Looking to upgrade your home theater with a truly cinema-sized TV for catching summer sports and movie streaming premieres? Right now at Best Buy, you can get the 98-inch TCL Q65 More
Jada Jones/ZDNETZDNET’s key takeawaysThe OnePlus Buds 3 More
Asus / Elyse Betters Picaro / ZDNETDo you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published May 28, security firm GreyNoise revealed that the attack was staged by what it suggests is “a well-resourced and highly capable adversary.” Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook and moreTo gain initial access, the attackers used brute-force login techniques and two different methods to bypass the built-in authentication. They were also able to exploit certain vulnerabilities not yet assigned official CVE numbers. Once they’d accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw labeled CVE-2023-39780. In a statement shared with ZDNET, Asus acknowledged the vulnerability and said that it had sent a push notification to customers advising them to update the firmware on their devices. Actually disclosed in 2023 as recorded in the company’s Product Security Advisory, the flaw’s entry is dated Nov. 3, 2023, and is listed as “RT-AX55 security update notice for CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348.” All of those are the same as CVE-2023-39780, according to Asus. More than 9,000 Asus routers affected Though no malware was actually installed, the attackers certainly left their mark. By using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device. They also installed a backdoor to return easily to the router’s firmware without worrying about authentication. The backdoor was stored in non-volatile memory (NVRAM), which meant it couldn’t be removed by rebooting the router or updating its firmware. To avoid being caught, the criminals even disabled logging, which would otherwise record their access. Also: Why no small business is too small for hackers – and 8 security best practices for SMBsBased on data from internet scanner Censys, more than 9,000 Asus routers are affected and that number is growing. However, GreyNoise said that over the past three months, it witnessed only 30 related requests to access the affected routers. That seems to be a sign that the campaign is moving along slowly and quietly. If no malware is installed, what’s the goal behind the attack? “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” GreyNoise said in its post. And who’s behind it? “The tactics used in this campaign — stealthy initial access, use of built-in system features for persistence and careful avoidance of detection — are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.” Also: Your old router could be a security threat – here’s why and what to doThe language used by GreyNoise, particularly the reference to APTs, suggests a nation-state or attackers working on behalf of a hostile government. Though GreyNoise didn’t cite any particular adversary, such attacks have been attributed to different countries, including China, Russia, North Korea and Iran. Using its AI-powered payload analysis tool Sift and its observation grid, GreyNoise discovered the attack on March 18. But the firm said it waited until now to disclose it publicly so it could have time to consult with its government and industry partners. “In the past few years, networking gear especially for the home, SOHO and SMB market segments has had a rough go with attackers increasingly targeting these devices,” John Bambenek, president at cybersecurity firm Bambenek Consulting, told ZDNET. “The risk of the household being compromised is minimal, they’ll simply have their router be used to launch attacks on other parties (though they might start experiencing more captchas when they engage in their routine internet use). Sophisticated attackers are going for these devices because they intend to do something, and it’ll be more than cryptomining.” More
Elyse Betters Picaro / ZDNETAre you frustrated by Google’s seeming insistence on injecting Gemini into everything? There’s a way out.Also: Your Gmail inbox now includes Gemini summaries by default – how to stop themWhile some users enjoy Google’s AI features that seem to roll out every week, others would rather have things the way they were before Gemini. Google somewhat sneakily buries it under a setting called “Smart features,” but if you know where to look, there’s an option to completely turn off Gemini from Gmail, Google Docs, Google Photos, and every other Google product. How to disable Gemini from Gmail, Google Docs, or Drive Go to your Gmail account and tap or click on the settings gear. For some reason, I’ve only found this setting in Gmail despite the fact that it affects Drive, Docs, Photos, and every other Google product. If you check settings in those apps, this feature isn’t there. This works from the app or the browser version of Gmail. Also: 8 ways Google’s Gemini AI assistant is getting more powerful and helpfulFrom Gmail settings: Choose “See all settings.” Scroll down under the “General” tab until you see “Google Workspace smart features.”Select “Manage Workspace smart feature settings.” More
klenger/Getty Images Like many radically transformative technologies throughout history, the rise of AI is creating shockwaves of excitement and dread. This is especially true for businesses, for which AI simultaneously promises huge productivity gains and seismic disruptions. Also: Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR A […] More
Beyerdynamic/ZDNETBeyerdynamic has announced the newest addition to its professional headphone lineup, promising improved compatibility with portable audio equipment, enhanced comfort, and a wider frequency response range. The new DT 990 Pro X are the successive mastering and mixing headphones to the DT 990 Pro, both ideal for musicians, producers, and podcasters who need studio headphones on the go.Also: The 12 best headphones of 2025Beyerdynamic’s Pro X open-back headphones have a 48-ohm impedance, and the Stellar.45 driver system that allows for a stronger driving force across an array of devices, making the headphones more compatible with portable setups. According to Beyerdynamic, the Stellar.45 system can reach 5 Hz to 40,000 Hz. More
yuanyuan yan/Getty Hugging Face wants to use AI to make building spreadsheets a little less miserable. The company, which helps developers build and launch AI-powered apps, announced Thursday that it has created a new spreadsheet-building platform called Sheets. This is not to be confused with Google Sheets. The new tool from Hugging Face is built […] More
yucelyilmaz/Getty Images The latest test of speed in training an artificial intelligence (AI) neural network is only partly about the fastest chips from Nvidia, AMD, and Intel. Increasingly, speed is also about the connections made between those chips, or the computer networking approaches that involve a battle of vendors and technologies. Also: Tech prophet Mary Meeker […] More
