Over the weekend, Apple announced that it is making Swift Build open source. This is the build engine used by both Xcode and for the companys internal projects.Apple has also made a tiny name change to Swift Playgrounds, the app that helps people learn to code in Swift on iPad and Mac Apple makes Swift Build open sourceApple made the announcement on Saturday.As Swift expands, theres value in investing in matching cross-platform build tools that provide a powerful, consistent, and flexible experience across the ecosystem.As a foundational step in this new chapter of Swift build technologies, today Apple is open sourcingSwift Build, a powerful and extensible build engine that provides a set of build rules for building Swift projects. Swift Build is the engine used by Xcode, which supports millions of apps in the App Store as well as the internal build process for Apples own operating systems.The company said that this would remove the confusion caused by having two different build packages, and pave the way for new features.Compared to the build engine in Xcode, the build engine in Swift Package Manager is fairly simple. On Apple platforms, having two different ways to build packages has also led to user confusion when the two implementations behavior didnt match. Contributing Xcodes build engine to the Swift project and developing it in open source alongside the Swift compiler provides the tools necessary to address these problems and deliver a great builds experience to all Swift users.[This] lays the foundation to enable new features and improvements across all platforms and tools, and unlocks new performance optimizations and developer-facing features.Swift Build is now available on GitHub.Swift Playgrounds becomes Swift PlaygroundJohn Gruber spotted that Apple has also updated Swift Playground, and in the process changed it from plural to singular.Interestingdetailwith the latest update to Apples app for learning and tinkering with Swift: its now named Playground, singular, not Playgrounds, plural. Im not going to argue that much should be made of the name change, but I like it. The app is the playgrounda place for playing with Swiftnot a factory for making playgrounds.Image: AppleAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. Let's take a closer look at how these efforts are shaping a safer digital world. Threat of the WeekDeepSeek's Popularity Invites Scrutiny The overnight popularity of DeepSeek, an artificial intelligence (AI) platform originating from China, has led to extensive scrutiny of its models, with several analyses finding ways to jailbreak its system and produce malicious or prohibited content. While jailbreaks and prompt injections are a persistent concern in mainstream AI products, the findings also show that the model lacks enough protections to prevent potential abuse by malicious actors. The AI chatbot has also been targeted by what the company said were "large-scale malicious attacks," prompting it to temporarily limit user registrations. The service has since been banned in Italy over data protection concerns. Texas Republican Governor Greg Abbott has also issued a ban on DeepSeek for government-issued devices. Top NewsLaw Enforcement Operation Takes Down Illicit Cybercrime Services A series of law enforcement operations have taken down various online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender that sold hack tools, illegal goods, and crimeware solutions. Millions of users are estimated to have been impacted, earning the threat actors hundreds of thousands of dollars in illegal revenues.Apple Fixed an Actively Exploited Zero-Day Apple released software updates for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to address a zero-day vulnerability (CVE-2025-24085) that it said has been exploited in the wild. The flaw is a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. There are currently no details available on how it has been weaponized in real-word attacks, who may have been targeted, and the scale of the attacks.New WhatsApp Spyware Campaign Targets 90 Individuals Meta-owned WhatsApp disclosed it disrupted a campaign that involved the use of spyware owned by an Israeli company named Paragon Solutions to target about 90 journalists and civil society members. The attack chain is said to be zero-click, meaning the deployment of the spyware occurs without requiring any user interaction. The company noted the targets were spread across over two dozen countries, including several in Europe. The development marks the first time Paragon, which claims to provide "ethically based tools" to "disrupt intractable threats," has been linked to spyware misuse.Patched Mitel Flaw Exploited by Aquabot A Mirai botnet variant dubbed Aquabot is actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a rogue network capable of mounting distributed denial-of-service (DDoS) attacks. The flaw (CVE-2024-41710), a command injection vulnerability that allows for arbitrary command execution within the context of the phone, was addressed by Mitel in July 2024.UAC-0063 Uses Stolen Docs to Target Other Victims A hacking group tracked as UAC-0063 has been linked to a series of attacks that involve the use of documents stolen from one victim as lures to target others and infect them with a known loader malware called HATVIBE. The attacks have also involved the deployment of a newly discovered USB data exfiltrator codenamed PyPlunderPlug in at least one incident targeting a German company in mid-January 2023. Trending CVEsYour go-to software could be hiding dangerous security flawsdon't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.This week's list includes CVE-2025-0626, CVE-2024-12248, CVE-2025-0683 (Contec CMS8000), CVE-2025-22217 (Broadcom VMware Avi Load Balancer), CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 (Broadcom VMware Aria Operations and Aria Operations for Logs), CVE-2024-55415, CVE-2024-55416, CVE-2024-55417 (PHP Voyager), CVE-2025-22604 (Cacti), CVE-2024-40891 (Zyxel), CVE-2025-23040 (GitHub Desktop), CVE-2024-52012 (Apache Solr), CVE-2025-0065 (TeamViewer), CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 (Canon Laser Printers and Small Office Multifunctional Printers), CVE-2025-0493 (MultiVendorX plugin), CVE-2024-12822 (Media Manager for UserPro plugin), CVE-2025-0851 (Deep Java Library), CVE-2025-20061, CVE-2025-20014 (mySCADA myPRO), CVE-2024-13448 (ThemeREX Addons plugin), CVE-2025-0357 (WPBookit plugin), CVE-2024-1354 (Bootstrap Ultimate theme), CVE-2024-56404 (One Identity Identity Manager), CVE-2024-53299 (Apache Wicket), and CVE-2024-12857 (AdForest theme). Around the Cyber WorldMicrosoft Previews Scareware Blocker in Edge Microsoft said it's adding a new scareware blocker to its Edge browser to defend against tech support scams that use fake web pages to fool victims into thinking that their systems are infected with malware, and persuade them to either call a fake support number or gain unauthorized access to their systems. "Scareware blocker uses a machine learning model to recognize the tell-tale signs of scareware scams and puts users back in control of their computer," the company said. "The model uses computer vision to compare full screen pages to thousands of sample scams that the scam-fighting community shared with us. The model runs locally, without saving or sending images to the cloud." Last year, the U.S. Federal Trade Commission (FTC) fined two tech support firms Restoro and Reimage $26 million over charges that they lured consumers with fake Microsoft Windows pop-ups, stating their computers were compromised with viruses. The development comes as Microsoft said it's continuing to roll out safeguards against brand impersonation attempts in Teams, a technique adopted by various threat actors for malware propagation.Brazil Bans Tools for Humanity From Paying People for Iris Scans Brazilian data privacy regulators have prohibited Tools for Humanity (TFH), a biometric identity company co-founded by OpenAI CEO Sam Altman, from offering compensation to citizens for iris scans, saying such data collection practice interferes with a person's decision to grant consent for access to sensitive personal data. "Consent for the processing of sensitive personal data, such as biometric data, must be free, informed, unequivocal and provided in a specific and highlighted manner, for specific purposes," the National Data Protection Authority (ANPD) said. TFH told The Record that it follows all laws and regulations in the country. The ban coincided with a complaint filed by the European Consumer Organisation (BEUC), criticizing Meta for its pay or consent policy and for failing to give users a fair choice.New Research Uncovers Intel TDX Vulnerability Intel Trust Domain Extensions (TDX) has become a crucial CPU-level technology aimed at strengthening the isolation and security guarantees of virtual machines to protect sensitive data and applications from unauthorized access. This also means that vulnerabilities discovered in the technology can undermine its confidentiality and integrity objectives by breaching the isolation between the Virtual Machine Manager (VMM) and Trust Domains (TDs). A new study by a group of researchers from the Indian Institute of Technology Kharagpur and Intel has uncovered a critical flaw in TDX's Performance Monitoring Counters (PMC) virtualization that breaks the isolation between the VMM and TD, as well as between different TDs running concurrently on the same system. "In a particular scenario where the VMM and a TD are co-located on the same core, resource contention arises, exposing the TD's computation patterns on PMCs collected by the VMM for its own processes making PMC virtualization ineffective," the study said.Threat Actor Infects Over 18K Devices Using Trojanized RAT Builder An unknown threat actor is going after script kiddies to trick them into downloading a trojanized version of the XWorm RAT builder via GitHub repositories, file-sharing services, Telegram channels, and YouTube videos to compromise over 18,459 devices globally. The top countries impacted include Russia, the U.S., India, Ukraine, and Turkey. "The malware uses Telegram as its command-and-control (C&C) infrastructure, leveraging bot tokens and API calls to issue commands to infected devices and exfiltrate stolen data," CloudSEK researcher Vikas Kundu said. The malicious operation, however, has been disrupted by taking advantage of the malware's kill switch to issue an "/uninstall" command over Telegram. It's worth noting that machines that were not online when the command was sent remain compromised.Researchers Detail Browser Syncjacking Technique A new attack method called Browser Syncjacking shows that it's possible to take control of a victim's device by installing a seemingly innocuous Chrome browser extension, highlighting how add-ons could become lucrative low-hanging fruits for attackers. It involves a series of steps that begins with the adversary creating a malicious Google Workspace domain and setting up several user profiles under it without any security features. The adversary then publishes an extension to the Web Store and tricks victims into installing it using social engineering techniques. Once installed, the extension is used to stealthily log the victim into a Chrome browser profile managed by the attacker using a hidden window, thus enabling the threat actor to push arbitrary Chrome policies on the profile. This includes urging victims to turn on Chrome Sync, allowing the attacker to access all of the victim's secrets via the hijacked profile. The end goal, per SquareX, is to turn the whole browser into a managed browser controlled by the attacker, granting them the ability to enforce custom extensions that can be hosted on private links and don't have to go through the Chrome Web Store vetting process. Installing one of these add-ons could be enough to harvest sensitive data and seize control of the system through a clandestine communication mechanism that makes use of Chrome's Native Messaging API. Separately, recent research undertaken by security researcher Wladimir Palant has found that third-party extension developers are abusing a language translation feature built into the extension description system to push sketchy add-ons users search for legitimate extensions on the Web Store. Also discovered were an additional set of Chrome extensions capable of injecting ads into web pages, tracking website visits, affiliate fraud, and cookie stuffing attacks.Subaru Starlink Flaw Let Hackers Hijack Cars A security vulnerability in Subaru's Starlink connected vehicle service that could have granted unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan. Using the access provided by the vulnerability, an attacker who only knew the victim's last name and ZIP code, email address, phone number, or license plate could have remotely started, stopped, locked, or unlocked any vehicle. It could also have been abused to retrieve the current location, as well as the history from the past year, accurate to within 5 meters and updated each time the engine starts. The vulnerability could also have allowed access to sensitive personal information, call history, previous ownership details, sales history, and odometer readings. The vulnerability in the web portal was fixed on November 21, 2024, within 24 hours of responsible disclosure by researchers Sam Curry and Shubham Shah. There is no evidence it was ever maliciously exploited in the wild. The flaws are just the latest in a series of vulnerabilities that have affected other carmakers, such as Kia and Mercedes-Benz. Expert WebinarDevOps + Security = The Fast Track to Resilience Tired of security slowing down developmentor risky shortcuts putting you at risk? Join Sarit Tager, VP of Product Management at Palo Alto Networks, in this must-attend webinar to discover how to break the Dev-Sec standoff. Learn how to embed smart, seamless security guardrails into your DevOps pipeline, prioritize code issues with full ecosystem context, and replace "shift left" confusion with the clarity of "start left" success. If speed and security feel like a trade-off, this webinar will show you how to have both. Save your spot now.A Clear Path to Identity Security: Actionable Steps with Okta Experts Struggling with identity security gaps that increase risks and inefficiencies? Join Okta's experts, Karl Henrik Smith and Adam Boucher, to discover how the Secure Identity Assessment (SIA) delivers a clear, actionable roadmap to strengthen your identity posture. Learn to identify high-risk gaps, streamline workflows, and adopt a scalable, phased approach to future-proofing your defenses. Don't let identity debt hold your organization backgain the insights you need to reduce risk, optimize operations, and secure business outcomes.P.S. Know someone who could use these? Share it. Cybersecurity ToolsSniffnet: A free, open-source tool designed to help you easily monitor your Internet traffic. This cross-platform app lets you choose your network adapter, apply filters, and view real-time charts to see exactly what's happening on your connection. Whether you're checking overall stats, spotting unusual activity, or setting up custom alerts, Sniffnet puts clear, actionable insights right at your fingertips.IntelOwl is a powerful open-source tool designed to streamline and speed up threat intelligence management. If you've ever needed to pull data on malware, IP addresses, or domains from multiple sources with a single request, this is the platform for you. By integrating a wide range of advanced malware analysis tools and online analyzers, IntelOwl makes it easy to enhance your threat data while offering a variety of features to automate routine analyst taskssaving time and boosting your response to emerging threats. Tip of the WeekWindows' Simple Ransomware Shield Ransomware attacks can strike fast, but you have a built-in safeguard in Windows. Controlled Folder Access blocks untrusted apps from changing your important files, keeping your data safe. To activate it, open Windows Security, go to Virus & threat protection, click on Manage ransomware protection, and enable Controlled Folder Access. This simple step adds an extra lock on your digital files without needing any extra software.ConclusionAs we wrap up this week's update, think of your digital life as a home that needs constant care. Small actionslike updating your software, using strong passwords, or checking the settings on your appsare like adding extra locks to your door. Every update or fix mentioned this week is a reminder: staying informed and taking simple steps can make a big difference.Take a moment to review your devices and check if any updates are pending. Consider setting aside a few minutes each week to catch up on security news. Ask yourself: What can I do today to make my online space safer? Whether it's using a trusted tool to manage your passwords or double-checking links before clicking, your actions help build a safer digital world for everyone.Thank you for reading, and here's to staying secure and smart in our everyday tech choices.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Feb 03, 2025Ravie LakshmananFinancial Security / MalwareBrazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote."Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.The cybersecurity company said it discovered over the past month several Windows Shortcut (LNK) file artifacts that contain PowerShell commands responsible for delivering the malware.Coyote was first documented by Kaspersky in early 2024, detailing its attacks targeting users in the South American nation. It's capable of harvesting sensitive information from over 70 financial applications.In the previous attack chain documented by the Russian cybersecurity firm, a Squirrel installer executable is used to trigger a Node.js application compiled with Electron, that, for its part, runs a Nim-based loader to trigger the execution of the malicious Coyote payload.The latest infection sequence, on the other hand, commences with an LNK file that executes a PowerShell command to retrieve the next-stage from a remote server ("tbet.geontrigame[.]com"), another PowerShell script that launches a loader responsible for executing an interim payload."The injected code leverages Donut, a tool designed to decrypt and execute the final MSIL (Microsoft Intermediate Language) payloads," Lin said. "The decrypted MSIL execution file first establishes persistence by modifying the registry at 'HCKU\Software\Microsoft\Windows\CurrentVersion\Run.'""If found, it removes the existing entry and creates a new one with a randomly generated name. This new registry entry contains a customized PowerShell command pointing to download and execute a Base64-encoded URL, which facilitates the main functions of the Coyote banking trojan."The malware, once launched, gathers basic system information and the list of installed antivirus products on the host, after which the data is Base64-encoded and exfiltrated to a remote server. It also performs various checks to evade detection by sandboxes and virtual environments.A notable change in the latest iteration of Coyote is the expansion of its target list to encompass 1,030 sites and 73 financial agents, such as mercadobitcoin.com.br, bitcointrade.com.br, foxbit.com.br, augustoshotel.com.br, blumenhotelboutique.com.br, and fallshotel.com.br.Should the victim attempt to access any one of the sites in the list, the malware contacts an attacker-controlled server to determine the next course of action, which can range from capturing a screenshot to serving overlays. Some of the other functions include displaying activating a keylogger and manipulating display settings."Coyote's infection process is complex and multi-staged," Lin said. "This attack leveraged an LNK file for initial access, which subsequently led to the discovery of other malicious files. This Trojan poses a significant threat to financial cybersecurity, particularly because it has the potential to expand beyond its initial targets."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

TechTarget and Informa Techs Digital Business Combine.TechTarget and InformaTechTarget and Informa Techs Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.If Everyone Uses AI, How Can Organizations Differentiate?If Everyone Uses AI, How Can Organizations Differentiate?As AI saturates the market, what becomes of its competitive advantages? Does it become a basic, digital commodity in the background?Joao-Pierre S. Ruth, Senior EditorFebruary 3, 2025In some instances, it can be rather easy to spot traces of artificial intelligence at work -- especially if there are common tells that surface in its use.Generative AI, at least for now, can be prone to produce illustrations that feature similar visual styles that repeat with each creation. What happens when companies rely on the results of AIs work, and their rivals work with the same algorithms? Does the innovation and edge AI promises disappear? Or are there ways companies can differentiate how they use AI to stand out in the market?As InformationWeek kicks off The Cost of AI series, this episode of DOS Wont Hunt brought together Andy Boyd, chief product officer with Appfire;Amol Ajgaonkar, CTO of product innovation with Insight; Mike Finley, CTO and co-founder for AnswerRocket; Kashif Zafar, CEO of Xnurta; and James Newman, head of product and portfolio marketing for Augury.The podcast panel discussed what happens if companies start to look like they are just copying each other when they use AI, what the ROI is for AI, and how organizations can differentiate what they get out of AI?Listen to the full podcast here.About the AuthorJoao-Pierre S. RuthSenior EditorJoao-Pierre S. Ruth covers tech policy, including ethics, privacy, legislation, and risk; fintech; code strategy; and cloud & edge computing for InformationWeek. He has been a journalist for more than 25 years, reporting on business and technology first in New Jersey, then covering the New York tech startup community, and later as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight.See more from Joao-Pierre S. RuthNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Role DetailsTitle: Sales Development Representative (SDR)Type: Independent Contractor AgreementHours: As many or as little as you want (asynchronous)Location: Fully remoteRole OverviewThe SDR will create and execute sales strategies, generate cold leads, and direct business development efforts. Our target market consists mainly of HNWIs on the B2C side and SMEs on the B2B side within North America and EMEA regions. Check out the end of our Services page on our website to see who exactly our target clients are.Who is this Role for?This role is ideal for motivated sales representatives who excel in a commission-driven environment. Ideally, we want to find trustworthy and ethical high performers to establish a long-term business relationship. Those who understand the importance of privacy and security and can communicate this effectively to clients will thrive.Key ResponsibilitiesProspect & Qualify: Identify and explore promising leads using different channels, such as LinkedIn, email, and professional networks.Engage Prospects: Start conversations, build rapport, and spark interest in CipherMaze's services via LinkedIn messaging and other social outreach methods.Discovery Calls: Line up prospects to sign up for and complete quick exploratory calls to understand their needs and determine mutual fit.Grow Online Presence: Increase organic traffic to our website and LinkedIn page.Collaborate with Founder: We're a small but agile company, so you'll work closely with the Founder to optimize outreach strategies.Targets (Quotas)Nurture 10+ prospects a month to complete a Discovery Call.Bring in a minimum of 4 new paying clients a month.About CipherMazeTAGLINE: CipherMaze delivers actionable advice and novel tech solutions to reduce your digital footprint and shield your identity.DESCRIPTION: CipherMaze is a consulting firm that delivers solutions to protect individuals and businesses from emerging threats both online and offline. Our services include minimizing digital exposure, securing communications, protecting data, mitigating cyber threats, and safeguarding identities.FIELDS OF FOCUS / INDUSTRY KEYWORDSIdentity footprint, digital hygiene, data sovereignty.Threat modeling, open-source software, attack surface reduction.End-to-end encryption, zero-knowledge encryption, hardening.Big Tech disintermediation, de-google, cyber resilience.Compensation and PerksCompetitive commission-only structure:Base Rate: 25% of the client spend.Incentive-Based Bonuses: when you meet or exceed quotas.Rate Multiplier: top performers get to multiply their earnings.Early Achiever Bonus: bonus for hitting quotas by mid-month.Discovery Call Bonus: yet another bonus opportunity.No Commission Caps: earn as much as you want!000 Policy: zero BS, zero bureaucracy, and zero drama.Remote & Flexible: work from wherever you want and on your schedule.About YouMinimum Qualifications and SkillsBelieves in the company's mission and vision.Natural people skills and ability to deliver compelling pitches.Ability to craft concise and persuasive outreach copy.Knowledge of cybersecurity, privacy, and open-source.Verifiable sales and business development experience.Ability to thrive in a highly independent sales role.Comfortable working remotely and asynchronously.English language requirement:Native or bilingual proficiencyFull Professional ProficiencyBachelor's degree in business, marketing, communications, public relations, or any other relevant field.Nice-to-haves++ Extensive knowledge of cybersecurity and privacy.Customer experience (CX) and clienteling expertise.Experience with Odoo or Twenty CRM software.AI WARNING: Artificial intelligence is an excellent tool for accelerating iteration and boosting productivity. However, we ask that you do not use AI to respond to any of the questions on the application form. We may run candidate applications through AI detection software. Related Jobs See more Sales and Marketing jobs

Student tower scheme will include part of cotton mill that was built in 1801 and subject of anonymous listing bidSource: GoogleHotspur Press pictured in July 2024. The building dates back to 1801The government has decided not to list an historic Manchester cotton mill meaning that plans by Hodder & Partners to turn it into a student accommodation tower can go ahead.Developer Manner said an anonymous application to list the building after the scheme was given planning last May had led to months of delays as the Department for Digital, Culture, Media and Sport considered the bid, despite more than 800 letters of support.Managing director Richard James added: We thank DCMS for their decision not to list The Hotspur Press. However, it does not feel right that one anonymous application can lead to eight months of delay and uncertainty.I want to thank the 822 residents, councillors, business leaders and city council who supported our campaign to save The Hotspur Press and allow its regeneration to go ahead.A CGI of the completed developmentcvcvcv1/3show captionThe proposals will see 595 student bedrooms delivered across a 37-storey tower, as well as a new public square and public realm improvements.The Hotspur Press building dates back to 1801 and began life as a cotton mill before being turned into a printing press. Hodders designs for the scheme will preserve much of the existing brick exterior.Manner had originally wanted to build 578 student bedrooms across a 36-storey block when plans first went in more than a year ago but increased the number of bedrooms and made alterations to the towers height and width after public consultation.Previous proposals by a rival developer to build a 28-storey tower on the site stalled five years ago.Others working on the scheme include planning consultant Turley, QS Gardiner & Theobald, heritage architect Stephen Levrant and services engineer Applied Energy.

New spaces to be unlocked and Conservatory to be overhauled in refresh of deteriorating grade II-listed siteFirst sketch of Allies & Morrison and Asif Khans proposals to refurbish the BarbicanPlans by Allies & Morrison and Asif Khan for a long-awaited 240m refurbishment of the Barbican have been unveiled in a first consultation round.The grade II-listed London arts venue has given members of the public a first look at proposals to restore and renew the deteriorating site, which has faced an array of problems in recent years including leaking in its exhibition halls.The plans, available to view online until 17 February, will also unlock underused spaces for public use and upgrade its building systems to meet net zero targets.> Also read:Climate policies hit City of Londons Barbican repair works with 16 month delay and 60% cost hikeThe grid of concrete columns which fills the venues main foyer will be restored along with improved lighting, new facilities and upgrades to doors and lifts.A major decluttering of the area to create new flexible spaces will also enable art and performance to be brought into the heart of the building.The main foyer area will be decluttered with new spaces unlocked for arts and performanceThe lakeside area above the podium, which has battled issues with a damaged waterproofing membrane, will be repaved and its fountains will be upgraded to provide passive cooling in the summer.The popular Conservatory, Londons second biggest, will also be reimagined to ensure its thousands of plants remain the stars of the show, the venue said, with dramatic, architectural new planting aiming to provide a sense of theatre.The space will also be made fully accessible and able to remain open for longer hours, providing more scope for events.Barbican director of buildings and renewals Philippa Simpson said the project aims to celebrate the history and heritage of this special site.The venues lakeside area will be repaved and its fountains refurbished to provide passive cooling in the summerThe Barbican has always been about Renewal, a beacon of an optimistic future in the wake of the Second World War, she said.This project is rooted in the vision and ambition of its founders, to reimagine what an arts centre can be in the 21st century, a vital, creative space for everyone.Allies & Morrison director Oliver Heywood added: The Barbican is one of Londons most iconic spaces. Our goal is to honour the Centres original bold architectural legacy, while making it more inclusive, sustainable, and fit for the future.Feedback from the consultation will inform the next stage of the plans, set to be unveiled in May, with construction expected to start in 2027 if a planning application is approved.> Also read:SOM working up plans for two-tower office scheme next to BarbicanThe first five-year phase of the project, which is being backed by a 191m grant from the City of London, is scheduled to open in time for the venues 50th anniversary in 2032.The project team also includes engineer Buro Happold and landscape designer Harris Bugg Studio.View scheme is scheduled to start construction in 2027

The team selected for the estimated 300,000 contract will design and deliver a new gallery space exploring 250 years of scientific and technological progress. The project, backed by Science Museum Group and planned to complete in 2028, will transform the existing ground floor Making the Modern World exhibit which opened 25 years ago.The procurement comes a year after Wright and Wright was chosen to create a new Horizons Gallery exploring the impact of contemporary science on society. The exhibition will transform a large ground floor gallery space which currently houses the South Kensington museums long-running Exploring Space exhibition.According to the brief: Making the Modern World (MMW) opened as the Science Museums flagship permanent gallery in 2000 and is one of our most prominent and highly visited galleries. It is an object-focused, synoptic gallery, charting 250 years of science, technology and medicine from 1750-2000 and containing more than 2,000 objects.AdvertisementAges of Invention is a reimagining of MMW, including entirely new stories and themes, alongside existing highlights. We will rationalise displays and infrastructure to reveal the buildings architecture and create a dramatic and engaging, relevant and contemporary object rich gallery.The new gallery explores 250 years of significant scientific, technological and social change, through extraordinary objects, stories and people whose impact continues to shape our world today.Founded in 1857, the Science Museum relocated to its current location in the early twentieth century and is now one of Londons most popular visitor attractions. Originally designed by Richard Allison, the museum has been extended several times in the 1960s, 1980s and finally with the addition of the Wellcome Wing by MJP Architects in 2000.The project is the latest instalment in the museums 60 million regeneration masterplan, which includedZaha Hadid Architects mathematics gallery, which opened in 2017. The first scheme in the masterplan, a library and research centre by Coffey Architects, completed in March 2016, while an interactive gallery by Muf opened in 2017.Other competition-winning schemes under development include a suite of medical galleries by WilkinsonEyre which opened in November, an events space by Duggan Morris(completed by Mary Duggan Architects), an auditorium by Dow Jones Architects and an entrance by HAT Projects.AdvertisementUnknown Works unveiled a new permanent gallery dubbed Energy Revolution at Londons Science Museum last year.Bids to deliver the latest contract will be evaluated 70 per cent on quality and 30 per cent on cost. Applicants must hold employers Liability Insurance of 5 million, Public Liability Insurance of 10 million and Professional Indemnity Insurance of 5 million.Shortlisted teams will each receive a 1,500 honorarium to participate in the second phase of the competition during which initial design thoughts in response to the brief will be required.Competition detailsProject title Ages of Invention Gallery Lead Designer, Architect, Exhibition DesignerClient Science Museum GroupContract value 3.7 million-to-4.2 millionFirst round deadline 18 February 2025Restrictions TbcMore information https://www.contractsfinder.service.gov.uk/Notice/b3ccb427-588f-44d1-ad01-4b2142c613b6

The winning team selected for the estimated 250,000 contract will draw up plans for a new culturally sensitive housing scheme intended to support the needs of local residents and reduce costs for the east London local authority.The project planned to complete in 2026 aims to create 54 extra care units and new general needs affordable housing of the highest design and architectural quality with improved public realm on the site of a former adventure playground and sports pitch on Augusta Street.According to the brief: Tower Hamlets aims to create a number of extra care bed places within the borough to the benefit of its existing residents and families, and to reduce the ongoing financial burden of out of borough placements, which is unsustainable in the long term.AdvertisementIn addition, Tower Hamlets has one of the most ethnically diverse populations in Britain, home to many communities including the largest Bangladeshi community in the country, accounting for 34.6 [per cent] of the overall population in the borough.The site at Augusta Street, adjacent to Bartlett Park, has been identified as providing a culturally sensitive extra care housing development and potentially some general needs housing.Bartlett Park is a 5ha park surrounding St Saviour's Church and located close to the Limehouse Cut in Poplar, east London. Nearby landmarks include the Frederick Gibberd-designed Chrisp Street Market Clock Tower which was created as part of the Lansbury Estate for the 1951 Festival of Britain.The latest project twill transform a disused 0.3ha site located immediately next to the park on the edge of the Lansbury Conservation Area. Key aims include delivering a culturally sensitive scheme which increases the density of the site through a design-led approach which contributes to good quality place-making.Bids for the latest commission will be evaluated 60 per cent on quality and 40 per cent on price. Applicants must hold employers liability insurance of 10 million, public liability insurance of 5 million and professional indemnity insurance of 10 million.AdvertisementCompetition detailsProject title HAR6070 Architect Services for Augustus Street (Bartlett Park) Extra Care SchemeClientContract value TbcFirst round deadline Midday, 28 February 2025Restrictions TbcMore information https://www.find-tender.service.gov.uk/Notice/003301-2025

Key takeaways Today's top CDs offer up to 4.65% APY.The Federal Reserve's rate pause last week means high APYs should stick around a bit longer.Rate cuts are expected later this year, so locking in your APY now can protect your earnings. The Federal Reserve's latest rate pause is great news for savers, especially those thinking of opening a certificate of deposit.When the Fed holds interest rates steady, banks tend to do the same with their CD rates. That means there's still time to score up to 4.65% annual percentage yield, or APY, with today's best CDs. And since your APY is locked in when you open a CD, your earnings will stay the same even if the Fed cuts rates later this year -- which experts expect it will.Here are some of the highest CD rates and how much you could earn by depositing $5,000.Today's best CD rates Term Highest APY*BankEstimated earnings6 months 4.65%CommunityWide Federal Credit Union$114.931 year 4.45%CommunityWide Federal Credit Union$222.503 years 4.15%America First Credit Union$648.695 years 4.25%America First Credit Union$1,156.73 Experts recommend comparing rates before opening a CD account to get the best APY possible. Enter your information below to get CNET's partners' best rate for your area.Open a CD now to maximize your earning potentialAPYs on CDs and savings accounts have been falling since the Fed cut interest rates three times at the end of 2024. But with inflation inching back up, the Fed chose to hold rates steady at its January meeting, and experts believe it will keep rates paused for a while. As a result, banks are hedging their bets by keeping CD rates relatively flat, too, particularly given the uncertainty around the new administration's policies."The Fed's goal is to bring inflation down further, and if tariffs come into play, they could have an inflationary effect," said Chad Olivier, certified financial planner and CEO of The Olivier Group. "Because of this uncertainty, I believe the Fed will take more of a wait-and-see approach before making any moves."By securing a high APY now, you can maximize your earning potential. Your APY is locked in when you open a CD, which means your rate of return will stay the same even when the Fed begins cutting the benchmark rate again.You can earn up to 5% APY on the best high-yield savings accounts. Check out today's rates.Average CD rates from week to week Term Last week's CNET average APYThis week's CNET average APYWeekly change**6 months 4.11%4.10%-0.24%1 year 4.05%4.06%0.00253 years 3.53%3.54%0.00285 years 3.52%3.55%0.0085 Things to keep in mind when comparing CDsA competitive APY is important, but it's not the only thing you should consider. To find the right CD for you, weigh these factors, too:When you'll need your money: Early withdrawal penalties on CDs can eat into your interest earnings if you need your money before the term ends, so choose a timeline that makes sense. Alternatively, you can select a no-penalty CD, although the APY may not be as high as you'd get with a traditional CD of the same term.Minimum deposit requirement: Some CDs require a minimum deposit to open an account, typically $500 to $1,000. Knowing how much money you have to set aside can help you narrow your options.Fees: Maintenance and other fees can cut into your savings. Many online banks don't charge fees because they have lower overhead costs than banks with physical branches. Read the fine print for any account you're evaluating.Safety and security: Make sure the bank or credit union you're considering is an FDIC or NCUA member so your money is protected if the bank fails.Customer ratings and reviews: Visit sites like Trustpilot to see what customers are saying about the bank. You want a bank that's responsive, professional and easy to work with.MethodologyCNET reviews CD rates based on the latest APY information from issuer websites. We evaluated CD rates from more than 50 banks, credit unions and financial companies. We evaluate CDs based on APYs, product offerings, accessibility and customer service.The current banks included in CNET's weekly CD averages include Alliant Credit Union, Ally Bank, American Express National Bank, Barclays, Bask Bank, Bread Savings, Capital One, CFG Bank, CIT, Fulbright, Marcus by Goldman Sachs, MYSB Direct, Quontic, Rising Bank, Synchrony, EverBank, Popular Bank, First Internet Bank of Indiana, America First Federal Credit Union, CommunityWide Federal Credit Union, Discover, Bethpage, BMO Alto, Limelight Bank, First National Bank of America and Connexus Credit Union.*APYs as of Jan. 30, 2025, based on the banks we track at CNET. Earnings are based on APYs and assume interest is compounded annually.**Weekly percentage increase/decrease from Jan. 21, 2025, to Jan. 28, 2025.More on CDs