how to live with them.

But when a tool sticks around long after its design goals are obsolete — like my old dialer program WvDial, still popular decades after modems became irrelevant — it’s worth asking why. In WvDial’s case, the answer was simple: everything else was worse. That story still applies to VPNs.

When Security Gets in the Way

According to recent research, this comfort comes at a cost. Over 83% of engineers admit to bypassing their company's security controls simply to get work done. Worse yet, 68% retain access to internal systems after leaving their employers, exposing critical gaps in the security lifecycle. Yet, despite these clear risks, only 10% of professionals feel their current VPN "works well."

So, VPNs linger not because they're ideal, but because migrating fully to zero trust isn’t trivial. It’s not a product you can buy; it’s a shift in how you think. Continuous verification, least privilege access, and identity-first networking sound simple until you try to retrofit them into a sprawling, 20-year-old IT architecture.

The VPN Misconception

There’s a common belief that VPNs are fundamentally insecure. They’re not. But the traditional enterprise VPN model, the one that drops you inside the perimeter and lets you wander freely, is dangerous. That’s like giving everyone a master key to your office building.

A better model grants access one step at a time, based on who you are, what you need right now, and where you’re coming from. Microsegmentation. It’s not about banning tunnels — it’s about more, smaller tunnels, each with its own control valve.

Where Zero Trust Really Begins

The most secure approach is one where identity management is everything. Not where you are, not what subnet you’re on, not whether you’re in the office. Identity. Strong authentication, hardware-backed keys, just-in-time access.

But identity isn’t easy. Our survey found only 29% of organizations have adopted identity-based access control at scale. Even fewer use automation. Many still rely on spreadsheets and service account credentials that outlive the employees who set them up.

So security becomes a tax. It slows people down. And when security gets in the way, people route around it. That’s why VPN fatigue is real — and growing.

Yet, there's hope. Nearly half of surveyed companies are consolidating fragmented tools, embracing automation, and experimenting with adaptive policies. But more interestingly, they're starting to rethink their whole approach.

Security and engineering teams are collaborating instead of clashing. They're designing systems that work with people, not against them. AI tools are emerging — not to replace humans, but to help notice the things humans miss: a sudden pattern change, a weird login time, an unexpected access request.

More companies are adopting modular, policy-driven systems. Instead of writing 50 firewall rules, they define intent: "this kind of app talks to that kind, under these conditions." That’s not Zero Trust as a checklist — it’s Zero Trust as infrastructure.

A Pragmatic Path Forward

Zero trust isn’t a product you install. It’s a direction you walk in.

Start by reducing implicit trust — wherever you find it. Use strong identity through encryption, not IP addresses. Make credentials short-lived. Assume the worst. Break your network into zones. Shrink the blast radius.

But do it gradually. Nobody rips out all their networking in a day. Choose one high-value system and zero-trustify it. Learn. Repeat.

VPNs will stick around a while, not because they’re good, but because everything else is hard or immature. But as we’ve seen with tools like WvDial, still in use long after its time, familiarity isn’t the same as fitness. The future belongs to systems that embrace the complexity of real-world access — and make it feel simple.

I don't want to write VPNs, I don't want to deploy VPNs, I just want to solve real problems. But we can't solve the real problems without a working network. So here I am with a $1.5B company still selling VPNs. Sure it's maybe the best VPN. But it looks like I'll be continuing to do it for years, so that other people can finally solve real problems.

And if we finally get it right this time, maybe we can stop reinventing the same broken tunnel — one VPN at a time.

We've listed the best VPN deals.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Three in five firms would pick UK over Europe, APAC and US for tech investments, Barclays report finds
• Tech companies saw cash flows and savings rise, overdrafts reduce
• Further government support is needed for long-term support

New research from Barclays has claimed tech firms are increasingly seeing the UK as an attractive place to invest, with 62% of tech leaders favoring the UK over Europe and nearly as many favoring the UK over APAC (61%) and the US (60%).

A strong customer base, skilled workers with a diverse talent pool and fast consumer adoption of tech were cited as key influencers behind the UK’s potential success.

Three in four also noted the UK’s economic climate supports growth (76%) and that its political landscape will help over the next three years (75%).

Tech firms are investing in the UK

Half of the 500 UK-based technology leaders surveyed said they now plan to increase AI investments by 20% over the next 12 months with almost all of them (95%) reporting increasing client demand for AI products and services.

Thanks to the healthy landscape in the UK, 70% of the tech firms surveyed plan to increase capex by an average of 8.9% this year.

Separate Barclays data found that tech business cash flows rose by 1.7% between Q1 2024 and Q1 2025, and the tech sector had the higher increase in savings account balances, up 21.5%. Overdraft usage also fell 26.2% despite borrowing remaining relatively flat, suggesting increased financial health.

“There’s a clear sense that the UK is holding its own on the global tech stage, with founders and leaders increasingly seeing the UK as one of the best places in the world to grow and scale,” Head of Technology, Media & Telecoms & Innovation Banking Helena Sans commented.

Looking ahead, 72% agree that government backing is essential to long-term growth. This includes specialized funding programs (44%), support to attract international investors (37%), enhanced tax incentives for equity investments (36%) and startup and SME grants (36%).

You might also like

• We’ve listed the best AI tools and best AI writers
• The best online collaboration tools can help make you more efficient
• UK firms are investing heavily in new tech - but will it make any difference?

We spoke with experts to determine the best healthy foods for cooking in your air fryer. They're also quick and easy to prep.

From the war in Ukraine, to the Middle East, and escalating tensions in the South China Sea, the threat of conflict is forcing governments and businesses to confront an uncomfortable truth that digital systems are not immune to geopolitical pressure.

At London Tech Week recently UK Prime Minister Keir Starmer said that the way that war is being fought “has changed profoundly,” adding that technology and AI are now “hard wired” into national defense. It was a stark reminder that IT infrastructure management must now be viewed through a security lens and that businesses need to re-evaluate data management technologies and practices to ensure they are not left out in the cold.

Easier said than done. According to recent research from Civo, 83% of UK IT leaders say geopolitics threatens their ability to control data and 61% view sovereignty as a strategic priority, yet only 35% know exactly where their data resides. That’s not just a compliance gap. It’s a sign that infrastructure, policy and strategy are still out of sync.

Data sovereignty used to be a conversation for the policy teams and legal departments. Not anymore. Regulatory fragmentation, rising cyber risk, and increasingly complex data ecosystems are forcing organizations to treat sovereignty as a live operational concern. Whether it’s knowing who can access your AI training data or ensuring a healthcare provider meets national residency requirements, data sovereignty now defines what businesses can and cannot do.

The EU Data Act, the UK's evolving position (the UK is no longer bound by the EU Data Act but it remains closely aligned in practice to preserve data adequacy and ensure the continued free flow of data with the EU), and the increasing stringency of critical infrastructure policies, are starting to shape what enterprise resilience should look like.

As Lord Ricketts noted in the House of Lords in October last year, “the safe and effective exchange of data underpins our trade and economic links with the EU and co-operation between our law-enforcement bodies.” That trust depends on demonstrating a clear and enforceable approach to data control.

For many, public cloud services have created a false sense of flexibility. Moving fast is not the same as moving safely. Data localization, jurisdictional control, and security policy alignment are now critical to long-term strategy, not barriers to short-term scale. So where does that leave enterprise IT? Essentially, it leaves us with a choice - design for agility with control, or face disruption when the rules change.

Modern infrastructure needs to be sovereignty-aware

Sovereignty-aware infrastructure isn’t about isolation. It’s about knowing where your data is, who can access it, how it moves, and what policies govern it at each stage. That means visibility, auditability, and the ability to adjust without rebuilding every time a new compliance rule appears.

A hybrid multicloud approach gives organizations the flexibility while keeping data governance central. It’s not about locking into one cloud provider or building everything on-prem. It’s about policy-driven control across environments, managing workloads through the context of data.

For example, a financial services firm may need to keep customer transaction data within UK borders, but still wants to run analytics in the cloud. With the right architecture, workloads can move, but sensitive data stays governed. That’s sovereignty in practice, not theory.

Of course, generative AI introduces a new layer of complexity. Training models on private data, deploying inference at the edge, or simply sharing prompts between locations adds pressure to already stretched governance models.

And while many organizations have rushed to build or adopt AI tools, few have aligned these efforts with data residency or compliance. Sovereignty isn’t just about storage anymore. It’s about compute, access patterns, and understanding how third-party models interact with your data.

Building with sovereignty in mind

Edge and sovereign cloud capabilities will be essential here. But they only work if infrastructure teams are given the mandate and support to build with sovereignty in mind. That means cross-functional collaboration between legal, compliance, and IT. It also means choosing platforms that support location-aware deployment and policy enforcement from day one.

According to Nutanix’s recent public sector sovereignty research, 94% of public sector organizations are already using GenAI tools, yet 92% say they could do more to secure those workloads, and 81% say their infrastructure needs improvement to support sovereignty requirements. That says everything you need to know about the challenges facing both public and private organizations. Complexity has clouded judgement and capability.

And yes, customers want to know where their data is, of course they do. Partners also want to understand how it’s being used. With regulators increasingly expecting transparency, not just tick-box compliance, sovereignty, in this context, becomes a proxy for trust.

This is particularly important in sectors like healthcare, education, and government. But it’s not limited to them. Any business operating in or across regulated markets needs to demonstrate control. Not because it’s a checkbox, but because it’s now fundamental to continuity and reputation.

So where do you go from here?

First, get clear on where your data is and what laws apply. That’s not always simple. Next, review your infrastructure to see if it can support location-aware controls, hybrid deployment, and detailed auditing.

Then, consider where GenAI and future workloads are headed. Are you prepared to scale them without breaching sovereignty requirements? Can your teams adapt quickly as policies change?

Finally, treat sovereignty not as a constraint, but as a core part of your design strategy. The organizations that do this well won’t just be compliant, they’ll be more resilient, more transparent, and better prepared for what comes next.

Because in a world where data moves faster than policy, the ability to stay in control isn’t just good governance, it’s good business. And when geopolitics forces the issue, it might just be the nudge needed to get sovereignty right.

We list the best data migration tools to help manage your files.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

A mass Russian drone and missile attack on Ukraine's capital, including a rare strike in the center of the city, early Thursday killed at least 10 people and wounded 48.

(Image credit: Efrem Lukatsky)

Picture the scene. The head of IT security at a major business has just managed their team through several weeks of grueling work in containment and recovery after the latest ransomware attack. Their critical systems are back online, but after constant crunch time and sleepless nights, the team is visibly fraying; morale is low, anxiety is high, and there is more than one empty desk where senior personnel have taken extended sick leave.

This kind of scenario rarely gets attention in the press, where the focus of cyberattacks is on profit and loss, the impact on customers and the bottom line. But serious attacks take their toll on security teams too, and the aftermath can persist for months, leaving the organization even more vulnerable to future threats.

True cyber resilience, then, cannot be measured solely by systems restored or data decrypted - it must also factor in the people whose well-being determines not just how swiftly an organization recovers but whether it can withstand the next digital onslaught.

The hidden internal impact of an attack

The impact of an attack is typically weighed by system downtime, lost business, and potential reputational, legal and regulatory damage. Successful cyber strategies are measured in terms of key metrics like mean time to detect and respond to incidents.

But when the smoke clears and systems are back online, the human cost to personnel dealing with the attack is rarely tallied in stakeholder reports.

A landmark RUSI and University of Kent study found that cybersecurity personnel frequently experience PTSD-like symptoms, from panic attacks to insomnia, long after a crisis has been resolved.

This results in a second wave of disruption as sick leave and diminished morale ripples through the department and goes on to impact the rest of the company. Burnt-out IT and security teams will struggle to keep up the company’s baseline security, further increasing its risk exposure.

One major financial services firm in the University of Kent’s study reflected that placing its exhausted engineers on gardening leave immediately after a ransomware crisis could have averted “months and months” of subsequent sickness absence and spared the organization the hidden costs of burnout.

In short, serious attacks like ransomware don’t just hold data hostage; they also trap people in a cycle of exhaustion and fear. If organizations treat staff wellbeing as an afterthought rather than a key element in the front-line defense, they risk allowing human capital to become the weakest link in their cyber-resilience strategy.

The growing cyber leadership crisis

While the personnel on the frontline of incident response and containment are suffering from stress and overwork, things are often even worse higher up the chain. CISOs and other senior security leaders are usually held ultimately accountable for any failure to prevent or contain a breach, and it’s a responsibility that weighs heavily.

Leaders may be held personally responsible for crises they may lack the budget, headcount or organizational clout to address. Adding to the strain, success in this field frequently remains invisible: a CISO and their team may stop hundreds of daily attack attempts without fanfare, yet a single breach can spell career-ending catastrophe.

Putting in extra hours to stay on top of this workload is standard practice and our research found that 98% of security leaders admit to routinely logging an extra nine hours a week on top of contracted time as they attempt to keep ahead, with 15% pushing beyond sixteen hours overtime.

Soberingly, over half of the respondents said they are actively exploring new roles. This would be a troubling statistic for any industry, but it’s especially damaging in the cybersecurity field grappling with a long-term skills drought. When an IT security leader leaves, they take years of hard-won experience and knowledge with them, leaving the company’s security on less stable footing.

Organizations must protect their security talent

If the individuals responsible for your defenses are exhausted, no firewall can effectively prevent the relentless tide of burnout. Enterprises must integrate human resilience into their incident-response framework, a process that commences well before an alert is triggered.

However, it need not be a resource-heavy exercise for the organization. For example, our research found that 65% of organizations already offer flexible hours and 62% enable hybrid or remote working as standard. Simple measures like this grant staff a sense of control and space to recharge.

On a larger scale, enterprises need to ensure they have a framework in place to protect security personnel, especially leadership roles where the heaviest burden falls. CISOs need to feel empowered on a strategic level with the tools and influence to properly protect the company, not left struggling to make do.

When an incident does occur, the aftermath and recovery phase should focus on forward-looking conversations about what happened and what can be improved for next time. This support is even more important as we see a growing trend towards personal accountability and legal liability when procedures for reporting are not followed.

Removing the stigma of security stress

Alongside specific security processes, there’s a strong psychological element here too. The high-stress nature of cybersecurity should be openly acknowledged and accommodated, not treated as a burden that CISOs should conceal. Conversations around mental health should be normalized, and companies should consider wellbeing checks to spot early warning signs of burn out.

Communication is a key part of this. During an incident, the security team should feel connected to the company they are protecting, not in isolation, and should have a reporting process for feeding back on challenges and concerns if they need additional support.

When an attack has been resolved, a team wellbeing check should be a standard part of the post-incident process. Not every team member will have the same resilience in the face of a stressful crisis, and not every incident will hit the same. Businesses must be aware of who is struggling and provide support to them as needed.

Resilience beyond recovery

Ransomware may be a security issue, but its true impact plays out in human terms: sleepless nights, frayed nerves, and the talent exodus that follows unaddressed burnout.

By incorporating people-first measures into your cyber-resilience strategy, you can ensure that your organization won’t be weakened from within after a breach. The true test of resilience shouldn’t be solely about restoring systems quickly; it should also assess how effectively you protect and preserve the individuals who defend them.

We list the best firewall for small business.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

As you can probably tell from my star rating, I'm completely split on My Life with the Walter Boys season 2. I've been around the block with this type of cozy TV show before – I'm a self-proclaimed Virgin River expert, Emily in Paris is my guilty pleasure, and I've even been sucked into watching Prime Video's The Summer I Turned Pretty season 3 this year. But if I think about these type of cozy dramas in a broader capacity, My Life with the Walter Boys season 2 would be flour if it was a spice.

Let me explain. Our core concept is a very simple one: privileged New York teen Jackie Howard (Nikki Rodriguez) moves to a ranch in rural Colorado to live with her mother's best friend, Katherine Walter (Sarah Rafferty), and her large family after a family tragedy. Based on the book series of the same name, we then follow the ups and downs of Jackie's new life as she settles in, dissecting all the complicated relationships forged along the way. It should be a recipe for Netflix success, but there's something missing here.

The Rotten Tomatoes score for My Life with the Walter Boys season 1 should give you an idea about its existing division. Critics like myself have absolutely slammed it, while 'normies' (that's a compliment, I promise) largely enjoy it, even though the fan score is still lower than rival shows. Why? I think the answer is because its quality across the board isn't up to muster, and that's also the case in season 2.

My Life with the Walter Boys season 2 does the job, but that's not exactly positive

I don't wish to be a massive negative Nelly here. I completely believe TV shows like My Life with the Walter Boys season 2 serve a purpose, and their easy-going spirit and ethos is exactly what we need to tune out an increasingly difficult world. I typically use my mum as a gauge for the genre – if she watches a show without ironing at the same time, binges more than 2 episodes in one go and remembers its name, the show is a hit with its core demographic. Season 2 ticked all of these boxes, and she's already foaming at the mouth (metaphorically, sorry mum) for the green lit season 3.

In short, this means the people actively seeking out the mess that comes with trashy teen romance are getting exactly what they signed up for. But if you don't fit the bill, or you've had enough of the Netflix series hitting the same beats over and over again, season 2 doesn't do much to win you around. Jackie has inevitably arrived back in Colorado after returning to New York at the end of season 1, and her relationship issues have picked up right there they left off.

It goes without saying that romance and family remain at the core of My Life with the Walter Boys season 2, but this time, Jackie is almost acting like Belly (Lola Tung) in The Summer I Turned Pretty. Given how chaotic season 3 of the Prime Video show is going, that's a huge insult. The parallels between the two shows are now closer than ever (you can see this from the trailer above), but rest assured that Jackie isn't quite as bad... yet.

A knock-off The Summer I Turned Pretty isn't what we need this month

Jackie Howard (Nikki Rodriguez) in My Life with the Walter Boys. (Image credit: Netflix)

Now we've got my main grievances out of the way, let's dig a little deeper into the show's craft. Compared to rival shows, My Life with the Walter Boys season 2 looks slightly cheaper, which is probably a major part of why season 3 was renewed so early on. That wouldn't be an issue if the performances and execution of the storylines weren't so poorly done, at points feeling more like a high schooler's documentary film than a production on one of the best streaming services in the world.

We feel like we're going around in circles when it comes to Jackie's relationship with Alex (Ashby Gentry) and Cole (Noah LaLonde), with Danny (Connor Stanhope) and Erin's (Alisha Newton) only make our heads spin even further. We've even got a separate triangle going thanks to Zach (Carson MacCormac), Skylar (Jaylan Evans) and Nathan (Corey Fogelmanis), and that's all before we even get to George's (Marc Blucas) future plans for the ranch.

It does feel as though you need to study up before diving into season 2, and it can feel mind-boggling to keep up with all the changes, which simultaneously move incredibly slowly and like time is flashing past you at the speed of light. But by the time we get to the final few episodes, you know exactly what's going to happen. Without giving it away, My Life with the Walter Boys season 2 ends on a cataclysmic cliffhanger, but I could tell exactly what was going to happen about two episodes earlier. Still, it's a major shock to see it unfold, and will hopefully shift season 3 in a better direction. I'm sorry, Melanie Halsall, but a better direction is something that My Life with the Walter Boys sorely needs.

You might also like

• Netflix cancels what could’ve been the next Virgin River even though the series had more views than Ransom Canyon
• 3 Body Problem season 2 is underway as star reveals first days of filming: ‘The stuff they've got planned out is pretty epic’
• Netflix’s new streaming recommendation tool is about to make my astrology-obsessed friends unbearable

For many years, application security (AppSec) occupied a small technical niche within cybersecurity and was rarely seen as a critical boardroom-level priority. Today, though, we can see awareness shifting.

In recent research conducted by Checkmarx, nearly half of CISOs said they believe buyers now factor AppSec into purchasing decisions, showing its increased strategic weight in business operations.

Yet there’s still a stark disconnect between how AppSec is seen and how it’s put into practice. Just 39% of respondents felt that their business operations currently run on secured applications.

With AppSec now recognized as critical to business resilience, it often falls short in execution. To close the implementation gap, CISOs must lead a charge in rethinking governance, culture, and scale.

AppSec ownership is shifting but visibility is suffering

As software development cycles accelerate and architectures grow more complex, security responsibilities are moving closer to the code, and in nearly half of software-based companies, security oversight has moved outside the CISO’s office.

Instead, our research found that development or product teams are now just as likely to own AppSec decisions. This shift makes operational sense: embedding security earlier in the SDLC enables scalable protection without sacrificing delivery speed, but it can introduce visibility gaps across teams and pipelines.

Decentralizing AppSec typically introduces fragmentation. On average, organizations juggle more than 11 security tools, many of which are not integrated into a coherent workflow. Without central oversight, CISOs risk losing track of how security is being applied - or where it’s falling short. Inconsistent practices, “shadow security” workarounds, and gaps in coverage become more likely when security policies aren't uniformly applied.

This shift also alters the flow of influence within the company. Developers increasingly have veto power over tools that interrupt their workflows, which means security can take a back seat if the two teams aren’t able to collaborate effectively.

If AppSec is to scale effectively, governance must evolve along with it. That means enabling secure practices without enforcing bottlenecks and without losing visibility in the process. CISOs have a critical role to play here, ensuring that security is implemented smoothly as a set of guardrails rather than roadblocks.

DevSecOps maturity remains low

Despite the push for “shift left” practices and the proliferation of AppSec tools, most organizations lack maturity in their security integration. Of the CISOs in our research just 20% reported “high” or “very high” DevSecOps maturity. Meanwhile, 70% said that at least half of their applications still lack adequate security coverage. This is an alarmingly high figure when considering how important applications have become to most operations.

Part of the problem is that early-stage security integration doesn’t extend far enough. Many teams focus on scanning during development but neglect the runtime and deployment phases where vulnerabilities can still emerge. Others adopt tools without embedding them into daily workflows, leading to alert fatigue or missed risks.

A lack of training also compounds the issue. Developers are not typically trained in security practices and often lack the context or time to triage and fix security findings. This is made even more challenging when results are delivered through disconnected tools or outside their environment. The result is a culture of firefighting, responding to issues late in the lifecycle instead of designing resilient code from the start.

To close the maturity gap, organizations must adopt a layered approach: automated scanning at every stage, context-aware training, and close collaboration between platform engineering and AppSec teams. Maturity isn’t an issue of coverage, it’s about consistency, scalability, and trust between disciplines.

What CISOs must prioritize in 2025

CISOs are best placed to close the gap between strategy and execution in AppSec. Achieving this requires a new strategy built around four key factors: governance, collaboration, alignment and scalability.

Setting down governance

CISOs can no longer manage AppSec through centralized control alone. Instead, they must define a clear governance model for their teams, setting policies, KPIs and risk thresholds that can be embedded into automated workflows.

That means guiding platform teams to select tools that enforce policies programmatically, reducing the need for manual intervention. Security should be part of the pipeline, not a separate gate at the end of it.

Fostering collaboration

With ownership moving closer to developers, CISOs need to use their influence to establish a strong collaborative culture that works for everyone. Start by aligning KPIs across security and development teams to avoid competing incentives.

Then invest in enablement: training tailored to different skill levels, just-in-time guidance, and workflows that stay inside the IDE. Security champions and mentor programs can speed up cultural change, embedding expertise where it matters most.

AppSec risk is business risk

We consistently find that too few CISOs are translating AppSec risks into business terms. While 62% report metrics to the board, only 25% frame those risks in terms of business impact, such as reputational damage, regulatory exposure or lost revenue.

Without this alignment, security will remain a siloed concern until it’s too late and a breach occurs. CISOs must strengthen the AppSec link to wider business goals, reinforcing its role in customer trust, product resilience and competitive differentiation.

Driving scalability with the right technology

Fragmented tooling is one of the biggest barriers to effective AppSec. Consolidating around a platform approach that spans legacy and modern environments enables consistency, reduces noise and enhances developer productivity.

Scalable models should use automation where possible, with human input where needed. That’s how you keep pipelines moving fast - without losing control or visibility over security.

Taking AppSec from bottleneck to enabler

AppSec’s evolution from technical concern to business priority is undeniable, but implementation still lags. As ownership shifts to development teams, the role of the CISO must also evolve to keep security front and centre.

The challenge is no longer about control, but coordination. Governance, culture and technology must all align to embed security where it counts without creating friction. CISOs who lead with vision, build developer trust and champion scalable solutions can transform AppSec from a potential bottleneck into a force multiplier for resilience, speed and long-term business value.

We feature the best DevOps tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Let’s be clear: the UK is no longer preparing for hybrid threats; we’re already living through them. What happened at RAF Brize Norton wasn’t just a protest gone too far. It was an act of sabotage against operational military aircraft, carried out using scooters, paint, and basic hand tools.

The fact that it succeeded tells us everything we need to know about the state of our national security posture: fragmented, reactive, and dangerously misaligned with the threat landscape.

If we neglect the physical layer, we risk undermining all the effort, investment, and capability built into our digital resilience. Security must be holistic—from the perimeter fence to the network firewall, from the patrol route to the SOC dashboard.

And right now? That cohesion simply doesn’t exist.

Hybrid Threats Are No Longer Theoretical

Driven by geopolitical instability and evolving warfare tactics, hybrid threats, where physical and cyber attacks are combined, are becoming the norm.

Across the Middle East and Eastern Europe, digitally coordinated sabotage operations (like drone strikes on critical infrastructure) have exposed the weaknesses in siloed defenses. These aren’t one-off incidents; they’re deliberate, repeatable attack models.

And the UK is not immune. Intelligence sources point to repeated probing of our critical infrastructure, with Russia frequently suspected. Whether it's energy, transport, or defense, our infrastructure is now part of the battlefield.

Why Security Must Be Holistic

Securing critical infrastructure isn’t just a technical challenge, it’s a leadership one.

You wouldn’t install a high-end alarm system at home and then leave the front door wide open. But that’s exactly what many organizations are doing: investing millions in cybersecurity while physical security is neglected or under-tested.

Across defense, utilities, transport hubs, and data centers, the weakest links are often the most mundane: an unchecked fence, a blind CCTV angle, an unmanned gate. These gaps may seem small until they’re exploited.

The reality is stark: we are now in the grey zone, where adversaries operate below the threshold of open conflict, using disruption, ambiguity, and deniability to advance strategic goals.

Brize Norton: Exposing Systematic Failures

The breach at RAF Brize Norton was not complex or sophisticated; it succeeded because no one expected it.

Two individuals, using basic tools and repurposed fire extinguishers, accessed an active runway, disabled aircraft engines with paint, and left undetected. These aircraft support critical UK combat operations, including missions in Ukraine.

This wasn’t symbolic; it had real tactical impact. And it exposed systemic failures, not just in physical security, but in how cyber and physical defenses fail to align.

This is exactly what modern adversaries exploit: seams, blind spots, and bureaucratic silos.

Heathrow: Civil Infrastructure, Same Problem

Just weeks earlier, a fire at a 1960s-era substation shut down Heathrow, cancelling over 1,300 flights and stranding 300,000 passengers.

The cause remains under investigation, but the implications are clear: fragile systems, single points of failure, and national disruption caused by one overlooked asset.

Whether accidental or deliberate, this is the playbook for hybrid adversaries: exploit basic vulnerabilities to cause disproportionate impact.

Commercial Organizations Are Not Exempt

It’s a dangerous fallacy to assume that only critical national infrastructure is being targeted. Commercial organizations—from logistics and manufacturing firms to data centers, retail giants, and tech companies—are increasingly in the firing line. The same hybrid tactics being used against government and military targets are being adapted and deployed against the private sector, often with devastating results.

Why? Because attackers don’t care about sector boundaries. They care about impact, access, and leverage. A warehouse fire, a compromised fulfilment center, or a disabled payment gateway network can ripple into national disruption. These aren’t just economic losses; they’re strategic vulnerabilities.

Commercial supply chains are deeply intertwined with national resilience. A major cyber-physical incident at a privately owned port, a cloud provider, or a high-throughput distribution hub could disrupt the economy, erode public trust, or even compromise defense readiness.

Yet too many businesses still view security as a compliance checkbox rather than a strategic function. The result is a security architecture that assumes peace while operating in a contested domain.

To ignore this is to misread the modern threat landscape. Commercial entities must be just as prepared, because when disruption is the goal, anyone with critical throughput becomes a target.

What the UK Is Failing to Grasp

The critical misunderstanding across much of UK security leadership is this: these threats don’t operate in silos. So why do we defend them as if they do?

Many boards still treat cyber and physical security as entirely separate disciplines, with different teams, budgets, and reporting lines. That’s not resilience. That’s friction. And attackers thrive in that friction.

Here’s what’s driving the risk:

Fragmented defenses: Physical security teams don’t have visibility into digital threats, and vice versa.

Poor system segmentation: A cyber breach often leads straight to operational control. A physical breach often exposes the network.

Leadership indecision: Waiting for a regulation to act is like waiting for a break-in to install locks.

What Must Change Now

We don’t need more strategy documents. We need decisive, integrated action. Here’s where to start:

1.Unify Security Governance

Cyber and physical security must be led from a unified framework. Shared threat models. Shared reporting. Unified response protocols.

2.Design for Containment, Not Just Prevention

Breaches will happen. What matters is whether they cascade. Resilience requires segmentation, isolated backups, manual overrides, and tested recovery drills.

3.Treat OT as a Primary Attack Surface

Operational Technology (OT) and Industrial Control Systems (ICS) can no longer be afterthoughts. They must be logged, monitored, and secured like your most sensitive data environments.

4.Train for Real-World, Blended Threats

Exercises must mirror reality: power loss during a cyberattack, disinformation campaigns during a physical breach. Complexity is the new normal. Ensure your teams are ready.

5.Conduct Regular Physical Penetration Testing

Just as networks are stress-tested through red teaming, physical sites must be tested through controlled breaches.

These exercises reveal blind spots in perimeter security, access control, and response protocols, and turn “security theatre” into actual resilience.

6.Act Without Waiting for Mandates

If Brize Norton didn’t drive change, what will? The next incident may come at a greater cost. Waiting for regulatory change is a dereliction of leadership.

Hybrid threats are real. The UK is already a target. Our critical infrastructure, both military and civilian, as well as commercial, is being tested.

Brize Norton and Heathrow are not anomalies. They are indicators of systemic failure: a lack of joined-up thinking, a failure to treat physical and cyber risk as inseparable.

If we don’t act now and build holistic defenses from the fence to the firewall, we are set to learn the next lesson at a much higher cost.

The best internet security suites and the best antivirus software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Denmark's foreign minister summoned the top U.S. diplomat in the country for talks after the main national broadcaster reported that at least three people with connections to President Donald Trump have been carrying out covert influence operations in Greenland.

(Image credit: Kwiyeon Ha)