News

• Labels like “Verified” give a false sense of safety but don’t reflect real extension behavior
• Browser DevTools were never meant to track how extensions behave across tabs and over time
• Malicious extensions often act normally until specific triggers make their hidden features come alive

The unchecked spread of malicious browser extensions continues to expose users to spyware and other threats, largely due to deep-seated flaws in how the software handles extension security.

New research from SquareX claims many people still rely on superficial trust markers like “Verified” or “Chrome Featured,” which have repeatedly failed to prevent widespread compromise.

These markers, while intended to reassure users, often offer little insight into the actual behavior of an extension.

A central issue lies in the limitations of Browser DevTools, which were designed in the late 2000s for web page debugging.

These tools were never meant to inspect the far more complex behavior of modern browser extensions, which can run scripts, take screenshots, and operate across tabs, actions that existing DevTools struggle to trace or attribute.

This creates an environment where malicious behaviors can remain hidden, even as they collect data or manipulate web content.

The failure of these DevTools lies in their inability to provide telemetry that isolates extension behavior from standard web activity.

For instance, when a script is injected into a web page by an extension, DevTools lack the means to distinguish it from the page’s native functions.

The Geco Colorpick incident offers an example of how trust indicators can fail catastrophically - according to findings from Koi Research, 18 malicious extensions were able to distribute spyware to 2.3 million users, despite carrying the highly visible “Verified” label.

To address this, SquareX has proposed a new framework involving a modified browser and what it calls Browser AI Agents.

This combination is designed to simulate varied user behaviors and conditions, drawing out hidden or delayed responses from extensions.

The approach is part of what SquareX terms the Extension Monitoring Sandbox, a setup that enables dynamic analysis based on real-time activity rather than just static code inspection.

At the moment, many organizations continue to rely on free antivirus tools or built-in browser protections that cannot keep up with the evolving threat landscape.

The gap between perceived and actual security leaves both individuals and companies vulnerable.

The long-term impact of this initiative remains to be seen, but it reflects a growing recognition that browser-based threats demand more than superficial safeguards.

• Google Workspace is copying a very familiar YouTube feature to help you get through videos
• Check out the best AI phones on the market
• Here is our list of the best AI website builders on the web

• Wi-Fi 8 plans to fix edge-of-coverage dropouts where extenders usually fail to keep things running smoothly
• Wi-Fi 7 maxes out throughput while Wi-Fi 8 makes sure it works everywhere, every time
• Wi-Fi 8 to introduce Single Mobility Domains so devices roam between access points without getting interrupted

Only hours after the official ratification of Wi-Fi 7, early details of its successor, Wi-Fi 8, are already making waves.

A release from Qualcomm noted Wi-Fi 8 isn’t promising faster peak speeds; instead, it focuses on improving stability, cutting latency, and ensuring smoother performance in environments with many connected devices.

Where Wi-Fi 7 emphasized raw throughput and bandwidth gains, Wi-Fi 8 is being designed to sustain those benefits under pressure, ensuring consistent delivery even in crowded or interference-prone settings.

Two core trends are shaping the direction of Wi-Fi 8. First is the growing ecosystem of personal devices such as AR glasses and next-gen health monitors, which demand seamless and low-latency connections to nearby companion devices.

Second is the rise of AI-powered systems that depend on fast, reliable access to edge or cloud-based intelligence.

Together, these trends are pushing local networks, including your Wi-Fi router or even a mobile 5G router, into territory they weren’t originally designed for.

Wi-Fi 8 is being framed as the foundational layer of connectivity that will underpin these increasingly dynamic and latency-sensitive systems.

And unlike a basic Wi-Fi extender that simply expands signal reach, the new standard rethinks how access points work together, how devices roam, and how signal quality is preserved at the edge of coverage zones.

What gives Wi-Fi 8 its edge is the ongoing development of the 802.11bn standard.

Several core features aim to make Wi-Fi more reliable in the real world, not just in ideal lab conditions.

One of the key innovations is “Single Mobility Domains,” which allow devices to move across multiple access points without experiencing disruptions, something particularly beneficial in environments like airports, hospitals, or multi-floor offices.

Another major improvement is performance at the edge, the outer limits of a signal’s reach.

Current setups, even with a Wi-Fi extender, often suffer drops and delays in these areas - Wi-Fi 8 introduces physical layer updates meant to improve consistency without relying on brute-force signal strength.

Multi-access point coordination is another shift, and this is ideal for large venues or dense urban housing - as rather than each unit operating in isolation, Wi-Fi 8 envisions coordinated networks that intelligently share airtime and avoid overlap.

On-device coexistence, especially where radios like Bluetooth or ultra-wideband compete for antenna space, is also receiving attention.

Wi-Fi 8, expected to be finalized by 2028, reflects a deeper rethink of what modern connectivity actually requires.

The push isn’t for headline-grabbing throughput figures but for a wireless experience that performs like wired infrastructure.

• Check out our pick of the best secure routers on offer
• Here are the best mobile workstations around today
• We've also listed the best monitors for every budget and resolution

This week DJI and Insta360 had a Freaky Friday situation as they announced a 360 camera and a drone respectively, tech the other is usually known for.

We also heard that OpenAI is scared of its next AI, and the UK faced the Online Saftey Act.

You can catch up on these stories and more in this week's catch up of the seven biggest tech news stories.

This week, Skechers debuted the new Find My Skechers. They look like your run-of-the-mill sneakers on the outside, but hidden in each heel is a cutout that’s perfect for an Apple AirTag.

This Bluetooth tracker can then be used to help you keep track of your child if you’re out in an unfamiliar place, or help you locate any lost shoes, whether they were misplaced while out and about or while getting ready in the mad rush to get to school.

Though when we polled parents, the reactions were mixed. Predominantly because the target age range – toddlers and young children – outgrow their shoes every six months to a year. At their cheapest, Find My Sketchers cost $52 a pop, which is a lot to regularly shell out.

• Read more: These new sneakers have a secret AirTags compartment

This week Britain was hit by the latest provisions of the Online Safety Act, introducing age verification measures designed to help prevent young people accessing age inappropriate content. However the new requirements have frustrated many adults.

A petition to repeal the UK Online Safety Act garnered over 450,000 signatures in just a few days, and some have tried all sorts of workarounds including attempting to game the system with Death Stranding’s photo mode.

Most people are onboard with the idea behind the rules, but aren’t keen on needing to share their ID with websites – especially foreign websites – as they’re worried their data might be mishandled. Despite the concerns, the Government has said it won't be repealing the measures.

• Read more: Over 450,000 Brits want to repeal the UK Online Safety Act

Last week, we reported on a growing number of complaints about Google Home devices, with the smart home gadgets failing to deal with commands properly or throwing up other bugs.

This week, it seems the problem got worse, with many reporting their voice controls for smart lights were now completely broken and not working at all.

The situation has gotten so bad that US law firm Kaplan Gore has announced it has "begun investigating a possible class action" against Google because so many users are now reporting broken functionality, despite most of these devices having worked fine in the past.

• Read more: Google Home devices are continuing to break

The 360 camera space has been dominated by Insta360 for years, but it finally has some proper competition following the arrival of the DJI Osmo 360. What's more, they could soon be joined by the GoPro Max 2, which was recently teased by GoPro.

Considering it's DJI's first foray into the market, the Osmo 360 impresses straight off the bat, delivering what DJI says are several industry firsts, the most notable of which are its twin 1-inch sensors with 8K video recording up to 50fps. Those sensors are effectively twice the size of the Insta360 X5's, our current favorite 360 camera, and should give DJI's model the upper hand for image quality, especially with richer 10-bit color depth.

Based on specs, the Osmo 360 has the edge over the X5, but it's real-world use that matters the most, and the X5 is our favorite model for a reason. It has stellar battery life, and its lenses can be replaced in the event of damage. We are currently conducting our hands-on versus of the two models, and it's making for a titanic battle.

• Read more: Can DJI's first 360 camera dethrone the X5?

DJI isn’t used to having competition in the skies, but this week, its first serious rival for years flew into town. The undisputed king of 360 cameras, Insta360, has announced its new Antigravity platform, which will soon give us the first drone with a 360-degree camera.

Okay, but what’s the benefit of a flying, all-seeing camera? The main one is that, in theory, you won’t need to worry about perfectly shooting aerial videos as you fly, because you’ll be able to reframe them later. We’re looking forward to experiencing that in person when the Antigravity drone fully launches later this month.

• Read more: Has DJI just met its match? Insta360 unveils Antigravity – the world’s first 360 drone

ChatGPT has added a new feature called Study mode to its paid-for and free accounts that turns the famous chatbot into an unpaid study tutor for your kids. Parents often panic about ChatGPT being used by their children to avoid actually learning anything, but Study mode is different. It’s pretty safe for kids to use because it teaches them how to arrive at the answer, rather than just giving them the answer. It’s more of an interactive back-and-forth chat about the question being posed, which encourages them to learn as they go.

Of course, you don’t need to let your kids have all the fun with it. You can use Study mode yourself to learn any new subject. Having the ability to turn ChatGPT into a proper tutor is pretty handy, so whatever it is you want to learn – whether that’s a new language or how to code – now you’ve got the perfect excuse to get started.

• Read more: OpenAI added Study mode to ChatGPT, even for free accounts

OpenAI CEO Sam Altman revealed details about his company's testing of GPT-5 (the next-gen brain for ChatGPT) by saying he got scared by the AI, and comparing it to The Manhattan Project.

The over-the-top analogy might evoke some level of keen scientific minds coming to a major breakthrough, but his other comments made OpenAI seem either reckless or incompetent.

Even if he's exaggerating, we don't know if either of those descriptions should be attached to the kind of company that might decide how next-gen AI power is deployed.

• Read more: OpenAI's CEO says he's scared of GPT-5

The UK's Online Safety Act officially introduced age verification measures on July 25, reshaping how people access certain websites and services.

Designed to protect children from harmful content and make platforms more accountable, the rollout has sparked heated debate. Critics worry about increased tracking, potential data breaches, and the loss of online privacy.

With new restrictions in place, VPN interest in the UK has surged as users look for greater control over their browsing and data security. While we don't encourage bypassing age checks, it's clear that VPNs have become a go-to tool for those concerned about privacy and the changing internet landscape.

We've tested countless VPNs over the years – you’ll find our full list of recommendations to the best VPNs and best free VPNs in our dedicated guides.

But if you just need a quick answer to which VPN to choose this weekend, we’ve got you covered here. These are the top options available today, plus a heads-up on what to look for in the small print.

NordVPN still sits at the top of our rankings because it’s the best all-in-one VPN we’ve tested, delivering world-class security and speed, plus versatility from its extra features. Yes, Surfshark is slightly faster, and ExpressVPN just beats NordVPN on privacy and security in our most secure VPN guide, but at $3.39 / £2.69/month (on the two-year plan) NordVPN is cheaper than Express ($3.99 per month), better at unblocking geo-restricted content (it’s our top recommendation for streaming), and offers more extra features than both rival services.

NordVPN’s Threat Protection feature blocks malware, ads, and trackers well, while its audited no-logs policy means that no browsing data is logged by its servers. (Those independent audits prove that NordVPN is operating exactly as it claims.)

The apps themselves are straightforward to use, making it a good choice for beginners.

In this new era of stricter internet rules, NordVPN is a great choice for most people, and TechRadar has an exclusive deal. Sign up and get:

✅ Up to 76% OFF
✅ Up to $50 Amazon Gift card
✅ 4 months free protection (TechRadar exclusive)

Choose the Pro, Complete, Ultimate or Prime plans to get the deal. There's a 30-day money back guarantee, so if it isn't right you can cancel your subscription and get a refund.

Read more: NordVPN reviewView Deal

Surfshark is the cheapest VPN in our top three, at $1.99/ £1.89 per month on the two-year plan. It scored slightly lower than NordVPN and Express VPN in our privacy and security tests, but it’s still an extremely robust choice for keeping your data safe - and it beats the other two on speed. You also get unlimited simultaneous connections, so every device in your home can stay protected, which neither NordVPN or Express VPN offer.

Surfshark's CleanWeb tools block ads, trackers, and known malicious sites, while its audited no-logs policy ensures that your browsing remains private. In our experience, speeds remain consistently fast across both nearby and long-distance servers, making it perfectly capable for streaming, video calls, and general browsing without interruptions.

Pricing is one of Surfshark's strongest selling points: plans start at around $2 per month on a two-year subscription, while monthly and annual plans remain competitive for those who prefer flexibility. All plans include a 30-day money-back guarantee, and there's a seven-day free trial so you can see whether it's right for you.

Read more: Surfshark reviewView Deal

If you're new to VPNs and want something that works flawlessly from the start, ExpressVPN is an excellent choice. Its apps are simple, intuitive, and consistent across devices, so you can connect securely in one click – we’ve tested it with complete beginners and they were able to get it up and running with no issues.

It also scores highly where it counts, on privacy and security, beating NordVPN (only just though, as you’ll see in our most secure VPN guide). ExpressVPN's commitment to privacy is reinforced by multiple third-party audits and, like the two services above, it has a proven no-logs policy, giving newcomers peace of mind that their data isn't being tracked. Its Lightway protocol also optimises speed and reliability, even on slower connections.

One reason why it’s our third recommendation and not our first is that ExpressVPN costs more. Plans start at around $4 per month on a two-year plan. Every subscription includes a 30-day money-back guarantee, letting beginners test its performance risk-free.

Read more: Express VPN reviewView Deal

We don't recommend choosing a free VPN if data protection is your top priority, but if that’s what you’re looking for, then PrivadoVPN Free is one of the better services we’ve tested. It delivers AES-256 encryption, a strict no-logs policy governed by Swiss privacy laws, and industry-standard protocols like WireGuard and OpenVPN. It hasn't yet undergone an independent audit though.

You get 10 GB of full-speed data every 30 days. After that limit is reached, traffic is throttled to around 1 Mbps. That’s fine for light browsing or occasional streaming, not for heavy use.

Despite the cap, speeds during the full-speed window are surprisingly fast, with many tests showing performance comparable to our top-scoring VPNs. It can also unblock major platforms like Netflix and BBC iPlayer.

Still, if you’re serious about protecting your data, we’d recommend signing up for one of the services above.

Read more: PrivadoVPN Free reviewView Deal

VPNs don’t always guarantee complete anonymity, but using a reputable one does significantly boost your privacy online.

However, not all VPNs are created equal. While the services we've highlighted above have proven in our testing over the years to be trustworthy and reliable, there are plenty of options that can put your privacy, and your device, at risk.

Exclusively free VPNs are particularly notorious for tracking users or injecting ads to make money, and some paid services cut corners on security or performance.

Here are five big red flags to watch out for when choosing a VPN:

1. No independent security or privacy audit
2. Vague privacy policies
3. Slow connection speeds or frequent disconnections
4. Severe data caps that make streaming or gaming impractical
5. Limited server locations, restricting your connection options

• What is age verification? The privacy nightmare facing millions of UK internet users
• Over 450,000 Brits want to repeal the UK Online Safety Act – here's how to have your say
• Could VPNs be banned? UK government to look "very closely" into their usage following spike after age verification row

• Norton Deepfake Protection is part of its Norton Genie AI Assistant on Norton 360 mobile apps
• The tool is available in Norton 360 mobile products in the US, UK, Australia, and New Zealand
• It currently supports English-speaking YouTube clips

Norton has introduced a new feature which aims to help users spot deepfake audio and video content on their smartphones

Norton Deepfake Protection will be part of the Norton Genie AI Assistant on Norton 360 mobile apps - as until now, it was only available on select Microsoft Copilot+ PCs, and was considered an “early access” phase.

Now, Norton is spreading the tool’s availability, allowing even those without AI PCs to defend themselves against sophisticated scams.

A deepfake video or audio is a media file created using AI to realistically mimic a person’s appearance, voice, or actions, often made by training machine learning models on real footage or recordings.

This type of content was already observed being abused in different scams, and Norton says the tool provides, “an added layer of contextual protection” by spotting inconsistencies or faint deformations in the physical features of people appearing in videos.

For now, the tool only supports English-language YouTube videos, but there are plans to expand platform and language support in the future.

Anyone interested in testing the tool can upload YouTube links to the assistant to receive “real-time guidance on the authenticity of the video”.

The tool is available in Norton 360 mobile products in the US, UK, Australia, and New Zealand, across Android and iOS devices. Desktop support is “coming soon,” Norton added.

One of the most widespread deepfake scams on the internet is the famous “Elon Musk investment scam”, in which crooks created a deepfake of Elon Musk promoting his new cryptocurrency coin. In the video, he talks about the coin being the future of money transfer, and promises “huge gains” for the investors.

While early iterations of the scam were rather easy to spot, AI has improved significantly over the years, and will continue to do so, further blurring the lines between truth and deception.

• Norton boosts AI scam protection tools for all users
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• QR phishing, also known as quishing, is a rising scam where attackers try to trick you into scanning fake QR codes
• Cybercriminals may target your personal data, login credentials, bank accounts, or try to infect your smartphone with malware
• These QR codes can be found everywhere, from parking lots to museums

You might be used to receiving scam emails or texts, but did you know that you can also get scammed through a QR code? This increasingly common form of scam is referred to as quishing – and it's been spreading rapidly again recently.

According to CNBC, 73% of Americans have scanned a QR code without verifying that the source link was safe, and NordVPN has discovered that 26 million have been directed to malicious websites as a result.

Meanwhile, in the UK, Action Fraud (the national reporting centre for fraud and cybercrime) recently revealed that £3.5 million had been lost to quishing scams in the year leading up to April 2025.

These scam QR codes are being used for anything from sending fake payment links to installing malware on your phone. Here's everything you need to know about the latest quishing attacks and how to protect yourself from them.

Quishing is a form of phishing that is done entirely via a QR code. While it wasn't as widespread just a few years ago, it skyrocketed during the pandemic, when QR codes became more than just a fun little quirk.

Over the last few years, QR codes have permeated the fabric of our daily lives. We see them everywhere, from TV commercials to restaurant menus or flyers. Unfortunately, QR codes are inherently opaque. It's hard to verify how secure a link is at a glance, which makes these codes easy to tamper with.

The way it works is shockingly simple. Whether the scam QR code pops up in an email or elsewhere, it's always accompanied by something that'll get you to scan it. Payment prompts, medical forms, or product information are common targets. When you scan the code and click through, you'll be taken to the next part of the scam, which is either a website or a script that installs malware in your phone.

Unfortunately, if the code has been tampered with, the target website is a scam. At best, it'll steal however much you're trying to pay for parking; at worst, it might compromise your phone or your banking login credentials.

While QR codes found in restaurants or museums seem like a safe bet, that isn't always the case – not anymore.

Unlike phishing emails, QR codes have a strong real-world impact. It's all too simple for threat actors to tamper with legitimate codes found in public spaces. That said, the threat is much greater at open public spaces, rather than indoor ones.

For example, at a parking lot, scammers physically replace the sticker at the parking meter, directing people to a legitimate-looking website where they can pay their parking bill. The same can be done with posters or flyers found just about anywhere.

It's important to remember that this isn't niche, and it can happen to anyone. KeepNet Labs found that QR codes are an increasingly common medium for sending phishing links, with a whopping 26% of all malicious links being delivered that way.

Quishing, much like all other forms of scams, relies on creating a sense of urgency. Whether it's an exciting offer or a serious-looking payment reminder, quishing scammers want you to scan the code and proceed without asking questions. That's why the best way to stay safe is to be vigilant and take your time.

Let's say that you received a QR code embedded in an email that tells you to secure your account, enable multi-factor authentication, or get a discount code. Don't trust it right away – it could be a scam. Even a legitimate-looking email address might not mean that you're in the clear, as scammers can hijack accounts to send out those QR codes.

To stay safe, don't take any unexpected email at face value. If a service tells you that your account has been compromised, don't scan any codes in that email. Instead, go to the website or app directly and change your login credentials there, without interacting with the content of the email.

When faced with QR codes in places where they might have been tampered with, it's better to take your time rather than scan the code quickly. At a parking lot, don't scan the code – go directly to the address. Only QR codes that are physically impossible for scammers to replace are safe.

If you do scan a QR code, make sure to never provide any personal information or login credentials. It's always better to err on the side of caution. Before you follow the link to any website, look at it carefully and compare it to what you know as the real deal.

QR codes certainly make our lives easier, but unfortunately, the more widespread they are, the likelier they are to be targeted by scammers. It's never a bad idea to invest in one of the best Android antivirus apps to protect your phone from hackers.

• Mass quishing attacks linked to organized crime gangs across the UK
• QR codes are being hijacked to bypass MFA protections
• The evolution of phishing: vishing & quishing