Most of us think deleting a file means it’s gone for good. But “delete” on a Windows device often just means “out of sight,” not necessarily “out of reach.”

That’s where File Shredder, a new feature within Malwarebytes Tools for Windows, comes in. File Shredder lets you securely delete files from your hard drive or USB drive, so the files are not just removed—but completely unrecoverable, even with specialized recovery software.

What File Shredder does differently

When you delete a file by placing it in your Recycle Bin and emptying the contents, your computer typically removes the reference to it—but the data itself can remain on the drive until it’s overwritten. That leftover data can sometimes be recovered using basic digital tools, some of which can even be downloaded for free online. These data traces pose a problem if the file you want to delete includes personal, financial, or other sensitive information, like tax documents, scanned IDs, contracts, or anything else you would like to remain private forever.

File Shredder goes beyond standard deletion by instead permanently overwriting the file data, ensuring it can’t be reconstructed or recovered. Once a file is shredded, it’s gone for good—no undo, no recovery, no second chances.

That makes File Shredder especially useful when:

   • You’re cleaning up sensitive files before selling or donating a device

   • You need to securely remove files from a USB drive

   • You’re minimizing digital clutter without leaving data behind

   • You want peace of mind that private files stay private

How to use File Shredder

File Shredder is designed to be powerful without being complicated.

To use File Shredder:

• Open the Malwarebytes app and select the “Tools” icon from the lefthand menu (the screwdriver and wrench icon)

• From this menu, find and click on “File Shredder”

• Once here, you can manually add files or folders to the list and then click on the button “Delete permanently”

• You will be asked to confirm your request before File Shredder deletes the files



After your files are deleted by File Shredder you can move on, confident that the data can’t be accessed again.

Protection means your data is in your control

Cybersecurity isn’t just about blocking threats—it’s also about giving you control over your own data. File Shredder provides a way to do exactly that, helping you close the door on files that you no longer want on your devices.

Because when you’re done with a file, it should really be done.

source

Third-party software is the weak link

Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to secure them.

The jury is still out on whether most businesses get any measurable benefit from implementing AI in their organizations, and the debate is likely to get more contentious over time.

But at least one sector is reaping massive productivity gains in the Age of AI: Cybercriminals are more successful than ever before at leveraging vulnerabilities to attack businesses in the cloud, where they're most vulnerable.

That's the conclusion of a just-released report from Google's army of security investigators and engineers that I was able to review in advance of its publication. Based on its observations from the second half of 2025, Google Cloud Security concluded, "The window between vulnerability disclosure and mass exploitation collapsed by an order of magnitude, from weeks to days."

The report concludes that the best way to fight AI-powered attacks is with AI-augmented defenses: "This activity, along with AI-assisted attempts to probe targets for information and continued threat actor emphasis on data-focused theft, indicates that organizations should be turning to more automatic defenses."

Sneaking in through third-party code

These days, Google's report notes, security threats are not targeting the core infrastructure of services like Google Cloud, Amazon Web Services, and Microsoft Azure. Those high-value targets are well secured. Instead, threat actors (a polite name that includes both criminal gangs and state-sponsored agents, notably from North Korea) are aiming attacks at unpatched vulnerabilities in third-party code.

The report contains multiple detailed examples of these attacks -- with victims not mentioned by name. One involved exploitation of a critical remote code execution (RCE) vulnerability in React Server Components, a popular JavaScript library used for building user interfaces in websites and mobile apps; those attacks began within 48 hours of the public disclosure of the vulnerability (CVE-2025-55182, commonly referred to as React2Shell).

Another incident involved an RCE vulnerability in the popular XWiki Platform (CVE-2025-24893) that allowed attackers to run arbitrary code on a remote server by sending a specific search string. That bug was patched in June 2024, but the patch wasn't widely deployed, and attackers (including crypto mining gangs) began exploiting it in earnest in November 2025.

A particularly juicy account involves a gang of state-sponsored attackers known as UNC4899, probably from North Korea, that took over Kubernetes workloads to steal millions of dollars in cryptocurrency. Here's how the exploit took place:

UNC8499 targeted and lured an unsuspecting developer into downloading an archive file on the pretext of an open source project collaboration. The developer soon after transferred the same file from their personal device to their corporate workstation over Airdrop. Using their AI-assisted Integrated Development Environment (IDE), the victim then interacted with the archive's contents, eventually executing the embedded malicious Python code, which spawned and executed a binary that masqueraded as the Kubernetes command-line tool. The binary beaconed out to UNC4899-controlled domains and served as the backdoor that gave the threat actors access to the victim's workstation, effectively granting them a foothold into the corporate network.

Another incident involved a series of steps that started with a compromised Node Package Manager package that stole a developer's GitHub token and used it to access Amazon Web Services, steal files stored in an AWS S3 bucket, and then destroy the originals. That all happened within a matter of 72 hours.

Compromising identity

The other major finding is a shift away from attacking weak credentials with brute force attacks in favor of exploiting identity issues through a variety of techniques:

   • 17% of cases involved voice-based social engineering (vishing)

   • 12% relied on email phishing

   • 21% involved compromised trusted relationships with third parties

   • 21% involved actors leveraging stolen human and non-human identities

   • 7% resulted from actors gaining access through improperly configured application and infrastructure assets

And the attackers aren't always coming from far away; the report notes that "malicious insiders" -- including employees, contractors, consultants, and interns -- are sending confidential data outside the organization. Increasingly, this type of incident involves platform-agnostic, consumer-focused cloud storage services like Google Drive, Dropbox, Microsoft OneDrive, and Apple iCloud. The report calls this "the most rapidly growing means of exfiltrating data from an organization."

One ominous note is that attackers these days are taking their sweet time before making their presence known. "45% of intrusions resulted in data theft without immediate extortion attempts at the time of the engagement, and these were often characterized by prolonged dwell times and stealthy persistence."

What can businesses do to protect themselves?

Each section of the report includes recommendations for IT professionals to follow for securing cloud infrastructure. Those guidelines are neatly divided into two categories: specific advice for Google Cloud customers and more general guidance for customers using other platforms.

If you're an admin at a large organization with security responsibilities, that advice is worth reading carefully and adding to existing security measures. But what are small and medium-sized businesses supposed to do?

• Step up your patching game by ensuring that all software applications, especially those from third-party developers, are updated automatically.

• Strengthen Identity and Access Management, using multi-factor authentication and ensuring that only authorized users have access to administrative tools.

• Monitor the network with an eye toward identifying unusual activity and data movement. That includes attacks from the outside as well as insider threats.

• Have an incident response plan ready to go at the first sign of an intrusion. Those first few hours can be a crucial time, and scrambling to assemble investigative and containment resources can take days if you're not prepared.

For small businesses that don't have security experts on staff, the best solution is to find a managed service provider that has the skills and experience you need. You do not want to be starting that search after an attacker has already succeeded.

source

Including access to third-party apps



Windows 11 has a new policy called “Make Print Screen key yiedable,” which allows third-party apps to intercept the keyboard shortcut. This means third-party apps can easily use the ‘Print’ screenshot, which typically opens Snipping Tool or Windows 11’s built-in screen capture interface.

There are many ways to capture a screenshot in Windows 11, but the most popular shortcut remains the Print key. That’s given because the key itself is called “Prntscr,” which stands for Print Screen. On most PCs, when you press the Print key, it opens the Snipping Tool.

As noticed by Tero and verified by Windows Latest, Microsoft is testing a new Group Policy, which enables third-party apps to override the default screenshot key.

In Build 26300, if you open Group Policy Editor, which requires Windows 11 Pro, and go to Computer Configuration > Administrative Templates > Windows Components > File Explorer, you’ll find a policy called “Make Print Screen key yieldable.”


Print Screen key in Group Policy | Image Courtesy: WindowsLatest.com

By default, this policy is set to “not configured,” which means third-party apps can use your Print key whenever they want, replacing ‘Snipping Tool’ as the default app.

“This policy setting determines whether the Print Screen key can be yielded to other applications,” Microsoft noted in an explanation seen by Windows Latest.

“If you enable this policy setting, the Print Screen key can be intercepted by applications, allowing them to override the default screenshot functionality. If you disable this policy setting, the Print Screen key will retain its legacy behavior for taking screenshots and cannot be intercepted by applications.”

If you don’t want third-party apps to take over the Print key, you should set the policy to “Disabled”. In all other cases, you should leave it as it is. Third-party apps randomly do not hijack your Print key, and if they do, you can always remove the app or simply use the Group Policy.

In our tests, Windows Latest observed that the Group Policy that gives you greater control over the Print key requires a reboot to fully apply the changes.

It’s not the first time Microsoft has tried to change how the Print Screen key works

Back in 2023, Windows Latest spotted a new toggle “Use the print screen key to open Snipping Tool” under Settings > Accessibility > Keyboard that lets you block Print Screen from opening Snipping Tool by default.


“Use the Print screen key to open Snipping Tool in Windows 11” option appeared in 2023, but now
disappeared | Image Courtesy: WindowsLatest.com

Microsoft even called it out in a 2023 blog post: “Pressing the print screen key will now open Snipping Tool by default. This setting can be turned off via Settings > Accessibility > Keyboard. If you have previously modified this setting yourself, your preference will be preserved.”

That toggle showed up in preview builds at the time, but it’s effectively gone now. On Windows 11 24H2 (and 25H2), heading to Settings > Accessibility > Keyboard doesn’t show any option to control Print Screen behaviour when Snipping Tool is installed.

What makes it more confusing is that Snipping Tool still points you to Accessibility settings to change the Print Screen shortcut, but the setting it references isn’t there anymore.



So you get sent to the “right” place, only to hit a dead end. Either way, the new Group Policy is more powerful for managing the Print Screen key, and it’s now rolling out to users.

source

The Honor Robot Phone has made a public reappearance, this time with its flagship feature in action.

It's bizarre to think that, on the same day Honor announced its most ambitious foldable phone yet, I was drawn to a different device.

At Mobile World Congress, the Chinese electronics maker reintroduced its Robot Phone: first unveiled at CES, now on the Barcelona show floor with working features to please the crowd.

It was apparent from the oohs and ahhs of the weekend audience (and larger crowds now that the showfloor has opened) that this pocketable robot may be even more appealing than the back-flipping humanoid ones that brands continue to pitch as slow-paced housekeepers and pet sitters. It certainly was for me.

That's because the Honor Robot Phone is built with more practicality than I expected, though some features may raise more privacy and security concerns than anything else. Let's break it all down.

A familiar gimmick

The Robot Phone's highlight is its gimbal-stabilized camera that pops out from the back of the device. Perhaps I'm a believer in such a feature because I've long been using gimbal-stabilized webcams for work meetings. They're ideal for keeping subjects in frame, recordings steady, and portable in size.

Integrating one into a phone offers those same benefits, but can now be leveraged for more powerful use cases like recording 4K videos with the 200MP sensor and capturing smooth-panning panoramic shots (though limited to 90° and 180°, according to Honor).

Some folks may be more charmed by the multimodal AI capabilities the gimbal camera provides, such as providing real-time wardrobe suggestions or solutions -- correct and accurate ones, hopefully -- to general problems. I'm sure we're all familiar with the "how to fix my bike tire" example by now.

To give the Robot Phone more personality, Honor's playfully developed software makes the camera nod, shake its head, and even dance when interacted with. Watching the introduction video for the Robot Phone reminded me of the whimsical qualities we now attribute to robots like WALL-E and R2-D2.

When not in operation, the camera can tuck itself compactly into the back cover, thanks to the micro motor that powers it. This is important, as physically hiding the camera is the only way to guarantee that it's not recording anything without you knowing. An LED indicator is simply not enough in this day and age.

What comes next?

Honor hasn't shared much about the "phone" part of Robot Phone, but the company has confirmed that the device will launch in China in the second half of this year, first before anything else. That's what the company has done with its traditional phone releases, so it's not a surprising market strategy.

It remains to be seen how a phone with a motorized, 'dancing' neck survives the reality of clumsy hands, lint-filled pockets, and the thousand tiny accidents of daily life. Honor is betting on a new kind of smartphone -- now we'll see if it's tough enough to survive the wild.

source

Is your Windows PC running slow?

9 ways to Clear RAM Cache in Windows PC👉 http://bit.ly/3ZUbrhh

Learn how to clear RAM cache and free up memory using Microsoft's official RAMMap tool! This simple method works on both Windows 10 and Windows 11 and can instantly boost your computer's performance.

source