News

• Researchers spot cybercriminals abuse bug to access a cloud Linux server
• The hackers then proceeded to patch the flaw, closing the doors behind them
• There could be different reasons for fixing flaws

A hacker was recently spotted patching someone’s vulnerable cloud Linux instance - but they did not do it out of the goodness of their heart.

Security researchers Red Canary observed a threat actor abusing a maximum severity flaw, tracked as CVE-2023-46604, to break into a cloud Linux system.

The vulnerability is found in Apache ActiveMQ, and grants persistent access, among other things - but however, after breaking in, they patched the bug, essentially locking the doors behind them.

Red Canary argues that there are different reasons why a cybercriminal might fix a problem after exploiting it, including locking out other adversaries, or hiding their tracks.

The latter makes a lot of sense, especially knowing that cybercriminals often fight for control over different compromised endpoints.

Besides patching the flaw, the hackers did a number of things, including installing the Sliver implant, which granted them unrestricted access to the system.

They also modified the existing sshd configuration file to enable root login, and after that installed a previously unknown downloader that Red Canary named “DripDropper”.

The downloader itself is rather advanced, requiring a password to run, which hinders sandbox analysis.

It communicates with the threat actors via a Dropbox account that has hardcoded bearer tokens, and since Dropbox and similar platforms (Telegram, or Discord) are not malicious by nature, the traffic blends in and is harder to spot. Finally, DripDropper is most likely used to deploy two separate pieces of malware.

Red Canary says that vulnerable web servers are one of the most common initial access vectors to Linux systems.

“Given the prevalence of *NIX-based, or Unix-like systems in modern infrastructure, particularly in rapidly expanding cloud environments, ensuring they’re protected is essential,” the researchers said.

“This requires the development of specialized incident response strategies tailored to the complexities of both cloud architectures and Linux environments and ensuring defenders are equipped with effective, actionable guidance to safeguard these critical assets."

• A new Linux backdoor is hitting US universities and governments
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

There’s a quiet but profound transformation underway in how businesses interact with backend systems. It’s not a flashy app or piece of consumer technology - it’s happening at the infrastructure level, where machine learning, automation, and natural language processing are beginning to rewrite how software is built, configured, and controlled.

At the heart of this shift is Machine Communication Protocol (MCP), a new approach being pioneered by fintech leaders like Stripe and Adyen. MCP allows large language models (LLMs) to interact directly with APIs - automating the translation of human intent into technical execution. It’s a change that could streamline how software engineering teams operate, empower business users, and reduce the friction between what people want and what systems deliver.

Although the idea sounds abstract, it’s already being tested in a very practical context: payments. The infrastructure behind every transaction is now where we’re seeing some of the earliest, most meaningful applications of MCP. In this sense, payments teams are acting as canaries in the coal mine for a much broader shift across the software engineering world.

At its core, MCP is a way for LLMs - like ChatGPT - to interact with APIs on behalf of a user. Traditionally, if a business wanted to make a change to its backend system (say, issuing a payment link or modifying risk rules), someone - typically a developer - would have to write an API call, handle authentication, test responses, and integrate it into workflows.

With MCP, that integration layer is abstracted, and a user can issue a request in natural language - “Create a PayByLink for £100 in EUR” - and the LLM handles the translation, executes the API call, and returns the result. It can even ask follow-up questions to clarify intent. The entire interaction becomes conversational, not code based. Adyen recently demonstrated this in a proof-of-concept and Stripe launched a similar capability at its Sessions conference in May, positioning it as part of a longer-term bet on LLMs reshaping developer workflows.

For the user, it feels seamless. For the underlying system, it’s a major shift - automating the middle layer that once required deep technical fluency.

Payment systems are already heavily API-driven and deeply embedded in enterprise architecture. But despite their flexibility, they’ve historically been gated by technical teams. Every change - like adding ApplePay or updating parameters - requires someone in engineering to write code, test logic, and deploy updates.

That works, but it creates bottlenecks. In developer-centric environments like Stripe’s, MCP represents a way to streamline workflows. In enterprise-first setups like Adyen’s, it’s about empowering operations, product, and risk teams to make changes directly - without joining a development queue or waiting for a sprint cycle.

In both cases, MCP moves control closer to the people who understand the business problem - and speeds up the cycle from intent to execution.

MCP doesn’t just matter to payments - it’s an early example of something much bigger. It signals how software engineers and infrastructure management may evolve over the next few years.

MCP doesn’t eliminate the need for technical expertise. But it does change the role. Software engineers may move from executing tasks to supervising them - designing secure, auditable systems that allow AI agents to operate safely and effectively.

In that sense, MCP isn’t just a new interface - it’s a new paradigm. One that requires engineers to think like systems architects and strategic enablers, rather than gatekeepers of functionality.

Adyen’s POC is limited, Stripe’s implementation is still evolving, and right now, most MCP use cases are simple: generating a payment link, updating a rule, querying a transaction status, but it won’t stay that way for long.

MCP-based workflows could soon handle more complex interactions - onboarding new markets, configuring multi-step authentication, deploying checkout experiments, or dynamically routing transactions - all through natural language.

That won’t stop with payments. MCP could apply to any API-rich system: cloud infrastructure, observability platforms, compliance tooling, data pipelines. The building blocks are already there. The real question is how quickly engineering teams adapt.

The next phase of engineering won’t be about who can write the cleanest Python. It will be about who can define intent clearly, interpret outcomes effectively, and manage AI-driven systems responsibly.

MCP is just the beginning. The businesses - and engineers - that understand what it unlocks will be the ones shaping what comes next.

We've featured the best business intelligence platform.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

If you’ve been looking to upgrade your smart home, it looks like Philips will have you covered with a brand new Philips Hue Bridge Pro that boasts some impressive (in cases almost needlessly so) capabilities.

Signify, the company behind the Philips Hue brand, accidentally leaked the existence of the new Bridge a few days ago alongside spoilers for new lights and a wired video doorbell, but yet another leak – this time via Lowe's – has clued us into what upgrades the Bridge Pro boasts beyond general promises of it being faster and able to support more devices.

Lowe's runs a program called Loop, which gives customers free samples of new and pre-release tech, and it looks like one such item is the Philips Hue Hue Bridge Pro. Several people have shared images and asked questions about the product on social media – with one tester being completely unsure what to do with the new Bridge Pro as they have no Philips Hue smart lights. 9to5Google reports that some people have even taken to Facebook Marketplace to sell their Bridge Pros.

These shenanigans have given us some key details. Firstly, the Bridge Pro can supposedly support 150+ lights – a huge increase from the current limit of 50. That might seem like overkill for smaller homes, but will pique the interest of anyone who's currently using multiple Bridges to cover their whole house.

The Philips Hue Bridge Pro also promises to offer full home control, so you could rely on this Matter-compatible hub to manage more than just Philips Hue technology.

The other, much more interesting addition is Hue MotionAware tech, which promises to turn your lightbulbs into motion sensors. Exactly how this works hasn’t been revealed, so it’s not clear which Hue smart bulbs will support this upgrade, but it seems rooms with three bulbs or more will be able to detect people walking past and react accordingly.

It's possible that it might use something like the ambient sensing technology that the Communication Standards Alliance showed off in a video earlier this year. Ambient sensing is a use case built by a company called Ivani to demonstrate what's possible using the Zigbee wireless protocol (which is used by Philips Hue devices).

Now that would be smart, and might give me a reason to fill my home with smart bulbs.

Even with these serious leaks we should take details with a pinch of slat – though if you ask us it certainly seems it’s a matter of when not if Philips will debut the Bridge Pro.

IFA looks to be a likely event that'll happen – given the Berlin tech show is due in only a couple of weeks and Philips has debuted tech there before – but we’ll have to wait and see.

• Philips Hue bulb types explained: how to choose
• A free AI upgrade is rolling out for Philips Hue smart bulbs
• Philips Hue Twilight review: a beautiful wake-up light

• The ROG Xbox Ally and the ROG Xbox Ally X finally have their release date set for October 16, 2025
• Previous leaks suggested the devices would release on October 16, with pre-orders opening on August 20
• Pre-orders aren't live yet and pricing is unconfirmed, but should arrive in the coming weeks

It's been a long time coming, but the ROG Xbox Ally handhelds finally have a release date, after their initial announcement during the Xbox Showcase earlier in June.

The ROG Xbox Ally and ROG Xbox Ally X will both be available on October 16, 2025, launching in multiple regions, including the UK, Australia, and the US (the ROG Xbox Ally will launch in China early next year).

Pre-orders aren't live yet, and pricing is still unknown, despite recent leaks and rumors suggesting a price tag close to $1,000 for the ROG Xbox Ally X. Xbox says both of these details will be shared in the coming weeks, which could be an indication of pre-orders opening in September.

The leaks previously hinted at pre-orders going live on August 20. While this hasn't exactly panned out as suggested, it's the date that was expected for Xbox and Asus' announcement of a release date, and the rumor of an October 16 release date was spot on.

Xbox has also announced a 'Handheld Compatibility Program', which appears to follow in the footsteps of Valve's SteamOS and the Deck Verified system. This will help players identify which games are playable or compatible with their Xbox Ally device. It will also come alongside a feature called 'Windows Performance Fit' indicator, which will help 'reflect expected performance on their supported device'.

To ensure a console-like handheld experience, Xbox is using an Advanced Shader Delivery feature, built to preload any game shaders during downloads, to dive right into games once ready.

These features are expected to come alongside the 'full-screen experience' that is supposed to help streamline the handheld experience on Windows, without unnecessary background processes and more RAM for games.

• Microsoft's Windows 11 is a detriment to handheld gaming PCs – and a recent SteamOS comparison highlights that
• Microsoft's 'if you can't beat them, join them' approach to the threat of Steam in the new Xbox PC app is a great idea
• I don't see how Microsoft's Xbox PC app will win me over – especially when I'm obsessed with SteamOS

Just days after Samsung made its Samsung made its Galaxy Buds 3 FE official, Google’s ushering in a new pair of similarly affordable, value-oriented earbuds, and I got to briefly try them. That’s right, the Pixel Buds 2a are officially official with a much more compact carrying case and in-ear design that resembles the more expensive Pixel Buds 2 Pro.

Google’s Pixel Buds 2a are priced at $129 / £129 / AU$239 and are up for preorder right now. However, just like the just-announced Pixel Watch 4 or Pixel 10 Pro Fold, and even the Pixel Buds 2 Pro in 2024, these earbuds won’t ship until October. Specifically, October 9, 2025, is the Pixel Buds 2a’s actual launch and when deliveries are expected to begin.

Even with a long time to wait, there is a lot to like here, especially factoring in the price you pay.

It starts with the overall design. The Pixel Buds 2a take up less space than the original Pixel Buds A earbuds and were easy to place in my ears.

I especially like that the twistable stabilizer has trickled down from the Pixel Buds 2 Pro and allows you to sort of lock these in your ear for when you'll be active, or to choose a slightly looser fit for gentler use. There is an ear-tip fit test you can conduct in the companion app for Android devices, and Google ships four ear tips in the box.

I wouldn’t sleep on the fun new Iris color option (shown above), either. It’s more of a light lilac in person, but I especially like the subtle pop of color it provides. Pixel Buds 2a are also coming in Hazel, which is a shade of black (shown below).

You’ll also find a “G” for Google engraved on each bud, and that same spot has a capacitive touch sensor for controls, such as pausing music or engaging Google Gemini, though you can also call upon the AI to help using the phrase, ‘Hey Google.’

Google’s also stepping up battery life here – Pixel Buds 2a should last for 10 hours on a full charge or for up to 27 hours with recharges in the case, though that's with active noise cancellation turned off. With it on, you're looking at seven hours from the buds and 20 hours from the case.

The carrying case is smaller and very palm-able, making the buds even more tempting to take every with you. The case recharges via a USB-C port and, like the Pixel Watch 4, now has a battery that can be replaced, making it more serviceable for long-term use.

Aiding in the improved battery life over the previous Google Pixel Buds A-Series is the Google Tensor A1 chip. It should make things a bit more efficient and speed up responsiveness, but it also powers another new feature – active noise cancellation.

Google promises that ANC on the Pixel Buds 2a is as good as the first-generation Pixel Buds Pro, and we’ll need to put that to the test. Without music playing, though, I was able to engage the ANC on the Buds 2a, and it brought a fairly packed hands-on space to a whisper.

It put me in the zone, to a degree, and with a track playing it should be even more effective, though Google didn't allow us to play music during this early look, which obviously means we'll be holding off from a full verdict until we can do our full review.

The Pixel Buds 2a will also feature a transparency mode for times when you want to let in environmental noise or someone chatting with you.

While I didn’t get to try audio playback on the Pixel Buds 2a, we do know that an 11mm dynamic driver powers the experience, and these affordable earbuds will boast an adjustable five-band equalizer via the app. For when you want to be immersed in sound, spatial audio is supported here as well, though it only works with certain Pixel devices (from Pixel 6 and later).

And if you misplace the case, you can see the location on a map, and if the earbuds are inside, you can ping it to have it play a sound. This way, the game of hide and seek will be done a little quicker.

On paper, the Pixel Buds 2a are shaping up to be a pretty compelling pair of earbuds, but even at $129 / £129 / AU$239, these are entering a pretty packed world of the best earbuds, with strong options at the same price and lower.

As we approach the official launch and arrival date of October 9, 2025, we'll put the Pixel Buds 2a through their paces and see just how good these new Google earbuds are. If you’re sold, though, the Google Pixel Buds 2a are up for pre-order now in either Iris or Hazel.

• Read our picks of the best budget earbuds
• Read about more of the best noise-cancelling earbuds for all budgets
• I reviewed over 30 pairs of headphones in 2024 and here's the one I keep coming back to

• A 22-year-old Ethan Foltz was recently arrested
• He's being suspected of building, and renting, an enormous DDoS-for-hire botnet called Rapper Bot
• Since the arrest, there were no reports of new Rapper Bot activity

A 22-year-old Alaskan man has been arrested under the suspicion of building, maintaining, and renting “one of the most sophisticated and powerful DDoS-for-hire botnets currently in existence” - the infamous “Rapper Bot”.

The US Department of Justice (DoJ) announced law enforcement agents raided the home of Ethan Foltz of Eugene, Oregon, who was apparently arrested, while Rapper Bot was seized and terminated.

The DoJ also claimed the raid a success, as “private sector partners have not reported any Rapper Bot attacks since”.

Foltz is now suspected of developing and distributing a unique piece of malware that infected Digital Video Recorders (DVRS) and WiFi routers.

That malware allegedly granted him control over almost 100,000 devices, which he used to build a Distributed Denial of Service (DDoS) botnet.

Together with his alleged co-conspirators (who weren’t named in the announcement and were most likely not arrested), he sold access to that botnet, which various cybercriminals used to mount DDoS attacks against different entities, including government agencies, social media platforms, and US tech companies.

According to the criminal complaint, just between April 2025 and today, Rapper Bot was used in 370,000 attacks against 18,000 victims, located in 80 countries around the world.

US Attorney Michael J. Heyman for the District of Alaska described Rapper Bot as “one of the most powerful DDoS botnets to ever exist.” The attacks measured up to three terabits per second, and in some cases even exceeded six terabits per second.

The announcement also said that a single, 30-second DDoS attack could cost a business up to $10,000 in different costs, from lost revenue, disgruntled customers, to bandwidth usage costs, or the resources needed to respond to attacks.

Foltz is charged with one count of aiding and abetting computer intrusions, and if convicted, he could spend the next 10 years in prison.

• Hacker pleads guilty to breaching company networks to pitch his own services
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers