More stories

  • in

    That Google email look real? Don’t click – it might be scam. Here’s how to tell

    Aitor Diago/Getty Images A sophisticated phishing scam is taking advantage of Google security flaws to convince people that the malicious emails and website are legitimate. In a series of X posts spotted by Android Authority, developer Nick Johnson explained how he was targeted by a phishing attack that exploits flaws in Google’s own infrastructure. In […] More

  • in

    Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business

    BlackJack3D/Getty Images 2024 delivered some good news and bad news in the area of cybercrime. Malware-based ransomware attacks dropped for the third year in a row. But instances of infostealer malware grew dramatically. Those findings come from IBM X-Force’s “2025 Threat Intelligence Index” released Thursday. First, let’s look at the good news. For the year, […] More

  • in

    Update your iPhone now to patch a CarPlay glitch and two serious security flaws

    Maria Diaz/ZDNETApple has rolled out its latest iPhone update, iOS 18.4.1. Though minor, you’ll want to install the update as it patches a CarPlay glitch and several dangerous security flaws.Also: The best VPN services (and how to choose the right one for you)After the release of iOS 18.4 earlier this month, many iPhone and CarPlay users started complaining of random connection problems and other hiccups. Some people reported that CarPlay would disconnect and reconnect, while others revealed that the CarPlay screen would appear blank. In its description of iOS 18.4.1, Apple said the update “addresses a rare issue that prevents wireless CarPlay connection in certain vehicles.”With that bug hopefully solved, let’s move on to the more urgent matter of security vulnerabilities. The latest update deals with two serious flaws already used in targeted attacks.Also: Just installed iOS 18.4? Changing these 3 features made my iPhone much better to useThe first flaw, CVE-2025-31200, is described as “processing an audio stream in a maliciously crafted media file may result in code execution.” That process refers to an attacker who uses Apple’s CoreAudio framework to create a media file containing malware. Any iPhone user who launches the file would trigger the malicious code, allowing the attacker to access the device.This vulnerability may have been exploited in an “extremely sophisticated attack against specific targeted individuals on iOS,” according to Apple. To squash this bug, the company fixed a memory corruption issue, a problem in which a program can modify memory to execute malicious code. More

  • in

    Why the CVE database for tracking security flaws nearly went dark – and what happens next

    fotograzia/Getty Images Over the weekend, security experts were beginning to panic. MITRE announced that the US government had not renewed funding for the Common Vulnerabilities and Exposures (CVE) database.  MITRE VP Yosry Barsoum warned that the government contract support enabling MITRE “to develop, operate, and modernize CVE” would expire on April 16. That would mean, Barsoum continued, […] More

  • in

    How Apple plans to train its AI on your data without sacrificing your privacy

    Sabrina Ortiz/ZDNETMost AI providers try to enhance their products by training them with both public information and user data. However, the latter method puts a privacy-conscious company like Apple in a difficult position. How can it improve its Apple Intelligence technology without compromising the privacy of its users? It’s a tough challenge, but the company believes it has found a solution. Synthetic data vs real dataOpenAI, Google, Microsoft, and Meta train their products partly by analyzing your chats. The goal is to improve the reliability and accuracy of their AIs by scraping data from real conversations. While you can generally opt out of this type of data sharing, the process for doing so varies for each product. This means the responsibility falls on you to figure out how to sever the connection.Also: Will synthetic data derail generative AI’s momentum or be the breakthrough we need?Apple has always prided itself on being more privacy-focused than its tech rivals. To that end, the company has relied on something called synthetic data to train and improve its AI products. Created using Apple’s own large language model (LLM), synthetic data attempts to mimic the essence of real data. Also: Want AI to work for your business? Then privacy needs to come firstFor example, the AI may create a synthetic email that is similar in topic and style to an actual message. The objective is to teach the AI how to summarize that email, a feature already built into Apple Mail. Apple’s solution: ‘Differential privacy’The problem with synthetic data is that it can’t replicate the special human touch found in real-world content. This limitation has led Apple to adopt a different approach, known as differential privacy. As described by Apple in a blog post published Monday, differential privacy combines synthetic data with real data. Here’s how it works. Also: Apple’s AI doctor will be ready to see you next springLet’s say Apple wants to teach its AI how to summarize an email. The company starts by creating a large number of synthetic emails on various topics. Apple then generates an embedding for each synthetic message to capture key elements such as language, topic, and length. These embeddings are sent to Apple users who have opted into analytics sharing on their devices. Each device selects a small sample of actual user emails and generates its own embeddings. The device then determines which synthetic embeddings most closely match the language, topic, and other characteristics of the user emails. Through differential privacy, Apple identifies which synthetic embeddings were the most similar. In the next step, the company can curate these samples to further refine the data or begin using them to train its AI. Also: Forget the new Siri: Here’s the advanced AI I use on my iPhone insteadAs one example provided by Apple, imagine that an email about playing tennis is one of the top embeddings. A similar message is generated by replacing “tennis” with “soccer” or another sport and added to the list for curation or training. Altering the topic and other elements of each email helps the AI learn how to create better summaries for a wider variety of messages. More

  • in

    Spotify goes down: What we know, plus our favorite alternatives to try

    Elyse Betters Picaro / ZDNETIf your Spotify is having issues, you’re not alone. Thousands of people are reporting problems with the music streaming app.Earlier this morning, social media was flooded with frustrated comments as users began reporting issues with streaming music on the popular service. For some, the app would load, but songs wouldn’t play. For others, the app wouldn’t load at all. The issue seems to be affecting every version of Spotify, including the app, the web player, and the desktop app. Spotify is investigatingSpotify confirmed the issue just before 9am ET, writing on X, “We’re aware of some issues right now and are checking them out!” The Spotify support page later explained, “We’re seeing reports from users that the app isn’t loading properly or that they’re experiencing playback issues. Others report that they’re having issues accessing the Support site.” Also: Are you an aspiring independent author? Spotify wants to buy your short-form audiobookReports on DownDetector.com spiked at the same time, reaching around 50,000 reports just before 10am. Outage reports were on the decline by 11am, but that could be because users are either tired of reporting the problem or no longer feel the need to. The company hasn’t explained what caused the issue or when it expects to restore service. By 10:30am, speculation was swirling that the issue was the result of a hack, but SpotifyStatus on X says that’s not true. With more than 675 million users, Spotify is the world’s most popular music streaming app. More

  • in

    Your Android phone is getting a new security secret weapon – how it works

    Tatiana Maksimova/Getty Images A new security feature from Google means that Android devices might soon start rebooting automatically — and that’s not a bad thing. In a recent Google Play Services update, Google details how your Android phone will soon reboot if you haven’t used it for three consecutive days.  How reboots help This is […] More

  • in

    Surfshark is our pick for best value VPN, and you can save up to 87% on plans right now

    Charlie Osborne/ZDNETOur VPN expert regularly tests out VPNs so you don’t have to, and right now, ZDNET’s pick for best value VPN is available for a steal. That’s right. For a limited time, you can snag Surfshark VPN for just a few dollars thanks to the brand’s birthday sale. Plus, save big on Surfshark’s antivirus service, too. Here are the details. Also: The best VPN services of 2025Now until April 30, take advantage of Surfshark’s two-year Starter VPN bundle More