The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up.Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps. These events aren't randomthey show just how clever and flexible cyber threats can be.In this edition, we'll look at the most important cyber events from the past week and share key takeaways to help you stay safe and prepared. Let's get started. Threat of the WeekLockBit Developer Rostislav Panev Charged in the U.S. Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been charged in the U.S. for allegedly acting as the developer of the now-disrupted LockBit ransomware-as-a-service (RaaS) operation, netting about $230,000 between June 2022 and February 2024. Panev was arrested in Israel in August 2024 and is currently pending extradition. With the latest development, a total of seven LockBit members have been charged in the U.S. That said, the group appears to be readying a new version, LockBit 4.0, that's scheduled for release in February 2025. Top NewsLazarus Group Continues to Evolve Tactics The North Korea-linked Lazarus Group has been observed targeting nuclear engineers with a new modular malware called CookiePlus as part of a long-running cyber espionage campaign dubbed Operation Dream Job. CookiePlus is only the latest manifestation of what security researchers have described as the growing sophistication that threat actors have begun incorporating into their malware and tactics. The variety of TTPs used highlights the versatility and diversity of the hacking group.APT29 Uses Open-Source Tool to Set Up Proxies in RDP Attacks The Russian state-sponsored group tracked as APT29 has repurposed a legitimate red teaming attack methodology that involves the use of an open-source proxy tool dubbed PyRDP to set up intermediate servers that are responsible for connecting victim machines to rogue RDP servers, deploy additional payloads, and even exfiltrate data. The development illustrates how it's possible for bad actors to accomplish their goals without having to design highly customized tools.Serbian Journalist Targeted by Cellebrite and NoviSpy An independent Serbian journalist, Slavia Milanov, had his phone first unlocked by Cellebrite's forensic tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, which comes with capabilities to capture personal data from a target's phone and remotely turn on the phone's microphone or camera. The spyware attacks, detailed by Amnesty International, are the first time two different invasive technologies have been used against civil society members to facilitate the covert gathering of data. Serbia's police characterized the report as "absolutely incorrect."The Mask Makes a Comeback A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. The group, first documented by Kaspersky back in early 2014, infected the company with malware such as FakeHMP, Careto2, and Goreto that are designed to harvest files, keystrokes, and screenshots; run shell commands; and deploy more malware. The origins of the threat actor are presently not known.Multiple npm Packages Fall Victim to Supply Chain Attacks Unknown threat actors managed to compromise three different npm packages, @rspack/core, @rspack/cli, and vant, and push malicious versions to the repository containing code to deploy a cryptocurrency miner on infected systems. Following discovery, respective project maintainers stepped in to remove the rogue versions. Trending CVEsHeads up! Some popular software has serious security flaws, so make sure to update now to stay safe. The list includes CVE-2024-12727, CVE-2024-12728, CVE-2024-12729 (Sophos Firewall), CVE-2023-48788 (Fortinet FortiClient EMS), CVE-2023-34990, (Fortinet FortiWLM), CVE-2024-12356 (BeyondTrust Privileged Remote Access and Remote Support), CVE-2024-6386 (WPML plugin), CVE-2024-49576, CVE-2024-47810 (Foxit Software), CVE-2024-49775 (Siemens Opcenter Execution Foundation), CVE-2024-12371, CVE-2024-12372, CVE-2024-12373 (Rockwell Automation PowerMonitor 1000), CVE-2024-52875 (GFI KerioControl), CVE-2024-56145 (Craft CMS), CVE-2024-56050, CVE-2024-56052, CVE-2024-56054, CVE-2024-56057 (VibeThemes WPLMS), CVE-2024-12626 (AutomatorWP plugin), CVE-2024-11349 (AdForest theme), CVE-2024-51466 (IBM Cognos Analytics), CVE-2024-10244 (ISDO Software Web Software), CVE-2024-4995 (Wapro ERP Desktop), CVE-2024-10205 (Hitachi Ops Center Analyzer), and CVE-2024-46873 (Sharp router) Around the Cyber WorldRecorded Future Gets Labeled "Undesirable" in Russia Russian authorities have tagged U.S. threat intelligence firm Recorded Future as an "undesirable" organization, accusing it of participating in propaganda campaigns and cyberattacks against Moscow. Russia's Office of Prosecutor General also said the company is "actively cooperating" with U.S. and foreign intelligence services to help search, gather, and analyze data on Russian military activities, as well as Ukraine with "unrestricted access" to programs used in offensive information operations against Russia. "Some things in life are rare compliments. This being one," Recorded Future's chief executive, Christopher Ahlberg, wrote on X.China Accuses the U.S. of Conducting Cyber Attacks The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) accused the U.S. government of launching cyber attacks against two Chinese technology companies in a bid to steal trade secrets. CNCERT said one of the attacks, detected in August 2024, singled out an advanced material design and research unit by exploiting a vulnerability in an electronic document security management system to break into the upgrade management server and deliver trojan to over 270 hosts and siphon "a large amount of trade secret information and intellectual property." The second attack, on the other hand, targeted an unnamed high-tech enterprise of smart energy and digital information since May 2023 by weaponizing flaws in Microsoft Exchange Server to plant backdoors with an aim to harvest mail data. "At the same time, the attacker used the mail server as a springboard to attack and control more than 30 devices of the company and its subordinate enterprises, stealing a large amount of trade secret information from the company," CNCERT said. The allegations come in the midst of the U.S. accusing Chinese threat actors like Salt Typhoon of breaching its telecommunication infrastructure.New Android Spyware Distributed via Amazon Appstore Cybersecurity researchers uncovered a new Android malware that was available for download from the Amazon Appstore. Masquerading as a body mass index (BMI) calculator, the app ("BMI CalculationVsn" or com.zeeee.recordingappz) came with features to stealthily record the screen, as well as collect the list of installed apps and incoming SMS messages. "On the surface, this app appears to be a basic tool, providing a single page where users can input their weight and height to calculate their BMI," McAfee Labs said. "However, behind this innocent appearance lies a range of malicious activities." The app has been taken down following responsible disclosure.HeartCrypt Packer-as-a-Service Operation Exposed A new packer-as-a-service (PaaS) called HeartCrypt has been advertised for sale on Telegram and underground forums since February 2024 to protect malware such as Remcos RAT, XWorm, Lumma Stealer, and Rhadamanthys. Said to be in development since July 2023, its operators charge $20 per file to pack, supporting both Windows x86 and .NET payloads. "In HeartCrypt's PaaS model, customers submit their malware via Telegram or other private messaging services, where the operator then packs and returns it as a new binary," Palo Alto Networks Unit 42 said, adding it identified over 300 distinct legitimate binaries that were used to inject the malicious payload. It's suspected that the service allows clients to select a specific binary for injection so as to tailor them based on the intended target. At its core, the packer works by inserting the main payload into the binary's .text section and hijacking its control flow in order to enable the execution of the malware. The packer also takes steps to add several resources that are designed to evade detection and analysis, while simultaneously offering an optional method to establish persistence using Windows Registry modifications. "During HeartCrypt's eight months of operation, it has been used to pack over 2,000 malicious payloads, involving roughly 45 different malware families," Unit 42 said.Chinese and Vietnamese-speaking Users Target of CleverSoar Installer A highly evasive malware installer called CleverSoar is being used to target Chinese and Vietnamese-speaking victims with the Winos 4.0 framework and the Nidhogg rootkit. The malware distribution starts with MSI installer packages that likely impersonate fake software or gaming-related applications, which extract the files and subsequently execute the CleverSoar installer. "These tools enable capabilities such as keystroke logging, data exfiltration, security bypasses, and covert system control, suggesting that the campaign is part of a potentially prolonged espionage effort," Rapid7 said, describing it as an advanced and targeted threat. "The campaign's selective targeting of Chinese and Vietnamese-speaking users, along with its layered anti-detection measures, points to a persistent espionage effort by a capable threat actor." It's suspected that the threat actor is also responsible for other campaigns distributing Winos 4.0 and ValleyRAT.Thousands of SonicWall Devices Vulnerable to Critical Flaws As many as 119,503 publicly accessible SonicWall SSL-VPN devices are susceptible to serious security flaws (25,485 of critical severity and 94,018 of high severity), with over 20,000 using a SonicOS/OSX firmware version that's no longer supported by the vendor. "The majority of series 7 devices exposed online are impacted by at least one vulnerability of high or critical severity," cybersecurity company Bishop Fox said. A total of 430,363 unique SonicOS/OSX instances have been found exposed on the internet.Industrial Systems Targeted in New Malware Attacks Siemens engineering workstations (EWS) have been targeted by a malware called Chaya_003 that's capable of terminating the Siemens TIA portal process, alongside those related to Microsoft Office applications, Google Chrome, and Mozilla Firefox. The malware, once installed, establishes connections with a Discord webhook to fetch instructions for carrying out system reconnaissance and process disruption. Forescout said it also identified two incidents in which Mitsubishi EWSs were infected with the Ramnit worm. It's currently not clear if the attackers directly targeted the operational technology (OT) systems or if it was propagated via some other means, such as phishing or compromised USB drives. OT networks have also been increasingly the target of ransomware attacks, with 552 incidents reported in Q3 2024, up from 312 in Q2 2024, per Dragos. No less than 23 new ransomware groups have targeted industrial organizations during the time period. Some of the most impacted verticals included manufacturing, industrial control systems (ICS) equipment and engineering, transportation, communications, oil and gas, electric, and government.Cracked Version of Acunetix Scanner Linked to Turkish IT Firm Threat actors are selling thousands of credential sets stolen using Araneida, a cracked version of the Acunetix web app vulnerability scanner. According to Krebs on Security and Silent Push, Araneida is believed to be sold as a cloud-based attack tool to other criminal actors. Further analysis of the digital trail left by the threat actors has traced them to an Ankara-based software developer named Altu ara, who has worked for a Turkish IT company called Bilitro Yazilim. Expert WebinarPreparing for the Next Wave of Ransomware in 2025 Ransomware is getting smarter, using encryption to hide and strike when you least expect it. Are you prepared for what's coming next? Join Emily Laufer and Zscaler ThreatLabz to explore the latest ransomware trends, how attackers use encrypted channels to stay hidden, and smart strategies to stop them. Learn how to protect your organization before it's too latesecure your spot today!The Enterprise Guide to Certificate Automation and Beyond Join our live demo to see how DigiCert ONE simplifies trust across users, devices, and software. Discover how to centralize certificate management, automate operations, and meet compliance demands while reducing complexity and risk. Whether for IT, IoT, or DevOps, learn how to future-proof your digital trust strategy. Don't miss outregister now! Cybersecurity ToolsAttackGen It is an open-source tool that helps organizations prepare for cyber threats. It uses advanced AI models and the MITRE ATT&CK framework to create incident response scenarios tailored to your organization's size, industry, and selected threat actors. With features like quick templates for common attacks and a built-in assistant for refining scenarios, AttackGen makes planning for cyber incidents easy and effective. It supports both enterprise and industrial systems, helping teams stay ready for real-world threats.Brainstorm It is a tool that makes web fuzzing more effective by using local AI models alongside ffuf. It analyzes links from a target website and generates smart guesses for hidden files, directories, and API endpoints. By learning from each discovery, it reduces the number of requests needed while finding more endpoints compared to traditional wordlists. This tool is perfect for optimizing fuzzing tasks, saving time, and avoiding detection. It's easy to set up, works with local LLMs like Ollama, and adapts to your target. GPOHunter - This tool helps identify and fix security flaws in Active Directory Group Policy Objects (GPOs). It detects issues like clear text passwords, weak authentication settings, and vulnerable GPP passwords, providing detailed reports in multiple formats. Easy to use and highly effective, GPOHunter simplifies securing your GPOs and strengthening your environment. Tip of the WeekDon't Let Hackers Peek into Your Cloud Cloud storage makes life easier, but it can also expose your data if not secured properly. Many people don't realize that misconfigured settings, like public folders or weak permissions, can let anyone access their files. This is how major data leaks happenand it's preventable.Start by auditing your cloud. Tools like ScoutSuite can scan for vulnerabilities, such as files open to the public or missing encryption. Next, control access by only allowing those who need it. A tool like Cloud Custodian can automate these policies to block unauthorized access.Finally, always encrypt your data before uploading it. Tools like rclone make it simple to lock your files with a key only you can access. With these steps, your cloud will stay safe, and your data will remain yours.ConclusionThe holidays are a time for celebration, but they're also peak season for cyber risks. Cybercriminals are more active than ever, targeting online shoppers, gift exchanges, and even festive email greetings. Here's how you can enjoy a secure and worry-free holiday: Wrap Your Digital Gifts with Security: If you're gifting smart gadgets, set them up with strong passwords and enable updates before wrapping them. This ensures your loved ones start safe from day one. Track Packages, Not Scammers: Be wary of fake delivery notifications. Use official apps or tracking links from trusted retailers to follow your shipments. Make Your Accounts Jolly Secure: Use a password manager to update weak passwords across your accounts. A few minutes now can save hours of frustration later. Game On, Safely: If new gaming consoles or subscriptions are on your list, make sure to activate parental controls and use unique account details. Gaming scams spike during the holidays.As we head into the New Year, let's make cybersecurity a priority for ourselves and our families. After all, staying safe online is the gift that keeps on giving.Happy Holidays, and here's to a secure and joyful season! Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Do retailers still face high levels of cyber risk in a world fraught with ransomware attacks year-round?

This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. Will we ever trust robots? The world might seem to be on the brink of a humanoid-robot heyday. New breakthroughs in artificial intelligence promise the type of capable, general-purpose robots previously seen only in science fictionrobots that can do things like assemble cars, care for patients, or tidy our homes, all without being given specialized instructions. Its an idea that has attracted an enormous amount of attention, capital, and optimism. Yet recent progress has arguably been more about style than substance. Advancements in AI have undoubtedly made robots easier to train, but they have yet to enable them to truly sense their surroundings, think of what to do next, and carry out those decisions in the way some viral videos might imply.But on the road to helping humanoid robots win our trust, one question looms larger than any other: How much will they be able to do on his own? And how much will they still rely on humans? Read the full story.James ODonnell This story is from the forthcoming magazine edition of MIT Technology Review, set to go live on January 6its all about the exciting breakthroughs happening in the world right now. If you dont already, subscribe to receive future copies. If youre interested in the future of robots, why not check out: + A skeptics guide to humanoid-robot videos. The right video can land a startup millions in investment and a devoted public following. But what do these videos really show? + Is robotics about to have its own ChatGPT moment? Read the full story.+ To be more useful, robots need to become lazier. Smarter data processing could make machines more helpful and energy-efficient in the real world. A good way to test this principle is robot soccer.The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 Anduril is in talks to join forces with OpenAI and SpaceX The proposed consortium will bid for US government defense contracts in an attempt to disrupt the stranglehold of traditional suppliers. (FT $)+ Elon Musks DOGE project could encourage similar partnerships. (Reuters)+ We saw a demo of the new AI system powering Andurils vision for war. (MIT Technology Review)2 Robotaxi passengers are targets of a new kind of harassment Riders feeling unsafe are left without a human driver to intervene. (WP $)+ Whats next for robotaxis. (MIT Technology Review)3 This covid season is the most unpredictable yetDeaths are down. But that doesnt mean we should fully relax. (The Atlantic $)4 WhatsApp has won its legal case against NSO Group The messaging app claims its spyware exploited a bug to surveil users. (Reuters)+ The case has been five years in the making. (WP $)+ NSO Group argued it wasnt liable as its software was used to investigate crimes. (The Verge)5 Why Elon Musk is turning his attention to right-wing UK politics Hes looking beyond the White House to the more extreme end of British mainstream political parties. (The Guardian)+ How seriously should we take Elon Musk? (New Yorker $)+ Donald Trump reminded activists that hes President-elect, not Musk. (NBC News)+ But how useful Musk will continue to be for Trump remains to be seen. (The Atlantic $)6 YouTube is finally cracking down on egregious clickbaitThe platform has long rewarded the creators behind misleading videos. (NY Mag $) + Hated that video? YouTubes algorithm might push you another just like it. (MIT Technology Review)7 What happens when AI collides with crypto In the wake of the NFT boom, something even scammier is stirring. (The Information $)+ What happens to bitcoin now that skeptics have become believers? (The Atlantic $)+ Its still not clear how AI will affect the economy. (Bloomberg $)+ How to fine-tune AI for prosperity. (MIT Technology Review)8 Beware of AI scams over the holidaysFrom fraudulent text messages to sneakily targeted ads. (WSJ $) + Five ways criminals are using AI. (MIT Technology Review)9 The highs and lows of 2024s viral moments I wont be holding space for them. (The Guardian) 10 NASAs fastest probe is heading for the suns atmosphere Itll endure temperatures of over 2,500 degrees Fahrenheit on Christmas Eve. (Wired $)+ Itll be the closest any probe has ever come to the sun. (Engadget)Quote of the day "I don't hate these people. I just hate being in their stupid group." Jess, a participant in a group chat for aspiring musicians, tells Insider why leaving the group before the new year is a top priority. The big story How Indian health-care workers use WhatsApp to save pregnant women February 2023 Across India, an all-women cadre of 1 million community health-care workers are responsible for making public health care accessible to people from remote areas and marginalized communities. These workers counsel pregnant women and ensure they receive proper science-backed health care. Many are turning to WhatsApp as a means to combat the medical misinformation that is rampant across the country and to navigate sensitive medical situations, particularly regarding pregnancy. Their approach has surprisingly good results. Read the full story. Sanket Jain We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or tweet 'em at me.) + Back in 2009, Rage Against the Machine reached Christmas number one in the UK music charts. Heres what happened when they were asked to censor their lyrics live on the BBC.+ Ever wished more films were like Home Alone? Youre in luck.+ How to make the perfect latke.+ No one has ever seen a flying reindeer. But that doesnt mean its a theoretical impossibility.

A multidisciplinary team, including McGregor Coxall, Haworth Tompkins, Studio Egret West, dRMM, Buro Happold, and Metropolitan Workshop, is working on plans to transform the former GSK headquarters in Brentford into a mixed-use neighbourhoodSource: Google Street ViewThe former GSK site in BrentfordA high-profile team of architects, landscape designers, and consultants has been appointed to progress a masterplan for the redevelopment of the former GSK headquarters at 980 Great West Road, Brentford.Led by client, Hadley Property Group, the project team includes landscape architects McGregor Coxall, whose work will focus on climate-resilient public spaces, and plot architects Haworth Tompkins, Studio Egret West, dRMM, and Metropolitan Workshop. Buro Happold and other consultants are contributing to the schemes engineering and planning strategies.This follows Hadleys recent completion of the purchase of the 13-acre site, which GSK vacated earlier this year to relocate to central London. The pharmaceutical company had marketed the site after over 20 years of occupation.The redevelopment seeks to establish a mixed-use neighbourhood including residential, alongside commercial, community, educational, and third-sector spaces.The plans aim to improve connections between Brentford town centre and areas north of the Great West Road, introducing pedestrian- and cycle-friendly routes and enhancing access to the nearby park and river.Initial co-design sessions with the local community have taken place, and public consultations are now underway. A planning application is expected to be submitted in 2025.Andy Portlock, CEO of Hadley Property Group, said: For many years, the site has been a key marker for those travelling in and out of West London, yet it hasnt connected with the local community. Reimagining it is a responsibility we take very seriously. We are committed to delivering on our sustainability pledges and our vision to deliver genuine community-led regeneration across London.The acquisition of the site was funded by Peterson Group and BGO, with advisory from Pennyhill Capital.

Login or SUBSCRIBE to view this storyExisting subscriber? LOGINA subscription to Building Design will provide:Unlimited architecture news from around the UKReviews of the latest buildings from all corners of the worldFull access to all our online archivesPLUS you will receive a digital copy of WA100 worth over 45.Subscribe now for unlimited access.Subscribe todayAlternatively REGISTER for free access on selected stories and sign up for email alerts

After back-to-back delays, the IRS will move forward with a new tax-reporting rule for freelancers who are paid through third-party apps. If you made $5,000 or more throughPayPal, Venmo, Cash App or a similar platform, the IRS will now require these companies to issuetax form 1099-Kdetailing your earnings.This isn't a new tax rule; it's a taxreportingchange. If youearn freelance or self-employment income, you should already be reporting and paying taxes on your total earnings, even if you don't receive a 1099. The IRS is simply switching the reporting requirement to payment apps so it can keep tabs on transactions that might otherwise go unreported. This story is part of Taxes 2025, CNET's coverage of the best tax software, tax tips and everything else you need to file your return and track your refund. "The taxation and tax treatment requirements for taxpayers has not changed," said Mark Steber, chief tax information officer for Jackson Hewitt. "This taxable income has always been considered by the IRS to be taxable and should be reported on a tax return." CNETThe IRS will only require third-party apps to report income earned the tax agency isn't interested in the money you've sent to your family or friends to pay rent or split a dinner bill.If you earned $5,000 or more through third-party payment apps this year, you should receive a 1099-K to use to report your income when youfile your tax returnin 2025. Here's everything you need to know about this reporting change.What is a 1099-K?A 1099-K is a tax form that reports income received via a third-party payment platform from a non-permanent job, such as a side hustle, freelance agreement or contractor position where taxes are not withheld.The IRS currently requires anythird-party payment apps like Cash App and Venmo to send a 1099-K to the IRS and individuals if they earned more than $20,000 in commercial payments across more than 200 transactions. If you regularly make over $20,000 in freelance income, are paid through Venmo, and receive more than 200 transactions in payments, you may have received a 1099-K tax form before.What is the IRS's new 1099-K rule?Under new reporting requirements first announced in the American Rescue Plan, third-party payment apps will eventually be required to report earnings over $600 to the IRS."Prior to 2024, the earnings threshold was $20,000 and 200 transactions to receive a 1099-K tax document," said Steber.For your 2024 taxes (which you'll file in 2025), the IRS is planning a phased rollout, requiring payment apps to report freelancer and business ownerearnings over $5,000 instead of $600. The hope is that raising the threshold will reduce the risk of inaccuracies while also giving the agency and payment apps more time to work toward the eventual $600 minimum.Why was the third-party payment app tax rule delayed?Originally set to kick off at the beginning of 2022, the IRS planned to implement a new reporting rule that would require third-party payment apps, likePayPal, Venmo or Cash App to report income of over $600 or more per yearto the tax agency. The IRS has delayed this new reporting requirement in 2022 and again in 2023.Why? Distinguishing between taxable and nontaxable transactions through third-party apps isn't always easy. For example, money your roommate sends you through Venmo for dinner is not taxable, but money received for a graphic design project might be. The delayed rollout gave payment platforms more time to prepare."We spent many months gathering feedback from third-party groups and others, and it became increasingly clear we need additional time to effectively implement the new reporting requirements," said IRS Commissioner Danny Werfel in aNovember 2023 statement.Which payment apps are required to send 1099-Ks?All third-partypayment apps where freelancers and business owners receive income are required to begin reporting transactions involving you to the IRS in 2024. Some popular payment apps include PayPal, Venmo and Cash App. Other platforms freelancers may use, such as Fivver or Upwork, are also on the hook to begin reporting payments that freelancers receive throughout the year.If you earn income through payment apps, it's a good idea to set up separate PayPal, Cash App or Venmo accounts for your professional transactions. This could prevent nontaxable charges -- money sent from family or friends -- from being included on your 1099-K in error.Zelle users will not receive a 1099-KThere's one popular payment app that's exempt from the 1099-K rule. Payment transfer service Zelle will not be issuing 1099-Ks, regardless of whether you receive business funds through the service or not. That's because Zelle doesn't hold your funds in an account, like PayPal, Venmo or Cash App do, and instead is used as a way to transfer money between bank accounts. If you are paid for your freelance or small business services through Zelle, it's your responsibility to report all income on Schedule C of your tax return.Is the IRS taxing money you send to family or friends?No. Rumors have circulated that the IRS was cracking down on money sent to family and friends through third-party payment apps, but that isn't true. Personal transactions involving gifts, favors or reimbursements are not considered taxable. Some examples of nontaxable transactions include:Money received from a family member as a holiday or birthday giftMoney received from a friend covering their portion of a restaurant billMoney received from your roommate or partner for their share of the rent and utilitiesPayments that will be reported on a 1099-K must be flagged as payments for goods or services from the vendor. When you select "sending money to family or friends," it won't appear on your tax form. In other words, that money from your roommate for her half of the restaurant bill is safe."This is only for self-employment income," said Steber. "You should not receive a 1099-K for personal transactions but be aware that some platforms could accidentally include personal transactions in the 1099-K and that will need to be corrected on the users tax return."Will you owe taxes if you sell items on Facebook Marketplace or Poshmark?If you sell personal items for less than you paid for them and collect the money via third-party payment apps, these changes won't affect you. For example, if you buy a couch for your home for $500 and later sell it on Facebook Marketplace for $200, you won't owe taxes on the sale because it's a personal item you've sold at a loss. You may be required to show documentation of the original purchase to prove that you sold the item at a loss.If you have a side hustle where you buy items and resell them for a profit via PayPal oranother digital payment app, then earnings over $5,000 will be considered taxable and reported to the IRS in 2024.Make sure to keep a good record of your purchases and online transactions to avoid paying taxes on any nontaxable income -- and when in doubt, contact a tax professional for help.What should you do to prepare for this reporting change?Any payment apps you use may ask you to confirm your tax information, such as your employer identification number, individual tax identification number or Social Security number. If you own a business, you most likely have an EIN, but if you're a sole proprietor, individual freelancer or gig worker, you'll provide an ITIN or SSN.In some cases,receiving a 1099-K may take some of the manual work out of filing your self-employment taxes.Once this rule takes effect, you may still receive individual 1099-NEC forms if you were paid through direct deposit, check or cash. If you have multiple clients who pay you through PayPal, Venmo, Upwork or other third-party payment appsand you earn more than $5,000, you'll receive one 1099-K instead of multiple 1099-NECs.To avoid any reporting confusion, make sure you're tracking your earnings manually or with accounting software such as Quickbooks.More money advice

Our Experts Written by Moe Long Attila Tomaschek Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement Why You Can Trust CNET 1600170018001900200021002200230024002500 Speed Tests 11121314151617181920 Eval. Points 01020304050607080910 VPNs Tested How we test We intensively test each VPN, making sure it meets our standards for privacy, speed and usability. What to look for in a VPN for Windows Internet speed loss All VPNs slow down your internet somewhat based on encrypting your data first by sending it through secure servers. The fastest VPNs only slow your internet download speed down by a maximum of 25% or less, which should be unnoticeable on a reliable connection. Privacy Look for AES-256-bit encryption with OpenVPN and IKEv2, or ChaCha20 over WireGuard. We also recommend a kill switch, DNS leak protection and a strict no-logs policy that's been audited by a reputable third party. Folks with critical privacy needs should consider a VPN provider that publishes regular transparency reports and has jurisdiction outside of the Five, Nine or 14 Eyes intelligence-sharing alliances. Server network Think about the total number of servers and the individual countries in which a VPN provider maintains a presence. At the high end, frequent international travelers and folks who want to unblock tons of foreign Netflix libraries should look for thousands of servers spread across around 100 or more countries. Around 60-plus countries should suffice for many people. Device support Most VPN providers offer Windows apps. Additionally, you'll typically find MacOS, Linux, Android, Android TV, iPhone, iPad and Fire TV apps. Many VPN providers support routers and browser plugins, and a growing number also include Apple TV apps. Streaming capabilities Because of their ability to make it look like you're in another city, state or even country, VPNs can be helpful for streaming region-restricted content like foreign Netflix libraries. Think about the streaming services you want to watch and make sure your VPN provider unblocks those in the countries you need it to. Cost Most VPN providers let you sign up for a monthly, bi-annual, annual or multi-year subscription. Expect to pay anywhere from $5 to $15 per month, $40 to $100 per year or $60-plus for a two-or-more year package. A two+ year plan usually scores you the most savings, but we recommend sticking to an annual plan for the best savings with the lowest risk. Table of Contents

We all know someone who constantly misplaces things, and sometimes we're even that person. But whether you're buying for yourself or someone else this holiday season, Apple's sleek AirTags are among the most versatileoptions we've found. Right now, AirTags are on sale for the holidays and yes, you can still get them delivered in time to gift them to someone else for the big day (so long as you're an Amazon Prime subscriber). Amazon is now offering Apple's four-packon sale for just $70, a $29 discount and the lowest price we've ever seen. It means you'll pay a little less than $18 for each one.See at AmazonLooking to grab an extra AirTag or try one out to see if it's right for you? You can get a single tracker for just $24 atWalmart.AirTags are some of our favorite Bluetooth trackers. They work seamlessly with your iPhone and the Find My app with a simple one-tap pairing process. You can then throw a tracker in a pocket or luggage as-is or grab anAirTag accessoryto clip it to your keys, hook it onto a bag or pet collar, stick it to your bike or attach it to anything else you want to keep track of.Hey, did you know?CNET Deals texts are free, easy and save you money. Once set up, the AirTags will appear in the Find My app and display your items on a map so you can easily find them. If an item is in your vicinity, you can play a sound from the AirTag's tiny speaker with the Find My app and use the Precision Finding feature to be guided to your lost possession. This is handy if you're looking for your keys or wallet around the house. If you happen to lose an item outside your house, you can put your AirTag in Lost Mode, which enables notifications for when the AirTag is detected on the Find My network and allows you to add a message, including your phone number or email address.Each AirTag is powered by a CR2032 coin battery, four of which are included with your purchase. The batteries last around a year before you need to replace them. AirTags are IP67 rated, making them water- and dust-resistant, so you don't have to worry about them getting damaged if they're exposed to the elements. Best last-minute gifts, according to CNET readers Based on their popularity, here are the holiday deals that you should be considering: Apple AirPods Pro 2: $190 (save $59)Roku Express 4K Plus: $24 (save $16)Govee smart LED light bars: $41 (save $19)Levoit LVAC-200 cordless vacuum cleaner: $160 (save $40)Anker Soundcore Boom 2 Bluetooth speaker: $100 (save $30)Apple AirTag (4-pack): $70 (save $29)Baseus 65-watt USB-C charger: $14 (save $26) Why this deal mattersAirTags are an efficient, simple way to keep track of your belongings, whether you're about to travel or you know someone who constantly loses their wallet or keys. At $70 for a pack of four, this is the lowest price we've seen for these Apple AirTags, so if you've been looking for a meaningful holiday gift or a reason to splurge on a Bluetooth tracker, now's the time.Will this item arrive in time for Christmas?If you're ordering this as a holiday gift, you probably want to know if it's going to arrive on time. With Christmas and Hanukkah both taking place on Dec. 25 this year, and Kwanzaa kicking off the day after, it's important to note shipping deadlines for USPS, FedEx, UPS, Amazon and others.Guaranteed shipping deadlines at some of these delivery companies arrived as soon as Dec. 16, with others offering expedited services that may allow you to order as late as Dec. 23 or even Dec. 24. Where delivery is no longer possible, be sure to assess your in-store pickup options or check out these great digital deals for the holidays.These AirTags will arrive before Christmas, according to the shipping timeframes given on Amazon's product page for Amazon Prime subscribers. If you don't have Prime, you're looking at free delivery a few days after Christmas. These Impulse Buys Under $25 Actually Make Great Gifts See all photos

December 23, 20244 min readUntangling Why Red Wine Causes HeadachesOpt for lighter, cheaper wine to dodge headaches this holiday seasonSome people get headaches after drinking red wine. Hongjie Han/Getty ImagesThe following essay is reprinted with permission from The Conversation, an online publication covering the latest research.Medical accounts of red wine headaches go back to Roman times, but the experience is likely as old as winemaking something like 10,000 years. As chemistsspecializing in winemaking, we wanted to try to figure out the source of these headaches.Many components of red wine have been accused of causing this misery sulfites, biogenic amines and tannin are the most popular. Our research suggests the most likely culprit is one you may not have considered.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.The common suspectsSulfites have been a popular scapegoat for all sorts of ailments since it became mandatory in the 1990s to label them on wines in the U.S. However, not much evidence links sulfites directly to headaches, and other foods contain comparable levels to wine without the same effects. White wines also contain the same amount of sulfites as red wines.Your body also produces about 700 milligrams of sulfites daily as you metabolize the protein in your food and excrete it as sulfate. To do so, it has compounds called sulfite oxidases that create sulfate from sulfite the 20 milligrams in a glass of wine are unlikely to overwhelm your sulfite oxidases.Some people point the finger for red wine headaches at biogenic amines. These are nitrogenous substances found in many fermented or spoiled foods, and can cause headaches, but the amount in wine is far too low to be a problem.Tannin is a good guess, since white wines contain only tiny amounts, while red wines contain substantial amounts. Tannin is a type of phenolic compound its found in all plants and usually plays a role in preventing disease, resisting predation or encouraging seed dispersal by animals.But there are many other phenolic compoundsin grapes skin and seeds besides tannin that make it into red wines from the winemaking process, and are not present in white, so any of them could be a candidate culprit.Tannin is also found in many other common products, such as tea and chocolate, which generally dont cause headaches. And phenolics are good antioxidants theyre unlikely to trigger the inflammation that would cause a headache.A red wine flushSome people get red, flushed skin when drinking alcohol, and the flushing is accompanied by a headache. This headache is caused by a lagging metabolic step as the body breaks down the booze.The metabolism of alcohol happens in two steps. First, ethanol is converted to acetaldehyde. Then, the enzyme ALDH converts the acetaldehyde to acetate, a common and innocuous substance. This second step is slower for people who get flushed skin, since their ALDH is not very efficient. They accumulate acetaldehyde, which is a somewhat toxic compound also linked to hangovers.So, if something unique in red wine could inhibit ALDH, slowing down that second metabolic step, would that lead to higher levels of acetaldehyde and a headache? To try to answer this question, we scanned the list of phenolics abundant in red wine.We spied a paper showing that quercetin is a good inhibitor of ALDH. Quercetin is a phenolic compound found in the skins of grapes, so its much more abundant in red than white wines because red grape skins are left in longer during the fermentation process than white grape skins.Putting enzymes to the testTesting ALDH was the next step. We set up an inhibition assay in test tubes. In the assay, we measured how fast the enzyme ALDH breaks down acetaldehyde. Then, we added the suspected inhibitors quercetin, as well as some other phenolics we wanted to test to see whether they slowed the process.These tests confirmed that quercetin was a good inhibitor. Some other phenolics had varying effects, but quercetin glucuronide was the winner. When your body absorbs quercetin from food or wine, most is converted to glucuronide by the liver in order to quickly eliminate it from the body.Our enzyme tests suggest that quercetin glucuronide disrupts your bodys metabolism of alcohol. This disruption means extra acetaldehyde circulates, causing inflammation and headaches. This discovery points to whats known as a secondary, or synergistic, effect.These secondary effects are much harder to identify because two factors must both be in play for the outcome to arise. In this case, other foods that contain quercetin are not associated with headaches, so you might not initially consider quercetin as the cause of the red wine problem.The next step could be to give human subjects two red wines that are low and high in quercetin and ask whether either wine causes a headache. If the high-quercetin wine induces more headaches, wed know were on the right track.So, if quercetin causes headaches, are there red wines without it? Unfortunately, the data available on specific wines is far too limited to provide any helpful advice. However, grapes exposed to the Sun do produce more quercetin, and many inexpensive red wines are made from grapes that see less sunlight.If youre willing to take a chance, look for an inexpensive, lighter red wine.This article was originally published on The Conversation. Read the original article.

December 22, 20247 min readNASAs Parker Solar Probe Preps for Record-Breaking Christmas Eve FlybyThe Parker Solar Probe will swoop just 6.1 million kilometers above the suns surface on Christmas Eve. Scientists are thrilled at what we might learnBy Jonathan O'Callaghan edited by Lee BillingsA solar prominence begins to break apart as it towers over the surface of the sun. Solar Dynamics Observatory/NASAThere are some places in the solar system no human will ever go. The surface of Venus, with its thick atmosphere and crushing pressure, is all but inaccessible. The outer worlds, such as Pluto, are too remote to presently consider for anything but robotic exploration. And the sun, our bright burning ball of hydrogen and helium, is far too hot and tumultuous for astronauts to closely approach. In our place, one intrepid robotic explorer, the Parker Solar Probe, has been performing a series of dramatic swoops toward our star, reaching closer than any spacecraft before to unlock its secrets. Now it is about to perform its final, closest passes, skimming inside the solar atmosphere like never before.Its a big moment, says Yanping Guo, a space mission designer at the Johns Hopkins University Applied Physics Laboratory (JHUAPL) in Maryland. Across 60 years of space exploration, the sun has been the most difficult destination to reach.On Christmas Eve, December 24, Parker will fly just 6.1 million kilometers above the surface of the sun, or 9.86 solar radii from the suns center, ten times closer than Mercury orbits the star and the first of three of these extremely close flybys. It will do so at an astonishing speed of 690,000 km per hour, faster than any spacecraft in history (albeit still reaching just 0.064 percent of the speed of light). During its flyby, Parker will be moving fast enough to travel from London to Paris in less than two seconds; its speed will be so great that relativistic effects such as time dilation and frame dragging may register on the spacecrafts instruments.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.The spacecraft will fly through the suns atmosphere, its corona, where some of the biggest questions about our star remain, including why the corona is so much hotter than the solar surface, and how the solar wind is accelerated. While other spacecraft have studied the sun before, only Parker has come so close. There is no precedent, says Thomas Zurbuchen, former associate administrator for the Science Mission Directorate at NASA. It is truly an exploratory mission.It was Zurbuchen who gave the spacecraft its name, after the late U.S. solar physicist Eugene Parker, who in the 1950s predicted the solar winds existence. The mission launched in 2018, the culmination of decades of study on how to touch the sun. Getting close to our star is surprisingly difficult, because to fall toward it you need to kill off the orbital speed of Earth, says Ralph McNutt, chief scientist in the space department at JHUAPL. Scientists had long thought the best way to do that was to fly out to Jupiter, and then use the gas giants gravitational pull to dive in toward the sun. Such a mission would get you very close, just four solar radii away, but at the expense of being extremely difficult and time-consuming, giving you maybe just one or two close passes of the sun with an orbital period of nearly five years.In 2007 Guo proposed instead that multiple flybys of Venus could be used to bring a spacecraft into similar if slightly more remote proximity, but with the added benefit of dozens of passes over several years with an orbital period of just under three months. The requirement was to be close enough to take samples inside the solar corona, Guo says. I found you could use seven Venus flybys. The last of those flybys occurred on November 6, with the spacecraft swooping 387 km above the surface of Venus. Since then, it has been on its trajectory that will take it closer to the sun than any of its previous 21 passes over the last six years; its last solar flyby in September was about a million km, or 10.4 solar radii, farther out.Parker carries four instruments to study the sun. This includes a camera to image our star and its surroundings, a tool that measures electric and magnetic fields and two others to investigate the solar particles and plasma showering the spacecraft. Over the course of the mission so far, Parker has helped to discover that magnetic fields on the suns surface might drive heat into the corona and has found more particles coming from the sun than expected. Such results come in large part from Parkers successful piercing of and passage through the suns corona, which first occurred in April 2021.These latest flybys will bring the spacecraft deeper within the corona, although short of a supersonic threshold in the vicinity of four solar radii, where the solar wind is thought to reach the speed of sound. Even from Parkers comparatively remote view about 10 solar radii out, scientists are hoping to learn more about the solar wind, specifically what causes the difference between its fast (up to 800 km per second) and slow (down to 300 km per second) varieties. We think fast wind comes from coronal holes, and slow wind might come from the boundaries of these holes, says Steph Yardley, a solar scientist at Northumbria University in England. But its something were still debating. This process can also tell us more about how space weather is produced on Earth as the solar wind travels to our planet. The closer we get into that source region of particles that creates space weather, the more we learn, says Joseph Westlake, director of the heliophysics division in the Science Mission Directorate at NASA headquarters in Washington, D.C.There is also hope that Parker will fly past the sun during an eruption. The sun is right now in its so-called solar maximum, a period of peak tumult in our stars 11-year activity cycle. This boosts chances for fortuitously timed eruptions bathing the spacecraft, something that has happened on at least one previous occasion. Were hoping we will gather more of these events very close to the sun, says Nour Rawafi, an astrophysicist and project scientist for Parker at JHUAPL, because we need to understand how events like flares and coronal mass ejections accelerate particles to relativistic speeds. Parker may also encounter a dust-free zone, a hypothesized region close to the sun where debris drifting inward from around the solar system is vaporized, says John Wirzburger, systems engineer for Parker at JHUAPL. Weve been seeing inklings of that as weve been getting closer and closer.The action this time around begins on December 20, when the spacecraft reaches 0.25 times the Earth-sun distance, about 37 million km or 53 solar radii from the sun. Here, in preparation for its plunge, the spacecraft will first send a short beacon tone to Earth, confirming its good health. To survive the close passage and the intense conditions that follow, Parker must hide most of its hardware behind a carbon-composite heat shield. This heat shield is so effective that, despite temperatures reaching about 1,000 degrees Celsius, the spacecrafts instruments behind it remain at basically room temperature, Wirzburger says.The positioning of the spacecraft and its heat shield, and the desire to maximize data returns, means the spacecraft cant communicate with Earth during this pass. It flies entirely autonomously, changing its position ever so slightly to track the motion of the sun, keeping the heat shield precisely pointed in the stars direction to produce a conelike shadow that entirely encompasses its precious instruments. The only other part of Parker that will see the sun during the flyby will be a tiny sliver of solar panels, tucked into the spacecrafts sides, to generate power from our stars immense radiance.The entire encounter with the sun will last about a week, with the spacecraft reaching its closest point on Christmas Eve at about 6:40 A.M. EST. Were you able to survive here and avoid instant blindness from the suns overwhelming light500 times more intense than seen from Earthour star would loom in your view as an immense disk 22 times larger than the full moon in our planets sky. It would fill a huge part of space in front of you, Rawafi says. Parkers camera, pointed to the side, will watch for tracks of particles flowing through the surrounding corona, while its other instruments gather their vital data. But what exactly theyll see is anyones guess. We dont really know, Zurbuchen says.The team wont know if the flyby has been successful until December 27, when the spacecraft reaches 35 solar radii on its way back out and beams another beacon tone back home to announce its survival. The team will then prepare to receive the spacecrafts invaluable data starting on New Years Day, which will trickle back in the coming weeks and months. In March, Parker will do it all again when it flies past the sun at close proximity once more, before another, final close pass in June. The gravitational pull of far-off Jupiter will make these two later flybys technically ever so slightly nearer to the sunabout 100 km closer each, a mere rounding error on the multimillion-kilometer distance between Parker and our star. Practically speaking, the Christmas Eve flyby will be as close to the sun as Parker ever gets.The conclusion of these close encounters will also bring the spacecrafts primary mission to an end, but it might then be extended. Parker could, for instance, be left in its current orbit to monitor the effects of the waning solar maximum. It would be amazing to watch this decline, Westlake says, because many large solar events are predicted to happen in this period. The spacecraft could also start moving into a more inclined orbit with its remaining fuel, kicking itself out of the ecliptic plane where most planets twirl to get a slightly different view of the sun and peer toward its polar regions, although at the considerable expense of flying slightly farther away. We want to stay very close to the sun, Rawafi says.Whatever becomes of the mission, the data Parker collects will be studied for years. This is the closest humanity has ever gotten to a star, Westlake saysa record unlikely to be beaten for the foreseeable future.