Subterms
smirkdingo/Getty Images As AI agent fever spreads, support for Model Context Protocol (MCP), an AI data connection standard created by Anthropic last year, is growing — and Microsoft is the latest to join in, emphasizing security. Also: What is Model Context Protocol? The emerging standard bridging AI and data, explained The company joined the MCP […] More
<!–> ZDNET’s key takeaways The TCL D1 Pro smart lock is available for $170. This smart lock features some of the most reliable and fastest palm recognition technology I’ve tested, and it has a rechargeable battery instead of the standard replaceable batteries. The TCL D1 Pro’s biggest downfall is the app, which is not user-friendly […] More
Elyse Betters Picaro / ZDNETOver the past decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians. This has raised concerns about the unprecedented proliferation of spyware technologies and the lack of protections within the tech sector.Also: Got a suspicious E-ZPass text? Don’t click the link (and what to do if you already did)Meta’s WhatsApp recently revealed it discovered a hacking campaign targeting about 90 users — mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal. What is a zero-click capability?What happened to WhatsApp was a zero-click attack, meaning targets don’t have to take any action for their devices to be compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Once a phone is infected with a zero-click capability, the attacker can quietly gain complete access by exploiting a security vulnerability. In an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.” Also: 7 simple things I always do on Android to protect my privacy – and why you should tooWhile public reporting does not specify “whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible,” Cole said. iVerify has uncovered instances where “a number of WhatsApp crashes on [mobile] devices [they’re] monitoring with iVerify” have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are “potentially more widespread” than just the 90 people reported to have been infected by graphite. While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against everyone because mobile exploitation is more widespread than one might think, Cole said. Moreover, “the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are ‘under pressure to become profitable enterprises,'” he said. This ultimately “creates marketing competition” for spyware merchants and “lowers barriers” that would deter these mobile exploitation attacks. Also: I clicked on four sneaky online scams on purpose – to show you how they workEarlier this year, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group — known for infecting the phones of journalists, activists, and Palestinian rights organizations — has used similar zero-click capabilities through its Israeli-made Pegasus spyware, a commercial spyware and phone-hacking tool. Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under former President Joe Biden’s administration for allegedly supplying spyware to authoritarian governments. However, “shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States” — exacerbating mobile exploitation. Cole said the world is totally unprepared to deal with that. More
Google / Elyse Betters Picaro / ZDNETThat smartphone in your pocket is home to your favorite apps, personal accounts, and sensitive data. That means your device should have the strongest security protection available to prevent the wrong people from stealing your money or information.Also: Your Android phone is getting a new security secret weapon – and it’s a big dealFor Android users, Google offers a variety of tools and technologies to defend you against scammers, malware, and other threats to your security and privacy. In a blog post published Tuesday, the company spotlights the protections now available or coming soon and how they aim to keep you safe from the latest dangers. 1. Protection against scam calls More
ZDNETHere we go again. A zombie news story that should have been laid to rest last January has risen from the grave and is walking among us again.The original storyIn case you missed the original story, here’s a recap: Last January, dozens of tech-focused news sites reported that the free upgrade from Windows 10 to Windows 11 was “for a limited time only.” In a quote from the same source, they warned that Microsoft had decreed you would need to upgrade to Windows 11 to continue using Microsoft 365 apps on your PC after the Oct. 14, 2025, end-of-support deadline for Windows 10. Also: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11 – 2 free optionsThe problem with all those reports is they were based on an article by a very junior Microsoft employee posted on an obscure blog for Microsoft nonprofit customers. It wasn’t an official announcement, and the post was deleted that same day. A Microsoft spokesperson told ZDNET’s sister publication PCMag that the blog post “contained inaccurate information and a misleading headline.” Microsoft’s official support document, “What Windows end of support means for Office and Microsoft 365,” had been published a month earlier and was much less alarming. It begins: “Microsoft 365 apps will no longer be supported on Windows 10 after it reaches end of support on October 14, 2025.” That statement is repeated in bold later in the document: Support for Windows 10 will end on October 14, 2025. After that date, if you’re running Microsoft 365 Apps on a Windows 10 device, the applications will continue to function as before. However, we strongly recommend upgrading to Windows 11 to avoid performance and reliability issues over time. Back in the newsSo why did this zombie story start appearing in my news feeds today? I blame Forbes.They’re the ones standing there, shovel in hand, shouting about “Microsoft’s surprise deadline u-turn” while continuing to quote from the inaccurate, long-since-deleted zombie blog post. Also: Is your Microsoft account passwordless yet? Why it (probably) should be and how to do it rightToday’s fuss is based on a newly published page at Microsoft’s product documentation site, Microsoft Learn: “Windows 10 end of support and Microsoft 365 Apps,” which contains this note: To help maintain security while you transition to Windows 11, Microsoft will continue providing security updates for Microsoft 365 Apps on Windows 10 for three years after Windows 10 reaches end of support. These updates will be delivered through the standard update channels, ending on October 10, 2028. That shouldn’t be a surprise. The three-year continuation in security updates for Microsoft 365 matches the Windows 10 Extended Security Updates available to Microsoft’s enterprise customers. It would be a nightmare to rebuild the Microsoft 365 update servers so they delivered updates only to PCs running Windows 10 with an ESU subscription while blocking other Windows 10 devices. So everyone gets those updates. More
Kerry Wan/ZDNETConsidering how much personal information we store on our smartphones, I wouldn’t be surprised if the demand for privacy screen protectors More
NurPhoto/Getty Images Are you still using a router that’s past its prime? If so, you could be opening yourself up to a malicious attack. The FBI is warning that cybercriminals are targeting routers that have reached their end of life and are no longer supported by the manufacturer. In an advisory and a PSA published last week, the agency […] More
Kerry Wan/ZDNETFor many people, motion smoothing on TVs is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” Also: Your TV’s USB port has an invaluable feature you should use during internet outagesIt’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More
