Information Technology

Microsoft/ZDNETWindows 10 isn’t the only Microsoft product that is due to lose support this coming October. In a blog post published Wednesday, the software giant said Microsoft 365 apps (aka Office) will no longer be supported in Windows 10 after Oct. 14, 2025. To continue using Microsoft 365 or Office, the company urges users to upgrade to Windows 11.Support cutoff The support cutoff doesn’t mean that Microsoft 365 will suddenly stop working or vanish from your PC. Just as with Windows 10, you’ll be able to continue to use the software, but you may hit a couple of bumps in the road.First, using Microsoft 365 on an older and unsupported OS such as Windows 10 may trigger performance and reliability issues over time, the company says in a support document. Microsoft doesn’t specify the specific issues you may encounter, but there’s a second area of concern. Since Windows 10 will no longer receive bug fixes, security patches and other updates after Oct. 14, Microsoft 365 and Office will be more vulnerable to bugs and security threats.Also: Microsoft to force new Outlook app in Windows 10 with no way to block itThe warnings from Microsoft apply to the subscription version of Microsoft 365 and the one-time purchase non-subscription flavors of Office, such as Office Home & Student, Office Home & Business and Office Professional Plus. The specific versions of Office include Office 2016, 2019, 2021 and 2024.Microsoft has long been pushing Windows 10 users to jump ship to Windows 11. Naturally, Microsoft and its PC maker partners would like you to buy a brand new PC with the latest OS, but if you still have a usable and reliable computer, upgrading is a cheaper option, but it’s not that simple. More

Lance Whitney/ZDNETScammers who prey on Apple iMessage users via phishing (or smishing) messages are doubling down on a novel tactic that tricks their victims into disabling built-in security. Spotted by BleepingComputer, a series of such phishing attacks have surged since last summer, especially over the past few months, putting unsuspecting users at greater risk of being scammed.Here’s how the tactic works. By default, Apple’s built-in security disables any links in a text message from an unknown sender. That protection includes links to websites, email addresses, and phone numbers. But if the recipient replies to the message or adds the sender to their contact list, those links become valid and active. And that’s the aspect being exploited by scammers.Also: The best VPN services (and how to choose the right one for you)In two screenshots posted by BleepingComputer, one phishing message uses a fake USPS failed delivery notification that’s been popular among cyber crooks. The other claims the recipient is on the hook for unpaid highway tolls. In both cases, the interesting part is found in the instructions at the bottom: “Please reply Y, then exit the text message and open it again to activate the link, or copy the link to your Safari browser and open it.” More

<!–> ZDNET’s key takeaways Proton Pass is a privacy-focused password manager with affordable annual plans and an excellent free tier that allows unlimited logins across unlimited devices. Proton Pass’s unique privacy features include integrated email aliases and robust data breach monitoring, which users can use to protect their personal information when browsing and shopping. Conversely, […] More

Alexander Sikov/Getty Images Virtual private networks are no longer just for tech enthusiasts and privacy buffs — they’ve become an essential tool for navigating a more restricted internet. VPNs offer a lifeline to digital freedom and security, from bypassing censorship to securing data from prying eyes.   In the US, legislation in several states has […] More

sankai/Getty Images The cybersecurity landscape of 2024 was marked by devastating ransomware attacks, artificial intelligence (AI)-powered social engineering, and state-sponsored cyber operations that caused billions in damages. As 2025 kicks off, the convergence of AI, geopolitical instability, and evolving attack surfaces presents an even more complex threat environment. Security professionals are bracing for what could […] More

Kerry Wan/ZDNETAt this year’s CES, ZDNET has teamed up with the rest of CNET Group (CNET, PCMag, Mashable, and Lifehacker) and the Consumer Technology Association (CTA) to name the official best Best of CES 2025 award winners in 12 categories.Also: CES 2025: The most impressive products you don’t want to miss More

dem10/Getty Images Data privacy has become absolutely crucial for businesses. And some businesses go to great lengths to protect their data, files, and communications. However, many consumers and smaller businesses continue to believe that adding extra security isn’t worth the extra work required. Wrong! Anyone who refuses or neglects to take the extra steps could […] More

ZDNETWhether you use Chrome, Firefox, or both, it’s time once again to update the browser to stay safe and secure while surfing the web. Released on Tuesday, the latest round of bug fixes for both programs resolves a number of nasty security flaws. Also: The best secure browsers for privacy Chrome users Chrome users will want to update the browser to version 31.0.6778.264/265 for Windows and Mac and version 131.0.6778.264 for Linux. This update includes fixes for four security vulnerabilities. The only flaw on the list that Google described is one for which the company paid $55,000 to the security researcher who discovered and reported it, a sign that it is critical. Known as CVE-2025-0291, this vulnerability cites a Type Confusion in Chrome’s V8 JavaScript engine. This kind of flaw could allow someone to remotely run malicious code through a specially crafted HTML page or even launch a Denial of Service attack on your computer. Also: How a Chrome extension malware scare ruined my dayIn squashing the other bugs, Google pointed to fixes based on internal audits, a software testing technique known as fuzzing, and other initiatives. The company said that many security flaws are found using such tools and techniques as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Firefox users On the Firefox front, version 134 of Mozilla’s browser includes fixes for 11 security vulnerabilities, three of which are rated high and the rest as moderate. One high-severity flaw known as CVE-2025-0244 affects Firefox on Android devices. The description for this one says that an attacker could spoof the browser’s address bar by redirecting the request to an invalid protocol, thereby directing you to a phony URL. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThe other two severe vulnerabilities affect both Firefox and Mozilla’s Thunderbird email client. Dubbed CVE-2025-0242 and CVE-2025-0247, respectively, these were both described by Google as memory safety bugs that showed evidence of memory corruption. Such bugs could allow a remote attacker to read or write code beyond the usual regions of memory. “We presume that with enough effort some of these could have been exploited to run arbitrary code,” Google added. With these critical security flaws in mind, you’ll want to update the browsers ASAP. More