In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)a 75% increase from last yearand phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field. As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems.Here are the Cyber Threat All-Stars to watch out forthe MVPs, rising stars, and master strategists who shaped the game.1. ShinyHunters: The Most Valuable PlayerPlaystyle: Precision Shots (Cybercriminal Organization)Biggest Wins: Snowflake, Ticketmaster and AuthyNotable Drama: Exploited one misconfiguration to breach 165+ organizations.ShinyHunters swept into 2024 with a relentless spree of SaaS breaches, exposing sensitive data across platforms like Authy and Ticketmaster. Their campaign wasn't about exploiting a vendor vulnerabilitybut capitalizing on one misconfiguration overlooked by Snowflake customers. As a result, ShinyHunters could infiltrate, exfiltrate, and blackmail these snowflake users without enforcing MFA and properly securing their SaaS environments. Behind the Play: ShinyHunters operated like all-stars of the dark web, effortlessly taking advantage of SaaS misconfigurations. Their stolen data dumps weren't quiet affairsthey were daring theatrical releases featuring bidding wars and exclusive leaks. The Snowflake breach alone triggered widespread panic as credentials snowballed into widespread vulnerabilities across critical systems.SaaS Security Lessons: The Snowflake campaign exposed critical client-side security oversights, not vendor failures. Organizations failed to enforce MFA, rotate credentials regularly, and implement allow lists, leaving systems vulnerable to unauthorized access.2. ALPHV (BlackCat): The Master of DeceptionPlaystyle: Strategic Maneuvering (Ransomware-as-a-Service, RaaS)Biggest Wins: Change Healthcare, Prudential (Healthcare & Finance)Notable Drama: The $22M exit scam scandal with RansomHub.ALPHV, aka BlackCat, played one of the year's boldest moves in 2024. After extorting $22 million from Change Healthcare through compromised credentials, the group, in a very ballsy move, faked an FBI takedown on their leak site to mislead both authorities and affiliates. But the real drama began when RansomHub, an affiliate, publicly accused ALPHV of taking the ransom and leaving them empty-handed, even sharing a Bitcoin transaction as proof. Even with the betrayal, the affiliate published the stolen data, leaving Change Healthcare with the ransom paid and the data lost. Behind the Play: The fallout between ALPHV and RansomHub played out like a cybercrime soap opera, with conflicting stories and heated accusations across dark web forums. Despite the chaos, ALPHV's attacks on Prudential and others solidified their reputation as one of the year's most formidable ransomware players.SaaS Security Lessons: For prevention, track credential leaks with darknet monitoring and enforce Single Sign-On (SSO) to streamline authentication and reduce credential risks. For detection and response, follow authentication activities, detect compromised credentials early, and apply account suspension policies to prevent brute-force attacks.3. RansomHub: Rookie of the YearPlaystyle: Opportunistic Offense (Ransomware-as-a-Service, RaaS)Biggest Win: Frontier Communications (Telecom & Infrastructure)Notable Drama: Caught in the fallout of ALPHV's $22M scam.RansomHub rose from the ashes of Knight Ransomware in early 2024 as one of the most active ransomware actors. Known for their opportunistic tactics, they made headlines with their affiliation with ALPHV (BlackCat). Their role in the Change Healthcare breach impacted over 100 million U.S. citizens, highlighting their ability to exploit SaaS vulnerabilities, including misconfigurations, weak authentication, and third-party integrations, maximizing their reach and impact. Behind the Play: After being benched by ALPHV and losing their cut of the $22 million ransom from the Change Healthcare breach, RansomHub still held onto the stolen dataa powerful play that kept them in the game. Despite the betrayal, this rookie threat actor hit the court with renewed determination, scoring high-profile breaches throughout the year, including Frontier Communications. They are adamant about staying in the ransomware league, even after a rough first season.SaaS Security Lessons: Stay alert of phishing attempts that exploit stolen personal information to create more convincing attacks. Implement identity threat detection tools to monitor for signs of account takeovers and anomalies in user activities, enabling timely identification and response to potential breaches.4. LockBit: Clutch Player of the YearPlaystyle: Relentless Offense (Ransomware-as-a-Service, RaaS)Biggest Wins: Supply chain effect from Evolve Bank & Trust (Fintech)Notable Drama: FBI's Operation Cronos failed to shut them down entirely.LockBit dominates the ransomware court, relentlessly scoring breach after breach despite the ongoing efforts by the FBI and NCA to dismantle their infrastructure, kind of like Steph Curryconsistently performing well when there's a lot on the line. High-profile plays against Fintech companies, such as Evolve Bank & Trust, with the supply chain effecting more companies such as Affirm and Wise, solidified LockBit's status as the most consistent offensive player in the SaaS attack league. Behind the Play: Although Operation 'Cronos' disrupted their servers and seized critical infrastructure, the group bounced back with resolve, taunting authorities on their leak site with bold claims like, "You can't stop me." In December 2024, we saw updates on an earlier arrest of an alleged LockBit developer highlighting the ongoing nature of Operation 'Cronos', signaling that this global sting is far from over.SaaS Security Lessons: Prioritize third-party vendor risk assessments and maintain visibility into SaaS app connectivity to detect exploitation pathways early. Use activity monitoring tools with threat detection, UEBA (User and Entity Behavior Analytics), and anomaly detection to spot suspicious behavior in real time.5. Midnight Blizzard (APT29): The Silent OperatorPlaystyle: Defensive Infiltration (Advanced Persistent Threat, APT)Biggest Win: TeamViewer (Remote Access Tool)Notable Drama: A breach as a gateway for silent espionage.When it comes to state-sponsored espionage, Midnight Blizzardaka APT29plays like Kawhi Leonard running a flawless defensive play, quietly intercepting data and making strategic moves without drawing attention. This group, backed by Russian state resources, specializes in hacking critical systems, with TeamViewer standing out in 2024. This group isn't flashythey don't drop ransom notes or brag in dark web forums. Instead, they quietly exfiltrate sensitive data, leaving digital footprints so faint they're nearly impossible to trace. Unlike ransomware groups, state-sponsored actors like Midnight Blizzard focus on cyber espionage, working discreetly to gather intelligence without triggering any alarms. Behind the Play: Midnight Blizzard doesn't play for quick winsthey infiltrate, wait, and watch. Using state-level tactics, they remain hidden within networks for months, if not years, extracting valuable intelligence without raising any alarms. While the company ultimately contained the TeamViewer breach, the target's nature reveals Midnight Blizzard's intentfocusing on high-value organizations with extensive usage, aiming to exploit these footholds as launchpads for broader attacks on downstream targets.SaaS Security Lessons: Stay vigilant for breaches in critical SaaS applications, often targeted by nation-state actors. Perform regular configuration audits to reduce risks and ensure secure access controls such as multi-factor authentication (MFA). Proactive auditing helps minimize breach impact and limits exploitation pathways.The Sixth Man: The One to Watch and the Benched TalentHellcat (The Ones to Watch): A ransomware group that burst onto the scene in late 2024, scoring a confirmed hit on Schneider Electric. Their rapid emergence and initial success signal potential for a more aggressive playbook in 2025.Scattered Spider (Benched Talent): Once a major player in cybercrime, this hybrid social engineering group now sits on the bench following arrests and legal crackdowns. While their activity slowed, experts caution it's too early to count them out.Both groups are worth keeping an eye onone for its momentum, the other for its reputation and potential comeback story. Key Takeaways for 2025:Misconfigurations Remain a Prime Target: Threat actors continue to exploit overlooked SaaS misconfigurations, gaining access to critical systems and sensitive data. Regular audits, enforced MFA, and credential rotation are essential defenses.Identity Infrastructure Under Attack: Attackers leverage stolen credentials, API manipulations, and stealthy exfiltration to bypass defenses. Monitoring for leaked credentials, having strong MFA enforcement, anomaly detection, and identity monitoring are critical to preventing breaches.Shadow IT and Supply Chain as Entry Points: Unauthorized SaaS applications and app-to-app integrations create hidden vulnerabilities. Continuous monitoring, proactive oversight, and automated remediation are essential for reducing risk exposure.The foundation of a multi-layer SaaS security solution begins with automated continuous risk assessments and the integration of ongoing monitoring tools into your security management.This isn't their last dance. Security teams must stay informed, vigilant, and gear up for another year of defending against the world's most prolific threat actors.Don't wait for the next breach.Get your SaaS Security Risk Assessment today.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Jan 06, 2025Ravie LakshmananMalware / Mobile SecurityAn Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices."Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore a popular app store in the Russian Federation," Cyfirma said, describing it as a "sophisticated and multifaceted threat.""The malware employs a multi-stage infection process, starting with a dropper APK, and performs extensive surveillance activities once installed."The phishing site in question, rustore-apk.github[.]io, mimics RuStore, an app store launched by Russian tech giant VK in the country, and is designed to deliver a dropper APK file ("GetAppsRu.apk").Once installed, the dropper acts as a delivery vehicle for the main payload, which is responsible for exfiltrating sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint.The dropper app requests several permissions, including the ability to write to external storage and install, update, or delete arbitrary apps on infected Android devices running Android 8 and later."The ENFORCE_UPDATE_OWNERSHIP permission restricts app updates to the app's designated owner. The initial installer of an app can declare itself the 'update owner,' thereby controlling updates to the app," Cyfirma noted."This mechanism ensures that update attempts by other installers require user approval before proceeding. By designating itself as the update owner, a malicious app can prevent legitimate updates from other sources, thereby maintaining its persistence on the device."FireScam employs various obfuscation and anti-analysis techniques to evade detection. It also keeps tabs on incoming notifications, screen state changes, e-commerce transactions, clipboard content, and user activity to gather information of interest. Another notable function is its ability to download and process image data from a specified URL.The rogue Telegram Premium app, when launched, further seeks users' permission to access contact lists, call logs, and SMS messages, after which a login page for the legitimate Telegram website is displayed through a WebView to steal the credentials. The data gathering process is initiated regardless of whether the victim logs in or not.Lastly, it registers a service to receive Firebase Cloud Messaging (FCM) notifications, allowing it to receive remote commands and maintain covert access a sign of the malware's broad monitoring capabilities. The malware also simultaneously establishes a WebSocket connection with its command-and-control (C2) server for data exfiltration and follow-on activities.Cyfirma said the phishing domain also hosted another malicious artifact named CDEK, which is likely a reference to a Russia-based package and delivery tracking service. However, the cybersecurity company said it was unable to obtain the artifact at the time of analysis.It's currently not clear who the operators are, or how users are directed to these links, and if it involves SMS phishing or malvertising techniques."By mimicking legitimate platforms such as the RuStore app store, these malicious websites exploit user trust to deceive individuals into downloading and installing fake applications," Cyfirma said."FireScam carries out its malicious activities, including data exfiltration and surveillance, further demonstrating the effectiveness of phishing-based distribution methods in infecting devices and evading detection."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Ellipsis is a world-class SEO Content agency. SEO is winner-takes-all, and we make our clients the winners. We produce SEO Content that achieves top rankings for clients at scale.As one of our Content Writers, youll play an important role in ensuring we continue to produce great SEO Content for our clients thats delivered on time and gets results.Our current positioning is focused on the WordPress ecosystem and broader technology businesses we are already world-class, but our aim is to be the very best at SEO Content in the world.Ellipsis is a 100% remote team, and weve been fully remote since our first day 5 years ago. We lean into the best things about being remote: we balance collaboration, Deep Work, regular team retreats, and we put a lot of work into a supporting and inclusive culture where everyone can do the best work of their careers.Were distributed across the world, but our core collaboration hours are GMT/UTC-based. We often meet up with colleagues for team meetups and conferences.Our SEO Content work is branded as Content Growth, and clients engage us to produce a set number of posts each month on retainer based on an SEO Content strategy we formulate for them, which is focused on bringing them impressive results.With Content Growth, we take care of everything end-to-end, from high-level SEO strategy, keyword selection (which is powered by our proprietary FALCON AI), content briefs, content production, publication, promotion and link building, rank tracking, and troubleshooting SEO queries. Our Content team leads these projects and takes care of the content production, and our SEO team takes care of the SEO requirements.Ellipsis is growing quickly. We do outstanding work and are building something special. Its an exciting time to join us.How you'll workAs our new Content Writer, you'll work on creating content for Content Growth clients, developing outlines, editing and peer-reviewing articles, making SEO-based revisions to previous content, and occasionally uploading client-approved articles to their WordPress backend.The majority of our content work is about WordPress, WooCommerce, and other SaaS topics. You'll work across a range of clients, products, and industries to write world-class content. You will be joining a small but growing team of six writers who work alongside our team of Content Managers, Graphic Designer, and will report to our Senior Content Writer.Youll create engaging content that supports our clients conversion goals. Most of our content is SEO-driven. Well provide you with SEO-focused keywords, and need you to turn them into outstanding blog content.We believe technology can help us create better work and better outcomes for our clients. Weve used AI in our content process since our inception in 2018. We continue to use AI, including GPT-4 and Claude, in our content process.But in a world where anyone can generate outputs with AI-writing tools, we see an opportunity to build on this and create significantly better content than the competition.Concretely, this means youll be working with AI to make the basics easier for you, and youll take this base and use your expertise and experience to elevate the content to a consistently high standard. You will need to feel comfortable working with AI as a tool in the writing process, but you will still be given the opportunity to flex your creativity and writing skills throughout.As a 100% remote team, we carefully balance collaboration with an environment that enables everyone to do their best work. Youll communicate with the team through Basecamp, our project management software, and Google Meet. We're located in Europe and require 2 hours of overlap with GMT each day.You'll be a part of our content team, who will provide you with editorial support and training. Youll then have deep work time to create outlines and articles, to deliver either to Google Docs or straight onto our clients' WordPress. Published posts will be either bylined or ghostwritten on behalf of the client.Youll have opportunities to be involved across the content process, but your primary work will be writing outlines and articles, and youll need to be happy writing content at a volume of ~five posts per week.The content we produce is typically a mix of:WordPress and WooCommerce plugin tutorials (developer or non-developer level)Editorial content and/or case studiesListicles such as top 10 WordPress plugin listsSEO-focused edits to existing contentRequirementsRequirements: hard skills2-4 years writing and editing experience, either on a team or freelanceExcellent writing, grammar, and attention to detailAbility to take SaaS topics and turn them into compelling, user-friendly contentWorking SEO knowledgeKnowledge of WordPress and WooCommerceRequirements: soft skillsProven organisational skills: You must be obsessive with deadlines, managing and updating tasks, and totally reliableFantastic communication skills: Remote work relies on mutual trust, so frequent and clear written communication is essentialReceptive to feedback and solutions-oriented: We share and learn from each other honestly, openly, and easily.High level of self-awareness, a people person: Youll be dealing with members of the team on a daily basis, so this is an integral part of the roleSelf-driven work ethic: You need to be self-motivated, comfortable taking the initiative, and see projects through to completionBenefitsCompensation and benefits:This is a full-time, 100% remote role. Youll be a full team member, and involved in our team projects, work, and meetupsCompetitive salary with pension benchmarked to UK rates and based on experience.28-30k/year salary, depending on experience28 days of paid holidayAn additional 1 paid holiday day a year with each year of tenure, up to a maximum of 5 additional days4-day work week, once a monthGenuinely flexible workingRegular team retreats (~1 per year); last was Edinburgh, previously in Oxford, Madrid, and Budapest; next is in March 2025Time and budget for learning and developmentYoull work for a sustainable, ethical company: we are aiming to become a B Corp by the end of 2025Application processIts important we find the best candidate for this position, and our selection process will reflect this. Youll be required to attend at least three interviews (by video call) and carry out a (paid) freelance project with us before we make an employment offer.Were fortunate to receive a large volume of applications, so make your application stand out. Please pay special attention to the main responsibilities of this role, and how to apply.We do great work for clients and are building an ethical business that lets everyone do their best work. If you think you could be the next person to join our team, please apply :)We are reviewing applications on a rolling basis, and we look forward to receiving your application!How to applyIts important we find the best candidate for this position, and our selection process will reflect this.Much of our company Wiki is externally accessible, and youre encouraged to read through this before applying. We have a very useful guide to our interview process available here. This tells you what were looking for and reading this will significantly increase your chance of success!Well review applications on a rolling basis but interviews start after the closing date. Theres thus no benefit to rushing to apply; we will bias heavily toward your applications answers rather than your CV, and wed love for you to take your time.We use video calls for interviews. Youll have video interviews using Google Meet, including with your prospective line manager, Head of Content, and the Managing Director.We understand that this is as much you interviewing us, as the other way round. We have a wonderfully collaborative culture at Ellipsis, driven by our shared vision and values. Throughout the interview process, were extremely happy to answer your questions about the business, working here, and the future of the company.The final stage of our hiring process is a paid test project, which will be similar to work you could expect to do if you were hired. Well give you a week to complete the project, but expect that youll only need ~4 hours.Following the completion of trial projects, well ask for professional references from a previous manager and co-worker. We ask candidates to introduce us to their references, for a 10 minute call or email conversation. We then expect to move to make an offer quickly.Please apply through Workable: https://apply.workable.com/getellipsis. We will decide who progresses to the next stage based on the form you submit, and your CV. Please give us a good reason to select you! Taking the time to research the role, what were looking for, what we do, and what you can do for us will increase your chance of success. Your cover letter is where you have the space to do this.Ellipsis is an equal opportunity workplace.Whilst we love technology and sit at the leading edge of its adoption (we automate hundreds of thousands of actions a month internally), we want to hear from you rather than from ChatGPT.We will be screening applications for AI-generated content and will automatically disqualify AI-generated applications.The deadline for submission is the end of the day, on 24th January 2025. Well be in touch with all candidates following the close of applications.Thanks for your interest in Ellipsis and we look forward to hearing from you!

Welcome to our annual breakthroughs issue. If youre an MIT Technology Review superfan, you may already know that putting together our 10 Breakthrough Technologies (TR10) list is one of my favorite things we do as a publication. We spend months researching and discussing which technologies will make the list. We try to highlight a mix of items that reflect innovations happening in various fields. We look at consumer technologies, large industrial-scale projects, biomedical advances, changes in computing, climate solutions, the latest in AI, and more. Weve been publishing this list every year since 2001 and, frankly, have a great track record of flagging things that are poised to hit a tipping point. When you look back over the years, youll find items like natural-language processing (2001), wireless power (2008), and reusable rockets (2016)spot-on in terms of horizon scanning. Youll also see the occasional miss, or moments when maybe we were a little bit too far ahead of ourselves. (See our Magic Leap entry from 2015.) But the real secret of the TR10 is what we leave off the list. It is hard to think of another industry, aside from maybe entertainment, that has as much of a hype machine behind it as tech does. Which means that being too conservative is rarely the wrong call. But it does happen. Last year, for example, we were going to include robotaxis on the TR10. Autonomous vehicles have been around for years, but 2023 seemed like a real breakthrough moment; both Cruise and Waymo were ferrying paying customers around various cities, with big expansion plans on the horizon. And then, last fall, after a series of mishaps (including an incident when a pedestrian was caught under a vehicle and dragged), Cruise pulled its entire fleet of robotaxis from service. Yikes. The timing was pretty miserable, as we were in the process of putting some of the finishing touches on the issue. I made the decision to pull it. That was a mistake. What followed turned out to be a banner year for the robotaxi. Waymo, which had previously been available only to a select group of beta testers, opened its service to the general public in San Francisco and Los Angeles in 2024. Its cars are now ubiquitous in the City by the Bay, where they have not only become a real competitor to the likes of Uber and Lyft but even created something of a tourist attraction. Which is no wonder, because riding in one is delightful. They are still novel enough to make it feel like a kind of magic. And as you can read, Waymo is just a part of this amazing story. The item we swapped into the robotaxis place was the Apple Vision Pro, an example of both a hit and a miss. Wed included it because it is truly a revolutionary piece of hardware, and we zeroed in on its micro-OLED display. Yet a year later, it has seemingly failed to find a market fit, and its sales are reported to be far below what Apple predicted. Ive been covering this field for well over a decade, and I would still argue that the Vision Pro (unlike the Magic Leap vaporware of 2015) is a breakthrough device. But it clearly did not have a breakthrough year. Mea culpa. Having said all that, I think we have an incredible and thought-provoking list for you this yearfrom a new astronomical observatory that will allow us to peer into the fourth dimension to new ways of searching the internet to, well, robotaxis. I hope theres something here for everyone.

Other items to be made available on request at facility in StockwellThe London Archives in Clerkenwell, previously known as the London Metropolitan ArchivesRIBA will move a substantial part of its library collection to the City of Londons archive facility during the refurbishment of the institutes Marylebone headquarters.A deal agreed between RIBA and the London Archives last month will see some of the most significant items in the collection, including a copy of the Magna Carta, temporarily relocated from 10 April.RIBAs 66 Portland Place headquarters, where the library is currently relocated, will close from 1 June this year to allow the start of a 60m refurbishment designed by Benedetti Architects.> Also read:RIBA headquarters to close from June next year while refurb is carried outThe scheme, expected to take around two and a half years, will include the creation of a new centre to house the institutes four million items, one of the largest architectural collections in the world.A substantial part of the collection will be made available in the meantime at the London Archives, formerly known as the London Metropolitan Archives and based in Clerkenwell, from summer 2025.However, some materials currently available on the shelves of the RIBA library will need to be ordered in advance from the London Archives storage rooms, with further arrangements to be announced later this year.Source: Architectural Press Archive / RIBA CollectionsAn archive image of the RIBA library at 66 Portland PlaceSome material, including the Robert Elwall Photographs Collection, will also be housed at a separate site in Stockwell, south London, where access will be made available by appointment.RIBA executive director of architecture programmes and collections Oliver Urquhart Irvine said the collaboration with the London Archives would preserve access to the collection while inspiring new discoveries.Together, we will unlock exciting opportunities that showcase the dynamic interplay of architecture, history, and culture, he said.The City of Londons culture, heritage and libraries committee chairman Munsur Ali said the partnership would create new possibilities for research, learning, and public programming that showcases the richness of these collections.Other items in the collection include a property deed bearing the signature of William Shakespeare, a 1486 edition of Vitruvius De Architectura and John Shutes 1563 First and Chief Groundes of Architecture, considered the first English architecture book.The refurbishment of the grade II*-listed 66 Portland Place will also add a new cafe, bigger lifts, enhanced event spaces and a relocated shop.Drawing of Benedetti Architects plans for 66 Portland Place, showing the proposed new cafe with outdoor seating

Architects, designers and artists are invited to draw up inclusive, artistic proposals for new seating concepts which encourage people to pause, connect, and enjoy the central London area which currently suffers from a lack of accessible public seating.The Fitz&Sits competition backed by The Fitzrovia Partnership is the second in a planned series of contests focussing on improving key gateways into Fitzrovia in central London. Able and Elliott Wood won an earlier LFA contest for a temporary public realm installation outside Warren Street tube station last year.Five winning teams, to be announced in mid February, will each receive a build budget of 3,000 and a 500 designer fee. The winning concepts will be installed this summer in time for LFA which this year focusses on the theme of Voices and the incorporation of diverse narratives into designs which celebrate local heritage, contemporary influences, and creative spirit.AdvertisementJulie Grail, interim chief operating officer of The Fitzrovia Partnership said: Were excited for LFA2025 and how the theme Voices will be an integral part of connecting the Fitzrovia community through the districts highly creative and inclusive public realm intervention and solution.The Fitz&Sits trail will be the foundation for economic, environmental and social activity within the community for June 2025 and beyond.LFA director Rosa Rogina said: Fitzrovias rich history and creative energy make it the perfect setting to showcase the transformative power of design through Fitz&Sits. This competition not only addresses the need for welcoming public spaces but also invites designers to amplify the diverse voices and stories that shape our cities.Were excited to see bold, imaginative proposals that redefine what public seating can be and celebrate the community spirit of Fitzrovia.The latest competition seeks vibrant, sustainable seating solutions which could transform the area into a dynamic public realm showcase. Concepts should reflect the areas unique personality while providing inclusive, inviting spaces for residents, workers, and visitors to relax and connect.AdvertisementSubmissions which embrace circular economy principles and accessible design are encouraged. The contest launch comes two years and a half after NOOMA Studio won an earlier LFA competition for a creative 25,000 public realm installation in nearby Phoenix Road, Somers Town.Potential sites earmarked for the new seating concepts include Berners Street, Crabtree Fields, Charlotte Street, Cleveland Street, Gosfield Street, Great Portland Street, Great Titchfield Street, New Cavendish Street, Newman Street, Riding House Street, Tottenham Court Road, Warren Street and Wells Street.Bids to deliver the project will be evaluated 30 per cent on team profile, 40 per cent on initial vision, and 30 per cent on feasibility. Applications should include biographies; a 200-word practice description; 300-words explaining the reasons for applying; a visualisation; construction detail; and an outline materials, budget and production process.Competition detailsProject title Fitz&SitsClient The Fitzrovia PartnershipContract value 17,500First round deadline Midday, 31 January 2025Restrictions The competition is open to emerging architects, landscape architects, designers and artists. Collaborations are welcomed; however, the project team must include a qualified architect or landscape architect.Applicants need to fulfil at least two of the following criteria to be eligible for this competition:being no more than seven years postgraduate from your most recent qualificationbeing under 40set up your practice / collaboration in the past three yearsbe part of a team within a larger practice that meets criteria 1 and 2The judges encourage entries from, or collaborations with groups who are underrepresented in architecture and designJudges Bee de Soto, Head of Marketing and Communications, The Fitzrovia Partnership; Lavinia Scaletti, Placeshaping Manager, London Borough of Camden; Katie Fisher, LFA Pews and Perches Winner 2024; Rosa Rogina, Director, London Festival of Architecture ChairMore information https://www.londonfestivalofarchitecture.org/fitzsits-design-competition/

One of the most annoying forms of US bureaucracy -- renewing your US passport -- has gotten a lot easier, and millions of people have already taken advantage of it.The US State Department has now opened up its online renewal system for passports to all eligible citizens, andmore than one million Americans have taken advantage of the opportunity. The turnaround has gotten quicker, too: The routine processing time for passports is now only four to six weeks.Anyone who has an expired US passport that was issued in the last 15 years can now renew it online. The State Department estimates that the online application will take about 40 minutes, but if you've got all your documents and payment information together, you can probably complete it in half that time. The big catch is that you'll need a MyTravelGov account to apply online -- we'll explain more below.Learn everything you need to know about the new online US passport renewals system, including who is eligible and how you can apply. For more travel tips, check out the best days and times to get cheap plane ticketsor the worst airlines for flight delays and cancellations.How do I renew my US passport online?Most US citizens currently renew their passportsby printing and filling out form DS-82, then mailing that form with a new passport photo and a renewal fee in the form of a check or money order. The online passport renewal system instead uses a website form and a payment system that allows credit cards, debit cards or online ACH transfers.Renewing your passport online doesn't mean that you'll receive it any sooner than usual, though. The State Department is sticking to its "routine service" for passport renewals, whether they're online or by mail. That means you'll receive your new passport in six to eight weeks, no matter how you apply. If you need your passport sooner than that, you'll need to apply by mail and pay $60 more for expedited service.Who can renew their US passport online?The most important qualifying factors for renewing your passport online are:You are at least 25 years old.You live in the US (state or territory).Your current passport is or was valid for 10 years.Your current passport must be at least 9 years old and have been issued within the last 15 years (2009-2015).You still have your existing passport, and it's not mutilated or damaged.Along with the main eligibility requirements, the State Department provides a list of further restrictions for online renewal:You can only renew regular passports online, not "special issuance" passports (like diplomatic, official or service passports).You cannot change your name, gender, place of birth or date of birth from your previous passport.You must be able to pay for online renewal using a credit card, a debit card or ACH transfer.You must be able to upload a new passport photo.You cannot travel internationally for eight weeks after submitting your online renewal application.That last restriction is important because your existing passport, if still valid, will be immediately canceled as soon as your online renewal application is accepted.If you don't meet the eligibility requirements for renewing your passport online, you'll need to renew by mail or in person at a passport agency.Here are the steps for renewing your US passport onlineBefore you can apply for an online passport renewal, you'll need to create a MyTravelGov account, which uses the government's login.gov system. If you don't already have a login.gov account, you can visit the MyTravelGov website, click on the blue Sign Inbutton in the top-right corner, then click Create an account.You'll then need to enter an email address and your choice of language: login.gov is available in English, Spanish and French. After submitting your email address, you'll need to verify it by clicking on a link in an email message from login.gov, after which you'll choose a password and preferred form of multifactor authentication.You'll then need to provide personal information for the account, at minimum your first and last name. Once you're finished, you should be able to access the online passport renewal page. Hit the blue Start button at the bottom of the page to begin the application. The State Department estimates that the online application process will take about 40 minutes.To begin the application for online passport renewal, you'll need the following items:Your existing US passport.A digital passport photo.Payment -- credit card, debit card or your bank's routing and account numbers for ACH transfer.In the first part of the application, you'll enter information about your current passport, your legal name and whether you want a passport book, passport card or both. Next you'll upload your digital passport photo, and then finally your payment information.MyTravelGov will send you two email verifications after you submit your renewal application: The first will confirm your pending payment, and the second will confirm that the payment has been received. One week after you apply, you can sign up for email updates about your passport using the State Department's online passport status system. You should expect to receive your new passport in the mail within six to eight weeks. The type of passport -- book or card -- that you renew depends on what you currently hold. MyTravelGov/CNETCan I renew my US passport card online?Passport cards are objects that look much like US driver's licenses and can be kept in your wallet. They allow for travel from the US by land or sea to Canada, Mexico or Caribbean countries. They are not valid for any international air travel.You can renew both passport books and cards online. Basically, you can renew whichever US passport document that you currently hold. If you have an old passport book and passport card, you can renew both at the same time. If you have one or the other, you can only renew that specific document.

Envision a robot vacuum cleaner. Now envision a mechanical arm extending in front of it to pick up a sock that someone peeled off and tossed to the ground. And now imagine this same robot vacuum cleaner picking up a bunch of discarded items and neatly arranging them, while cleaning your floor. That's the Roborock Saros Z70, a new robot vacuum we spent hours making pick up (clean!) socks to demonstrate an innovative feature in the world of mechanized cleaning. It's a first. And it's a dream come true.In a Las Vegas hotel room atCES 2025, and even before that in a small demo in New York for journalists, we watched the Roborock Saros Z70 size up sock after sock, pinching with a mechanical arm. It was so much fun to watch, we made the robot vacuum clean up the same few socks over and over and over again. If the robots ever decide to rise up, we hope they'll forgive us. The Roborock Saros Z70 is the first mass-market robot vacuum with a mechanical arm designed to pick up and move larger debris while it cleans. At the preview event in New York before CES and at the trade show, we noticed that the Saros's arm might not always pick up an item on the first try, and the number of objects it can manipulate is pretty small for now. But the technology shows potential to go far beyond just socks. The five-axis robotic arm, called OmniGrip, can pick up things that weigh as much as 300 grams -- about 10.5 ounces -- and can deposit them in designated areas where you tell them to.The Saros Z70 isn't on the market just yet, although Roborock told us they expect it to be available sometime in the first half of the year. The price also isn't available yet, but high-end robot vacuums routinely run $1,500 or more. Here's what we saw in the hours we spent watching this little robot. Roborock's new vac features a mechanical arm to clean away any debris in its path. Tara Brown/CNETA glitchy start gave way to an impressive display Upgrade your inbox Get cnet insider From talking fridges to iPhones, our experts are here to help make the world a little less complicated. In its debut on stage at the Soho House members' club in downtown Manhattan before CES, Roborock's Saros Z70 prototype initially refused to emerge from its chamber (who among us hasn't suffered stage fright?), a mechanical glitch we are assured has been remedied for the retail version.After a few false starts, the arm was set free from its onboard cabin, at which time the slender circular vac approached a crumpled sock, sending its arm twisting out and down to capture it, much like those infernal claw machine games found in arcades. @cnetdotcom Just a little to the right. We got a first look at #Roborocks new robot vacuum which features a first-ever mechanical grabbing arm. More details to come but this is a prototype, not the official #robovacuum that will come to market. #tech #roborocksarosZ70 #sarosz70 #techtok #mechanicalarm #clawmachine #prototype original sound - CNET Once it got going, the robot arm picked up several socks. It dropped the occasional pickup but didn't give up until it had it in its clutches, and then dutifully carried each one to a single area on the stage designated by a brand rep through the mobile app. A rep from the company told us the current version is better at recognizing black socks than white ones.While the demo was mostly controlled, the final version of the vac will seek out and remove debris on its own during regular cleaning cycles. During an initial sweep, the Saros Z70 should carry out normal duties but also detect and mark objects it can lift. In theory, it will then circle back to items such as socks, tissues and small towels to tidy up during a second round of cleaning. After a few false starts, the Robotrock vac began picking up scattered socks strewn about the stage. David Watsky/CNETThe Saros Z70 is able to detect up to 108 different obstacles. While the list of objects OmniGrip can actually lift is far smaller, more items will be supported in future software upgrades, according to Roborock's official release. Those who buy the first-gen model can expect remote improvements to the OmniGrip without having to shell out more dough.It already recognizes more than socksIn Las Vegas, we spent more than an hour with the robot as it picked up socks in a hotel room. One caveat is that the vacuum was following a fairly prescribed routine -- it would go in a straight line, pick up a sock set off to the side of its track, then proceed a few feet to drop it in a basket and return, along that straight line, to its base. Roborock said this program, designed for demonstration, kept it from following its usual routine, which would include starting to map the room. Rather than stand there while the robot vacuum meandered its way around a suite in The Venetian, it kept to a tight schedule.That doesn't mean we didn't get to see the machine try to problem solve. A company representative told us what types of items it had been programmed to pick up -- socks, small towels, small pieces of paper and sandals. We threw down a wool beanie hat, which is basically a sock. The Roborock had no trouble identifying it and picking it up.It was fascinating watching the vacuum figure out how to pick something up. Sometimes it would drive past the sock it was supposed to pick up, and we would all sigh in disappointment that it was going to fail. But then it would rotate and look behind it, and pick up the sock successfully.Not every run was a success. Sometimes it tried to grab an object and it slipped out of its grip. At other times, it seemed to rebel against being a trade show prototype, spontaneously deciding to start mapping the room.A robot vacuum with more to learnWhile the list of objects the vacuum can identify is relatively small, Roborock plans to add more as it develops the software intelligence to do so. Future updates might include an ability to pick up cat toys or shoes and put them where they're supposed to go. The smarter it gets with the mechanical arm, the more you can envision a robot vacuum that can truly clean a messy, dirty floor with little prep. The mechanical arm relies on Roborock's next-gen StarSight navigation and object recognition. RoborockIt shouldn't grab your kid or cat by accidentIf you're worried about the arm grabbing an innocent cat or a tuft of a toddler's hair, Roborock says the arm's grip isn't strong enough to do any harm. Just in case, the vac includes a child lock and safety stop button, allowing for immediate shutdown in any scenario.There are also pet-friendly features that allows you to check in on your animals, capture snapshots and schedule on-demand cruises. The vac moves aside when approaching pets to avoid frightening them.New advanced object recognitionWhile the grabbing arm gets most of the glory, none of its performance would be possible without precision sensors, a camera and an LED light fixed to the robot's slim frame, all of which are controlled by Roborock's next-gen StarSight navigation and object recognition system."Instead of using a traditional LDS (lidar) tower module for navigation, the system integrates next-gen dual-light 3D time-of-flight sensors and RGB cameras powered by AI to determine its position, surroundings and whether the object it grips is overweight," Roborock said in a statement. @cnetdotcom Meet the Saros Z70. #Roborocks new #AI-powered vac-mop features a first-ever mechanical grabbing arm to tidy up the room while it cleans. #robotvacuum #robovacuum #tech #techtok #sarosz70 #roborocksarosz70 #robotics original sound - CNET Arm aside, this is shaping up to be a top-tier robot vacuumIn addition to its flashy new appendage, the Roborock Saros Z70 has the robovac basics down. It features 22,000 Pa of suction power, paired with a dual anti-tangle system, which deploys itself to prevent hair from tangling around the vacuum. The machine's dual-spinning mops can lift up to 2.2 centimeters (just under an inch), allowing for increased air circulation and faster drying and prevents the vac from dragging dirt across clean surfaces. All of this comes inside one of the slimmest robot vacuums on the market at just 7.98cm (3.14 inches) high.

If you're planning on doing moretravelingas part of your New Year's resolutions, you'll need to rely on yourluggage, everyday bags and more to get from point A to point B. The holidays and beyond are usually some of thebusiest travel periods of the year, so that makes it a bit more difficult to travel with all of your belongings without one or two of them going missing. With that in mind, you should invest in something that can keep that from happening.It's not too late to pick up some Apple AirTags and stash them in all of those trackable items. Even major airports are now plugged in to Apple's Find My service. I already use Apple's Find My service to keep tabs on devices, such as the iPad I frequently leave in my living room, as well as where family members are via their iPhones.But what if I want to pinpoint my keys? Or figure out whether my luggage arrived on the same flight as I did? For that, I've come to rely on several Apple AirTags that fit into or onto almost anything I want to track. Apple's tracker depends on the crowdsourced Find My network to help you pinpoint your items, from keys you've misplaced at home to a bag you may have left in the office.Here's all you want to know about AirTags. For more, learn about why you shouldn't put an AirTag on a pet and discover five unexpected places to stash an AirTag.What's an Apple AirTag?An AirTag is an individual tracking device that securely broadcasts its location using Bluetooth wireless networking. It's a small glossy white puck not much larger than a US quarter and about the height of three stacked coins. A CR2032 coin cell battery keeps the AirTag powered for roughly a year. AirTags, back and front. AppleOnce the AirTag is paired with an iPhone or iPad, you can essentially forget about it. Hang it on a keychain or drop it into a bag anything you want to be able to track or find later.How much do AirTags cost and where can I buy them?A single AirTag retails for $29 direct from Apple, and can be bought for around $24 from most outlets that sell electronics.However, it's always more economical to buy AirTags in packs of four once you find a use for a solitary AirTag you'll soon think of other things you want to track. Apple sells the set for $99 and some retailers, such asAmazon,Best BuyandWalmart, have them for around $75, bringing the per-item cost down below $20. AirTags are also frequently reduced for big sales such as Black Friday and Prime Day. CNETIf you do order from Apple, you can engrave initials, numbers and emoji for free, which can help you tell the AirTags apart (or just add a personal spin). You can personalize AirTags with laser engraving if you order them direct from Apple. Sarah Tew/CNETIs it difficult to set up a new AirTag?In typical Apple fashion, activating a new AirTag is easy. Initially, a plastic tab slipped in between the electronics and battery keeps the AirTag inert. Once you pull that tab and the pieces make contact, the AirTag starts broadcasting its presence. When you bring it close to an iPhone or iPad, a dialog box appears, giving you the option to connect the AirTag. An iPhone senses when a new AirTag is nearby and begins the connection process. Screenshot by Jeff Carlson/CNETWhen you tap Connect, choose a description of what the tag will be associated with, such as "Handbag" or "Luggage"; you can also enter a custom name. Choose an emoji to represent the AirTag in the Find My app and tap Continue. The AirTag is linked to your Apple ID.How do I locate an AirTag?In the Find My app on your iPhone, iPad or Mac, tap the Items button to view the AirTags you've activated. On an Apple Watch, open the Find Items app.Tap the item you want to locate. If you think it's close by, the easy option is to tap the Play Sound button, which makes the AirTag emit a high-pitched trill. However, if you have an iPhone 11 or later (not counting the iPhone SE), tapping Find uses the iPhone's Ultra Wideband (UWB) chip to locate the AirTag with more precision not just estimating the distance, such as "1.5 ft nearby," but also point you in the right direction as you move around.If the item is not in your general vicinity, the Find button becomes a Directions button that will hand off the location to the Maps app for driving, walking, transit or cycling routes. To locate a nearby item, tap its AirTag (left), tap the Find button (middle) and then let the iPhone guide you to it (right). Screenshot by Jeff Carlson/CNETWhat if I forget items while I'm heading out?Being able to find something I've lost is invaluable, but it would be better if I didn't forget it in the first place. For every AirTag, you can enable Notify When Left Behind, an option that sends a notification if you and an AirTag that was with you are no longer together.That could be as simple as forgetting a bag at a restaurant or more alarming if someone swiped the item and is making a getaway.What's the secret to how AirTags work?You know how in many thrillers and spy movies someone plants a tracker on a person and is then able to pinpoint the target's location no matter where they are? That always seemed far-fetched to me what sort of range would a tiny piece of electronics have, really? but an AirTag is essentially that.The AirTag also does not have that sort of range, but it has something better: millions of devices carried by Apple customers surrounding it. On a regular interval, the AirTag sends out a low-power Bluetooth signal containing an encrypted ID. Any nearby iPhone, iPad or Mac picks up the signal, adds its location coordinates (if it knows them) and sends that to Apple servers in a secure background transmission. When an AirTag is in proximity of an iPhone or other Apple device, it securely relays its ID to mark its location. Jeff Carlson/CNETThat's how, when my luggage chose to spend an extra day in Europe without me, I knew it was still in the airport in France. Likely an iPhone owned by a traveler or employee picked up the ID of the AirTag in my bag and relayed that to Apple. When I opened the Find My app on my iPhone in Seattle, it queried the servers and presented the AirTag's last known location.All of this happens in the background no personal information is sent, and the impact to the relaying device's performance and battery is negligible.What about privacy? Can a hidden AirTag track me?Just as you can use an AirTag to track your personal objects, it is possible that someone could drop an AirTag into your bag or coat pocket to try to track your movements. Apple has put a few safeguards in place to try to prevent that type of situation.If your iPhone or iPad detects an unknown AirTag in your vicinity that is persistently near you, a notification appears that says "AirTag Found Moving With You." When you ransack your belongings and find it, open the Find My app on your iPhone or iPad, tap Items and then tap Identify Found Item. Place the AirTag against the back of the device at the top until you see a notification. When you tap that, you're taken to a web page with the tag's serial number and, optionally, contact information.If it turns out a family member's AirTag fell out of a bag, no worries. If it's one that's unfamiliar, you can follow instructions for how to disable the tag.For more, see how to protect yourself from being tracked.What if I suspect that my AirTag is stolen?You've looked everywhere, used the Find feature to scan for it, but your item containing an AirTag is nowhere to be found. Now what?In the AirTag's details in the Find My app, scroll down to Lost AirTag and tap Show Contact Info. If someone finds the tag and checks it as described just above, you can have a phone number or email displayed, plus an optional message, when they look up its information.The other option is to choose Share Item Location, which creates a link you can send to someone identifying where the tag is. The link is active for just one week, which is hopefully more than enough time to let someone track it down. For example, suppose your bag is swiped: You could give the shared link to the police so they can track it down. (For safety reasons, don't confront someone who's stolen your property.) Share an AirTag's location temporarily with someone using a link. Screenshot by Jeff Carlson/CNETWhen the item and its AirTag are returned, a notification appears that you've been reunited. Or, you can make the tag's whereabouts hidden at any point by tapping Stop Sharing Item Location in the same screen, which invalidates the shared link.How can I share an AirTag with someone I trust?An AirTag is linked to your Apple Account, but for years that presented a problem: AirTags assigned to other people in my household would trigger the "AirTag Found Moving With You" warning -- not great on family trips when we'd take my wife's car.Now, fortunately, it's possible to share an AirTag's location with up to five people. Tap a tag in the Find My app and under Share AirTag tap Add Person. Tap Continue on the screen explaining what will happen, then select a contact and tap Share. Share an AirTag with a trusted friend so you can both view its location. Screenshot by Jeff Carlson/CNETIn that person's Find My app, they can accept the shared item. Note that all people you add can track the location.How long does the battery last and how do I replace it?In my experience, the CR2032 coin battery in each AirTag lasts about a year. When the level dips below about 10% remaining, you're alerted that the battery is low and a red indicator appears in the Find My app. When the battery in an AirTag gets low, an indicator appears in the Find My app. Screenshot by Jeff Carlson/CNETTo replace the battery, turn the silver back counter-clockwise to release its latches. Lift the existing battery out and replace it with a new one, making sure the battery's identifying markings are facing you. Then align the tabs of the metal portion with the slots in the plastic piece, press lightly and turn clockwise. The AirTag will chirp when the electronics and battery are securely in contact. The battery in an AirTag is easily accessible and simple to replace. AppleCan I use AirTags with an Android phone?AirTags are not directly compatible with Android phones -- there's no app that ties into Apple's Find My network. To get the same tracking functionality, look into the Chipolo One Point tracker that uses Google's Find My Device network.Apple once offered an Android app called Tracker Detect that would let you identify a found AirTag, but that's not available for newer Android devices -- an app with that name in the Google Play store is from a separate developer. However, for phones with NFC chips installed, you can place a found AirTag against the back of the device to view information about it.For more, learn about this year's best AirTag accessories and everything about Apple Intelligence. 11 Essential Accessories Your iPhone Wants for the Holidays See all photos

Xbox adds PC games to rewards scheme, after previously making it much worsePoints of contention.Image credit: Microsoft News by Tom Phillips Editor-in-Chief Published on Jan. 6, 2025 Microsoft has announced a revamp of its Rewards with Xbox scheme, which provides points that can be exchanged for store credit.Rewards with Xbox doles out a small smattering of points simply for logging on and playing Xbox games, though the scheme has suffered over the past year from various tweaks that have seen it become less lucrative overall (the amount of points required to acquire store credit has increased, while reward points were repeatedly made harder to obtain).Today, Microsoft announced an array of changes that push the needle back towards the scheme being more worth engaging with - slightly - including Game Pass Quests for PC subscribers, and the return of weekly points streaks. New Year, New Rewards with Xbox.Watch on YouTubeNotably, the scheme has also been made available only to players aged 18 and over. Microsoft said the change was designed to "ensure our continued commitment to foster positive, age-appropriate gaming experiences for our players to enjoy".On PC, Game Pass subscribers will now be able to earn points by playing PC games for at least 15 minutes each day, with a weekly streak available if you play a game for five days within every seven.On Xbox consoles, Game Pass quests have been "reimagined" so you also now need to play for 15 minutes (no booting up an Xbox Game Pass title then immediately turning it off again anymore). But there are also new rewards for playing four or eight different Game Pass titles within a month, and the return of weekly streaks also.Microsoft notes that the weekly streak for console games has been "rebalanced" to 150 points worldwide - a lower amount than previously, though UK Xbox owners already had this decrease in effect since last summer, much to their chagrin.If you're looking for something to play on Xbox Game Pass, you can't go wrong with Indiana Jones and the Great Circle - Eurogamer's Game of 2024. I'm currently exploring the pyramids, and it's Gizeh me plenty to do.