Outdated DNS records create invisible openings for criminals to spread malware through legitimate sites
Hazy Hawk turns misconfigured cloud links into silent redirection traps for fraud and infection
Victims think they’re visiting a real site, until popups and malware take over
A troubling new online threat is emerging in which criminals hijack subdomains of major organizations, such as Bose, Panasonic, and even the US CDC (Centers for Disease Control and Prevention), to spread malware and perpetrate online scams.
As flagged by security experts Infoblox, at the center of this campaign is a threat group known as Hazy Hawk, which has taken a relatively quiet but highly effective approach to compromise user trust and weaponize it against unsuspecting visitors.
These subdomain hijackings are not the result of direct hacking but rather of exploiting overlooked infrastructure vulnerabilities.
An exploit rooted in administrative oversight
Instead of breaching networks through brute force or phishing, Hazy Hawk exploits abandoned cloud resources linked to misconfigured DNS CNAME records.
These so-called “dangling” records occur when an organization decommissions a cloud service but forgets to update or delete the DNS entry pointing to it, leaving the subdomain vulnerable.
For example, a forgotten subdomain like something.bose.com might still point to an unused Azure or AWS resource, and if Hazy Hawk registers the corresponding cloud instance, the attacker suddenly controls a legitimate-looking Bose subdomain.
This method is dangerous because misconfigurations are not typically flagged by conventional security systems.
The repurposed subdomains become platforms for delivering scams, including fake antivirus warnings, tech support cons, and malware disguised as software updates.
Hazy Hawk doesn’t just stop at hijacking - the group uses traffic distribution systems (TDSs) to reroute users from hijacked subdomains to malicious destinations.
These TDSs, such as viralclipnow.xyz, assess a user’s device type, location, and browsing behavior to serve up tailored scams.
Often, redirection begins with seemingly innocuous developer or blog domains, like share.js.org, before shuffling users through a web of deception.
Once users accept push notifications, they continue to receive scam messages long after the initial infection, establishing a lasting vector for fraud.
The fallout from these campaigns is more than theoretical and has affected high-profile organizations and firms like the CDC, Panasonic and Deloitte.
Individuals can guard against these threats by refusing push notification requests from unfamiliar sites and exercising caution with links that seem too good to be true.
For organizations, the emphasis must be on DNS hygiene. Failing to remove DNS entries for decommissioned cloud services leaves subdomains vulnerable to takeover.
Automated DNS monitoring tools, especially those integrated with threat intelligence, can help detect signs of compromise.
Security teams should treat these misconfigurations as critical vulnerabilities, not minor oversights.
In our list of the best streaming services we crowned Paramount+ as the best platform for classic movies, and it still is – however, it's broadening its library of 21st century features in its list of new titles for June 2025.
With over 80 new movies landing on June 1, among the list of new Paramount+ movies lies modern titles that over time have earned modern classic status, starting with No Country for Old Men (2007) – a western thriller from the Coen brothers starring Javier Bardem and Josh Brolin.
But that's not all and, if anything, the drama never ends. Joining the Coens' thriller is Steve McQueen's Best Picture winner 12 Years a Slave (2013), Tarantino's Pulp Fiction (1994), and four movies from the Indiana Jones franchise. The thrills are endless.
Everything new on Paramount+ in June 2025
Arriving on June 1
3:10 to Yuma (movie)
12 Years a Slave (movie)
Bad News Bears (movie)
BlacKkKlansman (movie)
Boogie Nights (movie)
But I'm a Cheerleader (movie)
Call Me By Your Name (movie)
Carol (movie)
Carriers (movie)
Center Stage (movie)
Changing Lanes (movie)
Chasing Amy (movie) Cloverfield (movie)
Crawlspace (movie)
Daddy Day Camp (movie)
Dance Flick (movie)
Dog Day Afternoon (movie)
Double Jeopardy (movie)
Eagle Eye (movie)
Elf (movie)
Enemy at the Gates (movie)
EuroTrip (movie)
Everybody's Fine (movie)
Extract (movie)
First Blood (movie)
Heatwave (movie)
How She Move (movie)
How to Lose a Guy in 10 Days (movie)
Imagine That (movie)
In & Out (movie)
Indiana Jones and the Kingdom of the Crystal Skull (movie)
Indiana Jones and the Last Crusade (movie)
Indiana Jones and the Raiders of the Lost Ark (movie)
Indiana Jones and the Temple of Doom (movie)
Jawbreaker (movie)
Kinky Boots (movie)
Law of Desire (movie)
Layer Cake (movie)
Light of My Life (movie)
Like a Boss (movie)
Marathon Man (movie)
Masterminds (movie)
Military Wives (movie)
Naked Gun 33 1/3: The Final Insult (movie)
No Country for Old Men (movie)
Orange County (movie)
Overdrive (movie)
Pretty In Pink (movie)
Pulp Fiction (movie)
Racing with the Moon (movie)
Rambo III (movie)
Rambo: First Blood Part II (movie)
RED (movie)
Reservoir Dogs (movie)
Risky Business (movie)
Road Trip (movie)
Run & Gun (movie)
Saturday Night Fever (movie)
Save the Last Dance (movie)
School Ties (movie)
Scouts Guide to the Zombie Apocalypse (movie)
She's All That (movie)
Sky Captain and the World of Tomorrow (movie)
Stand By Me (movie)
Teen Titans GO! To the Movies (movie)
The Autopsy of Jane Doe (movie)
The Crossing Guard (movie)
The Dictator (movie)
The Fighting Temptations (movie)
The Gambler (movie)
The General's Daughter (movie)
The Girl Next Door (movie)
The Godfather (movie)
The Godfather Part II (movie)
The Godfather Coda: The Death of Michael Corleone (movie)
The Hunt for Red October (movie)
The Ides Of March (movie)
The Kings of Summer (movie)
The Last Samurai (movie)
The Lovely Bones (movie)
The Naked Gun 2 1/2: The Smell of Fear (movie)
The Naked Gun: From the Files of Police Squad! (movie)
The Nice Guys (movie)
The Other Woman (movie)
The People vs. Larry Flynt (movie)
The Running Man (movie)
The Shootist (movie)
The Space Between Us (movie)
The Untouchables (movie)
Tigerland (movie)
Tommy Boy (movie)
Tootsie (movie)
Total Recall (movie)
True Grit (movie)
Whiplash (movie)
Without a Paddle (movie)
xXx (movie)
Zola (movie)
Arriving on June 4
SpongeBob SquarePants season 14 (TV show)
Arriving on June 5
Lions for Lambs (movie)
Arriving on June 8
The 78th Annual Tony Awards (TV show)
Arriving on June 11
The Really Loud House season 2 (TV show)
Arriving on June 15
In Bloom: Everybody’s Fight (TV show)
Arriving on June 22
Nickelodeon Kids’ Choice Awards (TV show)
Arriving on June 25
The Patrick Star Show season 3 (TV show) Ice Airport Alaska season 5 (TV show) The Last Cowboy season 5 (TV show)
Seagate quietly ships 40TB HAMR drives, setting the pace for the next storage next
Mozaic HAMR tech crams 4TB per platter, promising massive boosts in storage efficiency
Data center expansion will dictate how fast these record-breaking 40TB drives hit the mainstream
At the recent Seagate’s Investor and Analyst Conference, the company revealed it has delivered limited units of its new 40TB hard drives based on its Mozaic HAMR platform.
These 40TB drives use Heat-Assisted Magnetic Recording (HAMR) to achieve 4TB per platter across ten platters, marking a shift toward Seagate’s Mozaic 4+ platform.
While these are not yet broadly available, full-scale production is slated to begin in the first half of 2026 following extensive customer qualification testing.
Full-scale production to commence next year
“We have shipped limited 40 terabyte engineering samples to our customer already. We do plan to initiate quals next quarter, and we'll continue quals into 2026, where we'll be bringing over a wide portion of our customer base to the Mozaic 4 platform,” said Dr. John Morris, Seagate’s CTO.
Volume readiness will depend on how data centers integrate and validate the drives. However, the goal is to move a significant share of Seagate’s exabyte shipments to HAMR-based drives, which promise higher capacity and data center efficiency.
As CEO, Dr. Dave Mosley explained, “10 disks would get you to 40 terabytes... this gives better efficiencies in the data center. At the fleet level, this is how our customers think.”
Seagate's long-term plan involves rolling out even larger capacities, including 44TB drives by 2027 and 50TB drives by 2028.
The delay from its original 2017 projection for 50TB drives by 2026 underscores the complexities of scaling HAMR technology. Yet, the 40TB development still positions Seagate in the race to offer the largest HDD on the market.
Rival companies are following different strategies. Western Digital (WD) continues to expand capacity through ePMR and OptiNAND, reserving HAMR for its own 40TB launch expected in late 2026.
“Other companies have started adopting HAMR with 30TB HDDs, but we believe HAMR’s true potential begins at 40TB. Until then, we'll continue using technologies like OptiNAND and UltraSMR to increase the capacity of existing HDDs up to 40TB,” said Kimihiko Nishio, WD's sales manager in Japan.
Toshiba, another key player, has been developing its technologies, such as Microwave-Assisted Magnetic Recording (MAMR).
The company aims to release its first 35TB HDD based on HAMR before 2026. Toshiba's strategy involves combining MAMR with future HAMR implementations to achieve these capacities.
These drives won’t appeal to average consumers looking for the fastest HDD or even the best HDD for home use, their development is closely tied to the AI-driven cybersecurity arms race.
Seagate’s early shipments of 40TB drives suggest technical leadership in the race to develop the largest HDD, but the path to commercial reality is winding, and the cautious stance of competitors implies the challenges are considerable.
Dummy loads burn up to 45% of energy just to keep power levels stable
Skeleton’s GrapheneGPU delivers up to 40% more computing with the same hardware
AI workloads are killing energy efficiency, GrapheneGPU smooths power draw in real time
As artificial intelligence systems grow more demanding, many data centers have found themselves consuming nearly twice the energy they technically need.
This overuse isn’t due to system flaws or outdated hardware, it’s rooted in how GPUs behave, as their power demand can swing drastically within seconds, from full throttle to idle.
To cope, operators often deploy dummy loads, deliberate energy wasters, to maintain a stable power draw - but these data centers deliberately slow the performance of tens of thousands of GPUs to prevent power outages
Dummy loads mean massive wastage of energy
While this avoids damage and blackouts, it means up to 45% of energy is lost as heat, performing no useful computation.
Skeleton Technologies now claims it may have a more efficient alternative, one that allows GPUs to run at full capacity without overwhelming the grid.
The Estonian company developed GrapheneGPU, a peak-shaving system using proprietary Curved Graphene supercapacitors.
Unlike lithium-based systems, these capacitors can respond in just 10 microseconds, absorbing energy during idle periods and discharging it instantly when GPU loads spike.
The result, according to Skeleton, is the ability to maintain consistent GPU performance without stressing the grid or resorting to throttling.
Their tests suggest the system can deliver up to 40% more FLOPS - floating point operations per second - using the same GPUs, simply by removing the performance penalties associated with thermal de-rating and power instability.
“GrapheneGPU delivers up to 40% more computing with the same energy footprint, while cutting both capital and operating costs by reducing grid upgrade needs, energy waste, and cooling,” said Taavi Madiberk, CEO of Skeleton Technologies.
“Powered by our patented Curved Graphene, this is a fundamental shift in how AI infrastructure can scale - sustainably and economically”.
The company also reports up to a 44% reduction in the power capacity that data centers must reserve from the grid.
The core unit, the GrapheneGPU PCS 50, delivers up to 80 kW of peak power in a standard 1OU form factor, compatible with existing infrastructure and cooled by air or liquid.
Importantly, it avoids lithium entirely, using Skeleton’s patented graphene-based material instead.
According to Skeleton, this technology has been tested under rigorous hyperscaler-grade GPU workloads with positive results. However, it has not been independently tested for real-world performance and durability.
The first shipment of this technology will commence in Germany by June 2025. The company also has a U.S. production site planned for early 2026.
Security researchers found ClickFix attacks evolving to target other operating systems
On Android and iOS, the attack is particularly worrisome, as it transforms into a drive-by attack
The malware is already being flagged by antivirus programs
ClickFix, an infamous hacking technique that tricks people into running malware thinking they’re fixing a problem on their computer, has evolved, experts have warned.
New research from c/side has revealed what used to be a Windows-only attack method is now capable of targeting macOS, iOS and Android devices, as well.
In a blog post analyzing the evolution, the researchers said the new attack starts with a compromised website. The threat actors would inject JavaScript code which redirected users to a new browser tab when they clicked on certain elements on the page. The new tab then displays a page that looks like a legitimate URL shortener, with a message to copy and paste a link into the browser - and doing so triggers yet another redirect, this time to a download page.
Fetching the malicious payload
Here is where the technique diverges, depending on the operating system of the victim.
On macOS, the attack leads to a terminal command that fetches and executes a malicious shell script, already flagged by multiple antivirus programs.
On Android and iOS, things are even worse, since the attack no longer requires any user interaction.
“When we tested this on Android and iOS, we expected a ClickFix variant. But instead, we encountered a drive-by attack,” the researchers explained.
“A drive-by attack is a type of cyberattack where malicious code is executed or downloaded onto a device simply by visiting a compromised or malicious webpage. No clicks, installs, or interaction required.”
In this case, the site downloads a .TAR archive file, holding malware. This one, too, was flagged by at least five antivirus programs already.
“This is a fascinating and evolving attack that demonstrates how attackers are expanding their reach,” c/side explained. “What started as a Windows-specific ClickFix campaign is now targeting macOS, Android, and iOS, significantly expanding the scale of the operation.”
HighPoint RocketStor 8631CW gives you 64GB/s GPU bandwidth - no drivers or software needed
Real PCIe Gen5 x16 lanes delivered straight to your GPU through a single CopprLink cable
Fits dual or triple-slot GPUs from Nvidia, AMD, or Intel - no compatibility tricks required
External GPU (eGPU) enclosures aren’t new, but HighPoint’s RocketStor 8631CW has entered the scene with an unusually aggressive pitch.
The company says this external GPU setup delivers a direct PCIe Gen5 x16 connection to a full-sized graphics card via a proprietary 1-meter CopprLink CDFP cable.
In addition to its bandwidth for desktop-class GPUs, this device supports plug-and-play, OS-agnostic and does not rely on software or drivers.
A closer look at the hardware setup
At the heart of the system is the Rocket 1634D host interface card, which uses Broadcom’s PEX 89048 switch to sustain its Gen5 x16 link, with up to 64GB/s transfer speed.
The card fits into low-profile systems, measuring 68.9mm x 165mm, and supports a single CDFP channel.
It supports LED indicators for visual feedback on connection status and secure boot at both hardware and software levels.
Connected to that is the RocketStor 8631C chassis, which uses Asteralabs PCIe 5.0 retimers to maintain signal integrity.
The enclosure supports one full-height, full-length, dual- or triple-slot GPU from any major vendor, including Nvidia, AMD, and Intel.
It can handle power loads up to 600W and includes real-time power monitoring and an advanced dual-fan cooling system with programmable smart fan control for thermal issue alerts. There is also a back-panel mute button in case the audible alerts get too chatty.
Its dimensions are 370mm x 170mm x 88mm, which makes it large enough to house an RTX 5090-class card, but still compact enough not to overwhelm a desk.
This setup is aimed at workflows where stability and zero-configuration environments are mandatory - think AI model training, 8K editing, or enterprise-grade rendering pipelines.
But in a world where laptops are increasingly equipped with powerful built-in GPUs, this enclosure feels more like a fix for edge cases.
A creator looking for the best laptop for video editing or the best laptop for Photoshop will likely find plenty of capable systems that don’t need such a setup, particularly when portability, price, and simplicity are taken into account.
That said, as integrated GPUs and compact systems improve, the necessity of such a solution narrows, and the cost significantly increases.
You’ll need a PCIe slot in your system, a matching full-power GPU, and a compelling reason to justify the cost - but if you’re dead-set on hauling RTX 5090-class power around without a tower, this might be the only hardware currently up to the job.
The HighPoint RocketStor 8631CW is currently selling on HighPoint's website for $1,999.
Google confirms that Instagram for Android is draining excessive battery power compared to similar apps
The issue apparently lies with the standard Instagram app
Google’s advisory urges users to fix the issue by updating their app
Think your Android smartphone’s battery life has been dropping faster than normal recently? The culprit may have been identified.
Noticing excessive battery drain in recent weeks, Android users on Reddit have been speculating that the Instagram app is responsible. In battery drain comparisons with other apps, Meta’s social media app appeared to be consuming far more of their capacity than it should for the amount of usage.
One Redditor, using a Samsung Galaxy A53, noticed that 54 minutes of Instagram screen time used 12.4% of their battery capacity, while 49 minutes of WhatsApp screen time used only 2.4%.
Google has now stepped in to apparently confirm what many suspected. In an advisory post entitled “Battery drain on Android devices”, posted on the Android support site, a Google community manager identified Instagram as the cause of said drain, and urged Android users to immediately update their Instagram app.
How to fix the Instagram battery issue
(Image credit: Shutterstock)
The latest build of the app at the time of writing (build 382.0.0.49.84) appears to resolve the issue, so if you’ve been noticing your smartphone losing battery power faster than expected, it’s well worth ensuring that you’ve downloaded this update.
Of course, there are lots of other ways to extend your battery life. These range from putting unused apps to sleep (go to Settings > Battery > Background Usage Limits) to turning on Power Saving or using Dark Mode.
So if you’re still having power problems after the update (or if you don’t even use Instagram) check out our guides below to keep things ticking along on your Android phone for as long as possible.
VPNs are fragile, says Remote.It - plug-and-play approach can fix that
Jumpbox delivers centralized remote access without exposing devices to the public internet
SaaS network firm Remote.It has introduced a new hardware-based alternative to traditional business VPN tools.
Developed in collaboration with IoT connectivity firm Embedded Works, Jumpbox aims to reduce reliance on VPNs by offering plug-and-play remote access without the need for manual network configuration.
“VPNs are fragile and limited," noted Remote.It CEO Ryo Koyama, "each endpoint can only be connected to one VPN at a time (or you have to embed a series of VPNs so multiple networks can communicate). But that makes the whole network even more dependent on a series of configurations being correct and updated.”
Challenging conventional VPNs
Koyama argues Jumpbox offers a more stable and centralized alternative, allowing administrators to monitor and manage multiple networks simultaneously.
“The Jumpbox is designed as an always there connection that doesn't have the same weak points VPNs have," he claimed. "With Jumpbox an admin could be monitoring, updating, troubleshooting multiple network connections at the same time,"
Despite this claim, the broader market has not fully abandoned VPNs, with many businesses investing in the best VPN router for added control and flexibility.
Remote.It’s approach hinges on replacing these with a zero-configuration setup that works out of the box, featuring 2 USB 2.0 ports, 2 USB 3.0 ports, 1 Gigabit Ethernet port, 1 HDMI, and a 3.5mm audio jack, all powered by a 1.8 GHz CPU and support for Wi-Fi 6, 5G, Bluetooth, Starlink and a 64GB microSD.
The Jumpbox comes pre-loaded with Remote.It’s software and offers encrypted access via cellular networks, making it particularly appealing to companies managing devices at dispersed sites.
While Remote.It has not explicitly branded the Jumpbox as a ZTNA solution, it does offer centralized control, encrypted tunnels, and out-of-band management capabilities like many similar services, as well as the ability to access devices without exposing them to the public internet, an important principle in Zero Trust frameworks.
“There is a vast number of Internet and IoT connected devices that don't have any remote management systems," noted Andy Do, President of Embedded Works, "and for those that do, it is usually very costly to purchase an annual license per device.”
This device, currently available on Amazon for $99.99, comes with a one-year Remote.It Business Plan and also offers unlimited device access and technical support.
A new leak claims the DJI Osmo 360 will be launched in July 2025
The "DJI Osmo Nano" has mentioned in a recent FCC filing
Tariff uncertainty could mean US launches are postponed
DJI’s long-rumored 360 camera may be only weeks away from release – and it might not be the only action camera the brand has in store for us this summer.
In a report published today, Chinese website IT Home claims that the DJI Osmo 360, DJI’s first consumer 360 camera, will be launched in July 2025. Aside from that rather vague and tantalizing rumor, the news piece is light on new info – but given that some commentators have speculated that this camera would never see the light of day at all, it’s something.
And then, earlier this month, dozens of images apparently showing the camera design were leaked alongside snaps of its instruction manual, which revealed details such as a 1,950mAh battery, on-board touchscreen and compatibility with the DJI Mimo mobile app.
👉To break your boredom, here are some photos of the DJI Osmo 360 prototype💁♂️#dji #djiosmo360 pic.twitter.com/Ywi3cChOeDMay 4, 2025
If this rumor of a July launch turns out to be true, we’d certainly welcome another challenger to take on the superb Insta360 X5.
With a full-blooded GoPro Max 2 apparently suffering repeatedly delays, and GoPro’s refreshed Max offering only modest updates over the 2020 original, Insta360 currently dominates our guide to the best 360 cameras. Some stiffer competition is sorely needed, and that's hopefully en route according to these fresh rumors.
And what of the DJI Osmo Nano?
The modular DJI Action 2: could the Osmo Nano be bringing back this approach?(Image credit: Future)
The Osmo 360 may not be DJI’s only upcoming camera launch of the summer, either. The online rumor mill is also speculating about an ultra-compact action camera called the DJI Osmo Nano, following its appearance in two listings with the FCC.
The Osmo Nano appears to be a return to the modular design of the DJI Action 2, which allowed tiny separate components to be magnetically attached to each other.
While the small size and clever design did impress, DJI subsequently abandoned the modular approach, opting for a GoPro Hero-style design with its more recent Osmo Action cameras. The Nano could be a return to that approach.
We’ve also heard that a DJI Osmo Action 6 will be released this year, replacing the superb Osmo Action 5 as the brand’s leading ‘standard’ action camera. So, it seems that DJI has a busy few months ahead of it.
One thing we do wonder about, however, is whether all (or any) of these cameras will make it to the US or not. Citing uncertainty over the tariff situation, DJI has postponed launching its new Mavic 4 Pro flagship camera drone in the States – could these action camera in line for a similar fate until some stability returns? It seems we won't have to wait long to find out.
Over 1.6 million files have been discovered online by researchers
These seem to belong to Etsy, Poshmark, and TikTok Shop customers
Personally Identifiable Information is included
Two apparently unsecured Azure Blob Storage containers holding a combined 1.6 million files have been discovered by CyberNews researchers, allegedly belonging to online shopping platforms Etsy, Poshmark, and TikTok Shop.
The researchers say these files contained personally identifiable information, such as full names, home addresses, email addresses, and shipping order details.
Anyone who uses these services should keep a close eye on their accounts and take a look at the best identity theft monitoring tools if they are concerned.
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Both of the exposed instances “contained shipping email confirmations in HTML format,” researchers confirmed, and the vast majority of users exposed are in the United States, with some from Canada and Australia.
The exact origin or ownership of the datasets is not yet known, but the nature of the information suggests that these belonged to one particular storefront (across multiple shopping platforms), in particular a Vietnamese-based embroidery service.
It’s also not known whether cybercriminals have accessed these datasets, but only an internal forensic audit would reveal this information.
Researchers outlined the risk this brings to those exposed, such as convincing social engineering attacks from cybercriminals posing as Etsy or TikTok shop - urging customers to give their details, resulting in potential financial loss.
“With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links,” the researchers said.
Data leaks are unfortunately all too common for internet users today.
We recommend regularly checking whether your details have been exposed, using services like Have I Been Pwned - and monitoring your accounts, statements, and transactions - and immediately reporting any suspicious or unexpected activity with your bank or credit card provider.
Apple may be developing a dedicated gaming app for iOS, macOS and more
The app will contain things like achievements, leaderboards and messages
It could be announced at WWDC in June
For years, Apple has been trying to convince the world that it’s taking gaming seriously, and with the popularity of IOS gaming and the appearance of AAA titles like Cyberpunk 2077 on macOS, there’s some truth to the company’s assertion.
Just in case you needed more convincing, there’s a new rumor from Bloomberg reporter Mark Gurman that Apple will soon launch a dedicated gaming app in iOS 19 to woo players to its platforms. As a Mac-owning gamer, I'm cautiously optimistic about the rumors – even if we still need more affordable hardware and games before it gets anywhere close to being a Windows competitor.
If you missed the news, the app will apparently “serve as a launcher for titles and centralize in-game achievements, leaderboards, communications and other activity,” Gurman said, adding that it will also feature “editorial content from Apple about new titles, offer access to the App Store’s game section and promote [Apple] Arcade.” It’s expected to be revealed on iOS, macOS, iPadOS and tvOS as soon as Apple’s WWDC 2025 event on June 9.
The move makes sense – after all, the iPhone is a phenomenally popular gaming platform, and announcing a move like this at WWDC could help to cement the popularity of iOS 19 before it’s even out the door. Apple might also be hoping that it will tempt more gamers to switch from Windows to the Cupertino firm’s platforms – but on this point, I’m not entirely convinced.
Destination of choice for gamers
(Image credit: Apple)
This app might work well in iOS 19, where gaming tends to be a little more casual than on desktop computers. But things might look very different on macOS.
As a gamer who also owns a Mac, I’ve been encouraged over the last few years by Apple’s strides in the gaming world. It’s nowhere near parity with Windows yet, but the situation today is much better than it was just a few years ago.
For a long time, the problem was the chicken-and-egg nature of Mac gaming. Gamers didn’t want to switch to macOS due to the lack of games, and developers didn’t want to bring games to the Mac due to the lack of players. That’s slowly starting to change, with big-name titles like Cyberpunk 2077, Assassin’s Creed Shadows, and Baldur’s Gate 3 helping to dispel the idea that the Mac is a gaming wasteland.
However, the impact of a dedicated gaming app will likely be limited. Beyond my contention that gamers care more about hardware and game availability than launcher apps, Gurman is also skeptical, saying that “testers of the software say it probably won’t change the perception among players and makers of high-end titles.”
Any advance for gaming on Apple’s platforms is welcome in my eyes, and this app could help by making gaming more prominent among users of iOS and macOS. But what’s really needed – on the Mac at least – is a greater number of attention-grabbing titles and more affordable access to components that offer exceptional gaming performance.
Until that happens, Windows will always be the destination of choice for gamers.
Researchers found a website spoofing Bitdefender antivirus
The site delivers a remote access trojan
Crooks are using it to steal people's money
One of the best antivirus programs out there is being abused in a new campaign delivering the dangerous VenomRAT Remote Access Trojan (RAT).
Cybersecurity researchers Domaintools recently posted an in-depth analysis of the malicious operation after they spotted a malicious domain called “bitdefender-download[.]com”, which leads to a website titled “DOWNLOAD FOR WINDOWS”.
Aside from a few subtle differences, the website looks seemingly identical to the legitimate Bitdefender download web page: “There are subtle differences between them such as the legitimate page using the word “free” in several places whereas the spoofed version does not,” it was explained.
VenomRAT
The landing page has a “Download for Windows” button, which triggers a file download from an Amazon S3 bucket.
The bundled executable is named “StoreInstaller.exe”, and was found to contain malware configurations associated with VenomRAT, Domaintools further explained. It also contained code associated with open source post-exploitation framework SilentTrinity and StormKitty stealer.
VenomRAT is a lightweight RAT that cybercriminals use to gain control over compromised Windows systems. It enables the theft of login credentials, and allows threat actors to log keystrokes, access webcams, and run additional commands, remotely.
In this case, Domaintools says the goal was to steal people’s cryptocurrency and then sell the access to a different threat actor, saying there is “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems.”
The researchers also found that the campaign overlaps, both in time and infrastructure, to other malicious operations in which banks and “generic IT services” were being impersonated. The Armenian IDBank, and the Royal Bank of Canada, are some of the companies being mentioned in the report.
As usual, the best way to minimize these threats is to be careful when clicking on links in emails and social media messages, and only download software from legitimate sources.
A benchmark for the Project Moohan headset has been spotted
It points towards the Snapdragon XR2+ Gen 2 for the CPU
The headset is expected to launch in the second half of the year
We're getting closer and closer to the launch of Project Moohan, the Android XR (Extended Reality) headset being worked on by Google and Samsung – and a fresh leak may have revealed the chipset the device is going to be powered by.
A benchmark spotted on the web by tipster @yabhishekhd (via GSMArena), matching the model number of Project Moohan, has revealed details that point towards the very capable Snapdragon XR2+ Gen 2 being the processor inside.
We already knew the device would run a chipset made by Qualcomm, but now we have a big clue about the specific model. The Snapdragon XR2+ Gen 2 was announced early in 2024, and has previously been linked to the Google and Samsung headset.
This same benchmark indicates that the Project Moohan device could run Android 14, specifically adapted for virtual and augmented reality, and will be equipped with 16GB of RAM on board.
What we're expecting
Samsung's XR Project Moohan SM-I610 spotted on Geekbench with Adreno 740 GPU.Specifications🔳 6-cores at 2.36GHz🎮 Adreno 740 GPU (The Adreno 740 GPU is integrated with Qualcomm's Snapdragon 8 Gen 2, but here it appears to be part of a different chipset/SoC.)🍭 Android 14-… pic.twitter.com/yfnxH45zRmMay 27, 2025
The Snapdragon XR2+ Gen 2 is very much a chipset built for this kind of device, supporting full-color see-through, low-latency Wi-Fi 7, and numerous specialist virtual reality technologies, including a Space Warp feature that tries to reduce motion sickness.
We were actually able to try out Project Moohan at Google I/O 2025, reporting that the tight Gemini AI integration is currently the standout feature. In our demo, it identified the species of a tree directly ahead and provided a few facts about it.
Google and Samsung are using the XR label to encompass a variety of virtual reality, mixed reality, and augmented reality experiences. It's basically different combinations of completely enclosed digital worlds, and digital graphics overlaid on the real world.
At first, I wasn’t sold on the idea of titanium being used in phone chassis, dismissing it as a bit of a marketing gimmick rather than a truly useful feature. But then I spent time with the iPhone 15 Pro Max, Samsung Galaxy S24 Ultra, and then their successors, the iPhone 16 Pro Max and Galaxy S25 Ultra, made me a titanium convert
My 180-degree turn in opinion about titanium stems from my habit of not using cases for flagship phones, as part of my appreciation for slick industrial design. This doesn't mix with an inherent clumsiness and bad luck that often sees these expensive phones take a plunge towards hard floors and surfaces in one way or another.
Those with a stainless steel chassis would tend to chip, dent, and scratch, but the aforementioned titanium-sporting phones benefit hugely from the toughness of the metal and basically shrug off the accidental battering I give them.
So it’s my hope that more phones, including the likely upcoming Samsung Galaxy Z Fold 7 make use of titanium.
However, despite its toughness and relative lightness, the rumored iPhone 17 Air will eschew titanium for an aluminium frame, all with the idea of maximising thinness and lightness. We’ve heard this rumor a few times, with the latest tip coming from the Korean-language yeux112‘s blog.
The blog, which supposedly has insider or supply chain information, claims aluminum will be used for the frame of the iPhone 17 Air, as toughness takes a back seat in favour of lightness.
Leaving me alumi-numb
(Image credit: Future)
Having recently been at a wedding, I’m all for thinner and lighter phones that can help me avoid unwanted bulges in my suit (stop laughing at the back). But I don’t want this to come at the expense of toughness, so the idea of aluminum in the iPhone 17 Air has me raising a wary eyebrow.
I’ve since embraced titanium for the larger Max phones as the lighter weight makes the larger phones easier to handle one-handed. But much lighter would run the risk of making these flagship Apple phones feel potentially cheaper than their list prices.
That being said, Apple can still be innovative from time to time, and I’d not be surprised if the Cupertino crew is working on some form of alloy or design that’ll thread the line between a super-light and thin phone and one that’ll not be ruined by the odd fall.
We’ve seen Apple do that with its Ceramic Shield glass, so perhaps we could see the advent of ‘Aluminium Armor’ with the iPhone 17 Air; time will tell, and it'll likely be at a September Apple event.
Today, TCL announced pricing and availability for its new QM8K series mini-LED TVs. The latest models replace last year’s flagship TCL QM851G, one of the best TVs TechRadar tested in 2024, and provide “up to 35% more dimming zones and up to 65% higher peak brightness” than the mid-range TCL QM7K series, according to the company.
The new TVs will be sold in 65- to 98-inch screen sizes, with the 65- and 85-inch models available now, and the 75- and 98-inch models arriving next month. Pricing for the QM8K series is as follows:
65-inch QM8K: $2,299.99
75-inch QM8K: $2,999.99
85-inch QM8K: $3,799.99
98-inch QM8K: $6,499.99
A key feature of the QM8K series is TCL’s new CrystGlow WHVA Panel with ZeroBorder. This new panel design boasts an anti-reflective coating to reduce screen glare along with an ultra-wide viewing angle that TCL claims “virtually eliminates color shift, with a 40% wider color viewing angle” than last year’s QM851G series.
ZeroBorder refers to the vanishingly narrow 3-4mm width between the TV’s edge and the display in the QM8K series, a design feature that TCL achieved using a one-piece aerospace-grade aluminum alloy mold and anodized ceramic film to stabilize the display panel.
Another QM8K feature is TCL’s Halo Control System. This uses a new “Super High Energy” LED chip, along with a “Super Condensed” micro lens, 23-bit backlight controller, and a Dynamic Light Algorithm to enhance color accuracy and reduce mini-LED backlight “halo” artifacts. Helping in this regard is the increased number of backlight local dimming zones in the QM8K series, with up to 3,500 in the 98-inch model.
TCL QM8K series TVs have a 144Hz native refresh rate and FreeSync Premium Pro for gaming. They support both Dolby Vision and HDR10+ high dynamic range formats and feature Audio by Bang & Olufsen, with upfiring drivers in the TV to deliver Dolby Atmos and DTS Virtual:X sound.
Google TV is used in the QM8K series as a smart TV platform, and it features an enhanced GUI, hands-free voice control, and an Art Mode with AI Art. QM8K series TVs also feature a built-in ATSC 3.0 tuner for NextGen TV broadcasts.
Ultra-wide viewing angle: a welcome addition
A new ultra-wide viewing angle feature in the QM8K series could make it a perfect TV for sports viewing(Image credit: Future)
One of the biggest weaknesses of mini-LED and regular LED TVs is off-axis uniformity. This essentially means that both picture contrast and colors shift when viewing the TV from off-center seats, so that a viewer seated anywhere other than directly in front of the screen will experience reduced picture quality.
When I reviewed the TCL QM851G, I found its picture quality to be fantastic overall, with one main exception: off-axis uniformity. To quote from the review, the QM851G’s “colors and contrast were both diminished when viewing from far off-center seats.” This was the key reason I gave it a 4.5 instead of a 5-star rating for picture quality, and it was the one point that held it back from getting a full endorsement as a recommended TV for sports viewing.
The best OLED TVs don’t suffer from the same off-axis uniformity issue, and some of the best mini-LED TVs also implement features to expand the viewing angle. TCL’s specs for the QM8K indicate that it will have a 40% wider viewing angle, so I’m hopeful this new model will provide a vast improvement when it comes to off-center viewing.
TechRadar will soon be reviewing the TCL QM8K, so we’ll have more to say about the matter very shortly.
OnePlus 13s is all set to make its India and global debut soon. It is confirmed to be the first compact smartphone from the China-based original equipment manufacturer (OEM) as well as the first ‘s’ branded model in its lineup. With just 10 days to go until its launch, we already know several details about the upcoming handset. Here’s everything we know about it...
OnePlus 13s is all set to make its India and global debut soon. It is confirmed to be the first compact smartphone from the China-based original equipment manufacturer (OEM) as well as the first ‘s’ branded model in its lineup. With just 10 days to go until its launch, we already know several details about the upcoming handset. Here’s everything we know about it...
KnowBe4 is warning of a new phishing campaign leveraging Google AppSheets' workflow automation
The emails are spoofing Facebook and harvesting login credentials
The attackers can grab session tokens, as well
Cybercriminals are abusing a legitimate Google service to bypass email protection mechanisms and deliver phishing emails straight to people’s inboxes.
Cybersecurity researchers KnowBe4, who first spotted the attacks, have warned the crooks are using Google AppSheet, a no-code application development platform for mobile and web apps, and through its workflow automation were able to send emails using the "noreply@appsheet.com" address.
The phishing emails are mimicking Facebook, and are designed to trick people into giving away their login credentials, and 2FA codes, for the social media platform.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
The emails, which were sent in-bulk and on a fairly large scale, were coming from a legitimate source, successfully bypassing Microsoft and Secure Email Gateways (SEGs) that rely on domain reputation and authentication checks (SPF, DKIM, DMARC).
Furthermore, since AppSheets can generate unique IDs, each email was slightly different, which also helped bypass traditional detection systems.
The emails themselves spoofed Facebook. The crooks tried to trick victims into thinking they infringed on someone’s intellectual property, and that their accounts were due to be deleted within 24 hours.
Unless, of course, they submit an appeal through a conveniently placed “Submit an Appeal” button in the email.
Clicking on the button leads the victim to a landing page impersonating Facebook, where they can provide their login credentials and 2FA codes, which are then relayed to the attackers.
The page is hosted on Vercel which, KnowBe4 says, is a “reputable platform known for hosting modern web applications”. This further strengthens the entire campaign’s credibility.
The attack has a few additional contingencies. The first attempt at logging in returns a “wrong password” result - not because the victim typed in the wrong credential - but in order to confirm the submission.
Also, the 2FA codes that are provided are immediately submitted to Facebook and in return - the crooks grab a session token which grants them persistence even after a password change.
Like its predecessor, season 2 of HBO's TV adaptation has been appointment viewing for all of us over the past seven weeks. And, as the dust settles on its near-50-minute finale, I imagine you've got some big questions about what happened and the show's future.
So, how does The Last of Us season 2 end? Are there any end credits scenes? And when do we think season 3 will arrive worldwide? I'll aim to answer those questions below, but bear in mind that full spoilers immediately follow forThe Last of Us' season 2 finale. Make sure you've watched it before you proceed.
The most unexpected of those, and arguably the most shocking one since Joel's demise in season 2 episode 2, is Jesse's. The close friend of Ellie and Dina's ex-boyfriend (and father of Dina's unborn child) is killed by Abby when she single-handedly storms the Seattle theater that's been Ellie and Dina's base of operations since this season's fourth episode.
Jesse's death probably won't shock those who have played The Last of Us Part II, aka the Naughty Dog video game season 2 is based on. And if you'd been paying attention to the foreshadowing throughout season 2's final episode, such as Jesse constantly expressing his wish to get out of Seattle in one piece, I doubt you would've been stunned by his passing, either.
Mel and Owen are two of three big casualties in The Last of Us season 2 finale(Image credit: HBO)
But why does Abby kill him? The reason is simple: Ellie accidentally killed Owen and Mel, two members of Abby's party who helped her track down and murder Joel in episode 2. A vengeful Abby, then, wants revenge for Ellie murdering two of her closest friends.
Having learned of Abby's location from Nora in episode 5 – that being, Seattle's aquarium not too far from the city's unmissable Ferris wheel – Ellie infiltrates the building and encounters Owen and Mel while searching for Abby.
Still traumatized from how much she tortured Nora two episodes ago, Ellie claims she won't shoot Owen and Mel if they tell her where Abby is now. Owen initially refuses, but to buy himself and Mel some time, he eventually agrees to show Ellie where she can find Abby on a map.
However, as Owen approaches the map on a table, he makes a move to grab a handgun to shoot Ellie first. Unfortunately for Owen, Ellie's survival instincts kick in and she shoots him first.
Three down, two to go, eh Ellie?(Image credit: HBO)
The bullet passes through Owen's neck, killing him instantly. After exiting the back of Owen's throat, it hits Mel, who's standing behind him. The bullet slices her neck, nicking an artery in the process, which results in Mel collapsing and bleeding out.
Ordinarily, this would be a tragic accident in its own right – after all, Mel was unarmed and made no attempt to harm Ellie. However, Mel makes things even worse for Ellie (and, by proxy, us as viewers) before she dies by revealing she's heavily pregnant.
If Ellie felt incredible guilt and shame over what she'd done to Nora, she feels 50 times worse over not only taking Mel's life, but also that of her innocent unborn child. It's a moment that hits home even harder when you consider how much danger Ellie has put a pregnant Dina in since the pair left Jackson, Wyoming, too.
Abby tracks down Ellie and company to get revenge for Mel and Owen's deaths(Image credit: HBO)
Jesse, Owen, and Mel aren't the only casualties of season 2 episode 7 – well, that's what The Last of Us wants you to think. One of the finale's last shots shows Abby pointing her sidearm at an unarmed Ellie, who shouts "no no no!" before the screen cuts to black as a shot is fired.
There's no way that the hit Max show just bumped off another of its main characters in Ellie, right? In short: no, she doesn't die. Ellie is the protagonist of this TV series and The Last of Us Part II. Spoilers notwithstanding, her story is far from over in HBO's live-action adaptation.
So, who fired the shot that we hear? I'm not going to ruin that now. You'll just have to wait for season 3 (more on this later) to arrive. Or, you know, you could watch a playthrough of The Last of Us 2 on YouTube if you want an answer ASAP.
Is there a mid-credits scene in The Last of Us season 2 episode 7?
As of season 2 episode 7, Dina is still alive(Image credit: Liane Hentscher/HBO)
There's no mid-credits scene to stick around for.
This season's final scene doesn't count as one, either. Sure, it drops a big hint about how season 3 will begin (more on this shortly), but it's a brief scene that takes place before the end credits start to roll. So, it can't be classed as a traditional mid-credits stinger.
Does The Last of Us season 2's final episode have a post-credits scene?
Expect to see more of Isaac in The Last of Us' third season(Image credit: Liane Hentscher/HBO)
Nope. The Last of Us season 2 doesn't have a post-credits scene, either. Based on how the show's latest episode ends, it doesn't need one.
When will The Last of Us season 3 be released?
Trying to get word on when season 3 will make its worldwide debut like...(Image credit: Liane Hentscher/HBO)
It's likely that work has been going on behind the scenes on season 3 for some time. Indeed, I'd be surprised if the show's chief creative team hasn't been penning its scripts, location scouting, and conducting other pre-production elements for months at this point.
Nevertheless, with filming yet to begin on The Last of Us season 3, I suspect it'll be mid-2027 at the earliest before it launches worldwide.
What does The Last of Us' season 2 finale tell us about the plot of season 3?
Season 3's first few episodes will jump back in time to depict events from Abby's viewpoint(Image credit: HBO)
Season 2 episode 7's final scene suggests that next season will give us an entirely different perspective on the events that play out during Ellie and Dina's first 72 hours in Seattle.
After the screen cuts to black in this season's finale, many viewers might have expected the credits to roll, thereby leaving us on a cliffhanger.
Instead, a new scene begins seconds later, reuniting us with Abby as she's woken up by Manny. He tells her that "they" won't be happy if she keeps them waiting, to which Abby replies she'll be there in five minutes.
Once she's fully come to, Abby steps out onto a balcony overlooking a football stadium that's been repurposed as a headquarters for the Isaac-led antagonistic faction known as the Washington Liberation Front (WLF). After she surveys the scene, Abby heads back inside as the words 'Seattle, Day One' appear in the bottom left-hand corner of the screen.
We'll witness Ellie's first 72 hours in Seattle from Abby's perspective next season(Image credit: HBO)
This is the same location and time stamp that appeared in season 2 episode 4 when Ellie and Dina first arrive in Seattle. So, The Last of Us season 3's first few episodes, if not the entirety of next season, will travel back in time and cover the same three-day period in the US Pacific Northwest city through Abby's eyes.
That won't be a surprise to those who have played The Last of Us Part II. As the deuteragonist of the aforementioned video game, Abby was a playable character for half of the story depicted in the second entry of Naughty Dog's acclaimed and multi-award-winning game franchise. That means her side of the Seattle-based story, which runs concurrently to Ellie's, will be brought to life in season 3 of HBO's TV adaptation.
There's a lot of ground to cover in the Abby-centric part of the story, too. What were Owen and Mel planning to do before Ellie interrupted them? Who's the father of Mel's baby? How did Abby know where to find Ellie and co. in Seattle? What convinced Isaac to choose Abby as the WLF's new leader? Why does Isaac believe the WLF's current leadership is set to perish during the assault on the Seraphites' main headquarters? And does Manny meet the same fate as Owen, Mel, and Nora at Ellie's or someone else's hands, or is he still alive somewhere?
These questions will need answering in season 3 and beyond if The Last of Us officially ends with its rumored four-season plan. I could provide more details now, but again, I don't want to spoil anything significant about Ellie and Abby's journeys from this point on in the story. So, unless you scour the internet for answers now, you'll have to wait until season 3 arrives for them.
