Earlier and later times added to York Park and Ride bus network
Changes that took effect on Sunday (June 20) mean that services will now arrive in York city centre by 5.45am (7.45am on Sundays), and will depart from the city centre at 10.30pm (every day).
This applies to services 2, 3, 7, 8, 9, and 59.
Councillor Kate Ravilious, executive member for transport at City of York Council, said: "Whether you're catching an early morning train, finishing an overnight shift, or enjoying a night out in York, this expansion is part of our commitment to giving people more travel options and making York a cleaner, more affordable, and more sustainable city."
First Bus has also increased frequency across the Park and Ride network.
Until September 7, additional buses will operate on weekdays on all services, and also on Saturdays on routes 7 and 8.
Normal timetables will run on Sundays.
For more information, visit https://www.firstbus.co.uk/york/routes-and-maps/york-park-ride and https://www.itravelyork.info/park-and-ride
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
WIRED
an hour ago
- WIRED
A Premium Luggage Service's Web Bugs Exposed the Travel Plans of Every User—Including Diplomats
Jul 24, 2025 12:00 PM Security flaws in Airportr, a premium door-to-door luggage service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage. Photo-Illustration:An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED, they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US. 'Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. 'The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything.' Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had fixed the vulnerabilities a few days after the researchers made the company aware of the issues last April. 'The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk,' Darby wrote in a statement. 'We take our responsibilities to protect customer data very seriously.' CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address—and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures. By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users, and claims on its website that it's handled over 800,000 bags for customers. Within the data CyberX9 accessed in its testing, the researchers found and shared with WIRED examples of passengers traveling with diplomatic passports, for several of which the front-page images were also included in the data. These included four from the UK, two from the US, and three from Switzerland. One of the individuals, the researchers determined, was at the time of their travel a UK ambassador, and another was a US executive branch cybersecurity official. 'This is a premium service,' says Pathak. 'We consider that a good chunk of their users are government officials, and other people of a sensitive nature.' Airportr advertises that it's the 'official bag check in partner' of American Airlines, British Airways, Lufthansa, and Virgin Atlantic, along with half a dozen other major airlines, though it appears to only offer its services on flights to and from airports in the UK, Germany, Switzerland, and Austria. American Airlines, British Airways, and Virgin Atlantic didn't respond to WIRED's requests for comment, but a Lufthansa spokesperson responded in a statement. 'We are dedicated to investigating any indications of a third-party data breach thoroughly and promptly," the spokesperson writes. "We take these matters seriously and are committed to maintaining the integrity and security of our data.' CyberX9's researchers first became curious about Airportr last April, after a member of the team saw the service advertised to him for flights to Europe from the United Arab Emirates, where the company is based, and heard that other staff at the company had used it. 'They're handling such a sensitive task of delivering the baggage and collecting so much sensitive information, I thought we should see where they actually stand in terms of security,' says the research team's lead, who asked to remain anonymous due to privacy concerns. 'When I got some time to actually test it out, I found these vulnerabilities quite quickly.' The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a 'rate limiting' security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. In his response statement, Darby, the Airportr CEO, writes that 'while data exposure could theoretically allow administrative access, the ability to act on such information without triggering alarms would be highly difficult.' He also emphasized that the data the researchers found to be vulnerable was Airportr's alone, not that of its airline partners. 'We do not have any ability to alter or influence airline operations or customers' flight details via our APIs, which are designed with read-only permissions and are tightly restricted to reduce risk to airline systems and customer data,' Darby writes. (CyberX9 points out that the administrative access it gained was not in fact, 'theoretical,' and Airportr didn't appear to be aware of the access until the researchers notified the company.) Darby adds that Airportr didn't tell airlines about the vulnerability at the time. 'Given the low-risk nature of the incident, as determined by our investigation, we did not at the time notify data subjects, airline partners, or supervisory authorities,' he writes. 'Subsequently, and given the potential visibility generated by the publication of the research and subsequent media coverage, we have decided to notify the Information Commissioner's Office (ICO) as a precautionary measure.' Airportr's airline partners shouldn't be entirely let off the hook, CyberX9's CEO Pathak says. He argues they, too, are responsible for ensuring the security of their customers' travel plans and other sensitive personal information when they recommend another service to them—a responsibility at which they 'failed miserably," he says. He argues, too, that Airportr's security flaws should serve as a warning about how third-party services, contractors and little-known partner services are often a hidden source of data leakage. 'The real risk isn't always the airline itself but the small add‑on services we overlook which often get promoted to us, as passengers, by the airlines and airports—services we assume are safe because we trust the airline's endorsement,' says Pathak. 'Your data is only as secure as the least‑protected partner that touches it.'
New York Times
an hour ago
- New York Times
Liverpool tour diary: Slot's shift from Klopp time, Mac Allister's Cantonese and loans latest
Arne Slot made some subtle changes on and off the pitch during his 2024-25 debut year as he led Liverpool to Premier League title glory and he has now tweaked how they approach pre-season tours, too. When the club travelled to Asia on such trips during predecessor Jurgen Klopp's reign, the players were put on 'tour time' for the duration rather than adjusting fully to the actual time difference between the UK and wherever they were. The idea was to reduce the impact of jet lag. Advertisement Hong Kong is seven hours ahead of the UK, so the squad would previously have been told to set their watches only three hours ahead of the time on Merseyside. The clocks in their rooms and in communal areas at the team hotel were also changed accordingly. It meant there was often the strange sight of players having breakfast at what was actually lunchtime and their evening meal late at night. However, 'tour time' has been ditched under Slot, with Liverpool's schedule in Hong Kong on their current tour all in sync with local time. It has made life easier for staff, who previously had to juggle events across two different time zones, and has gone down well with the players. Tuesday was a good example of why this change is working out. Being on local time meant Liverpool trained in the morning, before the heavens opened. It is common during monsoon season here for there to be heavy rainfall later in the day. By then, the players were under cover, attending various meet-and-greet events with sponsors such as Standard Chartered, Nike and Carlsberg. The mood in the camp is certainly more buoyant than Liverpool's previous visit to Hong Kong, in 2017, when the weather was so bad that several training sessions were cancelled. Klopp also had to deal with key player Philippe Coutinho agitating for a move to Barcelona. The Brazilian finally got his wish six months later. Eight years on, there has been no such disruption, and Liverpool also have the daily backup option of training inside the new Kai Tak Stadium, which has a retractable roof and air-conditioning. On Wednesday, when Slot oversaw a gruelling double session, they used the pitch next to the stadium in the adjacent sports park. Luis Diaz's future may be uncertain amid Bayern Munich's ongoing pursuit but there has been no sign on this tour of the Colombian attacker downing tools to try to force a move. He has been the same bubbly personality as normal around the squad, and you certainly couldn't question his commitment during Thursday's open session. Diaz wowed a 25,000 crowd with some mazy runs down the left flank during the training drills. At one point, he hit the deck after tangling with Mohamed Salah and claimed he had been fouled. Slot smiled and gestured to Diaz that he'd dived. The former Porto winger saw the funny side and high-fived the Dutchman as he jogged past him. Diaz was down on the turf again soon after, having been too quick for Wataru Endo, who apologised for a late challenge. Cody Gakpo also stood out with some clinical finishing, while there were some lovely touches from newcomer Florian Wirtz, who was operating centrally as a No 10. The only concern for Slot ahead of Saturday's 50,000 sell-out against Milan here was the sight of the stadium's pitch cutting up a fair bit as the session progressed. New striker Hugo Ekitike watched on, having just flown in following the completion of his £79million ($107m) move from Germany's Eintracht Frankfurt. Hugo Ekitike walks out on to the training pitch in Hong Kong. A warm embrace from Arne Slot and then he meets his new team-mates for the first time. #LFC — James Pearce (@JamesPearceLFC) July 24, 2025 As the session came to a close, the 23-year-old Frenchman walked onto the pitch. Slot embraced him and then he went around meeting his new team-mates, who he joined on a lap of appreciation for the fans. Ekitike has been given No 54 as a temporary squad number, with no official confirmation of the shirts Liverpool's new signings will wear in the coming season expected until after the new kit deal with Adidas is launched next month. Hundreds of fans have been camped outside the team hotel on the stunning Kowloon waterfront in the hope of catching a glimpse of their heroes. Liverpool's captain Virgil van Dijk delighted them by going across for a lengthy signing session. Some of the throng have been holding up Diogo Jota No 20 shirts in tribute to the Portugal international, who died in a car accident in Spain earlier this month. Hong Kong Reds intend to perform Jota's fan chant during the 20th minute of Saturday's game. Advertisement Understandably, the demands on Liverpool's players in terms of corporate events and media duties on this trip have been scaled back as they continue to grieve for a much-loved colleague and friend. Kostas Tsimikas now has a permanent reminder of Jota — a tattoo on the back of his left hand which reads: 'Wish you were here 20'. Liverpool are contractually obliged to hold one press conference in Hong Kong and another in Japan before the other game of this trip against Yokohama F. Marinos there next week. Slot will be doing them post-match in both destinations rather than before. Salah has previous for winning table-tennis tournaments on Liverpool pre-season tours, and he remains the man to beat. He has been lighting up the ping-pong contests among the squad in the team hotel. Playing the card game Uno is another popular pastime for the squad during down time. Some brought a PlayStation with them from home to set up in their rooms. Alexis Mac Allister received a warm ovation from the locals by speaking Cantonese during a corporate event for Carlsberg. 'I love you' and 'cheers' were two of the phrases the Argentina midfielder nailed, pronunciation-wise. The host informed him he was a natural. Mac Allister wasn't involved in Thursday's open training as Liverpool continue to carefully manage his workload following the injury which ruled him out for the final two games of last season. He sat watching instead, having done an individual session earlier in the day. With all of Slot's senior stars available for this tour, a lot of talented Liverpool youngsters were left behind on Merseyside. However, two who were included in the travelling party have been earning rave reviews here. Midfielder Trey Nyoni and winger Rio Ngumoha have impressed staff with their attitude and application as well as their technical ability. Both appear to have made strides physically in terms of being better able to handle the demands of senior football. Advertisement Nyoni was rewarded with a contract on improved terms when he turned 18 last month, while Ngumoha will sign his first professional deal when he celebrates his 17th birthday next month. 'Training with the best team in the world so young, it's like every kid's dream, really. (Have to) Just keep on pushing now,' Ngumoha told LFCTV. 'The sessions are intense and tough, but it's been very good. Patience is key. I don't want to rush anything. I'm young, so I'll just keep working hard, showing the manager what I can really do.' Salah is a source of great support for the youngsters and provides advice on recovery and diet. Striker Jayden Danns and midfielder James McConnell were among the academy graduates who did not fly out to Hong Kong. Given the attacking options Slot already possesses, it was decided Danns would be better off staying behind to train with the under-21s at Kirkby. The 19-year-old is still building up his fitness after last season was wrecked by a back injury. A loan is on the cards, and the same goes for McConnell, who was not in the tour squad due to a minor injury issue. There is plenty of interest in borrowing him among clubs in the second-tier Championship, with the 20-year-old set to sign a new contract before he goes.
Yahoo
2 hours ago
- Yahoo
'Rare gem' of a five-bedroom house with home bar and private terrace for sale
A luxury five-bedroom detached house in Crumlin has been listed for sale at £700,000. Sold by Flying Keys, the house on Plynlimon Avenue, offers a large private driveway and boasts two reception rooms. The ground floor's standout feature is the open-plan kitchen and dining room, stretching across the property's width, with two access points to the upper terrace. (Image: Flying Keys via Zoopla) The terrace provides panoramic country views, ideal for morning coffees or hosting guests. The lower ground floor includes an open-plan reception room with bi-fold doors to the garden, a log burner, and a home bar. It also features a utility room, shower room, and a dedicated home gym. (Image: Flying Keys via Zoopla) The first floor includes a family bathroom with separate shower and bath, two spacious bedrooms, and a master bedroom with a walk-through wardrobe and ensuite shower room. The second floor has a family shower room and two additional bedrooms, one with three Velux windows and the other with one. (Image: Flying Keys via Zoopla) The house's outdoor space is equally impressive, with a lower terrace for outdoor furniture and a large dining table. Read more Five bed 18th century country house on the market for over £675,000 Period townhouse with character features and off-road parking for sale Detached five-bed house with walk-in wardrobe and bath on top floor The landscaped garden includes a lawn, a children's playhouse, and a separate vegetable garden with a polytunnel. Flying Keys described the property as "a rare gem that won't stay on the market for long". (Image: Flying Keys via Zoopla) The estate agent added: "As you pull up onto the large private driveway, you'll know you've arrived at a special place." The house has an Energy Performance Certificate rating of B. For more details, contact Flying Keys.
