Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Microsoft announced on Wednesday that systems running Windows 10 Enterprise LTSB 2016 and Home and Pro editions of Windows 11 24H2 will stop receiving updates in three months.
However, as the company explains on its support website, Enterprise and Education editions will remain under mainstream support until October 12, 2027.
“On October 13, 2026, Windows 11, version 24H2 Home and Pro editions, and Windows 10 Enterprise LTSB 2016 will reach end of updates,” Microsoft warned yesterday in a message center update.
“After this date, devices running these editions will no longer receive monthly security and non-security preview updates containing protections from the latest security threats.”
Customers are advised to upgrade to Windows 11 25H2 (also known as the Windows 11 2025 Update), which became generally available in September 2024 as a minor update installed on version 24H2 through an enablement package.
Devices running Windows 11 24H2 Home and Pro that aren’t managed by IT departments will receive the Windows 11 25H2 update automatically, but they’ll still be able to postpone the update or choose when to restart.
“If you have an eligible Windows 10 or Windows 11 device, you can check whether the update is available by selecting Settings > Windows Update and selecting Check for updates. If your device is ready for the update, you’ll see the option to Download and install Windows 11, version 25H2,” Microsoft added.
You can find more details about Windows servicing dates on the Windows Lifecycle FAQ page or using the Lifecycle Policy search tool. Microsoft also provides a list of products that it will retire or reach the end of support in 2025.
Microsoft also stopped rolling out security updates to devices running Home and Pro editions of Windows 11 23H2 in November.
More recently, in June, it quietly extended the free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year. Following this extension, Microsoft is now allowing enrolled devices to continue receiving security updates until October 12, 2027.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
As you walk into XPeng’s Munich showcase event, you’re greeted by, I kid you not, a giant wooden Trojan horse. Not exactly a subtle message from a Chinese brand announcing its first-ever global release of an electric vehicle, right in the backyard of the German auto industry.
It’s hard to believe that XPeng was founded just shy of 12 years ago. Yet by 2020 it was already shipping EVs to Norway, marking the start of the Chinese company’s European journey. Today, alongside cars, it has robots and flying cars in its commercial product portfolio.
Look at the top 10 EV manufacturers in China by volume, and you won’t find XPeng, but it’s growing and has forged a bigger reputation outside of its home country. Now it wants to go global with its latest model, the L03, the brand’s first new car that will launch in 60 countries across Europe, Latin America, the Middle East, and the Asia-Pacific.
The L03 is a big play for XPeng because this is its “budget” model, starting at €35,600 (about $40,000), priced to sit below its G6 Tesla Model Y competitor, and to sell in volume.
Yes, the L03 is the company’s mass-market play. Despite the keen pricing, XPeng has sought to make the specs attractive: a claimed WLTP 320-mile range; fast charging from 10 to 80 percent in 20 minutes; panoramic glass roof; heated and cooled massage seats; 256-color ambient lighting; brushed metal speaker covers; an impressive 0.228 drag coefficient to squeeze out more range; smart parking; a 15.6-inch 2.5K central screen; 27-inch HUD; AI-powered voice control; and even Google Maps built in.
All this and more come as standard, whether you go for the vanilla model, the Long Range, AWD, or Ultra. The phrase XPeng keeps using for this embarrassment of riches is “beyond class.” It wants the L03 to go toe-to-toe with EVs in the segment above it—cars like the Volkswagen ID.4.
Performance? Well, the five-seat, 4,650-mm L03 can hit 0 to 60 mph in just 4.5 seconds on the top models, but this drops to 7.5 seconds on the Standard Range base version.
Photograph: Courtesy of XPeng
The two technologies work in tandem.
You get in the car, turn it on, and your phone just connects to your entertainment system. Wireless Android Auto launches automatically on the dashboard and you’re good to go. No cable. No fumbling to plug anything in. You don’t even have to dig out your phone from your bag or pockets. But here’s something most drivers don’t realize: the “wireless” experience of Android Auto actually requires running two separate connections at the same time: Bluetooth and Wi-Fi.
Why both? That’s a good question and the short answer is that neither technology can do the job alone.
Bluetooth handles two specific jobs when it comes to wireless Android Auto: the initial handshake between phone and car and hands-free calling. The handshake is what kicks off the whole process. Bluetooth, as a technology, is energy-efficient and low-power, so your phone can scan for your car’s system in the background, pair the two, and exchange the credentials needed to launch a Wi-Fi connection. The only thing you have to do is to turn on your car.
Handling hands-free calls is Bluetooth’s second job in your car. Android Auto routes audio through your car’s speakers using the Hands-Free Protocol. If you disable Bluetooth during your drive for any reason, it simply kills the connection. For these two reasons, you can’t run wireless Android Auto without Bluetooth.
As mentioned, Bluetooth also launches a Wi-Fi connection. So, why does Android Auto turn on Wi-Fi? Because Bluetooth tops out at around 2-3 Mbps of data throughput. That’s enough for audio alone, but definitely not enough to stream a high-resolution map interface, audio and touch inputs.
Once the Bluetooth handshake is complete and your device is paired to your car, your phone connects to a local, peer-to-peer 5GHz Wi-Fi Direct network. This is where the magic happens. Wi-Fi Direct provides the bandwidth needed to handle everything else from the user interface to high-quality audio from your streaming services, and the sensor data (GPS details, odometer, touch inputs on the screen, voice commands, ambient light, etc).
Google’s Android Auto developer documentation clearly states that the 5Ghz Wi-Fi requirement is strict because standard Bluetooth lacks the bandwidth for continuous video projection. That’s also why older phone models without 5GHz Wi-Fi support simply can’t run wireless Android Auto.
Many vehicles (mine included) only support wired Android Auto. Thankfully, there are plenty of dongles available to purchase, such as the Carlinkit, AAWireless, and the Motorola MA1. These bridge the gap by using the same Bluetooth and Wi-Fi logic, just with an extra layer.
You plug this tiny dongle into your car’s USB port and it mimics a wired smartphone. The dongle then pairs with your phone over Bluetooth, establishing a data connection. Your phone then drops the Bluetooth data link and connects to the dongle over 5GHz Wi-Fi Direct before translating that Wi-Fi stream into the USB signal. As far as your car knows, you’re working with a standard wired connection. It’s an easy fix that won’t cost you a fortune.
Using wireless Android Auto is certainly convenient, but there are some downsides. First of all, both Bluetooth and Wi-Fi must stay on as turning off either of them breaks the connection. Maintaining an active 5GHz Wi-Fi connection on top of GPS and Bluetooth can definitely drain your device’s battery. On top of that, if you’re using a dongle, it can add a connection delay. You’ll also need to have a phone with 5G capabilities that is running Android 11 or newer.
Ultimately, wireless Android Auto works so smoothly because Bluetooth and Wi-Fi each handle the part of the job they’re best suited for. When you know what happens behind the scenes, it may sound complicated, but the result is worth it.
“If I can set up the system so that it runs my code when the admin user logs in,” the attacker has de facto administrator privileges, Will Dormann, a senior principal vulnerability analyst at Tharros Labs, said in an interview. “I don’t need to be an admin myself.”
In a post, he said that “the ability of a non-admin user to be able to modify the classes registry hive of an admin user is a pretty powerful primitive. Clever attackers or people who want to accomplish something will easily be able to figure out how to do things that are more interesting and/or don’t even require user interaction.”
Dormann said that the exploit could possibly be chained to a separate one that gives direct access to an administrative account.
As explained in a post by a different analyst: “When a new user is logging on, Windows needs to load the user’s class hive. Since the user isn’t logged on before logging on (tautology, I know), it can’t be loaded in the context of the user. So it is loaded in the context of NT AUTHORITY\SYSTEM. LegacyHive abuses this.”
In an emailed statement, Microsoft said it’s aware of the vulnerability report and is investigating. The company also noted its preference that vulnerability reporters follow a coordinated disclosure policy.
For now, Windows users who want to protect their systems against HiveLegacy can run a detection script published by independent researcher Kevin Beaumont. Other defenses are to restrict local non-user account creation, monitor ProfSvc for unexpected hive loads, and track NTUSER.DAT/UsrClass.dat activity.
An anonymous reader quotes a report from Krebs on Security: Microsoft today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild.
Two of the zero-day weaknesses allow an attacker to elevate their user rights on a Windows system, as do approximately 250 other elevation of privilege flaws fixed this month; they include CVE-2026-56155 – an Active Directory Federation Services bug — and CVE-2026-56164, a Microsoft Sharepoint vulnerability. CVE-2026-50661 is a security feature bypass in Windows BitLocker that could allow attackers to gain access to encrypted data if they have physical access to the device. Microsoft said this bug has been detailed publicly, but that it is not aware of any active exploitation.
In a blog post on July 9, Microsoft Executive Vice President Pavan Davuluri wrote that Windows users will notice “a higher volume of security updates included in each security release” as a result of AI aiding in the discovery of vulnerabilities. “The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,” Davuluri wrote.
Opusonix is the workflow-first platform built for music producers and engineers who are tired of endless email chains and scattered files. By centralizing feedback, versions, and tasks in one structured workspace, it helps you cut email traffic by up to 90% so you can focus more on creating and less on chasing approvals. From time-coded comments and version testing to album planning and client-friendly demo pages, Opusonix gives you the tools to manage every mix, project, and album with clarity and speed. It’s on sale for $50.
Note: The Techdirt Deals Store is powered and curated by StackSocial. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Filed Under: daily deal
Flock camera attacks and vandalism are happening nationwide, but when more than a dozen Flock automated license plate readers went down between April and October 2025 in Virginia, authorities started paying attention. Now, a U.S. Air Force engineer and mechanic is facing charges. Jeffrey Sovern faces 13 felony counts of destruction of property, six counts of petit larceny, and six counts of possession of burglary tools in connection with the Flock Safety camera takedowns across North Suffolk between April and October 2025. Sovern has pleaded not guilty.
The alleged vandalism began with cameras simply being redirected away from roads. Things soon escalated, with poles holding the cameras being knocked down. Finally, authorities started noticing cameras being thrown off bridges and onto interstates below.
Authorities were on the case as soon as they noticed Sovern’s gray pickup truck near one of the Flock cameras in question. From there, they obtained a warrant to place a GPS tracker on the car. That gave them enough to carry out a search warrant at Sovern’s home. While there, they recovered solar panels and other components believed to be from the destroyed camera systems.
Though Sovern’s the only one being charged in this particular case, it’s not just Virginia seeing pushback in response to Flock cameras. Since the company’s founding, Flock has signed contracts with more than 5,000 law enforcement agencies across nearly every state in the U.S, working out to over 20 billion license plate scans every month.
Flock cameras record a wide range of vehicle characteristics such as make, model, color, and distinguishing features, which proponents claim help law enforcement agencies better investigate crimes and identify suspects. On the flip side, many believe that Flock is creating a controversial surveillance network capable of tracking ordinary motorists who aren’t suspected of any criminal activity whatsoever, effectively violating their constitutional rights.
In Virginia, being charged with felony destruction of property entails having intentionally damaged or destroyed another person’s property, with the value of the damage being $1,000 or more. According to Suffolk police, each Flock camera installation includes an $800 camera, a $500 pole, and a $350 solar panel. With 13 different incidents total, Sovern faces 25 charges in all. And for a good idea of how fed up people are getting with Flock, he’s received over $15,000 in donations to support his case.
Loewe has expanded its premium TV range with the launch of the Antares, a new OLED television that pairs individually calibrated panels with a highly customisable design.
The German brand has also introduced an optional Antares soundbar. This gives buyers the option to upgrade the TV’s built-in audio without turning to a third-party speaker system.
Available in 42-inch, 48-inch, 55-inch and 65-inch sizes, the Loewe Antares starts at £2,500 / €2,500. Meanwhile, the matching soundbar costs £300 / €300.
Rather than focusing purely on picture quality, Loewe is pitching the Antares as a TV that can be tailored to suit different homes. Buyers can choose from interchangeable aluminium onlays in silver or black.
In addition, a range of installation options includes wall mounts, rotating floor stands and even a floor-to-ceiling stand. Some of the floor stands also support Loewe Magic.Motion. This allows the TV to rotate via the remote control.


Underneath the bespoke exterior is a 4K OLED panel, with each display individually calibrated at Loewe’s factory in Kronach, Germany. The company says this helps deliver more accurate colours and contrast. Moreover, there is support for leading HDR formats for a more cinematic viewing experience.
Audio has also received plenty of attention. The Antares features Loewe Invisible Sound technology with integrated speakers hidden within the chassis. However, users can also add the new 80W front-firing Antares soundbar for more powerful stereo sound. The TV can also operate as a centre speaker within a wider surround sound setup. Thus, it makes it easier to expand into a full home cinema system later.
On the smart side, the TV runs Loewe OS9, with support for streaming services including Netflix, Disney+, Prime Video, Apple TV+, YouTube and Spotify. It also includes AI-powered features and voice control. In addition, there is Apple AirPlay and Matter compatibility for smart home integration.
Gamers haven’t been overlooked either. The Antares supports HDMI 2.1, 4K at up to 144Hz, Variable Refresh Rate (VRR) and Auto Low Latency Mode (ALLM). This makes it well suited to current-generation consoles and gaming PCs.
Loewe has also included its Dual Channel platform, enabling USB recording and timeshift functionality for live TV. Furthermore, the modular design aims to make servicing and future upgrades easier.
The Loewe Antares is available now, with prices ranging from £2,500 to £4,000 depending on screen size. The optional Antares soundbar is sold separately for £300, giving buyers the choice between the TV’s integrated audio or a more immersive setup.
Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024.
TfL disclosed that its network was breached in August 2024, with the attack disrupting internal systems and online services, including TfL’s Dial-a-Ride service, concessionary travel cards, digital payments, and contactless ticketing rollout, as well as the public transportation agency’s ability to process refunds.
Additionally, 148 systems became inoperable across TfL’s network, and all 27,000 TfL employees had to reset their passwords in person after the breach.
While TfL reported £29 million in losses and recovery costs after the attack, officials estimated that the UK economy could have lost up to £56 billion had the threat actors succeeded in shutting down the transport network.
TfL revealed on September 12, 2024, that the attackers had also stolen customer data (including names, addresses, and contact details). Four days later, on September 16, officers from the City of London Police and the UK National Crime Agency (NCA) arrested 20-year-old Thalha Jubair and 18-year-old Owen Flowers at their homes.
Investigators said that Flowers was also in the process of hacking U.S. healthcare companies Sutter Health and SSM Health Care Corporation, and that, at the time of his arrest, devices seized from him included evidence of the TfL intrusion.
Both pleaded guilty last month under the Computer Misuse Act and were sentenced today to five years and six months in prison each.

NCA Deputy Director Paul Foster described Scattered Spider as “the most significant cybercrime threat to the UK in recent years,” and he credited TfL’s early cooperation with law enforcement for enabling the convictions.
“These convictions would likely not have been possible had Transport for London not engaged with law enforcement early, so I would urge any other organisation to please do the same in such circumstances,” Foster said. “We will continue working with partners in the UK and overseas to identify offenders and bring them to justice.”
The U.S. Department of Justice also charged Jubair in September 2025 with conspiracy to commit computer fraud, money laundering, and wire fraud in connection with at least 120 network breaches between May 2022 and September 2025.
According to court documents, these attacks affected dozens of U.S. organizations, including critical infrastructure entities and U.S. courts, with Jubair and his accomplices extorting over $115 million from victims worldwide between August 2024 and July 2025.
In July 2025, the NCA arrested four other suspected Scattered Spider members believed to be linked to a wave of cyberattacks against major UK retailers, including Harrods, Marks & Spencer, and Co-op.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
An anonymous reader quotes a report from Ars Technica: Big changes are coming to Android apps, but they’re not the changes Google wanted. The settlement between Google and Epic that aimed to put to rest the companies’ long-running antitrust battle is being withdrawn, and that means third-party app stores are coming to the Play Store. Google has confirmed that it will begin distributing rival app stores next week, setting the stage for competing platforms to take a bite out of Google’s Android revenue stream. […] Google and Epic were set to return to court on July 16 to argue in favor of the settlement. However, the writing may have been on the wall. In a recent expert analysis provided to the court, MIT economics professor Nancy Rose noted that the settlement was “unlikely to enable Google Play’s potential competitors to overcome their long-standing network-effect disadvantage in a timely manner.”
With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here’s how Google Trust and Reputation Communications Lead Dan Jackson explains the company’s decision: “We’ve agreed with Epic to withdraw our motion to modify the US Court’s injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android’s industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court’s injunction.”
In a brief filing (PDF), Google’s legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato’s original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won’t be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year.
Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It’s unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn’t specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.
US President Donald Trump has criticized New York Governor Kathy Hochul’s recent executive order to introduce a year-long, statewide ban on hyperscale data centers, urging the state to change its stance “immediately.”
In a post on Truth Social, Trump characterized data centers as “money machines” that create taxes and jobs comparable to “liquid gold,” implying not only are they crucial for cloud computing and AI, but also for the country’s economy.
Though states like “Alabama, Florida, Texas, Arizona” and others could now see more projects being relocated amid ongoing moratoriums, Trump worries about the implications of this “terrible decision.”
The executive order, signed by Governor Hochul on July 14 2026, makes New York the first US state to impose a statewide moratorium on new data centers – in this case, those requiring 50MW+ of power.
Despite mounting local opposition for data center buildouts across the US, and indeed the world, Trump argues they’re “tremendous wins for the states and communities that are lucky enough to get them,” being that they create jobs and are responsible for “their own water and power.”
It’s important to note that the year-long ban for New York State is exactly that – a temporary ban designed to buy the state enough time to consider environmental and social impacts, and to rewrite legislation and guidance accordingly.
Urging Governor Hochul to “change its policy, immediately,” Trump argues that ongoing moratoriums like these could cause the US to lose to “China, and other countries” in what’s playing out to be a global AI race.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Weekend Open Thread: Nutriplenish Leave-In Conditioner
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Super Eagles star Moses Simon opens up on Liverpool transfer regret
Young campaigners urge incoming PM to act on outdoor junk food ads
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Get Your ESP32 Sunny Side Up With This Solar Dev Board
Dark Secrets Emerge When Jailbreaking LLMs
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
New Cornerback Enters Vikings Trade Rumor Mill
CFTC blocks Kalshi from unwinding Michigan trades after court order
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Vicki Gunvalson Defends Discussing Heather Dubrow’s Money
Ripple, Coinbase, Circle Join Linux x402 Foundation to Help Shape AI Payments
Watch: Is Donald Trump facing a popular backlash on immigration?
Michigan officials not expected to discuss AD Warde Manuel at Thursday meeting
ACCC warns AI could lift insurance costs in risk-prone areas
Firefighters issue update on Dovestone moorland blaze as fire enters fourth day
Hollywood’s Biggest Director Just Called Out AI, And It’s Glorious
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
You must be logged in to post a comment Login