Saturday, June 14, 2025

Latest Tech News

  • Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected
  • This malware only activates during checkout, making it a silent threat to online payments
  • The script opens a WebSocket connection for live control, completely invisible to the average user

A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like Google.com to bypass traditional antivirus defenses.

A report from security researchers at c/side, this method is subtle, conditionally triggered, and difficult for both users and conventional security software to detect.

It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user's browser session.

Malware hidden in plain sight

The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: https://ift.tt/axqznMW.

However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(...)).

The use of Google’s domain is central to the deception - because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question.

This script only activates under specific conditions. If the browser appears automated or the URL includes the word “checkout,” it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions.

Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript’s Function constructor.

The attacker can remotely run code in the browser in real time with this setup.

One of the primary factors influencing this attack's efficacy is its ability to evade many of the best antivirus programs currently on the market.

The script's logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners.

They will not inspect, flag, or block JavaScript payloads delivered through seemingly legitimate OAuth flows.

DNS-based filters or firewall rules also offer limited protection, since the initial request is to Google’s legitimate domain.

In the enterprise environment, even some of the best endpoint protection tools may struggle to detect this activity if they rely heavily on domain reputation or fail to inspect dynamic script execution within browsers.

While advanced users and cybersecurity teams may use content inspection proxies or behavioral analysis tools to identify anomalies like these, average users are still vulnerable.

Limiting third-party scripts, separating browser sessions used for financial transactions, and remaining vigilant about unexpected site behaviors could all help reduce risk in the short term.

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/w6xbREm
at No comments:
Labels: ,

Liquid Glass, New Photos App and All the Other iOS 26 Features Coming to Your iPhone

The iPhone is poised to get a new look and improved features in iOS 26.

from CNET https://ift.tt/gMrKztE
at No comments:
Labels:

Best Internet Providers in Madison, Wisconsin

Looking for home internet in Madison? Availability varies by neighborhood, but CNET’s experts have narrowed down the top ISPs to help you choose.

from CNET https://ift.tt/6owKxOj
at No comments:
Labels:

Latest Tech News

  • Cortical Labs offers cloud access to neuron-powered computing for just $300 a week
  • CL1 fuses human brain cells and silicon and can run real code
  • System enables real-time neural processing for research in AI and neuroscience

Cortical Labs, an Australian startup we've covered previously, has launched what it describes as the world’s first commercially available biological computer capable of running code.

The CL1 device combines lab-grown human neurons with silicon hardware and is designed for neuroscience, biotech, and artificial intelligence research.

Customers can purchase a CL1 unit outright for $35,000 or access it remotely through a weekly rental priced at $300, with the platform already available via Cortical Labs’ wetware-as-a-service.

A new way to study brain function

Each CL1 contains about 800,000 neurons grown from reprogrammed adult cells. These neurons are kept alive by an integrated life-support system that delivers nutrients and controls the environment.

The neurons communicate and adapt using sub-millisecond electrical signals, which the company says allows the CL1 to process inputs and generate outputs almost instantly, offering a new way to study brain function.

“The CL1 does this in real time using simple code abstracted through multiple interacting layers of firmware and hardware,” Brett Kagan, Chief Scientific Officer at Cortical Labs told IEEE Spectrum. “Sub-millisecond loops read information, act on it, and write new information into the cell culture.”

The CL1 builds on DishBrain, a proof-of-concept where neurons learned to play Pong in a simulated environment.

The new model increases input channels, improves signal latency, and includes hardware enhancements that make it more suitable for research and potential commercial applications. It has already been used to restore learning function in neural cultures modeling epilepsy.

The device consumes less power than conventional AI hardware and supports use cases including drug development, AI testing, and disease modeling. It requires buyers to obtain ethical approval for new cell lines and to operate within a lab environment.

Karl Friston, a theoretical neuroscientist, called the CL1 a “remarkable achievement” and noted that it provides researchers with a practical platform to test theories about learning, behavior, and brain function using real neurons.

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/8EP6X5I
at No comments:
Labels: ,

Friday, June 13, 2025

Best Gas Grills of 2025: We Tested More than 15

Is Weber still the king of the grill? We put a slew of top full-sized, tabletop and portable grills to the test to find the best propane and natural gas grills for summer 2025.

from CNET https://ift.tt/O7hFmZQ
at No comments:
Labels:

Latest Tech News

  • The Fiio M21 hi-res audio player costs £279 / $329 (about AU$583)
  • Quad-DAC configuration and two-stage amplification
  • Desktop mode for optimized output for hi-fi systems

The arrival of a new affordable audio player from FiiO is guaranteed to get our attention: when we reviewed the JM21 portable music player we were blown away by its sound and its value for money. And now there's a new player that's more powerful without being much more expensive.

Where the JM21 is a dual-DAC device, the new FiiO M21 is a quad-DAC player. And double the DACs doesn't mean double the price: where the JM21 launched at $199 / £179, the M21 is $329 / £279.

FiiO M21 portable audio player: key specifications and features

FiiO M21 music player lifestyle shot from above, showing the back of the player sitting on what looks like a tablet or laptop. There's not much going on here, the player is smooth and matte

(Image credit: FiiO)

The M21 is a sleek-looking thing with a big 4.7-inch IPS touchscreen on the front, a glass back, and an octa-core Snapdragon 680 inside it. The device runs Android 13 and comes with 4GB of RAM, 64GB of internal storage with 52GB of that available for use, and you can add up to 2TB via microSD. Bluetooth is 5.0 (SBC, AAC, aptX, aptX HD, LDAC and LHDC).

The DACs are four Cirrus Logic CS4319s arranged to minimize crosstalk and noise. The two-stage amplification provides voltage first and current second, which Fiio says creates a clean and dynamic sonic profile.

A key new feature is M21, a first for Fiio's entry-level Androids. It enables you to connect to a USB-C supply and bypass the battery, delivering up to 21Vpp peak voltage and 950mW per channel into 32 ohms. Desktop mode also enables you to use the M21 as a hi-res streamer for a wider hi-fi system.

Battery life in portable mode is 15 hours over the 3.5mm output and 11.5 hours with the balanced 4.4mm output. And there's an optional retro case that looks like a cassette tape – it's the larger metal-colored box the M21 is sitting on in the main photo at the top.

There's no doubt that this is going to sound fantastic – and I suspect it'll probably cope better with higher volumes than the JM21, which gets a bit shouty when you crank things up too high. And at £279 / $329 the M21 still undercuts many rival hi-res audio devices – not least Fiio's own M23, another player we love.

Between that and the fake-cassette cas,e I think FiiO's come up with a winning formula here. The player is available now.

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/4rCsUyk
at No comments:
Labels: ,

Latest Tech News

  • Researchers are warning about the "unsubscribe here" button in spam emails
  • They can be used to redirect victims to malicious pages
  • There are other ways to get rid of spam, so users should be on their guard

If you've received a spam email with an “unsubscribe here” button at the bottom, don’t press it - it could do more harm than good.

This is according to TK Keanini, CTO of DNSFilter, who recently revealed pressing such a button sends the recipient away from the safety of the email client and into the open internet, where potentially malicious landing pages are lurking.

In fact, Keanini claims that one in every 644 clicks can lead to a malicious website.

How to unsubscribe, then?

Even if clicking the button doesn’t lead directly to a phishing page, other, more subtle, risks, are lurking as well.

Keanini says that hackers would often place that button just to see who clicks - which would also help them determine which email addresses are active and thus worth targeting further.

The general rule of thumb seems to be - if you don’t trust the company that sent the email, don’t trust the unsubscribe process, either.

So, what’s the alternative? The alternative is to unsubscribe through the email client itself, rather than through the email’s body.

Most email clients have “list-unsubscribe headers”, which appear as built-in buttons and thus don’t include source code, Tom’s Guide explained. “If your email header doesn’t contain a link, you can reply on your spam filters, or try blacklisting the sender instead,” the publication further explained.

Those who don’t have these options can use disposable email addresses when signing up for different services. Most email service providers allow users to create throwaway email addresses, as well. For example, Gmail has a feature called “plus addressing” or “Gmail aliases”, which allow users to modify their address by adding a + and a tag before the @gmail.com address.

That way, the email address used during registration could be yourname+shopping@gmail.com. Messages will still arrive in the inbox, but they can be easily tracked or filtered.

Via Wall Street Journal

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/8BaO5pU
at No comments:
Labels: ,

Thursday, June 12, 2025

Latest Tech News

  • Experts warns of fake Booking.com sites circulating the web
  • The sites come with a fake "Accept Cookie" prompt that downloads a RAT
  • Shoppers should be on their guard when searching for deals

Hackers have been found targeting holidaymakers around the world with remote access trojans (RAT) distributed through fake Booking.com websites, experts have warned.

Researchers from HP Wolf Security found cybercriminals have been making websites that, on first glance, look just like booking.com - they carry the same branding, the same color scheme, and same formatting. However, the content of the website is blurred, and over it, a deceptive cookie banner is displayed.

If victims press “Accept cookies”, they’ll trigger a download of a malicious JavaScript file. This, in turn, installs XWorm, a powerful RAT that grants the attackers full control over the compromised device, including access to files, webcams, and microphone. They can also use the access to disable security tools, deploy additional malware, and exfiltrate passwords and other data.

Peak booking period

HP Wolf Security says it first spotted the campaign in Q1 2025, which is “peak summer holiday booking period”, and a time when “click fatigue” sets in, as prospective holidaymakers are reckless and don’t pay attention to the sites they’re visiting, ending in disaster.

"Since the introduction of privacy regulations such as GDPR, cookie prompts have become so normalized that most users have fallen into a habit of ‘click-first, think later,’” commented Patrick Schläpfer, Principal Threat Researcher in the HP Security Lab.

“By mimicking the look and feel of a booking site at a time when holiday-goers are rushing to make travel plans, attackers don’t need advanced techniques - just a well-timed prompt and the user’s instinct to click.”

There are a few things users can do to stay safe, and the first one is - to slow down when browsing.

Users should also make sure not to click on links in emails or social media messages, especially for well-established sites such as Booking. Instead, type in the address in the browser’s navigation bar manually.

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/92TEPIt
at No comments:
Labels: ,

Wednesday, June 11, 2025

ChatGPT Defeated at Chess by 1970s-Era Atari 2600

An engineer's experiment yielded a surprising result for OpenAI's popular chatbot.

from CNET https://ift.tt/z6hJXtN
at No comments:
Labels:

Latest Tech News

  • Binarly spotted a legitimate utility, trusted on most modern systems utilizing UEFI firmware, carrying a flaw
  • The flaw allowed threat actors to deploy bootkit malware
  • Microsoft patched it the June 2025 Patch Tuesday cumulative update

Microsoft has fixed a Secure Boot vulnerability that allowed threat actors to turn off security solutions and install bootkit malware on most PCs.

Security researchers Binarly recently discovered a legitimate BIOS update utility, signed with Microsoft’s UEFI CA 2011 certificate. This root certificate, used in the Unified Extensible Firmware Interface (UEFI) Secure Boot process, plays a central role in verifying the authenticity and integrity of bootloaders, operating systems, and other low-level software before a system boots.

According to the researchers, the utility is trusted on most modern systems utilizing UEFI firmware - but the problem stems from the fact it reads a user-writable NVRAM variable without proper validation, meaning an attacker with admin access to an operating system can modify the variable and write arbitrary data to memory locations during the UEFI boot process.

Microsoft finds 13 extra modules

Binarly managed to use this vulnerability to disable Secure Boot and allow any unsigned UEFI modules to run. In other words, they were able to disable security features and install bootkit malware that cannot be removed even if the hard drive is replaced.

The vulnerable module had been circulating in the wild since 2022, and was uploaded to VirusTotal in 2024 before being reported to Microsoft in late February 2025.

Microsoft recently released the June edition of Patch Tuesday, its cumulative update addressing different, recently-discovered, vulnerabilities - among which was the arbitrary write vulnerability in Microsoft signed UEFI firmware, which is now tracked as CVE-2025-3052. It was assigned a severity score of 8.2/10 (high).

The company also determined that the vulnerability affected 14 modules in total, now fixing all of them.

"During the triage process, Microsoft determined that the issue did not affect just a single module as initially believed, but actually 14 different modules," Binarly said. "For this reason, the updated dbx released during the Patch Tuesday on June 10, 2025 contains 14 new hashes."

Via BleepingComputer

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/8yDMHTh
at No comments:
Labels: ,

Tuesday, June 10, 2025

Threads Is Finally Getting This Very Basic Function

Meta is testing DMs in Threads, almost 2 years after the social media app launched.

from CNET https://ift.tt/9YCtOuM
at No comments:
Labels:

Latest Tech News

  • Kaspersky warns multiple DVR devices are being targeted with malware
  • The malware assimilates the devices into a botnet, granting DDoS and proxy capabilities
  • The victims are scattered all over the world, and there seems to be no patch

If you are using TBK DVR-4104, DVR-4216, or any digital video recording device that uses these instances as its basis, you might want to keep an eye on your hardware because it’s being actively hunted.

Cybersecurity researchers at Kaspersky claim to have seen a year-old vulnerability in these devices being abused to expand the dreaded Mirai botnet.

In April 2024, security researchers found a command injection flaw in the devices listed above. As per the NVD, the flaw is tracked as CVE-2024-3721, and was given a severity score of 6.3/10 (medium). It can be triggered remotely and grants the attackers full control over the vulnerable endpoint. Soon after discovery, the flaw also got a Proof-of-Concept (PoC) exploit.

Victims around the world

Now, a year later, Kaspersky says it saw this same PoC being used to expand the Mirai botnet. The attackers are using the bug to drop an ARM32 malware which assimilates the device and grants the owners the ability to run distributed denial of service (DDoS) attacks, proxy malicious traffic, and more.

The majority of victims Kaspersky is seeing are located in China, India, Egypt, Ukraine, Russia, Turkey, and Brazil. However as a Russian company, Kaspersky’s products are banned in many Western countries, so its analysis could be somewhat skewed.

The number of potentially vulnerable devices was more than 110,000 in 2024, and has since dropped to around 50,000. While most definitely an improvement, it still means that the attack surface is rather large.

Usually, when a vulnerability like this is discovered, a patch soon follows. However, multiple media sources are claiming that it is “unclear” if makers TBK Vision patched the bug.

CyberInsider reports that multiple third-party brands use these devices as a basis for their models, further complicating patch availability, and stating that “it’s very likely that for most, there is no patch.”

Some of the brands are Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, and others.

Via BleepingComputer

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/CJVHOgD
at No comments:
Labels: ,

Monday, June 9, 2025

Latest Tech News

  • Apple Music will get 3 notable new perks with iOS 26
  • The updates will roll out alongside Apple Music Sing upgrades on tvOS
  • Apple made the announcement at WWDC 25, on June 9

Liquid Glass, aka Apple's new glass-like redesign for its software platforms, is a clear headline grabber at WWDC. But what is iOS 26 bringing to Apple Music?

A few things, actually: Apple Music is getting Lyrics Translation, Lyrics Pronunciation, AutoMix for creating beat-perfect playlists and sets, plus Music Pins to put your favorite artists and albums right to the top of your home screen.

Meanwhile, Apple's Liquid Glass will level up what you see while a song is playing, because it'll provide more glass-like depth – and elements within a track's artwork will move with a more three-dimensional quality; in and out of focus, as it were.

Apple WWDC 2025

(Image credit: Apple)

AutoMix is here – finally!

What exactly is AutoMix? Think seamless mixing of your songs into one continuous playlist, for a stream of music without any annoying gaps between tracks. It'll be similar to what a DJ does, but carried out automatically by Apple Music via Apple Intelligence's AI brain. Outstanding!

One of the other biggest perks of today's Apple WWDC 2025 event in the audio sphere? The knowledge that buying either a shiny new set of AirPods 4, AirPods 4 with Noise Cancelling or AirPods Pro 2 is a smart and future-proof thing to do: Apple has announced studio-quality audio recording and camera remote is coming to these models – and as luck would have it, both are also currently on sale too.

@techradar ♬ original sound - TechRadar

Of course, AirPods, Apple Music and iPhones all play especially nice together (it's the way Apple wants you to listen): think personalized spatial audio with Dolby Atmos, plus dynamic head-tracking that uses your iPhone or iPad as a source device to ping the soundscape all around your head as you turn it.

And then there's Live Translation. I've just finished working on a French opera, namely Gounod's Faust, and I think it might be a huge plus for me in Apple Music.

Apple WWDC 2025

(Image credit: Apple)

Your iPhone can now become a mic in Apple Music Sing, with tvOS

And we're not done! With tvOS 26, karaoke sessions can reach new levels of fun. How? Users will be able to transform their iPhone into a handheld mic for Apple TV and have their voice amplified as they belt out their very best go at TayTay's Eyes Open.

Everyone in your sing-along session will be able to jump in using their own iPhone to cue up tracks, too, or even react with an onscreen emoji.

Along with the aforementioned Lyrics Translation and Pronunciation updates, plus visual effects to light up the main screen, Sing in Apple Music will be more advanced and engaging than ever, allowing you to sing along even if you don't speak the language fluently (which is music to my ears).

I cannot wait to try it out. For now though, I'm gonna keep on dancin' at the Pink Pony Club… with all my iPhone-toting, Apple Music-streaming friends.

Apple Music SIng on Apple TV, with an iPhone used as a mic

(Image credit: Apple)

You may also like



from Latest from TechRadar US in News,opinion https://ift.tt/FBT4WUu
at No comments:
Labels: ,

Sunday, June 8, 2025

Latest Tech News

Looking for a different day?

A new NYT Strands puzzle appears at midnight each day for your time zone – which means that some people are always playing 'today's game' while others are playing 'yesterday's'. If you're looking for Sunday's puzzle instead then click here: NYT Strands hints and answers for Sunday, June 8 (game #462).

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc's Wordle today page for the original viral word game.

SPOILER WARNING: Information about NYT Strands today is below, so don't read on if you don't want to know the answers.

NYT Strands today (game #463) - hint #1 - today's theme

What is the theme of today's NYT Strands?

Today's NYT Strands theme is… What you see isn't what you get

NYT Strands today (game #463) - hint #2 - clue words

Play any of these words to unlock the in-game hints system.

  • DANCE
  • CARD
  • NOSE
  • CONE
  • FOAM
  • SKIDS

NYT Strands today (game #463) - hint #3 - spangram letters

How many letters are in today's spangram?

Spangram has 10 letters

NYT Strands today (game #463) - hint #4 - spangram position

What are two sides of the board that today's spangram touches?

First side: top, 3rd column

Last side: bottom, 3rd column

Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON'T WANT TO SEE THEM.

NYT Strands today (game #463) - the answers

NYT Strands answers for game 463 on a blue background

(Image credit: New York Times)

The answers to today's Strands, game #463, are…

  • MASK
  • CAMOUFLAGE
  • DISGUISE
  • CLOAK
  • COVER
  • FACADE
  • SPANGRAM: FALSE FRONT
  • My rating: Moderate
  • My score: 1 hint

Fittingly, today’s search words were well hidden and I needed a hint to get started. The word MASK confirmed what we were looking for – so I immediately started looking for CAMOUFLAGE and DISGUISE.

The spangram was not a term I was familiar with, but is one that I have seen in action in London. Here, there is a beautiful old theater I watched turn from thriving to derelict that has been under development for years to become apartments.

As is the case in many cities, the back of the building was demolished – leaving just the FACADE. However, along the way something structurally most have gone wrong as the propped-up facade was then completely replaced by a new facade, copying the art deco style of the original. So now, not one brick of the original building remains, which maybe was the plan all along. Either way, not once but twice, a FALSE FRONT.

How did you do today? Let me know in the comments below.

Yesterday's NYT Strands answers (Sunday, June 8, game #462)

  • CAST
  • SCORE
  • LIGHTS
  • SINGING
  • DANCING
  • COSTUMES
  • SPANGRAM: ITS SHOWTIME

What is NYT Strands?

Strands is the NYT's not-so-new-any-more word game, following Wordle and Connections. It's now a fully fledged member of the NYT's games stable that has been running for a year and which can be played on the NYT Games site on desktop or mobile.

I've got a full guide to how to play NYT Strands, complete with tips for solving it, so check that out if you're struggling to beat it each day.



from Latest from TechRadar US in News,opinion https://ift.tt/y7kvCKH
at No comments:
Labels: ,

Latest Tech News

  • SilverStone’s FLP01 case brings old-school charm, complete with fake floppy drives and retro lights
  • arkhive Business Limited comes with RTX 5060 Ti and offers real creative power
  • Noctua cooling keeps the retro shell silent while the modern internals do all the heavy lifting

Arc has unveiled a curious blend of nostalgia and modern performance with its desktop system, the "arkhive Business Limited," now available via PC Shop Ark.

The Japanese device is housed in SilverStone’s FLP01 case, designed after the classic 1980s PC-9801, and features distinctive styling, including a fake 5.25-inch bay cover and mock indicator lights.

The vintage aesthetic may evoke beige memories of dial-up tones and DOS prompts, but its internals suggest something far more capable, perhaps even worthy of use as a video editing or workstation PC, if judged solely on specs.

Nostalgia meets modern power

The base models come in two CPU versions: Intel’s Core Ultra 7 265 and AMD’s Ryzen 7 9700X. Both models are paired with 32GB of RAM and a 2TB NVMe SSD, and are cooled using a Noctua air cooler, a name respected for silence and efficiency rather than flair.

Graphics are handled by the new GeForce RTX 5060 Ti, whose 16GB of VRAM places it squarely in the mid-range performance bracket.

While that might not win over hardcore gamers, it should be more than sufficient for creative professionals and could make the system a viable business PC for those needing GPU acceleration in Adobe apps or 3D workloads.

Physically, the PC measures 440 x 362 x 170 mm, a footprint that’s not particularly compact by modern standards.

It comes with Windows 11 Home preinstalled and includes an 80PLUS GOLD 850W power supply.

However, with a price tag of 299,800 yen (about $2,081) and lacking even a standard optical drive (unless added via a limited-time campaign), some may question whether the retro shell justifies the cost.

PC Shop Ark is now accepting orders with full BTO (build-to-order) options, allowing for further customization.

The company appears to be banking on a blend of nostalgia and performance to attract buyers, but the arkhive Business Limited may appeal more to the heart than the head.

Via PCWatch

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/6lQrxeZ
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Latest Tech News

Some TV shows are like comfort food, and for me, there’s no show more comforting than Peep Show. The British sitcom from the early 2000s h...