News

• The latest Pokémon Presents has offered new details about Pokémon Legends: Z-A and other upcoming Pokémon games
• Pokémon Friends has been announced and is now available for Nintendo Switch, Switch 2, iOS, and Android devices
• Pokémon Champions has been confirmed for a 2026 release

The Pokémon Company has unveiled a deluge of new information about several of its upcoming games, while also announcing a new title, Pokémon Friends.

Revealed during the July 22 Pokémon Presents, Pokémon Friends is now available on Nintendo Switch, Nintendo Switch 2, iOS, and Android devices.

It's a puzzle-solving game featuring a series of randomly generated brainteasers that can be completed daily to earn Pokémon plushies, which can then be used to decorate your in-game rooms.

"Unwind with puzzles in Pokémon Friends! Solve sets of three randomly selected puzzles to help untangle your mind – then place the yarn you obtain into the Plush-O-Matic, a special machine that creates in-game Pokémon plush!" the game description reads.

"As you try to make them all, you can track your crafted plush in the catalogue. You can also mark your calendar with a stamp each day you play."

The game features over 1,200 puzzles that were each inspired by the world of Pokémon. Trainers can also complete friend quests, track daily progress with stamps in their calendar, and collect up to 150 different plushies.

Pokémon Friends is free on mobile, but the game is priced at $15.99 on Nintendo Switch and Switch 2. There's also a $53.99 version called the Pokémon Friends Combo Bundle that bundles together the base game and two Puzzle On! packs.

Alongside the new game announcement, new details were also shared about Pokémon Champions, which is now confirmed to be arriving in 2026 for Nintendo Switch, Nintendo Switch 2, iOS, and Android devices.

In this game, players can recruit Pokémon to their team and battle other Trainers in three game modes: Casual Battles, Ranked Battles with players around the world, and Private Battles that can be played with family and friends.

A core feature of Champions is Trial Recruitment, which allows players to try out Pokémon and test strategies for a limited time.

There's also a Permanent Recruitment that lets players keep Pokémon by using Victory Points (VP), which are gained through various methods such as Ranked Battles. Players can also use VP to train Pokémon according to their own preferences, including altering their stats and Abilities.

Finally, we also learned fresh details about the next major mainline Pokémon game ahead of its official release later this year, Pokémon Legends: Z-A.

In an extended gameplay trailer, developer Game Freak offered an in-depth look at the game's explorable setting, Lumiose City. During the day, players can explore and find Pokémon to capture in wild zones, where they may encounter stronger, more powerful wild Pokémon dubbed alpha Pokémon.

Meanwhile, at night, players can compete in the Z-A Royale and climb the ranks by battling other Trainers, including Corbeau, the boss of Rust Syndicate, an organisation operating in Lumiose City.

New NPCs were also introduced, including Emma, a detective who asks the player to track down missing Pokémon, items, and take part in battles, and Mable, the acting director of Pokémon Research Lab, who is researching the habits and reasons behind the growing population of Pokémon.

When players arrive in Lumiose City, they'll be asked by Urbain or Taunie to join Team MZ, a crew dedicated to keeping Lumiose City a peaceful place. They can then go on to explore the city, change and customize their appearance and outfits, and earn rewards by completing tasks.

Mega Evolutions is another thing the latest trailer explored. Although we have previously been teased for this new system, Game Freak offered a new look at Mega Dragonite, a newly discovered Mega-Evolved Pokémon.

It will be up to the player and Team MZ to investigate Mega Evolutions, battle, and calm a variety of Rogue Mega-Evolved Pokémon, and in exchange, obtain Mega Stones as rewards.

Pokémon Legends: Z-A launches on October 16, 2025, for Nintendo Switch and Nintendo Switch 2.

UK pre-orders and US pre-orders are now live, along with the newly announced Switch 2 bundles.

• Best PS5 games 2025 - the top 26 PlayStation 5 titles to play right now
• The Nintendo Switch 2 is the company’s least ambitious console to date, but its improvements are astronomical
• I’ve spent 150 hours with The Legend of Zelda: Breath of the Wild, and the Switch 2 Edition is an incredible upgrade

• Launched on July 27, 2025, a new VPN service seeks to fix issues with providers' trust
• VP.net uses Intel SGX hardware to supposedly deliver "cryptographically verifiable privacy"
• Researchers uncovered some vulnerabilities with Intel SGX systems in the past

A new VPN service has just landed in the market, promising to take a completely different technical approach to users' privacy.

Short for Verified Privacy, VP.net claims to be built in a way that physically separates users' identities from their browsing activity at the hardware level. By doing so, the provider seeks to fix issues linked to virtual private network (VPN) providers' trust. So, forget no-log VPN policies and welcome "cryptographically verifiable privacy."

The provider launched the app on June 27, 2025, across all major platforms, namely Windows, macOS, Linux, Android, and iOS, and now strives to become the VPN of the future. Yet, not without some controversy.

All the best VPN services currently offer strict no-log policies. These guarantee that the provider never stores any of your identifiable data and are regularly checked with independent no-log audits.

The problem is that even third-party VPN audits require a dose of trust.

"An audit only proves that something was true at that moment in time. This is why we're bringing math and verifiable cryptography back into the mix so that when we say you're private, you're actually private," one of VP.net's founders, Andrew Lee, told TechRadar.

The founder of Private Internet Access (PIA), a popular no-log VPN provider, Lee later realized that many users now need a level of privacy that's not based on trust. He then teamed up with other privacy-committed developers to build a new type of VPN service.

That said, it's worth noting that PIA is among the companies that have proved their no-log claims in real life over the years, doing so not once but twice in court. Another example is Mullvad, which left a police raid empty-handed in Sweden back in 2023.

The big novelty with VP.net lies in its tech. The company uses Intel SGX hardware, which promises to deliver "cryptographically verifiable privacy."

For the less techie out there, all you need to know is that all the sensitive operations, those that could somehow reveal your identity, occur in some so-called encrypted enclaves. These are secure and isolated spaces within the software infrastructure that physically prevent the VPN provider from accessing the activities happening inside.

Put it simply, this mechanism should make it "technically impossible to associate your identity with what you do online," explains the provider.

Not only encryption, though; the system also claims to use SGX attestation. This is a security mechanism that assures the encrypted enclaves work as they should, preventing the provider or any other third party from accessing the activities occurring inside. This is "verifiable by clients using Intel's attestation services," said the provider. You can see all VP.net's technical details here.

Crucially, VP.net also offers some protection against the tracking of metadata, meaning all the details that aren't the content. Echoing what NymVPN's innovative mixnet network and Mullvad's DAITA tool do, VP.net also employs some techniques to prevent traffic analysis and obscure actual usage patterns.

Beyond the novel infrastructure, VP.net also includes all the classic features you'd expect from a VPN.

These include support for the secure and speedy WireGuard protocol, alongside security features like a kill switch and DNS leak protection. Adding post-quantum encryption support is also in the pipeline.

All the apps are fully open-source as well, so that anyone with the technical knowledge can check the code to see if the software behaves as it should. You can take a look at the provider's public repositories by heading to the VP.net GiftHub page.

Despite the good premises on paper, Intel SGX tech is certainly not without flaws.

In 2019, for example, a team of researchers discovered a way to run and hide malware on Intel systems. Worse still, this malicious software was undetectable by antivirus tools at the time.

This may be among the reasons why Intel patched multiple security holes in 2023, addressing many existing flaws and vulnerabilities.

Such a security fix certainly doesn't fully convince everyone in the industry, including the CEO of NymVPN, which is another VPN provider seeking to challenge issues with VPN providers' trust. "I prefer decentralization and advanced cryptography rather than believing Intel has produced a silver bullet," NymVPN's CEO, Harry Halpin, told TechRadar.

Another contentious point lies behind the VP.net team. Well-known names from the Bitcoin world, both Roger Ver and Mark Karpelès have had some legal issues in the past.

Commenting on the latter point, Karpelès told TechRadar: "For the way we build the system, there is no need to trust the team behind VP.net. We provide independent systems that verified by itself, as a connection if everything is safe. So, even if I wanted to connect or do anything like that, there's no way I could do anything."

• “Once you have the data, you have to cooperate” – Windscribe CEO speaks out against global threats to no-log VPNs
• Europol doesn't only want an encryption backdoor, but also your metadata
• These free VPNs may have ties to China’s military – and they are still hidden in Apple and Google app stores

• ExpressVPN issued an update to patch an RDP leak bug discovered by an independent researcher
• The leak in the Windows ExpressVPN client was found in April, in code rolled out in March, so its recent audit could not have spotted the bug
• ExpressVPN considers that "the likelihood of real-world exploitation was extremely low"

The ExpressVPN Windows client app has been updated to patch a leak vulnerability, discovered in April by an independent security researcher.

In a detailed blog post dated July 18, 2025, ExpressVPN – considered one of the best VPNs – confirmed the RDP bug that could have leaked users' real IP addresses, despite stating that "the likelihood of real-world exploitation was extremely low."

Nonetheless, a fix was issued in an update a few days later, meaning the bug should no longer exist, and cannot now be exploited.

RDP (Remote Desktop Protocol) allows a remote connection from one device to another (typically PC to PC, or PC to server). When an RDP connection is established with a virtual private network (VPN) enabled, the expectation is that the data travels through the encrypted VPN tunnel.

When the data is not encrypted and bypasses the tunnel, it is referred to as a leak. Besides RDP, other encryption-dodging leaks can occur with VPNs, such as DNS leaks.

With this bug, the RDP connection could have been observed by an ISP (Internet service provider), or anyone with network access. Not only was the target IP address not encrypted – enabling an observer to see that a connection to ExpressVPN was running – but it would have been clear that remote servers were being accessed over RDP.

The attack, as demonstrated by researcher Adam-X, would result in the user’s actual IP address being revealed, but not their browsing activity.

The value of a VPN is that all data should be encrypted between the user’s device and the VPN server. While it is possible to manually exclude some apps from the VPN connection, that didn’t happen here. Note, however, that this was a bug in the Windows version of the ExpressVPN desktop client, and did not affect other versions.

This news was announced soon after ExpressVPN published the details of its latest successful no-log audit by KPGM. Should the bug have been detected in the audit, and should users have been informed sooner?

ExpressVPN has stated: “The problem was traced to a piece of debug code (originally intended for internal testing) that mistakenly made it into production builds (versions 12.97 to 12.101.0.2-beta).” They also confirm that Adam-X reported the bug on April 25.

ExpressVPN was audited in February 2025, and solely to ensure that its TrustedServer infrastructure never collects users’ logs as claimed.

Meanwhile, according to Uptodown’s repository of version updates, ExpressVPN production builds 12.97 to 12.101.0.2-beta were issued between March and May.

In short, KPMG’s audit of ExpressVPN’s servers could not have found the bug – even if it was tested for – as this did not exist at the time.

Most users typically won’t connect to a VPN before establishing an RDP session, so it is unlikely that this affected many users.

ExpressVPN is used mostly by individuals, rather than organizations, so the attack surface of this vulnerability should be minimal. Exploiting the bug also required an attacker to know about it, and to find a way to direct the victim to a malicious website.

The VPN provider has, however, stated that it is introducing more checks to find issues like this before builds are released, and improving automated testing.

ExpressVPN’s response to the bug report – just five days between filing by Adam-X and the first patch – is impressive. But why take so long to share the information publicly? Well, it’s a security matter.

• Themes land on ExpressVPN mobile apps – with full Dark Mode now available for iOS
• ExpressVPN faces a class action in the US over alleged "illegal" auto-renewal fees
• “Once you have the data, you have to cooperate” – Windscribe CEO speak out against global threats to no-log VPNs

• A signing key that many Linux distributions use to support Secure Boot is about to expire
• Sytems that fail to recognize the new key might fail to boot Linux securely
• Users might need to disable Secure Boot to install or run Linux

A signing key used to support Secure Boot on many Linux distros is about to expire, which could open up devices to all sorts of cybersecurity risks.

Secure Boot is a security feature built into modern computers. It is part of the Unified Extensible Firmware Interface (UEFI), which makes sure that only trusted software can run when the system starts up. This helps block malware such as bootkits, and it relies on digital signatures and keys stored in the computer’s firmware.

In short - UEFI boots up, checks the right software is in place, and hands things over to the operating system.

Now, Microsoft has a signing key that many Linux distributions use to support Secure Boot, and that key is set to expire on September 11, 2025.

A replacement key has existed since 2023, but apparently - many systems don’t support it yet, and for those that don’t recognize the new key, it could mean Linux will not boot securely.

Fixing this problem requires firmware updates from original equipment manufacturers (OEM) but there is a risk that not all OEMs will issue updates - especially those for older, or less popular devices.

There is also a tool called “shim”, which some Linux distros use to work with Microsoft’s Secure Boot infrastructure. It is signed with Microsoft’s (soon-to-expire) key, and if it doesn’t get replaced on time, Secure Boot may break those distros entirely.

As a result, some users might need to disable Secure Boot to install or run Linux, while others may need to manually update firmware, or generate their own keys (which is rather complex and could be risky for those without extensive technical knowledge).

All of this could push people to either stick with Windows, or avoid Secure Boot entirely, which opens up an entirely new can of worms.

Via Tom's Hardware

• Dior fashion brand hit by cyberattack and customer data leaked - here's what we know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers