Information Technology

On the page that announced details of the ESU program for commercial customers, a Microsoft spokesperson wrote that details and prices for consumers “will be shared at a later date” on the company’s consumer end-of-support page. Six months later, the company finally revealed that  consumers would be able to sign up for a one-year ESU subscription for $30. Also: The best Windows laptop you can buyAnd if that $30 price tag is too much, the company announced two “free enrollment options” in June. You can enroll a Windows 10 PC for ESU coverage by using Windows Backup to sync your settings to the cloud, or you can use 1,000 Microsoft Rewards points (worth less than $1), which you accumulate by using Bing search services.  For details, see “How to get Windows 10 extended security updates for free: 2 options.”)  The deal comes with two significant restrictions.First, it’s available only for “personal use,” a move that’s obviously designed to discourage business customers from trying to get security updates at a discount. Second, the subscription can’t be renewed after that first year. On Oct. 13, 2026, security updates will stop for good on those consumer PCs.Still, the fact that Microsoft is even offering a consumer option is noteworthy. The Windows 7 ESU program was messy. It was not exactly friendly to small businesses, and there was no option at all for consumers. The difference, of course, is that those customers had a straightforward option to upgrade their Windows 7 PCs to the successor OS, Windows 10, at no cost. Also: Have a Windows 10 PC that can’t be upgraded? You have 5 optionsMicrosoft says the enrollment wizard will start rolling out for consumers in July and should be available to all Windows 10 PCs by the end of August. More

Getty Images / SOPA Images / Contributor Cybersecurity is a cat-and-mouse game, with new technologies providing more sophisticated protections — and threats. That has only accelerated with generative AI, which has led to even more advanced attacks, but PayPal is now leveraging it to stay ahead. PayPal, which also owns the digital payment platform Venmo, […] More

Kyle Kucharski/ZDNETMacOS is a solid operating system. But no matter how secure an operating system is, it’s vulnerable if it’s connected to a network. As for privacy, if you get online, your privacy is at stake, so never assume you’re safe just because you’re using Apple’s OS. Also: I’m switching to the MacBook Air M4 from my Windows laptop – and you should too at this priceYou can always take steps to improve the chances that your privacy won’t be infringed upon. What are those steps? Let’s jump in. 1. Use a VPN A VPN is always a good idea. Why? A VPN not only anonymizes your IP address (so it’s much harder to track you), but it also encrypts your traffic. Individually, those things can help. Together, they’re a powerful weapon against those who would disrupt your privacy. Also: The best VPN for Mac: Expert tested and reviewedThere are plenty of VPNs you can use (such as Proton VPN or Nord VPN), but it’s important to use one that integrates with the operating system so all your outgoing traffic is anonymized and encrypted. If you use only a browser extension, only the traffic leaving your web browser is altered. To get the most security and the fastest speeds, use a paid option. Most free VPNs slow down your network traffic, which negatively impacts your browser’s speed. 2. Use strong passwords This should go without saying, but strong passwords are the easiest method of protecting your accounts (starting with your MacOS user account). If you use weak passwords, someone could break into your desktop and wreak havoc on your privacy. Also: The best password manager for MacYou should also use a password manager (such as Bitwarden). Not only do password managers secure your login credentials, but they also include random password generators capable of creating very strong passwords. If your MacOS account is secured with a weak password, change it immediately in System Settings > Login Password. 3. Use encrypted storage Your MacOS drive is most likely encrypted, which protects you if someone steals your computer. With the storage encrypted, they’ll have a harder time accessing your data. But that doesn’t mean you can’t benefit from using encryption tools. Also: The best cloud storage services of 2025: Expert testedOut of the box, your MacOS machine uses FileVault — enabled by default — to secure the data on your disk. However, you might want to take this a step further by encrypting specific folders in your home directory to give them an extra layer of protection. You can use tools like VeraCrypt (available for free), which feature drag-and-drop AES-256 encryption for files and folders and easy sharing with Windows. More

Flipper Zero reading an NFC security key. Adrian Kingsley-Hughes/ZDNETAfter over a year of use, I love my Flipper Zero, and I’m still finding cool things to do with it.Am I using it to steal cars, clone credit cards, or change the prices shown on gas station displays? Of course not! That’s just fake trash people upload to TikTok to try to look cool, and you can’t do anything like that. Also: Best early Prime Day deals 2025: 55+ sales on tech products live nowBut that doesn’t mean the Flipper Zero can’t do some very cool and useful things. Over the past year, I’ve been exploring the suite of tools built into the Flipper Zero, as well as extending its capabilities by installing custom firmware. It’s been a game-changer in so many ways! The Flipper Zero might be small, but there’s a lot of hardware packed into a small space.To begin with, there’s a sub-GHz wireless antenna that can capture and transmit wireless codes to operate wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors, and even remote keyless systems. RFID support allows it to read, store, and emulate a number of different RFID cards.Also: Do RFID blocking cards actually work? My Flipper Zero revealed the truthIt can also read, write, store, and emulate NFC tags. On the front, there’s a 1-Wire connector that can read and emulate iButton (aka DS1990A, CYFRAL, Touch Memory, or Dallas key) contact keys. More

Peter-verreussel/Getty Images As AI evolves to successfully take on business, personal, and even medical use cases, its capabilities also increasingly make it a security threat. On Tuesday, researchers at identity validator Okta published a report that found hackers are using v0, an AI website creation tool from Vercel, to create “phishing sites that impersonate legitimate […] More

23andMe / Elyse Betters Picaro / ZDNET23andMe’s interim CEO Joseph Selsavage recently told Congress that roughly 1.9 million customers (about 15% of its 15 million users) have asked to delete their genetic data amid the company’s Chapter 11 bankruptcy and subsequent sale approval to TTAM Research Institute.I was one of 23andMe’s early adopters. I wanted to trace my French and Ashkenazi Jewish roots, and in its early days, the service provided fascinating family-history insights. But after nearly two decades of growth — peaking at a $6 billion valuation in 2021 — 23andMe is a shell of its former self. Its pivot to drug research and development failed to gain traction, and a major October 2023 data breach torpedoed any remaining customer trust, driving the company to lose over 99% of its value by 2024. Also: A drug developer is buying 23andMe – what does that mean for your DNA data?Now, with millions of genetic profiles, including mine, caught in bankruptcy limbo, there have been worries about who will control this vast trove of sensitive DNA data. California’s attorney general has even urged customers to delete their records, pointing out that, unlike medical information protected under HIPAA, direct-to-consumer genomic data lacks strong federal privacy safeguards. It didn’t help that, for a little while, there was a potential looming sale of 23andMe to pharmaceutical maker Regeneron.However, on June 30, a US bankruptcy judge approved the $305 million sale of 23andMe’s data assets to TTAM Research Institute — a nonprofit led by 23andMe co-founder Anne Wojcicki. The institute has promised to improve privacy policies and to continue to allow customers to delete their data. A small group of states (California, Kentucky, Tennessee, Texas, and Utah) remain opposed and have until July 7 to seek a stay to appeal the order. If you’re still uneasy about your genetic information falling into the wrong hands, or being tied indefinitely to pharmaceutical research you didn’t explicitly authorize, you still have the power to delete it. Here’s how. How to delete your 23andMe data What you’ll need: A 23andMe account and the ability to access your account either from a PC or a mobile device. More

Kyle Kucharski/ZDNETGoogle has patched yet another critical security bug in Chrome, which means all of you who use the browser should update it ASAP. On Monday, the company revealed a high-severity vulnerability that could allow a remote attacker to run malicious code on your system.In its release notes for the latest version of Chrome, Google pointed to the security flaw tagged as CVE-2025-6554. The NIST page on this one describes it as: “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.”Also: This Google Chrome update could change the fundamentals of browsing – here’s who gets to try it firstV8 is an open-source JavaScript and WebAssembly engine that Google uses in Chrome. Here, a programming problem in the code could give a remote attacker the means to create a malicious web page designed to steal data, install malware, or take over your system. The vulnerability has already been exploited in the wild, which means the bad guys are onto it and have used it to target unsuspecting Chrome users.This particular bug was discovered by Clément Lecigne of Google’s Threat Analysis Group on June 25. To assist with its bug-hunting efforts, Google’s researchers typically turn to such tools as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.Thankfully, Google has rolled out a fix for this flaw with the latest versions of the browser, specifically version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for the Mac, and 138.0.7204.92 for Linux.How to update ChromeTo update Chrome, open the browser, click the three-dot icon at the top, move to Help, and select About Chrome. The program will automatically download and install the latest update. Relaunch Chrome, and you’ll be fully protected, at least until the next critical vulnerability rolls around. More

Kerry Wan/ZDNETDid you know that whenever you turn on your smart TV, you invite an unseen guest to watch it with you? These days, most popular TV models utilize automatic content recognition (ACR), a form of ad surveillance technology that gathers information about everything you watch and transmits it to a centralized database. Manufacturers then use your data to identify your viewing preferences, enabling them to deliver highly targeted ads.Also: Your TV’s USB port is seriously underutilized: 5 features you’re not taking advantage ofWhat’s the incentive behind this invasive technology? According to market research firm eMarketer, in 2022, advertisers spent an estimated $18.6 billion on smart TV ads, and those numbers are only going up.To understand how ACR works, imagine a constant, real-time Shazam-like service running in the background while your TV is on. It identifies content displayed on your screen, including programs from cable TV boxes, streaming services, or gaming consoles. ACR does this by capturing continuous screenshots and cross-referencing them with a vast database of media content and advertisements. More