reporter

New and old adventures are coming for Lara Croft fans the next two years.View the full article

A second new class will also be included in the expansion, which focuses on the fight against Mephisto.View the full article

Time to go back to the Oldest House.View the full article

A new Star Wars adventure will take players back into the heyday of the Republic.View the full article

Tools for Humanity, the company behind the app, is seeking to expand its "real human network."View the full article

Rivian's details its plans to bring more AI and hands-free autonomous driving features to current and future R1 and R2 EV owners.View the full article

OpenAI is preparing for the possibility that threat groups will try to abuse its increasingly powerful AI frontier models to carry out sophisticated cyberattacks. In a blog, the company describes how the evolving capabilities of its models could be used to “develop working zero-day remote exploits against well-defended systems, or meaningfully assist with complex, stealthy enterprise or industrial intrusion operations aimed at real-world effects.” According to OpenAI, the underlying problem is that offensive and defensive uses of AI rely on the same knowledge and techniques. This makes it challenging to enable one without making possible the other. “We are investing in safeguards to help ensure these powerful capabilities primarily benefit defensive uses and limit uplift for malicious purposes,” the company said, adding, “we see this work not as a one-time effort, but as a sustained, long-term investment in giving defenders an advantage and continually strengthening the security posture of the critical infrastructure across the broader ecosystem.” One new initiative is the Frontier Risk Council. The company offered few details of how this will operate, but said it was part of an expanding “defense in depth” strategy designed to contain the widely-speculated potential of AI as an adversarial tool. “Members will advise on the boundary between useful, responsible capability and potential misuse, and these learnings will directly inform our evaluations and safeguards. We will share more on the council soon” OpenAI said. Other initiatives mentioned in the blog include expanding guardrails against misuse, external Red Team testing to assess model security, and a trusted access program designed to give qualifying customers access to enhanced models to explore defensive use cases. OpenAI also plans to expand its use of its recently announced Aardvark Agentic Security Researcher scanning tool beta to identify vulnerabilities in its codebase and suggest patches or mitigations. Red Teaming AI AI companies find themselves under increasing pressure to explain how they will block model misuse. The anxiety is not hypothetical; last month, OpenAI rival Anthropic admitted that its AI programming tool, Claude Code, had been used as part of a cyberattack targeting 30 organizations, the first time malicious AI exploitation has been discovered on this scale. Meanwhile, university researchers in the US reported this week that the Artemis AI research platform outperformed nine out of ten penetration testers at finding security vulnerabilities. As the team pointed out, it did this at a fraction of the cost of a human researcher, potentially expanding access to such capabilities beyond well-resourced criminals. Balancing this is the possibility that defenders could use AI to find the same vulnerabilities. OpenAI’s blog alludes to this capability when it mentions testing its models against the Red Teaming Network it announced two years ago. The reaction of industry experts to OpenAI’s latest announcement has been mixed. A recurring worry is the inherent difficulty of stopping malicious use of leading models. “OpenAI is asking models to constrain their own capabilities through refusal training, which can be compared to asking a lock to decide when it should open,” commented Jesse Williams, co-founder and COO of AI agent DevOps company, Jozu. In effect, the model, not its human authors, defines what is harmful. “The distinction is intent and authorization, which models cannot infer from prompts. Jailbreaks consistently defeat refusal training, and sophisticated adversaries will probe detection boundaries and route around them. Safeguards reduce casual misuse, but won’t stop determined threats,” said Williams. “OpenAI’s ‘trusted access program’ sounds reasonable until you examine implementation. Who qualifies as trusted? University researchers? Defense contractors? Foreign SOC analysts?” Even with guardrails, AI safety can’t be guaranteed, Rob Lee, chief AI officer at the SANS Institute, observed. “Last month, Anthropic disclosed that attackers used Claude Code, a public model with guardrails, to execute 80-90% of a state-sponsored cyberattack autonomously. They bypassed the safety controls by breaking tasks into innocent-looking requests and claiming to be a legitimate security firm. The AI wrote exploit code, harvested credentials, and exfiltrated data while humans basically supervised from the couch,” he pointed out. “That’s the model with guardrails. But if you’re [a villain] and you want your AI Minions to be as evil as possible, you just spin up your own unguardrailed model,” he said. “[There are] plenty of open-weight options out there with no ethics training, no safety controls, and nobody watching. Evil will use evil. … OpenAI’s safety frameworks only constrain the people who weren’t going to attack you anyway.” Not all experts are this pessimistic. According to Allan Liska, threat intelligence analyst at Recorded Future, it is important not to exaggerate the threat posed by AI. “While we have reported an uptick in interest and capabilities of both nation-state and cybercriminal threat actors when it comes to AI usage, these threats do not exceed the ability of organizations following best security practices,” said Liska. “That may change in the future, however, at this moment it is more important than ever to understand the difference between hype and reality when it comes to AI and other threats.” A previous version of this story contained comments incorrectly attributed to Rob Lee, which have been replaced with the correct remarks. View the full article

OpenAI is preparing for the possibility that threat groups will try to abuse its increasingly powerful AI frontier models to carry out sophisticated cyberattacks. In a blog, the company describes how the evolving capabilities of its models could be used to “develop working zero-day remote exploits against well-defended systems, or meaningfully assist with complex, stealthy enterprise or industrial intrusion operations aimed at real-world effects.” According to OpenAI, the underlying problem is that offensive and defensive uses of AI rely on the same knowledge and techniques. This makes it challenging to enable one without making possible the other. “We are investing in safeguards to help ensure these powerful capabilities primarily benefit defensive uses and limit uplift for malicious purposes,” the company said, adding, “we see this work not as a one-time effort, but as a sustained, long-term investment in giving defenders an advantage and continually strengthening the security posture of the critical infrastructure across the broader ecosystem.” One new initiative is the Frontier Risk Council. The company offered few details of how this will operate, but said it was part of an expanding “defense in depth” strategy designed to contain the widely-speculated potential of AI as an adversarial tool. “Members will advise on the boundary between useful, responsible capability and potential misuse, and these learnings will directly inform our evaluations and safeguards. We will share more on the council soon” OpenAI said. Other initiatives mentioned in the blog include expanding guardrails against misuse, external Red Team testing to assess model security, and a trusted access program designed to give qualifying customers access to enhanced models to explore defensive use cases. OpenAI also plans to expand its use of its recently announced Aardvark Agentic Security Researcher scanning tool beta to identify vulnerabilities in its codebase and suggest patches or mitigations. Red Teaming AI AI companies find themselves under increasing pressure to explain how they will block model misuse. The anxiety is not hypothetical; last month, OpenAI rival Anthropic admitted that its AI programming tool, Claude Code, had been used as part of a cyberattack targeting 30 organizations, the first time malicious AI exploitation has been discovered on this scale. Meanwhile, university researchers in the US reported this week that the Artemis AI research platform outperformed nine out of ten penetration testers at finding security vulnerabilities. As the team pointed out, it did this at a fraction of the cost of a human researcher, potentially expanding access to such capabilities beyond well-resourced criminals. Balancing this is the possibility that defenders could use AI to find the same vulnerabilities. OpenAI’s blog alludes to this capability when it mentions testing its models against the Red Teaming Network it announced two years ago. The reaction of industry experts to OpenAI’s latest announcement has been mixed. A recurring worry is the inherent difficulty of stopping malicious use of leading models. “OpenAI is asking models to constrain their own capabilities through refusal training, which can be compared to asking a lock to decide when it should open,” commented Jesse Williams, co-founder and COO of AI agent DevOps company, Jozu. In effect, the model, not its human authors, defines what is harmful. “The distinction is intent and authorization, which models cannot infer from prompts. Jailbreaks consistently defeat refusal training, and sophisticated adversaries will probe detection boundaries and route around them. Safeguards reduce casual misuse, but won’t stop determined threats,” said Williams. “OpenAI’s ‘trusted access program’ sounds reasonable until you examine implementation. Who qualifies as trusted? University researchers? Defense contractors? Foreign SOC analysts?” According to Rob Lee, chief AI officer at the SANS Institute, the problem of AI misuse can’t be solved by one company on its own – not even the mighty OpenAI. “Companies are pushing models that can autonomously discover or weaponize vulnerabilities, but the global safety ecosystem — governments, frontier labs, researchers, and standards bodies — is fragmented and uncoordinated,” said Lee. “The result is a widening gap where speed becomes its own vulnerability, creating conditions for cascading failures across infrastructure, finance, healthcare, and critical systems.” Not all experts are this pessimistic. According to Allan Liska, threat intelligence analyst at Recorded Future, it is important not to exaggerate the threat posed by AI. “While we have reported an uptick in interest and capabilities of both nation-state and cybercriminal threat actors when it comes to AI usage, these threats do not exceed the ability of organizations following best security practices,” said Liska. “That may change in the future, however, at this moment it is more important than ever to understand the difference between hype and reality when it comes to AI and other threats.” View the full article

Android players can grab their devices and head back to the island.View the full article

The order creates an Justice Department task force to challenge state AI laws, and directs the Commerce Department to pull future broadband funding from states that pass “onerous” legislation.View the full article

His reporting on a Stanford University president put Theo Baker on the map, but his upcoming book may cement his reputation as the rare young journalist willing to challenge Silicon Valley's startup machine.View the full article

Although Sonic is our top choice for ISPs in San Francisco, there are plenty of other strong options in the area.View the full article

A new variation of the ClickFix scam tries to get around phishing defenses by capturing an employee’s OAuth authentication token for Microsoft logins. Researchers at Push Security this week outlined the tactic, which they call ConsentFix, in a blog, calling it “a dangerous evolution of ClickFix and consent phishing that is incredibly hard for traditional security tools to detect and block.” Generally ClickFix attacks display a fake error or counterfeit CAPTCHA verification to a user to get them to copy, paste and execute malicious commands on their devices. What’s new in a ConsentFix attack is that the attack happens entirely inside a browser, say the researchers, which removes one of the key detection opportunities because the attack doesn’t touch an endpoint. The attack starts with a victim coming across a legitimate but compromised website they are looking for in a Google search, which completely circumvents email-based anti-phishing controls. Going to the site triggers a fake Cloudflare CAPTCHA-like verification page asking the victim to enter their business email address to prove they’re human. Doing so makes a Microsoft login page pop up which includes a legitimate URL, based on the victim’s email address, that would contain an OAuth token. The victim is asked to copy and paste that URL into a field, again, to verify they are human. The URL is captured by the threat actor, at which point the victim has granted the attacker access to their Microsoft account via Azure’s command line interface, say the researchers. “At this point, the attacker has effective control of the victim’s Microsoft account, but without ever needing to phish a password, or pass an MFA (multifactor authentication) check,” says Push Security. “In fact, if the user was already logged in to their Microsoft account (i.e. they had an active session) no login is required at all.” Christopher Kayser, social engineering expert and president of Canadian-based firm Cybercrime Analytics, says the attack plays on two tactics favored by threat actors: obedience (cut and paste this URL) and trust (this looks like a Microsoft login page). “People think because they are on a trusted [Microsoft] platform that this is OK,” he said in an interview. But this attack also shows the failures of security awareness training that many organizations perform. If training is effective, employees should suspect there’s something wrong when an app asks for a business email address to confirm they are human, he said, and know that it’s suspicious when they’re asked to cut and paste anything online as a way of proving they are human. “This is an incredibly new, innovative attack method,” commented Roger Grimes, data-driven defense CISO advisor at KnowBe4. “It’s almost unfair to classify it as a Clickfix subvariant, even though it is.” However, the odds an employee will copy a long URL string as a test of their humanity has to be very, very low, he added. “It screams different and scammy even to the most unknowledgeable user. Can you see your grandparents doing this? Not me. But I’m sure some people do do it, or else the scammers would not try it,” he said. “My guess is that its rate of success is so, so low that it doesn’t become a popular scam method that most of us need to worry about,” he said. “What we do need to communicate to users is how often Cloudflare’s brand is being used in social engineering scams, and what the correct Cloudflare authentication/validation looks like. The Cloudflare CAPTCHA check has become the fake antivirus screen of today’s world.” Organizations must recognize that the ConsentFix attack highlights the dangers of implicit trust in first-party applications, and in the continued use of legacy OAuth scopes, said Avivah Litan, lead analyst for AI trust, risk and security management at Gartner. These include older permission sets within Microsoft Entra ID that grant broad access and are not subject to modern security controls or monitoring. “Attackers exploit these legacy scopes to enumerate directory data, meaning they can systematically retrieve and map out user accounts, groups, and other directory objects within the organization,” she said. “This reconnaissance enables attackers to identify high-value targets and plan further attacks, all without triggering alerts that would be associated with newer, more tightly controlled permissions.” The most effective mitigation strategy to this kind of attack is a combination of robust monitoring, strengthened consent governance and real-time user protection, Litan noted. “By addressing these foundational issues — specifically, by limiting the use of legacy OAuth scopes, tightening consent processes for all applications, and deploying browser-based security — enterprises can substantially reduce the risk of unauthorized access resulting from OAuth consent abuse and enhance their overall identity security posture.” Push Security notes that the attack could be successful because targeting a first-party app like Azure CLI means that many of the mitigating controls available for third-party app integrations don’t apply. Because there’s no login required, phishing-resistant authentication controls like passkeys have no impact on this attack, the researchers add. And the use of advanced detection evasion techniques makes this attack difficult to investigate, meaning these attacks are going undetected. One of the problems is that most security awareness training isn’t doing enough to lower the odds of employees falling for phishing scams, said Kayser. He cited a study of phishing messages sent to employees at a California hospital over a period of eight months. Those who had taken a cybersecurity awareness course were just as likely to have fallen for a phishing message as those who didn’t, he said. Training often fails because instructors talk too much in technical terms, he said. Instead they should explain attacks, how they work and how to recognize them. “If you can explain to people what’s going on, that sticks,” he maintained. View the full article

For the first time, developers can embed Google's Deep Research tool, based on Gemini 3 Pro, into their own apps.View the full article

Apple is working on a smart home hub that will rely heavily on the more capable version of Siri that's coming next year. We've heard quite a bit about the hub over the last two years, but a recent iOS 26 code leak provides additional insight into what we can expect and confirms rumored features. Macworld claims to have access to an internal version of ‌iOS 26‌ that references several upcoming Apple devices, including the home hub. The site said that the code hints at these options: Camera - The device will have a camera, but it will be limited to 1080p. Face ID - The home hub will use Face ID for authentication and to identify who is in a room. Profile switching - With the ‌Face ID‌ feature, the home hub will be able to switch to the profile for the person in the home who is interacting with the device. Apple engineers are apparently using an app to test the accuracy of the system. Apple Intelligence - It will support Apple Intelligence and the new version of ‌Siri‌. Other rumors suggest that the home hub will be something of a cross between an iPad and a HomePod. It will have a square-shaped screen that's around seven inches, and an optional speaker base. We're expecting the home hub to launch right around the time that the new version of ‌Siri‌ comes out in iOS 26.4, likely March or April. Macworld also spotted signs of another device, identified as J229. This is apparently a "never-before-seen product" that has multiple sensors that can detect alarm sounds and capture images, but it is an accessory rather than a standalone device. Apple is rumored to be working on a home security camera to go along with the home hub. There's no word on when the camera could launch.Tag: Apple Command Center This article, "iOS 26 Code Leak Reveals Apple Smart Home Hub Details" first appeared on MacRumors.com Discuss this article in our forums View the full article

Chicago has fast, reliable and affordable internet options galore. Here are our CNET's broadband experts' top picks.View the full article

The refined Google shopping feature now works without a full-body photo. Instead, it generates one virtually.View the full article

The Amazon-owned streamer has some of the best sci-fi shows around.View the full article

Just a month after introducing GPT 5.1, OpenAI introduced GPT-5.2, the next-generation model that will power its popular chatbot. GPT-5.2 is OpenAI's "most capable model series yet for professional knowledge work." GPT-5.2 is designed to help people get more done quicker. It's better at creating spreadsheets, building presentations, writing code, perceiving images, understanding long context, using tools, and completing multi-step projects. The new model offers improved general intelligence, long-context understanding, agentic tool-calling, and vision, so it is ideal for real-world, professional use. GPT-5.2 Thinking hallucinates less than GPT-5.1 Thinking, and responses with errors were 30 percent less common. Long context capabilities have improved, and it is able to handle reports, contracts, papers, and multi-file projects, maintaining accuracy across hundreds of thousands of tokens. It is also better at interpreting screenshots, technical diagrams, and visual reports. OpenAI says that GPT-5.2 outperforms industry professionals at knowledge work tasks spanning 44 occupations, with the model scoring 70.9 percent on the GDPval test. GPT-5.1 scored 38.8 percent on that benchmark, and it is OpenAI's first model that performs at or above a human expert level. For ChatGPT users, GPT-5.2 will feel more structured and reliable, and it will have a warmer, more conversational tone. OpenAI says GPT-5.2 Instant is a capable workhorse for everyday work, with improvements in info-seeking questions, how tos and walkthroughs, technical writing, and translation. GPT-5.2 Thinking is meant for more complex tasks, like summarizing long documents, coding, answering questions about uploaded files, and planning decisions. GPT-5.2 Pro is ideal for difficult questions where a higher-quality answer is worth waiting for. GPT-5.2 Instant, Thinking, and Pro are rolling out today in ChatGPT to paid users. The API is available to all developers. OpenAI's next-generation model comes just a week after CEO Sam Altman declared a "code red," asking employees to focus on improving ChatGPT so it doesn't fall behind competitors like Google's Gemini and Anthropic's Claude. Tags: ChatGPT, OpenAI This article, "OpenAI Launches GPT-5.2 for ChatGPT Users a Week After Declaring 'Code Red'" first appeared on MacRumors.com Discuss this article in our forums View the full article

Anker is well-known for its charging accessories, including the Solix line of high-capacity power stations. Earlier this year, Anker came out with a new Solix C1000 Gen 2 Portable Power Station, which I've been testing for the last several months. The C1000 has your standard power station aesthetic, made from durable black and gray plastic. It has two handles at the sides, which makes it simple to distribute the weight across two hands, along with fan grilles and an LED display that shows the current power level and the power draw of anything that's plugged in. Rubber feet at all four corners ensure that it remains stable. There's no revolutionary design here, but the Solix C1000 looks and feels rugged. Curves at the corners make it feel a little more modern than some other power stations, and while it's not waterproof, you can get a protective carrying case that keeps it safe from moisture. It's 25 pounds, so it's probably not a battery that you're going to want to be lugging to the beach or the park, but it is good for all-day power if you're in a location where dragging around 25 pounds isn't a hassle. It isn't overly large, measuring in at 15 inches by 8.2 inches by 9.6 inches. At the front, there are five AC outlets, two 140W USB-C ports, one 15W USB-C port, and a 12W USB-A port. I appreciate that Anker is phasing out USB-A and only included a single USB-A port, because USB-A connectors are growing more uncommon. In the future, you may have no USB-A devices at all, so you won't have several wasted ports. 140W USB-C should also be good for years to come. There's a charging port at the side, a solar input port, and a 12V car port. I like the port arrangement, and was fine with all of the AC ports on the front, but spacing could be an issue if you want to plug in multiple devices with large plugs. For the AC outlet, you need to turn on AC power manually, a feature that exists to prevent battery drain when idle. This is a 1024-watt-hour battery with support for devices that draw up to 2000W, though it does support 3000W peak output. It should be able to handle almost any small appliance, including refrigerators, TVs (even large screen), heaters, portable air conditioners, lights, coffee makers, microwaves, medical devices, aquarium and animal setups, and tools that require a lot of power. I tested it up to 1500W and it worked with no issue. It uses lithium iron phosphate (LiFePO4) technology, which is what you want for a power station because LiFePO4 batteries are safe and last for more charge cycles. The C1000 is able to hold a charge in standby mode for a long time, which is great if you want to have a battery on hand for the occasional power outage. I charged it to full and left it powered off for a month, and it remained at 100 percent when I turned it back on at the end of the test. It's probably better to store it at around 80 percent capacity, but the point is you can charge it up, tuck it in a closet, and pull it out months later to use it in an emergency. The C1000's 1024 Wh capacity is enough to charge an iPhone dozens of times. Charging my iPhone 17 Pro Max from 0 to 80 dropped the battery level from 53 percent to 51 percent, which is only a two percent hit. Subsequent testing consistently used between 2 and 3 percent for ‌iPhone‌ charging. You can get fewer full MacBook charges, but it's still enough to keep multiple people up and running for a couple days. Charging my MacBook Pro from 0 to 100 percent dropped the battery from 100 to 88 percent, and charging my MacBook Air from 0 to 100 percent dropped the battery from 100 to 90 percent. It was able to run my ‌MacBook Pro‌ for a full 8-hour work day, doing day-to-day tasks like writing. I started at 76 percent and ended at 57 percent. It lasted almost 24 hours running my full Mac setup, which included my ‌MacBook Pro‌, Studio Display, three LED lights, and a phone charger. That does include around 10 hours of time where the MacBook and display were in rest mode, but it is more than capable of supporting a full work setup for a day or two. What's great about the C1000 is that it tells you exactly how long it will last based on the power draw of what's plugged in. On the LED, you'll see an estimated readout. It predicted around 14 hours of usage for my 67W ‌MacBook Air‌, which was accurate. It's not going to last super long when using high power devices like a microwave, but you often aren't using high power accessories for very long. It can run a mini heater, but those often range from 750W to 1500W, so it would last around an hour. For something like a mini fridge, though, you would be able to run it for several days. The C1000 is able to charge quickly, which has the potential to be useful when you're in a hurry. It can recharge to full in 49 minutes from a standard household plug, drawing around 1200W to do so (Anker says it can go up to 1600W, but you need to enable it). When it is under that kind of load, the fans kick on, and the fans are loud. I wouldn't be able to sleep with the fans on that high, and it's definitely a loud, irritating fan noise when going full blast. Luckily, the fans only come on at that level when it's under heavy load, and charging doesn't take too long. It also can't run high watt devices for super long, and it's much more tolerable at lower power levels. When charging small devices, it's near silent. You can connect the C1000 to a car or to solar panels to charge it up. For solar, charging times vary based on the size of the panel, the number of panels, and the available light. It can accept up to 600W through the solar input. For devices where you might like a backup feature that activates automatically in a power outage, the C1000 supports that. It has a UPS system with a sub 10ms switchover time. So if you plug something like a CPAP machine into the C1000 then plug the power station into power, the C1000 will come on right away when there's an outage. Anker has an app that connects to the C1000 over Wi-Fi or Bluetooth. You can use the app to check power level, power draw, and time remaining when a device is plugged in. You can also turn on the AC output or car charger output from the app, and fine tune controls like charging power, device timeout, charging and discharging limits, and more. It delivers new firmware too, which I struggled with. For several days, the firmware update kept failing, but it worked flawlessly later on, so I'm not sure what the issue was. Bottom Line This is a well made power station that's versatile thanks to its 1024 Wh capacity and the ability to support devices up to 2000W. It's a good home backup battery to have on hand in case of an emergency, but it also works well for camping, short trips where you need power, medical devices, and powering tools. I keep a battery like this one in two closets in my house so they're accessible, and I also like to pull out a large power stations when I need to operate a corded tool like a sander or a bright light in an area where I don't have a plug. That's been one of the more compelling use cases for me. The C1000 can be loud when it's charging or powering appliances that have high energy draw, but that's about the only downside I found during testing. How to Buy The Solix C1000 Gen 2 Portable Power Station is currently available for $372, which is more than half off its MSRP. It can be purchased from the Anker website or from Amazon.com. Note: Anker provided MacRumors with a C1000 for the purpose of this review. No other compensation was received.Tag: Anker This article, "Review: Anker Solix C1000 Gen 2 is a Mid-Size Power Station With Fast Charging" first appeared on MacRumors.com Discuss this article in our forums View the full article

I've tested dozens of Bluetooth boom boxes and portable party speakers. Here are my current top picks that really can crank the sound at your next fiesta, whether it's by the pool, at the beach or in the parking lot pre-game.View the full article

The founder of Terraform Labs was sentenced today for lying about ‘experimental’ coins that blew a $40 billion hole in the crypto economy.View the full article

iPad users also won't need to go elsewhere for their AI needs.View the full article

Experts tell US lawmakers that a crucial spy program’s safeguards are failing, allowing intel agencies deeper, unconstrained access to Americans’ data.View the full article

At an FDA discussion of testosterone replacement therapy, a top official called for special health centers to address a “men’s health crisis.” Others called to ease men's access to hormones.View the full article