Information Technology

Lance Whitney/ZDNETScammers who prey on Apple iMessage users via phishing (or smishing) messages are doubling down on a novel tactic that tricks their victims into disabling built-in security. Spotted by BleepingComputer, a series of such phishing attacks have surged since last summer, especially over the past few months, putting unsuspecting users at greater risk of being scammed.Here’s how the tactic works. By default, Apple’s built-in security disables any links in a text message from an unknown sender. That protection includes links to websites, email addresses, and phone numbers. But if the recipient replies to the message or adds the sender to their contact list, those links become valid and active. And that’s the aspect being exploited by scammers.Also: The best VPN services (and how to choose the right one for you)In two screenshots posted by BleepingComputer, one phishing message uses a fake USPS failed delivery notification that’s been popular among cyber crooks. The other claims the recipient is on the hook for unpaid highway tolls. In both cases, the interesting part is found in the instructions at the bottom: “Please reply Y, then exit the text message and open it again to activate the link, or copy the link to your Safari browser and open it.” More

<!–> ZDNET’s key takeaways Proton Pass is a privacy-focused password manager with affordable annual plans and an excellent free tier that allows unlimited logins across unlimited devices. Proton Pass’s unique privacy features include integrated email aliases and robust data breach monitoring, which users can use to protect their personal information when browsing and shopping. Conversely, […] More

Alexander Sikov/Getty Images Virtual private networks are no longer just for tech enthusiasts and privacy buffs — they’ve become an essential tool for navigating a more restricted internet. VPNs offer a lifeline to digital freedom and security, from bypassing censorship to securing data from prying eyes.   In the US, legislation in several states has […] More

sankai/Getty Images The cybersecurity landscape of 2024 was marked by devastating ransomware attacks, artificial intelligence (AI)-powered social engineering, and state-sponsored cyber operations that caused billions in damages. As 2025 kicks off, the convergence of AI, geopolitical instability, and evolving attack surfaces presents an even more complex threat environment. Security professionals are bracing for what could […] More

Kerry Wan/ZDNETAt this year’s CES, ZDNET has teamed up with the rest of CNET Group (CNET, PCMag, Mashable, and Lifehacker) and the Consumer Technology Association (CTA) to name the official best Best of CES 2025 award winners in 12 categories.Also: CES 2025: The most impressive products you don’t want to miss More

dem10/Getty Images Data privacy has become absolutely crucial for businesses. And some businesses go to great lengths to protect their data, files, and communications. However, many consumers and smaller businesses continue to believe that adding extra security isn’t worth the extra work required. Wrong! Anyone who refuses or neglects to take the extra steps could […] More

ZDNETWhether you use Chrome, Firefox, or both, it’s time once again to update the browser to stay safe and secure while surfing the web. Released on Tuesday, the latest round of bug fixes for both programs resolves a number of nasty security flaws. Also: The best secure browsers for privacy Chrome users Chrome users will want to update the browser to version 31.0.6778.264/265 for Windows and Mac and version 131.0.6778.264 for Linux. This update includes fixes for four security vulnerabilities. The only flaw on the list that Google described is one for which the company paid $55,000 to the security researcher who discovered and reported it, a sign that it is critical. Known as CVE-2025-0291, this vulnerability cites a Type Confusion in Chrome’s V8 JavaScript engine. This kind of flaw could allow someone to remotely run malicious code through a specially crafted HTML page or even launch a Denial of Service attack on your computer. Also: How a Chrome extension malware scare ruined my dayIn squashing the other bugs, Google pointed to fixes based on internal audits, a software testing technique known as fuzzing, and other initiatives. The company said that many security flaws are found using such tools and techniques as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Firefox users On the Firefox front, version 134 of Mozilla’s browser includes fixes for 11 security vulnerabilities, three of which are rated high and the rest as moderate. One high-severity flaw known as CVE-2025-0244 affects Firefox on Android devices. The description for this one says that an attacker could spoof the browser’s address bar by redirecting the request to an invalid protocol, thereby directing you to a phony URL. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThe other two severe vulnerabilities affect both Firefox and Mozilla’s Thunderbird email client. Dubbed CVE-2025-0242 and CVE-2025-0247, respectively, these were both described by Google as memory safety bugs that showed evidence of memory corruption. Such bugs could allow a remote attacker to read or write code beyond the usual regions of memory. “We presume that with enough effort some of these could have been exploited to run arbitrary code,” Google added. With these critical security flaws in mind, you’ll want to update the browsers ASAP. More

sarayut Thaneerat/Getty Images Have you ever been sent a link that doesn’t look quite right, but you click on it anyway, only to discover it was malicious? If you did click on that link, you might find yourself on a site that looks legit enough to persuade you to enter sensitive information (such as logins, […] More