Ministry of Justice splurged £50M on security – still missed Legal Aid Agency cyberattack

High-risk system compromised long before intrusion was finally spotted

The UK's Ministry of Justice spent £50 million ($67 million) on cybersecurity improvements at the Legal Aid Agency (LAA) before the high-profile cyberattack it disclosed last year.…

xMEMS has a secret weapon that makes thinner smart glasses with better audio a reality

When you look at your headphones, earbuds, or smartglasses, odds are you don't think about the chips inside. Here's why you should.

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive

Jaguar Land Rover wholesale volumes plummet 43% in cyberattack aftermath

Production halts and supply-chain disruption left luxury automaker reeling in fiscal Q3

Brit luxury automaker Jaguar Land Rover has reported devastating preliminary Q3 results that lay bare the cascading consequences of a crippling cyberattack, revealing wholesale volumes collapsed more than two-fifths year-on-year.…

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. "Under certain conditions, an authenticated user may be able to cause untrusted code to be

The Future of Cybersecurity Includes Non-Human Employees

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. "This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious

HSBC app takes a dim view of sideloaded Bitwarden installations

Customers report being locked out after grabbing the password manager via F-Droid

Some HSBC mobile banking customers in the UK report being locked out of the bank's app after installing the Bitwarden password manager via an open source app catalog.…

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA," the

Change your nail color in an instant with digital nail polish, debuting at CES 2026

Choose from over 400 nail polish colors at the touch of a button with iPolish, a set of acrylic nails that change color digitally.

I can't stop thinking about this MagSafe accessory at CES 2026, and no it's not a charger

A more polished OhSnap Mcon controller is being showcased at CES, and it's got some quirky companions in tow.

Weekly Update 485

15 mins and 40 seconds. That's how long it took to troubleshoot the first tech problem of 2026, and that's how far you'll need to skip through this video to hear the audio at normal volume. The problem Scott and I had is analogous to the troubleshooting so many of us do in our roles day in and day out:

1. This should work fine
2. It doesn't work, and I don't know why
3. I did something that seems unrelate,d and now it works
4. I still don't know why

Anyway, I've cleaned up the audio-only version for the podcast, but I can't change the YouTube version once it's streamed, so apologies, just pump your volume up for the first quarter hour. And Happy New Year!

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. "An unauthenticated remote attacker can inject

My favorite contact apps for every platform - including one I built with AI

Contact apps are an important tool for busy lives. But which one should you be using? Here's my short list of favorites.

5 ways rules and regulations can help guide your AI innovation

Governance, when handled correctly, can become a route to the successful implementation of emerging technologies. Five business leaders share their experiences.

This bone conduction lollipop played music in my mouth at CES, and I'm speechless

Lollipop Star uses bone conduction technology to play music through your mouth.

I tried Motorola' Razr Fold at CES 2026, and it's the company's most ambitious phone yet

Motorola's Razr Fold comes with a 8.1-inch inner display, a robust set of cameras, and AI-powered features.

I went hands-on with Lenovo's new ThinkPad X1 Carbon - its best feature is hidden in plain sight

Lenovo commits to repairability with a redesigned 'Space Frame' motherboard with components on both sides.

Lenovo's new AI assistant may give Copilot and Gemini some serious competition

Meet Qira, a personal ambient intelligence system.

I tried every new Lenovo laptop at CES 2026 - these 5 stood out for different reasons

Lenovo's CES 2026 laptop lineup includes some ambitious proof-of-concept devices and a strong redesign of the ThinkPad X1 Carbon.

HackerOne 'ghosted' me for months over $8,500 bug bounty, says researcher

Long after CVEs issued and open source flaws fixed

Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

Grok Is Pushing AI ‘Undressing’ Mainstream

Paid tools that “strip” clothes from photos have been available on the darker corners of the internet for years. Elon Musk’s X is now removing barriers to entry—and making the results public.

No, Microsoft Office was not renamed Microsoft 365 Copilot - here's why you're confused

With Microsoft's bewildering naming conventions, the mistake is easy to make. But Office is still Office, at least when it's not Microsoft 365.

Brightspeed investigates breach as crims post stolen data for sale

Crimson Collective claims 'sophisticated attack'

Internet service provider Brightspeed confirmed that it's investigating criminals' claims that they stole more than a million customers' records and have listed them for sale for three bitcoin, or about $276,370. …

6 mobile accessories I found most exciting at CES 2026

CES is great for innovative tech, but don't forget gadgets and gizmos. These are my favorite mobile accessories right now.

I tried TCL's new e-paper tablet at CES, and it's a ReMarkable alternative in the best way

The matte color display makes digital paper feel less like a compromise. Check it out.

This portable power station kept my essentials running during a snowstorm outage

I tested the EcoFlow Delta 3 Max Plus during a recent power outage, and it didn't flinch, even in cold weather.

Proxying Flutter Traffic on Android with Claude

submitted by /u/rwestergren
[link] [comments]

Asus has a new 2026 laptop lineup, including a GoPro Edition for mobile creators

There's a bigger ZenBook A16 thin and light laptop, a ProArt GoPro Edition machine, and more.

Watch out Microsoft: Asus' new 2-in-1 takes on the Surface Pro with a bundled keyboard

Microsoft's Surface Pro finds a worthy contender in the Asus ProArt PZ14, just announced at CES 2026.

The new Asus ZenBook A14 gets a powerful upgrade - and fixes my biggest gripe

My favorite thin and light laptop from 2025 is getting a refresh at CES 2026, and there's a new 16-inch option.

Hands-on with the new ZenBook Duo: My favorite dual-screen laptop just got even better

The Asus ZenBook Duo (2026) is everything I wanted from the previous-gen model and looks ready to replace my M4 MacBook Air.

One of my favorite laptops just got a 16-inch sequel that's lighter than a MacBook Air

A welcome follow-up to last year's 14-inch model, the Zenbook A16 comes with the Snapdragon X2 Elite Extreme.

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:

Do you work with multiple browsers? You'll love this free MacOS app - see why

Browser Picker makes switching between multiple default web browsers so easy, you have to try it to believe it.

I've tried countless tracker tags, and these are the best I've found for Android

The Rolling Square AirNotch Pro Dual finder tags are water- and dust-resistant, last up to 20 months, and attach to your stuff - no accessory needed.

I saw a two-legged Roborock that is rocking the robot vacuum market at CES 2026

The Roborock Rover has garnered the attention that few devices can achieve at CES 2026, and I had the chance to see it in person.

You can track your glucose levels in the Withings app now - here's how

At CES 2026, Withings partnered with Abbott to offer continuous glucose monitoring.

These 3 Windows file managers made me ditch File Explorer - and they're free

If you're not happy with the default Windows file manager, you're in luck because there are plenty of options that improve on the original.

American Airlines just made its high-speed Wi-Fi free on most flights - how to get it

AT&T partnered with the airline to provide free high-speed Wi-Fi on more than 2 million flights a year.

Use Google AI Overview for health advice? It's 'really dangerous,' investigation finds

Google's AI in Search served up false and misleading health information, according to an investigation by The Guardian.

The most useful smart home gadgets I've seen at CES 2026

I'm back on the CES show floor, narrowing down the most compelling smart home devices I've spotted so far.

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to inadvertently start

I watched a gamer use brain-reading headphones under pressure - and he locked in fast

Neurable returns with its AI-powered brain-reading algorithm, this time in a partnership with HyperX.

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters

submitted by /u/crower
[link] [comments]

Fake Windows BSODs check in at Europe's hotels to con staff into running malware

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls

Russia-linked hackers are sneaking malware into European hotels and other hospitality outfits by tricking staff into installing it themselves through fake Windows Blue Screen of Death (BSOD) crashes.…

These XR glasses gave me a 174-inch screen to work with - and a shockingly wide field of view

With a bright Sony micro-OLED display and 120Hz refresh rate, the Beast XR are Viture's best glasses yet.

The 7 weirdest tech gadgets I've seen at CES 2026 - so far

The show floor at CES is packed with strange, odd, and unusual gadgets. These ones stand out most.

This 3-in-1 USB-C cable is the one thing I refuse to travel without now - here's why

With one cable, I can charge my iPhone, Apple Watch, AirPods, and another device - without worry.

Why your organization needs a Cisco Talos Incident Response Retainer

Every day, new ransomware and data breaches dominate the headlines, reminding us that it’s a matter of when, not if, your organization may be next. Having a well-prepared response plan and a team of forensic professionals ready to act at a moment’s notice can mean a world of difference between swift incident recovery or a […]

The 6 Linux distros I expect to rule 2026 - and why

Which Linux distributions will rise above the competition in 2026 to dethrone the old guard? These are my picks.

Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu

Order and contact details accessed via ecommerce partner, and phishing has begun

Blockchain security biz Ledger says customer information was accessed in a breach at its ecommerce payment partner Global-e, and is warning that other brands using the platform may also be affected.…

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.

Done with the cloud? This NAS takes only 10 minutes to set up - and is the easiest network storage I've tried

Zettlab D4 AI NAS is the ideal network-attached storage device for any home or office. In 10 minutes, I had the D4 deployed and ready to go.

Linux at CES 2026: Tux is alive and well in IoT, cars, and AI

Linux and open source aren't making headlines at CES 2026, but they're working behind the scenes in embedded, automotive, and edge AI.

What is Identity Dark Matter?

The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and IGA tools govern only the nearly

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names. The problem, according to Koi, is that these

Students bag extended Christmas break after cyber hit on school IT

Phones, email, and core systems knocked out at Higham Lane in Nuneaton

Students at a school in Warwickshire, England, have scored an extended Christmas break after a cyberattack crippled its IT systems, forcing classrooms to close and staff to summon government incident responders.…

UK injects just £210M into cyber plan to stop Whitehall getting pwnd

Central government will supposedly be as secure as energy facilities and datacenters under new proposals

The UK today launches its Government Cyber Action Plan, committing £210 million ($282 million) to strengthen defenses across digital public services and hold itself to the same cybersecurity standards it's imposing on critical infrastructure operators.…

The most interesting health and wellness tech I've seen at CES 2026 so far

I'm already seeing some wacky tech and health wearables on display on day one of CES 2026.