Security
* Google has begun dismantling a residential proxy network used by criminals to hide activity. * The takedown aims to reduce anonymity that enables fraud, abuse, and other online crime. * Actions like this can disrupt criminal infrastructure but may also affect legitimate privacy services. * Security teams, ISPs and privacy advocates should watch
Security
* Bondu left a web console almost entirely unprotected, allowing broad access. * Researchers who accessed it found nearly all conversations children had with Bondu’s AI stuffed animals. * About 50,000 chat logs were exposed and available to anyone with a Gmail account. * The incident raises immediate privacy and safety concerns
Security
• Key Takeaways: * Clawdbot has rebranded itself as Moltbot, positioning the product as an agentic personal assistant. * The relaunch is massively hyped, but security experts are publicly questioning why anyone would install the software. * Critics point to the general risks of agentic assistants: autonomous actions, broad access permissions, and potential privacy
Security
* Key Takeaways: * Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509. * The vulnerability is a security feature bypass and is being actively exploited in the wild. * Microsoft has issued emergency updates; users and IT teams should apply the patch immediately and follow official guidance. What Microsoft announced
Security
* Key Takeaways: * iOS 26.3 introduces a new "limit precise location" setting to reduce location data accessible to mobile networks. * Mobile networks typically infer device location from the cellular towers a device connects to; the setting restricts some of that data. * The change is intended to strengthen user
Security
* Key Takeaways: * Microsoft has opened an investigation after some Windows 11 machines failed to start following January security updates. * Affected devices are reported to be unable to boot; Microsoft is working to identify root cause and provide fixes or rollbacks. * Users should avoid forced reinstalls, try recovery options (Safe Mode,
Security
* Key Takeaways: * CISA has confirmed active exploitation of four separate vulnerabilities affecting enterprise products and developer tooling. * Affected projects include enterprise software from Versa and Zimbra, plus the Vite frontend framework and the Prettier code formatter. * Organizations should immediately consult vendor advisories, apply available patches, update developer dependencies, and monitor
Security
* Auto-forwarding in Gmail can let attackers siphon your email without signs. * Check Gmail Settings > Forwarding and POP/IMAP and remove unknown addresses immediately. * Also review Filters, connected apps, change your password, and enable 2-Step Verification. What to disable — and why it matters Auto-forwarding routes incoming messages to another email
Security
* Five malicious Chrome extensions on the Chrome Web Store targeted enterprise HR and ERP platforms. * Attack methods included __session cookie exfiltration, blocking security admin pages, and bidirectional cookie injection for session hijack. * The campaign hit Workday, NetSuite and SAP SuccessFactors; the extensions had >2,300 installs and were reported
Security
Key Takeaways: * KB5074109 patches 114 security vulnerabilities and improves NPU-related battery life. * New usability features arrive: File Explorer "Recommended" section, expanded QR sharing, and Start menu tweaks. * Critical bugs reported: Azure Virtual Desktop authentication failures (0x8008005), gaming FPS drops on NVIDIA GPUs, and USB FAT32 formatting errors. * If
Security
* Key Takeaway: A vulnerability called WhisperPair affects 17 Bluetooth audio accessories certified with Google Fast Pair. * Key Takeaway: Flaw lets an attacker within Bluetooth range pair to devices, potentially enabling microphone access, audio injection and location tracking. * Key Takeaway: Affected brands include Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore,
Security
* Key Takeaways: * WhisperPair is a Fast Pair vulnerability that can let attackers hijack Bluetooth audio devices to play audio, track location, or access microphones. * KU Leuven researchers say more than a dozen models from 10 manufacturers (including Google, Sony, Nothing, JBL, OnePlus) are affected. * The median takeover time is about