Black fungus found growing inside Chernobyl's destroyed reactor may be feeding on radiation, and researchers have tested samples of the same species aboard the International Space Station to explore whether it could eventually shield astronauts from cosmic rays. Ukrainian scientist Nelli Zhdanova first discovered the melanin-rich mould colonizing the walls and ceilings of the exploded reactor building during a May 1997 survey. Her research indicated that the fungal hyphae were actually growing toward sources of ionizing radiation rather than merely tolerating it. In 2007, nuclear scientist Ekaterina Dadachova at the Albert Einstein College of Medicine found that melanised fungi grew 10% faster when exposed to radioactive caesium compared to control samples, leading her to propose "radiosynthesis" -- a process where organisms convert radiation into metabolic energy. The same strain, Cladosporium sphaerospermum, traveled to the ISS in December 2018 and grew an average of 1.21 times faster over 26 days compared to Earth-based controls. Nils Averesch, a biochemist at the University of Florida and co-author of that study, remains cautious about attributing the growth boost to radiation harvesting since zero gravity could also be responsible.

Read more of this story at Slashdot.

Europe's Airbus said on Friday it was ordering immediate repairs to 6,000 of its widely used A320 family of jets in a sweeping recall affecting more than half the global fleet, threatening upheaval during the busiest travel weekend of the year in the United States and disruption worldwide. From a report: The setback appears to be among the largest recalls affecting Airbus in its 55-year history and comes weeks after the A320 overtook the Boeing 737 as the most-delivered model. At the time Airbus issued its bulletin to the plane's more than 350 operators, some 3,000 A320-family jets were in the air. The fix mainly involves reverting to earlier software and is relatively simple, but must be carried out before the planes can fly again, other than repositioning to repair centres, according to the bulletin to airlines seen by Reuters. Airlines from the United States to South America, Europe, India and New Zealand warned the repairs could potentially cause flight delays or cancellations.

Read more of this story at Slashdot.

EU antitrust regulators will examine whether Apple's Apple Ads and Apple Maps should be subject to the onerous requirements of the bloc's digital rules after both services hit key criteria, with the U.S. tech giant saying they should be exempted. From a report: Apple's App Store, iOS operating system and Safari web browser were designated core platform services under the Digital Markets Act two years ago aimed at reining in the power of Big Tech and opening up the field to rivals so consumers can have more choice. The European Commission said that Apple has notified it that Apple Ads and Apple Maps met the Act's two thresholds to be considered "gatekeepers." The DMA designates companies with services with more than 45 million monthly active users and $79 billion in market capitalisation as gatekeepers subject to a list of dos and don'ts.

Read more of this story at Slashdot.

A new study published in Communications Earth & Environment has reconstructed the climate conditions of the ancient Indus River Valley civilization between 3000 and 1000 B.C., finding that four intense droughts -- each lasting more than 85 years -- likely drove the gradual decline of one of the world's earliest advanced societies. The research team, led by Hiren Solanki at the Indian Institute of Technology, Gandhinagar, combined paleoclimate data from cave formations and lake records with computer models to determine that the region shifted from wetter-than-present monsoon conditions to prolonged dry spells as the tropical Pacific Ocean warmed. The third drought, peaking around 1733 B.C., proved the most severe: it lasted 164 years, reduced annual rainfall by 13%, and affected nearly the entire region. Overall temperatures rose by 0.5 degrees Celsius and rainfall dropped between 10 and 20%. These changes shrank lakes and rivers, dried soils, and made agriculture increasingly difficult in areas away from major waterways. Harappan settlements progressively relocated eastward toward the Indus River over roughly 2,000 years. The civilization's long survival under repeated climate stress -- through crop switching, trade diversification, and settlement relocation -- offers lessons for modern communities facing environmental pressures, the researchers said.

Read more of this story at Slashdot.

The bitter standoff between Dutch chipmaker Nexperia -- which supplies basic chips crucial to 49% of European automakers, over 85% of medical device companies, and the entire defense industry -- and its Chinese parent company Wingtech escalated on Friday when both Wingtech and Nexperia's Chinese unit accused the Dutch business of secretly building a supply chain that would cut China out entirely. The accusations came one day after Nexperia's Dutch headquarters published an open letter claiming it had repeatedly tried and failed to contact its Chinese unit. Nexperia China demanded the Dutch side halt its overseas expansion plans, specifically a $300 million investment in a Malaysian plant, and alleged an internal company target to source 90% of production outside China by mid-2026. The Chinese unit also accused its European counterparts of deleting employee email accounts and cutting off access to IT systems. The dispute traces back to September when the Dutch government invoked a Cold War-era law to seize control of Nexperia on economic security grounds. An Amsterdam court subsequently stripped Wingtech of its ownership rights. Beijing retaliated by halting exports of finished Nexperia chips on October 4, triggering warnings of production shutdowns from automakers including Nissan and Bosch. Export curbs were relaxed in early November, and the Dutch government suspended its intervention last week following talks, but the court ruling remains in force. Wingtech warned that supply disruptions could return if the control issue remains unresolved.

Read more of this story at Slashdot.

Australia warned it's in danger of missing its 2035 climate targets without deeper pollution cuts, which in turn threatens the nation's ambitions to reach net zero by mid-century. From a report: Emissions are set to fall 48% by 2035 from 2005 levels based on current projections [non-paywalled source], the government said in a report on Thursday. That's short of an official pledge to cut greenhouse gases between 62% and 70%. The forecast doesn't take into account new action planned under the nation's Net Zero Plan. Still, the targets remain achievable and officials plan to take additional measures to meet them, Minister for Climate Change and Energy Chris Bowen said in a speech to parliament.

Read more of this story at Slashdot.

Singapore has claimed the top spot in the 2025 Global Talent Competitiveness Index for the first time, displacing Switzerland from a position the European nation had held since the ranking's inception in 2013. The index, produced by business school INSEAD and the Portulans Institute, measured 135 economies across 77 indicators spanning soft skills, AI talent concentration, and formal education systems. The city-state ranked first globally in formal education and what the report calls "Generalist Adaptive Skills," a category covering soft skills, digital literacy, and innovation-oriented thinking. A key factor in Singapore's rise was a seven-place jump in talent retention, moving from 38th to 31st. The United States fell from third place in 2023 to ninth this year, its weakest showing in 12 years, due to declines in openness and lifelong learning metrics. High-income European countries continue to dominate the top ten, holding seven positions.

Read more of this story at Slashdot.

European leaders have spent years warning that the continent risked falling behind the U.S., China and Russia in the global contest for economic, technological and military dominance, and officials now believe they have reached that point. The mood darkened over the summer when Europe found itself on the sidelines as Washington and Beijing negotiated a reset of global trade rules, and turned bleak this month when the White House presented a Ukraine cease-fire plan without consulting European capitals. In July, the EU accepted a trade deal allowing the U.S. to impose 15% tariffs without retaliation. President Trump ignored European calls to pressure Moscow before meeting Vladimir Putin in Alaska in August, telling reporters "this is not to do with Europe, Europe's not telling me what to do." Germany has eased its debt brake to pour $580 billion into a decade-long rearmament program, and the EU has set a 2030 rearmament goal -- defense spending across the region is set to exceed $560 billion this year, double what it was a decade ago. "Battle lines for a new world order, based on power, are being drawn right now," European Commission President Ursula von der Leyen said in September. "A new Europe must emerge."

Read more of this story at Slashdot.

Apple's Podcasts app on both iOS and Mac has been exhibiting strange behavior for months, spontaneously launching and presenting users with obscure religion, spirituality and education podcasts they never subscribed to -- and at least one of these podcasts contains a link attempting a cross-site scripting attack, 404 Media reports. Joseph Cox, a journalist at the outlet, documented the issue after repeatedly finding his Mac had launched the Podcasts app on its own, presenting bizarre podcasts with titles containing garbled code, external URLs to Spotify and Google Play, and in one case, what appears to be XSS attack code embedded directly in the podcast title itself. Patrick Wardle, a macOS security expert and creator of Objective-See, confirmed he could replicate similar behavior: simply visiting a website can trigger the Podcasts app to open and load an attacker-chosen podcast without any user prompt or approval. Wardle said this creates "a very effective delivery mechanism" if a vulnerability exists in the Podcasts app, and the level of probing suggests adversaries are actively evaluating it as a potential target. The XSS-attempting podcast dates from around 2019. A recent review in the app asked "How does Apple allow this attempted XSS attack?" Asked for comment five times by 404 Media, Apple did not respond.

Read more of this story at Slashdot.

Australia's streaming quotas have become law. Legislation requiring the likes of Netflix, Disney+ and HBO Max to spend a portion of their local earnings on original Australian content has been passed in parliament, and now comes into effect. From a report: The quotas were announced earlier this month. This will see global streamers with more than one million Australian subscribers made to spend 10% of their total Australian expenditure -- or 7.5% of their revenues -- on local originals, whether they are dramas, children's shows, docs, or arts and educational programs. Failing to comply with the rules will see streamers fined up to ten times their annual revenues in Australia. This is more than what broadcasters are liable for if they breach their quota rules laws. Streamers will be given three years to get their production operations in line. Streamers have long opposed government-set quotas and content levies, arguing they already meaningfully invest in the production sectors of the countries in which they operate. Producers, in general, have welcomed the systems, but remain wary that they could push streaming services out of their countries.

Read more of this story at Slashdot.

As women's sports enters what feels like a sustained boom period -- the Golden State Valkyries just played their first WNBA next season, the NWSL is expanding, media rights deals are growing -- Nortman remains cautiously optimistic about whether this moment will prove different from past surges in interest.

Vibe coding has taken the tech industry by storm, and it’s not just the Lovables and Replits of the world that are winning. The startups building the infrastructure behind them are cashing in too. Supabase, the open-source database platform that’s become the backend of choice for the vibe-coding world, raised $100 million at a $5 billion valuation just months after closing $200 million at $2 billion. But co-founder and CEO […]

Meesho heads for India's first big e-commerce IPO next week.

AI is changing how investors and startups bring their products to market. Three experts offered their insights at TechCrunch Disrupt.

The fight over AI regulation isn't about the technology -- it's about whether Washington or the states get to set the rules, and what happens to consumers caught in between.

There are many iPad apps to help you organize recipes; sync tasks across devices; be more productive; and manage your notes.

Defense tech startup Anduril Industries has faced numerous setbacks during testing of its autonomous weapons systems, according to new reporting by the WSJ.

Is Burry the canary in the coal mine, warning of a collapse that's inevitable? Or could his fame, his track record, his now unrestricted voice, and a fast-growing audience trigger the very implosion he's predicting?

We’ve compiled a list of some of the best iPad apps for creativity that are available on the App Store.

We're excited to interview the winner of Startup Battlefield 2025, and Glid co-founder Kevin Damoa, on this week's Build Mode!

Sling TV is one of the best live streaming streaming services out there right now, giving you the option to watch a number of traditional cable channels without the traditional, locked-in price of a cable subscription. For Black Friday, you can save on Sling TV's newly announced $5 Day Passes. That $5 price is the regular cost — for a limited time through November 30, a Day Pass for Sling Orange is only $1 and that includes access to 34 channels like ESPN, ESPN 2 and ESPN 3.

Besides ESPN, the Sling Orange Day Pass includes access to TNT and TBS, which makes it a solid option if you're trying to watch the NBA, NFL or college sports. The pass also includes children's channels like Disney Channel and Nick Jr., CNN for news and HGTV and Food Network for purer forms of lean back entertainment. Sling TV is Engadget's pick for the best customizable live streaming service for a reason: You can add on extra premium channels when you buy a pass, and their price will be prorated for whatever length you choose. That way even if a dollar isn't getting you all the channels you need, you don't need to pay that much more to get them.

It's worth noting, while this promotion runs during Thanksgiving in the US, a Sling Orange subscription won't get you access to the football games scheduled for that Thursday. To watch those, you'll need at least a Sling Blue subscription, which includes FS1 and NFL Network, but isn't available as a day-long pass. A Sling Blue subscription currently starts at $46 a month.

Still, for your $1, around $4 off the price Sling TV normally charges, you're getting a deal. Dozens of popular channels, access to Sling TV's DVR feature, and the ability to use your subscription from a smartphone, tablet, the web or your TV. Plus, Sling TV's interface is easy to navigate, which is what you want when you're likely subscribing with one game or show in mind.

This article originally appeared on Engadget at https://www.engadget.com/deals/black-friday-streaming-deals-include-sling-orange-day-passes-for-only-1-each-231208088.html?src=rss

It's easy to overlook the Black Friday subscription deals available each year when you're focused on getting physical things for yourself and others. But it would be a mistake to do so since you can often save a ton on subscriptions and services you either already use, or have been thinking about trying. Take Plex, which is offering 40 percent off its lifetime pass. You can use the code ANYPASS40 to get it for $150 instead of the usual $250.

The monthly and annual Plex Pass options are also 40 percent off. You can get a year of Plex for $42, down from $70 or a monthly subscription for $4.19 each month, down from $7. The latter lets you cancel a lot more easily, but costs about $8 more for the year.

Plex acts as a personal media server that lets you curate a digital collection from a range of platforms. It also offers its own streaming options, so you can access a mix of titles. However, the Lifetime Pass was only $120 until earlier this year, when it more than doubled. The discount will get you close to that price, but you might also want to check out other streaming sales available for Black Friday.

• Disney+ Hulu bundle — $60 for one year: The Disney+ and Hulu (with ads) bundle is on sale for $5 per month for one year (for a total of $60) through December 1. New and eligible returning subscribers can take advantage of this deal, and considering the bundle typically costs $13 per month, this deal represents more than a 50 percent discount on the standard monthly price.
• Apple TV+ — 6 months for $36: Apple TV+ is offering six months of access for only $36 for Black Friday, which comes out to a discounted price of $6 per month for the six-month period. The deal is live now for new and eligible returning subscribers and runs through December 1, giving you a chance to stream shows like Silo, The Morning Show and For All Mankind for less. The biggest caveat to the deal is that you must subscribe directly through Apple and not through a third-party service.
• HBO Max — one year for $36: HBO Max's Black Friday deal gives subscribers one year streaming for $36 through December 1. This Black Friday streaming deal is on the ad-supported option, which normally goes for $11 per month. With this discount, you're getting it for $3 per month for one year. You can sign up via HBO Max's website or, if you're a Prime Video subscriber already, via that service as an add-on.
• Sling TV Orange — day pass for only $1: Sling TV launched Day Passes earlier this year, giving users one-day access to a variety of its packages. This deal cuts $4 off the normal price of a day pass for Sling Orange. With that, you get unlimited access for 24 hours to Orange's more than 30 channels that includes ESPN, CNN, TBS and others.
• Paramount+ — two months of Essential or Premium for $6: This Black Friday deal brings the monthly price of either Paramount+ tier down to just $6 for two months, or $3 per month. The obvious better deal is on the Premium plan, which typically costs $13 per month.
• Starz — one year for $12: Pay upfront for one year and you can get more than $50 off a Stars annual subscription. There's a month-to-month option too, which costs $3 per month for the first three months if you don't want to commit to the full year. Either option gives you access to the entire Starz TV and movie library with offline viewing and no ads.

This article originally appeared on Engadget at https://www.engadget.com/deals/black-friday-streaming-deal-plex-is-offering-a-lifetime-pass-for-40-percent-off-155614379.html?src=rss

As winter truly draws near, there are few things better than spending a chill night at home watching your favorite shows. There are lots of Black Friday streaming deals available this year to make doing that a bit more affordable.

One of the best comes courtesy of a $58 discount on an annual Starz subscription. Right now, you can pay just $1 a month for an entire year of watching Outlander — or one of the other great titles available. the only catch is that you have to pay the entire $12 upfront.

If you're not sure about Starz, you can test the waters by paying $3 monthly, down from $11. However, this 73 percent discount is only available for your first three months and then goes back up to full price. Basically, if you're at all interested, it's only an extra $3 for an extra nine months if you pay annually.

If Starz isn't for you, check out some of the other great streaming deals available for Black Friday. There's discounts like six months of Apple TV for only $36 or $96 off one year of a Disney+ and Hulu bundle. We've also found amazing Black Friday tech deals from brands like Sony, LEGO and 1Password.

• Disney+ Hulu bundle — $60 for one year: The Disney+ and Hulu (with ads) bundle is on sale for $5 per month for one year (for a total of $60) through December 1. New and eligible returning subscribers can take advantage of this deal, and considering the bundle typically costs $13 per month, this deal represents more than a 50 percent discount on the standard monthly price.
• Apple TV+ — 6 months for $36: Apple TV+ is offering six months of access for only $36 for Black Friday, which comes out to a discounted price of $6 per month for the six-month period. The deal is live now for new and eligible returning subscribers and runs through December 1, giving you a chance to stream shows like Silo, The Morning Show and For All Mankind for less. The biggest caveat to the deal is that you must subscribe directly through Apple and not through a third-party service.
• HBO Max — one year for $36: HBO Max's Black Friday deal gives subscribers one year streaming for $36 through December 1. This Black Friday streaming deal is on the ad-supported option, which normally goes for $11 per month. With this discount, you're getting it for $3 per month for one year. You can sign up via HBO Max's website or, if you're a Prime Video subscriber already, via that service as an add-on.
• Sling TV Orange — day pass for only $1: Sling TV launched Day Passes earlier this year, giving users one-day access to a variety of its packages. This deal cuts $4 off the normal price of a day pass for Sling Orange. With that, you get unlimited access for 24 hours to Orange's more than 30 channels that includes ESPN, CNN, TBS and others.
• Paramount+ — two months of Essential or Premium for $6: This Black Friday deal brings the monthly price of either Paramount+ tier down to just $6 for two months, or $3 per month. The obvious better deal is on the Premium plan, which typically costs $13 per month.

This article originally appeared on Engadget at https://www.engadget.com/deals/black-friday-streaming-deals-drop-one-year-of-starz-down-to-just-12-143804639.html?src=rss

An Airbus directive that ordered the immediate software update for 6,000 A320 planes has lead to flight disruptions around the world. As Reuters notes, that’s more than half of the 11,300 A320 jets in operation. The narrow-body A320 is widely used globally, but its largest operator is American Airlines, which has 480 of the model in its fleet.

American Airlines said 340 planes out of the 480 it has need to be updated, with each plane taking two hours, during one of the busiest weekends for travel in the US. It told CNBC that it expects the “overwhelming majority” of those planes to be completed through the night, with only a handful remaining on November 29. The recall also heavily affects Asian carriers that rely on A320s for short-haul flights. Japan’s ANA had to cancel 95 domestic flights for Saturday, affecting over 13,000 passengers.

In its announcement, the European Union Aviation Safety Agency said it issued an Emergency Airworthiness Directive after a problem manifested on a JetBlue flight back on October 30. Airbus said that an analysis of the event revealed “that intense solar radiation may corrupt data critical to the functioning of flight controls.” Solar flares, or bursts of electromagnetic radiation from the sun, are known to cause radio blackouts and the disruption of satellite and GPS signals,. To prevent future issues, the affected planes would have to revert to an earlier version of their software.

This article originally appeared on Engadget at https://www.engadget.com/transportation/passengers-face-disruption-as-airbus-updates-thousands-of-planes-065955605.html?src=rss

If you’ve been waiting for the right moment to try MasterClass, now’s a great time to sign up. The online learning platform is offering 50 percent off all annual plans for a limited time with its Black Friday sale. With hundreds of classes across topics like cooking, writing and music, it’s one of the best deals we’ve seen from MasterClass this year.

MasterClass has built a reputation as one of the best streaming platforms for learning new skills and creative hobbies. The service features courses led by industry leaders who share practical insights drawn from their own careers. Whether you want to cook with Gordon Ramsay, explore storytelling with Neil Gaiman or study filmmaking with Martin Scorsese, the range of topics is broad enough to appeal to almost any interest.

Classes are organized into short, easy-to-follow video lessons, making it simple to fit learning into a busy schedule. Each one comes with supplemental materials like downloadable workbooks, assignments or behind-the-scenes notes that add extra depth. New classes are added regularly, so subscribers have a steady flow of fresh content throughout the year.

Subscriptions are structured around annual plans that unlock the full catalog. You can watch classes on most devices, including smartphones, tablets and smart TVs, and your progress syncs across platforms. Offline viewing is supported too, so you can download lessons to study during travel or commutes.

Beyond creative skills, MasterClass has expanded into professional growth and wellness topics, with courses covering leadership, communication and mindfulness. It’s not just about inspiration; the platform’s focus on actionable advice makes it a practical choice for anyone who wants to pick up new skills or refresh existing ones.

Normally, annual plans cost anywhere from $120 to $240 per year, so up to a 50-percent discount represents significant savings for new or returning subscribers. If you’ve been thinking about joining or gifting a membership, this promotion is one of the best times to do it.

There are plenty of other Black Friday streaming deals to consider as well. Here are some of the best ones:

• Apple TV+ — 6 months for $36: Apple TV+ is offering six months of access for only $36 for Black Friday, which comes out to a discounted price of $6 per month for the six-month period. The deal is live now for new and eligible returning subscribers and runs through December 1, giving you a chance to stream shows like Silo, The Morning Show and For All Mankind for less. The biggest caveat to the deal is that you must subscribe directly through Apple and not through a third-party service.
• Paramount+ — two months of Essential or Premium for $6: This Black Friday deal brings the monthly price of either Paramount+ tier down to just $6 for two months, or $3 per month. The obvious better deal is on the Premium plan, which typically costs $13 per month.
• HBO Max — one year for $36: HBO Max's Black Friday deal gives subscribers one year streaming for $36 through December 1. This Black Friday streaming deal is on the ad-supported option, which normally goes for $11 per month. With this discount, you're getting it for $3 per month for one year. You can sign up via HBO Max's website or, if you're a Prime Video subscriber already, via that service as an add-on.
• Sling TV Orange — day pass for only $1: Sling TV launched Day Passes earlier this year, giving users one-day access to a variety of its packages. This deal cuts $4 off the normal price of a day pass for Sling Orange. With that, you get unlimited access for 24 hours to Orange's more than 30 channels that includes ESPN, CNN, TBS and others.

This article originally appeared on Engadget at https://www.engadget.com/deals/masterclass-subscriptions-are-50-percent-off-in-this-black-friday-streaming-deal-154509280.html?src=rss

Those looking for a better way to keep track of their finances should consider a budgeting app. There are dozens of them on the market now, and one of our favorites is running a discount for new subscribers. Monarch Money is offering 50 percent off annual plans right now when you use the code MONARCHVIP at checkout. With the typical yearly price being $100, this will save you $50.

As mentioned before, the discount is only for new users and it can't be combined with other offers. The code only works when you sign up through the web as well. You can't redeem it through the Monarch mobile app.

We feel that Monarch has a steeper learning curve than some other budget trackers and that certain aspects of the app are slightly more complex than they probably need to be. But it offers a great deal of customization and granularity, which outweighs our misgivings.

On the main dashboard, you'll see your net worth along with your latest transactions, spending versus the previous month, your income so far for the month and details about upcoming bills, your investments and goals you've set. There's also a link to a month-in-review page, which offers an in-depth overview of what's been happening with your money that month. You'll also be able to take a peek at how your net worth has changed over time.

Monarch can connect to your bank and track Apple Card, Apple Cash and Savings accounts. It can pull in your transactions and balance history automatically and detect your recurring expenses and income. The app can even keep your car valuation up to date. While it might take a little work to set up Monarch (and you might have to tweak things here and there), it's a detailed budgeting app that can help you keep better track of your income, expenditure and net worth.

If you're a former Mint user (RIP), Monarch Money is a great alternative if you haven't yet found a Mint replacement. But it's worth mentioning that our favorite Mint replacement service, Quicken Simplifi, also has a sale going on right now. It's offering 50 percent off when you sign up for an annual subscription, billed at $3 per month with the discount. That comes out to $36 for the first year.

This article originally appeared on Engadget at https://www.engadget.com/deals/one-of-our-favorite-budgeting-apps-has-half-off-subscriptions-for-black-friday-174011903.html?src=rss

You've found Engadget's expert-crafted list of the best Black Friday and Cyber Monday deals on bluetooth speakers, soundbars and smart speakers. We've been sifting through the digital weeds all month looking for the steepest speaker discounts. Several of the best deals have been live for a while, but new ones are popping up all the time, so we'll be on the beat (get it) until the last deal fades to quiet. So far, we've found offers on JBL soundbars, Sonos smart speakers, Ultimate Ears portable bluetooth speakers and other audio champions. Check out the list now to find your new favorite gear.

Best Black Friday speaker deals under $50

Amazon Echo Pop for $22 (45 percent off): If you're excited about the more conversational and capable Alexa+ but have been holding off for budget reasons, breathe a sigh of relief. The latest Echo Pop is Amazon's smallest, cheapest smart speaker that still comes with Alexa+ early access. It may not fill a whole house, but it's great for listening to music or podcasts in a bedroom, office or small kitchen.

Anker Soundcore 2 for $28 (38 percent off): This is the absolute cheapest you'll probably see a full-size Bluetooth speaker go for in 2025 — the Soundcore 2, the latest effort by Anker to expand from charging components into portable audio. This model gets you 24 hours of battery and 12 watts of output, with bass ports designed to heavily boost the low ranges. It all works through a simple set of highly visible and tactile buttons on top of the speaker box.

JBL Go 3 for $30 (25 percent off): The Go 3 is JBL's most affordable bluetooth speaker, but it comes with the same IP67-rated ruggedness as the more expensive models. It's waterproof, dustproof, lasts for five hours and can easily clip onto a bag, bike or belt. It also sounds good and comes in lots of different colors.

Amazon Echo Dot 5th Gen for $32 (36 percent off): The fifth-generation Echo Dot is cheaper than ever, and it was already the best smart speaker under $50. Its genius spherical design lets it pack a lot of audio into a compact space, and it can be controlled with both hands-free Alexa commands and on-device buttons. The latest release comes with early access to the Alexa+ AI upgrade.

JBL Go 4 for $40 (20 percent off): You might expect a speaker as small and portable as the Go 4 to sound tinny at the higher frequencies and weak at the lower ones, but JBL has worked its magic to make this model sound great at both ranges. Weighing less than half a pound, made partly from recycled materials and including a convenient carabiner hoop, this is one of our favorite speakers to take on treks.

Tribit StormBox Micro 2 for $50 (29 percent off): The StormBox Micro 2 gets you the two things you need out of a portable speaker — it's light (weighing about a pound), and it's loud. Tribit hasn't changed the game on portable sound quality here, but with this on your bike or in your backyard, you'll be having so much fun you won't care. And the fact that you only spent 50 bucks will definitely help your mood.

Amazon Echo Spot for $50 (38 percent off): The Echo Spot looks like an Echo Dot sawed in half, which is a surprisingly effective design. It's designed to work best as a bedside alarm clock, but you can customize the screen to show things other than time, including a weather forecast, smart home controls or the current song on your playlist. It's Alexa-capable, and like the latest Echo Dot, will let you give Alexa+ AI a try.

Best Black Friday speaker deals for $50 to $100

Roku Streambar SE for $75 (25 percent off): This is the least you'll pay for a worthwhile soundbar this Black Friday season. We had a great experience with the Roku Streambar in our hands-on review, finding it to be compact and affordable while blowing built-in TV speakers out of the water. If you're looking to make an upgrade, this is the best economy choice, especially if you're already a Roku user.

JBL Flip 5 for $80 (20 percent off): We've loved almost every entry in the JBL Flip line (you'll see the Flip 7 highlighted in the next section). While the Flip 5 is a bit dated at this point, it's still extremely solid. The battery lasts for 12 hours, it's IPX7 waterproof and it weighs about 1.2 pounds so you can take it anywhere. The sound quality is as consistently high as we've come to expect from JBL, though it does have the standard limitations of a portable unit.

Amazon Fire TV Soundbar for $85 (29 percent off): Amazon's soundbar supports Dolby surround sound, works straightforwardly through a single HDMI cable and can be upgraded with an optional Alexa voice assistant. It works with more than just Amazon products, too, being compatible with all smart TVs. It's even capable of pulling double duty as a bluetooth speaker.

Marshall Emberton II for $90 (50 percent off): We're huge fans of the Emberton II, Marshall's affordable new-age retro speaker. It looks great, but it's much more than a visual throwback, featuring 360-degree sound, IP67 proofing and 30 hours of battery life. Since the deal cuts the price in half, you can even by two and chain them together for a surround sound setup.

Amazon Echo Dot Max for $90 (10 percent off): The Echo Dot Max just dropped this month, and our reaction was mixed, but there's no denying the leaps forward in this brand-new addition. Not only does it feature better sound than the vanilla Echo Dot, but Alexa+ makes is a much more equal conversation partner. The Echo Dot Max features a similar spherical design to the Dot, but with forward-facing physical buttons on the surface of the sphere.

Bose SoundLink Micro for $99 (17 percent off): If the Home isn't small or cheap enough for you, Bose has gone even smaller and cheaper with the SoundLink Micro, a tiny, portable speaker in the vein of the JBL Clip. It's waterproof, dustproof and surprisingly good at taking hits, all while staying charged for around six hours. The sound quality isn't intense, but it's cleaner than it has any right to be.

Beats Pill for $100 (33 percent off): Beats jumping back into portable bluetooth was one of the happiest surprises of 2024. As we noted in our full review at the time, the Beats Pill isn't content to coast on its brand name or luxurious design. Its re-engineering speaker improves volume while reducing distortion, it can survive dropping into three feet of water and it even works extremely well as a speakerphone. We found that mid-to-high range music showcases its potential best, though the bass also hits hard.

Best Black Friday speaker deals for $100 to $200

Bose SoundLink Flex for $119 (20 percent off): Of all the Bose on this list, the SoundLink Flex may be the most balanced, much cheaper than the Home and a lot more powerful than the Micro. Other speakers may be louder, but few have such good range; we've yet to find a track that sounds muddy or tinny coming through the Flex's speakers. The design is also outdoor-friendly, with a light-but-tough exterior and 30-foot bluetooth range.

JBL Charge 6 for $130 (35 percent off): It's a little more expensive than the Flip line, but the extra cost of the Charge 6 pays off — it boasts almost twice the battery life of the Flip 7, with the same convenient design, built-in USB-C charger and wide sound range. If you're looking for a speaker that balances sturdiness with portability and will last you a while, the Charge 6 is a very good investment.

Ultimate Ears Megaboom 4 for $150 (25 percent off): The UE Megaboom line is venerable at this point, dropping first in 2015, but its fourth iteration still tops our audiophile lists. It puts out 360-degree sound with an emphasis on bass, can work up to 147 feet away from the music source, and literally floats in water (though you probably shouldn't leave it in the pool all night). It can even pair with any other UE speaker through PartyUp — combining it with a couple of Wonderbooms pays off in spades.

Sonos Era 100 for $169 (15 percent off): Two years after launch, the Era 100 is still a smart speaker more than worth your time. It's sleek and simply designed, making it clear Sonos's engineers put their work into sound quality and features rather than just looking the part. Touch controls have never worked better, and setup takes five minutes, though you will have to use the Sonos app. Once you start playing music, the Era 100 can get as loud as you like, while never sacrificing audio quality.

Bose SoundLink Home for $179 (18 percent off): The SoundLink Home is small for a high-quality speaker, but it packs everything it needs into two pounds and about 10 square inches. Nothing about the sound is diminished thanks to two passive radiators. Though we haven't gotten to test it directly, given Bose's record with other compact speakers like the Flex, we're confident it'll be loud enough to satisfy anyone.

Marshall Acton III for $180 (40 percent off): The Acton III is one of the speakers Marshall redesigned and updated in 2022, and it still sounds great today (and looks it too). It's less portable at 6.3 pounds, but can hit high volumes with little or no distortion. The upgrade angled Acton III's tweeters outward so the soundscape is wider, making this one speaker very capable of filling a room with sound on its own.

Sony ULT Field 5 for $195 (44 percent off): Sony's recently rebranded ULT lineup has impressed us so far, especially their 90s-style bass boost buttons. The ULT Field 5 is a pretty traditional bluetooth speaker with a ton of options, including Party Connect to link multiple speakers together, a 10-band equalizer for finding the exact sound balance you want and even a shoulder strap that makes it way more portable.

Bose TV Speaker soundbar for $199 (29 percent off): Bose's entry into the world of soundbars does not disappoint. For a price lower than some Bluetooth speakers, you'll get a compact two-foot speaker bar that amplifies dialogue while conjuring a balanced, realistic soundscape from any movie or show. It's suitable for audio neophytes, too, with no complex adjustments necessary — just plug in the HDMI and start watching.

Ultimate Ears Everboom for $200 (26 percent off): We gave the Everboom a full review when it first dropped last year, and found it stuck to the general Ultimate Ears plan — nothing earth-shattering in the audio quality, but rugged reliability and fantastic extra features. Everboom users can connect it to the UE Boom app, which lets you control the volume remotely, use the speaker as a megaphone to make announcements, import your playlists and pair Everbooms through the PartyUp chaining feature.

Best Black Friday speaker deals over $200

JBL Xtreme 4 for $280 (26 percent off): Xtreme is the largest and highest-end that JBL goes, and the Xtreme 4 is a luminary of the line. At 4.6 pounds, it's on the outside edge of portability, but that weight means it puts out appropriately heavy bass, along with clear treble. It's fully weatherproof and — unless it's in a completely open space — can get loud enough that all your party guests will enjoy the full effect.

Bose SoundLink Max for $299 (25 percent off): The SoundLink Max, Bose's biggest speaker that isn't a soundbar, is more affordable for Black Friday than we've seen for a while. Frankly, it's worth more than this, with two radiators and three transducers that make it sound larger than it is. Indoors or outdoors, it's great for anyone who wants to be able to pick out individual elements of their favorite music.

Sonos Era 300 for $378 (21 percent off): The Era 300 is Sonos's big (and largely successful) swing at a truly space-filling smart speaker, combining spatial audio with support for both Alexa and its own assistant. The Trueplay feature detects the environment around the speaker and adjusts its setup to reach every corner. Spatial audio can be hit-or-miss on older tracks, but it's transcendent with modern ones.

Sonos Move 2 for $399 (20 percent off): Move is Sonos's high-end portable smart speaker, with more heft, power and features than the smaller Roam line. With the Move 2, Sonos improved the Move's sound quality, boosted its battery life to well over 24 hours, jacked up the volume and redesigned the outer hardware for greater durability. It also works with both Alexa and the Sonos assistant, but it's more portable than the Era 300.

Sony Bravia Theater Bar 8 for $798 (20 percent off): In our review of the Bravia 6 this year, we called out its full sound and special talent for enhancing dialogue, but were frustrated that it didn't support AirPlay or Spotify Connect. The Bravia 8 works with both services, making it a clear choice for your next premium soundbar. It's got a tight, low-footprint design that fits any aesthetic, and hits a maximum output power of 495 watts.

Sonos Arc Ultra for $879 (20 percent off): The Sonos Arc Ultra is the best premium soundbar, bar none (pun intended). As we cover in our full review, it delivers full-throated bass without needing an extra sub, and has added more mid-range drivers and tweeters to make dialogue pop. Its software features are also solid, with Trueplay sound tuning, Speech Enhancement and a new Night Sound mode to tone down the boom for your roommates' sake.

JBL Bar 1300XMK2 for $1200 (29 percent off): If you're going to drop $1200 on a soundbar, you need to know it's going to deliver — and the 1300XMK2 does. Its key design element is two detachable speakers that recharge when plugged into the main unit, but can spend up to 10 hours unplugged. The audioscape does an excellent job of separating and clarifying details, which really enhances the sense of a theatrical experience.

This article originally appeared on Engadget at https://www.engadget.com/deals/black-friday-speaker-deals-2025-save-up-to-50-percent-on-bluetooth-speakers-smart-speakers-and-soundbars-091904603.html?src=rss

If you're looking for the best Black Friday deal on Anker gear, I'll skip the preamble and just tell you: It's the near-perfect (though uncreatively named) Anker Laptop Power Bank. It's usually $135 but right now it's just $88. It has built-in cables, looks pretty and has a huge capacity and high-wattage rating to charge anything quickly. But if you're in the market for Anker wall charger, wireless charging station or something else the brand makes, read on. This is all stuff we've tested out for our guides or in our lives so we know it to be a great value for what you get — especially now. Here are the best Anker Black Friday deals we could find.

Anker Black Friday deals: Power banks

Power banks revive dead phones, let you work longer while away from an outlet and allow you to play with your tablet/ereader/gamepad while it charges without being tethered to a wall. After testing out brands from a slew of different makers, our picks just keep coming back to Anker. The mix of value, capacity and clever features make Anker batteries just a little bit better than a lot of the brands out there.

Anker's Laptop Power Bank, which our reviewer (me) called the culmination of all the best battery features is going for nearly $50 of right now. If could recommend one purchase to our readers, this would be it.

We think Anker's Ultra-Slim MagSafe bank is a better deal than Apple's Air MagSafe battery. It's got a higher capacity and wattage rating and it looks just as sleek. Plus, in my humble opinion, $38 is a way better deal than $99.

Anker also makes our top MagSafe battery pick (the MagGo Qi2). Thanks to its clever stand, excellent charging speeds and generous capacity, it's one of the best ways to recharge an iPhone on the go..

I love this shiny little brick. The 3-in-1 portable charger has a built-in cable that's also a strap, plus wall prongs and a handy display.

Anker Black Friday deals: Wireless chargers

A rats nest of cables on your desk is not the loveliest look. Now that phones, earbuds, smartwatches and even ereaders can refill on a charging coil, wireless chargers are a tidy solution. There are options that’ll let you view your phone while it charges, as well as some that will charge three devices at once. We’ve tested units from dozens of brands for our buying guides and keep putting Anker on our lists of winners. The brand makes some of the top picks in both our wireless charger guide and our list of the best multi-device chargers. Now, thanks to Black Friday, you can keep your devices topped off with quality accessories that are an even better value than usual.

Anker Black Friday deals: Power adapters

While wireless charging is faster than it’s ever been, cords are still the fastest way to charge your phone. Bigger devices like your laptop will reup faster on a high-wattage brick than on a dinky 20-watt adapter and if you want to keep your outlets more streamlined, go for a multi-port power adapter that will let you charge multiple devices at once. Again, after testing many brands, some of our most reliable picks continue to be from Anker. It shows up three times in our guide to the best fast chargers and we recommend the brand in a number of our accessories guides. Now that Black Friday is here, a number of Anker power adapters are on sale — so we rounded them all up here.

Anker Black Friday deals: Soundcore audio

We mostly think of Anker as a charging accessory brand. But they’ve expanded their scope by getting into audio equipment — and the effort was a success. You might not immediately pick up that these are Anker speakers — Soundcore shows up on the products themselves, but it’s the same company. We recommend a couple Soundcore music makers in our guide to the best Bluetooth speakers. They also make our overall favorite pair of budget earbuds, the Space A40. With Black Friday deals in full effect, these are the best Anker Soundcore deals we could find.

Black Friday deals on Ugreen, Biolite, Nimble and more

We’re fans of plenty of other brands aside from just Anker. Here are some of the other charging accessories that are also on sale for Black Friday. These come from our guide to MagSafe power banks, our standard power bank guide and our best fast charger roundup. If you want to read up on why these guys made the cut, check out those links. But if you just want to snag a few deals on electronics that Engadget has vetted, check out our picks below.

More Anker Black Friday deals

My personal favorite USB-C charging cable is made by Anker. It’s rated at 240 watts, has a durable build, plus it’s six-feet long and has a handy right angled connector at one end. Anker of course also makes plenty of other gear, from webcams to mice — that show up in our guides to the best accessories again and again. Here are the best Black Friday deals on Anker gear that doesn’t quite fit into the categories above.

This article originally appeared on Engadget at https://www.engadget.com/deals/anker-black-friday-deals-save-on-power-banks-wireless-chargers-power-adapters-and-other-accessories-164907229.html?src=rss

This page is your go-to resource for Black Friday subscription deals. From today through Cyber Monday and beyond, we'll be scouring the internet to find the steepest discounts and cheapest offers for all the best subscription services. The top streaming platforms are all giving out subscriptions like they were leftover turkey, but we've also found great deals on VPNs you can use to coax even more out of your streaming subscriptions. There are great learning apps, too, like Rosetta Stone and MasterClass deals, plus even more discounts on services like DeleteMe and Quicken. Check back here daily — we're always adding exciting new deals to the list.

Best Black Friday subscription deals

Audible (three months) for $3 (80 percent off): For literally $1 per month, you can get access to Audible's enormous library of published audiobooks, podcasts and Audible Originals (which can be anything from never-before-heard books to live performances). It's only three months, after which you'll have to cancel or renew at the regular price, but an audiobibliophile can cram a lot of listening into the 90 days after Black Friday.

Quicken Simplifi (one year) for $36 (50 percent off): We named Quicken Simplifi the best budgeting app this year largely because it lives up to its name. This is the cleanest budgeting app on the market, with an interface designed to welcome newcomers and no key information more than a scroll away. It's also cheap, especially with this Black Friday deal, and very good at detecting and categorizing your important transactions.

Monarch Money (one year) for $50 (50 percent off with code MONARCHVIP): Monarch Money, our other favorite budgeting app, is giving new users half off for Black Friday. It's a little more complex than Quicken Simplifi, but it also gives you finer-grained control, including detailed reporting, balance sheets and instant graphs. The standout goals feature lets you establish savings and wealth baselines that feel amazing when you hit them.

Rosetta Stone Lifetime Unlimited subscription for $149 (60 percent off): Rosetta Stone was pioneering visual language courses back when software still came in boxes, and it's still one of the best language learning apps. Today, its method works as well as ever, with patient learning based on pictures, terms and recordings. This deal gets you a full lifetime subscription with access to all 25 languages in the library.

Medium (one year) for $40 (20 percent off): Medium is a social site designed as the anti-Twitter, featuring deep thoughts and long-form essays from great writers. Not all its best work is locked behind a paywall, but a lot of it is — and we've all had the feeling of being frustrated that we can't read the latest drop from a thinker we really respect. This deal isn't a very big cut, but it is a noticeable savings over the monthly plan, which will cost you a full $120 for the same length of time ($150 without the discount).

Headspace (one year) for $35 (50 percent off): Out of all the meditation apps available, Headspace is our favorite. It doesn't just help you relax and de-stress, but also teaches you to practice meditation as a skill, with sessions building on each other in organized courses. There's a massive library of standalone guided meditations with all kinds of instructors, and it's easy to search for the ones that work best for you. This deal gives you half off a full year.

Calm Premium (one year) for $40 (50 percent off): Once you've finished your Headspace meditation, head over to Calm for every other stress-relieving activity you can think of. This subscription lets you relax amid a massive content library, from music and restful soundscapes to "sleep stories" with celebrity narrators telling bedtime stories for children and adults alike. If you've ever wanted to be lulled to sleep by Jonathan Bailey, Matthew McConaughey or Idris Elba, this app is for you.

AdGuard personal (lifetime) for $44 (45 percent off): AdGuard was recently in the news for automatically blocking Microsoft's Recall AI surveillance app, which is a great indication of its mission — it fights threats to your privacy, no matter where they come from. This lifetime subscription blocks all annoying third-party ads and trackers on any website while keeping its functionality otherwise unchanged, so everything loads faster and easier.

1Password (one year) for $29 (50 percent off): Using a password manager is one of the most important cybersecurity steps you can take right now. 1Password generates strong, unique passwords for every account, then saves them to autofill when you need them. We named it the best password manager in honor of its well-designed user interface and cross-platform compatibility.

LastPass Premium (one year) for $18 (50 percent off): LastPass is another great password manager. We briefly stopped recommending it after a couple of data breaches early last year, but it's patched up its security and seems to be firing on all cylinders again. Whether it suits you better than 1Password will come down to personal preference, but LastPass's deal is slightly better this year.

DeleteMe (all services) for 30 percent off with code BFCM30OFF25: DeleteMe scrubs your information from people search sites and other public-facing data brokers, dramatically reducing your online presence. It's a time-saving and user-friendly automation of a process that can be a real hassle without it. Since using it monthly, we've noticed a sharp decrease in the amount of spam emails, texts and calls to our personal addresses.

Adobe Creative Cloud (one year) for $389 (50 percent off): Adobe Creative Cloud is half off for one year right now, coming out to $389 for one year when you pay upfront. (There's a discounted $35 monthly rate as well, working out to $420 for the year.) Creative Cloud is Adobe's most comprehensive design package, including InDesign, Illustrator, Photoshop, Premiere and over 20 other apps. Whip up a website with Dreamweaver, paint on a digital canvas with Fresco or edit photos in Lightroom. It's a pretty steep cost for an individual, but puts a one-year subscription well within reach of a creative business.

Best Black Friday streaming deals

Apple TV+ (6 months) for $36 ($42 off): Apple TV+ has another of the best Black Friday streaming deals this year, offering a six months of access for only $36, which comes out to only $6 per month. The deal is live now for new and returning subscribers. Through December 1, you've got a great chance to stream shows like Severance, Ted Lasso, The Morning Show and For All Mankind for less — just remember the deal only applies if you subscribe directly through Apple and not through a third-party service.

Disney+ and Hulu bundle with ads (one year) for $60 (61 percent off): Disney took its time announcing its Black Friday deal on the newly merging Disney+ and Hulu, but the wait was worth it. This steep discount saves you more than 60 percent over the regular monthly price. Just in time for family gatherings, you'll have free access to Encanto and Moana 2 for the kids, The Bear and Only Murders in the Building for the adults, and Marvel and Star Wars adventures for everybody.

Paramount+ (2 months) for $6 ($20 off): Paramount+ is doing its Black Friday deal a little differently. Instead of a reasonably cheap long-term plan, you get an incredibly cheap short-term deal — two months for less than a Starbucks run costs these days. That's more than enough time to binge Yellowjackets, Dexter: Resurrection or Star Trek: Strange New Worlds, along with weeks of NFL games through CBS Sports.

Starz (one year) for $12 ($58 off): Pay upfront for one year and you can get more than $50 off a Stars annual subscription. There's a month-to-month option too, which costs $3 per month for the first three months if you don't want to commit to the full year. Either option gives you access to the entire Starz TV and movie library, including Outlander and Spartacus, with offline viewing and no ads.

Fubo Pro (first month) for $55 (35 percent off): Fubo is the live TV service that helps sports lovers cut the cord. When you sign up, it asks you your favorite teams, then automatically records every game they play. Fubo Pro includes 249 channels, covering everything from your local NFL and NBA networks to real ESPN8 (The Ocho) content like PowerSports World. There are even plenty of non-sports channels, and with 10 allowed screens per subscription, your whole family can enjoy the selection at once.

Sling TV Orange Day Pass for $1 (80 percent off): Sling TV is one of the best live streaming services, and has one of streaming TV's most unique deals: a commitment-free day pass that lets you stream whatever you want for 24 hours, including cable channels and exclusive sports. Normally, a day pass costs $5, but this Black Friday deal knocks that all the way down to $1.

Plex (lifetime pass) for $150 (40 percent off): Plex offers personal media servers you can use to organize your digital collection — imagine your own curated Netflix homepage that nothing ever vanishes from. It's also a streaming platform in its own right, with movies and TV from all genres and eras. Plex did just raise its prices, so now's your chance to get a lifetime pass for close to what it used to cost.

Walmart+ (one year) for $49 (50 percent off): No, Walmart hasn't started its own streaming platform, but it would probably have some pretty great drama. What you do get with Walmart+ is free shipping on carts over $35, exclusive deals, drone delivery in some cities and more. And if you did come here for streaming, Walmart+ also comes with your choice of Peacock Premium of Paramount+ Essential (we recommend Peacock Premium because it's more expensive on its own).

Fox One (six months) for $20 (50 percent off): Fox One is the newest streaming service on this list, launching just this August. It provides access to everything in the Fox catalog, including its sports and entertainment TV. Six months for $20 isn't quite as good a deal as Paramount+ is giving out, but it may still be a bargain if you're worried about losing Fox channels from your YouTube TV subscription.

Best VPN deals for Black Friday

ExpressVPN Basic (28 months) for $68.40 (81 percent off): ExpressVPN may be the most user-friendly VPN for sale right now, with fast download speeds (only 7 percent losses in our last test), quick connections and apps designed to stay out of your way. It's not the most feature-rich, but it excels at any bread-and-butter VPN task, staying leak-free and unblocking Netflix everywhere. You also get access to server locations in 105 countries. It also basically never drops the price this low, so if you're at all interested, now's the time to board the Express train.

Surfshark Starter (27 months) for $53.73 (87 percent off): According to the tests we ran for our latest review, Surfshark is the fastest VPN right now, with its download speeds, upload speeds and latencies all beating out competitors. It has more to offer beyond speed, too, as it's able to constantly rotate your IP address and generate double VPN paths between any two servers you choose.

NordVPN Basic (27 months) for $80.73 (74 percent off): NordVPN got very positive marks in our last review, where we called out its fast internet speeds, wide network of server locations and selection of exclusive features. It comes with a range of dedicated servers for obfuscation, onion routing, torrenting and more. Plus, it's one of the first VPNs getting a jump on post-quantum encryption.

CyberGhost VPN (28 months) for $56.84 (84 percent off): CyberGhost is always cheap — in fact, we named it the best budget VPN — but it's never behaved like an economy option. Its Smart Rules automation controls are the deepest in the industry, and its server network reaches 100 countries. Speeds are also quite good, though connections occasionally take a moment to establish.

hide.me VPN (26 months) for $99.95 (61 percent off): hide.me is currently our favorite free VPN, but its paid upgrade is just as competitive. The best thing about this deal is that you're guaranteed to get renewed at the same price and duration, which isn't always certain, even with otherwise reliable VPNs. hide.me gives you servers in 91 locations, all of them rated for up to a gigabyte of traffic per second.

Private Internet Access VPN (40 months) for $79.20 (83 percent off): Although we weren't wholly positive about Private Internet Access (PIA VPN) in our recent review, we can't deny it's a worthwhile choice for an affordable VPN. Although speeds can fluctuate, it comes with lots of desirable features on all platforms, like port forwarding (which makes torrents more stable) and two kinds of split tunneling.

This article originally appeared on Engadget at https://www.engadget.com/deals/black-friday-subscription-and-streaming-deals-include-discounts-on-apple-tv-hbo-max-disney-proton-vpn-and-more-180000123.html?src=rss

Black Friday is here in all of its discount glory. At this point, though, you might be feeling some deal fatigue. The entire month of November has been awash with holiday deals as “Black Friday” becomes more of a month-long event than a single-day affair.
Whether you’re just starting your holiday shopping now or you’re back to see if there are any good new deals, Engadget has you covered. We’ve been tracking the best Black Friday deals on tech since the month began, and we continue to do so today. As usual, there are a few surprises for Black Friday, and many of the best Black Friday deals we’ve seen over the past few weeks are still available today. To avoid unnecessary searching, we’ve collected the best Black Friday deals on tech you can get right here.

Black Friday deals: Engadget's top picks

Disney+ Hulu bundle — $60 for one year: The Disney+ and Hulu (with ads) bundle is on sale for $5 per month for one year (for a total of $60) through December 1. New and eligible returning subscribers can take advantage of this deal, and considering the bundle typically costs $13 per month, this deal represents more than a 50 percent discount on the standard monthly price.

Apple AirPods Pro 3 for $220 ($29 off): Apple's latest flagship wireless earbuds are the ones to get if you have an iPhone and any other Apple gear. They have improved sound quality, impressive ANC improvements, extra features like Live Translation and even better battery life.

Apple iPad A16 for $274 (21 percent off): Apple's cheapest iPad makes a great first tablet for kids, or anyone who just wants a basic slab for watching videos, online shopping, sending emails and more. It's plenty fast thanks to the A16 chipset that powers it, plus it has a nice screen, 128GB of storage in the base model and good battery life.

Apple TV+ — 6 months for $36: Apple TV+ is offering six months of access for only $36 for Black Friday, which comes out to a discounted price of $6 per month for the six-month period. The deal is live now for new and eligible returning subscribers and runs through December 1, giving you a chance to stream shows like Silo, The Morning Show and For All Mankind for less. The biggest caveat to the deal is that you must subscribe directly through Apple and not through a third-party service.

HBO Max — one year for $36: HBO Max's Black Friday deal gives subscribers one year streaming for $36 through December 1. This Black Friday streaming deal is on the ad-supported option, which normally goes for $11 per month. With this discount, you're getting it for $3 per month for one year. You can sign up via HBO Max's website or, if you're a Prime Video subscriber already, via that service as an add-on.

PlayStation 5 digital edition for $399 ($100 off): The PlayStation 5 is getting a major Black Friday discount, with $100 off consoles. That brings the PS5 Digital Edition down to $399, the standard PS5 to $449 and the new PS5 Pro to $649. If you’ve been holding out for the right time to upgrade or buy your first console, these are the deals to beat. You'll find them direct at Sony and from other retailers including Amazon and Walmart.

Nintendo Switch 2 + Mario Kart World bundle for $499: Black Friday Nintendo sales were announced recently and, unsurprisingly, there won't be many true deals out there this year. There are no straight discounts on the Switch 2 console, so your best bet is to pick up a bundle that saves you some cash on a Switch 2 game. One of the best is the Mario Kart Wold bundle, but Pokémon fans should consider the Pokémon Legends: Z-A bundle, too.

Meta Quest 3S VR headset for $250 ($50 off): We consider this to be the best VR headset for newbies or those on a budget. It's comfortable to wear for long sessions, has solid performance, comes with excellent controllers and you'll have access to a large app library with it.

PlayStation VR2 + Horizon Call of the Mountain bundle for $299 ($100 off): It’s hard to broadly recommend the PSVR2: The actual hardware is superb, but there aren’t a ton of standout exclusives to play. Thankfully, you can now use the device with a gaming PC through a separate adapter, though it’s all wired-only. Still, if you have cash to burn and want to dive into games like Gran Turismo 7, the Resident Evil 4 remake or the Horizon adventure bundled here, this is a new low. If this offer runs out of stock, the standalone headset is on sale for the same price. Also at Best Buy and Walmart.

DJI Neo drone for $159 (20 percent off, Prime exclusive): Yes, the Neo 2 just came out, but it's still unclear if that model will make its way to the US. For now, if you want an affordable drone to capture your next adventure, the original Neo remains an excellent option. It was our top pick for the best drone for those on a budget, and it's an even better buy at this sale price.

Samsung S95F (65-inch) for $2,298 ($700 off): The S95F is a premium model that's received almost universally stellar reviews for being especially bright among OLED TVs while keeping the bold colors and contrast expected from a QD-OLED panel. That brightness, combined with the display’s matte finish, means it’s uniquely adept at fending off glare. It also has four HDMI 2.1 ports and a native 165Hz refresh rate for gaming. That said, there’s still no Dolby Vision HDR, and the matte coating means that black tones won’t look as deep in a bright room. It's not cheap, but this is the lowest price we’ve seen for the 65-inch model. Also at Samsung and Best Buy.

Sonos Arc Ultra soundbar for $879 (20 percent off): Sonos' most premium soundbar offers crisp, clear sound and an impressive bass boost over the original. It has a sleek design and works with the Sonos Ace headphones as well. There are plenty of other Sonos Black Friday deals to consider as well, both on Amazon and direct at Sonos.

Google Pixel 10 Pro for $749 (25 percent off): You can get much better than this when it comes to Android phones. Google's latest flagship has a brighter display, longer battery life, a camera that supports 100x Pro Res Zoom and Pixelsnap (i.e. Qi2) charging support.

Black Friday streaming deals and subscription deals

MasterClass — up to 50 percent off annual subscriptions: The MasterClass Black Friday deal discounts most subscription tiers by 50 percent when you pay for one year upfront. The Premium tier, the most expensive option, usually costs $20 per month but now only sets you back $10 per month for one year. That gives you access to the entire MasterClass content library, offline viewing and up to six simultaneous streams.

Starz — one year for $12: Pay upfront for one year and you can get more than $50 off a Stars annual subscription. There's a month-to-month option too, which costs $3 per month for the first three months if you don't want to commit to the full year. Either option gives you access to the entire Starz TV and movie library with offline viewing and no ads.

Paramount+ (2 months) for $6 ($20 off): Paramount+ is doing its Black Friday deal a little differently. Instead of a reasonably cheap long-term plan, you get an incredibly cheap short-term deal — two months for less than a Starbucks run costs these days. That's more than enough time to binge Yellowjackets, Dexter: Resurrection or Star Trek: Strange New Worlds, along with weeks of NFL games through CBS Sports.

Sling TV Orange Day Pass for $1 (80 percent off): Sling TV is one of the best live streaming services, and has one of streaming TV's most unique deals: a commitment-free day pass that lets you stream whatever you want for 24 hours, including cable channels and exclusive sports. Normally, a day pass costs $5, but this Black Friday deal knocks that all the way down to $1.

Plex (lifetime pass) for $150 (40 percent off): Plex offers personal media servers you can use to organize your digital collection — imagine your own curated Netflix homepage that nothing ever vanishes from. It's also a streaming platform in its own right, with movies and TV from all genres and eras. Plex did just raise its prices, so now's your chance to get a lifetime pass for close to what it used to cost.

Audible — three months for $3 + $20 Audible credit: For literally $1 per month, you can get access to Audible's enormous library of published audiobooks, podcasts and Audible Originals (which can be anything from never-before-heard books to live performances). It's only three months, after which you'll have to cancel or renew at the regular price, but an audiobibliophile can cram a lot of listening into 90 days.

Proton VPN (24 months) for $59.76 (75 percent off): Proton VPN is our pick for the best VPN — a secure, trustworthy app that doesn't sacrifice features, speed or usability. Although its free plan does come with unlimited data, we recommend upgrading to get the full set of servers and features. With this deal, you'll get servers in 117 countries; better yet, every one of those we've tested so far can unblock Netflix.

1Password (one year) for $24 (50 percent off): Using a password manager is one of the most important cybersecurity steps you can take right now. 1Password generates strong, unique passwords for every account, then saves them to autofill when you need them. We named it the best password manager in honor of its well-designed user interface and cross-platform compatibility.

Monarch Money budgeting app (one year) for $50 (50 percent off with code MONARCHVIP): One of our favorite budgeting apps, Monarch Money gives you a lot of control over the organization of your funds. There's a helpful goals feature for when you're planning out big purchases or financial milestones you want to hit, and we found the month-in-review recap it provides to be more thorough than other budgeting apps we tried. There's even Zillow integration for folks looking to buy a home.

Black Friday Apple deals

Apple AirPods 4 for $69 (47 percent off): These are the most affordable AirPods you can get, and the latest model has been substantially improved over the previous. They have a better fit and noticeably better sound quality than their predecessor, plus some advanced features previously only found on pricer models.

Apple AirTags (four pack) for $63 (36 percent off): iPhone users who frequently misplace things should invest in a few AirTags. Slip them into your wallet, bag, jacket and other belongings to keep track of their locations in the Find My app. Just make sure that, if you're going to attach one to your keys, you also pick up an AirTag holder to go along with it.

Apple Watch SE 3 for $199 ($50 off): The SE has been our top pick for the best Apple Watch for those on a budget, and the latest model only solidifies that further. It has the same chipset found in the latest flagship Apple Watches, fast-charging capabilities, an always-on display and most of the same activity-tracking features you'll find in more expensive model.

Apple MacBook Air (13-inch, M4) for $749 ($250 off): Our top pick for the best laptop you can get, the M4 MacBook Air will be plenty of power for most people in a convenient, premium package. It's thin and light as ever, with an excellent keyboard and trackpad, plus enough battery life to get you through a whole day of work, video calls and more.

Apple Pencil Pro for $95 ($35 off) at Amazon: The Apple Pencil situation is a little messy, so you’ll want to double check which model is compatible with your particular iPad. The Pencil Pro is the most fully featured in the lineup with haptic feedback, barrel roll and squeeze capabilities, and a hover preview feature. It’ll work with the two most recent models of the Air and Pro iPads, as well as the latest iPad mini. Also at Walmart and Best Buy.

Black Friday deals under $50

LEGO Botanicals Happy Plants Building Toys 10349 for $18 (20 percent off): Here’s an ideal Secret Santa gift — everyone loves Legos and these cheery little guys will keep your giftee company at their desk or on a windowsill, and are the lowest-maintenance plants around. Also at Target and Walmart; it's one of many Lego Black Friday deals you can get right now.

Philips fabric shaver for $13 (32 percent off): Consider this the Black Friday tech deal you didn't know you needed. If you have shirts, sweaters, pants, even blankets that have pilled over time, this handy little fabric shaver can get them looking more like new again. I bought this on a whim after wishing I could refresh some of my most-loved wardrobe staples without spending hours pulling pills off myself. Philips' fabric shaver has delivered and then some, and my clothes look much fresher than before.

Amazon Smart Plug for $13 (48 percent off): Those who use Alexa often will get the most out of this smart plug. We like that it's super simple to set up and can turn almost anything with an on-off switch "smart," allowing you to control it via your phone or with Alexa voice commands.

Roku Streaming Stick Plus for $19 (52 percent off): This is one of the best Roku devices to get if you're on a budget and just want to make an aging TV set feel a little bit newer. This model supports 4K HDR content, has pretty accurate universal search and gives you access to a ton of free content to watch via Roku's streaming OS.

Govee Smart LED Light Bars for $30 ($20 off, Prime exclusive): Another of our stocking stuffer picks are these smart LED light bars from Govee. They can stand up or lie flat so they can go just about anywhere and are infinitely adjustable via the app. You can even set them to light up in sync with your music. Alexa and the Google Assistant will let you control them with just your voice (and a smart speaker).

Samsung Evo Select (512GB) for $33 ($14 off): We recommend the Evo Select in our microSD card buying guide for those on a tight budget. It has mediocre write speeds, so it’s not ideal for a camera, but it should be serviceable for most people just looking to add space to an Android tablet or original Nintendo Switch on the cheap. (Note that this is a standard UHS-I card, not a newer microSD Express model.) This deal matches the lowest price to date for the 512GB variant. Also at Samsung and B&H.

UGreen Uno Nexode Charger Block (65W, 3-Port) for $33 (35 percent off): There are other ways to charge your devices, but few are this cute. That’s why we named it one of the best stocking stuffers you can buy. You get three ports in its head and outlet prongs hidden in its removable magnetic feet. Its 65 watts are enough to charge multiple devices at once. Also available directly from UGreen.

Best Black Friday deals on tech

Dyson AM09 Hot + Cool heater and fan for $300 ($200 off): I've had this heater and fan for over five years at this point and it remains one of my favorite pieces of tech. It's lightweight enough to carry from room to room and it's both a heater and a fan: it cuts the chill in my home office during the winter, and circulates the air to keep me cooler in the summer. You can control the whole thing using the included remote (and it includes a sleep timer), and it handily attaches magnetically to the top of the device so you don't misplace it.

Sony WH-1000XM5 headphones for $248 ($158 off): While the new XM6 headphones have replaced these as Sony's flagship cans, that doesn't mean the XM5 aren't worth buying. They were our top pick for the best wireless headphones for years before the XM6 came around, and they still have excellent ANC, great sound quality, long battery life, a comfortable fit and handy extra features like multipoint connectivity.

Sony PlayStation Portal for $179 at Amazon ($21 off): Included in the many Black Friday deals on PS5 consoles, games and accessories is this first major discount for Sony’s remote play handheld, which recently added the ability to run games directly from the cloud. Just note you need a PlayStation Plus Premium subscription for that. Anecdotally, I’ve found it a godsend as a new dad. Also at Best Buy, Walmart and others.

Hisense U65QF (55-inch) for $398 ($402 off MSRP): The U65QF is another entry-level LED TV with generally positive reviews. Most feedback around the web suggests that it can’t match the QM6K in terms of contrast, gaming features and overall accuracy, so TCL’s model should be a better buy for most. This iteration also uses Amazon’s Fire TV platform instead of the cleaner Google TV. It can achieve a higher peak brightness, however, so it’s worth considering if you get particularly bad glare in your living room. This is the lowest price we’ve seen for the 55-inch model, but the 65-inch ($548), 75-inch ($748) and 85-inch ($900) models are also at all-time lows. Also at Best Buy.

LEGO Star Wars Millennium Falcon A New Hope 25th Anniversary Collectable 75375 for $68 (20 percent off): This is a set that any Star Wars fan will love to build and then love to display once it's complete. The 921-piece set features a fully-detailed Millennium Falcone, buildable stand and nameplate. It's one of many Lego Black Friday deals you can get right now.

Amazon Kindle Colorsoft (16GB) for $170 ($80 off): The latest color ereader in Amazon's lineup includes a seven-inch, high-contrast display, USB-C charging and a battery life that can last up to eight weeks on a single charge. Its design is waterproof too, so you don't need to baby it if you take it by the pool or to the beach. If you prefer a black-and-white screen, the base Kindle is also on sale for $80.

Aura 10.1-inch digital frame for $139 (22 percent off): Aura makes some of our favorite digital frames, and this one has a 10-inch HD display, Wi-Fi connectivity and an elegant mat design. Arguably the best thing about Aura frames in general is that you don't have to pay a subscription fee to add photos to it over time — all photos are stored in the cloud, and multiple people can add photos to one frame.

Ninja Creami ice cream maker for $180 (22 percent off): The Creami has been one of the most sought-after kitchen appliances of the past couple of years, and for good reason. It's one of our favorite pieces of kitchen gear because it makes it a breeze to prepare custom ice cream and many other frozen treats. It's definitely worthwhile investment if you're an ice cream lover and want to experiment with making your own flavors.

Dyson 360 Vis Nav robot vacuum for $400 ($600 off): This is one of the best robot vacuums you can get, period. It doesn't have a self-emptying base, but its superior suction power almost makes up for that. It's one of the strongest robot vacuums I've ever tested, and it has excellent obstacle avoidance. The latter means you will rarely, if ever, have to attend to it getting caught on the edge of a carpet or getting stuck under a piece of furniture.

Black Friday FAQs

When is Black Friday 2025?

Black Friday 2025 lands on November 28.

When do Black Friday sales start?

Gone are the times when Black Friday sales were one-day-only affairs. Now, Black Friday deals are often available starting on Thanksgiving, or even earlier. Last year, we saw Black Friday deals online begin the week before Black Friday proper.

When do Black Friday sales end?

Black Friday and Cyber Monday have blended a lot over the past few years. Now, you can expect to see a good portion of Black Friday deals extend through the weekend and into Cyber Monday. It's not uncommon for Black Friday deals to expire at the end of Cyber Monday.

Does Amazon have Black Friday sales?

Yes, Amazon has Black Friday sales. The online retailer's site will look similar to Prime Day on Black Friday, with discounts on all sorts of items from household essentials to fashion to tech.

Does Apple have Black Friday sales?

No, you will usually not find Black Friday sales at Apple stores or on Apple's website. However, you can find Black Friday deals on Apple devices elsewhere; we recommend checking Amazon, Best Buy and other big retailers for discounts on iPads, Apple Watches and more on Black Friday.

Which retailers have the best Black Friday tech deals?

The best Black Friday tech deals are typically available online at retailers like Amazon, Walmart, Best Buy and Target. It's also a good idea to check the store websites of the companies that make the products you want — for example, if you're looking for a Sonos speaker, check the Sonos website on Black Friday. Most of the time, you'll find the best Black Friday tech deals are matched at multiple retailers.

Which stores have Black Friday deals?

Many physical retail stores have Black Friday deals including Walmart, Target, Best Buy and others. Even more retailers have online Black Friday deals, including Amazon, GameStop, Costco and others.

This article originally appeared on Engadget at https://www.engadget.com/deals/the-best-black-friday-deals-on-tech-for-2025-get-up-to-50-percent-off-gear-from-apple-amazon-disney-lego-dyson-and-others-230008015.html?src=rss

Roscosmos confirms 'damage' as images suggest repairs could stretch into 2027

The pad used by Russia to send Soyuz spacecraft to the International Space Station (ISS) sustained damage during yesterday's crew launch, according to Roscosmos....

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials....

Crims claim to know which customers are marked 'vulnerable'

British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files....

Project cites fears of state access as cloud sovereignty row deepens

French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy....

If that's a step too far, then there are new versions of CDE – and tmux

The oldest of the open source Linux desktops is planning its final steps away from X11, while an even older Unix desktop is getting freshened up....

Pushes semiconductor familiarity via chip-shaped edible squares

SK hynix has launched HBM-themed square corn snacks at 7-Eleven, because nothing explains bandwidth like carbs and chocolate....

Training outfit scrambles to fix all-male lineup before December kickoff

Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity....

Nvidia's accelerators look pricey, but bullion still wins on cost per ounce

For as long as I have been a reporter and analyst in the IT sector, November has always been supercomputing month. Way before there was a TOP500 ranking of supercomputers in June 1993 but just as I was leaving university, the first Supercomputing Conference was held in Orlando in 1988. And that November SC show set the cadence for high-performance computing for the decades that followed....

Another reason why the OS seems to swell with every update

Changing text in Microsoft Windows requires freezing string updates well before code changes stop, often leading to strange wording that persists for years....

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule

The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor had even reached the dispatch box....

The Buckeyes and Wolverines meet in the Big House in Ann Arbor, Michigan today, and you don't need cable to watch.

If you're tired of cooking or eating heavy meals after Thanksgiving, these healthy air fryer recipes are what experts recommend.

Here are the answers for The New York Times Mini Crossword for Nov. 29.

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for Nov. 29, No. 432.

Commentary: You probably won't find a better psychological thriller than this new Netflix limited series.

Take it from a professional traveler who gives her mugs a serious beating -- this model is the one to buy.

Here are some hints and the answers for the NYT Connections puzzle for Nov. 29, #902.

Here are hints and answers for the NYT Strands puzzle for Nov. 29, No. 636.

Here are hints and the answer for today's Wordle for Nov. 29, No. 1,624.

What's the secret to a very un-merry shopping season? A brand new, unusable drone.

"We are going to learn just how important the ISS is to leadership."

Buy some laptops, or a streaming stick, to honor the passing of our greatest hero.

Yellowstone has long been a mecca for scientists studying how predators affect the environment.

It's a fun new format, but finding a place in the market may be challenging.

Beyond the blockbusters: This watch list has something for everyone over the long holiday weekend.

The parasite, typically found in dogs, was visibly moving under her skin.

The company is closer to increasing its Vulcan launch cadence, but it won't happen this year.

Over the course of 2025, electricity demand has gradually declined.

Ralph Abraham is "dangerous," but somehow not the worst among those considered.

OpenAI’s response to teen suicide case is “disturbing,” lawyer says.

Meta's big Black Friday sale includes 20 percent off on prescription lenses and sales on compatible Garmin watches.

Tractive smart cat and dog GPS and health trackers are nearly half off right now.

These rumbly motor-powered sex toys—for all bodies and genders—promise good vibes for all.

Some of the best MacBooks, Chromebooks, and gaming laptops I've reviewed this year have steep discounts for Black Friday.

Our Reviews team has scoured the entire internet to find the best Black Friday deals on gear we've tested and approved.

What the Rocco fridge lacks in smarts, it makes up for in looks. You have a few hours left to save on the brand's Black Friday sale.

Best Buy is rolling out really great deals on some of our favorite tech that we've tested this year.

Name a better time to stock up on beauty bargains—I'll wait.

Some of the best sales of the year on mattresses, mattress toppers, and pillows are happening right now.

All-Clad is the best, with a price tag to match. These Black Friday deals can help you save some cash.

Black Friday is over, and we pulled the numbers on our top-selling products. Here's what we found.

Sam's Club Black Friday deals are ending soon, and there's not much time left to save on tech, laptops, TVs, and household appliances.

Black Friday sales have arrived, and nearly every major retailer is offering big discounts on items from LG, Apple, Garmin, Samsung, and far more.

Black Friday is nearly over but you can still find great PlayStation deals now from Amazon, Target, Walmart, and others. I've collected some of the best for you.

Black Friday deals won't last, so don't wait on these steep discounts on Samsung TVs, Galaxy smartphones, and more.

Don't miss a chance to score Black Friday iPad deals in real time, so you can find the best price on an iPad, iPad Air, iPad Pro, and more.

My favorite DeWalt power tool kit is perfect for DIY beginners and tradespeople, and it's currently at its lowest price of the year on Amazon for Black Friday.

It's official: Walmart has the best Black Friday deals. Check out our roundup of the top deals.

I'm tracking 26 of the best Black Friday deals on laptops I've seen that are still live tonight, including the new MacBook Air M4 for 25% off.

Cut the cord once and for all with these unbeatable Black Friday deals on the most popular streaming services before they disappear.

Natural-language scheduling and conflict checks on Apple devices with a 3-year plan at 49% off.

The post Turn Emails Into Events with Smart Calendars AI for $30 appeared first on TechRepublic.

Bring AI in-house—keep data on-device for chat, document analysis, and coding help without cloud reliance.

The post Build a Private AI Workflow on Your PC for Just $79 appeared first on TechRepublic.

Consumers place growing trust in agentic commerce, according to new UK research from payments consultancy PSE Consulting.

The post Black Friday Sees Surge in AI-Assisted Shopping in UK appeared first on TechRepublic.

The core of the dispute centers on how penalties for anti-competitive behavior are calculated.

The post Apple Challenges India’s $38B Fine Threat appeared first on TechRepublic.

The accord covers two major legislative texts: the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).

The post EU Reaches Landmark Deal to Curb Online Payment Fraud appeared first on TechRepublic.

The impending ban is facing a constitutional challenge from two 15-year-olds, who are backed by the advocacy group, the Digital Freedom Project.

The post Australian Teens Seek Injunction to Block Nationwide Social Media Cut-Off appeared first on TechRepublic.

The incident occurred in September, and the Japanese firm has now released its full internal investigation results.

The post Asahi Confirms Cyberattack Exposed Data of 1.5M Customers appeared first on TechRepublic.

A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration.

The post Microsoft Teams Guest Access Leaves Users Exposed to Attacks appeared first on TechRepublic.

Advance your operational toolkit with dual-belt training that's 52% off.

The post Build Essential Process Skills with This Lean Six Sigma Certification Deal appeared first on TechRepublic.

This $59.99 3-year subscription delivers consolidated AI tools and 80% in total savings.

The post Unlock the Power of 1min.AI’s Advanced Business Plan at 80% off appeared first on TechRepublic.

As Mashable's tech editor, I can tell you which products really deserve a spot in your shopping cart.

As Mashable's tech editor, I get early access to a lot of really cool products. I also have a pretty deep knowledge of the coolest new gadgets of 2025, from the latest virtual reality tech to everyday fitness trackers and new Apple laptops. I've also been covering ...

Registration number more expensive than the car itself?

A sensible flagship that delivers. The iQOO 15 delivers true flagship-grade performance, a gorgeous display, and excellent battery life at ₹72,999, without the gimmicks or inflated premium tax.

Poco enters premium segment with Bose partnership and Snapdragon power. Poco Launches F8 Ultra And F8 Pro With Bose-Tuned Audio At Global Event

iPhone 16 sees major price cut on Amazon ahead of Black Friday. iPhone 16 Sees Biggest Price Drop Yet Ahead Of Amazon Black Friday Sale

OpenAI warns API users after Mixpanel breach exposes limited non-sensitive account data. OpenAI Confirms Data Exposure After Mixpanel Breach; API Users Warned Of Phishing Risks

AI-generated GTA 6 clips fooled millions online AI-Generated Fake GTA 6 'Leaks' Go Viral On X, Misleads Millions Of Fans

Big screen value done right. Croma’s 55-inch UHD TV delivers impressive 4K performance, smooth smart TV features, and unbeatable value at ₹47,500.

Last day of sale—November 30

Acing the basics A practical, smooth, long-lasting budget smartphone that delivers dependable performance without stretching your wallet.

The longtime tech leader left the NHL franchise earlier this year to embark on a new adventure: Highmark Sports Group, his own consultancy aimed at helping sports teams, leagues, and companies boost their operations. Read More

UW is powering up its vision for a brighter, more sustainable future with a newly completed solar canopy installed in a sprawling parking lot north of Husky Stadium. Read More

In Armoire's first big AI splash, the company recently launched a virtual stylist to support customers in their search for the perfect tops, pants, jackets and dresses. Read More

A generation of experienced tech professionals — directors, senior managers, etc. — are discovering that they aren't immune to the widespread layoffs happening across Big Tech. Read More

If you’re building an early-stage startup and trying to raise venture capital dollars to fuel your big ideas — focus… Read More

Before he became the CEO of Portal Space Systems, Jeff Thornburg worked for two of the world's most innovative space-minded billionaires. Now he's working on an idea those billionaires never pursued: building a spacecraft powered by the heat of focused sunlight. Read More

What's the real value in AI tools — and what separates those who use them well from those who don't? Sam Ransbotham, host of MIT Sloan Management Review's "Me, Myself and AI" podcast, joins Todd Bishop for a two-part collaboration between the shows. Read More

Verizon is laying off approximately 168 employees in Washington state, including analysts, engineers and retail workers. Read More

The U.S. Consumer Product Safety Commission said some Rad batteries "can unexpectedly ignite and explode," but the e-bike maker disputed the agency's findings. Read More

Amazon plans to transform a closed Amazon Fresh Pickup site in Seattle into a new retail-style delivery hub for ultrafast local orders — a sign of the company’s evolving strategy for hyperlocal fulfillment. Read More

As ransomware threats rise, UK businesses must evolve skills and strategy to build lasting cyber resilience.

Here's how to watch UK Championship 2025 live streams from anywhere in the world, including for free, as the biggest names in snooker take to the baize in York.

The Hunting Wives season 2 is officially in production. Here's everything we know so far about the hit Netflix show's return.

Tackling cybersecurity burnout: causes, consequences, and actionable strategies for healthier, more productive, and engaged teams.

Save more when you buy the HyperX QuadCast 2 S in a bundle

This Sharge 3-in-1 retractable power bank isn't just the most stylish battery pack I've tested; it boasts a fantastic feature set, including built-in wall prongs, and is discounted for Black Friday.

Even without a discount, the Canon EOS R100 single-lens kit costs under a grand in Australia, but you can take advantage of the current 27% discount and pick up this truly an exceptional entry-level mirrorless camera for even less.

I have 20 years of PC gaming under my belt, and these are the Black Friday deals that caught my eye.

The feature-packed Dreame AirPursue PM20 is down to its lowest price ever for Black Friday.

Read on for my list – that I pieced together, brick-by-brick – of the 58 best Lego Black Friday deals to shop right now. Major Lego themes like Star Wars, Disney, Technic, Botanicals, Classic, Creator, and Icons, as well as sets for under $10.

Het gebruik van Amerikaanse clouddiensten voor de opslag van gevoelige overheidsdata is vaak onacceptabel, zo stelt Privatim, ...

Simone Smit wordt volgend jaar maart de nieuwe directeur van de AIVD en volgt daarmee Erik Akerboom op die eerder zijn vertrek ...

Het onderzoek naar een aparte domeinextensie voor overheidswebsites is nog gaande en wordt op zijn vroegst eind dit jaar ...

De Spaanse privacytoezichthouder AEPD heeft de Spaanse luchthavenbeheerder Aena een boete van 10 miljoen euro opgelegd wegens ...

De makers van het besturingssysteem GrapheneOS hebben hun servers weggehaald uit Frankrijk. Volgens de ontwikkelaars is het ...

Studenten en it-professionals hebben de afgelopen weken tientallen kwetsbaarheden in systemen van de Belgische overheid ...

Hardwarefabrikant D-Link waarschuwt gebruikers voor een botnet dat kwetsbare NAS-systemen aanvalt en roept op tot het vervangen ...

De Britse overheid roept mkb-bedrijven op om gebruik te maken van passphrases en een wachtwoordmanager en updates op tijd te ...

De meeste jonge cybercriminelen stoppen als ze de twintig zijn gepasseerd, wat overeenkomt met andere vormen van criminaliteit, ...

De Franse uitgever Conde Nast heeft een boete van 750.000 euro gekregen omdat het illegaal cookies plaatste bij bezoekers van ...

Black fungus found growing inside Chernobyl's destroyed reactor may be feeding on radiation, and researchers have tested samples of the same species aboard the International Space Station to explore whether it could eventually shield astronauts from cosmic rays. Ukrainian scientist Nelli Zhdanova first discovered the melanin-rich mould colonizing the walls and ceilings of the exploded reactor building during a May 1997 survey. Her research indicated that the fungal hyphae were actually growing toward sources of ionizing radiation rather than merely tolerating it. In 2007, nuclear scientist Ekaterina Dadachova at the Albert Einstein College of Medicine found that melanised fungi grew 10% faster when exposed to radioactive caesium compared to control samples, leading her to propose "radiosynthesis" -- a process where organisms convert radiation into metabolic energy. The same strain, Cladosporium sphaerospermum, traveled to the ISS in December 2018 and grew an average of 1.21 times faster over 26 days compared to Earth-based controls. Nils Averesch, a biochemist at the University of Florida and co-author of that study, remains cautious about attributing the growth boost to radiation harvesting since zero gravity could also be responsible.

Read more of this story at Slashdot.

Europe's Airbus said on Friday it was ordering immediate repairs to 6,000 of its widely used A320 family of jets in a sweeping recall affecting more than half the global fleet, threatening upheaval during the busiest travel weekend of the year in the United States and disruption worldwide. From a report: The setback appears to be among the largest recalls affecting Airbus in its 55-year history and comes weeks after the A320 overtook the Boeing 737 as the most-delivered model. At the time Airbus issued its bulletin to the plane's more than 350 operators, some 3,000 A320-family jets were in the air. The fix mainly involves reverting to earlier software and is relatively simple, but must be carried out before the planes can fly again, other than repositioning to repair centres, according to the bulletin to airlines seen by Reuters. Airlines from the United States to South America, Europe, India and New Zealand warned the repairs could potentially cause flight delays or cancellations.

Read more of this story at Slashdot.

EU antitrust regulators will examine whether Apple's Apple Ads and Apple Maps should be subject to the onerous requirements of the bloc's digital rules after both services hit key criteria, with the U.S. tech giant saying they should be exempted. From a report: Apple's App Store, iOS operating system and Safari web browser were designated core platform services under the Digital Markets Act two years ago aimed at reining in the power of Big Tech and opening up the field to rivals so consumers can have more choice. The European Commission said that Apple has notified it that Apple Ads and Apple Maps met the Act's two thresholds to be considered "gatekeepers." The DMA designates companies with services with more than 45 million monthly active users and $79 billion in market capitalisation as gatekeepers subject to a list of dos and don'ts.

Read more of this story at Slashdot.

A new study published in Communications Earth & Environment has reconstructed the climate conditions of the ancient Indus River Valley civilization between 3000 and 1000 B.C., finding that four intense droughts -- each lasting more than 85 years -- likely drove the gradual decline of one of the world's earliest advanced societies. The research team, led by Hiren Solanki at the Indian Institute of Technology, Gandhinagar, combined paleoclimate data from cave formations and lake records with computer models to determine that the region shifted from wetter-than-present monsoon conditions to prolonged dry spells as the tropical Pacific Ocean warmed. The third drought, peaking around 1733 B.C., proved the most severe: it lasted 164 years, reduced annual rainfall by 13%, and affected nearly the entire region. Overall temperatures rose by 0.5 degrees Celsius and rainfall dropped between 10 and 20%. These changes shrank lakes and rivers, dried soils, and made agriculture increasingly difficult in areas away from major waterways. Harappan settlements progressively relocated eastward toward the Indus River over roughly 2,000 years. The civilization's long survival under repeated climate stress -- through crop switching, trade diversification, and settlement relocation -- offers lessons for modern communities facing environmental pressures, the researchers said.

Read more of this story at Slashdot.

The bitter standoff between Dutch chipmaker Nexperia -- which supplies basic chips crucial to 49% of European automakers, over 85% of medical device companies, and the entire defense industry -- and its Chinese parent company Wingtech escalated on Friday when both Wingtech and Nexperia's Chinese unit accused the Dutch business of secretly building a supply chain that would cut China out entirely. The accusations came one day after Nexperia's Dutch headquarters published an open letter claiming it had repeatedly tried and failed to contact its Chinese unit. Nexperia China demanded the Dutch side halt its overseas expansion plans, specifically a $300 million investment in a Malaysian plant, and alleged an internal company target to source 90% of production outside China by mid-2026. The Chinese unit also accused its European counterparts of deleting employee email accounts and cutting off access to IT systems. The dispute traces back to September when the Dutch government invoked a Cold War-era law to seize control of Nexperia on economic security grounds. An Amsterdam court subsequently stripped Wingtech of its ownership rights. Beijing retaliated by halting exports of finished Nexperia chips on October 4, triggering warnings of production shutdowns from automakers including Nissan and Bosch. Export curbs were relaxed in early November, and the Dutch government suspended its intervention last week following talks, but the court ruling remains in force. Wingtech warned that supply disruptions could return if the control issue remains unresolved.

Read more of this story at Slashdot.

Australia warned it's in danger of missing its 2035 climate targets without deeper pollution cuts, which in turn threatens the nation's ambitions to reach net zero by mid-century. From a report: Emissions are set to fall 48% by 2035 from 2005 levels based on current projections [non-paywalled source], the government said in a report on Thursday. That's short of an official pledge to cut greenhouse gases between 62% and 70%. The forecast doesn't take into account new action planned under the nation's Net Zero Plan. Still, the targets remain achievable and officials plan to take additional measures to meet them, Minister for Climate Change and Energy Chris Bowen said in a speech to parliament.

Read more of this story at Slashdot.

Singapore has claimed the top spot in the 2025 Global Talent Competitiveness Index for the first time, displacing Switzerland from a position the European nation had held since the ranking's inception in 2013. The index, produced by business school INSEAD and the Portulans Institute, measured 135 economies across 77 indicators spanning soft skills, AI talent concentration, and formal education systems. The city-state ranked first globally in formal education and what the report calls "Generalist Adaptive Skills," a category covering soft skills, digital literacy, and innovation-oriented thinking. A key factor in Singapore's rise was a seven-place jump in talent retention, moving from 38th to 31st. The United States fell from third place in 2023 to ninth this year, its weakest showing in 12 years, due to declines in openness and lifelong learning metrics. High-income European countries continue to dominate the top ten, holding seven positions.

Read more of this story at Slashdot.

European leaders have spent years warning that the continent risked falling behind the U.S., China and Russia in the global contest for economic, technological and military dominance, and officials now believe they have reached that point. The mood darkened over the summer when Europe found itself on the sidelines as Washington and Beijing negotiated a reset of global trade rules, and turned bleak this month when the White House presented a Ukraine cease-fire plan without consulting European capitals. In July, the EU accepted a trade deal allowing the U.S. to impose 15% tariffs without retaliation. President Trump ignored European calls to pressure Moscow before meeting Vladimir Putin in Alaska in August, telling reporters "this is not to do with Europe, Europe's not telling me what to do." Germany has eased its debt brake to pour $580 billion into a decade-long rearmament program, and the EU has set a 2030 rearmament goal -- defense spending across the region is set to exceed $560 billion this year, double what it was a decade ago. "Battle lines for a new world order, based on power, are being drawn right now," European Commission President Ursula von der Leyen said in September. "A new Europe must emerge."

Read more of this story at Slashdot.

Apple's Podcasts app on both iOS and Mac has been exhibiting strange behavior for months, spontaneously launching and presenting users with obscure religion, spirituality and education podcasts they never subscribed to -- and at least one of these podcasts contains a link attempting a cross-site scripting attack, 404 Media reports. Joseph Cox, a journalist at the outlet, documented the issue after repeatedly finding his Mac had launched the Podcasts app on its own, presenting bizarre podcasts with titles containing garbled code, external URLs to Spotify and Google Play, and in one case, what appears to be XSS attack code embedded directly in the podcast title itself. Patrick Wardle, a macOS security expert and creator of Objective-See, confirmed he could replicate similar behavior: simply visiting a website can trigger the Podcasts app to open and load an attacker-chosen podcast without any user prompt or approval. Wardle said this creates "a very effective delivery mechanism" if a vulnerability exists in the Podcasts app, and the level of probing suggests adversaries are actively evaluating it as a potential target. The XSS-attempting podcast dates from around 2019. A recent review in the app asked "How does Apple allow this attempted XSS attack?" Asked for comment five times by 404 Media, Apple did not respond.

Read more of this story at Slashdot.

Australia's streaming quotas have become law. Legislation requiring the likes of Netflix, Disney+ and HBO Max to spend a portion of their local earnings on original Australian content has been passed in parliament, and now comes into effect. From a report: The quotas were announced earlier this month. This will see global streamers with more than one million Australian subscribers made to spend 10% of their total Australian expenditure -- or 7.5% of their revenues -- on local originals, whether they are dramas, children's shows, docs, or arts and educational programs. Failing to comply with the rules will see streamers fined up to ten times their annual revenues in Australia. This is more than what broadcasters are liable for if they breach their quota rules laws. Streamers will be given three years to get their production operations in line. Streamers have long opposed government-set quotas and content levies, arguing they already meaningfully invest in the production sectors of the countries in which they operate. Producers, in general, have welcomed the systems, but remain wary that they could push streaming services out of their countries.

Read more of this story at Slashdot.

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials....

Crims claim to know which customers are marked 'vulnerable'

British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files....

Project cites fears of state access as cloud sovereignty row deepens

French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy....

Training outfit scrambles to fix all-male lineup before December kickoff

Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity....

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule

The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor had even reached the dispatch box....

OBR says the scheme will cost £600M a year with no identified savings

The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible refused to name a figure....

Talk about buyer’s remorse

South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack....

ReliaQuest finds fresh crop of phishing domains and toxic tickets

Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest....

ChatGPT maker places other vendors under review following breach

OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel....

Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio

Malicious intruders have hijacked US radio gear to turn emergency broadcast tones into a profanity-laced alarm system....

NCEES explains why licensure matters for engineers and answers your top questions about the FE and PE exams. Source Views: 8

La entrada Thinking About Becoming a Licensed Engineer? Start Here. se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

View our compilation of online stories and resources highlighting the Hispanic community and their contributions to STEM. Source Views: 6

La entrada Celebrate Hispanic Heritage Month With SWE se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team Software supply chain attacks have emerged as a serious threat in the rapidly evolving field of cybersecurity, especially in medical devices. As these devices become more and more interconnected and dependent on complex software ecosystems, the potential for exploitation through the supply chain has grown exponentially. One powerful tool […]

La entrada The Critical Role of Sboms (Software Bill of Materials) In Defending Medtech From Software Supply Chain Threats – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cyberdefensemagazine.com – Author: News team It’s common knowledge in the cybersecurity industry that ransomware is on the rise, with median demands rising 20% year-over-year across virtually all industries. But it’s not only the ransom sums themselves that are escalating; threat actors are engaging in increasingly aggressive tactics and techniques to extort their victims. It’s […]

La entrada Ransomware Tactics Are Shifting. Here’s How to Keep Up – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Rob Wright CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Original Post URL: https://www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity Category & Tags: – Views: 5

La entrada French Advisory Sheds Light on Apple Spyware Activity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Riaz Lakhani Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Original Post URL: https://www.darkreading.com/cyberattacks-data-breaches/without-federal-help-cyber-defense-cisa Category & Tags: – Views: 9

La entrada Without Federal Help, Cyber Defense Is Up to the Rest of Us – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Gaurav Banga Here’s a scenario security teams increasingly face. A user—or an attacker pretending to be one—types something like: This is how many prompt injection attempts begin. The phrase looks harmless, but it’s a red flag: the user is telling the AI to forget its built‐in rules. What follows is often […]

La entrada Safer Conversational AI for Cybersecurity: The BIX Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Sofia Naer Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we explore whether Operation Eastwood had any real impact on […]

La entrada Operation Eastwood: Measuring the Real Impact on NoName057(16) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The post CISA Lays Out Roadmap for CVE Program’s ‘Quality […]

La entrada CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Marc Handelman via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/randall-munroes-xkcd-dual-roomba/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-dual-roomba Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 8

La entrada Randall Munroe’s XKCD ‘Dual Roomba’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

Cronos launches x402 PayTech Hackathon with $42K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.

Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.

A vulnerability labeled as problematic has been found in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-6666. The physical device can be targeted for the attack. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Anjaliavv51 Retro up to 2.4.6. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-66036. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in xmall 1.1. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-65540. The attack can be launched remotely. No exploit exists.

A vulnerability was found in krpano up to 1.23.1. It has been rated as problematic. This affects the function passQueryParameters of the component URL Handler. This manipulation of the argument xml causes cross site scripting. This vulnerability is handled as CVE-2025-65892. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in danny-avila LibreChat up to 0.8.1-rc1. It has been declared as critical. The impacted element is an unknown function of the component OpenAPI Handler. The manipulation results in server-side request forgery. This vulnerability is known as CVE-2025-66201. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in ricardoboss PubNet up to 1.1.2. It has been classified as critical. The affected element is an unknown function of the file /api/storage/upload. The manipulation of the argument author-id leads to missing authorization. This vulnerability is traded as CVE-2025-65112. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in shama willitmerge up to 0.2.1 and classified as critical. Impacted is an unknown function of the component User Control. Executing manipulation can lead to command injection. This vulnerability appears as CVE-2025-66219. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in jvde-github AIS-catcher up to 0.63 and classified as critical. This issue affects the function AIS::Message. Performing manipulation results in incorrect calculation of buffer size. This vulnerability is reported as CVE-2025-66216. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in kiteworks MFT up to 9.0.x. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2025-53897. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Kiteworks MFT up to 9.0.x. This affects an unknown part. This manipulation causes session expiration. This vulnerability is registered as CVE-2025-53896. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

https://security-tracker.debian.org/tracker/DSA-6065-1

https://security-tracker.debian.org/tracker/DSA-6064-1

https://security-tracker.debian.org/tracker/DSA-6063-1

https://security-tracker.debian.org/tracker/DSA-6062-1

https://security-tracker.debian.org/tracker/DSA-6061-1

https://security-tracker.debian.org/tracker/DSA-6060-1

https://security-tracker.debian.org/tracker/DSA-6059-1

https://security-tracker.debian.org/tracker/DSA-6058-1

https://security-tracker.debian.org/tracker/DSA-6057-1

https://security-tracker.debian.org/tracker/DSA-6056-1

The following revisions have been made: 1) In the Security Updates table, corrected the impact entries to Remote Code Execution. 2) The CVSS scores have been updated. These are informational changes only. Customers who have successfully installed the update do not need to take any further action.

Updated information to include CVSS scores. This is an informational change only.

Updated information to include CVSS scores. This is an informational change only.

Updated information to include CVSS scores. This is an informational change only.

Updated acknowledgment.

Updated Security Impact values. This is an informational change only.

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Information published.

Corrected security updates table. This is an informational change only.

Mattermost heeft kwetsbaarheden verholpen in versies 11.0.x (tot en met 11.0.3), 10.12.x (tot en met 10.12.1), 10.11.x (tot en met 10.11.4) en 10.5.x (tot en met 10.5.12). De kwetsbaarheden stellen een geauthenticeerde aanvaller in staat om een account over te nemen via een zorgvuldig vervaardigd e-mailadres tijdens het authenticatieproces. Dit vereist specifieke instellingen die geconfigureerd moeten zijn, wat gebruikersaccounts bloot kan stellen aan ongeautoriseerde toegang. Daarnaast kan een geauthenticeerde aanvaller met teamcreatieprivileges de OAuth state token validatie misbruiken om een gebruikersaccount over te nemen door authenticatiegegevens te manipuleren, vooral als e-mailverificatie is uitgeschakeld. Voor deze laatste kwetsbaarheid moet de kwaadwillende beschikken over twee accounts, waarvan er een nog niet eerder ingelogd is geweest. Misbruik is hiermee ingewikkeld te realiseren.

GitLab heeft kwetsbaarheden verholpen in zijn Community Edition (CE) en Enterprise Edition (EE) versies. De kwetsbaarheden omvatten onder andere de mogelijkheid voor niet-geauthenticeerde gebruikers om Denial of Service (DoS) condities te veroorzaken door het indienen van kwaadaardige JSON-verzoeken. Daarnaast konden niet-geauthenticeerde gebruikers zich aansluiten bij willekeurige organisaties door verzoekheaders te wijzigen, wat leidde tot ongeautoriseerde toegang tot organisatorische middelen. Geauthenticeerde gebruikers konden ook ongeautoriseerde toegang krijgen tot gevoelige tokens uit bepaalde logs, wat verdere exploitatie mogelijk maakte. Bovendien konden geauthenticeerde gebruikers met specifieke rechten een Denial of Service-conditie veroorzaken via HTTP-responsverwerking. Tot slot was er een risico op ongeautoriseerde toegang tot beveiligingsrapportinformatie in bepaalde configuraties. Deze kwetsbaarheden vereisten onmiddellijke aandacht van de leverancier om de integriteit en beschikbaarheid van de getroffen systemen te waarborgen.

SonicWall heeft kwetsbaarheden verholpen in SonicWall Email Security appliances. De kwetsbaarheden bevinden zich in de manier waarop SonicWall Email Security appliances omgaan met onbetrouwbare root filesystem images en directory-traversal. Een aanvaller kan deze kwetsbaarheden misbruiken om ongecontroleerde code uit te voeren of ongeautoriseerde toegang te krijgen tot bestanden buiten de aangewezen paden. Dit kan leiden tot ernstige beveiligingsrisico's.

Progress heeft een kwetsbaarheid verholpen in MOVEit Transfer (Specifiek voor versies vóór 2024.1.8 en van 2025.0.0 tot vóór 2025.0.4). De kwetsbaarheid betreft een server-side request forgery (SSRF). Deze kwetsbaarheid stelt aanvallers in staat om ongeautoriseerde verzoeken vanaf de server te verzenden, wat kan leiden tot ongeautoriseerde toegang tot interne bronnen. Dit kan ernstige gevolgen hebben voor de beveiliging van de interne infrastructuur, of mogelijk toegang tot gevoelige gegevens binnen de context van het slachtoffer.

Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact. Het NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code. De kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken. In logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC's delen om de eigen logging te analyseren. Het NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.

Arista heeft kwetsbaarheden verholpen in de Arista EOS-platform. De kwetsbaarheden zijn gerelateerd aan de verwerking van verkeerd gevormde berichten, wat kan leiden tot systeemcrashes en Denial-of-Service-omstandigheden. Aanvallers met hoge privileges kunnen deze kwetsbaarheden misbruiken, wat leidt tot ernstige operationele verstoringen. Daarnaast kan het verzenden van willekeurige bytes naar het CVX-systeem de ControllerOob-agent laten herstarten, wat ook kan resulteren in een Denial-of-Service. Bovendien heeft de Arista EOS-platform een kwetsbaarheid die systemen met IPsec beïnvloedt, waardoor de dataplane stopt met het verwerken van al het IPsec-verkeer. Dit kan een systeemreset vereisen, zonder garantie op herstel van de verkeersverwerking. Voor misbruik heeft de kwaadwillende geen authenticatie nodig. Tot slot kan een geauthenticeerde Redis-sessie volledige roottoegang krijgen tot alle servers binnen de CVX-cluster, wat een ernstige bedreiging vormt voor de beveiliging.

Fortinet heeft kwetsbaarheden verholpen in FortiOS (meerdere versies). De kwetsbaarheden omvatten een stack-gebaseerde buffer overflow die aanvallers in staat stelt om ongeautoriseerde code of commando's uit te voeren door speciaal vervaardigde pakketten te verzenden. Een specifieke kwetsbaarheid in de FortiOS CAPWAP-daemon stelt een externe, niet-geauthenticeerde aanvaller op een aangrenzend netwerk in staat om deze pakketten te verzenden, mits de aanvaller controle heeft over een geautoriseerde FortiAP en zich op hetzelfde lokale IP-subnet bevindt. Daarnaast kunnen geauthenticeerde beheerders de trusted host policy omzeilen door op maat gemaakte CLI-commando's uit te voeren, wat kan leiden tot ongeautoriseerde toegang of acties binnen de getroffen omgevingen.

Fortinet heeft een kwetsbaarheid verholpen in FortiWeb. De kwetsbaarheid bevindt zich in de wijze waarop Fortinet FortiWeb omgaat met HTTP-verzoeken en CLI-commando's. Geauthenticeerde aanvallers kunnen deze kwetsbaarheid misbruiken om ongeautoriseerde code uit te voeren via zorgvuldig samengestelde HTTP-verzoeken of CLI-commando's. Fortinet heeft bevestigd dat deze kwetsbaarheid actief wordt misbruikt. Er is (nog) geen publieke Proof-of-Concept-code (PoC) of exploit beschikbaar. Het NCSC verwacht dat PoC of Exploits op korte termijn beschikbaar komen, waarmee het risico op misbruik toeneemt.

Google heeft kwetsbaarheden verholpen in Chrome (Specifiek voor versies vóór 142.0.7444.175). De kwetsbaarheden bevinden zich in de V8-engine van Google Chrome en stelt externe aanvallers in staat om heap-corruptie te exploiteren via speciaal vervaardigde HTML-pagina's, wat kan leiden tot ongeautoriseerde acties, zoals toegang tot gevoelige gegevens of uitvoer van willekeurige code. Google meldt informatie te hebben dat de kwetsbaarheid met kenmerk CVE-2025-13223 actief is misbruikt. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide pagina te bezoeken.

Cisco heeft kwetsbaarheden verholpen in Cisco Unified Contact Center Express (CCX). De kwetsbaarheden bevinden zich in de Java RMI-proces en de Contact Center Express Editor van Cisco Unified CCX. Ongeauthenticeerde aanvallers kunnen deze kwetsbaarheden misbruiken om bestanden te uploaden, commando's uit te voeren met rootrechten en administratieve machtigingen te verkrijgen voor het maken en uitvoeren van scripts. Dit stelt aanvallers in staat om de authenticatiemechanismen te omzeilen en hun privileges te verhogen, wat een ernstige bedreiging vormt voor de integriteit en beveiliging van de getroffen systemen.

De Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV) heeft het Cybersecuritybeeld Nederland 2025 (CSBN) gepubliceerd. Het CSBN schetst een beeld van een digitaal dreigingslandschap dat steeds complexer en onvoorspelbaarder wordt. Cyberaanvallen worden geavanceerder terwijl digitale systemen onderling sterk van elkaar afhankelijk zijn. Deze ontwikkeling vraagt om een brede, proactieve aanpak om digitale weerbaarheid te vergroten. In dit bericht belichten we de belangrijkste aandachtspunten uit het CSBN voor Nederlandse organisaties en bedrijven.

Op dinsdag 18 november organiseerden het NCSC, de NCTV en RDI een webinar over de aankomende Cyberbeveiligingswet voor Cbw-organisaties.

Vandaag heeft het NCSC samen met 27 partijen het convenant samenwerking Cyclotron ondertekend op de ONE Conference. De ondertekenaars zijn een groot aantal private partijen en daarnaast ook de AIVD, MIVD, Politie en het NCTV. De ondertekening is een volgende belangrijke stap in de samenwerking met als doel om het beeld op cyberdreigingen en incidenten te versterken door het structureel delen van informatie, het gezamenlijk analyseren van informatie en het verstrekken van informatie uit die analyses aan belanghebbende organisaties. Hiermee wordt de digitale weerbaarheid van Nederland verhoogd.

Voor kleine bedrijven die een financiële drempel ervaren bij het (laten) uitvoeren van cybermaatregelen, is tijdelijk een subsidie beschikbaar: Mijn Cyberweerbare Zaak. Deze subsidie dekt 50% van de kosten van diverse cybermaatregelen, tot een maximum van € 1.250. Kleinere bedrijven met 1 tot en met 50 medewerkers voor wie cybersecurity vaak niet een kerntaak is, kunnen nu met deze subsidie van het ministerie van Economische Zaken de nodige stappen zetten om hun bedrijf beter te beschermen tegen de toenemende cyberdreigingen en eisen die andere bedrijven in de bedrijfsketen stellen.

De cyberweerbaarheid van Nederland is niet langer op te vangen met losse initiatieven. Deze tijd vraagt om één samenhangend netwerk: het Cyberweerbaarheidsnetwerk, kortweg CWN. In het CWN komen publieke en private organisaties samen. Daar brengen ze hun kennis, expertise en ervaring in om gezamenlijk aan opgaven te werken die bijdragen aan de cyberweerbaarheid van alle organisaties in het Koninkrijk der Nederlanden, en daarmee ook de overzeese gebieden. Want alleen samen worden we weerbaarder.

Recentelijk kwam een wereldwijde malwareinfectie van Windows computers aan het licht dankzij software die gebruikers zelf installeerden. Het NCSC adviseert daarom toegang tot de betreffende C2-domeinen te blokkeren, te controleren op de aanwezigheid van de applicaties “Manualfinder”, “PDF-editor” en varianten daarvan, te controleren op de aanwezigheid van JavaScript bestanden met een op een GUID lijkende naam in de directory /AppData/Local/TEMP en om eindgebruikers er met klem op te wijzen om geen externe, onvertrouwde tools te installeren.

Er zijn nieuwe kwetsbaarheden in Citrix Netscaler ontdekt. Met een eerder gepubliceerd detectiescript van het NCSC kan compromittatie worden gedetecteerd.

Eefje Zents wordt met ingang van 15 september 2025 Chief Relations Officer/directeur Samenwerking Digitale weerbaarheid bij het Nationaal Cyber Security Centrum (NCSC) van het ministerie van Justitie en Veiligheid.

Via deze pagina biedt het NCSC een update op de eerdere berichtgeving. We bieden hierin de publicatie van twee nieuwe checkscripts die voorzien zijn van nieuwe indicators of compromise, aanvullende context waarbij we belichten dat het hier om een geraffineerde aanval gaat waarbij meerdere Nederlandse organisaties succesvol aangevallen zijn. Daarnaast deelt het NCSC aanvullende adviezen in het licht van deze digitale aanval. Hiermee willen we organisaties aansporen en ondersteunen om hun digitale weerbaarheid verder te verhogen en zich op de juiste elementen van digitale veiligheid te richten.

Op deze pagina gaat het NCSC verder in op de recent ontdekte kwetsbaarheden in Microsoft SharePoint Server en bieden we handelingsperspectief in het omgaan met deze kwetsbaarheden.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mattermost Server ausnutzen, um Informationen offenzulegen und einen nicht näher spezifizierten Angriff durchzuführen.

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen im Mattermost Server ausnutzen, um Sicherheitsmaßnahmen zu umgehen und so eine Kontoübernahme durchzuführen.

Ein Angreifer kann mehrere Schwachstellen in Redis ausnutzen, um beliebigen Programmcode auszuführen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um Informationen offenzulegen.

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xwayland und X.Org X11 ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.

Ein Angreifer kann mehrere Schwachstellen in Mattermost Server und Mobile ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Redis ausnutzen, um beliebigen Programmcode auszuführen.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Dovecot ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.

Ein Angreifer kann mehrere Schwachstellen in libssh ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und potentiell weitere nicht spezifizierte Auswirkungen zu verursachen.

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu erzielen.

De multiples vulnérabilités ont été découvertes dans Liferay. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Une vulnérabilité a été découverte dans Fortinet FortiWeb. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Fortinet indique que la vulnérabilité CVE-2025-64446 est activement exploitée.

De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabilité CVE-2025-13223 est activement exploitée.

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromising

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra

If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." The

The incident occurred in September, and the Japanese firm has now released its full internal investigation results.

The post Asahi Confirms Cyberattack Exposed Data of 1.5M Customers appeared first on TechRepublic.

A new report from Ontinue is raising major concerns about how Microsoft Teams handles cross-tenant collaboration.

The post Microsoft Teams Guest Access Leaves Users Exposed to Attacks appeared first on TechRepublic.

The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp.

The post Crypto Exchange Upbit Suffers Security Breach After $10B Deal appeared first on TechRepublic.

While many leaders welcome fresh commitments to AI infrastructure and innovation, others warn about limited investment and a lack of cyber resilience.

The post UK Budget 2025: Reactions From Tech Leaders appeared first on TechRepublic.

Kensington and Chelsea, Westminster, and Hammersmith & Fulham councils have triggered their emergency response plans.

The post Cyberattack Disrupts Services Across London Councils appeared first on TechRepublic.

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure — a rare APT collaboration.

The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic.

Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $34.97 for a limited time.

The post Price Drop: This Complete Ethical Hacking Bundle is Now $33 appeared first on TechRepublic.

A hidden WebAssembly bug in Firefox exposed 180 million users to potential code execution.

The post Critical Firefox Bug Leaves 180M Users Exposed appeared first on TechRepublic.

A cyberattack on fintech firm SitusAMC has major US banks scrambling to assess potential data exposure tied to mortgages and real estate loans.

The post SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley appeared first on TechRepublic.

Learn five easy ways to avoid scams and stay cyber safe while holiday shopping, with expert tips to protect your accounts, devices, and personal info.

The post Shopping Online This Holiday Season? 5 Ways to Stay Cyber Safe appeared first on TechRepublic.

A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. [...]

Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. [...]

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]

The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. [...]

Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. [...]

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks. [...]

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]

A new Mirai-based botnet malware named 'ShadowV2' has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. [...]

The NordVPN Black Friday Deal is now live, and you can get the best discount available: 77% off that applies automatically when you follow our link. If you've been waiting for the right moment to upgrade your online security, privacy, and streaming freedom, this is the one VPN deals this Black Friday. [...]

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. [...]

The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country's cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks.

The post Cybersecurity Coalition to Government: Shutdown is Over, Get to Work appeared first on Security Boulevard.

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on Security Boulevard.

Tel Aviv, Israel, 27th November 2025, CyberNewsWire

The post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 appeared first on Security Boulevard.

The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.

The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.

Session 4B: Audio Security

Authors, Creators & Presenters:

PAPER
VoiceRadar: Voice Deepfake Detection using Micro-Frequency And Compositional Analysis
Recent advancements in synthetic speech generation, including text-to-speech (TTS) and voice conversion (VC) models, allow the generation of convincing synthetic voices, often referred to as audio deepfakes. These deepfakes pose a growing threat as adversaries can use them to impersonate individuals, particularly prominent figures, on social media or bypass voice authentication systems, thus having a broad societal impact. The inability of state-of-the-art verification systems to detect voice deepfakes effectively is alarming. We propose a novel audio deepfake detection method, VoiceRadar, that augments machine learning with physical models to approximate frequency dynamics and oscillations in audio samples. This significantly enhances detection capabilities. VoiceRadar leverages two main physical models: (i) the Doppler effect to understand frequency changes in audio samples and (ii) drumhead vibrations to decompose complex audio signals into component frequencies. VoiceRadar identifies subtle variations, or micro-frequencies, in the audio signals by applying these models. These micro-frequencies are aggregated to compute the observed frequency, capturing the unique signature of the audio. This observed frequency is integrated into the machine learning algorithm's loss function, enabling the algorithm to recognize distinct patterns that differentiate human-produced audio from AI-generated audio. We constructed a new diverse dataset to comprehensively evaluate VoiceRadar, featuring samples from leading TTS and VC models. Our results demonstrate that VoiceRadar outperforms existing methods in accurately identifying AI-generated audio samples, showcasing its potential as a robust tool for audio deepfake detection.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – VoiceRadar: Voice Deepfake Detection Using Micro-Frequency And Compositional Analysis appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Heart Mountain’ appeared first on Security Boulevard.

According to the Thales Consumer Digital Trust Index 2025, global confidence in digital services is slipping fast. After surveying more than 14,000 consumers across 15 countries, the findings are clear: no sector earned high trust ratings from even half its users. Most industries are seeing trust erode — or, at best, stagnate. In an era..

The post The Trust Crisis: Why Digital Services Are Losing Consumer Confidence appeared first on Security Boulevard.

Peak e-commerce season hits retailers every year just as the Halloween decorations start to come down. Unsurprisingly, cyber criminals see this time as an opportunity to strike, and criminal activity online spikes alongside sales. Shockingly, 4.6% of attempted e-commerce transactions during the 2024 Black Friday period were suspected to be digital fraud. In the UK..

The post How to Protect from Online Fraud This Holiday Season appeared first on Security Boulevard.

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” – the message a service returns when it encounters an unhandled error during a request – contained [...]

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Aembit.

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Security Boulevard.

The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor.

The post Russian-Backed Threat Group Uses SocGholish to Target U.S. Company appeared first on Security Boulevard.

Topic: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Risk: High Text:# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/17/2025 # Vendor: https://www...

Topic: Royal Elementor Addons - Unauthenticated Remote Code Execution Risk: High Text:#!/usr/bin/env python3 # Title Royal Elementor Addons - Unauthenticated Remote Code Execution CVE-2023-5360 # Author @ibrahim...

Topic: Oracle WebLogic Server and allows remote code execution Risk: Medium Text:# CVE-2025-61757 -- Proof‐of‐Concept (Private) `NOT` (Public) **Author:** nu11secur1ty **Status:** *Confirmed exploitab...

Topic: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Risk: Medium Text:# Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/17/2025 # Vendor: https://www...

Topic: Fortinet FortiWeb Auth. Bypass Risk: High Text:# Titles: Fortinet FortiWeb Auth. Bypass CVE-2025-64446 # Author: nu11secur1ty # Date: 11/15/2025 # Vendor: https://www.fort...

Topic: Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion Risk: Medium Text:#!/usr/bin/env python3 # # # Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion # # # Vendor: Logitech | General...

Topic: is-localhost-ip 2.0.0 - SSRF via Restrictions bypass Risk: Medium Text:# Titles: is-localhost-ip 2.0.0 - SSRF via Restrictions bypass # Author: nu11secur1ty # Date: 11/09/2025 # Vendor: https://g...

Topic: moew.government.bg Cross-site scripting (reflected) Risk: Low Text:## Titles: moew.government.bg Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 11/10/2025 ## Vendor: https...

Topic: hop.bg | web app | Cross-site scripting (reflected) Risk: Low Text:## Titles: hop.bg | web app | Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 11/03/2025 ## Vendor: https...

Topic: 3kits template via imgGallery.php SQL Injection id parameter Risk: Medium Text:#Exploit Title: 3kits - Sql Injection #Google Dork: "Designed & Developed by 3kits" #Date: 2025-11-02 #Exploit Author: Hosse...

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and a curse; dogged persistence has given me the life I have today, but it has also burned serious amounts of time because I never want to

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and spending time with some of the folks involved in the Operation Endgame actions. The latter in particular gave me a new sense of just how much

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

What. A. Week. It wasn't just the preceding weeks of technical pain as we tried to work out how to get this data loaded, it was all the subsequent queries we had to deal with too. Some of them are totally understandable, whilst others just resulted in endless

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from the more precise number of 1,957,476,

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

The 2 billion email address stealer log breach I talk about this week is almost ready to go at the time of writing. It's been massively time-consuming, massively expensive (we turned the cloud up to 11) and enormously frustrating. I've written about why in the draft

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as output in the console), but that wasn't the case

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

It was the Synthient threat data that ate most of my time this week, and it continues to do so now, the weekend after recording this video. Data like this is equal parts enormously damaging to victims and frustratingly noisy to process. I have to be confident enough that it&

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Where is your data on the internet? I mean, outside the places you've consciously provided it, where has it now flowed to and is being used and abused in ways you've never expected? The truth is that once the bad guys have your data, it often

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

You're not going to believe this - the criminals that took the Qantas data ignored the injunction 😮 I know, I know, we're all a bit stunned that making crime illegal hasn't appeared to stop it, but here we are. Just before the time

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

This week's video was recorded on Friday morning Aussie time, and as promised, hackers dumped data the following day. Listening back to parts of the video as I write this on a Sunday morning, pretty much what was predicted happened: data was dumped, it included Qantas, and the

A meter-long flying neon squid (Ommastrephes bartramii) was found dead on an Israeli beach. The species is rare in the Mediterranean.

In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models:

Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 ML-Commons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. Outputs are evaluated using an ensemble of 3 open-weight LLM judges, whose binary safety assessments were validated on a stratified human-labeled subset. Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches. These findings demonstrate that stylistic variation alone can circumvent contemporary safety mechanisms, suggesting fundamental limitations in current alignment methods and evaluation protocols...

This quote is from House of Huawei: The Secret History of China’s Most Powerful Company.

“Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China’s star entrepreneur in the 1980s, with his company, the Stone Group, touted as “China’s IBM.” Wan had believed that economic change could lead to political change. He had thrown his support behind the pro-democracy protesters in 1989. As a result, he had to flee to France, with an arrest warrant hanging over his head. He was never able to return home. Now, decades later and in failing health in Paris, Wan recalled something that had happened one day in the late 1980s, when he was still living in Beijing...

Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities.

We have just published the book Rewiring Democracy: How AI will Transform Politics, Government, and Citizenship. In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better...

The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key.

For this election and in accordance with the bylaws of the IACR, the three members of the IACR 2025 Election Committee acted as independent trustees, each holding a portion of the cryptographic key material required to jointly decrypt the results. This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares...

I did not know Adidas sold a sneaker called “Squid.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good.

Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41.

We need more reviews—six on Amazon is not enough, and no one has yet posted a viral TikTok review. One review was published in Nature and another on the RSA Conference website, but more would be better. If you’ve read the book, please leave a review somewhere.

My coauthor and I have been doing all sort of book events, both online and in person. This ...

From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention...

Google has filed a complaint in court that details the scam:

In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”

These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. “Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses,” Google alleged. Kits include “hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website.”...

Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.

Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since...

The French Soccer Federation (FFF) disclosed a data breach after hackers used a compromised account to steal member data. A compromised account allowed attackers to breach the French Soccer Federation (FFF), stealing data belonging to its members. The organization confirmed the cyberattack on Thursday, but did not disclose the number of members impacted. “The FFF […]

Users of JSONFormatter and CodeBeautify leaked thousands of sensitive secrets, including credentials and private keys, WatchTowr warns. WatchTowr’s latest research reveals massive leaks of passwords, secrets, and keys across developer formatting platforms like JSONFormatter and CodeBeautify. Despite past incidents, exposed credentials remain rampant, sometimes even for critical systems. WatchTowr researchers highlight how easily sensitive data […]

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks. […]

Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations. Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is […]

OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their apps or websites. Many tech companies use Mixpanel to make data-driven decisions about features, performance, and customer journeys. OpenAI is alerting some users about […]

ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2), affecting routers with AiCloud enabled. “Researchers have reported potential vulnerabilities in ASUS Router. ASUS has […]

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time […]

Multiple London councils, including Chelsea and Westminster, faced a cyberattack that may have exposed resident data. Authorities are actively investigating the incident. A cyberattack struck multiple London councils, including Kensington & Chelsea and Westminster, which share IT systems. Officials say residents’ data may have been compromised and have notified the UK Information Commissioner’s Office. The […]

Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies. OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to […]

The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and personal security remains under constant threat from increasingly sophisticated attack vectors, with malspam continuing to represent one of the most widespread and effective initial infection vectors for distributing malware on a large […]

Join the early access program for this new product.

At the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence. As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. Manual patching, limited firmware support, and rising costs made it harder to defend against evolving […]

Expanding customer choice and bringing Sophos Central closer to customers and partners across the Middle East.

Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence

Tips to better protect your network over extended breaks.