PM Images/Getty Images There I was, yet again, scrolling on TikTok before it was banned and then unbanned, and I came across this insane caption. “Meet The 17-Year-Old CEO Behind A $12 Million AI-Powered Nutrition App.” That’s some grade-A clickbait right there, so… I clicked! 😩 The article claims that Cal AI, a GPT-powered nutrition […] More
<!–> ZDNET’s key takeaways The Zendure Supermini Q is on sale at Amazon for $21. It has enough power to keep your iPhone topped up, and can be charged at the same time as it powers your phone. It’s rather bulky, about as big as a MagSafe unit gets. –> MagSafe chargers are an excellent […] More
ZDNETGrubhub was hit by a data breach that compromised account information for a certain set of customers. Revealing the breach earlier this week, the food delivery service said that the attacker exploited an account belonging to a third party that provided support for the company. In response, Grubhub deleted the account’s access and removed the provider from its systems.Customer data in breachCaught up in the breach were the names, email addresses, phone numbers, and the card type and last four digits of the payment cards used by Grubhub campus diners, as well as diners, merchants, and drivers who used its customer care service. The campus dining program is one in which students use the service to order food both on and off campus. Grubhub offers dedicated help and support services for different types of users.Also: Proton Pass vs. 1Password: Which password manager is right for you?The attacker also retrieved hashed passwords for certain legacy systems, prompting Grubhub to change any passwords that may have been accessed.However, the company said that no sensitive personal information was compromised in the breach. That includes Grubhub Marketplace customer passwords, merchant login information, full payment card numbers, bank account details, and Social Security or driver’s license numbers. More
If you’ve ever lost your phone, keys, wallet, or even your dog, you need a Bluetooth tracker. This must-have accessory keeps tabs on the items you can’t live without. These tiny devices attach to almost anything — a keychain, remote, your pet’s collar — so you can see their precise location on your phone at all times. Also: The best GPS trackers for kids in 2025: Expert recommendedBut which Bluetooth tracker should you buy? With dozens of brands, sizes, and price points available, finding the ideal tracker requires tracking down some pertinent information (no pun intended).What is the best Bluetooth tracker right now?At ZDNET, we’ve reviewed and compared many of the best Bluetooth tracker offerings on the market and rounded up our favorites below. Our pick for the best Bluetooth tracker overall is the Apple AirTag More
<!–> ZDNET’s key takeaways HP’s OmniStudio X 31.5 is on sale now at Best Buy for $1,799. It’s a big-screen all-in-one with a solid suite of hardware that makes both powerful and flexible. However, some users will want to upgrade the peripherals and speakers. –> When I reviewed the Apple iMac M4 last year, I […] More
<!–> ZDNET’s key takeaways The magnetic USB-C connector now supports a 180-degree swivel. It can pump out as much as 240W of power. I just wish it was suitable for data transferring or powering monitors. –> A hill I’m always willing to fight on — and maybe even die on — is that the magnetic […] More
ZDNETIn the last decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians, including US officials, raising concerns over the unprecedented proliferation of spyware technologies and, subsequently, the lack of protections within the tech space amid growing threats.Also: Google releases responsible AI report while removing its anti-weapons pledgeLast Friday, Meta’s WhatsApp revealed that it had discovered a hacking campaign targeting about 90 users, mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.What is a zero-click capability? Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal.This is also known as a zero-click attack, which means that targets do not have to take any actions for their devices to become compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Moreover, once a phone is infected with a zero-click capability, the operator of the attack can secretly gain total access to the phone by exploiting a security vulnerability.Also: How to turn on Private DNS Mode on Android – and why it’s a must for securityIn an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, explains that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.”While public reporting does not specify “whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible,” Cole states.iVerify has uncovered instances where “a number of WhatsApp crashes on [mobile] devices [they’re] monitoring with iVerify” have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are “potentially more widespread” than just the 90 people reported to have been infected by graphite.While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against all members of society because mobile exploitation is more widespread than one might think, Cole notes. Moreover, “the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are ‘under pressure to become profitable enterprises,'” he states.This ultimately “creates marketing competition” for spyware merchants and “lowers barriers” that would deter these mobile exploitation attacks.Also: The top 10 brands exploited in phishing attacks – and how to protect yourselfJust a month ago, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group — notably known for infecting the phones of journalists, activists, and Palestinian rights organizations — has used similar zero-click capabilities through their Israeli-made Pegasus spyware, a commercial spyware and phone hacking tool.Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under the Biden administration for allegedly supplying spyware to authoritarian governments. However, “shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States” — exacerbating mobile exploitation.”And the world is totally unprepared to deal with that,” Cole said. More
BlackJack3D/Getty Images Remember Nokia? Back before smartphones, many of us carried Nokia’s nearly indestructible cell phones. They no longer make phones, but don’t count Nokia out. Ever since the company was founded in 1865, Nokia has successfully pivoted to industries showing promise. Here’s a fun trivia fact you can use at your next party: Nokia […] More
