Recent Posts

Pages: [1] 2 3 ... 10
1
First documented publicly in an FBI hacker complaint!


What is GDID, the Windows device fingerprint that helped the FBI catch a hacker

A 19-year-old walked through Helsinki airport in April 2026 carrying two 2TB hard drives and a ticket to Japan. He couldn’t make that flight. Finnish police stopped him on an Interpol Red Notice, and by July, US prosecutors had unsealed a federal complaint identifying him as Peter Stokes, an alleged member of the Scattered Spider hacking group, wanted over a May 2025 breach of a US luxury jewelry retailer that ended in an $8 million ransom demand.

No, we haven’t suddenly turned into a crime reporting publication, but it was Microsoft that handed the FBI a way to trace Stokes’ Windows PC across VPNs, proxy servers, and three countries. The tool is called a Global Device Identifier, or GDID, and outside a handful of enterprise documentation pages, most Windows users had never heard the term before this case made it public.

We went through the full 39-page complaint, cross checked it against independent reverse engineering of how Windows generates and transmits this identifier, and fact checked the technical claims since the story broke. Here is everything you need to know about GDID, how it caught Stokes, and what it means if you are one of the 1.6 billion people using Windows PCs.



What is GDID, and where does it come from

The complaint quotes a Microsoft representative describing the GDID as “a persistent, device-level identifier designed to uniquely identify an installation of a Windows operating system on a device, either a physical device (e.g., a mobile phone or laptop) or virtual machine, across certain Microsoft services and scenarios”

A Global Device ID (GDID) is a permanent, unique digital fingerprint that Microsoft automatically assigns to your computer when you install Windows or sign into a Microsoft account.

Microsoft uses it to manage software licensing and Windows Store apps, but because it links all your online activities on that computer back to a single identity, law enforcement can use it to track a device’s true owner across the internet

It survives Windows updates. It does not survive a clean reinstall, and Microsoft’s footnote in the complaint admits “one Microsoft user could have multiple GDIDs” over the life of a single account.

Microsoft said what the GDID does without saying where it is inside Windows. For that, independent researchers had to reverse engineer it, because Microsoft has published exactly one sentence about GDID in the Azure Monitor reference for Delivery Optimization reporting, where a column called GlobalDeviceId is described only as “Microsoft global device identifier. This is an identifier used by Microsoft internally.”

How Windows generates a GDID

The real chain starts with the Microsoft Account service.



When Windows provisions a device against a Microsoft Account, a system service called wlidsvc talks to login.live.com and gets back what Microsoft calls a Device PUID, a Passport Unique ID, inside the server’s SOAP response. Server assigned. Windows never computes it locally from anything on your PC. It receives a string and stores it.

The PUID lands in your own registry hive, in plain text, at HKCU\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties under a value named LID. From there, the Connected Devices Platform, the same background service (cdp.dll, running as CDPSvc) that powers Phone Link, cloud clipboard, and Nearby Share, reads that PUID and registers it into Microsoft’s Device Directory Service, which is the identity graph behind all of Microsoft’s cross device features. There, the number gets a lowercase g stuck in front and gets written as g:decimal. Delivery Optimization then reports that same value back to Microsoft’s servers as UCDOStatus.GlobalDeviceId every time your PC shares or downloads update data peer to peer.

Now for the version in plain English: Sign into Windows with a Microsoft Account, and a server assigns your installation a permanent ID number. Windows stores it locally, several background services read it, and it gets stamped onto activity your PC reports back to Microsoft.

Reinstall Windows and you get a new number, but Microsoft’s own records give every reason to link the new one back to the old, through the same account, OneDrive, and activation history, which is close to what happened to Stokes.

How the FBI used GDID to catch Stokes

Stokes got caught because he used the same Windows device for everything, and the GDID stitched all of it back together after the fact.

Scattered Spider members phoned the jewelry retailer’s IT help desk from Google Voice numbers, posed as locked out employees, and talked support staff into resetting three accounts, two with administrator privileges. From there they installed a tunneling tool called ngrok to get past the retailer’s network defenses, moved roughly 77 gigabytes of data to Amazon cloud storage using ngrok and a second tool called Teleport, tried and failed to deploy ransomware, then sent a ransom email with the subject line “IMPORTANT: WE STOLE THE DATA, CONTACT UMMEDIATELY [sic].” They asked for $8 million in cryptocurrency. The retailer refused, ate roughly $2 million in cleanup costs, and moved on.

Investigators later subpoenaed ngrok and found the account used in the attack had been created on May 12, 2025, at 19:21 UTC from a VPN proxy IP address run by Tzulo, a hosting provider. The IP was a dead end. VPN proxies do that. But the GDID is built different.


source: DOJ

Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account. It gave the FBI a device, that don’t rotate the way VPN exit nodes do.

From there the investigation turned into connecting dots. Once agents had a timeline of every IP address that device had used, they cross referenced it against known logins to accounts prosecutors already suspected belonged to Stokes:

On June 4, 2024, the GDID’s device used an IP address in Tallinn, Estonia, where Stokes lived. The same IP had logged into his Snapchat account four minutes before that and his Facebook account about 80 minutes after.

On November 17 and 18, 2024, the same device showed up on a New York IP address, matched to logins on one of Stokes’ Apple accounts and his Snapchat account. Weeks later, on November 26, the same device visited the website for the Empire Hotel in New York, matching another confirmed Stokes trip. He’d posted a Snapchat photo the day before that investigators matched, down to the carpet and wallpaper, against publicly advertised photos of an Empire Hotel suite.

On February 2, 2025, the device appeared on a Thailand based IP, matched again to his Apple and Snapchat logins. Stokes had posted a Snapchat photo captioned “WALDORF ASTORIA BANGKOK” the day before.

On January 8, 2025, the same device, now back on an Estonian IP, logged into the mobile game Growtopia. The day before, that same IP address had accessed one of Stokes’ Apple accounts, then a Ubisoft account tied to that Growtopia login two minutes later.

Of course, all these activities doesn’t seem suspicious when taken individually. What made the case is that the same GDID and physical Windows installation, kept showing up at the exact times as accounts investigators already knew were Stokes’, across four countries over roughly eight months.

Note that, Microsoft had already flagged Stokes to the FBI once before, in an October 2024 criminal referral describing “online services telemetry.

Why this bothers privacy researchers, even with a hacker caught

Nobody is arguing the wrong person got arrested. Stokes is accused, with the rest of Scattered Spider, of over 100 corporate intrusions and $100 million-plus in ransom payments, per the DOJ’s numbers. The system worked as intended here.

What has researchers uneasy is everything else the case reveals. Costin Raiu, a well-known malware researcher, asked on the Three Buddy Problem podcast how much of this exists on other platforms, and whether it is linked more permanently to hardware. Matthew Hickey, another security researcher, called Windows “surveillance software”.



Two things back that up:

1. There’s no consent screen. A GDID gets assigned when you sign into a Microsoft Account. Apple’s advertising identifier needs an  App Tracking Transparency prompt and a visible reset; Android’s works the same way. GDID has neither, and a Windows reinstall only gets you a new number Microsoft can still get back to the same account.

2. Then there’s activation. Massgrave, the group behind Microsoft Activation Scripts, notes that Windows setup sends hardware info to Microsoft and gets identifiers back, the same tokens later used for Store access and licensing: “It’s impossible to prevent Windows from getting a GDID without breaking activation and UWP app(s).” Anyone who lost a license after swapping a motherboard has already met a smaller version of this.

Yes, every major OS keeps some persistent device identity, and every vendor can be subpoenaed. But what differs with Microsoft is visibility and control, and Windows loses on both against Apple and Google’s platforms.

What you can do about it

Reinstalling Windows isn’t the fix people assume. You get a new GDID but sign back into the same Microsoft Account and Microsoft has every reason to connect it to your old activity anyway. A few things help more:

• Use a local account instead of a Microsoft Account, but we are also aware of how difficult it has become to skip signing in with a Microsoft account. Fortunately, the company is making it easier.



• Turn off optional diagnostic data under Settings > Privacy & security > Diagnostics & feedback.



• Block Advertising IDs by toggling off personalized ads and launch tracking under Privacy & security > Recommendations & offers.



• Disable Cloud Search by turning off Cloud Content Search from Privacy & security > Search to stop local searches from sending data to Bing.



• See our guide on stripping unwanted AI features and background services out of Windows 11.

• For journalism, activism, or domestic abuse situations, skip Windows and use Linux routed through Tor instead of a commercial VPN. A GDID doesn’t care which VPN you use, only that it’s still the same Windows installation.

Our take

Am I glad Stokes got caught? Yes, without hesitation. Thirty-five pages of a teenager bragging about diamond chains spelling out “HACK THE PLANET” while extorting a jewelry store don’t leave much room for sympathy, whatever role Microsoft’s telemetry played in building the case.

But that doesn’t make the GDID okay. Every company selling you software has some version of this, and a persistent device identity is a reasonable thing to build into activation and fraud systems. What gets me is that most people had never come across the term GDID before a federal court filing such as this. Microsoft wrote one sentence about it in an Azure Monitor reference table meant for enterprise IT admins pulling update reports, not for the 1.6 billion or so regular people whose PCs are generating this data.

You might be tech savvy enough to turn off Activity History, pick a local account, and strip out every scrap of optional telemetry, but none of it changes the fact that the identifier exists, and that it answers to your Microsoft Account instead of you. Microsoft only told the public about it once a court forced the issue.

source
2
On the track of small-size esports tablets, from the RedMagic Gaming Tablet 3 Pro to today's fifth-generation Pro, RedMagic has always been exploring one question — how much esports usage scenario can a portable tablet actually carry? When we held the RedMagic Gaming Tablet 5 Pro in our hands, this question seems to have a clearer answer. Tianji.com (Skyworth Digital/Tianji Net), after an in-depth experience, brings this review.



In terms of appearance, the unit Tianji.com received this time is the "Deuterium Peak Transparent Silver Wing" color version, continuing RedMagic's iconic transparent and flat back panel design language, with the back panel presenting a cool metallic silver-gray texture under light. The whole machine feels solid in hand, with evenly distributed weight and no obvious sense of heaviness, with the total weight of the machine being approximately 363g. For an esports tablet with a built-in cooling fan and an 8200mAh large battery, this kind of weight control deserves recognition.



In terms of back cover design, this generation goes further on the basis of the cyber esports style — under the flat back panel, the brand new transparent liquid cooling structure is fully visible, with cool water-cooling RGB light strips lighting up according to the cooling state, and while running you can even clearly see the trajectory of the fluorinated coolant flowing through the pipeline, injecting a sense of cyber life into the cold hardware.



In terms of the screen, this generation of the RedMagic Gaming Tablet 5 Pro is equipped with a 9.06-inch, 2400×1504 resolution OLED esports screen. What's surprising is that the refresh rate has further increased to 185Hz. In FPS, racing and other high-frame-rate-sensitive esports scenarios, the improvement in every frame can be synchronously captured by fingertips and eyes. Paired with a 4.9mm ultra-narrow four-equal-side design and a 90.1% ultra-high screen-to-body ratio, the visual immersion is extremely strong. Whether holding it horizontally to play games or browsing content in portrait mode, the equal-width-on-all-sides look makes the entire screen appear as if it is floating above the body. Brightness is likewise not to be underestimated, with local peak brightness reaching up to 1600nit, and global excitation brightness also reaching 1100nit.



In terms of touch control, the RedMagic Gaming Tablet 5 Pro is equipped with the S3930 Synaptics (Xinsi) touch chip, with a multi-finger native touch sampling rate reaching 300Hz, an instantaneous report rate as high as 2000Hz, and support for 10X super-resolution touch, making operation faster, more accurate, and more stable — the synergy of the 185Hz ultra-high refresh rate, OLED low latency, and the S3930 touch chip allows every frame of the player's operation on the esports battlefield to seize the first opportunity.



In terms of game compatibility, the RedMagic Gaming Tablet 5 Pro fully leverages the advantages of this 185Hz high refresh screen. Currently, several popular games including "Cross Fire: Gunfight King," "Dawn Hero," and "Rhythm Master" have already adapted to the 185Hz ultra-high frame rate, while mainstream shooting games such as "Delta Force," "Call of Duty Mobile," and "Peacekeeper Elite" have also adapted to the 165Hz high frame mode. Combined with the OLED screen's natural low-latency characteristics, in FPS and other high-frame-rate-sensitive esports scenarios, both the smoothness of the visuals and the responsiveness of operation have significant advantages.

In terms of performance, the RedMagic Gaming Tablet 5 Pro is equipped with the Qualcomm Snapdragon 8 Elite Gen5 flagship processor, using TSMC's third-generation 3nm process technology. Both CPU and GPU performance have achieved significant improvements compared to the previous generation, while energy efficiency performance has also been greatly optimized. Tianji.com actually tested "Delta Force," and under ultra-high frame rate, the gaming experience was smooth and silky, with responsive operation, and the average frame rate for the entire match was as high as 166FPS, with the body basically showing no obvious heating, a satisfying performance.



In order for this tablet to have a more comprehensive gaming experience, the RedMagic Gaming Tablet 5 Pro, with the support of RedMagic Lab's self-developed translation engine, has overcome the technical difficulty of translating X86 instructions to the ARM architecture, and has built a PC emulator into the system, further lowering the threshold for users to play games. Users can play games from platforms such as PS, Steam, and Xbox via streaming, or import games locally in the PC emulator, or directly log into their Steam account to download from their game library, while also supporting cloud save synchronization. This allows the RedMagic Gaming Tablet 5 Pro to freely switch between multiple forms such as an entertainment tablet, a gaming handheld, and a console streaming terminal. For many users, this may be one of the few one-stop gaming experience solutions currently available.



In order to adapt to gaming needs in different scenarios, the RedMagic Gaming Tablet 5 Pro also supports connecting various external devices: plug in a controller and it becomes a complete handheld gaming console form, and cast to a TV while connecting a Bluetooth controller to unlock the console experience.



In addition, this generation has been upgraded to dual Type-C ports, both specified as USB 3.2 Gen2, located at the bottom and on the left side respectively, fully optimizing the experience of charging while playing when held horizontally.



In terms of battery life, the RedMagic Gaming Tablet 5 Pro has a built-in 8300mAh super-large capacity battery, which is at a leading level among tablet products of the same size. Combined with the high-efficiency chip and system-level power consumption optimization, in Tianji.com's actual battery life test, it is sufficient to support long hours of gaming and audiovisual entertainment needs, with no need to worry about battery anxiety.

In terms of charging, the RedMagic Gaming Tablet 5 Pro supports up to 80W wired fast charging. Tianji.com's actual test showed that half an hour of charging can reach 73% battery, and it takes a total of 52 minutes to fully charge, allowing players to quickly recharge during fragmented time and return to the battlefield at any moment.

Overall, the RedMagic Gaming Tablet 5 Pro has completed a fairly comprehensive evolution within a limited 9.06-inch body. It can be said that the RedMagic Gaming Tablet 5 Pro is not just a gaming tablet, but an all-around esports terminal that can seamlessly switch between tablet, handheld, and console at any time — for players pursuing the ultimate portable gaming experience, this may be one of the most noteworthy choices currently

source
3


Back in March, Google announced a major overhaul of the Google Maps navigation interface with a new immersive navigation UI. The update started popping up in CarPlay for some users, but Android users were still stuck with the old navigation UI in Android Auto. Now, that seems to be changing.

In a new post on Reddit, user radgatt has shared screenshots of the Google Maps immersive navigation UI running on Android Auto. The screenshots show the new 3D UI with easy-to-spot flyovers, 3D buildings, and even individual trees.



Apparently, the user started seeing the new UI after updating to Android Auto v17.3, which was released yesterday and is also rolling out now. However, another user running the latest beta versions of both Android Auto and Google Maps said that the new UI isn’t showing up for them. It’s highly likely that the new UI isn’t tied to the latest version of Android Auto and is instead a Google server-side update.

Android users have been waiting for the new immersive navigation to show up on their phones for quite some time, and it’s definitely good news that the update seems to have started rolling out now. Hopefully, this won’t be another one of Google’s really slow rollouts, and users will get access to the new UI sooner rather than later.

Immersive navigation in Google Maps is available in the US on iOS, CarPlay, Android, Android Auto, and cars with Google built-in. However, it is rolling out slowly. Google hasn’t said anything about a rollout in other countries. If you’re outside the US, you’ll just have to wait for the company to expand the feature globally.

source
4
No Premium? No problem. DuckDuckGo-t your back!



Imagine you’re watching a YouTube video, completely invested in what’s happening, and then an ad suddenly interrupts. It’s annoying every single time, and I’m sure I’m not the only one who feels that way. I’d much rather install an ad blocker in a few minutes than pay for YouTube Premium just to avoid ads.

The only downside is that YouTube has been getting increasingly aggressive about ad blockers, often showing warnings or refusing to play videos. I was almost ready to give up on ads and live with them until I came across DuckDuckGo’s new free ad blocker option. I decided to give it a shot, and guess what? It worked.

If you’re tired of YouTube constantly nagging you about ad blockers, here’s how you can get it working on your device, too.

How do you deal with YouTube ads?



How to block YouTube ads with DuckDuckGo



Before I tell you more about what it was actually like using this, let’s get you set up first.

If you’re using a Mac, Windows PC, or an iPhone, you’re in luck. YouTube ad blocking is already enabled by default in the latest version of the DuckDuckGo browser, so there’s nothing you need to configure. Just make sure the browser app is up to date, open YouTube, and start watching your videos as you normally would.

Android users have one extra step, though. DuckDuckGo says YouTube ad blocking will be enabled by default on Android “soon,” but until then, you’ll need to turn it on manually. Update the app to the latest version, then follow these steps:

   1. Open the DuckDuckGo app on your Android phone.

   2. Open a new tab and tap the three-line menu (hamburger icon) in the top-right corner.

   3. Tap Settings.

   4. Scroll down to Other Settings and select YouTube ad-blocking.

   5. Turn on the Block Ads on YouTube toggle.



That’s it. Once you’ve enabled the setting, open YouTube in the DuckDuckGo browser and enjoy your videos without the usual stream of ads getting in the way.

This wasn’t supposed to work so smoothly



I followed these steps on my Google Pixel 10a, and the whole setup took barely a minute. The funny part was that I was skeptical. I’d tried enough workarounds over the years to know that many of them stop working sooner rather than later, so while I was hopeful, I wasn’t getting my expectations up.

Obviously, I had to try it for myself. The first thing I did was play a one-hour episode of one of my favorite YouTube shows. I simply hit play and watched. There wasn’t a single ad from start to finish. Honestly, it felt a little weird because I’d become so used to YouTube interrupting videos that I kept expecting an ad to show up. It never did.



So I kept going. I watched music videos, podcasts, long documentaries, cooking videos, and pretty much anything else I’d normally have open on YouTube — and it all ran smoothly. Even though DuckDuckGo warns you might notice a little extra buffering, I didn’t experience any during my testing.

The experience was even simpler on my iPhone, MacBook, and Windows PC. Since YouTube ad blocking is already enabled by default there, all I had to do was make sure DuckDuckGo was up to date. After that, it was the same story. I ended up spending far longer on YouTube than I’d planned, partly because I wanted to test it properly and partly because, for once, I wasn’t constantly being pulled out of the experience by ads.

There’s a bonus feature worth knowing about



While I was poking around the browser, I stumbled upon another feature that caught my attention. It’s called Duck Player, and it complements YouTube ad blocking surprisingly well.

Instead of opening videos in the regular YouTube player, Duck Player uses DuckDuckGo’s own built-in video player. The biggest advantage here is privacy. It uses YouTube’s strictest privacy settings for embedded videos, which means you aren’t tracked with cookies or served personalized ads while you watch. The videos you watch in Duck Player won’t influence your YouTube recommendations, and it won’t remember your place in playlists either.



If that sounds like something you’d like, you can enable Duck Player from the browser’s settings. Better yet, you don’t have to choose between the two. Duck Player and YouTube ad blocking work together, so you get a cleaner, more private YouTube experience without giving up either feature.

So, how is DuckDuckGo getting away with this?



Of course, this made me wonder how DuckDuckGo was pulling it off, given that YouTube has spent so much time cracking down on ad blockers. So I dug into how it actually works. DuckDuckGo relies on community-maintained filter lists from uBlock Origin, which are constantly updated by an active open-source community to keep pace with the way websites, including YouTube, serve ads. On top of that, DuckDuckGo applies its own tweaks to improve compatibility and keep things running smoothly.

My only hope is that it stays this way, because right now it’s exactly what I was looking for. I don’t have to add another monthly subscription to a list that’s already long enough, and after using it across my Pixel, iPhone, MacBook, and Windows PC, I genuinely don’t miss YouTube’s constant ad interruptions.

source
5
Microsoft has removed 119 extensions from the Edge add-on store which were all tied to one adware campaign.

In a paper titled “Inside StegoAd: How We Disrupted a Massive Malicious Extension Campaign,” Microsoft researchers detail how they uncovered and dismantled a sophisticated malware campaign that abused browser extensions to infect users. According to Microsoft, the campaign involved 119 malicious browser extensions which were downloaded by 2.6 million users.

The extensions all promised, and delivered, some kind of basic functionality: ad blockers, VPNs, translators, video downloaders, calculators, coupon extensions and so on. But after a while they turned out to be “sleepers” and secretly started downloading additional malware.

Among the payload was malware involved in ad fraud, but also extensions that ran arbitrary JavaScript pushed from the server, which stole Google credentials and second-factor codes at sign-in, harvested WordPress admin logins, and exfiltrated cookies in bulk for session hijacking.

The name of the campaign “StegoAd” is derived from the words advertising and steganography, which means techniques of hiding secrets in something that doesn’t immediately cause suspicion. In this case, hiding code in images.

And not only did the cybercriminals try to stay under the radar by waiting for some time, and hiding malicious code inside images, they also left some victims alone. Some of the extensions only went rogue in about 10% of installs, which would actually execute the next stage of the malware, while the other ~90% would be left alone (at least for that execution attempt). And, in some cases, they re-used names of well-known legitimate extensions to install an additional level of trust.

Browser extensions are a source of wealth for cybercriminals because it compares to installing a small program that lives inside your browser, which can see and report about everything you do on the internet.

Now I hear some of you thinking: I don’t use Edge. Or I’ve used it just once, to download and install my favorite browser. But although Microsoft discovered and analyzed the campaign, the techniques used in this campaign are applicable to Chromium-based browsers in general.

This campaign was less about exploiting a browser vulnerability and more about tricking users into installing a trusted-looking extension, then using sophisticated concealment techniques to avoid detection long enough to compromise systems.

How to stay safe

Always be careful when downloading extensions, even from the reputable app stores. As we’ve seen many times before, criminals manage to get their apps or extensions listed when they are only one update away from turning into malware. So, make sure that you trust the developer and don’t rely on reviews alone.

Use an up-to-date real-time security solution to detect and remove malicious extensions from your device and block connections to malicious domains and IP addresses. Remove the known malicious extensions from your browser. Below is an alphabetical list of the malicious extensions the researchers found by name.

Please note that there might be more than one extension that has the same name. In case you doubt whether the extension you have installed is among them, check whether the ID matches the one shown in the list. If you prefer looking them up by ID, you can find them organized differently in the Microsoft report (pages 40-43).










source
6
Apple / Apple releases security patches for iOS, MacOS Tahoe, Safari
« Last post by javajolt on July 07, 2026, 08:49:52 AM »


Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac.

The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas.

What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari as well as every browser on iPhone, including Chrome, Firefox, and Edge. It also looks like several of the issues Apple has addressed can be chained together to steal data or run malicious code with little or no user interaction.

Updates for your particular device

The table below shows which updates are available and points you to the relevant security content for that subject.





How to update your Apple devices

How to update your iPhone or iPad

For iOS and iPadOS users, here’s how to check if you’re using the latest software version:

Go to Settings > General > Software Update. You will see if there are updates available and be guided through installing them.

Turn on Automatic Updates if you haven’t already—you’ll find it on the same screen.



How to update macOS on any version

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

• Click the Apple menu in the upper-left corner of your screen.

• Choose System Settings (or System Preferences on older versions).

• Select General in the sidebar, then click Software Update on the right. On older macOS, just look for Software Update directly.

• Your Mac will check for updates automatically. If updates are available, click Update Now (or Upgrade  Now for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.

• Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).

• Make sure your Mac stays plugged in and connected to the internet until the update is done.

How to update your Safari browser

Safari updates are included with macOS updates, so installing the latest version of macOS will also update Safari. To check manually:

• Open the Apple menu > System Settings > General > Software Update.

• If you see a Safari update listed separately, click Update Now to install it.

• Restart your device when prompted.

If you’re on an older macOS version that’s still supported (like Sonoma or Sequoia), Apple may offer Safari updates independently through Software Update.

Technical details

On iPhone and iPad, every browser—Safari, Chrome, Firefox, Edge—is forced to use Apple’s WebKit engine, which is exactly where most of the 26.5.2 fixes land. Apple and independent write‑ups describe a chain of WebKit issues, including use‑after‑free bugs, memory corruption, and cross‑origin logic errors that could be triggered simply by loading a malicious page. In several cases, the impact ranges from crashing your browser to corrupting memory or leaking data from other sites you have open in different tabs.

And there are some other browser related issues. Apple also notes fixes in Web Extensions and permission handling that could have allowed browser extensions or sites to access more data than intended. Plus some that are scattered across related libraries and frameworks such as libxslt, and WebRTC.

Libxslt is an open-source C library used to perform transformations on XML documents. It enables developers to convert raw XML data into other formats, such as HTML, plain text, or other XML structures.

WebRTC (Web Real-Time Communication) is an open-source technology that allows web browsers and mobile apps to communicate directly with each other.

None of the patched vulnerabilities are known to be exploited in the wild, but that doesn’t mean you can relax. One thing to consider when you are scheduling this update is that, due to the beta testing, the details of these vulnerabilities have been public knowledge for a while, so the race to come up with an exploit has already started.

source
7


If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes.

The stable channel has been updated to 150.0.7871.46/.47 for Windows and Mac, 150.0.7871.46 for Linux, and 150.0.7871.63 for Android. The update will roll out over the coming days and weeks.

How to update Chrome

If you don’t want to wait for the rollout to reach you, manually updating is easy.

The easiest option is to allow Chrome to update automatically. But you can end up lagging behind on updates if you never close your browser or if something goes wrong, such as an extension preventing the update.

To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it automatically. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.


Chrome 150.0.7871.47 is up to date

You can find an explanation of the version numbering system and step-by-step instructions in our guide to how to update Chrome on every operating system.

Technical details

Among the 382 security fixes are 358 found by Google itself, with 15 of those are rated as Critical. Google rates them as Critical severity because they could allow an attacker to run arbitrary code outside the browser’s sandbox, which makes it the highest tier on its rating scale. So, it’s reassuring that Google found these before anyone else did. Because apparently not all bug hunters believe in responsible disclosure.

Google uses internal code sanitizer tools and fuzzing techniques to find these vulnerabilities. It probably also helps that it is on the list of companies that are allowed to use advanced AI platforms to help them find these vulnerabilities.

One vulnerability rated as High stands out. It’s a flaw tracked as CVE-2026-13789. The official description is:

Quote
“Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

Vulnerabilities that allow an attacker to escape the sandbox—which means it can impact the whole device—are valuable if you can chain them with others. The browser sandbox is a restricted, sealed-off environment that is supposed to contain any malicious activity within the browser rather than directly on your whole computer. So a sandbox escape is dangerous because it can help attackers move from “something bad happened inside the browser” to “something bad can affect the wider system.”

Use-after-free is a class of vulnerability caused by incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can abuse that mistake by causing a crash in a program or make it run code it should not run.

In Chromium/Chrome architecture, the term GPU usually denotes the dedicated GPU process that handles hardware-accelerated rendering, compositing, WebGL, video decode, and related graphics operations.

Via a crafted HTML page means it could exploit a target’s device through a malicious website, an HTML email, or an embedded HTML document.

So, again, update as soon as you can. Users of other Chromium browsers, keep an eye out for your next update.

source
8
Strategies, Implementation, and Best Practice are all covered in this free to download eBook.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, produced in response to a 2014 US Presidential directive, has proven essential in standardizing approaches to cybersecurity risk and producing an efficient, adaptable toolkit for meeting cyber threats. As these threats have multiplied and escalated in recent years, this framework has evolved to meet new needs and reflect new best practices, and now has an international footprint. There has never been a greater need for cybersecurity professionals to understand this framework, its applications, and its potential.

A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 offers a vital introduction to this NIST framework and its implementation. Highlighting significant updates from the first version of the NIST framework, it works through each of the framework’s functions in turn, in language both beginners and experienced professionals can grasp. Replete with compliance and implementation strategies, it proves indispensable for the next generation of cybersecurity professionals.

A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 readers will also find:

   • Clear, jargon-free language for both beginning and advanced readers

   • Detailed discussion of all NIST framework components, including Govern, Identify, Protect, Detect, Respond, and Recover

   • Hundreds of actionable recommendations for immediate implementation by cybersecurity professionals at all levels

A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 is ideal for cybersecurity professionals, business leaders and executives, IT consultants and advisors, and students and academics focused on the study of cybersecurity, information technology, or related fields.

How to get it

Follow this link to get your copy of A Comprehensive Guide to the NIST Cybersecurity Framework 2.0. This link will redirect you to my One Drive account and click Download. [system administrator]

source
9
Driver 26.6.4 is out with an important fixes for Windows 10 and RX 7000 Series owners.

AMD is rolling out yet another graphics driver. Version 26.6.4 is now available for download, bringing two important fixes. One is for those still using Windows 10 and having trouble installing driver 26.6.2. In fact, this patch is coming from the recently released hotfix, so it is not new if you are already running version 26.6.3.

The second fix is for RX 7000 owners. AMD recently brought FSR 4.1 support to the previous-gen graphics cards, but there was a bug with certain games crashing when using FSR 4.1. I experienced this issue with Forza Horizon 6, so today's driver should take care of that.

Here is the official changelog:

• Intermittent install issue seen when installing AMD Software: Adrenalin Edition 26.6.2 on Windows® 10 systems for Radeon™ RX 7000 series and above graphics products.

• Intermittent application crash may be observed in some games with AMD FSR Upscaling 4.1 enabled on Radeon™ RX 7000 series graphics products.

Known issues include the following:

• Intermittent application crash or driver timeout may be observed while playing Battlefield™ 6 on AMD Ryzen AI 9 HX 370. AMD is actively working on a resolution with the developer to be released as soon as possible.

• Texture flickering or corruption may appear while playing Battlefield™ 6 with AMD Record and Stream on some AMD graphics products.

• AMD FSR Upscaling and AMD FSR Frame Generation may show as inactive in AMD Software: Adrenalin Edition while playing Battlefield™ 6 when enabled on Radeon™ RX 9000 series graphics products.

• Failure to install may be observed while installing AI Bundle components in some regions with limited access to HuggingFace and GitHub.

• Model flickering or rendering failure may be observed in Maxon Cinema 4D and Blender on Radeon™ RX 7000 series and above graphics products. Users experiencing this issue are recommended to install AMD Software: Adrenalin Edition 26.3.1.

• Intermittent application crash may be observed on some models while running Blender on Radeon™ RX 7000 series and above graphics products. Users experiencing this issue are recommended to install AMD Software: Adrenalin Edition 26.3.1.

You can download the AMD Radeon driver 26.6.4 from the official website here. Full release notes are available on the same page.

source
10
Making smartphones in the United States faces many challenges, from lack of infrastructure to high costs and skilled labor shortages.

If you look at the back of some Apple products, you can see the famous phrase “Designed by Apple in California, Assembled in China.” This phrase appears on products from one of the largest smartphone brands in the United States. These products are designed in the U.S., but their manufacturing takes place in China, India, Vietnam, or even Brazil.

But why can’t Apple, as one of the largest American tech companies, produce its iPhones on U.S. soil? The idea for this topic came to me after the Trump Foundation launched a smartphone called the T1 and claimed that it was designed and built with American values in mind.

However, this claim did not last long, as it was revealed that Trump’s phone was actually a rebranded HTC U24 Pro, with only a gold case and minor internal component changes. You see? Even a phone that is supposed to represent American values is manufactured in China.

With a gross domestic product (GDP) exceeding $32 trillion, the United States is currently the world’s largest economy, while China ranks second with around $20 trillion. On the other hand, the United States is by a wide margin the global leader in various technological fields, and American companies spend hundreds of billions of dollars annually on research and development. From Apple and Google to Microsoft, Lockheed Martin, Boeing, and others, American tech and industrial giants lead their foreign competitors in many sectors.

The United States also has no shortage of smartphone brands. Apple, Google, and Motorola are among the major brands in the smartphone market, collectively holding a significant share. However, the vast majority of their products are manufactured outside the United States.

So why is it that the world’s largest economy, home to the most advanced technology companies and industrial powers, cannot produce a smartphone on its own soil? Let’s explore this question together.

Even threats to impose tariffs won’t work

After Trump entered the White House as the 47th President of the United States, his administration adopted strict tariff policies. One of these policies was the imposition of a 25% tariff on smartphones manufactured outside the United States.

Trump said he “had a little problem” with Apple CEO Tim Cook over producing smartphones outside the U.S. So he thought that threatening a 25% tax on imported phones might force Apple to bring manufacturing back to the United States. “I have long ago informed Tim Cook of Apple that I expect their iPhones that will be sold in the United States of America will be manufactured and built in the United States, not India, or anyplace else,” Trump wrote on Truth Social.

Although Apple currently manufactures some of the iPhone’s chips in the United States with TSMC's help, it still shows no willingness to shift full iPhone production to the country. At the time, renowned Apple supply chain analyst Ming-Chi Kuo wrote on X, “In terms of profitability, it’s way better for Apple to take the hit of a 25% tariff on iPhones sold in the US market than to move iPhone assembly lines back to the US.”

However, manufacturing a smartphone in the United States is not as easy as it might seem, and many technical and economic barriers are involved.

The lack of necessary manufacturing hubs

There is a clear reason why many companies prefer to manufacture their products in China. China has established itself as the main global manufacturing hub for international companies, and over the past few decades, large contract manufacturers have emerged there, allowing companies like Apple to outsource production. One such example is Foxconn, which also manufactures some Apple products in India.

Building the infrastructure required to produce smartphones in the United States would require tens of billions of dollars in new investment. Factories would need to be built, essential manufacturing equipment would have to be installed, and, most importantly, a skilled workforce capable of operating these systems would need to be recruited and trained.

The United States currently lacks the core infrastructure needed to manufacture smartphones, and for this reason, many companies prefer to outsource production to Chinese contractors rather than spend tens of billions of dollars to build that infrastructure, which is significantly more economically efficient. Additionally, building such infrastructure in the United States could take up to a decade, ultimately leading to a significant increase in the product's final price for consumers.

Shortage of trained labor in the U.S. compared to China

Decades of serving as a global manufacturing hub have allowed China to build a massive talent pool in the production sector that is almost unmatched worldwide. Today, if a company chooses to manufacture its products in China, it can be confident that the workers involved in production have years of experience in their respective roles and are capable of producing high-quality goods with minimal errors.

Even if we assume that tens of billions of dollars were invested in building smartphone manufacturing infrastructure in the United States, finding skilled workers would remain highly challenging.

In a 2015 interview on CBS’s 60 Minutes, Tim Cook said the main reason Apple isn’t producing in the US is a lack of skills. "China put an enormous focus on manufacturing, in what you and I would call vocational kind of skills. The US over time began to stop having as many vocational kinds of skills. I mean you could take every tool and die maker in the United States and probably put them in the room that we're currently sitting in. In China you would have to have multiple football fields,” Cook said.

Also, in 2017, at the Fortune Global Forum in Guangzhou, Cook once again emphasized the importance of highly skilled Chinese workers. “China has moved into very advanced manufacturing, so you find in China the intersection of craftsman kind of skill, and sophisticated robotics and the computer science world. That intersection, which is very rare to find anywhere, that kind of skill, is very important to our business because of the precision and quality level that we like. The thing that most people focus on if they’re a foreigner coming to China is the size of the market, and obviously, it’s the biggest market in the world in so many areas. But for us, the number one attraction is the quality of the people,” Apple CEO said.

Higher labor costs in the United States

Producing almost any product in the United States is more expensive than in many other countries, and one of the main reasons is the higher cost of labor in the U.S.

According to the Bureau of Labor Statistics, median weekly earnings of full-time workers in the United States were $1,235 in the first quarter of 2026. Meanwhile, the average annual salary in China's private sector in 2025 was RMB 71,590 (US$9,961). In many parts of the world, the weekly wage of an American worker is equivalent to several months of income.

Another important factor to consider is that in the United States, the workforce capable of working on a smartphone assembly line is highly specialized and therefore commands higher-than-average wages.

According to an estimate by Bank of America, producing an iPhone in the U.S. is technically possible, but “iPhone cost can increase 25% purely on higher labor cost in the U.S.” However, this 25% increase applies only if final assembly is performed in the United States while components are still sourced from China or elsewhere. In this case, the price of a base iPhone would rise from $799 to around $1,000.

But in another scenario, if Apple were to produce the required components for the iPhone within the United States, production costs could increase by more than 90%.

Trump’s dream for a “Made in the USA” iPhone might never come true

In a free-market capitalist economy, one of the primary responsibilities of any CEO is to maximize profit. Using Apple as an example, Tim Cook’s role is to maximize the company’s profits so that it can fund research and development for new products and invest in areas such as artificial intelligence, while also keeping shareholders satisfied.

Therefore, it is entirely understandable that Apple would choose not to bring its manufacturing back to the United States and instead keep production in countries where labor is cheaper, and products can be manufactured at a lower cost, thereby maximizing its profit margins.

source
Pages: [1] 2 3 ... 10