Once again threat actors kept cyber pros on their toes in 2025 in a never-ending cat-and-mouse game.

But amid the noise, there were some notable stories and incidents affecting household names in the UK – the likes of Marks & Spencer, Co-op, and Jaguar Land Rover – meaning that 2025 will undoubtedly live long in the memory.

Here are Computer Weekly’s top cyber crime stories of 2025

Heralding a dominant narrative in 2025 – that of threat actors exploiting artificial intelligence (AI) models – at the start of the year, Google’s Threat Intelligence Group (GTIG) published new information revealing how nation-state-backed threat actors hailing from countries such as China, Iran, North Korea and Russia were attempting to abuse its Gemini AI tool.

GTIG said it observed threat actors using Gemini to support various phases of their attack chains, including procuring infrastructure and bulletproof hosting services, reconnoitering targets, researching vulnerabilities, developing payloads and assisting with malicious scripting and post-compromise evasion techniques.

At the end of March, the UK’s Information Commissioner’s Office (ICO) issued a £3.07m fine to Advanced Computer Software Group, since renamed OneAdvanced, over a 2022 LockBit ransomware attack that crippled NHS services when the victim was forced to pull a key patient management platform offline.

In a warning to others, the regulator found that OneAdvanced’s health subsidiary lacked appropriate technical and organisational measures to guarantee to security of its systems, and highlighted gaps in multifactor authentication (MFA), vulnerability scanning and patch management.

In April, just before the Easter holiday weekend, one of the biggest cyber attacks of the year unfolded against high street stalwart Marks and Spencer (M&S). The initial incident saw the retailer forced to pull multiple public-facing services offline, including online shopping, click-and-collect, and contactless payments.

Days later, a second cyber attack affecting the Co-op Group drew more attention, and it soon emerged that the attacks were not the work of career Russian hackers, but an English-speaking hacking collective known as Scattered Spider.

By midsummer, Scattered Spider attacks were spreading fast, with the hacking gang’s members turning their attention to other industries – at first the insurance sector and then aviation.

Almost as soon as Mandiant threat researchers issued an alert on 27 June, multiple airlines reported cyber incidents, and more were to follow.

On 10 July, the UK’s National Crime Agency (NCA) announced the arrests of four people in its investigation into the M&S and Co-op attacks.

The arrests of two men aged 19, a third aged 17 and a 20-year-old woman were made at their home addresses in London, Staffordshire and the West Midlands, with support from West Midlands Regional Organised Crime Unit (Rocu) and the East Midlands Special Operations Unit.

In August, a string of attacks by the ShinyHunters hacking collective orchestrated via Salesforce products caught the world’s attention, with Adidas; LVMH brands Dior, Louis Vuitton, and Tiffany & Co; jewellery company Pandora; insurance companies such as Allianz; and airlines such as Qantas and Air France-KLM all implicated.

Researchers working the problem turned up evidence suggesting a deliberate partnership between ShinyHunters and Scattered Spider, both of which had previously been linked to the wider cyber crime network known as The Com.

At the start of September, UK carmaker Jaguar Land Rover (JLR) became the latest organisation to fall victim to a major cyber attack, and once again, it was hackers linked to alleged to be responsible for the incident, which hit production at the company.

In the following days and weeks, the scope of the cyber attack began to widen to include many of JLR’s suppliers, as the firm was forced to repeatedly delay restarting its production lines.

From summer onwards, multiple organisations, including many prominent universities and media organisations in the US, and possibly some NHS bodies, were targeted by the Cl0p cyber extortion gang after its members successfully weaponised a vulnerability in Oracle E-Business Suite (EBS).

In October, Oracle responded with an out-of-band patch for the remote code execution (RCE) flaw in the widespread EBS ecosystem – the product is deeply embedded in enterprise financial and operational systems, meaning Cl0p may have had access to a large number of extremely high-value targets.

As disruption from the JLR incident rolled on through the autumn, and the economic effects widened to include a contraction in the UK’s gross domestic product (GDP), the Cyber Monitoring Centre (CMC), a cyber security non-profit, declared the incident a Category 3 Systemic Event on its ‘hurricane’ scale.

Accounting for various factors, the CMC said the financial cost of the incident would likely hit about £1.9bn, and could potentially run higher, and described it as the single most damaging cyber attack ever to hit the UK.

There was, however, good news for (some) hackers at the close of 2025, as the long-running battle to reform the outdated Computer Misuse Act (CMA) of 1990 took a step forward when it was announced that the government planned to make changes that would protect ethical hackers from prosecution by giving them a statutory defence in law.

The CMA, while it has successfully been used to prosecute cyber criminals, also risked criminalising ethical hackers and security researchers for doing their job through the specific offence of ‘unauthorised access to a computer’. Campaigners say changing the law will boost Britain’s security industry.

Source

We may receive a commission on purchases made from links.

Fitbit is one of the most popular brands in the world for fitness trackers, now also making smartwatches like the Fitbit Versa 4 and Fitbit Sense 2. Fitbit’s current lineup of fitness trackers is made up of the Fitbit Inspire 3 for $99.95, and the Fitbit Charge 6 for $159.95. Both devices are capable of collecting data such as heart rate, blood oxygen (SpO2), and sleeping patterns, and they also automatically detect and track specific exercises. The Fitbit Charge 6 adds built-in GPS for more accurate running and biking metrics, extra sensors to enable electrocardiogram (ECG) readings or electrodermal activity (EDA) scans, plus wider support for apps such as Google Maps and Google Wallet.

To make the most out of the Fitbit Inspire 3 and the Fitbit Charge 6, Fitbit Premium is necessary. While every purchase of these devices comes with a six-month subscription for free, it eventually becomes $9.99 per month or $79.99 per year. Fitbit Premium provides personalized insights on your health metrics, as well as a library of workout and mindfulness sessions.

However, if you’re checking out what else is out there — either due to cost, style, specific features, or a preference for another tech ecosystem — take a look at these eight Fitbit alternatives that we’ve carefully selected. More information on our reasons for selection can be found at the end of this article.

Samsung Galaxy Fit 3

The Samsung Galaxy brand is usually linked to flagship smartphones like the Samsung Galaxy S25 series and the Samsung Galaxy Z Fold 7, so it may come as a surprise that a fitness tracker from this manufacturer leads this roundup of Fitbit alternatives as a budget-friendly option. This isn’t a mistake though, as the Samsung Galaxy Fit 3, which has a 4.3 rating on Amazon with nearly 1,400 reviews, will only cost you $54.95.

The Samsung Galaxy Fit 3 is a great choice for a basic fitness tracker, with support for more than 100 workout modes, and advanced health tracking that includes SpO2 and snore detection. It also has a 1.6-inch AMOLED display, and the ability to go with you on a swim with 5ATM and IP68 water resistance. If you care about counting your daily steps, it’s very accurate at that, according to Redditor u/ajitjadhav-28, who also said that its user interface is fast and feels premium. According to this user, the fitness tracker doesn’t reach its advertised 14-day battery life though — an experience echoed by u/Humble_Collar3574. Still, the device is a no-brainer for its price and the brand that it carries. 

Xiaomi Mi Smart Band 10

Xiaomi is a Chinese consumer electronics company with a presence in the mobile, smart home, and wearables spaces. The Xiaomi Mi Smart Band 10 is an impressive version of its fitness tracker. Selling for a relatively affordable $56.99, the device has already amassed over 3,500 reviews on Amazon with an impressive average rating of 4.5 stars, despite only being on the market for six months at the time of writing. 

The 1.72-inch AMOLED display with ultra-thin bezels makes the Xiaomi Mi Smart Band 10 stand out, especially if you favor large screens. Plus, its battery life of up to 21 days on a single charge is exceptional for a fitness tracker at this price. The device offers enhanced accuracy with its precise electric compass, and comprehensive sleep monitoring. However, Redditor u/Icy-Cause-8806 flagged that the “the software experience on iOS is rough” for the Xiaomi Mi Smart Band 10, so you may want to look elsewhere if you’re planning to pair your fitness tracker with an iPhone. It “works super fine” with Android smartphones, particularly Xiaomi devices, according to Redditor u/BRSProZ. 

Amazfit Bip 6

The Amazfit Bip 6 is another more affordable alternative to Fitbit’s fitness trackers at $79.99. The brand is not as popular as Samsung or even Xiaomi but that shouldn’t be a concern, especially with this wearable device scoring an average of 4.4 stars after more than 3,500 reviews. In fact, Amazon user Moon Hrafn-Úlfur doesn’t hold back in describing it as “better than a Fitbit” after leaving a 5-star rating.

Unlike the Samsung Galaxy Fit 3 and the Xiaomi Mi Smart Band 10, the design of the Amazfit Bip 6 looks more like a smartwatch with its 1.97-inch AMOLED squarer screen. The fitness focus is still there though, with support for more than 140 workout modes, 24/7 monitoring for health metrics such as heart rate and stress, and 5ATM water resistance so that you can wear it whenever you’re swimming. The device also comes with built-in GPS for navigation, downloadable maps, and a 14-day battery life. In a thorough review, Redditor u/gamefan5 flagged an inconsistent software experience with the Amazfit Bip 6’s ZeppOS, and its extremely low storage, but still praised its “unbeatable price and value.”

Garmin Forerunner 55

If you’re planning to buy a fitness tracker primarily for your running sessions, you should check out the Garmin Forerunner 55. It’s the brand’s most affordable running smartwatch at $199.99, so you can expect only the basics from it, but with an average rating of 4.5 stars on Amazon after more than 5,200 reviews, the device should definitely be considered as a Fitbit alternative. Runner’s World recommends the Garmin Forerunner 55 for beginner runners as an entry-level watch, despite its lower-quality screen compared to the brand’s newer models.

The Garmin Forerunner 55 is more expensive than Fitbit’s fitness trackers, but can be worth the extra cost to some because of its running-focused features. With its built-in GPS, the device also offers the brand’s PacePro technology, which provides pace guidance for your chosen course, and other training tools such as estimators for your race time and finish time. You’ll be able to access all the health metrics that the Garmin Forerunner 55 tracks through the Garmin Connect app, and its battery can last up to 20 hours in GPS mode, or up to 2 weeks in smartwatch mode. Some runners may prefer the slimmer profiles of dedicated fitness trackers though.

Apple Watch SE 3

The Apple Watch SE 3 is the highest-rated product on Amazon in this roundup, with an average score of 4.7 stars, though it only has just over 500 reviews as Apple’s new smartwatches were just released in September, 2025. It’s Apple’s latest entry-level wearable device with a price of $249 for its GPS, 40mm version, but it keeps a lot of the health-related features from the brand’s more expensive models. According to reviews from TechRadar, The Guardian, and CNET, the Apple Watch SE 3 keeps up with the Apple Watch Series 11 and Apple Watch Ultra 3, with TechRadar even claiming that it’s “the best Apple Watch for most people.”

With the Apple Watch SE 3 on your wrist, the Vitals app will keep track of important metrics such as your heart rate, respiratory rate, and sleep duration. You’ll be missing out on blood oxygen monitoring, the ECG app, and hypertension notifications, which are available on the Apple Watch Series 11 and Apple Watch Ultra 3. However, for its price, the Apple Watch SE 3 is a comprehensive fitness device that slots into your Apple ecosystem if you’ve already invested in an iPhone. That’s actually a requirement, as Apple’s smartwatches will not work with Android smartphones.

Whoop 5.0

Part of the appeal of fitness trackers over smartwatches is that they attract less attention and don’t cause as many distractions. The Whoop 5.0 takes these benefits up a notch by eliminating the screen altogether. Some might think that paying $199 for a wearable device without a display is too much, but those who have purchased the Whoop 5.0 appear to be impressed, as it has an average score of 4.2 stars on Amazon from more than 1,500 reviews. Amazon user Robin Winiarczyk said it’s “an absolute game changer” after wearing Fitbit devices for more than a decade.

Instead of displaying the data that it collects through a built-in screen, you’ll be able to access the information through the Whoop app. Using the Whoop 5.0’s accurate tracking of your heart rate, VO2 Max, and other important metrics, you’ll receive daily recommendations and insights on how to further improve your health. It’s also very comfortable to wear, which makes it ideal for sleep tracking, according to Redditor u/BusyMathematician854. The fitness tracker requires a subscription though, and while your purchase comes with 12 months free, you’ll need to pay at least $199 per year, or $25 per month afterwards as an additional cost.

Oura Ring 4

For those who don’t like wearing anything on their wrists, or if you’re reserving that area for your favorite traditional watches, you can still monitor important health metrics through fitness-tracking rings. One of the best smart rings in the market is the Oura Ring 4, which has more than 6,800 reviews on Amazon and a 4.2 average rating. It’s the most expensive device in this roundup though, at $349.

For some people, it will be more comfortable to wear the Oura Ring 4 on their finger over a Fitbit fitness tracker on their wrist. It’s water resistant with an eight-day battery life, and with no screens or vibrations, it will not cause any distractions. The Oura Ring 4 works silently to provide you with daily sleep and readiness scores, with Redditor u/SpaceAgePanda claiming that it showed how waking up very early was affecting his health so he decided to change jobs. However, to unlock advanced tracking features for more than 50 health metrics, such as heart rate and blood oxygen, as well as more detailed analysis and deeper personalization, an Oura membership is required. You’ll only get one month for free, and it will cost $5.99 per month or $69.99 per year afterwards. It’s up to you to decide whether all of these benefits are worth the total cost.

Google Pixel Watch 3

With Google’s acquisition, the Fitbit app was integrated into the Google Pixel Watch. As the Google Pixel Watch 4 is the latest release, it has less than 300 reviews on Amazon, so we’re going with the Google Pixel Watch 3 as our recommendation. With over 1,600 reviews and an average rating of 4.4 stars, this wearable device is a great alternative if you want Fitbit technology in a modern Android smartwatch package that costs $249.99.

In our Google Pixel Watch 3 review, we highlighted its well-designed software with Wear OS 5 — though you can upgrade to Wear OS 6 as soon as you receive the device — and its very responsive performance. You’ll have better control over your fitness with the ability to build custom runs, plus audio and haptic cues for when to change your pace. It has support for more than 40 workout modes, and the Morning Brief feature that starts your day with a summary of insights based on the data that the smartwatch collected. Unlike Fitbit fitness trackers, Google removed the need for Fitbit Premium to access a lot of the Google Pixel Watch 3’s health-related features, but it still comes with six free months of the subscription.

How we selected the best Fitbit alternatives

PJ McDonnell/Shutterstock

In selecting Fitbit alternatives, our priorities were product quality and customer satisfaction. All of our recommendations have an average score of at least 4.2 stars from Amazon, following at least 500 user reviews.

The devices range from budget-friendly fitness bands to feature-packed smartwatches with health components, to provide you with a wide range of choices. If you’re looking for alternatives to Fitbit fitness trackers to save on costs, make sure that your device will be supported in the future. If you just want to see if there’s something more appropriate for you, at least one of our recommendations should meet your needs.

Source

There are few certainties in life: death, taxes and massively increased workloads on infrastructures through the unstoppable rise of AI.

And enterprises and connectivity providers know only too well that AI has fuelled an unprecedented surge in network demand. Keeping pace with the next wave of AI growth will require new long-haul networks to enable the rapid scaling of capacity needs in both existing and emerging enterprise setups – especially within datacentres.

The emergence and widespread adoption of agentic AI-enabled applications is reshaping datacentre requirements, prompting a rapid evolution in networking solutions. AI is driving these advancements, with a dual opportunity for network innovation and operational transformation.

Research earlier in 2025 found that core fibre investment is key to future AI growth, but four-fifths of firms delay builds because of network infrastructure constraints. In addition, global network connectivity provider Zayo predicted AI-driven datacentre capacity to grow 2-6X over the next five years while optical comms technology provider Ciena reported that AI capacity doubling every six months, with hundreds of fibres connected to datacentres being lit up.

Looking at the networks of the future, in October 2025 Cisco noted that two major forces are starting to reshape the landscape: AI agents, which raise the bar for scale, security and governance; and AI infrastructure debt, the early warning signs of hidden bottlenecks that threaten to erode long-term value.

Assessing in April 2025 how to solve these issues, leading research firm Omdia observed that to drive the continued growth of the global AI economy, networks will need to evolve significantly to deliver enhanced capabilities. New, advanced optical networks, it said, were necessary to meet advanced application and service requirements and address surging capacity needs within tight capex targets.

As well as supporting business agility to match bandwidth supply to service utilisation, these new nets – such as all photonic networks – also offer with lower power consumption per bit to meet sustainability goals and reduce energy costs.  

And, perhaps most importantly, the benefits of AI in networking can’t be realised fully without considering networking for AI.

Here are Computer Weekly’s top 10 networking stories of 2025.

Just as AI offers a substantial increase in business efficiency and effectiveness, it also places challenges on the network, necessitating increased network and operational innovation. With such dynamics in mind, Nokia is expanding and enhancing its datacentre networking portfolio to meet the increasing performance and scalability demands of connecting AI workloads.

Furthermore, the comms tech company believes that it is able to do this while taking advantage of AI to drive efficiency and reliability into operations.

Datacentres, the cloud and graphics processing units (GPUs) dominate much of the tech sustainability conversation currently due to their vast energy needs. However, it’s the network infrastructure – including routing, interconnects and protocols – that is becoming the real bottleneck as AI workloads increase, due to heat output, cost and energy usage.

AI workloads put a considerable amount of pressure on networks as they are very different from traditional and predictable consumer and cloud traffic, such as streaming and web browsing. AI workloads such as large model training require high-bandwidth, persistent east-to-west traffic. This has led to a key question: can European infrastructure companies scale AI operations sustainably?

Building on its enterprise network architecture, Cisco has embarked on a plan to modernise its campus, branch and industrial networks for the AI era with systems designed to simplify operations across campus and branch deployments such as network configuration

Cisco believes the new products can simplify operations, scale for evolving business needs and enhance security – all critical for unlocking the full potential of enterprise.

The upgrades follow the launch of the IT and networking giant’s AI-ready secure network architecture for enterprises earlier in 2025. They are fundamentally designed to deliver automated deployment and security across highly distributed networks in minutes instead of months, meeting the high-bandwidth, ultra-low latency and intelligent traffic management demands of distributed AI workloads that are increasingly moving to the enterprise edge.

Research has found that “pacesetter” companies are significantly more likely to move network AI pilots into production, and 50% more likely to report measurable value from AI.

The Cisco AI readiness index 2025 revealed that while the AI genie is out of the bottle for organisations for all sizes, only 13% of businesses are fully prepared for it, with those ready as much as four times more likely to move pilots into production and 50% more likely to see measurable value.

Cisco added that the combination of foresight and foundation is delivering real, tangible results at a time when AI agents and AI infrastructure debt were starting to reshape the tech landscape.

As businesses integrate AI into more applications, demand for high-speed, low-latency, secure networks has surged, but a study from IDC has revealed that legacy infrastructure is no longer sufficient to support the scale and complexity of current, never mind future, AI workloads, and emphasises that network modernisation is crucial to ensuring AI success.

The study highlighted how networks were seen as the critical foundation empowering AI-driven growth. More than 78% of companies regarded networking capabilities as either important or very important when selecting providers for GenAI infrastructure, underscoring the need for networks that can handle and secure ever-scaling AI workloads while running complex AI training, inference and storage clusters with ease.

Research from RtBrick has warned that network operators are at risk of being “overwhelmed” by the demands of AI and streaming services on bandwidth in the next five years.

The carrier routing software provider’s study identified issues regarding not just technology but also people and processes. Consumer expectations were rising faster than the networks designed to meet them and despite significant investment in AI, operators admitted they can’t fully optimise networks without access to more real-time data and network modernisation delayed through staff issues.  

There are few industries these days that are not influenced by AI. Networking is very much one of them. It is barely conceivable that any network of any reasonable size – from an office local area network or home router to a global telecoms infrastructure – could not “just” be improved by AI.

In other words, the implementation of AI results in operational efficiencies, increased reliability and user benefits. But as we know, nothing in life is simple, and to guarantee such gains, AI can’t be “just” switched on. 

A progress report from metro and long-haul data connectivity firm Lumen Technologies has shown a quickening in pace in its network expansion to meet massively increasing workloads, including new fibre miles, added network capacity and coast-to-coast US build.

Altogether, Lumen said it has delivered “significant” progress in its mission to build the backbone for the AI economy, delivering the capacity upgrades and high-speed connectivity enhancements needed so that enterprises can power their AI workloads. It said that it was preparing to deliver the bandwidth required to handle large volumes of data processing, creating what the firm believes is the required high-performance pipeline for AI workloads. 

Network giant Cisco has unveiled simplification of its network operations and claims to be in a position to deliver exponential performance with next-generation devices, all while fusing security into the network and making new business workflows possible.

As it announced the platform, the company quoted findings from its IT networking leader survey, which stressed how a major infrastructure shift was underway and that AI could either double the strain or solve it.

Specifically, the research found that 97% of businesses believe they need to upgrade their networks to make AI and IoT initiatives successful. Faced with these challenges, IT teams needed a new approach to scale operations, reduce downtime, and unlock new levels of efficiency and innovation. Cisco warned that there would only be two types of company in the future: those that are really adept with their use of AI, and those that really struggle.

Even though very few businesses around the world are resisting the allure of artificial intelligence (AI), research commissioned by Expereo has revealed a number of major roadblocks to UK AI plans, such as poor infrastructure, resistance from employees, and unreasonable demands, while two-fifths of UK CIOs have warned of unrealistic board expectations of AI.

Despite some of the worrying findings revealed, the research also painted a positive picture for the promise of AI, but only if businesses can overcome existing challenges. Some 88% of UK business leaders surveyed regarded AI as becoming important to fulfilling business priorities in the next 12 months. 

Source

We may receive a commission on purchases made from links.

USB drives or flash drives are convenient, mostly because they’re compact and portable. They come in a range of storage capacities, even up to 2TB in some cases. But typically, in a head-to-head, solid-state drives offer much faster speeds. If you’re planning to do anything substantial like transferring large, high-resolution video files, booting into an operating system like Windows from a portable disk, or even playing games off the drive, a solid-state drive is the better option. But you can also lose out on the compact and portable format. Unless you go with a portable solid-state drive, or something even meant to mimic USB thumb drive formats like the Kingston Dual Portable Solid-State Drive. 

It’s “dual” because it’s two-sided, with a USB-A connector on one side and a USB-C connector on the other. It supports USB 3.2 Gen 2, the latest USB standard behind USB4, to deliver read speeds up to 1,050MB/s and write speeds up to 950MB/s. Those are blazingly fast compared to standard USB, but this little drive can also plug into a host of devices including desktops, laptops, and even smartphones or tablets. There are no extra cables or adapters needed. At $127 for the 512GB, $155 for 1TB, and $328 for 2TB, the prices are reasonable, though you also have to consider the format. Just to compare, a SanDisk 2TB Extreme portable solid-state drive is $210 at full price but it’s also quite a bit larger. The SanDisk also requires a cable, whereas the Kingston does not. USB cables and connectors are backward compatible, so if you plug this Kingston into an older USB port it will still work, it will just slow down transfer speeds quite a bit.

What else is there to know about the Kingston portable SSD?

Kingston’s warranty is very good, for starters, good for up to five years or “SSD Life Remaining,” with free technical support. The solid-state drive is also compatible with a variety of devices, including Windows, macOS, Linux, Chrome OS, iOS, iPadOS, and Android, all of which are listed on the official product page. It does mention that some mobile devices may require an OTG adapter, though no models are specifically listed.

The real allure is the size and the advertised speed, up to 10Gbps with compatible USB 3.2 Gen 2 devices via USB-C. Knowing which USB ports you have available and which USB ports you’re using does matter. Plug into a USB 2.0 or standard USB 3.0 port and you’re not going to get the maximum speeds. The good news is, pretty much everything either includes or uses USB-C ports now, versus the standard USB-A. But with this Kingston solid-state drive, you don’t have to choose per se. You can use whatever is available as the drive has Type-A and Type-C right there. As for size, it will fit right in your pocket, a side pocket in your bag, or you could even carry it because it’s so lightweight. The chassis or shell is metal, so it’s quite durable as well.

Source

PixieMe/Shutterstock

Virtual reality headsets became one of the most exciting new entertainment products in the last few years. Millions of people rushed to buy their Meta Quest 3 headsets with better VR, and for many, it became a go-to gaming device. Although gaming is definitely a major draw, the Meta Quest is capable of far more than that with the right apps. This platform can easily shift from entertainment to productivity, creativity, fitness, or even education. With the right apps, your VR headset can transform into a private movie theater, a fitness studio, or a meditation retreat. These experiences are not only fun but genuinely useful, and they perfectly show how versatile VR can be.

Let’s take a look at five essential apps that every Meta Quest owner should consider installing. We chose them based on personal experiences, user reviews, and recommendations from various forums, so you can open the door to a different side of virtual reality. Some allow you to watch movies with your friends, while others let you explore your PC game library, learn a new language, or support your mental well-being.

Bigscreen Beta

If you’re looking for a shared, immersive entertainment experience, Bigscreen Beta is a must. It lets you turn your Meta Quest VR headset into a social movie theater, and more. Just like in real life, you can invite friends to join your room, pick a cozy setting, such as a campfire or a dark movie theater, and watch movies, series, and YouTube clips together. Because Bigscreen supports social VR chat rooms, you can use it to hang out with up to 12 of your friends to talk and watch content together. Co-watching allows you to use the Cloud Browser, so you don’t need a PC to stream web content into the game.

But one of the coolest Bigscreen features is remote desktop streaming. You can connect your Windows PC and stream its screen to your headset. This allows you to play video games on a giant virtual TV. Use this feature to browse the internet in VR or watch 3D movies that your computer is handling, all through the app’s built-in video player.

That said, some users report bugs, including audio issues, laggy videos, and even black screens while streaming. Although Bigscreen Beta itself is free, the Cloud Browser this app uses is not. After its two-hour trial period passes, you have to pay $9.99 a month to keep using it.

Steam Link

If you ever wondered what it would be like to stream your entire Steam library into your Meta Quest VR headset, the Steam Link app lets you do exactly that — and it’s not limited to VR games. You can also stream regular PC games as you would on your phone. You don’t need third-party tools to make a connection, as Valve officially released a version of this app for Quest headsets. Simply install Steam and SteamVR on your PC and run them together with the Steam Link app on your Quest.

One of the biggest advantages of Steam Link is how easy it is to play VR games such as “Half-Life: Alyx” on your Quest. You will no longer be limited by the headset’s hardware. Instead, you can rely on the power of your PC to run the game and let your Quest simply stream it. Thanks to the newest update, you can run all games on a virtual Big Picture-style screen (think Bigscreen from the previous section) without having to jump into SteamVR mode. Also, thanks to Steam Link, you can use your gamepad or hand tracking as a game controller.

Keep in mind, you must have a really good internet connection for the Steam Link streaming to be seamless. A slow connection means you’ll experience heavy lag, frame drops, or reduced image quality. Additionally, how smoothly games will run depends on your computer’s specs.

Mondly: Practice Languages in VR

Mondly in VR is an engaging and practical app that lets you learn and practice a new language like with ChatGPT, but in a VR world. Instead of just creating practice cards for you like others, it lets you actually talk to virtual characters in realistic settings, such as a hotel reception desk, a restaurant, or a train station. The built-in speech recognition and chatbot technology set Mondly apart from other language-learning apps. This app is capable of evaluating your pronunciation in real-time to give you direct feedback. You get to actually practice your speaking, which should give you confidence to speak a new language in a real setting.

Mondly VR lets you choose between 30 languages, including the most popular ones such as German, Spanish, and French. You won’t just memorize phrases to use, but practice real dialogue in a controlled environment. The Meta Quest headset will help you focus, concentrate, and immerse yourself in the scenario. You can even enter a multiplayer mode and practice your language skills with other players.

The only drawback of Mondly is that it recycles scenes. The same train or restaurant might be used for different scenarios and different languages, which might make the experience seem repetitive. It’s harder to immerse in the language and culture of Japan, for example, if a scene from a Spanish restaurant is used. Also, while speech recognition is excellent, the feedback is not detailed. Still, Mondly should prepare you for practical situations.

Mindway

If you’re looking to nurture your mind in a gentle, immersive way, consider Mindway, a standout wellness app for Meta Quest. This app blends mindfulness meditation, ASMR, sleep support, and community experiences in a single VR space. One of the biggest advantages of this app is that its content is divided into small chunks. Instead of having to endure long and rigid meditation sessions, you can choose exercises that are short and easy to manage. That way, you can take care of your mental well-being even when life gets busy.

Mindway lets you wander through VR landscapes, such as emerald green forests or soft, glowing skies. That way, each session seems like a little escape from reality. Mindway also offers structured meditation courses that help you build deep habits over time. It can teach you how to handle difficult emotions or how to speak mindfully. You also have Peer-support sessions, called the “Fireside,” that let you connect with others in a virtual group experience. If you have the Quest 3, you can get access to a new feature: “Build Your Own Meditation” mode. Here, you can combine breathing exercises with real-world surroundings.

Unfortunately, to unlock access to the full Mindway experience, you’ll need to pay a fee of $5 a month or $50 for permanent access. Longer meditation courses and sleep content are also locked behind a paywall. The subscription might be an obstacle if you just want to explore this app, but if you feel like you need VR help with mental health, Mindway is an excellent choice. Alternatively, you can also check out the Tripp VR Meditation app.

Supernatural: Unreal Fitness

You might often feel as if working out is a chore, especially on that dreaded leg day when you end up crawling up the stairs. So why not turn exercise into a game? Supernatural: Unreal Fitness is an app for Meta Quest that lets you turn your workout session into a real flow of punches and squats, all while listening to big-name artists. You also get to visit impressive places like the Great Wall of China, the sandy Sahara Desert, and the Moon.

Supernatural Fitness is specifically designed to combine movement and motivation. There are different workout categories such as recovery and stretch, boxing, and flow. Each of these categories offers a different virtual experience. In boxing, you get to punch flying orbs, while flow makes you swing virtual batons. Coaches guide you through the exercises and motivate you to push yourself beyond your boundaries.

If you’re skeptical about VR exercises, a 2022 study led by the University of Victoria — but commissioned and funded by Supernatural — explains how this app offers vigorous exercise and contributes to weekly cardio goals. Unfortunately, Supernatural Fitness comes with a $99 yearly subscription plan that might feel more expensive than the fitness apps for your Apple Watch and iPhone. You’ll also need a lot of space where you’ll do your exercises due to all the swinging and punching you’ll have to do. After all, you don’t want to end up punching the TV.

How we selected the essential Meta Quest apps

Sidney van den Boogaard/Shutterstock

We set out to find the best, most essential apps for the Meta Quest to help you get the most out of your VR headset. We went for a highly diverse mix of apps that allow you to explore different aspects of virtual reality according to your interests. To curate this list, we paid special attention to user reviews and feedback from Redditors as well as other user forums. We selected only the apps with a minimum user score of 3 out of 5 stars on Meta’s app store, and we paid attention to all constructive feedback coming from users. While we mostly focused on popular apps with more than 1,000 reviews, we didn’t want to miss any hidden gems. So we’ve carefully considered the usefulness and fun factor of a couple of less popular apps that still had a great user score and solid feedback.

Source

Tada Images/Shutterstock

Budgeting can be a difficult thing to wrap your head around, with credit cards demanding so much of our spending and checking out is as easy as a tap. While you could lean on ChatGPT tips to save money, considering a high-quality budgeting app can take out a lot of the guesswork. Mint was the gold standard for many years — serving as one of the earliest and most trusted ways to get a handle on your spending and your accounts. 

But in March of 2024, Mint’s parent company Intuit shut down the standalone app to direct users to its other service, Credit Karma. While this shutdown left many users questioning why and how, it also left them wondering where to turn to replace Mint. Whether you’re looking for an easy-to-use budget app like Mint, you want something wholly different, or you just want a FinTech app that’s more helpful than Robinhood, there’s a lot to consider out there.

Quicken Simplifi

Quicken on the whole is a popular choice for small business owners and bookkeepers thanks to its powerful business tracking tools and in-depth reporting. Quicken Simplifi, as the name implies, is really meant as a simpler choice aimed at those who want to budget for their personal lives. Unlike some of Quicken’s other programs, Simplifi is available through a web browser, so you can check in without the need to install an app. There is, of course, also a mobile app that offers many of the same features.

Quicken’s goal with the Simplifi app is to provide a more “automatic” approach to budgeting. Rather than manually assigning spending category goals, the app takes your inputted accounts and spending history, and manages the tracking for you. It delivers what Quicken calls a Spend Plan that’s customized to your behavior every month. This makes it great for someone who wants a holistic look at their budget and what to do, but doesn’t want to spend a whole lot of time considering and adjusting. Many satisfied users support the simplicity, especially when compared to complicated spreadsheets.

Monarch Money

Monarch Money is sort of the new kid on the block when it comes to replacing Mint. While it was founded back in 2018, it more recently raised $75 million to back its simple, design-forward approach to personal finance. The key with Monarch is its clean, user-friendly interface that puts a focus on the content and how it can help with your approach to budgeting. This budget app also features free collaboration with one partner — so it’s a solid choice for spouses or significant others looking to help you fill out a complete financial picture.

Monarch Money does operate with a subscription model, it costs $14.99 per month, like many other similar apps, but it’s transparent about why. Monarch promises that its leading data connectivity and decision not sell personal financial information are all tangible benefits of your monthly payment. Users also laud the multiple ways to slice and dice your budget, meaning you won’t have to conform to one approach that may not fit your life.

You Need a Budget

You Need a Budget (YNAB), one of the best finance apps to manage Apple Card spending, positions themselves as a method with an app in support of that method. What’s the method? Making sure that every dollar you bring in has a job. The way this comes to life on the app is a system where you assign roles for each dollar. For example, $5 a week to coffee, $2 a week to your Netflix subscription, and $10 a week to savings. The idea is to bring intentionality to your money.

One of the strongest cases for YNAB is just how vocal its users are. Many Redditors are staunch supporters of YNAB’s active (not passive) approach to finance. While some folks admit that it can feel manual and a little pricey at $14.99 per month, this investment in both time and money should boost accountability and make you more aware and passionate about reaching your financial goals. It’s the completionist’s way to replace Mint.

Copilot Money

One of the flashiest budgeting apps out there, Copilot Money, takes design cues from the Robinhood playbook — and that makes sense because it also features an investment tracking component that feels a bit beyond the more basic budgeting apps out there. What makes Copilot Money notable is its best-in-class app functionality. Featuring well-loved tablet, desktop, and mobile apps, it’s an ideal option for those who want to build an “ecosystem” around their budget app. While other budgeting apps on this list offer cross-device support, Copilot Money has been improving its interface since 2020.

Some Reddit reviewers note that the price, $13 per month, can feel a bit steep, but what you’re paying for is convenience and innovation. Copilot has a focus on cutting-edge tech, including rule-building and reporting. The team has recently launched AI features to help better categorize that spending. They’ve also earned numerous App Store editors’ choice awards for ease of use and reliability.

Source

Cloudflare has successfully recovered its services after a second outage in the space of three weeks briefly took down Cloudflare Dashboard and related APIs, knocking out multiple online services.

The issues surfaced shortly after 9am GMT (4am EST) and left users unable to access sites such as Canva, Coinbase, LinkedIn, SubStack, X, Zoom, and once again, the DownDetector service relied on by many to monitor web outages.

At the time of writing, the issue was fully resolved and Cloudflare’s status page reported normal operations across its global network.

A spokesperson told Computer Weekly that a change to how Cloudflare’s web application firewall parses requests impacted the availability of its network for about 25 minutes.

“This was not an attack – the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components,” they said.

The flaw in question was tracked as CVE-2025-55182 – although a duplicate identifier, CVE-2025-66478 has also been assigned to it. Referred to by some as React2Shell, it is a critical remote code execution (RCE) vulnerability that affects the React library used to build many web applications.

It affects all React applications that support React Server Components, and notably, according to Rapid7 researchers, server applications may also be vulnerable even if they do not explicitly implement any React Server Function endpoints but do support React Server Components.

Rapid7’s researchers added that many popular frameworks based on React, including Next.js, are affected by the issue.

Successfully exploited, an unauthenticated attacker could gain the ability to execute arbitrary code on an affected server. A weaponised proof-of-concept exploit is believed to have been shared.

“Organisations who use React or the affected downstream frameworks are urged to remediate this vulnerability on an urgent basis, outside of normal patch cycles and before broad exploitation begins,” said Rapid7’s team.

Responding to the Cloudflare outage, Mayur Upadhyaya, CEO of API monitoring and testing service APIContext, said: “When APIs and dashboards at this layer are impacted, the ripple effects are wide-reaching, not because of failure, but because of how much trust we place in these services to function smoothly behind the scenes. 

“This isn’t about blame – all services hiccup. It’s a reminder that resilience isn’t just about uptime – it’s about graceful degradation, clear observability, and understanding dependencies. As complexity grows, continuous testing and real-time signals become key to supporting both providers and customers through high-pressure moments like this.”

Opportunity for threat actors

While the latest hiccup to befall Cloudflare’s services was the result of a change designed to address a security vulnerability and protect its customers, rather than a cyber attack on its services, the incident should still have defenders on alert, said ESET global cyber security advisor Jake Moore.

“We have seen multiple errors like this in recent months which have led to catastrophic downtimes for thousands of websites,” said Moore. “It therefore potentially offers up new opportunities to threat actors wanting to cause mass disruption.”

Cloudflare’s previous outage, which unfolded on Tuesday 18 November 2025, forced the company’s worst period of downtime since 2019, when a change to the web traffic management firm’s bot management system caused a larger-than-expected file feature configuration file to be spread across its network, causing widespread crashes. Such was the scale of this incident that Cloudflare’s response teams initially believed they were dealing with a massive distributed denial of service (DDoS) attack.

Source

Flights to and from Edinburgh Airport are continuing to be beset by delays, after an undisclosed IT issue grounded passengers for around an hour on the morning of Friday 5 December 2025.

The airport issued a statement via its social media channels at around 9.30am, confirming that no flights were currently arriving or departing from the site due an “IT issue” affecting its air traffic control provider.

“Teams are working on the issue and will resolve as soon as possible,” the statement added.

Over the course of a series of messages, shared online with affected passengers, Edinburgh Airport confirmed the downtime was not caused by a “national issue”.

At around 10.40am, a follow-up statement was released by the airport, confirming that flights were resuming, with the unspecified IT issue seemingly resolved.

At the time of writing, no further details about the incident have been released by Edinburgh Airport.

Meanwhile, the airport’s live departures and arrivals information site confirms the incident appears to have had a knock-on impact for many of the flights that are scheduled to take off and arrive there for the rest of the day.

Computer Weekly understands that Edinburgh Airport’s air traffic control provider is a company called Air Navigation Solutions, with the latter company’s website talking about the “long-term partnership” that exists between the two entities.

It states that Air Navigation Solutions is responsible for providing air traffic control and air traffic engineering services to the airport.

Computer Weekly contacted the company to clarify its working relationship with Edinburgh Airport, and to see if it could shed any further light on the cause of today’s outage. At the time of publication, however, no response had been received.

IT issues are often cited as a factor in downtime incidents at airports, serving to underscore vulnerabilities in some sites’ legacy IT systems and datacentres, while highlighting the broader technological challenges site operators face.

Also, given how widespread and high-profile the disruption caused by an IT incident at an airport can be, these sites have also found themselves the targets of cyber attacks.

For example, London Heathrow Airport was among the targets of a wide-scale, aviation industry-focused, ransomware-based cyber attack that came to light in September 2025.

That incident could be traced back to a ransomware attack on the systems of commercial aviation services supplier Collins Aerospace, and caused flight cancellations and delays across Europe, with Berlin, Brandenburg, Brussels and Dublin airports all affected, along with London Heathrow.

Speaking about the incident at the time, ESET global cyber security advisor Jake Moore said the cyber attack served to highlight just how disruptive IT issues can be to the aviation industry as a whole.

“When the supply chain is attacked in the aviation industry, the disruption hits on a damaging global scale. Since the outage stems from a third-party provider for check-in and boarding systems, it shows how a single point of failure can ripple quickly across multiple countries, causing widespread problems,” said Moore.

Source

Paul Neville, director of digital, data and technology at The Pensions Regulator (TPR), is building strong IT foundations as part of a five-year strategy to help transform the organisation from a compliance-based to a risk-based regulator. He explains what that change will mean in practice over the next few years.

“As a regulator, we’ll obviously still have specific processes we expect people to follow, but we’ll be much more concerned about the outcome that we’re trying to achieve, and we’ll make decisions based on that demand,” he says.

“To make that shift, we need to understand our data. We need to have the right level of automation to explore information, measure outcomes, and deliver those outcomes with industry and other government bodies interested in pensions. We imagine a future world in which information flows between organisations.”

A historian by education, Neville entered the world of business as the internet boom gathered pace in the 1990s. Describing himself as a self-taught digital leader, he developed his skills in the commercial sector at blue-chip companies such as Sky and BT, and with startups and smaller businesses.

His transformation work in larger firms focused on delivering big technology-enabled change programmes, centred on boosting customer experiences. Mid-career, he decided to apply those skills for public benefit and worked as a consultant for two major charities, Marie Curie and Macmillan, helping those organisations to transform digitally.

Neville then turned to the public sector to apply his skills in another for-good area. He worked in digital leadership roles at the London Borough of Waltham Forest, UK Export Finance and Enfield Council, before joining TPR in October 2023. Neville reflects on this final move.

“It was the opportunity to take all of that experience and deliver on a national scale and impact everybody, because almost everyone has a pension, and the opportunity to make that process work for the citizens of this country, and make a difference for people in retirement, is a massive issue,” he says.

“Secondly, the chief executive, my boss, Nausicaa Delfas, was setting up an opportunity to change, not only TPR, but the pensions industry, so the role felt like a chance to be a central part of that journey, because not every CIO gets to sit on the board of an organisation.”

Transforming processes

Neville reflects on the transformation journey at TPR, saying it’s been an exciting ride: “Everyone on the executive board is aligned on the fact that digital, data and technology are the key enablers for helping us change as an organisation, and also helping the pensions industry transform.”

Late last year, Neville launched a digital, data and technology strategy, a set of missions over a five-year plan to renew TPR’s capabilities, embracing new ways of working, driving efficiency, automation and innovation. In March this year, he launched the data component of the strategy, which establishes a collaborative plan to drive adoption of new data technologies and standards.

“I am proud of that strategic work,” he says. “That effort includes strengthening our technology foundations, improving our capability in terms of automation, and making sure we have the skills in my team to develop the future. We’ve hired quite a lot of people and also consolidated similar skills across the organisation, and that’s enabled us to deliver more and save money on suppliers, because we’ve done a lot in-house.”

Neville says the projects his team has worked on include delivering artificial intelligence (AI) tools that help increase automation. They’ve also focused on improving cyber security and data governance to ensure safe and secure access to high-quality internal information.

The team also recently launched an innovation service to foster conversations with industry stakeholders. Neville says TPR is encouraging and enabling people and organisations to think differently about the services they deliver to their customers and the benefits they provide.

“That’s just a small selection of the things we’ve done so far,” he says. “We’ve got just under four years left of the plan. There’s a lot more we want to do, but we have built the confidence, both internally and externally, that we are a different TPR and we can deliver. That encourages everyone in our industry to think differently as well.”

Building foundations

Neville says the transformation work enabled through the strategy so far is focused on building the right technological foundations at TPR.

In addition to cyber security and data governance projects, his team has focused on service management initiatives that help TPR rationalise its application estate. The organisation has adopted an agile, product-based approach to deliver reusable capabilities for flexible services in key areas related to pensions governance within the organisation and externally.

TPR is also making progress on automation, including in case management. He inherited a situation where cases were often managed on spreadsheets or via one-off technology solutions. In short, nothing was joined up. Neville is using automation, via Microsoft Dynamics 365, to take a different approach.

“Everyone on the executive board is aligned on the fact that digital, data and technology are the key enablers for helping us change as an organisation, and also helping the pensions industry transform”

Paul Neville, The Pensions Regulator

“We’re delivering a single case management system,” he says. “We are working to make sure the process is streamlined, so we’re thinking about the business process first. By taking that approach, we can deliver in an agile and iterative way. Where we’ve already rolled that technology out, we’ve delivered productivity savings of around 60%.”

Neville expects the progress made through case management automation to be repeated in other areas. As automation takes hold in the organisation, he anticipates people will spend less time on paperwork and more time delivering better services.

Given the developments in the technology sector during the past few years, AI is playing a key role.

“We are deploying AI to specific use cases,” he says. “I’ve got a fantastic data science team, who are developing lots of very clever tools for us.”

Embracing AI

Neville says the next two years will be spent honing these technology initiatives and delivering tangible results.

Critical projects include implementing organisation-wide access to data via Dynamics 365 services and completing transformation projects in core areas, such as cyber security and data governance. It’s these foundations and the application of emerging technology that will help TPR transform from a compliance-based to a risk-based regulator.

Two years from now, Neville expects all foundational work, from case management to customer relationship management (CRM) systems, will be embedded within the organisation. On these foundations, employees will use AI-enabled tools to boost their working processes.

“That preparatory work will enable us in the future to create more customer-facing digital capabilities,” he says.

One example of where TPR is applying AI is analysing online news sites to scan for potential risks in pension schemes. Neville saw AI could provide a helping hand to what is currently a manually intensive process.

“That’s a great example, because many pension schemes don’t have the same name as the provider,” he says. “The technology does quite a lot of joining up behind the scenes to make that process work.”

Another example is using AI to analyse Task Force on Climate-Related Financial Disclosures (TCFD) statements, which organisations must submit to comply with legislation. Once again, generative technology – in the form of OpenAI and Microsoft Azure technology – is helping TPR staff summarise lengthy prose and create insights as a basis for intervention when required.

“Those are just two examples,” says Neville. “We’ve got other risk tools that we’re using. We are also rolling out Copilot internally, and we’re in the middle of our plan for that technology. We’re trialling GitHub Copilot for our developers, and they’re starting to write test scripts, which is fun. We’re still at the beginning of this work, as are lots of people, but these projects are a taster of what we want to achieve.”

Solving challenges

Neville says the result of this work will be that the future TPR will have an operating environment that differs greatly from its traditional, manually intensive processes. Today, the organisation maintains a digital portal, where people send, for example, pension scheme returns as part of a large, intensive data upload. Neville foresees a better approach.

We need to understand our data, and so does the industry. The firms need to provide better customer experiences for people, like you and me, who have pensions Paul Neville, The Pensions Regulator

“There won’t necessarily be a scheme return like you see today, because we will have the information we need, and organisations across the industry will be more digitally enabled, so they’re able to drive the kind of innovation and competition in the market that will benefit savers, people with pensions and employers that offer pensions,” he says.

This new level of digital interaction will make it easier for TPR and organisations in the pensions sector to tackle some of the thorny issues of the day. One of these issues is adequacy, or the extent to which people save enough money in pension schemes for their retirement.

“We need to understand our data, and so does the industry. The firms need to provide better customer experiences for people, like you and me, who have pensions. By driving a customer focus, we think the industry will perform better,” he says.

“We may even feel a bit like a fintech as an organisation, because we’ll be enabling innovation. Technology will produce the insights we need to work with the industry. So, we could be operating in a completely different world, which drives innovation and change for everyone.”

Neville continues to seek ways to push transformation forward. He recently helped launch the Pensions Data and Digital Working Group, which will help ensure TFP and the pension industry work together to embrace digital, data and technology and achieve the digitalisation and automation aims outlined in the five-year strategy.

“The working group has 15 members,” he says. “It represents a cross-section of people from different parts of industry, so trustees, actuaries, lawyers, but also people from more technical backgrounds as well. It’s about getting all kinds of people involved to help solve the problems and move to this new world.”

Source

A remote code execution (RCE) vulnerability in the React JavaScript library, which earlier today caused disruption across the internet as Cloudflare pushed mitigations live on its network, is now being exploited by multiple threat actors at scale, according to reports.

Maintained by Meta, React is an open source resource designed to enable developers to build user interfaces for both native and web applications.

The vulnerability in question, assigned CVE-2025-55182 and dubbed React2Shell by the cyber community, is a critically scored pre-authentication RCE flaw in versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0 of React Server Components that exploits a flaw in how they decode payloads sent to React Function Endpoints.

This means that by crafting a malicious HTTP request to a Server Function endpoint, this means a threat actor could gain the ability to run arbitrary code on the target server.

It was added to the US’s Cybersecurity and Infrastructure Security Agency’s catalogue on Friday 5 December, and according to Amazon Web Services (AWS) chief information security officer and vice-president of security engineering, CJ Moses, the chief culprits behind the rapid exploitation are thought to be China-nexus threat actors.

Moses cautioned that China’s habit of running shared, large-scale anonymisation infrastructure for multiple state-backed threat actors made definitive attribution challenging, however, following disclosure on Wednesday 3 December, groups tracked as Earth Lamia and Jackpot Panda were observed taking advantage of React2Shell.

“China continues to be the most prolific source of state-sponsored cyber threat activity, with threat actors routinely operationalising public exploits within hours or days of disclosure,” he wrote. “Through monitoring in our AWS MadPot honeypot infrastructure, Amazon threat intelligence teams have identified both known groups and previously untracked threat clusters attempting to exploit CVE-2025-55182.”

Earth Lamia is well-known for exploiting web application vulnerabilities against organisations primarily located in Latin America, the Middle East and Southeast Asia, with a particular focus on educational institutions, financial services organisations, government bodies, IT companies, logistics firms and retailers.

Jackpot Panda, according to AWS, targets its activity at entities in East and Southeast Asia, with its operations aligning to China’s goals relating to corruption and domestic security.

Massive attack

With reports suggesting there may be over 950,000 servers running vulnerable frameworks such as React and Next.js, Radware threat researchers warned of a massive potential attack surface.

React and Next.js are both well-used thanks to their efficiency and flexibility, while robust ecosystems make them a default choice for many developers – and as such they are found under the bonnet everywhere, from mobile apps and consumer-facing websites to enterprise-grade platforms, said Radware.

“This widespread reliance means a single critical flaw can have cascading consequences for a significant portion of modern web infrastructure,” the Radware team said. “A substantial number of applications across public and private clouds are immediately exploitable, necessitating urgent and widespread action.”

Michael Bell, founder and CEO of Suzu Labs, a penetration testing and AI security specialist, said that hours from disclosure to active exploitation by nation-state actors was the new normal, and matters would likely get worse.

“China-nexus groups have industrialised their vulnerability response: they monitor disclosures, grab public PoCs – even broken ones – and spray them at scale before most organisations have finished reading the advisory,” he said.

“AWS’s report showing attackers debugging exploits in real-time against honeypots demonstrates this isn’t automated scanning; it’s hands-on-keyboard operators racing to establish persistence before patches roll out,” said Bell. “With AI tools increasingly capable of parsing vulnerability disclosures and generating exploit code, expect the window between disclosure and weaponisation to shrink from hours to minutes.”

He added that the earlier Cloudflare outage in service of an emergency patch “tells you everything about the severity calculus here”.

Source