OPPO has just expanded it’s Reno 15-series lineup with the all-new Reno 15C. With it, the Chinese smartphone maker is targeting users looking for a compact smartphone with strong camera capabilities and long battery life. To mark the start of sales, OPPO is offering multiple launch benefits, including bank discounts of up to ₹3,500, exchange offers, cashback, no-cost EMI options, and zero down payment schemes across online and offline channels.

Display and Software

The OPPO Reno 15C features a 6.57-inch flat AMOLED display with Full HD+ resolution and a 120Hz refresh rate. The panel offers up to 1,400 nits of peak brightness. Powering the device is the Qualcomm Snapdragon 6 Gen 1 processor.

On the software front, the Reno 15C runs Android 16 with ColorOS 16 on top. The smartphone also carries IP66, IP68, and IP69 certifications, offering resistance against dust and water.

Camera

The Reno 15C comes with a triple rear camera setup consisting of a 50MP primary sensor, an 8MP ultra-wide camera, and a 2MP macro lens. On the front, the phone features a 50MP selfie camera that supports 4K HDR video recording at up to 60fps.

OPPO has also included AI-powered camera features such as AI Pop Out, AI Flash Photography 2.0, and AI Motion Photo slow-motion to enhance photography and video recording.

Battery and Charging

Battery life is one of the highlights of the Reno 15C. The smartphone packs a 7,000mAh battery, aimed at delivering extended usage with fewer charging breaks. It supports 80W SUPERVOOC fast charging, allowing the device to be topped up quickly when needed.

Positioned as the most affordable model in the Reno 15 lineup, the Reno 15C sits below the Reno 15, Reno 15 Pro, and Reno 15 Pro Mini, offering a more balanced feature set at a lower price point.

Price and Availability

The OPPO Reno 15C is available in two storage variants in India. OPPO has priced the 8GB RAM with 256GB storage model at Rs 34,999, while the 12GB RAM with 256GB storage variant costs Rs 37,999. The smartphone comes in Afterglow Pink and Twilight Blue colour options. Furthermore, users can pre-order the phone through Amazon, Flipkart, and the OPPO online store. The device will also be available at selected offline retail stores.

Hackers are exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to deploy legitimate tools for malicious purposes, such as the Zoho ManageEngine remote monitoring and management tool.

The attacker targeted at least three organizations and also leveraged Cloudflare tunnels for persistence, and the Velociraptor cyber incident response tool for command and control (C2).

The malicious activity was spotted over the weekend by researchers at Huntress Security, who believe that it is part of a campaign that started on January 16 and leveraged recently disclosed SolarWinds WHD flaws.

“On February 7, 2026, Huntress SOC analyst Dipo Rodipe investigated a case of SolarWinds Web Help Desk exploitation, in which the threat actor rapidly deployed Zoho Meetings and Cloudflare tunnels for persistence, as well as Velociraptor for means of command and control,” Huntress says.

According to the cybersecurity company, the threat actor exploited the CVE-2025-40551 vulnerability, which CISA flagged last week as being used in attacks, and CVE-2025-26399.

Both security problems received a critical severity rating and can be used to achieve remote code execution on the host machine without authentication.

It’s worth noting that Microsoft security researchers also “observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk (WHD) instances,” but they did not confirm exploitation of the two vulnerabilities.

Attack chain and tool deployment

After gaining initial access, the attacker installed the Zoho ManageEngine Assist agent via an MSI file fetched from the Catbox file-hosting platform. They configured the tool for unattended access and registered the compromised host to a Zoho Assist account tied to an anonymous Proton Mail address.

The tool is used for direct hands-on keyboard activity and Active Directory (AD) reconnaissance. It was also used to deploy Velociraptor, fetched as an MSI file from a Supabase bucket.

Velociraptor is a legitimate digital forensics and incident response (DFIR) tool that Cisco Talos recently warned was being abused in ransomware attacks.

In the attacks observed by Huntress, the DFIR platform is used as a command-and-control (C2) framework that communicates with attackers via Cloudflare Workers.

The researchers note that the attacker used an outdated version of the Velociraptor, 0.73.4, which is vulnerable to a privilege escalation flaw that allows increasing permissions on the host.

The threat actor also installed Cloudflared from Cloudflare’s official GitHub repository, using it as a secondary tunnel-based access channel for C2 redundancy.

In some cases, persistence was also achieved via a scheduled task (TPMProfiler) that opens an SSH backdoor via QEMU.

The attackers also disabled Windows Defender and Firewall via registry modifications to make sure that fetching additional payloads would not be blocked.

“Approximately a second after disabling Defender, the threat actor downloaded a fresh copy of the VS Code binary,” the researchers say.

Security updates and mitigation

System administrators are recommended to upgrade SolarWinds Web Help Desk to version 2026.1 or later, remove public internet access to SolarWinds WHD admin interfaces, and reset all credentials associated with the product.

Huntress also shared Sigma rules and indicators of compromise to help detect Zoho Assist, Velociraptor, Cloudflared, and VS Code tunnel activity, silent MSI installations, and encoded PowerShell execution.

Neither Microsoft nor Huntress attributed the observed attacks to any specific threat groups, and nothing about the targets was disclosed beyond Microsoft characterizing the breached environments as “high-value assets.”

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

As fans of the vinyl revival, we’re excited when record players of any kind get their moment in the sun. So when watching the Olympics over the weekend, I was quite surprised and pleased to see a very distinctive looking turntable featured in a car commercial. The turntable was VPI’s flagship Titan Direct and the car is the first all-electric vehicle from Lexus, the RZ SUV.

While I’m happy to see this well-regarded luxury auto-maker take the plunge into fully electric vehicles — and delighted to see them highlighting a high-end Hi-Fi system in the ad — I was struck by the irony that the turntable featured in the ad, the VPI Titan Direct ($95,000), sells for approximately twice the cost of the Lexus EV ($47,295). Even if you load up the premium trim of the Lexus RZ with its top of the line “Mark Levinson” (powered by Harman) 13-speaker 1,800-Watt sound system, you’re still out the door for under $60,000. Though sadly, you won’t get Dolby Atmos with that.

Meanwhile, for $95,000, the VPI Titan Direct doesn’t even come with a cartridge. It does, however, come with the company’s 12-inch 3D-printed Fatboy Gimbal tonearm, known for its rigidity and its unique triangular-to-circular taper, which is said to reduce resonance and improve tracking. The tonearm features precision gimbal bearings, upgraded Nordost Reference wiring, and a micrometer-style counterweight for simple and accurate tracking force adjustment.

The Titan Direct turntable itself features a high mass magnetic direct drive design, pneumatic air-suspension isolation, and a gorgeous triple-stack chassis designed for maximum resonance control. While the version shown in the ad only had a single tonearm installed, the ‘table supports up to three tonearms of virtually any length or manufacturer. This gives audiophiles the option to switch among different tonearm/cartridge combinations instantly, without lengthy set-up for the swaps.

Lexus RZ: Is It a Souped Up Toyota?

As for the car, if it looks a bit familiar, that’s because it shares the chassis, wheelbase, e-TNGA platform and basic silhouette of its Toyota sibling, the BZ4x. But the Lexus version features more distinctive styling including a more aggressive “spindle body” front end, a rear spoiler, more refined interior and higher overall performance. With up to 402 total system horsepower and 0–60 MPH times as quick as 4.1 seconds (on the 550e F SPORT trim), the RZ offers a sporty feel for a little fun after dropping off the little tykes at soccer practice.

The RZ’s built-in 71.4 kWh battery offers 228 to 302 miles of range, depending on configuration, and its integrated DC fast-charging system can recharge from roughly 10% to 80% capacity in around 30 minutes at a high speed DC charger. U.S. versions of the RZ feature the NACS charging port, making it compatible with a wide range of DC fast chargers (including most chargers in the Tesla supercharger network).

Unlike Ford and GM (and, of course, Tesla), Lexus is very late to the EV game, thanks to its parent company Toyota dragging its feet on full electric vehicles and betting the farm on hybrid vehicles instead. While popular hybrid cars like the Toyota Prius can get higher fuel efficiency than their ICE (Internal Combustion Engine) counterparts, their combustion engines still require regular maintenance like oil changes, tune-ups, belt changes and more, leading to overall higher cost of ownership, compared to EVs.

A modern EV drive train includes only a few dozen moving parts, from battery to motor to linkage to wheels. Meanwhile modern ICE engines can include over 2,000 moving parts, each of which is a potential point of failure over time. Also, even a highly efficient hybrid vehicle’s on-board combustion engine produces local emissions at the tailpipe, which contribute toward local air pollution (particularly in cities) while an ICE contributes zero local emissions and can be powered by green energy sources such as solar, wind and hydro-electric power.

While modern EVs still rarely exceed 300 miles of range, the build-out of DC fast charging stations is making long distance road trips more feasible, and the lower NVH (Noise, Vibration and Harshness) of an EV leads to less driver fatigue over long distances.

The Bottom Line

We’re happy to see distinctive high-end audio gear used to promote EV technology. And while you could buy two of the cars for the cost of one of the turntables, there’s nothing to say you can’t buy one of each if you’ve got the means. Just don’t try installing the turntable in the car. That would not end well. You might scratch a record.

Related Reading:

VPI, Tannoy and Upscale Audio Team Up for Great Sounds at T.H.E. Show 2023

Pioneer Sphera Head Unit adds Dolby Atmos Surround to Virtually Any Car

SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data.

The company’s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM) set up by an employee.

“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed throughout our network,” Curtis explained.

“Unfortunately, we were unaware of one VM, set up by an employee, that was not being updated. As a result, that mail server was compromised, which led to the breach.”

Although SmarterTools assures that customer data wasn’t directly impacted by this breach, 12 Windows servers on the company’s office network, as well as a secondary data center used for laboratory tests, quality control, and hosting, were confirmed to have been compromised.

The attackers moved laterally from that one vulnerable VM via Active Directory, using Windows-centric tooling and persistence methods. Linux servers, which constitute the majority of the company’s infrastructure, were not compromised by this attack.

The vulnerability exploited in the attack to gain access is CVE-2026-23760, an authentication bypass flaw in SmarterMail before Build 9518, which allows resetting administrator passwords and obtaining full privileges.

SmarterTools reports that the attacks were conducted by the Warlock ransomware group, which has also impacted customer machines using a similar activity.

The ransomware operators waited roughly a week after gaining initial access, the final stage being encryption of all reachable machines.

However, in this case, Sentinel One security products reportedly stopped the final payload from performing encryption, the impacted systems were isolated, and data was restored from fresh backups.

Tools used in the attacks include Velociraptor, SimpleHelp, and vulnerable versions of WinRAR, while startup items and scheduled tasks were also used for persistence, according to the company.

Cisco Talos reported in the past that the threat actors were abusing the open-source DFIR tool Velociraptor.

In October 2025, Halcyon cybersecurity company linked the Warlcok ransomware gang to a Chinese nation-state actor tracked as Storm-2603.

ReliaQuest published a report earlier today confirming that the activity is linked to Storm-2603, with moderate-to-high confidence.

“While this vulnerability allows attackers to bypass authentication and reset administrator passwords, Storm-2603 chains this access with the software’s built-in ‘Volume Mount’ feature to gain full system control,” ReliaQuest said.

“Upon entry, the group installs Velociraptor, a legitimate digital forensics tool it has used in previous campaigns, to maintain access and set the stage for ransomware.”

ReliaQuest also saw probes for CVE-2026-24423, another SmarterMail flaw flagged by CISA as actively exploited by ransomware actors last week, although the primary vector was CVE-2026-23760.

The researchers note that CVE-2026-24423 provides a more direct API path to achieve remote code execution, but CVE-2026-23760 can be less noisy, blending into legitimate administrative activity, which is why Storm-2603 might have opted for that one instead.

To address all recent flaws in the SmarterMail product, administrators are recommended to upgrade to Build 9511 or later as soon as possible.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

Fraud protection is a race against scale. 

For instance, Mastercard’s network processes roughly 160 billion transactions a year, and experiences surges of 70,000 transactions a second during peak periods (like the December holiday rush). Finding the fraudulent purchases among those — without chasing false alarms — is an incredible task, which is why fraudsters have been able to game the system. 

But now, sophisticated AI models can probe down to individual transactions, pinpointing the ones that seem suspicious — in milliseconds’ time. This is the heart of Mastercard’s flagship fraud platform, Decision Intelligence Pro (DI Pro). 

“DI Pro is specifically looking at each transaction and the risk associated with it,” Johan Gerber, Mastercard’s EVP of security solutions, said in a recent VB Beyond the Pilot podcast. “The fundamental problem we’re trying to solve here is assessing in real time.”

How DI Pro works

Mastercard’s DI Pro was built for latency and speed. From the moment a consumer taps a card or clicks “buy,” that transaction flows through Mastercard’s orchestration layer, back onto the network, and then on to the issuing bank. Typically, this occurs in less than 300 milliseconds. 

Ultimately, the bank makes the approve-or-decline decision, but the quality of that decision depends on Mastercard’s ability to deliver a precise, contextualized risk score based on whether the transaction could be fraudulent. Complicating this whole process is the fact that they’re not looking for anomalies, per se; they’re looking for transactions that, by design, are similar to consumer behavior. 

At the core of DI Pro is a recurrent neural network (RNN) that Mastercard refers to as an “inverse recommender” architecture. This treats fraud detection as a recommendation problem; the RNN performs a pattern completion exercise to identify how merchants relate to one another. 

As Gerber explained: “Here’s where they’ve been before, here’s where they are right now. Does this make sense for them? Would we have recommended this merchant to them?” 

Chris Merz, SVP of data science at MasterCard, explained that the fraud problem can be broken down into two sub components: A user’s pattern behavior and a fraudster’s pattern behavior. “And we’re trying to tease those two things out,” he said. 

Another “neat technique,” he said, is how Mastercard approaches data sovereignty, or when data is subject to the laws and governance structures in the region where it is collected, processed, or stored. To keep data “on soil,” the company’s fraud team relies on aggregated, “completely anonymized” data that is not sensitive to any privacy concerns and thus can be shared with models globally. 

“So you still can have the global patterns influencing every local decision,” said Gerber. “We take a year’s worth of knowledge and squeeze it into a single transaction in 50 milliseconds to say yes or no, this is good or this is bad.”

Scamming the scammers

While AI is helping financial companies like Mastercard, it’s helping fraudsters, too; now, they’re able to rapidly develop new techniques and identify new avenues to exploit.  

Mastercard is fighting back by engaging cyber criminals on their turf. One way they’re doing so is by using “honeypots,” or artificial environments meant to essentially “trap” cyber criminals. When threat actors think they’ve got a legitimate mark, AI agents engage with them in the hopes of accessing mule accounts used to funnel money. That becomes “extremely powerful,” Gerber said, because defenders can apply graph techniques to determine how and where mule accounts are connected to legitimate accounts. 

Because in the end, to get their payout, scammers need a legitimate account somewhere, linked to mule accounts, even if it’s cloaked 10 layers down. When defenders can identify these, they can map global fraud networks.

“It’s a wonderful thing when we take the fight to them, because they cause us enough pain as it is,” Gerber said. 

Listen to the podcast to learn more about: 

• How Mastercard created a “malware sandbox” with Recorded Future; 

• Why a data science engineering requirements document (DSERD) was essential to align four separate engineering teams;

• The importance of “relentless prioritization” and tough decision-making to move beyond “a thousand flowers blooming” to projects that actually have a strong business impact;

• Why successful AI deployment should incorporate three phases: ideation, activation, and implementation — but many enterprises skip the second step. 

Listen and subscribe to Beyond the Pilot on Spotify, Apple or wherever you get your podcasts.

Sony has all but confirmed what the leaks have been hinting at for months: a new pair of flagship earbuds is on the way.

The company has released a short teaser video for the WF-1000XM6, confirming that its next-generation wireless buds are “coming soon”. In addition, a full reveal is set for February 12 at 8am PT.

While the teaser doesn’t give much away on paper, it does make it clear that Sony is getting ready to refresh one of the most respected noise-cancelling earbud lines around. The WF-1000X series has long sat at the top of Sony’s audio lineup. Now, the XM6 looks set to continue that run.

The video itself only briefly shows the earbuds in shadow, but by this point the design isn’t exactly a mystery. Full renders have already leaked, suggesting a refined look rather than a dramatic redesign. Expect a similar premium feel, with subtle tweaks aimed at comfort and wearability rather than a radical change in direction.

As ever, active noise cancellation is expected to be the headline feature. Sony’s ANC performance has consistently ranked among the best in the business, and there’s little reason to think the WF-1000XM6 will be any different. While Sony hasn’t confirmed specific specs yet, improved processing and smarter noise handling feel like safe bets for a generational update.

YouTube TV announced plans to introduce new genre-specific bundles last year to give users the flexibility to pick and pay for the content they actually want to watch. Four of these bundles are now live in the US, with the platform planning to roll out over ten bundles across Sports, News, Entertainment, and Family content in the coming weeks.

YouTube TV announced the rollout in a recent blog post, highlighting the content included in the introductory bundles and their pricing. The base Sports plan, priced at $64.99/month, will give subscribers access to all major broadcasters, alongside sports networks like FS1, NBC Sports Network, and all of ESPN networks. Subscribers ill also gain access to ESPN Unlimited this fall.

The Sports + News plan includes everything from the Sports plan, along with national news networks such as CNBC, Fox News, MSNBC, CNN, CSPAN, Bloomberg, and Fox Business. It’s priced at $71.99/month. The Entertainment plan, which is the most affordable of the four, costs $54.99/month and includes all major broadcasters and content, “ranging from FX dramas to Hallmark classics, with channels such as Comedy Central, Bravo, Paramount, Food Network, HGTV, and many more.”

Finally, the News + Entertainment + Family plan, priced at $69.99/month, combines news and entertainment channels with family content like Disney Channel, Nickelodeon, National Geographic, Cartoon Network, PBS Kids and more.

YouTube TV bundles offer big savings, especially for new subscribers

All four bundles is priced lower than the main YouTube TV plan, the platform’s most comprehensive offering with over 100 networks across genres. For those who haven’t previously subscribed to YouTube TV, the bundles are available at a discount.

The Sports plan is available for $54.99 per month for the first year, while the Sports + News, Entertainment, and News + Entertainment + Family plans are priced at $56.99, $44.99, and $59.99/month, respectively, for the first three months.

• EWS doesn’t deliver security, scale and reliability to today’s standards
• It will be shut down for cloud environments from April 2027
• ‘Scream tests’ will help show any dependencies

Microsoft has confirmed it will be phasing out Exchange Web Services (EWS) for Microsoft 365 and Exchange Online after nearly two decades of services, and we’ve been given all the key dates.

As soon as October 2026, the company will disable EWS by default for Exchange Online tenants, with the final shutdown set for April 1, 2027.