The price of SSDs has been skyrocketing, but you can still save nearly 62% on the 8TB SanDisk Desk Drive external SSD from Best Buy right now.

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution (RCE) on

Anthropic's latest Claude model isn't just faster or smarter. Opus 4.8 is being pitched as more honest, more careful, and better suited to complex coding projects.

The US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now says adversaries are using the data to target soldiers during a war.

Windows Server 2016 might be long in the tooth but that isn't about to stop Microsoft breaking stuff. The May 12 security update introduced another bug for administrators to worry about. According to Microsoft, if the server hostname is exactly 15 characters long (like, for example, THEY-NEVER-TEST), domain controller discovery might fail. In the notes for the glitch, Microsoft wrote: "When the hostname is 15 characters long, DCLocator calls (for example, using nltest /dsgetdc: /pdc) will return ERROR_INVALID_PARAMETER, preventing applications and administrative tools from locating a domain controller." In other words, anything that depends on a domain controller lookup might stop working. As an example, Microsoft gave Distributed File System (DFS) Namespace management, which would certainly be inconvenient. DFS Namespaces is a Windows Server role that allows admins to group shared folders across different servers into a single namespace. A single path can lead to files located on multiple servers. Unless, of course, the domain controller lookup is broken. Microsoft lists no workaround for affected users, though changing the server hostname to something other than 15 characters would presumably avoid the trigger. "The issue is under investigation, and additional information will be shared as soon as it becomes available," it said. Microsoft still officially supports Windows Server 2016. Mainstream support ended in 2022, but extended support will continue until January 12, 2027. Microsoft is offering up to three more years of support via the Extended Security Updates (ESU) program after that. Earlier this year, Esben Dochy of Lansweeper told The Register that the operating system accounted for just 2.2 percent of all Windows devices it tracks, but 20.3 percent of all servers. That figure is unlikely to have dropped dramatically in the months since, so there is a fair chance that an administrator with a 15-character hostname could be affected. In addition to the Windows Server 2016 problems, the May 2026 security update has failed during installation on some Windows 11 devices when the EFI System Partition is insufficient in size. It is reassuring to know Microsoft's talent for breakage shows no bias toward any particular vintage. ®

It may be a generation behind, but the LG C5 OLED TV still offers plenty of reasons to pick one up, especially at this price.

Google's Preferred Sources feature is now available in AI Overviews and AI Mode, so you can add your favorite sites to your AI-powered searches.

The Ecovacs X8 Pro Omni won the ZDNET Lab Award for best pickup performance in a robot vacuum, and it's currently $51 off at Walmart.

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints," Arctic Wolf said. "Threat actors disguised the credential stealer payload as a Fortinet endpoint

submitted by /u/albinowax
[link] [comments]

With AI, long-forgotten data assets suddenly turn to gold, with potential security risks.

One of the biggest sporting events of all time kicks off soon - and you don't need an expensive cable package to watch.

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account

Need AI help in Microsoft 365, but don't love Copilot? Claude AI can help you create, edit, and analyze documents. Here's how.

NordVPN argues that antivirus now means far more than it used to, so creating an app that combines VPN services with modern threat protection is the right path.

Gemini can help with a variety of tasks when behind the wheel. All you need is an Android phone and a car with Android Auto.

Carnival Corporation - the world's largest cruise operator - has confirmed a digital heist, a month after hacking crew ShinyHunters claimed to have stolen millions of customers' records. The breach, Carnival confirmed, stemmed from an April 14 social engineering attack on an employee, though the company declined to comment on the scale or name ShinyHunters. However, a company filing with the Maine attorney general's office puts the number of affected individuals at just under six million, down from the 8.7 million records previously listed by Have I Been Pwned. Carnival previously acknowledged the phishing attack at the time, but it did not say whether any data had been accessed or stolen. ShinyHunters claimed it lifted terabytes' worth of Carnival records and hinted at a breakdown in negotiations, likely related to the criminal outfit's extortion demands. "The company failed to reach an agreement with us despite our incredible patience," ShinyHunters wrote on its data leak site, adding: "They don't care." Following a "thorough and time-consuming analysis of the impacted data," Carnival confirmed that names, addresses, email addresses, phone numbers, dates of birth, and state identification numbers were all included in the breach. As is often the case in data theft incidents, individuals will be affected to different degrees, depending on what information they shared with the company. Carnival began sending notifications directly to affected individuals on Wednesday. Those communications include details about how recipients can redeem two years of free credit monitoring services, as is common in US breach notifications, via TransUnion. It closed its message with a promise to improve: "In addition to the comprehensive security measures the company had in place prior to the incident, it has taken steps to further safeguard its systems, including enhancing its security and monitoring controls. "The company will continue to advance its IT security and data privacy controls to stay ahead of an ever-evolving threat landscape." ®

Installing a VPN on your smart TV blocks hackers from accessing your network and stealing your data. But there are benefits to the content, too.

Your Windows PC or Mac already includes built-in security features, and that’s a good thing. These tools provide an important first layer of protection against malware and other common threats users encounter every day. 

But today, staying safe online is about much more than blocking viruses.  

Scam texts arrive daily. Phishing emails imitate trusted brands. Fake websites are designed to steal passwords and payment information. Personal details can appear on data broker sites. AI Deepfakes are more convincing than ever. And most households use multiple devices, from laptops and phones to tablets and Chromebooks. 

That’s why McAfee+ Advanced combines device security with scam protection, identity monitoring, personal info removal, web protection, and secure VPN to help protect the many parts of your digital life. 

Let’s break down what built-in security does, and what McAfee does differently: 

What Built-In Security Does Well 

Both Windows 11 and macOS include a range of built-in security features designed to help protect your device. Depending on your operating system and the apps you use, these may include: 

• Malware detection and removal  
• Firewalls  
• Browser warnings about suspicious websites  
• Password management tools  
• Privacy and app permission controls  

Together, these features provide an important first layer of protection and help many users stay safer online.  

Why Many People Want More Than Basic Device Protection 

Built-in security tools are primarily focused on protecting the device itself. However, today’s online threats often target something even more valuable: your identity, your money, and your personal information. 

Recent McAfee research found that Americans receive an average of 14 scam messages every day, and more than three in four have encountered an online scam. 

Threats now commonly include: 

• Scam texts pretending to be banks, toll agencies, and delivery companies  
• Fake job offers via text, email, or social media 
• Phishing emails  
• QR code scams  
• AI-generated voice and video impersonations  
• Identity theft via smishing and quishing, including hijacking entire social profiles 
• Exposure of personal information on data broker sites  

These risks can follow you across all your devices, not just the computer sitting on your desk. 

Built-In Security vs. McAfee Protection 

Here are the key differences between built-in security alone, vs additional protection like McAfee.  

Built-In Security Has	McAfee+ Advanced Adds
Detecting viruses and malware	Scam protection for suspicious texts, emails, links, QR codes, and deepfakes
Basic privacy controls	Secure VPN to protect your connection on public Wi-Fi
Saving passwords	Password manager with unique password generation and storage.
Warning about some risky websites	Web Protection to help block dangerous sites before they load
Security on one device	Antivirus coverage across your PCs, Macs, phones, and tablets
Doesn’t have this support	Identity monitoring, so you know when your SSN and other info is exposed. Plus personal info removal, so your old data isn’t left spread out across the web.

Why McAfee Stands Out: Speed and Comprehensive Protection 

Unlike the old stereotype that stronger protection means a slower computer, independent testing shows McAfee is also the lightest on performance.  

In the latest AV-Comparatives PC Performance Test, McAfee Total Protection posted the lowest system impact score of all 20 products tested: just 3.3, compared with the industry average of 12.8.  

It also earned the highest possible rating, ADVANCED+. That means McAfee is not just adding more layers of protection. It is doing so while staying out of your way. 

For consumers looking for security that goes beyond basic antivirus to help protect against scams, identity theft, privacy risks, and threats across all their devices, that combination is hard to ignore. 

Protection Across All Your Devices 

Most people no longer rely on a single computer. A typical household may use: 

• Windows PCs  
• Macs  
• iPhones  
• Android phones  
• Tablets  
• Chromebooks

Managing security separately on every device can be difficult. McAfee+ Advanced is designed to provide coverage across your devices under one subscription, helping simplify online protection for individuals and families. 

How McAfee+ Advanced Goes Beyond Built-In Security 

With McAfee+ Advanced, multiple layers work together before any damage is done:  

• Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage 
• Secure VPN keeps your data private, especially on public Wi-Fi  
• Web Protection helps block risky sites, even if you do accidentally click  helps block risky sites, even if you do accidentally click   
• Password Manager doesn’t just help you make unique, strong passwords, it keeps them stored and organized for you
• Device Security helps detect malicious apps or downloads   
• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast   
• Personal Data Cleanup helps remove your information from sites selling it. 
• Online Account Cleanup assists in taking down your old, forgotten accounts across the web 
• Social Privacy Manager helps you monitor and change privacy settings across your social platforms in just a few clicks 

Together, these protections are designed to address the broader range of online risks people face every day. 

So, Do Windows PCs and Macs Need Antivirus Software? 

Built-in security tools provide an important starting point, but with scam attempts becoming more convincing and personal information more widely exposed, many people need a more comprehensive approach to staying safe online. 

McAfee+ Advanced combines device security, scam protection, identity monitoring, privacy tools, and VPN coverage to help you browse, bank, shop, and connect with greater confidence. 

The post Do Windows PCs and Macs Need Antivirus Software? How McAfee Goes Beyond Built-In Security appeared first on McAfee Blog.