Feed aggregator

In its Threat Intelligence report, Anthropic lists a highly scalable form of extortion scheme as one of the top emerging AI security threats.

• Cybernews found "severe misconfigurations" in Tencent Cloud sites
• Tencent Cloud seemed to have been leaking files for several months
• The leak has now been plugged, but users should still be cautious

Tencent Cloud, one of Asia’s largest cloud providers, was apparently leaking login credentials and internal source code, putting countless customers at risk of data breaches, theft, impersonation, and more, experts have warned.

Security researchers at Cybernews found, “severe misconfigurations affecting two Tencent sites” which exposed environment files containing hardcoded credentials (including login information that granted access to Tencent’s internal admin console), and a .git directory storing the entire history of a software project (including sensitive source code and configuration details.

Cybernews found the leak in late July 2025 while scanning the internet for misconfigured systems, and following an investigation, believes the files were publicly accessible for months, starting at least from April 2025, warning they could have been used for all sorts of malicious activity.

Staging and production

“If found by a malicious actor, these credentials could allow full access to backend infrastructure or internal services within Tencent Cloud,” the researchers said.

Cybernews believes the exposed data was used for staging and production environments, meaning both might have been impacted. To make matters worse, the exposed passwords were also weak, and vulnerable to dictionary attacks. Many contained company names, years, and a few symbols, making them relatively large to break with a little automation.

Cybernews says it reached out to Tencent Cloud with their findings, and was told this was a previously known issue - someone already reported it. The company plugged the hole, which the researchers lauded, but warned that it might have been too late:

“The prolonged exposure raises alarming questions about how many scraping bots have already accessed this data and whether it has already been used for malicious purposes,” they said.

With access to these files and directories, a threat actor could gain full admin access to production systems, tamper with API services, pivot further into Tencent’s internal cloud infrastructure, and more.

You might also like

• Chinese organizations are being hit by Cobalt Strike malware from within China
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• Dropbox is joining the list of companies shutting down password managers
• The mobile app will soon be shut down, with the browser extension following
• Users are recommended to move to another credential manager

Dropbox will begin shutting down its password manager service this week as part of a phased discontinuation of the feature.

While the shutdown isn’t immediate, there are several steps you need to take to be able to transfer your existing credentials to another password manager.

And if you don’t act now - you could lose all of your stored passwords.

Dropbox password manager shutdown

On August 28, 2025, the autofill function will be disabled and you won’t be able to add any new credentials to your storage. You also won’t be able to edit your stored credentials, but you will still be able to access them for export.

You should probably export your stored passwords sooner rather than later though, as on September 11 the mobile app will be shut down and you won’t be able to access your stored passwords through a mobile device. If you haven’t exported your passwords by then, you will still be able to access your password vault through the browser extension.

If you don’t take any action by October 28, then you won’t be able to export any of your stored passwords as Dropbox will be shutting down the browser extension, and deleting all accounts and passwords. This timeline also applies to business users, but each individual employee will need to export their stored passwords before October 28.

There are numerous other options for credential storage, both the best password managers and the best business password managers have numerous options for all budgets and use cases.

If you find a new solution and want to export your passwords across to a different solution, Dropbox recommends taking the following steps:

Browser extension:

1. Open the Dropbox Passwords browser extension.
2. Click your avatar (profile picture or initials) in the bottom-left corner.
3. Click “Preferences.”
4. Click the “Account” tab.
5. Click “Export.”
6. Click “Export” to confirm.

Mobile app:

1. Open the Dropbox Passwords mobile app.
2. Tap “Settings.”
3. Tap “Export.”
4. Tap “Export” to confirm.

Numerous companies have begun removing credential storage functionality from their services, from Dropbox, to Microsoft Authenticator, and even Deutsche Bank.

“This development, while challenging for affected individuals, highlights an increasingly crucial aspect of personal and organizational cybersecurity: the need for robust, reliable, and dedicated solutions,” says Karolis Arbaciauskas, head of business product at NordPass.

“In other words, relying on integrated features within a broader service, which might be subject to strategic shifts, can expose users to unexpected vulnerabilities,” he continues.

“But in the long run, this shift can be beneficial. Users will likely move from integrated solutions to dedicated cybersecurity tools. Meanwhile, Dropbox, Deutsche Bank and other non-cybersecurity companies will be able to focus on their core products. Keeping services, such as password vaults secure and up to date is costly and requires constant attention.”

You might also like

• These are the best password managers for families
• Microsoft Authenticator is deleting your passwords today
• Take a look at our roundup of the best cloud storage

The next Resident Evil game is meant to draw in new players, but don't get too caught up in the first-person versus third-person debate.

The upcoming game's producer discusses returning to what sets the next Onimusha apart, following a two-decade gap between games.

It's no doubt one of the best cameras you can buy -- if you can afford it.

• Microsoft is improving sound quality for Bluetooth headphones
• This will allow for high-quality audio in Windows 11 while using a mic, benefiting gamers who often use in-game chat with a headset
• The PC and headphones will need to support Bluetooth LE Audio, though, and be running the latest version of Windows 11

Microsoft has announced that it's giving a major boost to the sound quality of Bluetooth headphones in Windows 11.

As Microsoft explains in a blog post (highlighted by Neowin), it's replacing the current way of facilitating wireless headphones, Bluetooth Classic Audio, with Bluetooth LE Audio in Windows 11. (The notable caveat being that you'll need hardware that supports the latter - and I'll come back to that).

Bluetooth Classic Audio is a rather clunky beast in that it has two modes of operation, neither of which offers a full solution for sound and the mic. With the Advanced Audio Distribution Profile (A2DP), you get full-quality audio, but there's no ability to use a microphone, which could be an issue if, say, you're gaming and want to use the headset's mic for in-game chat.

The alternative Hands-Free Profile (HFP) gives you support for the mic, but at a cost, namely lower audio quality. In fact, you don't get stereo with HFP, just mono audio played back in both ears. That has serious limitations in terms of not just poor sound quality - Microsoft compares it to listening to AM radio, versus CD quality with A2DP - but there's a lack of spatial effects too (which require stereo for their virtual positioning).

Bluetooth LE Audio solves these issues in one fell swoop, offering the same CD-quality audio as A2DP, but also allowing for the use of the mic at the same time. Indeed, this new way of working in Windows 11 offers 'super wideband' audio with a 32kHz sample rate, meaning even better voice quality.

(Image credit: gettyimages/luza studios)Analysis: it's about time, frankly

This is a welcome boost on the audio front, although in reality, it's more about making Bluetooth work properly - as it should - rather than a big step forward for Windows 11. Not having stereo playback if you want to use the mic is a huge downer, but sadly, this is the case for most people on Windows 11 right now.

What do you need to benefit from this new tech, then?

As already mentioned, your wireless headphones must support Bluetooth LE Audio, and your Windows 11 PC will also need to support LE Audio, too. Note that it's not enough for your PC to support Bluetooth LE, but specifically, you'll need LE Audio. Microsoft explains how to check if your Windows 11 device has this feature in a support document here.

If you have LE Audio - supported by your headphones, as well as a PC - you'll also have to be running Windows 11 24H2 updated to the latest version (the August update).

On top of this, you'll need a Bluetooth audio driver carrying support - and Microsoft notes that later this year, "some existing PC models will receive driver updates from the manufacturer to support the feature". So, you may have to be patient for a little while yet.

Microsoft also tells us that most new laptops being released late in 2025 should have this support baked in and be good-to-go from the off with this improved Bluetooth sound.

You might also like

• Windows 11 feature to resume Android apps on your PC is finally incoming - and I think this will be a great addition
• Microsoft promises to crack one of the biggest problems with Windows 11: slow performance
• Can't reset your Windows 11 or 10 PC? Microsoft rushes out fix after breaking vital recovery features

• Apple’s iPhone event will take place on September 9, 2025
• The event invitation might contain clues hinting at what we’ll see
• There are some products that definitely won’t be at the show, though

Invitations for Apple’s iPhone 17 event have just gone out, and the company has confirmed that the show will take place on September 9, 2025. That will give us our first glimpse of the iPhone 17 range and much more, and there could well be some hints buried in Apple’s “Awe dropping” invitation card.

The first clue lies in the event name. Apple has picked “Awe dropping” this year, and that suggests to us that the company is confident it has some big news to share. Based on the rumors we’ve seen so far, that could be the iPhone 17 Air, which will likely be Apple’s thinnest phone ever and something that could take the iPhone line in a new direction.

If you saw the Apple invitation on an iPad or iPhone, you might have noticed that you can interact with it: slide a finger or stylus over the Apple logo and its colors move to follow your input. That might be an allusion to Apple’s Liquid Glass redesign, which also features colorful visual effects that move and refract light.

Get ready for an awe dropping #AppleEvent on Tuesday, September 9! pic.twitter.com/uAcYp2RLMMAugust 26, 2025

Speaking of colors, Apple’s “Awe dropping” logo prominently showcases oranges, yellows and blues. That might point towards the iPhone 17’s colors, all of which supposedly feature in a photo from leaker Sonny Dickson that he claims showcases the entire phone line-up. Among the devices are dark blue and orange iPhone 17 Pro phones, as well as light blue and golden yellow iPhone 17 Air devices.

The event logo’s tones are also reminiscent of patterns produced by a heat-sensing device. Could that be an indication that Apple will improve the iPhone’s cooling abilities? There are rumors that the iPhone 17 roster will come with vapor chamber cooling, which would certainly be worth shouting about on Apple’s part.

What’s probably not coming to the show

(Image credit: Future / Lance Ulanoff)

All that said, there are a few things we’re unlikely to see at Apple’s September event. Firstly, pre-show indications suggest that the Mac line will be entirely absent, with Apple planning to launch new Macs either later in 2025 or in early 2026. If you want a new MacBook Pro or iMac, you’re probably going to have to wait.

Likewise, the HomePod is highly unlikely to make an appearance, despite strong claims that Apple is busy developing a HomePod with an integrated display and a version of the speaker that puts a screen on a robotic arm. There’s still a while to wait before those products are ready, though.

Finally, the AirPods Max headphones have been left largely unchanged since their 2020 launch, with just a USB-C port and new colors being added in 2024. Despite that, the device is not expected to be upgraded this September – and there are no suggestions that a new edition is planned for the foreseeable future, either.

Still, there should be plenty on show at Apple’s “Awe dropping” event. If the logo is anything to go by, we could have plenty on our plate.

You might also like

• iPhone 17 launch date official as Apple sends out invites for ’Awe dropping’ event – here are 5 things to expect
• iPhone 17: latest news and rumors for every expected model
• Why won't AirPods Max 2 be at the newly announced September Apple Event yet again? A report says they're 'too popular' to kill and 'not popular enough' to prioritize

KPop Demon Hunters has been the smash hit of the summer, and Netflix is keen to cash in. It's already rolling out KPop Demon Hunters experiences in its forthcoming Dallas and Philadelphia destinations, and according to Variety it's in early talks with Sony about making a sequel.

KPop Demon Hunters isn't so much a movie as a cultural phenomenon, according to Netflix's head of film Dan Lin who told The Hollywood Reporter: "As word of mouth spread and social media caught on, we saw viewing really take off and the movie became a cultural phenomenon – it’s one of the only films to grow its audiences in its fifth and six weeks of release."

This week it overtook Red Notice on Netflix's charts, taking the top spot as the most-watched film in Netflix's history. It also outgrossed Weapons and Freakier Friday in just two days of theatrical screenings that saw it topping the US box office.

The film has already racked up over 236 million total views on Netflix, and its soundtrack has broken records too. It's the first soundtrack to have four songs in the Billboard Top 10 in the same week.

Why KPop Demon Hunters is almost certainly going to get a sequel

The film has been a critical hit as well as a commercial one: it's currently sitting with 97% from the critics and 99% from the viewers on Rotten Tomatoes. As The Hollywood Reporter put it: "KPop Demon Hunters delivers not only a cornucopia of earworms whose melodies will be lingering in your brain for weeks, but also a fast and funny genre mash-up that puts most theatrical animated releases to shame."

Netflix's financial interest in making a sequel is obvious, but co-director Maggie Kang has already spoken of her desire to tell more stories in the KPop Demon Hunters universe. Speaking to Variety, she said that "We’ve set up so much for potential backstory. Obviously, there’s a lot of questions that are left unanswered and areas that are not explored, and we had to do that because there’s only so much movie you could tell in 85 minutes."

Where the first film focused on lead singer Rumi, "we have backstories for Zoey and Mira – ones that we actually put in the movie, but it just kind of rejected it. It just wasn’t the movie for those stories.”

KPop Demon Hunters is streaming now on Netflix.

You may also like

• Netflix cancels what could’ve been the next Virgin River even though the series had more views than Ransom Canyon
• 3 Body Problem season 2 filming is underway as star reveals: ‘The stuff they've got planned out is pretty epic’
• Ransom Canyon season 2: everything we know so far about the hit Netflix show's return

Commentary: Apple's fall event is coming on Sept. 9, according to an enigmatic invitation that raises more questions about what will be announced.

Where have you bean all my life?

Looking for a different day?

A new Quordle puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: Quordle hints and answers for Wednesday, August 27 (game #1311).

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,100 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc's Wordle today column covers the original viral word game.

SPOILER WARNING: Information about Quordle today is below, so don't read on if you don't want to know the answers.

Quordle today (game #1312) - hint #1 - VowelsHow many different vowels are in Quordle today?

• The number of different vowels in Quordle today is 4*.

* Note that by vowel we mean the five standard vowels (A, E, I, O, U), not Y (which is sometimes counted as a vowel too).

Quordle today (game #1312) - hint #2 - repeated lettersDo any of today's Quordle answers contain repeated letters?

• The number of Quordle answers containing a repeated letter today is 2.

Quordle today (game #1312) - hint #3 - uncommon lettersDo the letters Q, Z, X or J appear in Quordle today?

• No. None of Q, Z, X or J appear among today's Quordle answers.

Quordle today (game #1312) - hint #4 - starting letters (1)Do any of today's Quordle puzzles start with the same letter?

• The number of today's Quordle answers starting with the same letter is 0.

If you just want to know the answers at this stage, simply scroll down. If you're not ready yet then here's one more clue to make things a lot easier:

Quordle today (game #1312) - hint #5 - starting letters (2)What letters do today's Quordle answers start with?

• A

• T

• L

• N

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

Quordle today (game #1312) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle, game #1312, are…

• AFOOT
• TANGO
• LUMEN
• NAVAL

My Quordle nemesis – the letter V – caught me out again after I guessed banal instead of NAVAL. 

This was my only error of what was otherwise a really enjoyable game. I was particularly pleased to get AFOOT – Sherlock Holmes’s “the game is afoot” was whispering in my brain as I guessed that one.

Daily Sequence today (game #1312) - the answers

(Image credit: Merriam-Webster)

The answers to today's Quordle Daily Sequence, game #1312, are…

• WOOZY
• BURLY
• LOGIC
• IMAGE

Quordle answers: The past 20

• Quordle #1311, Wednesday, 27 August: TWEED, SCRAP, SHEIK, AWOKE
• Quordle #1310, Tuesday, 26 August: BEGET, WRATH, HEARD, INDEX
• Quordle #1309, Monday, 25 August: GEEKY, SHALT, CHIEF, JIFFY
• Quordle #1308, Sunday, 24 August: ROVER, GONER, ANTIC, OUTDO
• Quordle #1307, Saturday, 23 August: DEMON, GRATE, FLYER, SHEEP
• Quordle #1306, Friday, 22 August: TROOP, SCOPE, TORSO, BRINY
• Quordle #1305, Thursday, 21 August: QUEST, SPARK, WHITE, ACUTE
• Quordle #1304, Wednesday, 20 August: DOLLY, MERRY, BUGLE, WORST
• Quordle #1303, Tuesday, 19 August: KNAVE, SMART, CARRY, MAMMA
• Quordle #1302, Monday, 18 August: FIBER, TRADE, RAYON, TEASE
• Quordle #1301, Sunday, 17 August: FUNGI, AMITY, DRIER, CHECK
• Quordle #1300, Saturday, 16 August: OWING, QUAKE, SLIDE, ELITE
• Quordle #1299, Friday, 15 August: WHALE, PRISM, DRAKE, TEPEE
• Quordle #1298, Thursday, 14 August: LAPEL, IDIOM, RENEW, LIVER
• Quordle #1297, Wednesday, 13 August: CACTI, HOMER, EMAIL, ALBUM
• Quordle #1296, Tuesday, 12 August: SPOOL, TITLE, JAUNT, OVINE
• Quordle #1295, Monday, 11 August: ADULT, BROOM, PURER, CRUEL
• Quordle #1294, Sunday, 10 August: SCRUM, PIPER, TROLL, SPORE
• Quordle #1293, Saturday, 9 August: NOOSE, INLET, ELEGY, VIRUS
• Quordle #1292, Friday, 8 August: KNEEL, KINKY, RALPH, BOOZY

Looking for a different day?

A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Connections hints and answers for Wednesday, August 27 (game #808).

Good morning! Let's play Connections, the NYT's clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you've finished? Why, play some more word games of course. I've also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc's Wordle today page covers the original viral word game.

SPOILER WARNING: Information about NYT Connections today is below, so don't read on if you don't want to know the answers.

NYT Connections today (game #809) - today's words

(Image credit: New York Times)

Today's NYT Connections words are…

• CYBERSPACE
• KETTLE
• ROCK
• SNARE
• STEEL
• MAKESHIFT
• WEB
• WATER
• ICECAPS
• NET
• CUP
• DIAMOND
• TANGLE
• TEABAG
• CANTAB
• NAILS

NYT Connections today (game #809) - hint #1 - group hints

What are some clues for today's NYT Connections groups?

• YELLOW: Caught up
• GREEN: Hot beverage 
• BLUE: Tough stuff 
• PURPLE: As seen on a laptop

Need more clues?

We're firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today's NYT Connections puzzles…

NYT Connections today (game #809) - hint #2 - group answers

What are the answers for today's NYT Connections groups?

• YELLOW: PLACES TO GET TRAPPED 
• GREEN: USED FOR TEA 
• BLUE: ASSOCIATED WITH HARDNESS 
• PURPLE: ENDING WITH KEYBOARD KEYS 

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Connections today (game #809) - the answers

(Image credit: New York Times)

The answers to today's Connections, game #809, are…

• YELLOW: PLACES TO GET TRAPPED NET, SNARE, TANGLE, WEB
• GREEN: USED FOR TEA CUP, KETTLE, TEABAG, WATER
• BLUE: ASSOCIATED WITH HARDNESS DIAMOND, NAILS, ROCK, STEEL
• PURPLE: ENDING WITH KEYBOARD KEYS CANTAB, CYBERSPACE, ICECAPS, MAKESHIFT

• My rating: Hard
• My score: 1 mistake

I had an office job once in a team of eight British people and one American and I’ll always remember the latter's irritation after doing a tea run and discovering the many tea-making peccadillos of their co-workers: leave the teabag in, put the milk in first, put the milk in last, stir it five times, make sure you use boiling water, make it the color of terracotta.

Frankly, it’s no wonder that coffee has overtaken tea as the UK’s favorite beverage, it’s so much simpler.

My personal tea obsession helped me find USED FOR TEA quickly enough, although I did temporarily think we were looking for drums with SNARE, KETTLE and STEEL.

My mistake came in thinking that there was a group linked by words for the internet with CYBERSPACE, NET and WEB. I added CANTAB as the fourth. I had no idea what it meant, but I thought it might have been some 1950s version of the world wide web with people in universities chatting to each other via computers the size of houses. How wrong I was.

Yesterday's NYT Connections answers (Wednesday, August 27, game #808)

• YELLOW: RESTAURANT WATER OPTIONS BOTTLED, SPARKLING, STILL, TAP
• GREEN: ATM OPTIONS CHECKING, DEPOSIT, SAVINGS, WITHDRAWAL
• BLUE: BINARY QUESTION OPTIONS FALSE, NO, TRUE, YES
• PURPLE: ROULETTE OPTIONS BLACK, EVEN, ODD, RED

What is NYT Connections?

NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.

On the plus side, you don't technically need to solve the final one, as you'll be able to answer that one by a process of elimination. What's more, you can make up to four mistakes, which gives you a little bit of breathing room.

It's a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.

It's playable for free via the NYT Games site on desktop or mobile.

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Wednesday's puzzle instead then click here: NYT Strands hints and answers for Wednesday, August 27 (game #542).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #543) - hint #1 - today's themeWhat is the theme of today's NYT Strands?

• Today's NYT Strands theme is… Do go on …

NYT Strands today (game #543) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

• STALE
• BOAST
• QUOTE
• HATTER
• LIVE
• SORE

NYT Strands today (game #543) - hint #3 - spangram lettersHow many letters are in today's spangram?

• Spangram has 10 letters

NYT Strands today (game #543) - hint #4 - spangram positionWhat are two sides of the board that today's spangram touches?

First side: left, 5th row

Last side: right, 5th row

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #543) - the answers

(Image credit: New York Times)

The answers to today's Strands, game #543, are…

• GABBY
• VERBOSE
• VOLUBLE
• TALKATIVE
• LOQUACIOUS
• SPANGRAM: CHATTERBOX

• My rating: Hard
• My score: 1 hint

Today’s theme gave us absolutely no clues at all, so I began by circling the board looking for possibilities and non-game words that would give me a hint. 

Among them, I saw Evita – which very briefly made me think we could be looking for musicals – but this was neither a game word or non-game word.

A hint gave me GABBY, which immediately made me think we were looking for words that describe someone who cannot stop talking. The first thing I thought of, and saw running across the board, was CHATTERBOX.

Some of the other words were less obvious – I had doubts over VOLUBLE as I connected the letters by guesswork and the wonderful LOQUACIOUS came last after several attempts to piece together a word that began with a Q.

Yesterday's NYT Strands answers (Wednesday, August 27, game #542)

• LAKE
• POND
• OCEAN
• HARBOR
• LAGOON
• SWAMP
• BAYOU
• SPANGRAM: BODIES OF WATER

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.

• CISA adds CVE-2025-48384 to its Known Exploited Vulnerabilities catalog
• Git patched it in July 2025, but there are also mitigations and workarounds
• Users should patch immediately, or face possible attack

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a serious Git vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of in-the-wild abuse and giving Federal Civilian Executive Branch (FCEB) agencies three weeks to patch up.

The Git distributed version control system is a software development tool helping users keep track of code changes, allowing them to share it with others, and cooperate on different projects.

It was recently discovered that it had a bug where it handles special “carriage return” characters inconsistently - so when configuring submodules, this can trick Git into setting up a repository in the wrong place and then running hidden, attacker-supplied code.

Avoiding recursive submodule clones

The bug is tracked as CVE-2025-48384, and has a severity score of 8.0/10 (high). It was discovered in early July 2025, and fixed with a patch. Here is a list of patched up Git distributed version control system: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Git is extremely popular. It is the standard version control system used by developers worldwide, and platforms like GitHub, GitLab, and Bitbucket all run on Git. Furthermore, almost every major software project, including Linux, Android, Chrome, and VS Code, uses it to manage code.

When CISA adds a bug to KEV, it usually means it has observed it being used in real-life attacks. This flaw was added on July 25, 2025, meaning FCEB agencies have until September 15 to patch it up or stop using Git altogether. Usually, other government agencies, as well as companies in the private sector, keep track of KEV and apply the updates at the same time, as well.

Those that are unable to patch can deploy a mitigation in the form of avoiding recursive submodule clones from untrusted sources. Furthermore, users should disable Git hooks globally via core.hooksPath, and enforce only audited submodules.

Via BleepingComputer

You might also like

• A cracked malicious version of a Go package lay undetected online for years
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

One of those stories you'd probably think was way too far-fetched if you didn't know it was based on true events, the five-episode Atomic hits screens on August 28 on Sky Atlantic in the UK and available for free in New Zealand thanks to TVNZ+. Read on for how to watch Atomic online from anywhere with a VPN and potentially for FREE.

Premiere date: Thursday, August 28

FREE stream: TVNZ+ (New Zealand)

Stream: Sky Atlantic (UK) | Binge / Foxtel (Aus)

Use NordVPN to watch any stream

Inspired by William Langewiesche’s account of his own barely believable story in the non-fiction book Atomic Bazaar, this miniseries takes viewers into the shady world of the nuclear weapons black market. Needless to say, it's a milieu fraught with danger, shady characters and potentially lethal consequences.

Expect plenty of tense confrontations and nail-biting chases across North Africa as drug smuggler Max (Alfie Allen) and mysterious JJ (Shazad Latif) are forced to join forces to pull off a perilous mission to traffic uranium across continents, with CIA operative Cassie Elliott (Samira Wiley) hot on their heels every step of the way.

We’ve got all the information on where to watch Atomic online and stream episodes from anywhere – including FREE options!

Can I watch Atomic for free?

You can watch Atomic online for free – but not in all countries.

The free-to-stream TVNZ+ website and app in New Zealand is showing episodes of Atomic absolutely free from August 28. All you need to do is register, using your email address, name, year of birth and gender.

Australians can also watch episodes for free by signing up to a free trial to streaming service Binge.

Not at home in those countries right now? That's where downloading the best VPN can help...

How to watch Atomic online from outside your country

If you’re traveling abroad when Atomic airs, you’ll be unable to watch the show like you normally would due to annoying regional restrictions. Luckily, there’s an easy solution.

Downloading a VPN will allow you to stream online, no matter where you are. It's a simple bit of software that changes your IP address, meaning that you can access on-demand content or live TV just as if you were at home.

Use a VPN to watch Atomic from anywhere

NordVPN – get the world's best VPN
We regularly review all the biggest and best VPN providers and NordVPN is our #1 choice. It unblocked every streaming service in testing and it's very straightforward to use. Speed, security and 24/7 support available if you need – it's got it all.

The best value plan is the two-year deal which sets the price at $3.09 per month, and includes an extra 3 months absolutely FREE. There's also an all-important 30-day no-quibble refund if you decide it's not for you.

- Try NordVPN 100% risk-free for 30 daysView Deal

Can I watch Atomic in the US?

Shows like Atomic that go out on Sky in the UK often find their way to the Peacock platform in the US and the international rights for this are indeed held by NBCUniversal. However, it has not yet been confirmed if or when Atomic will be shown in the US.

Currently travelling to the US? You can watch your normal domestic stream using a VPN as described above.

Can I watch Atomic in Canada?

We suspect Atomic will eventually turn up on the Showcase channel and Global TV platform in Canada, but nothing has been announced at the time of writing.

Visiting Canada from New Zealand? Use NordVPN to access your free TVNZ+ stream of Atomic.

How to watch Atomic in the UK

Sky has the rights to will show Atomic in the UK.

It all gets started with two episodes from 9pm BST on Thursday, August 28 on Sky Atlantic. After that, the remaining three episodes will air one per week at the same on Thursday evenings.

Sky subscribers can stream episodes on their smartphone, smart TVs, games consoles and online via the Sky Go app. You can also watch Atomic through a Now Entertainment Membership from as little as £6.99 a month.

How to watch Atomic in Australia

Atomic will begin streaming on the Binge streaming service with episodes landing weekly on Thursdays from August 28. Try the service with its FREE 7-day trial, after which it costs from $10 a month.

On TV, episodes are due to go out on Fridays on Foxtel via Showcase at 8.30pm AEST, meaning you can also watch via Foxtel Now.

Atomic - Need to KnowAtomic cast

• Alfie Allen as Max
• Shazad Latif as JJ
• Samira Wiley as Cassie Ellio
• Brian Gleeson as Mark Ellis
• Franklin Virgüez as Antonio Alam
• Avital Lvova as Oksana Shirokova
• Stuart Martin as Rab Mackintosh
• Vahid Gold as Khaled Awad
• Charlie Murphy as Laetitia
• Mostafa Benkerroum as Rifat Atillah

Atomic episode guide

Atomic starts with a double bill in the UK on Thursday, August 28. Here's the full episode release date for UK viewers:

• Episode 1 – Thursday, August 28
• Episode 2 – Thursday, August 28
• Episode 3 – Thursday, September 4
• Episode 4 – Thursday, September 11
• Episode 5 – Thursday, September 18

VPN services are evaluated and tested by us in view of legal recreational use. For example:a) Access to services from other countries, (subject to the terms and conditions of that service).b) Safeguarding your online security and making your online privacy more robust when abroad.Future plc does not support nor condone the illegal or malicious use of VPN services. We do not endorse nor approve of consuming pirated content that is paid-for.

• Citrix fixes three flaws in NetScaler ADC and NetScaler Gateway
• Among them is a critical-severity one used as a zero-day which allowed for RCE and DoS attacks

Citrix has fixed three bugs in its NetScaler ADC and NetScaler Gateway instances, including a critical zero-day flaw which was apparently being abused in the wild.

In a new advisory, the company said it patched multiple flaws, including a memory overflow vulnerability that could lead to remote code execution (RCE) or Denial of Service (DoS) attacks in NetScaler ADC and NetScaler Gateway (when NetScaler is configured as Gateway or AAA virtual server).

The vulnerability is tracked as CVE-2025-7775 and has a severity score of 9.2/10 (critical).

Configuration flaws

Citrix has urged users to patch up immediately since the hackers are already leveraging the bug in real-life attacks.

"As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the fix as there are no mitigations available to protect against a potential exploit," it said.

Fortunately, leveraging the bug is not particularly straightforward, as devices need to be configured in a specific way for that to happen:

- NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers

- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers CR virtual server with type HDX

Citrix has released configuration settings that can check if the NetScaler device’s configuration leaves it vulnerable to exploits.

Other two bugs patched are a memory overflow vulnerability tracked as CVE-2025-7776, and an improper access control on the NetScaler Management Interface bug tracked as CVE-2025-8424.

Via BleepingComputer

You might also like

• CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

Caught Stealing is a nostalgic slice of '90s New York City life that comes out swinging. Set in the Lower East Side of Manhattan, Darren Aronofsky’s new movie captures the nostalgic atmosphere of the time in this cat-and-mouse crime caper chase.

Austin Butler (Elvis; Eddington) plays Henry Thompson, a former baseball player turned bartender with a drinking habit, who insists on being called Hank. Tormented by a car accident that ended his promising sports career, the San Francisco Giants fan has been lifted straight from the pages of Charlie Huston’s novels that the movie is based on.

Hank gets caught up in a case of mistaken identity when his neighbor Russ, played by Matt Smith (The Crown; Doctor Who) – who looks like a punk-rocker that just stepped out of Camden in London (mohawk, studded leather jacket, piercings – the full uniform's here) – asks him to look after his Maine Coon cat named Bud (who you might recognize from Pet Sematary), setting in motion a chaotic chase with a growing group of eclectic goons across underpasses, subways and basements through East Village.

Caught Stealing is a chaotic crime caper crashing into the summer box office (Image credit: Columbia Pictures; Protozoa Pictures)

You wouldn’t expect that cat-care could get you killed, but that’s exactly the catalyst that drives the next 107 minutes of the white-knuckle drama. The bone-splitting violence splattered throughout does not hold back, letting you hear every crunch and snap against the backdrop of a soundtrack composed by Rob Simonsen (The Whale; Deadpool & Wolverine).

What starts with Russian mafia, played by Yuri Kolokolnikov (Tenet; The White Lotus) and Nikita Kukushkin (Attraction), beating up Hank (Kukushkin's mobster has a signature headbutt move) quickly snowballs as more players become involved to look for a mysterious key that they all believe Hank is hiding.

This hunt has got the attention of not just the Russian mobsters but a Puerto Rican gangster, played by Benito Martínez Ocasio aka Bad Bunny (Bullet Train; Happy Gilmore 2), and two extremely ruthless Orthodox Jewish brothers.

These last two might be the most threatening characters of the movie, but who also happen to have the most comedic lines. That's largely down to menacing performances from Liev Schreiber (Spotlight; X-Men Origins: Wolverine) and Vincent D'Onofrio (Full Metal Jacket; Men in Black) that make for a humorous contrast when you find them slurping soup or refusing to drive during Shabbat.

Liev Schreiber and Vincent D'Onofrio provide some of the best laughs in the film (Image credit: Columbia Pictures; Protozoa Pictures)

There may not be any baseball in this film (apart from the brief opening scene) but funnily enough, it's the more violent scenes where it really comes out as we watch Hank sprinting past pedestrians like he's on a home run and swinging a baseball bat at his assailants as if he's a deadly batter.

The sport offers a bridge between the violence and Hank's soft nature. After all, Hank's not a fighter – a fact we're reminded of throughout by police detective Roman, played by Regina King (If Beale Street Could Talk; Ray), as well as by his relationships with people (and creatures) around him, from his mother to the homeless man on the street outside of his apartment that he helps out.

Zoë Kravitz’s (The Batman; Blink Twice) Yvonne, Hank’s girlfriend, is a welcome respite from all the violence, breaking up the gut punches and shootouts with a softer charm that shares the heart of the film with the weight of a drink driving accident from when Hank was younger.

Bad Bunny joins Russian mobsters played by Yuri Kolokolnikov and Nikita Kukushkin. (Image credit: Columbia Pictures; Protozoa Pictures)

The biggest highlight of the movie is the nostalgic set created by production designer Mark Friedberg (Joker; Noah) that immerses the characters in the gritty streets of East Village in 1998 during its transformation into the trendy art scene it is today. This is complemented by a soundtrack that includes '90s hits such as Bitch by Meredith Brooks and Wandering Star by Portishead.

However, unlike the secrets of Bud’s litter tray, Caught Stealing isn’t too mysterious, relying on action movie ideas you've seen many times before. From the reluctant hero to the classic revenge storyline, it goes exactly where your brain naturally expect it to go based on the familiar elements – despite it coming from an interesting an unpredictable filmmaker in Darren Aronofsky.

It also lacks the intensity that his movies are known for, and can feel disjointed at times as it transitions from scene to scene, sometimes brushing over key moments. For instance, a lingering shot of a chameleon seems like it could be a reference to Hank's resourcefulness, but this idea isn't hinted at again, making it feel like a stray musing rather than an interesting theme.

Caught Stealing is not a deep psychological character study like Aronofsky's The Whale or Black Swan, it's an action-packed adventure centered around a self-destructive protagonist that's trying to turn the corner.

Indeed, the sunny grasses of California where Hank is originally from are in real contrast to the grimy streets of the Lower East Side, where he now finds himself, is not the subtle backstory that we're used to seeing from the filmmaker. They say stealing third base is a high risk, low reward play in baseball; unfortunately, I think that phrase captures the end result of Aronofsky's push into a new genre.

You might also like

• Hostage review: Suranne Jones is the perfect Prime Minister in Netflix’s heart-pounding new political thriller
• Peacemaker season 2 review: James Gunn makes it three wins out of three for his DC Universe reboot
• Weapons review: the new horror movie’s scariest moment happens in broad daylight

It's not long now until Foundation season 3 is over. Three episodes remain before the Apple TV Original's latest installment comes to a close, so I suspect you'll want to know when its eight chapter will air on the tech giant's streaming platform.

As I've done every week prior to this one, I'll tell you when the space opera's next entry will be available to watch on one of the world's best streaming services. If you're new around these parts, you'll also find a full release schedule at the end of this article, so you can see when episodes 9 and 10 will be released. So, hop to it!

What is the launch date for Foundation season 3 episode 8?

I'm not sure how Brother Day's going to get out of this one, fellow viewers... (Image credit: Apple TV+)

Season 3's eighth episode, titled 'Skin in the Game', will make its Apple TV+ bow on Friday, August 29. As always, I imagine North and South American viewers will be able to tune in a day earlier (August 28) due to the time zones that operate on these continents.

Like its Apple TV Original brethren, the release times for new entries of Foundation's third season aren't publicly revealed ahead of schedule. The below times, then, are the best predictions I can make, based on when other episodes have launched on the service, about the release time for 'Skin in the Game':

• US – Thursday, August 28 at 9pm PT / Friday, August 8 at 12am ET
• Canada – Thursday, August 28 at 9pm PT / Friday, August 8 at 12am ET
• UK – Friday, August 29 at 5am BST
• India – Friday, August 29 at 9:30am IST
• Singapore – Friday, August 29 at 12pm SGT
• Australia – Friday, August 29 at 2pm AEST
• New Zealand – Friday, August 29 at 4pm NZST

When will new episodes of Foundation season 3 come out?

No need to antagonize Doctor Seldon about new episode release dates, The Mule – just read our handy guide instead! (Image credit: Apple TV+)

Want to know when the final two episodes of one of the best Apple TV+ shows' third season will debut? Read on:

• Foundation season 3 episode 1 – out now
• Foundation season 3 episode 2 – out now
• Foundation season 3 episode 3 – out now
• Foundation season 3 episode 4 – out now
• Foundation season 3 episode 5 – out now
• Foundation season 3 episode 6 – out now
• Foundation season 3 episode 7 – out now
• Foundation season 3 episode 8 – Friday, August 29
• Foundation season 3 episode 9 – Friday, September 5
• Foundation season 3 episode 10 – Friday, September 12

You might also like

• Here's everything we know about Severance season 3
• Find out what we know so far about Ted Lasso season 4
• Or get the lowdown on Slow Horses season 5

• Users will no longer need to apply Windows updates after first signing in
• By updating during the OOBE, PCs are protected from day one
• The change applies to Microsoft Entra joined and hybrid joined devices

Starting from September 2025, Windows 11 (22H2 or later) devices will be able to install quality updates during the Out of the Box Experience (OOBE) by default, which means it’s set to become even easier for admins to install updates during setup.

The change applies to Microsoft Entra joined and Entra hybrid joined devices.

For IT admins, they’ll see Windows now checks for and installs applicable updates on the final OOBE page so that users won’t need to apply any updates when they sign in for the first time.

Smoother Windows updates for all

“With Windows Autopilot and Microsoft Intune (or alternative management solutions), you can maintain seamless control over quality update behavior during provisioning, while ensuring alignment with organizational security and compliance requirements,” Microsoft Product Manager Victoria Wang wrote in a blog post,

The system requires that devices are running Windows 11 Pro, Enterprise, Education or SE, and companies must be using Microsoft Intune to manage Windows quality updates.

The OOBE updating experience is also only available for those who have had the August 2025 OOBE zero-day patch or those imaged with the June 2025 Windows non-security update.

Because devices will be handed out to workers with the latest security and quality updates, companies can improve security and compliance right from day one. It also reduces burden on workers and IT teams after device handout.

This marks a welcome change from the previous setup, which saw end users having to update their computers after receiving them.

The improvement comes as more companies update to Windows 11 ahead of the impending Windows 10 end of support in October 2025.

Canalys Research Manager Kieren Jessop explained that the commercial refresh cycle is now “providing vital momentum for the [PC] market” while consumers exercise more caution.

You might also like

• Ready to upgrade? These are the best business laptops and best mobile workstations
• Microsoft launches new hyper-powered disaster recovery service for Cloud PCs
• Desk workers should consider the best workstations