The biggest benefit of Apple’s AirTags is that they help you find your belongings, whether you’re looking for lost keys or keeping track of your luggage while traveling. But AirTags can also be used to track you without your knowledge. 

AirTags work by combining built-in sensors, wireless signals and Apple’s wide Find My network to let you keep tabs on your valuables. If you ever lose your wallet with an AirTag inside, for example, you can use the Find My app to locate it on a map, have it play a sound to help you find it nearby, or mark it as “lost,” which allows other Find My users to help you find it. 

One of the biggest complaints about AirTags, however, is that someone with malicious intent could easily slip one of the tiny tags into your bag and then track your movements without your consent. Multiple people have reported AirTag-related stalking incidents where the victims didn’t know the trackers were placed on them until much later.  

Apple and Google (Android users have their own choice of Bluetooth trackers, such as the Moto Tag, which works with Google’s Find Hub) have since collaborated on an industry standard that alerts the user if a device is being used to track them without their knowledge. Thanks to this collaboration, Android users will be able to know if an AirTag is being used to track them, too. 

Apple, for its part, has also made some changes in the past few years that improve the ability to detect an unwanted AirTag. In the initial rollout, an AirTag would make a sound three days after it’s separated from its paired device. Now, that duration is 8 to 24 hours. If you have unwanted tracking notifications enabled (which we’ll get to below), you’ll receive an audible alert.

We should note here that the new AirTag is 50% louder than the first-generation model, and would therefore be theoretically better at alerting you to the unwanted AirTag. Apple has also said that the speaker on the second-gen AirTag is harder to remove than on the first-gen model, in case bad actors try to remove it. 

Advertisement

Detecting unwanted trackers

To be able to detect unwanted trackers, first enable unwanted-tracking notifications. For AirTags or other Find My accessories, these pop-up notifications (e.g., “AirTag found moving with you”) are available on devices with iOS 14.5 or later. For other Bluetooth tracking devices, these notifications are enabled on iOS 17.5 or later. 

You should enable Location Services, Find My iPhone, Bluetooth and Allow Notifications. Here’s how:

• Head to Settings, then Privacy & Security, then Location Services and toggle it on. 
• After that, head to Settings, then Apple Account, select Find My and turn Find My iPhone on. 
• To enable Bluetooth, go to Settings, then Bluetooth and turn that on. 
• Then go to Settings, then Notifications, scroll down to Tracking Notifications and toggle on Allow Notifications. Make sure airplane mode is off, or you won’t receive tracking notifications. 

Watch this: Testing the New AirTag, While Tim Cook’s White House Visit Sparks Apple Boycott Calls

07:35

What to do when you get the tracking notification

If you do get a notification like “Unknown tracker alert” or “Item detected near you,” you can try to find the unwanted AirTag by tapping it. Tap continue and then tap Play Sound or tap Find Nearby to locate the AirTag in question. 

If it doesn’t play a sound or you’re unable to find it, the item may no longer be on your person. Apple suggests checking your other belongings or the area around you, just in case. If you want to review the notification at a later time, you can open the Find My app, tap Items and then tap Items Detected With You.

Be aware that there are often “false positives,” when notifications are triggered when someone nearby has a tracker on them. If you’re traveling on a train, plane or bus, waiting in line or seated in a public space, a mistaken tracking alert could stem from glitches or high-density Bluetooth environments. 

If you get an alert, though, it’s always a good idea to take it seriously and investigate what might be causing it.

If you do find an AirTag that doesn’t belong to you, hold the top of your iPhone near the tracker until you see a notification. Tap it, and this will launch a website that provides information like its serial number, the last four digits of the phone number or a blurred-out email address of its owner. If the AirTag is marked as “lost,” you may see a message with instructions on how to contact them. 

If you’re concerned that the tracker is being used to monitor your movements and location, Apple advises taking a screenshot of the information above for your records. You can then disable the AirTag by pressing down on the back of the AirTag, turning it counterclockwise to remove the cover and removing the battery.  

Of course, before making any of these changes, it’s important to come up with a safety plan, especially if you’re afraid you’re being tracked by a current or former abusive partner. Contact your local law enforcement if you feel like your safety is at risk, or the National Domestic Violence Hotline 800-799-SAFE (7233).

When to watch Man City vs. Arsenal

• Sunday, April 19, at 11:30 a.m. ET (8:30 a.m. PT).

Where to watch

• Man City vs. Arsenal will air in the US  on NBC and Peacock Premium.

73% off with 2yr plan (+4 free months). Now only $3.49/month

See more details

See at Fubo

Advertisement

Watch the Premier League in Canada

Fubo Canada

Can English Premier League leader Arsenal hold its nerve, or will second-place Man City take the chance to close the gap on the Gunners in this crucial title race showdown at the Etihad? 

A home victory for the hosts on Sunday looks essential if Man City is to claim a sixth EPL title under manager Pep Guardiola. A win here would move City to within three points of Arsenal. The hosts can draw plenty of encouragement from the comfortable 2-0 win in last month’s League Cup final as they look to heap further pressure on the Gunners. That pressure may be starting to get to the league leaders.

While Arsenal’s 2-1 home defeat last Sunday against Bournemouth has given City renewed optimism that it can catch its title opponents, Mikel Arteta’s team nevertheless claimed a positive result in midweek. Arsenal’s goalless draw at the Emirates against Sporting Lisbon ensured its passage into the UEFA Champions League semifinals for the second season in a row. 

Man City takes on Arsenal on Sunday, April 19, at the Etihad Stadium, with kickoff set for 4:30 p.m. BST. That makes it an 11:30 a.m. ET or 8:30 a.m. PT start in the US and Canada, and a 1:30 a.m. AEST kickoff in Australia in the early hours of Monday morning. 

How to watch Man City vs. Arsenal in the US without cable 

Sunday’s crucial clash will be broadcast on NBC and streaming service Peacock. To catch the game live on Peacock, you’ll need a Peacock Premium or Premium Plus subscription. 

Peacock offers two Premium plans, and after recent price increases, the ad-supported Premium plan costs $11 a month and the ad-free Premium Plus plan costs $17 a month.

How to watch the Premier League 2025-26 with a VPN

If you’re traveling abroad and want to keep up with Premier League action while away from home, a VPN can help enhance your privacy and security when streaming.

It encrypts your traffic and prevents your internet service provider from throttling your speeds, and can also be helpful when connecting to public Wi-Fi networks while traveling, adding an extra layer of protection for your devices and logins. VPNs are legal in many countries, including the US and Canada, and can be used for legitimate purposes such as improving online privacy and security. 

However, some streaming services may have policies that restrict VPN use to access region-specific content. If you’re considering a VPN for streaming, check the platform’s terms of service to ensure compliance.  

If you choose to use a VPN, follow the provider’s installation instructions to ensure you’re connected securely and in compliance with applicable laws and service agreements. Some streaming platforms may block access when a VPN is detected, so verify whether your streaming subscription allows VPN use.

Advertisement

Price $78 for two yearsLatest Tests No DNS leaks detected, 18% speed loss in 2025 testsJurisdiction British Virgin IslandsNetwork 3,000 plus servers in 105 countries

ExpressVPN is our current best VPN pick for people who want a reliable and safe VPN, and it works on a variety of devices. It’s normally $120 a year for its most popular plan (Advanced), but if you sign up for an annual subscription for $90, you’ll get three months free. That’s the equivalent of $6 a month.

Advertisement

Note that ExpressVPN offers a 30-day money-back guarantee.

73% off with 2yr plan (+4 free months). Now only $3.49/month

Livestream Man City vs. Arsenal in the UK 

This Sunday afternoon clash is exclusive to Sky Sports and will be shown on its Sky Sports Main Event channel. If you already have Sky Sports as part of your TV package, you can stream the game via its Sky Go app. Cord-cutters will want to set up a Now account and a Now Sports membership to stream the game. 

Sky’s standalone streaming service Now offers access to Sky Sports channels with a Now Sports membership. You can get a day of access for £15 or sign up to a monthly plan from £35 a month right now.

Livestream Man City vs. Arsenal in Canada 

If you want to livestream EPL games in Canada this season, you’ll need to subscribe to Fubo. The service has secured exclusive rights to the Premier League and is broadcasting all 380 matches live. 

Fubo is the go-to destination for Canadians looking to watch the EPL, with exclusive streaming rights to every match. It currently costs CA$27 for the first month, then CA$31.50 per month from then on.

Livestream Man City vs. Arsenal in Australia 

Livestreaming rights for the EPL are now with Stan Sport, which is showing all 380 matches live, including this game.

Stan Sport will set you back AU$20 a month (on top of a Stan subscription, which starts at AU$12). It’s also worth noting that the streaming service is currently offering a seven-day free trial.

A subscription will also give you access to Premier League, Champions League and Europa League action, as well as international rugby and Formula E.

Advertisement

The investment will fund growth across auditing and engineering, with expansion expected across Ireland and the UK.

Dublin-based start-up Audrey AI has announced the closure of a $1.8m pre-seed funding round, which was led by Sure Valley Ventures and Delta Partners. There was additional participation from Enterprise Ireland, former CEO of Calypso Donnchadh Casey, former CBO of Wayflyer Conor Jones, alongside former Big 4 auditors.

Established in 2025 by Ryan Loughran and David Burke, who met on the Founders programme at Dogpatch Labs, Audrey AI develops AI solutions for financial auditors. The AI-powered platform aims to automate the most time-consuming parts of financial audit engagements.

The organisation has stated that the newly secured funds will be put towards the expansion of Audrey AI’s specialist audit and engineering teams, as the company expands its reach across Ireland, the UK and “beyond”.

Commenting on the announcement, Loughran, who is also the company’s CEO, said: “Developers have Copilot, lawyers have Harvey, but auditors still primarily work in Excel. We’re building AI that understands auditing deeply enough to raise the bar on quality, not just speed, freeing auditors to focus on the judgement and oversight that matters most.” 

A number of Irish organisations operating within the artificial intelligence space have already announced major investments in April. Start-up Otel AI, which is building an AI platform for hotel managers, recently announced a raise of €2m, bringing the company’s total funding to date to €2.8m. 

E-commerce technology company Zellor raised €850,000 in its very first external funding round. The start-up, which is led by CEO Niall O’Sullivan, received backing from Enterprise Ireland and a number of strategic Irish investors.

Galway-based AI security software start-up Octostar, which also has offices in Italy and the UK, raised €6.1m in an extended seed funding round. 

Updated, 1.05pm, 16 April 2026: This article was amended to clarify Audrey AI’s expansion plans.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations.

The threat can adjust hydraulic pressures and raise chlorine levels to dangerous levels, researchers found during their analysis.

Based on its IP targeting and political messages embedded in its strings, ZionSiphon appears to focus on targets based in Israel.

Researchers at AI-powered cybersecurity company Darktrace found a flawed encryption logic error in the malware’s validation mechanism that makes it non-functional but warn that future ZionSiphon releases could fix the flaw to unleash its power in attacks.

Upon deployment, the malware checks whether the host IP falls within Israeli ranges and whether the system contains water/OT-related software or files, to ensure it is running in water treatment or desalination systems.

Darktrace notes that the logic for country verification is broken due to an XOR mismatch, causing the targeting to fail and triggering the self-destruct mechanism instead of executing the payload.

If ZionSiphon were to activate, it could cause significant damage by increasing chlorine levels and maximizing the flaw and pressure.

It does this via a function named “IncreaseChlorineLevel(),” which appends a text block on existing configuration files to maximize the chlorine dose and flow as much as it is physically supported by the plant’s mechanical systems.

“IncreaseChlorineLevel()” checks a hardcoded list of configuration files associated with desalination, reverse osmosis, chlorine control, and water treatment OT/Industrial Control Systems (ICS),” Darktrace says.

“As soon as it finds any one of these files present, it appends a fixed block of text to it and returns immediately.”

“The appended block of text contains the following entries: “Chlorine_Dose=10”, “Chlorine_Pump=ON”, “Chlorine_Flow=MAX”, “Chlorine_Valve=OPEN”, and “RO_Pressure=80”.”

The intention to interact with industrial control systems (ICS) is obvious from scanning the local subnet for the Modbus, DNP3, and S7comm communication protocols.

However, Darktrace has found only partially functional code for Modbus, and merely placeholders for the other two, indicating that the malware is still in an early development phase.

ZionSiphon also has a USB propagation mechanism that copies itself to removable drives as a hidden ‘svchost.exe’ process and creates malicious shortcut files that execute the malware when clicked.

USB propagation is key in critical infrastructure systems, where computers that manage security-critical functions are often “air-gapped,” meaning they are not directly connected to the internet.

While ZionSiphon isn’t operational in its current version, its intent and potential for damage are concerning, and all that’s needed to unlock both is to fix a minor verification error.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts.

According to court documents, the accounts were hijacked by Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accomplice charged in May 2023) in a massive November 2022 credential-stuffing attack that compromised nearly 68,000 DraftKings accounts.

U.S. prosecutors said Austad and Garrison used a list of credentials stolen in multiple breaches to hack into DraftKings accounts, then sold access to others who stole around $635,000 from roughly 1,600 compromised accounts.

While they made over $2.1 million selling some of these hijacked DraftKings accounts (as well as FanDuel and Chick-fil-A accounts) through their own “shops,” they also sold many in bulk to Stokes (also known online as TheMFNPlug), who resold them through his own “shop.” 

One month later, the sports betting giant said it had to refund hundreds of thousands of dollars stolen from hacked accounts, after all available funds were withdrawn following the addition of a new payment method and a $5 deposit to verify its validity.

​After being arrested, pleading guilty, and released while awaiting trial, Stokes reopened his shop with a new “fraud is fun” tagline and continued selling access to compromised accounts for various retailers.

Prosecutors said he also admitted “he had been running these types of shops for three years” and that he relaunched the shop because he needed money to pay his attorney.

“Kamerin Stokes victimized thousands of users of an online betting website though [sic] a cyberattack,” U.S. Attorney Jay Clayton noted in a Thursday press release.

“After pleading guilty to federal crimes, Stokes audaciously reopened his criminal business, marketed using the tagline’ fraud is fun,’ and said that he opened the new Shop in part because ‘gotta pay my attorneys,’ referring to his prosecution in this case.”

After reopening his website, Stokes was again remanded into federal custody after being arrested for violating the conditions of his pretrial release.

In addition to 30 months in prison, Stokes was given 3 years of supervised release and ordered to pay $1,327,061 in restitution and $125,965.53 in forfeiture.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

A truck makes a historic trip around CERN’s facility on the France-Switzerland border, transporting the world’s most expensive material for the first time.

The antimatter inside is made by CERN’s enormous particle accelerator, and then antimatter particles are decelerated and captured for storage, shipment and study.

Antimatter is the mirror opposite of matter. The particular type of antimatter transported was 92 antiprotons, the negatively charged equivalent to the positively charged protons found in regular matter. This perplexing and precious material could hold the key to unlocking some of the largest looming mysteries remaining in physics, going back to the origins of our universe.

When matter and antimatter meet, they annihilate, turning most of their mass into pure energy. This reaction is the stuff of science fiction, powering spaceships and super weapons. However, with current technology, it would take billions of years to acquire enough antimatter to do any serious damage.

Annihilation is routine at CERN’s antimatter factory, happening on a small scale with individual particles and showing up as a line on a graph (pictured below).

One of the mysteries the study of antimatter could solve is the reason why there’s so much more matter than antimatter in the observable universe, a question with roots going all the way back to the big bang.

So far, the science shows that matter and its antimatter equivalents are identical opposites in weight and magnetism. Stefan Ulmer, founder and spokesperson of the BASE experiment at CERN, believes more precise measurements could help find discrepancies which could hold the key.

The search for these discrepancies means that the antimatter particles must leave their birthplace at CERN because the same enormous magnets necessary to produce antimatter also make it difficult to study due to magnetic interference.

This may seem like a lot of work just to get more precise measurements of particles, but Ulmer says chasing answers to the biggest questions in science “makes you creative,” and this is his own version of heaven.

To see the truckload of antimatter make its historic trip, check out the video in this article.

Only a very lucky few people ever get to travel into space, but more than 5.6 million names just completed a journey around the Moon, stored on a microSD card carried aboard NASA’s Artemis II mission.

That flight sent four astronauts farther from Earth than humans have ever traveled, completing a roughly 10-day mission that orbited the Moon before safely returning to Earth.

The trip tested critical systems for future deep-space exploration and marked a major milestone for the Artemis program which will ultimately return humans to the surface of the Moon in 2028.

The microSD card, carrying 5,647,889 submitted names, was zipped into Rise, the mission’s mascot, a cartoonish Moon wearing a cap covered in stars. The mascot itself was designed by a year three student from California, called Lucas Ye, whose artwork was selected from more than 2,600 entries from over 50 countries.

While the specific card zipped inside Rise was certified for spaceflight conditions, it traces its lineage to the SanDisk Ultra series used by people here on Earth inside cameras, handheld devices, and portable recording gear.

The consumer version of the SanDisk Ultra microSD series comes in 16 and 32GB capacities and supports both microSD and microSDHC formats, making it compatible with a wide range of devices used for everyday recording and storage tasks.

Rated at Class 10 speeds, the card supports read speeds of up to 80MB/s, which suits Full HD video capture, burst photography, and quick file transfers.

It’s durable, with protection against water, temperature extremes, and X-ray exposure, and maybe (but we wouldn’t bet on it), trips around the Moon.

After splashdown, the mission mascot didn’t stay tucked away inside the spacecraft as it should have done according to NASA’s mission rules, Artemis II commander Reid Wiseman later revealed on X.

“I was supposed to leave Rise in Integrity….but that was not something I was going to do. I stuffed that little guy in a dry bag we had in our survival kit and hooked the bag onto my pressure suit,” he wrote.