FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today β€” July 25th 2025Your RSS feeds

The best Android phones of 2025: Expert tested and reviewed

The top Android phones we've evaluated feature vibrant and clear displays, extended battery life, a flexible camera system, and distinctive hardware capabilities.

Senator to Google: Give us info from telco Salt Typhoon probes

AT&T and Verizon refused to hand over the security assessments, says Cantwell

US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the lawmaker, both operators have thus far refused to give Congress.…

This ultraportable Lenovo laptop is a worthy MacBook Air alternative (and has a useful iPhone feature)

Lenovo's Yoga Slim 7i Aura Edition combines unique features with the efficient Intel Core Ultra 7 processor. It's currently $300 off across major retailers.

I found an E Ink tablet worthy of replacing my Remarkable, and it's on sale

The Boox Note Max is a 13-inch e-reader that features a crisp display, practical tools, and one of the most impressive digital pen experiences I've tested. Plus, it's on sale at Amazon.

Microsoft gives Copilot a face - here's how to try your new Appearance chat buddy

Available now for Copilot Labs testers, Appearance can smile, nod, and even raise an eyebrow during your voice conversations.

Fire TV feeling slow? I changed these 10 settings to dramatically improve the performance

Is your Fire TV or Fire TV Stick running slower than usual? Don't rush to replace it - these quick tips could give it a much-needed speed boost.

I spent a week with the Samsung Galaxy Z Flip 7, and it's an even bigger leap than expected

The Galaxy Z Flip is larger yet slimmer than ever. But there's more to it than dimensions.

T-Mobile will give you the iPhone 16e for free with no trade-in - here's how to get yours

Activate a new qualifying line, and you can get the iPhone 16e on T-Mobile. No trade-in is required.

The best smartwatches 2025: I wore these for weeks and found the perfect one for your wrist

I've tested the best smartwatches, including the newest Apple Watch Series 10 and Samsung Galaxy Watch 8 Classic. Here's how to choose the right one.

I found a $300 Motorola phone that offers flagship features at a fraction of the price

The Moto G Power (2025) features a spacious 6.8-inch display and delivers impressive battery life.

These $60 wireless earbuds made me question my audio spending habits

Soundpeats continues to impress, and their new Air5 Pro earbuds are no exception.

Google's new AI tool Opal turns prompts into apps, no coding required

The Google Labs tool enables developers to create apps using natural language prompts and interactive visual aids.

These AR swim goggles I tested have all the relevant metrics (and no subscription)

Form's Smart Swim 2 Pro AR goggles are made with Gorilla Glass 3 and an anti-fog solution, but it's the advanced coaching features that helped me swim faster.

The 7 gadgets I never travel without (and why they make such a big difference)

These travel accessories are mainstays in my backpack - I never leave home without them.

Google's new Search mode puts classic results back on top - how to access it

Web Guide makes it a lot easier to target your search to a concentrated area of a topic.

U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo

Trump's AI plan says a lot about open source - but here's what it leaves out

The AI Action Plan pretty much frees up AI companies to do what they want, but it also supports the use of open source for AI. What that means is one big open question.

Freelance dev shop Toptal caught serving malware after GitHub account break-in

Malicious code lurking in over 5,000 downloads, says Socket researcher

Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts.…

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said

I changed 8 settings on my Motorola phone to significantly improve the battery life

Your Moto phone has several built-in settings to help its battery last longer throughout the day. Here's how they function.

The Dell laptop I recommend to most college students is $350 off at Best Buy

Dell's Inspiron 14 Plus boasts solid hardware and a long-lasting battery, making it perfect for long days.

How to sync passkeys in Chrome across your PC, Mac, iPhone, or Android

With Google's Password Manager, you're able to save and sync passkeys in Chrome across a range of devices.

iOS 26 envy? 5 iPhone features you can already use on your Android (Samsung included)

Apple introduced some flashy new features with the latest iOS 26 release, but Android users will recognize them right away.

Forget Whoop: I found a worthy fitness tracker alternative with none of the subscription fees

The Amazfit Helio strap uses a simple sensor and the same app as high-end smartwatches, all without a subscription.

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one

Microsoft admits it 'cannot guarantee' data sovereignty

Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin

Microsoft says it "cannot guarantee" data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.…

ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

How to craft a raw TCP socket without Winsock?

Mateusz Lewczak explains how the AFD.sys driver works under the hood on Windows 11. In Part 1 [1], he demonstrates how to use WinDbg and the NtCreateFile call to manually craft a raw TCP socket, bypassing the Winsock layer entirely.

Part 2 of the series [2] dives into the bind and connect operations implemented via AFD.sys IOCTLs. Mateusz shows how to intercept and analyze IRP packets, then reconstruct the buffer needed to perform the three‑way TCP handshake by hand in kernel mode.

[1] https://leftarcode.com/posts/afd-reverse-engineering-part1/ [2] https://leftarcode.com/posts/afd-reverse-engineering-part2/

submitted by /u/ReynardSec
[link] [comments]

I got ChatGPT Agent to deliver a truly useful report - and then NotebookLM took it to the next level

Can ChatGPT Agent and NotebookLM actually do real work together? I tested them on a cloud storage comparison project. The result was surprisingly impressive.

How we Rooted Copilot

#️⃣ How we Rooted Copilot #️⃣

After a long week of SharePointing, the Eye Security Research Team thought it was time for a small light-hearted distraction for you to enjoy this Friday afternoon.

So we rooted Copilot.

It might have tried to persuade us from doing so, but we gave it enough ice cream to keep it satisfied and then fed it our exploit.

Read the full story on our research blog - https://research.eye.security/how-we-rooted-copilot/

submitted by /u/vaizor
[link] [comments]

Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 "targets both Linux and Windows systems, deploying platform-specific malware," Wiz

Overcoming Risks from Chinese GenAI Tool Usage

By: Unknown
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China, raising concerns over compliance, data

Advisor to Brit tech contractors Qdos confirms client data leak

Policy management not affected, but some personal data may have been snaffled

Updated Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen by The Register.…

The best kids' tablets of 2025 recommended by parents

We tested the best kids' tablets to find the most durable, fun-filled picks for travel, learning, and summer downtime.

The best all-in-one computers of 2025: Expert tested and reviewed

We tested the best all-in-one computers that combine the power of a desktop PC with a slim, lightweight design.

Finally, an Android smartwatch with extensive health tracking (and doesn't break the bank)

The Amazfit BIP 5 delivers a wide range of health and fitness metrics via Zepp - the same app used by far more expensive smartwatches.

DNS security is important but DNSSEC may be a failed experiment

Nobody thinks of running a website without HTTPs. Safer DNS still seems optional

Systems Approach Last week I turned on DNSSEC (Domain Name System Security Extensions) for the systemsapproach.org domain. No need to applaud; I was just trying to get an understanding of what the barriers to adoption might be while teaching myself about the technology.…

The Age-Checked Internet Has Arrived

Starting today, UK adults will have to prove their age to access porn online. Experts warn that a global wave of age-check laws threatens to chill speech and ultimately harm children and adults alike.

Trump's AI plan pushes AI upskilling instead of worker protections - and 4 other key takeaways

The Trump administration's AI policy covers topics from the future of work to state regulation and censorship. Here's what you need to know.

Can Amazon finally make AI wearables happen? This buzzy new device could be its best bet

As Bee AI is acquired by Amazon, interest in AI-first hardware continues to buzz.
Yesterday β€” July 24th 2025Your RSS feeds

Laptop farmer behind $17M North Korean IT worker scam locked up for 8.5 years

Plus she has to cough up a slice of Pyongyang’s payday

An Arizona woman who ran a laptop farm from her home - helping North Korean IT operatives pose as US-based remote workers - has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 American companies.…

Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack

Good luck getting an appointment with your doctor

The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.…

Every Mac model that upgrades to MacOS 26 Tahoe (and which aren't compatible)

Apple's newest operating system for Macs, Tahoe, is coming soon. If you're not sure if your device is compatible with the update, we've got the full list.

Motorola will give you a free smartwatch with its latest foldable phone deal - how to qualify

Motorola is offering a new promotion for its flagship foldable, the 2025 Razr Ultra, with discounts of hundreds of dollars.

How to install the iPadOS 26 public beta (and which iPad models support it)

Your iPad is set to get several new features with iPadOS 26 this fall, but you can try them early by downloading the public beta now. Here's how.

GitHub's AI-powered Spark lets you build apps using natural language - here's how to access it

The public preview arrives amid a surge of investment from leading tech companies in AI-powered coding assistants.

No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers

Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it

Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.…

The MacOS 26 public beta is here - How to install (and which models support it)

Apple just opened up the MacOS 26 "Tahoe" beta to the public. You can get an early look at the new features and liquid glass UI now. Here's how.

The next big wireless charging leap is coming soon: What Qi2 25W means for Android phones

The new Qi2 25W standard will arrive on iPhones, but it'll be especially useful for compatible Android models. Here's why.

Phishers Target Aviation Execs to Scam Customers

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries.

Image: Shutterstock, Mr. Teerapon Tiuekhom.

A reader who works in the transportation industry sent a tip about a recent successful phishing campaign that tricked an executive at the company into entering their credentials at a fake Microsoft 365 login page. From there, the attackers quickly mined the executive’s inbox for past communications about invoices, copying and modifying some of those messages with new invoice demands that were sent to some of the company’s customers and partners.

Speaking on condition of anonymity, the reader said the resulting phishing emails to customers came from a newly registered domain name that was remarkably similar to their employer’s domain, and that at least one of their customers fell for the ruse and paid a phony invoice. They said the attackers had spun up a look-alike domain just a few hours after the executive’s inbox credentials were phished, and that the scam resulted in a customer suffering a six-figure financial loss.

The reader also shared that the email addresses in the registration records for the imposter domain β€” roomservice801@gmail.com β€” is tied to many such phishing domains. Indeed, a search on this email address at DomainTools.com finds it is associated with at least 240 domains registered in 2024 or 2025. Virtually all of them mimic legitimate domains for companies in the aerospace and transportation industries worldwide.

An Internet search for this email address reveals a humorous blog post from 2020 on the Russian forum hackware[.]ru, which found roomservice801@gmail.com was tied to a phishing attack that used the lure of phony invoices to trick the recipient into logging in at a fake Microsoft login page. We’ll come back to this research in a moment.

JUSTY JOHN

DomainTools shows that some of the early domains registered to roomservice801@gmail.com in 2016 include other useful information. For example, the WHOIS records for alhhomaidhicentre[.]biz reference the technical contact of β€œJusty John” and the email address justyjohn50@yahoo.com.

A search at DomainTools found justyjohn50@yahoo.com has been registering one-off phishing domains since at least 2012. At this point, I was convinced that some security company surely had already published an analysis of this particular threat group, but I didn’t yet have enough information to draw any solid conclusions.

DomainTools says the Justy John email address is tied to more than two dozen domains registered since 2012, but we can find hundreds more phishing domains and related email addresses simply by pivoting on details in the registration records for these Justy John domains. For example, the street address used by the Justy John domain axisupdate[.]net β€” 7902 Pelleaux Road in Knoxville, TN β€” also appears in the registration records for accountauthenticate[.]com, acctlogin[.]biz, and loginaccount[.]biz, all of which at one point included the email address rsmith60646@gmail.com.

That Rsmith Gmail address is connected to the 2012 phishing domain alibala[.]biz (one character off of the Chinese e-commerce giant alibaba.com, with a different top-level domain of .biz). A search in DomainTools on the phone number in those domain records β€” 1.7736491613 β€” reveals even more phishing domains as well as the Nigerian phone number β€œ2348062918302” and the email address michsmith59@gmail.com.

DomainTools shows michsmith59@gmail.com appears in the registration records for the domain seltrock[.]com, which was used in the phishing attack documented in the 2020 Russian blog post mentioned earlier. At this point, we are just two steps away from identifying the threat actor group.

The same Nigerian phone number shows up in dozens of domain registrations that reference the email address sebastinekelly69@gmail.com, including 26i3[.]net, costamere[.]com, danagruop[.]us, and dividrilling[.]com. A Web search on any of those domains finds they were indexed in an β€œindicator of compromise” list on GitHub maintained by Palo Alto Networksβ€˜ Unit 42 research team.

SILVERTERRIER

According to Unit 42, the domains are the handiwork of a vast cybercrime group based in Nigeria that it dubbed β€œSilverTerrier” back in 2014. In an October 2021 report, Palo Alto said SilverTerrier excels at so-called β€œbusiness e-mail compromise” or BEC scams, which target legitimate business email accounts through social engineering or computer intrusion activities. BEC criminals use that access to initiate or redirect the transfer of business funds for personal gain.

Palo Alto says SilverTerrier encompasses hundreds of BEC fraudsters, some of whom have been arrested in various international law enforcement operations by Interpol. In 2022, Interpol and the Nigeria Police Force arrested 11 alleged SilverTerrier members, including a prominent SilverTerrier leader who’d been flaunting his wealth on social media for years. Unfortunately, the lure of easy money, endemic poverty and corruption, and low barriers to entry for cybercrime in Nigeria conspire to provide a constant stream of new recruits.

BEC scams were the 7th most reported crime tracked by the FBI’s Internet Crime Complaint Center (IC3) in 2024, generating more than 21,000 complaints. However, BEC scams were the second most costly form of cybercrime reported to the feds last year, with nearly $2.8 billion in claimed losses.Β In its 2025 Fraud and Control Survey Report, the Association for Financial Professionals found 63 percent of organizations experienced a BEC last year.

Poking at some of the email addresses that spool out from this research reveals a number of Facebook accounts for people residing in Nigeria or in the United Arab Emirates, many of whom do not appear to have tried to mask their real-life identities. Palo Alto’s Unit 42 researchers reached a similar conclusion, noting that although a small subset of these crooks went to great lengths to conceal their identities, it was usually simple to learn their identities on social media accounts and the major messaging services.

Palo Alto said BEC actors have become far more organized over time, and that while it remains easy to find actors working as a group, the practice of using one phone number, email address or alias to register malicious infrastructure in support of multiple actors has made it far more time consuming (but not impossible) for cybersecurity and law enforcement organizations to sort out which actors committed specific crimes.

β€œWe continue to find that SilverTerrier actors, regardless of geographical location, are often connected through only a few degrees of separation on social media platforms,” the researchers wrote.

FINANCIAL FRAUD KILL CHAIN

Palo Alto has published a useful list of recommendations that organizations can adopt to minimize the incidence and impact of BEC attacks. Many of those tips are prophylactic, such as conducting regular employee security training and reviewing network security policies.

But one recommendation β€” getting familiar with a process known as the β€œfinancial fraud kill chain” or FFKC β€” bears specific mention because it offers the single best hope for BEC victims who are seeking to claw back payments made to fraudsters, and yet far too many victims don’t know it exists until it is too late.

Image: ic3.gov.

As explained in this FBI primer, the International Financial Fraud Kill Chain is a partnership between federal law enforcement and financial entities whose purpose is to freeze fraudulent funds wired by victims. According to the FBI, viable victim complaints filed with ic3.gov promptly after a fraudulent transfer (generally less than 72 hours) will be automatically triaged by the Financial Crimes Enforcement Network (FinCEN).

The FBI noted in its IC3 annual report (PDF) that the FFKC had a 66 percent success rate in 2024. Viable ic3.gov complaints involve losses of at least $50,000, and include all records from the victim or victim bank, as well as a completed FFKC form (provided by FinCEN) containing victim information, recipient information, bank names, account numbers, location, SWIFT, and any additional information.

How to clear your iPhone cache (and why you should do it before installing iOS 26 public beta)

A full cache can slow down your iPhone, but clearing it is a fast and easy way to improve performance and free up space.

You can get an iPhone 16 Pro from T-Mobile for free - with no trade-in required

When you sign up for T-Mobile's Experience Beyond Plan, you'll receive an iPhone 16 Pro without a trade-in.

I finally found a wall charger than can replace my AirTag when I travel - and it works in 150 countries

The Twelve South PlugBug is a four-port wall charger that can be used in 150 countries and tracked using the Find My app.

Your MacBook is getting a major upgrade for free - 5 MacOS 26 features I'm trying right now

The MacOS Tahoe beta just went live to the public. Here's how to tell if your Mac can run it, and five of the most-anticipated features to test out.

So much for watermarks: UnMarker tool nukes AI provenance tags

Boffins insist your deepfake tracking tech won't work

Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.…

WatchOS 26 is live: Every Apple Watch that will get the new software update

Want to test run Apple's latest WatchOS software? The public beta is live for everyone to try - as long as you have one of these Apple Watch models.
❌