Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
In this week’s “Sunday Reboot,” Beats subverts the World Cup, and GymKit and Malcolm’s gym are updated in opposite ways.

Sunday Reboot is a weekly column covering some of the lighter stories within the Apple reality distortion field from the past seven days. All to get the next week underway with a good first step.
This week, current Apple CEO Tim Cook warned of price increases, Brazil adopted EU-style App Store rules, and supply chain assembler Tata is accused of contaminating the water supply in India. Also, leakers are worried we could have another colorgate issue this fall.
Continue Reading on AppleInsider | Discuss on our Forums
Public exploits have been released for the critical “wp2shell” remote code execution vulnerabilities affecting WordPress Core, making it imperative that administrators patch their sites immediately.
The wp2shell attack consists of two flaws, tracked as CVE-2026-63030 and CVE-2026-60137, that can be chained together to achieve pre-authentication remote code execution against WordPress installs running versions 6.9.x and 7.0.x.
The flaws were discovered by Adam Kues of Searchlight Cyber, which says an unauthenticated attacker can exploit them against a default WordPress installation.
“Searchlight Cyber’s security research team has discovered a pre-authentication RCE in WordPress Core,” explained Searchlight Cyber.
“The attack has no preconditions and can be exploited by an anonymous user in a stock install of WordPress with no plugins.”
Searchlight Cyber estimates that more than 500 million websites use WordPress, giving the vulnerability a potentially massive impact, especially now that public proof-of-concept exploits have been released.
Due to the severity of the vulnerabilities, the WordPress security team has enabled forced automatic security updates for supported installations running affected versions, urging site owners to update to WordPress 7.0.2 or 6.9.5 immediately.
“Because this is a security release, it is recommended that you update your sites immediately,” WordPress said in its security announcement.
“Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.”
The issue is not a single vulnerability but rather two independent flaws that can be combined into an unauthenticated remote code execution chain.
The first flaw, CVE-2026-63030, is a REST API batch-route confusion vulnerability introduced in WordPress 6.9. According to the GitHub advisory, the flaw can be combined with the SQL injection issue to achieve remote code execution.
The second vulnerability, CVE-2026-60137, is an SQL injection flaw in the ‘author__not_in‘ parameter of ‘WP_Query'. WordPress describes it as a high-severity SQL injection vulnerability affecting WordPress 6.8 and later.
According to the WordPress advisories, the complete RCE chain affects WordPress 6.9.0 through 6.9.4 and WordPress 7.0.0 through 7.0.1.
The SQL injection vulnerability also affects WordPress 6.8.0 through 6.8.5, but cannot be chained to remote code execution because the REST API batch-route confusion bug was added in WordPress 6.9.
The full wp2shell attack chain has been fixed in WordPress 6.9.5 and 7.0.2.
Searchlight Cyber is currently withholding technical details to give administrators time to patch, instead creating the wp2shell.com website, which allows admins to test whether their WordPress installations are vulnerable.
For organizations unable to immediately update, Searchlight Cyber recommends:
/wp-json/batch/v1 and ?rest_route=/batch/v1 at a WAF level.
The company warns these mitigations should only be used as a temporary measure until systems can be updated.
Cloudflare also announced that it has deployed Web Application Firewall (WAF) protections for both vulnerabilities across all plans, including free accounts, that are proxied behind its platform.
According to Cloudflare, the rules block attempts to exploit both the SQL injection flaw (CVE-2026-60137) and the REST API batch-route confusion vulnerability (CVE-2026-63030).
“WAF protections reduce exposure while customers update, but they are not a substitute for patching,” Cloudflare said.
While Searchlight Cyber delayed releasing technical details to give administrators time to patch, multiple public proof-of-concept exploits have since been published on GitHub.
Some publicly available exploits combine the two vulnerabilities to extract WordPress password hashes via SQL injection, then crack an administrator password to log in, upload a malicious plugin, and execute commands.
However, other proof-of-concept exploits claim to achieve pre-authentication remote code execution without requiring administrator credentials, which is more in line with Searchlight Cyber’s description of the flaws.
BleepingComputer has contacted Searchlight Cyber to confirm that its attack chain does not require an administrator password.
Security firm watchTowr says it has already seen in-the-wild exploitation after the public exploits were released.
“WordPress gets a bad rap for security. But the reality is that a highly impactful, unauthenticated SQL injection or remote code execution vulnerability in WordPress core is actually fairly rare,” watchTowr CEO Benjamin Harris told BleepingComputer via email.
“That is exactly what makes this one different, and why everyone is scrambling to patch before widespread exploitation takes hold. The watchTowr team is already seeing PoC exploits in circulation, and we are beginning to see the first signs of in-the-wild exploitation.”
Given the availability of public proof-of-concept exploits and the first reported signs of in-the-wild exploitation, administrators should ensure their sites are updated to WordPress 7.0.2 or 6.9.5 as soon as possible.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
It’s pretty clear that EVs and software defined vehicles (SDVs) go hand-in-hand these days, and while Tesla paved the way with the Model 3 back in 2017, Rivian, Lucid, and Chinese manufacturers quickly followed. The legacy car manufacturers are taking a while longer to get on board, but are finally catching up. Companies like Hyundai Motor Group, General Motors, BMW, and Mercedes-Benz are starting to launch full SDVs.
SDVs are cars with functions and features that are primarily enabled through software and can improve over time via over-the-air (OTA) software updates. I’m not just talking about updating navigation or infotainment, here. Thanks to their zonal architecture, full SDVs use a holistic approach to software updates where every hardware module can be updated OTA, which enables diagnostics and even recalls without a dealer visit.
The cynical view is that SDVs allow greedy car manufacturers to extract revenue from customers via needless subscriptions, but that’s short-term thinking. When done right, there are many benefits to SDVs. Companies like Rivian and Tesla issue free monthly OTA updates to fix bugs and add new features to their EVs, to the delight of their customers, while only charging an optional subscription for higher data connectivity and ADAS tiers.
What happens when you extend SDVs beyond EVs to hybrid and combustion vehicles? A few weeks back, I visited Mercedes’ factory near Tuscaloosa, AL, where the company manufactures most of its global SUVs, to get a first look at the refreshed GLE and GLS SUVs. Beyond more powerful engines and the usual mid-cycle cosmetic upgrades inside and out, these SUVs are Mercedes’ first hybrid and combustion SDVs. Well, almost.
Unlike their predecessors, the 2027 GLE and GLS run the company’s MB.OS across all four domains — infotainment, automated driving, body & comfort, and driving & charging — just like Mercedes’ first full SDVs, the all-electric CLA and GLC. Previously, MB.OS was only implemented for navigation and infotainment, like in the current E-Class sedan and wagon. As such, those cars weren’t SDVs. But there’s a catch.
Mercedes notes, however, that “while all of these vehicles leverage MB.OS principles and a domain-oriented software architecture, the underlying hardware, communication systems, software capabilities, and OTA deployment approaches vary by vehicle platform.” As such, the refreshed GLE and GLS, while only partial SDVs, are closer to full SDVs than any other hybrid or combustion car before them.
The 2027 GLE and GLS feature Mercedes’ pillar-to-pillar Superscreen as standard, which consists of three 12.3-inch displays (driver, center, and passenger) behind a single glass surface, and includes a selfie camera for video calls (when stopped) and for selfies, naturally. Video calls require apps like Zoom, which you can download from Mercedes’ own app store. A 3D instrument display and head-up display are available as an option.
Like the all-electric CLA and GLC, the refreshed GLE and GLS feature a generative AI-powered voice assistant which uses OpenAI’s ChatGPT4o, Microsoft Bing Search, and Google Cloud’s Automotive AI Agent (for navigation) — depending on context. The MBUX Virtual Assistant can handle a whole range of natural language requests, from adjusting the climate and music to navigation and even general knowledge queries.
Mercedes’ MB.Drive Assist Pro, the company’s NVIDIA-powered point-to-point level 2+ advanced driver assistance system (ADAS), which launched on the all-electric CLA and GLC, is coming to the 2027 GLE and GLS, first in China, then in the US later this year. This ADAS is similar to Tesla’s ill-named full self-driving (FSD), but in addition to using ten cameras, it also uses five radar sensors and twelve ultrasonic sensors.
In all, the refreshed GLE and GLS show that drivetrain variations aside, it’s possible for all-electric, hybrid, and combustion vehicles to reach parity as SDVs when it comes to infotainment, navigation, comfort, and ADAS. Let’s hope that Mercedes fully embraces this exciting new technology and follows in Rivian and Tesla’s footsteps by releasing free monthly OTA updates to fix bugs and add new features to these new SDVs.
What’s even more important is that SDVs are starting to extend beyond EVs and luxury cars. Manufacturers like Hyundai Motor Group are launching more affordable hybrid and combustion vehicles that are SDVs. The zonal architecture used by SDVs makes cars inherently less expensive to manufacture since it requires fewer hardware modules and much simpler wiring harnesses (less copper means less cost and less weight).
The South Korean Grandeur sedan and Europe-bound IONIQ 3 SUV are Hyundai’s first proper SDVs. Both cars run the company’s new Android Automotive-based Pleos Connect navigation and infotainment platform, and include Hyundai’s App Market and large language model (LLM)-powered Gleo AI voice assistant. Pleos Connect, the App Market, and Gleo AI will also be coming to Hyundai Motor Group’s future Kia and Genesis cars.
…while I believe that the future is all-electric, hybrid and combustion vehicles will be sticking around a little while longer
Right now, most of the affordable full SDVs being developed outside of China are EVs. Ford is working on its Universal Electric Vehicle (UEV) SDV platform which will initially underpin an all-electric small truck priced around $30,000. Volkswagen’s upcoming ID.1 city car, destined for Europe and priced below €20,000, is the company’s first SDV. Its zonal architecture and software stack are a direct result of VW’s partnership with Rivian.
Hopefully, these new EV-first platforms can also be adapted to manufacture more affordable hybrid and combustion SDVs. Because while I believe that the future is all-electric, hybrid and combustion vehicles will be sticking around a little while longer, at least here in the US. And considering the cost and feature benefits of SDVs, it would be a shame if manufacturers didn’t deploy this technology across all their upcoming vehicles.
Between 2018 and 2024, I owned two Tesla Model 3s, so I was able to enjoy the benefits of SDVs firsthand. There’s something utterly wonderful about finding an OTA software update waiting in your car every month, ready to deliver new functionality for free. Rivian aside, I have missed this on every other EV I’ve driven since, and because of this positive experience, I will forever associate SDVs with EVs.
But as Mercedes has shown with the refreshed GLE and GLS SUVs, the benefits of SDVs also extend to hybrid and combustion vehicles. SDVs allow the company to provide a consistent and modern user experience across its entire lineup, regardless of drivetrain. Not to mention, SDVs reduce costs and complexity for all manufacturers. As such, I’m looking forward to SDVs becoming the norm for more cars going forward.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Kini is very reliable. I tested it in a drawer and a cabinet, and it always alerted me when they were opened. It also keeps a log with times listed. While alerts go via the cloud, maker Kinisium says it doesn’t collect data, and you can turn off logging entirely if you prefer. Kini also has a Stasis mode, so you can reverse it and have it alert you when there has been no movement for a set period. This makes it a versatile monitoring device, and you could use this mode to ensure an elderly relative opens their medicine cabinet each day or check what time your dog walker opened a door. Kini is also compatible with IFTTT for automation, and there’s even a webhook integration that can send notifications to a custom URL.
There are loads of other motion sensors that can alert you to motion or presence in an area or room and trigger lighting, but the right one for you depends on your current smart-home setup.
I really like the Eve Motion Sensor, but if you want it to trigger alerts, you need a smart-home hub, and you must set up an automation. It’s a reliable sensor that works indoors or out. I tested it with a Google Home system.
The Aqara FP2 Presence Sensor ($83) has many features, including zonal and multiple person detection, and is compatible with all the major smart-home ecosystems, though it’s not always very accurate at identifying the number of people in the room. The more affordable Aqara FP300 ($50) is a good enough presence detector for most folks and can also track light, temperature, and humidity.
The Switchbot Presence Sensor ($30) is the most affordable sensor I tested and has a similar feature set, but you will need a Switchbot hub if you want alerts, and there’s a lag between it detecting and alerting.
The Philips Hue Outdoor Motion Sensor is excellent, but only if you already have a Hue setup, because it needs a Hue Bridge to connect to. I installed the sensor in my backyard and tested it with the Bridge Pro. It reliably detects people with few false positives. I configured my outdoor sensor to turn on a backyard light strip (not Hue) after sunset and send me a notification when triggered between specific hours (midnight and 6 am) using Google Gemini.
There’s also a Philips Hue Indoor Motion Sensor and a Contact Sensor ($40) for doors and windows. Both are very reliable and can be configured to trigger alerts.
As an interesting alternative to dedicated motion sensors, you can also use some smart lights for detect presence and motion indoors.
Wiz SpaceSense
If you have a few Wiz lights, you can try SpaceSense, which uses Wi-Fi to detect motion in rooms. I wasn’t that impressed when I tried SpaceSense, but how effectively it works depends on how many Wiz lights you have and where they are located. I was also testing it as a way to automatically turn lights on, and there’s some lag that limits its usefulness on that score. But as a security alert that can tell you when there’s motion in your home when you’re away, it could be very useful. If you already have Wiz lights, you may as well try it, as it doesn’t require a subscription.
Philips Hue MotionAware
Signify is the parent company of Wiz and Philips Hue, and MotionAware is very similar to SpaceSense, but it uses Zigbee, rather than Wi-Fi. Again, how well it works depends on the number of Philips Hue lights you have and their layout. Unfortunately, it does require a subscription if you want to receive alerts. MotionAware can trigger lights at no extra cost, but if you want motion alerts, you must pay $1 per month or $10 for the year. It is also included in Hue Secure subscriptions from $4 per month.
You might consider a modular security system. We like the Simplisafe system, which offers a base station, keypad, and a range of sensors. You can also find modular systems from security stalwarts like ADT and Vivint, and security camera makers like Eufy and Arlo.
The Department of Justice says that federal employees can now download TikTok on their government devices, according to Reuters.
A 2022 law banned federal employees from using the short-form video app on those devices, but the DOJ reportedly says the law no longer applies, thanks to a deal transferring ownership of TikTok’s U.S. operations to a joint venture backed by Oracle, Silver Lake, and MGX. (Oracle serves as the security partner for the new joint venture, while previous owner ByteDance retains a 19.9% stake.)
The DOJ memo reportedly says President Donald Trump has cleared “employees of Executive Branch agencies” to “download TikTok onto their official devices, subject to the agency’s discretion and consistent with all applicable workplace policies.”
Following the ban focused on government employees and devices, the app was banned more broadly across the United States. But just as the law took effect early last year, the app only went down briefly before Trump repeatedly delayed the move and urged service providers to restore access.
Kylian Mbappe is set to face Real Madrid team-mate Jude Bellingham as France take on England in the FIFA World Cup 2026 third place play-off in Miami — and you can live stream the game around the world for free.
Les Bleus were many people’s favourites to win the tournament, but a deeply disappointing 2-0 defeat by Spain in the semi-finals ended their hopes of lifting the World Cup for a third time. While a bronze medal would feel like scant consolation, France will nonetheless be motivated to triumph. Manager Didier Deschamps ends a hugely successful 14-year spell in charge of Les Bleus after this game and he will be keen to finish on a high, while captain Mbappe heads into the last weekend of the tournament level on eight goals with Lionel Messi in the race for the Golden Boot.
England’s semi-final defeat was even more crushing than their opponents’, as they conceded twice late on to lose 2-1 to bitter rivals Argentina. It means the Three Lions’ years of hurt will stretch beyond 60 after they fell short yet again, having reached at least the semi-finals in four of the past five major tournaments. England beat Norway in Miami in the quarter-finals seven days ago, and if they triumph here again it would represent their best showing at a World Cup other than when they lifted the trophy in 1966, having lost their previous two third-place games in 1990 and 2018.
So, read on as we show you exactly how to watch France vs England for free from anywhere in the FIFA World Cup 2026.
France vs England is available to watch for free in multiple countries, including the UK, Australia, Brazil, Belgium, Ireland, Netherlands, Switzerland and Turkey.
Abroad? Can’t access your free stream? Unblock your free World Cup stream with Norton VPN — more on that below.
It’s the World Cup, and if you’re traveling, you might discover your usual France vs England stream is suddenly unavailable due to geo-restrictions.
Don’t worry, that’s exactly where a VPN can help. A virtual private network lets you connect to servers around the world so you can securely access your usual World Cup coverage as if you were back home.
We recommend Norton VPN. Here’s why:
US viewers can watch France vs England on Fox (English commentary) or Telemundo (Spanish commentary).
Fox and Telemundo are available on cord-cutters like YouTube TV (free trial), Hulu+Live TV, Sling (select markets), Fubo or DirecTV.
Those looking for a streaming service instead can watch France vs England on Fox One (3-day free trial). Telemundo is also available via Peacock ($10.99/month).
Visiting the US from the UK? You can still watch your World Cup stream for free thanks to Norton VPN (try for 60 days).
UK customers are in luck as they can stream France vs England for free on BBC One. Live coverage is also available via BBC iPlayer.
You require a TV license and a valid UK postcode for an account (e.g. SE1 7PB).
Norton VPN can unlock your stream if you’re abroad today.
France vs England will be shown for free in Australia on SBS On Demand.
The streaming platform has every game of the tournament for free, making it the perfect place for your World Cup viewing.
Traveling for work or on holiday? A VPN like Norton VPN can help unlock your free stream.
In Canada, TSN will be broadcasting France vs England.
You can live stream via the TSN+ streaming platform, which costs CA$8 per month or CA$80 per year.
Outside of Canada? Use Norton VPN whilst you’re traveling away from home to unlock your stream.
In New Zealand, France vs England will be broadcast on TVNZ+.
While some World Cup games are free on TVNZ+, this match requires the tournament pass (NZ$44.95).
France vs England kicks off at 10pm BST / 5pm ET on Saturday, July 18. That’s 7am AEST on Sunday, July 19 in Australia.
France
Goalkeepers: Mike Maignan (AC Milan), Robin Risser (Lens), Brice Samba (Rennes).
Defenders: Lucas Digne (Aston Villa), Malo Gusto (Chelsea), Lucas Hernandez (Paris St-Germain), Theo Hernandez (Al Hilal), Ibrahima Konate (Liverpool), Maxence Lacroix (Crystal Palace), Jules Kounde (Barcelona), William Saliba (Arsenal), Dayot Upamenaco (Bayern Munich).
Midfielders: N’Golo Kante (Fenerbache), Manu Kone (Roma), Adrien Rabiot (AC Milan), Aurelien Tchouameni (Real Madrid), Warren Zaire-Emery (Paris St-Germain).
Forwards: Maghnes Akliouche (Monaco), Bradley Barcola (Paris St-Germain), Rayan Cherki (Man City), Ousmane Dembele (Paris St-Germain), Desire Doue (Paris St-Germain), Michael Olise (Bayern Munich), Kylian Mbappe (Real Madrid), Jean-Phillipe Mateta (Crystal Palace), Marcus Thuram (Inter Milan).
England
Goalkeepers: Dean Henderson (Crystal Palace), Jordan Pickford (Everton), James Trafford (Manchester City).
Defenders: Dan Burn (Newcastle United), Trevoh Chalobah (Chelsea), Marc Guehi (Manchester City), Reece James (Chelsea), Ezri Konsa (Aston Villa), Nico O’Reilly (Manchester City), Jarell Quansah (Bayer Leverkusen), Djed Spence (Tottenham Hotspur), John Stones (Manchester City).
Midfielders: Elliot Anderson (Nottingham Forest), Jude Bellingham (Real Madrid), Eberechi Eze (Arsenal), Jordan Henderson (Brentford), Kobbie Mainoo (Manchester United), Declan Rice (Arsenal), Morgan Rogers (Aston Villa).
Forwards: Anthony Gordon (Barcelona), Harry Kane (Bayern Munich), Noni Madueke (Arsenal), Marcus Rashford (Manchester United), Bukayo Saka (Arsenal), Ivan Toney (Al-Ahli), Ollie Watkins (Aston Villa).
|
Stage |
France |
England |
|
Group stage |
Group I: 1st, 9 points |
Group L: 1st, 7 points |
|
Last 32 |
Beat Sweden (3-0) |
Beat DR Congo (2-1) |
|
Last 16 |
Beat Paraguay (1-0) |
Beat Mexico (3-2) |
|
Quarter-finals |
Beat Morocco (2-0) |
Beat Norway (2-1 AET) |
|
Semi-finals |
Lost to Spain (2-0) |
Lost to Argentina (2-1) |
The temperature in Miami on Saturday is forecast to be around 86F (30C) at kick-off, although it is expected to feel like 88F (31C).
The humidity level is expected to range from 66-69 per cent during the game, which is considered high.
Of course, most broadcasters have streaming services that you can access through mobile apps or via your phone’s browser.
You can also stay up-to-date with all of the key World Cup moments on the official social media channels on X/Twitter (@FIFAWorldCup), Instagram (@FIFAWorldCup), TikTok (@FIFAWorldCup) and YouTube (@FIFA).
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Hours of San Francisco Police Department drone video footage exposed on the open web illustrates a new era of incredibly granular—and consequential—urban surveillance. Meanwhile, the San Francisco City Attorney’s Office sent cease-and-desist letters to Apple and Google this week demanding that the tech giants delete 13 AI nudifying “face-swap” apps from their app stores that are almost exclusively used to target women and girls.
Since WIRED first reported in June about Meta’s NameTag face-recognition system, company executives have made opaque and conflicting comments about whether the feature even exists. We took a step back to lay out both the claims and the facts about the very real system.
In a speech on Thursday, President Donald Trump continued to push unsubstantiated and thoroughly debunked claims about interference in the 2020 US election. He even promised massive revelations in a trove of documents posted to the White House website, but the files did not prove his assertions—and in some cases actually contradicted Trump’s claims.
As adoption of AI tools rapidly expands and their capabilities increase, the tech giant Anthropic continued a push to get US states to regulate AI. Speaking about AI transparency requirements in California and New York from last year, Anthropic’s head of US state and local government relations, Cesar Fernandez, told WIRED this week, “The transparency-focused safety bills of 2025 were a really important start, but as the capabilities of AI systems continue to advance quickly—the policy responses need to match.”
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The astrology-themed period tracker Stardust sends users’ reproductive health details—birth control type, pregnancy status, moods, and symptoms as specific as tender breasts and stomach cramps—to a data firm not named in its privacy policy, according to the BBC, which first reported a Mozilla Foundation audit of six popular trackers produced in partnership with Harvard’s Berkman Klein Center.
Stardust scored 2 out of 10, the worst of the group. Mozilla researcher Shoshana Wodinsky found the app pings third-party trackers from the moment it opens, before a user enters anything; the instant she logged a symptom, the details went to analytics firm RudderStack alongside a persistent user ID, with no in-app way to shut the sharing off. RudderStack is built to route data onward to destinations Mozilla couldn’t observe. Stardust also hands Facebook an ad identifier that ties in-app behavior to the platform’s existing profiles. The company told TechCrunch it has never received a legal demand for user data.
Euki, a nonprofit-run tracker, earned a perfect 10: no account required, health data never leaves the phone, and users can set a PIN, schedule automatic deletion, or pull up a decoy screen if someone forces the phone open. Its one soft spot is an in-app browser for educational pages that loads the usual web trackers, but it also resets identifiers between visits.
Russia’s FSB has long had a reputation for highly sophisticated cyberespionage, leaving disruptive cyberattacks to its fellow hackers in the country’s GRU military intelligence agency. But sanctions from the EU and UK this week, along with an advisory from the US Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA, pinned a cyberattack against the Polish electric grid on Center 16 of the FSB, a rare example of the Kremlin agency carrying out a cyberattack that nearly caused outages in the country’s electric and water utilities. The attack, which the Polish government has said came “very close” to causing a blackout, was initially attributed by cybersecurity firms Dragos and ESET to Sandworm, also known as Unit 74455 of the GRU, a more usual suspect in infrastructure hacking given its active role in Russia’s long-running cyberwar against Ukraine. But the Polish computer emergency response team at the time disputed that finding and tied the attack to the FSB, a conclusion now supported by a wide consensus of Western governments. The incident suggests that the FSB may be taking on some of the reckless, highly aggressive tendencies—and targeting—of its GRU coworkers.
For years, the Russian cybersecurity firm Kaspersky has been alleged to have ties to the Russian government, including by US officials who banned use of the company’s products within the US government and eventually by all American customers. Yet overt evidence of those connections has been scarce. Now Reuters reports that Denis Obrezko, a Russian man facing hacking charges in Boston and an alleged member of a hacker group known as Void Blizzard or Laundry Bear, spent two years working at Kaspersky. His stint at the company took place just before he joined another cybersecurity company, Yutek-NN, where he allegedly took part in the group’s hacking campaign that stole data and communications from numerous NATO governments and at least 11 US companies, according to US prosecutors. Prior to Kaspersky, Obrevko also allegedly worked at the FSB, neatly bookending his time at the company with apparent work for Russia’s intelligence services.
Obrevko has pleaded not guilty to the hacking charges. Kaspersky responded in a statement to Reuters that “the offenses charged cannot be related to the individual’s role or responsibilities during the employment at Kaspersky.”
In an incident that will induce anxiety in anyone responsible for assessing suspicious network activity, DHS officials ruled—twice—that signs of a hacker breach in its data-sharing Homeland Security Information Network platform were false positives when they were, in fact, signs of a very real intrusion. HSIN, used for sharing unclassified data between state, local, and federal agencies, as well as foreign partners, was breached by hackers two months ago, according to reporting from Nextgov/FCW. Analysts at the Federal Emergency Management Agency spotted signs of hacker activity in mid-May—altering files and code, hijacking a legitimate web server, and deleting logs of their behavior—but the findings were dismissed as a false positive.
In the weeks that followed, the hackers returned, were again detected, and were again dismissed as a mirage. It’s not clear why the signs of the breach were misjudged, but the incidents may represent federal analysts’ increasing challenges in detecting “living off the land” hacking techniques that use legitimate features of networks to access target assets on a network rather than planting more easily spotted malware. While the HSIN houses only unclassified data, the information is “highly sensitive,” Senate Intelligence Committee vice chair Mark Warner said in a statement following the report of the breach, and “its exposure risks national security.”
The AI music startup Suno scraped millions of songs, lyrics, and podcasts from YouTube Music, Deezer, Genius, and a string of stock-audio libraries to train its models, according to 404 Media, which reviewed internal data provided by a hacker who breached the company. The intrusion also exposed account information for hundreds of thousands of customers, including emails, phone numbers, and Stripe payment records.
Dataset notes in source code apparently from 2023 and 2024 tally 113,879 hours of YouTube Music audio alone, plus tens of thousands more from Pond5, Deezer, and other libraries—decades of music in total. Other files show Suno routing its YouTube scraping through Bright Data proxies and using PodcastIndex to target roughly 1 million hours of podcasts. The hacker, who goes by ellie.191, says they broke in by compromising an employee with the Shai-Hulud worm.
The files seemingly corroborate the record industry’s central allegation that Suno pulled songs directly from YouTube. The company, which argues that its training qualifies as fair use and settled with Warner Music Group last November, said the breach involved outdated code and no sensitive personal information—though customers whose data appeared in a sample shared with 404 Media said they were never notified.
The original lawsuit was filed in 2023 and claimed Twitter hosted thousands of cases of copyright infringement.
A three-years-long legal battle between X and major music publishers has quietly come to an end. In court documents filed by both X and a group of music publishers, both sides opted to dismiss their opposing lawsuits while not disclosing the terms of the settlement (via Reuters).
The feud began in 2023 when a group of music publishers led by the National Music Publishers Association (NMPA) sued the social media platform, which was still known as Twitter at the time. The $250 million lawsuit claimed that Twitter allowed for rampant cases of copyright infringement from its users, while also not doing anything to stop it. Notably, Twitter was one of the only major social media platforms that didn’t have a licensing agreement with music publishers.
In response, Twitter, now known as X, countered with its own lawsuit nearly three years later, claiming that these music publishers engaged in anticompetitive practices that would force the platform to license their songs for higher rates. Even before the latest agreement to dismiss both suits, X requested as recently as last month that the court dismiss the case claiming it shouldn’t be held responsible for user piracy.
So far, neither side has offered any explanation for the dismissals. However, court documents show that X and the music publishers requested to dismiss both suits “with prejudice,” so that they’re permanently dismissed and won’t be refiled. We’ve reached out to NMPA for comment and will update the story if we hear back.
Why you can trust TechRadar
We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.
On first impressions, the Laifen T1 Pro wows. Open the box and you’re greeted with Apple-inspired packaging, while the shaver itself immediately looks the part. Its CNC-machined unibody aluminium body looks and feels genuinely premium and, if you’re used to cheaper shavers like the Philips OneBlade – my usual razor – it’s impossible not to grin at the magnetically attached shaving head, which somehow manages to feel genuinely futuristic.
Modern conveniences like USB-C charging, an aeroplane mode to stop the power button being pressed in your bag while travelling and IPX7 waterproofing all add to the premium feel. Based on the spec sheet and those first impressions, you’d be forgiven for thinking the Laifen T1 Pro was one of the best electric shavers on the market.
The problem is that, with a shaver, the only thing that really matters is the shave itself, and that’s where the Laifen T1 Po disappoints. I shave twice a week and have fairly coarse stubble, and despite repeated attempts the T1 Pro simply couldn’t deliver a comfortable shave and often snagged on my hairs, which was painful and left me with patchy stubble. You have to limit your expectations a bit with single-blade razors, but I’ve been getting an effective shave with my Philips OneBlade for years, and often I found myself reaching for it to finish up and get the hairs that survived the T1 Pro’s efforts.
This leaves the Laifen T1 Pro in an awkward position. It’s beautifully designed and genuinely pleasant to use in every respect until it comes to shaving, but if I have to reach for a second razor to finish the job, the premium build and thoughtful features become little more than a nice distraction. I’d love to see Laifen revisit the shaving head in a future model because the engineering elsewhere is genuinely impressive, but as it stands I can’t recommend the T1 Pro.
The Laifen T1 Pro launched in September 2025. Listing prices vary but are consistent with other premium shavers. In the US it’s currently selling for around $129, in the UK it’s £149 and in Australia it’s $239. However, it doesn’t come with a case, cleaning materials or anything else so it may feel steep in comparison
The Laifen T1 Pro makes an excellent first impression. Unlike the plastic-bodied shavers that dominate the market, the T1 Pro is built around a CNC-machined unibody aluminium chassis that immediately feels more like a premium gadget than a bathroom appliance. The fit and finish are excellent, while the magnetically-attached shaving head snaps satisfyingly into place and makes cleaning refreshingly simple.
Laifen has also packed in plenty of thoughtful features. USB-C charging means one less proprietary cable to keep track of, an airplane mode prevents the power button from being accidentally pressed in your luggage, and the IPX7 waterproof rating means you can use the shaver wet or dry before simply rinsing it under the tap to clean it up.
The compact dimensions work in the T1 Pro’s favour. It’s comfortable to hold despite the lack of any rubberized grip, and the aluminum body never felt slippery during my testing, even during a heatwave when I was, perhaps a little sweatier than I’d like to admit. Its low weight, just 3.3oz / 93g, makes it easy to use precise movements in the tricky areas like the jawline and around the mouth — areas that can be difficult with larger, clunkier, shavers.
It’s a minor thing, but I found myself squeaking with joy each time I opened the little cap at the bottom of the razor to reveal the USB-C charging port. It’s a small thing, but the cap fits so neatly in and comes away so delicately it sparks joy every time I charged it.
In many ways, the T1 Pro feels like the product of a company obsessed with industrial design. From the premium materials to the magnetic shaving head and clean, minimalist aesthetic, there’s very little to criticize about the hardware itself.
Ultimately, the Laifen T1 Pro lives or dies by the quality of its shave, and that’s where it struggles. I have fairly coarse facial hair and typically shave twice a week, which proved to be a challenge the T1 Pro never really overcame.
Rather than cutting cleanly through my stubble, the shaver frequently pulled at beard hairs, making each shave less comfortable than it should have been. It also struggled to achieve an even finish. Even after several passes, I was often left with patches of missed stubble that required further attention. The trimmer head was more prone to this snagging, but the shaver head didn’t eliminate the problem and also left my skin irritated.
The T1 Pro’s light weight makes it easier to use, but its small size means covering your face takes longer than with a larger foil shaver. As a result, multiple passes quickly became the norm, and each additional pass increased the likelihood of the shaver snagging on thicker patches of hair.
I repeatedly found myself reaching for another razor to finish the job. Not only did it clean up the areas the T1 Pro had missed, but it also did so more comfortably. That’s difficult to overlook given the T1 Pro’s premium price.
The 120-minute battery life is excellent and should last most people several weeks between charges.
Unfortunately, The Laifen T1 Pro looks and feels like a premium electric shaver, but in my experience it simply doesn’t deliver the shave the design promises, which makes it impossible to travel with because I also have to toss a second razor into my bag.
|
Attribute |
Notes |
Score |
|---|---|---|
|
Value |
A disappointing shave that is often painful. |
2/5 |
|
Design |
Beautifully designed with some thoughtful choices. |
4/5 |
|
Performance |
A premium price backed up by the design but not the shave. |
1/5 |
First reviewed July 2026
Sometimes you see a project and immediately, before going into the details, your mind throws up the old refrain: “coulda used a 555” — well, [Hulk] actually agrees when it comes to his ESP32-based, 3D printed roulette wheel. The first version did use a 555, but then feature creep kicked in and the final project ended up with an ESP32 instead. We’ve all been there.
The roulette wheel circuit is retained from the 555 version, with the ESP32 providing clock pulses instead of the venerable oscillator chip — it uses a pair of decade counters to create the chase effect of the LED around the wheel. With a handsome printed enclosure, [Hulk] could have stopped there, but then he’d have to keep track of scoring and the like manually like some kind of dark age peasant. It’s the 21st century, we have computers to to that for us!
Now, even though the ESP32 is still driving the LED chase via the decade counters, it can keep track of where the “ball” of light lands, and reports that via WiFi or serial. While it would have been an option to run the whole game on the ESP32. [Hulk] just has those values put into an SQL database on a server, which also runs the game front-end via PHP. The resulting web page lets two players make their bets and track their wins and losses over time. You can see that in action in the video embedded below.
Overkill? Sure, but we suspect [Hulk] already had the equipment and experience to make this the fastest way to get a playable game. There are easy ways to serve web content from an ESP32, but the easiest tool to use is always the one in your back pocket, right?
JK Rowling has spoken about how she wrote the first Harry Potter book while she was employed at Amnesty International and how much that experience influenced her writing, and how she learned “the power of human empathy” from working there. Rowling was also, you’ll recall, one of the high profile signers of the infamous Harper’s Letter on “open debate.”
Now she’s threatening to bankrupt Amnesty International for expressing an opinion about Beira’s Place, a “women only” charity Rowling created.
Amnesty International UK had released a report, expressing its well-supported opinion about so-called “anti-rights actors,” specifically calling out a number of groups that it believed, through their statements or actions, sought to “restrict human rights by undermining human rights protections in law and practice.” It had a section on “anti-gender” efforts by some groups which have targeted trans rights and pointed out that:
“Human rights are interconnected and mutually reinforcing. When the rights of one group are restricted, protections for others can also be weakened, even where the effects are not immediately visible.”
This should be a fairly non-controversial statement. But, the report named a number of organizations that it deemed to be “gender critical,” which are, in effect, organizations that have — through their words or actions — done damage to trans rights in particular, and the wider LGBTQ+ space.
No matter your stance on any of this, expressing an opinion about an organization should be seen as part of their free speech and… what’s the term Rowling used in the Harper’s letter? Right, “open debate.”
But, no, not here. One of the organizations that Amnesty mentioned was Beira’s Place, which Rowling helped create as an organization to provide support for female victims of sexual violence. However, aligned with Rowling’s transphobic views and campaigning, the organization proudly insists that it is for “women only.” Beira’s Place and the constant verbiage surrounding it about being for “women only” have certainly contributed to the sense that it is another part of Rowling’s transphobic mission to diminish and deny rights of transgender women.
To look at Rowling’s X feed, for example, is to witness a near never-ending stream of gleefully obnoxious and petty attacks on trans people who speak up for their own rights. I’d post examples, but I’d rather not give any more attention to that sort of hateful messaging.
Thus it’s entirely reasonable to have and express the opinion that Beira’s Place and other operations that refuse to recognize the rights of trans women (and trans men) are “anti-rights.” I mean, literally part of Beira’s Place’s messaging to the world has been its anti-trans stance.
After all, as the statement above notes, when you deny rights to one group, you are weakening rights for all. And, look, even if you somehow agree with Rowling, if you actually believed in free speech and “open debate” you should at least support Amnesty UK in expressing their opinion that being anti-trans is being anti-rights.
But Rowling seems to absolutely loathe any actual “open debate” regarding her views towards the trans community. Thus, she spoke out angrily about the Amnesty report, leading to a media fury, and causing the organization to pull it down. She has also demanded an apology and threatened to sue the organization:
Lawyers acting for the centre have threatened Amnesty with court action unless it permanently withdraws the report, publicly apologises to the blacklisted groups and commissions an external investigation into how it came to be published.
The letter said: “The [Amnesty] report has wrongly labelled all associated with Beira’s Place, including those accessing support as anti-rights bigots who are seeking to weaken human rights.
“This is a shocking way to describe those who are seeking help to overcome the trauma of sexual violence. There is no basis for these allegations, and our client, with the support of its founder JK Rowling, will not sit back and allow the reputation of Beira’s Place or those who access its support to be tarnished in this way.”
And to make it clear she seeks to burden Amnesty UK with as many costly lawsuits as possible, she’s offering to fund other organizations that wish to sue Amnesty International UK over this report.

That’s her tweeting:
Should any of the women’s organisations targeted by Amnesty UK’s recent ‘anti-rights’ blacklist wish to take legal action, applications can be made to the JK Rowling Women’s Fund.
So much for free speech and open debate, huh?
Rowling has a right to express her own bigotry and hateful views. But Amnesty International and anyone else should also be able to express their opinion that by her words and her deeds she is doing real harm to the rights of trans people worldwide. But Rowling is making every effort to shut that down.
I am sure that Rowling and her supporters will claim, ridiculously, that because she views Beira’s Place and her other anti-trans activism as “pro-women’s rights” that it is somehow defamatory to call it anti-rights. But that’s why it’s a protected opinion. Whether or not one’s views and actions are pro or anti-rights is, inherently, an opinion.
My opinion is that Rowling is a hateful, angry woman who has done tremendous harm to some of the most marginalized people in the world for no reason at all, and her wink wink nod nod “I’m just supporting women’s rights” bullshit as cover for that is both craven and pathetic. She has contributed to a hateful, anti-rights movement that has put millions of people at greater risk. That she is now seeking to effectively silence and potentially destroy the organization that she, herself, claims was so valuable in getting her to understand the value of human empathy is a particularly sad statement on where her life has taken her.
Meanwhile, I’m still waiting for literally any of her Harper’s Letter co-signers to call out her attacks on the organization’s speech, and threats to their existence for expressing an opinion she doesn’t like. Apparently, that kind of “open debate” is too much?
Filed Under: defamation, free speech, human rights, jk rowling, lgbtq, terfs, trans rights
Companies: amnesty international, beira’s place
London Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
Weekend Open Thread – Corporette.com
The House | The City of London can help the new chancellor deliver growth in every postcode
CFTC blocks Kalshi from unwinding Michigan trades after court order
Young campaigners urge incoming PM to act on outdoor junk food ads
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
Ripple Payments Joins MiCA With 14 Firms, Does It Mean Anything For XRP?
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
Ripple wins EU-wide access as ESMA adds it to MiCA register
Palantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
Get Your ESP32 Sunny Side Up With This Solar Dev Board
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Injective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
Dark Secrets Emerge When Jailbreaking LLMs
Registration is now open for March for Men with Kev 2026
New Cornerback Enters Vikings Trade Rumor Mill
Money | Class 12 Economics | CBSE Board Exam 2026-27
Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Durham County Council to send out electoral registration emails
You must be logged in to post a comment Login