Recent Posts

Pages: 1 ... 8 9 [10]

Google | Alphabet | Gmail | Meta | YouTube | Telegram / Google exposes Windows 11 security flaw after Microsoft fails to patch it proper

« Last post by javajolt on December 17, 2025, 06:11:13 AM »

Project Zero is Google's well-reputed security team that is tasked with finding security flaws in the company's own products as well as those developed by others. Discovered security bugs are privately reported to vendors after which they are allotted 90 days to patch them. If this deadline is exceeded, the security issue is made public, which serves as a way to apply more pressure on the vendor and also give customers a chance to secure themselves independently. In some complex cases, a grace extension period is also awarded. In the past, Google Project Zero has reported bugs in CentOS, libxslt, ChromeOS, and Windows. Now, the team has disclosed a security flaw in Insider versions of Windows 11.

In a highly technical report on the Project Zero issue tracker, it can be seen that security researcher James Forshaw discovered an elevation of privilege (EoP) bug in Windows 11's Insider Preview releases. This issue was present in the Administrator Protection feature that is an upcoming Windows 11 capability that enables just-in-time elevation privileges only when needed through Windows Hello and an isolated admin token.

However, during their investigation, Forshaw discovered that Administrator Protection has a flaw that allows a process with low privileges to hijack a UI access process which can further be used to gain administrator privileges. The researcher reported this vulnerability privately to Microsoft on August 8, which meant that the company had until November 6 to fix it. After receiving an extension for this deadline, the Redmond tech giant was able to deliver a patch on November 12, also thanking Forshaw for his contribution in CVE-2025-60718.

Although the matter was considered closed, Forshaw recently reopened the issue, stating that the patch is incomplete and it does not mitigate the flaw fully. As a result, the security bug has been made public, following radio silence from Microsoft.

While the flaw is now public knowledge, it is worth noting that it's not something you should be sitting in constant fear of. It is a local privilege escalation attack, which means that an attacker needs to have physical access to the PC in order to run arbitrary code and exploit it. Furthermore, Administrator Protection is only available on select Windows 11 Insider builds and needs to enabled manually anyway for it to take effect. As such, the pool of potentially affected customers is quite small at this point. That said, it is important that Microsoft further investigates Forshaw's findings and patches them ahead of the eventual general availability of Administrator Protection in Windows 11.

source

Mobile O.S's | webOS Info and Apps | Zune / iOS 26.2—Update Now Warning Issued To All iPhone Users

« Last post by javajolt on December 15, 2025, 08:04:40 PM »

Screenshot iOS 26.2 fixes 26 flaws in Apple’s iOS software, two of which are already being used in
real-life attacks. Apple iPhone

Update Dec. 14: This article, originally published on Dec. 13, has been updated to add expert comment on the flaws fixed in iOS 26.2, other updates issued alongside it, advice on spyware mitigation, as well as detailing why there was no iOS 26.1.1.

Apple has released iOS 26.2, along with a warning to update your iPhone now. That’s because iOS 26.2 fixes 26 flaws in Apple’s iOS software, two of which are already being used in real-life attacks.

Apple doesn’t provide much detail about what’s fixed in iOS 26.2, to give iPhone users as much time as possible to update before attackers can get hold of the details. But it does reveal that iOS 26.2 fixes two flaws in WebKit, the engine that underpins the Safari browser, that “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Tracked as CVE-2025-43529 and CVE-2025-14174, the two already exploited issues fixed in iOS 26.2 are related. The first flaw could lead to arbitrary code execution, if a user interacts with maliciously crafted web content. “CVE-2025-14174 was also issued in response to this report,” Apple said on its support page.

Apple’s iOS 26. 2 also fixes a vulnerability in the iPhone Kernel, tracked as CVE-2025-46285, which could allow an app to gain root privileges.

If an attacker gains root access on a phone, they “effectively own it,” bypassing app sandboxes, reading messages and login codes and hijacking banking sessions, says Javvad Malik, lead CISO advisor at KnowBe4.

Criminals weaponise newly patched flaws quickly, he warns. “Users should update now from their phone’s settings — and not via links or popups — and encourage their friends and family to do the same.”

iOS 26.2 Comes As Apple Warns Of iPhone Spyware

The release of iOS 26.2 comes as Apple confirms its devices are being targeted by spyware. The iPhone maker sent out cyber threat notifications to users in at least 80 countries warning them that they are being targeted by the stealthy malware.

Spyware is extremely targeted and aimed at a certain subset of iPhone users, including dissidents, journalists and businesses operating in certain sectors. However, once it is on your device it can see and hear everything you do, even via encrypted apps such as WhatsApp.

How To Protect Yourself From Spyware

If you think you may have been hit by spyware, signs include overheating of your iPhone, a laggy device, or new apps suddenly appearing that you can’t recall downloading.

If this is the case, experts say the best thing you can do is ditch your iPhone altogether. However, the malware can be disrupted by turning your iPhone off and on again. Just know that this is temporary.

To prevent your device being hit by spyware, update first to iOS 26.2 to ensure you are on the most secure iOS version. You can also use tools such as Apple’s Lockdown Mode, while remaining vigilant of any unusual behavior on your iPhone.

iOS 26.2 Issued Alongside iOS 18.7.3 And More

Apple released iOS 26.2 alongside iOS 18.7.3, which itself fixes 22 flaws, including the two WebKit issues that have already been exploited in attacks. Apple says attacks targeted versions of iOS before iOS 26, which could mean iPhones on iOS 18.7.2 are vulnerable.

The fact that Apple has patched iOS 26 too indicates that the latest operating system is vulnerable, but attacks have not succeeded yet, perhaps because they are more difficult to perform.

Apple’s iOS 18.7.3 is available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

Meanwhile, Apple released macOS Tahoe 26.2, macOS Sequoia 15.7.3 and macOS Sonoma 14.8.3 for Macs. The iPhone maker also issued tvOS 26.2 for Apple TV, watchOs 26.2 for Apple Watch, visionOS 26.2 for the Apple Vison Pro and Safari 26.2 for macOS Sonoma and macOS Sequoia.

Why Apple Let The Patch Wait Until iOS 26.2

As eagled-eyed iPhone security watchers may have noticed, Apple has waited until iOS 26.2 to issue this emergency update, rather than releasing iOS 26.1.1 as a security-only upgrade.

This is because Apple has already enabled a feature in iOS 26.1. called Background Security Improvements, which performs these updates on the fly. If you have upgraded to iOS 26.1 and enabled this feature, your iPhone will already be protected from this possible spyware attack.

This also explains why Apple is pushing iOS 26.1 as the update to choose, rather than iOS 18. If you have failed to update from iOS 26 to iOS 26.1, moving straight to iOS 26.2 is therefore a no-brainer.

Flaws Fixed in iOS 26.2 Could Be Part Of Wider Attack Chain

The issues fixed in iOS 26.2 could be part of a wider attack chain, says Darren Guccione, CEO and co-founder of Keeper Security. Attackers can chain together multiple flaws to bypass layers of device security, combining zero-days or exploiting overlooked weaknesses in critical components, he says. “WebKit, which is a fundamental element of every iPhone browser, continues to be a prime target because it sits at the intersection of web content and the operating system.”

When vulnerabilities like these are disclosed and patches are issued, timing matters, Guccione warns. “Once Apple issues a fix, details about the vulnerabilities quickly become public, giving attackers a roadmap to exploit any devices that have not yet been patched. The longer users wait, the greater the risk.”

WebKit flaws like the ones fixed in iOS 26.2 are especially dangerous because they “sit at the crossroads of user interaction, browser execution and the underlying APIs,” says Glyn Morgan, UK&I manager at Salt Security. “When WebKit flaws are exploited they can bypass controls and enable deep surveillance even on encrypted apps.”

The Kernel flaw fixed in iOS 26.2 is also serious because the Kernel “sits at the very core of the operating system,” says Jake Moore, global cybersecurity advisor at ESET. “If exploited, it could allow a malicious payload to escalate privileges, effectively breaking out of the normal app boundaries to gain higher level access.”

Bugs Squashed In iOS 26.2

As usual, Apple’s iOS 26.2 fixes several bugs in the iPhone software. According to Apple, iOS 26.2 fixes an issue where pre-release albums in the Apple Music library were not immediately playable at their release time, as well as a bug where a Privacy and Security setting may incorrectly be marked as managed by an enterprise organization.

Why You Should Update Your iPhone to iOS 26.2 Now

Apple’s iOS 26.2 also comes with a number of cool new features, many of which offer a boost to your iPhone’s security. In iOS 26.2, Apple will add improvements to Enhanced Safety Alerts.

Apple’s iOS 26.2 also adds new options for the controversial Liquid Glass feature, Podcast enhancements, offline lyric support in Apple Music, sleep score revisions, alarms for reminders and AirPods Live Translation in the EU.

It is notable that both WebKit issues patched in iOS 26.2 were exploited in versions before iOS 26, making it integral that you upgrade your iPhone now. As Apple has issued iOS 18.7.3 alongside iOS 26.2, you can still update your iPhone and fix the dangerous flaws if you prefer to stay on an older version.

While turning on automatic updates helps ensure you do receive iPhone security fixes quickly, it’s far better to check for upgrades such as iOS 26.2 and apply them yourself.

“If you’re waiting for a big old pop-up to tell you you’re exposed, stop," Rik Ferguson, VP security intelligence at Forescout advises. “’Saying, ‘I’ve got auto-updates on’ is not a guarantee of a quick resolution. The practical advice is pedestrian but effective — manually check for OS updates, manually update apps and don’t assume you’re covered just because you haven’t seen a prompt.”

Apple’s iOS 26.2 is available for the iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

So, what are you waiting for? Go to your Settings > General > Software Update and update to iOS 26.2 or iOS 18.7.3 now.

source

iPhone | iApps / Your Guide to Emoji Meanings and Which Are the Most Popular in December

« Last post by javajolt on December 15, 2025, 07:33:10 PM »

It can be difficult to decipher each emoji, but here's where to find some possible meanings.

Apple and Samsung introduced nine new emoji to their devices earlier this year with the releases of iOS 18.4 and One UI 7, including a face with bags under its eyes, splatter and a harp. Then, the Unicode Consortium approved and released eight new emoji in September, including a distorted face and an orca. However, those emoji won't hit your device for a few months. While emoji can be fun, deciphering them can be challenging at times.

Over time, emoji meanings have become subjective, depending on the context of a message and wider cultural trends. A "😃" or "❤️" is easy to understand, but what's the difference between "😩" and "😭", and what does it mean when someone sends you food emoji like "🍆" or "🍑"?

Here's how to figure out what all 3,953 emoji mean and what emoji will appear on your device next.

Emojipedia is here to help

Emojipedia is an online encyclopedia of emoji managed by people who research emoji. The site sorts emoji into nine categories, including Smileys, People, Objects and Activity. Each category then breaks down emoji into further subsections. So, if you click into Smileys, for example, you'll see sections like Smiling & Affectionate and Sleepy & Unwell.

If you click an individual emoji, Emojipedia will give you a brief description of that emoji. For example, here's what Emojipedia writes about the "✨"
sparkles emoji:

Quote

"Commonly used to indicate various positive sentiments, including love, happiness, beauty, gratitude, and excitement, as well as newness or cleanliness.

May also be used as a form of ✨emphasis✨ or to convey sarcastic or mocking tones."

Emojipedia will also give you a list of other emoji that this particular emoji works well with. In the case of the "🎁" wrapped gift emoji, for example, Emojipedia's suggestions include the "🥳" partying face and the "🛒" shopping cart.

Each Emojipedia entry also shows you the different artwork for each emoji across platforms, as well as how the artwork evolved. The emoji entry will also show you short codes and other names for each emoji, if applicable.

What are the most popular emoji?

You may have your own go-to emoji, but according to Emojipedia, these are some of the most popular emoji as of the mid-December. The list changes periodically, so what's popular now might not be popular next month or around a holiday. Note that not all platforms support all the latest emoji, so they may not all appear on your device.

• ❤️ Red heart

• 🎄 Christmas tree

• ✅ Check mark

• ✨ Sparkles

• 🎅 Santa Claus

• ⭐ Star

• 🎁 Wrapped gift

• ❄️ Snowflake

• 😭 Loudly crying face

• 🔥 Fire

What are the latest emoji?

The newest emoji on your device now. Apple/CNET

In 2024, Google unveiled Emoji 16.0, which included eight new emoji listed here:

• Face with bags under eyes

• Fingerprint

• Splatter

• Root vegetable

• Leafless tree

• Harp

• Shovel

• cq Flag of Sark

Apple included these emoji with iOS 18.4 in March, and Samsung brought these emoji to some devices with One UI 7 in April and more devices since then. WhatsApp introduced these emoji in January.

How often are new emoji added?

Some of the new emoji you should expect on your device in 2026. Emojipedia

Anyone can submit an idea for a new emoji. The Unicode Consortium is responsible for creating emoji. The group approves new emoji once a year, usually in the fall, but those emoji might not land on your device until the following spring.

Unicode approved eight new emoji in September, including a Sasquatch and an orca. Here are all the new emoji you will see on your device in the future.

• Trombone

• Treasure Chest

• Distorted Face

• Hairy Creature

• Fight Cloud

• Orca

• Ballet Dancers

• Landslide

An apple core emoji was also proposed in July, but according to Emojipedia, that emoji was removed from consideration before the Unicode Consortium could approve it.

What about custom emoji, like Apple's Genmoji?

Apple unveiled its emoji generator, Genmoji, at the Worldwide Developers Conference in 2024, and the tech giant included the feature in iOS 18.2. However, only people with an iPhone 15 Pro or Pro Max or a device from the iPhone 16 lineup can access Genmoji for now.

If you can't use Genmoji and want to create your own custom emoji, Emojipedia is home to two custom emoji generators.

You can create your own heart pizza emoji with an AI emoji generator. Emojipedia

First is Emojipedia's AI emoji generator. You can use this tool to create anything from a frog wearing a cowboy hat to a heart shaped pizza. You type your description of the emoji into the generator, and the tool will create an emoji based on your description. You can then download or copy your custom emoji to your clipboard and use it as a sticker across messaging apps like WhatsApp and iMessage. This emoji generator is free but you can only generate three emoji per day, so make sure you describe your emoji as much as possible so you don't waste one of your tries.

If you do run out of AI emoji generations for the day, you can also use the Emoji Mashup Bot, which combines two emoji from the Twemoji set. You can use this as many times as you want, but you can only choose up to 113 emoji to combine and they are all smileys. That means you can't be as creative in your creation as you might be in the AI emoji generator.

Behold, the most popular new emoji of 2025. Apple

All this just for emoji?

Yeah, but wait there's more! Emojipedia also hosts the World Emoji Awards on World Emoji Day, July 17. Awards are given for things like Most Popular New Emoji and Most Anticipated Emoji. Winners are determined by popular vote on X, formerly known as Twitter, and any emoji approved the year prior are eligible to win.

The winner of Most Popular New Emoji in 2025 and the Most 2025 Emoji was the face with bags under eyes. This emoji also won Most Anticipated Emoji for 2024, so the only award it has left to win is the Lifetime Achievement Award.

The distorted face emoji won for the Most Anticipated Emoji for 2025, and the melting face (🫠) emoji won the Lifetime Achievement Award. The melting face emoji is now the youngest emoji to receive that award but face with bags under its eyes could dethrone it one day soon.

In 2024, the Most Popular New Emoji was the head shaking horizontally (🙂‍↔️).

For more, here are the latest approved emoji, how to react to messages with emoji on your iPhone and how to use emoji instead of comments in Google Docs.

source

iPhone | iApps / Here's an Early Look at the New Emoji Coming to Your iPhone in 2026

« Last post by javajolt on December 15, 2025, 06:37:11 PM »

These emoji will likely land on your device in the spring.

Apple released iOS 26 in September, and while that update didn't include new emoji, a future iOS 26 update will bring eight new emoji to your iPhone. The Unicode Consortium approved eight emoji in September as part of Unicode 17.0. That means iPhones and Android devices will get new emoji in early 2026.

Here are the eight new emoji you can expect to see on your device in a few months:

• Trombone

• Treasure chest

• Distorted face

• Hairy creature (Sasquatch)

• Fight cloud

• Orca

• Ballet dancers

• Landslide

"These new emoji have long-standing symbolic meanings, are visually distinctive and contain multitudes of expression," the Unicode Consortium wrote online in July.

These emoji were proposed in November 2024, and an apple core emoji was also proposed at the time. However, according to Emojipedia, the apple core emoji was withdrawn from consideration before Unicode could approve it.

In 2024, the Unicode Consortium debuted new emoji in September 2024, including the face with bags under eyes and the splatter emoji. You can find those emoji now on your Android and iPhone devices, as well as across the internet.

Correction, July 18: An earlier version of this story incorrectly listed the number of emoji that had been approved for the Unicode 17.0 update. Unicode has since confirmed that eight emoji have been approved, including the Landslide emoji.

source

Windows 10, 8.1, 7 |PC Games / The Game Awards 2025 showcase is later today

« Last post by javajolt on December 11, 2025, 06:26:33 PM »

Here's how to watch it and what to expect

The end of the year is almost here, but there's one final massive event remaining for video game fans to tune into. The Game Awards 2025 presentation is kicking off later today. The annual show is being hosted live at the Peacock Theater in Los Angeles, but everyone else can catch the livestream as usual.

Aside from being the most popular award presentation, the show will also carry major announcements from plenty of game publishers, with everything from surprise reveals to gameplay segments incoming. Musical performances (Evanescence this time) and celebrity cameos are a usual sight at the event too. Here's how to catch it later today, December 11:

The Game Awards 2025 ceremony kicks off at 7:30 pm ET / 4:30 pm PT / 12:30 am GMT. It can be caught live for free across YouTube, Twitch, X, Facebook Live, Steam, Prime Video, Facebook, and other major streaming platforms, alongside plenty of co-streams from creators. Separate ASL and descriptive audio streams are also available on YouTube.

The show is slated to be over three hours long.

The nominees for this year's 29 categories have already been announced. Find the complete nominations list over here. There are plenty of titles from well-known publishers like Sony PlayStation, Microsoft Xbox, EA, and Sega here. However, Clair Obscur: Expedition 33 has already set records by being nominated for 12 categories.

As for what gaming fans can expect to see at the event, the next Tomb Raider game is already confirmed to appear there. Fresh trailers for Capcom's Resident Evil Requiem and Sony's Saros are incoming as well. The new content for Clair Obscur: Expedition 33 that Sandfall Interactive teased recently may be revealed at the show too.

Plenty of rumors are spiraling out of control as the event draws nearer. These say that the Assassin's Creed Black Flag remake, the next game by Baldur's Gate 3 developer Larian, and even Control 2 from Remedy can show up at the event. Of course, take rumors like these with a grain of salt until something official appears.

source

General Discussion / What does a blue USB port mean

« Last post by javajolt on December 11, 2025, 06:14:44 PM »

I learned the truth behind all the colors, and it's wild

Look closely, the colors on your USB ports reveal what they are capable of.

Kyle Kucharski/ZDNET

Have a USB device near you? Look closely at the port -- do you see a color? It turns out that it actually means something. There's a standardized color scheme that communicates information about that device's capabilities.

Mind blown? If you never noticed this, you're not alone. Most USB devices work fine on any compatible port, but they may not be optimized for optimal performance. For example, if you've noticed a mouse seems to work better in one port over another, it's not in your head. One probably supports USB 3.0, and the other doesn't.

Despite the fact that they share a universal port shape, all USB-A and USB-C devices are not created equal, with potentially very different transfer speeds, power transfer, and generations on similar devices. Even two USB-C ports right next to each other on the same laptop could have very different capabilities when it comes to data transfer speed and power delivery.

Let's take a look at what they mean.

There are seven major color that indicate a device's generation and what kind of data transfer speeds you can expect. If you have a rare device with a color not listed here, let me know in the comments.

• Black: Denoting USB 2.0, this is the second most common you'll see on devices of all types, supporting speeds of up to 480 Mbps.

• White: These are first-generation devices -- USB 1.x -- with the slowest potential transfer speeds that don't typically exceed 12 Mbps. They're also some of the most common, found on devices that don't require data transfer or high power delivery.

• Yellow: These ports can support either USB 2.0 or 3.0, and are "always on", meaning they can supply power even when the device they're connected to is off.

• Orange: Like yellow, but with support for USB 3.0. Always on. You might see these on your pair of headphones.

• Blue: Supporting USB 3.0 SuperSpeed technology and above, blue ports identify a device capable of fast data transfer: up to 5 Gbps (that's 5,000 Mbps) -- a significant jump from previous generations. Besides laptops, you'll see blue ports on thumb drives and external storage.

• Teal: Just like blue, but denoted as USB 3.1, supporting faster transfer speeds of up to 10 Gbps.

• Red: These are the newest and fastest devices available, categorized as USB 3.1 Generation 2 and USB 3.2. They support another significant increase in data transfer speeds -- up to 10-20 Gbps. Red USB ports are also always on.

Blue USB-A ports indicate transfer speeds of up to 5 Gbps. Kyle Kucharski/ZDNET

The colors on your laptop's USB ports can also indicate at a glance what generation of USB technology it supports. For example, the Acer Chromebook Plus Spin 514 features two identical USB-A 3.2 ports, capable of transferring data at speeds of up to 5 Gbps. If your laptop's USB ports don't have a color, it simply means the manufacturer chose not to use a color for design or budget reasons.

When buying a new laptop, consider the speeds your USB ports support, as this is one aspect that most consumers tend not to investigate closely. Lower-priced or older laptops may have ports with more limited speeds, while newer laptops may forgo USB-A connectivity altogether in favor of faster USB-C ports.

In that vein, USB-C ports can also have their own colors, but they're a little more specialized. Most USB-C ports are differentiated between standard connectivity with USB 2.0 (common in older laptops, with speeds of up to 480 Mbps) and 3x, which supports speeds of up to 10-20 Gbps.

A step above standard USB-C are Thunderbolt ports, often marked with the Thunderbolt icon next to the port itself, which support speeds of up to 40 Gbps. These ports support some of the fastest USB transfer speeds available on the market, and you'll see them on high-end laptops.

USB 4 is one of the newest and most powerful technologies available, with select laptops currently supporting this technology. The MacBook Pro M4 is one such example, with speeds up to 120 Gbps. USB 4 and Thunderbolt ports are backward compatible, so they have no problem running slower devices when plugged in.

The bottom line

So what does all this mean for you? I recommend looking at your laptop's spec sheet to determine the differences (if any) between the USB ports on your laptop. If one of them is faster than the other, it will be specified, and you can expect better performance by connecting the right devices to the corresponding ports.

source

Android O.S | Apps / The Android password manager nobody talks about actually beats the giants

« Last post by javajolt on December 10, 2025, 04:06:14 AM »

When the conversation turns to securing your digital life on Android, the same names always dominate: LastPass, 1Password, or even Google’s built-in manager.

However, there is a feature-rich alternative that has been quietly providing a superior model for true data ownership. That alternative is Enpass.

This application consistently delivers the world-class autofill, password generation, and cross-platform compatibility you expect, but it does so with a radical, privacy-first security model.

Enpass works on a different model

When I talk about why Enpass truly beats the giants like Dashlane or LastPass, I always start with this: the servers are the problem, and Enpass is the serverless solution.

This isn’t just marketing — it’s the fundamental difference in architecture that gives me peace of mind and makes Enpass a superior security choice.

Think about the major password managers that dominate the market. They all operate on the same flawed model: they store millions of encrypted user vaults on their centralized servers.

They call themselves ‘zero-knowledge,’ which means they can’t read the data because it’s encrypted with my master password, but here’s the catch.

These centralized servers become massive, irresistible honeypots for hackers. When one of these giants gets breached — and they have, multiple times — an attacker walks away with millions of encrypted files.

I chose Enpass because it completely sidesteps this risk. Enpass doesn’t store my data, period. It doesn’t have a massive, centralized server farm holding millions of user vaults.

Enpass is just the client application — the tool that encrypts, decrypts, and organizes my passwords.

My highly encrypted vault is stored only where I choose: either locally on my Android phone, or on my personal cloud storage like Google Drive, Dropbox, OneDrive, or even Nextcloud.

This means if Enpass were ever to suffer a breach, my sensitive vault file would not be among the data stolen because it was never there to begin with.

It’s not just better security; it’s a completely different, and far safer, option of data ownership.

Enpass has covered the basics

If I’m going to tell you to abandon the giants, I have to be sure the underdog can actually keep up with day-to-day use. And here is where Enpass truly shines: It matches the convenience of any top-tier manager while offering superior security.

I don’t just use a Google Pixel 8; I’m constantly swapping between my PC, laptop, and phone. The last thing I want is a password manager that only works well on one platform. Enpass has covered this beautifully with a native application on every major platform.

This means my encrypted vault — which is stored in my personal cloud (or locally) — can be accessed and synced seamlessly, no matter which device I grab.

Since the focus is on the Android platform, I have found the Android app to be quick and fully functional. While some of the major competitors might have a slightly sleeker, minimalist design, the Enpass UI is functional, clean, and intuitive.

I can quickly search my vaults, access the password generator, and use all the item categories without ever feeling lost. It doesn’t get in the way of using my phone.

Enpass is reliable and feature-rich

Here is where Enpass sealed the deal for me.

Unlike Bitwarden (sorry, open source fans), Enpass is not a bare-bones tool. It’s a fully-featured, reliable manager that competes toe-to-toe with the biggest names.

I live in my browser, and if autofill fails, the password manager fails. Thankfully, Enpass’s web extensions and the native Android autofill work like a charm.

When I land on a login page, the little Enpass icon pops up, I click, use my fingerprint, and I’m in. Enpass also has a built-in generator for Time-Based One-Time Passwords.

I store the secret key with my login, and Enpass automatically generates the six-digit code. I can even generate, store, and sync my passkeys right into Enpass.

My vault isn’t just a list of logins; it holds my life. Enpass gives me the tools to keep it organized.

I can quickly save items under standard categories like Logins, Credit Cards, Identities, and Secure Notes. I can even create custom categories and templates based on my preferences.

I have created different vaults to manage my personal and professional data like a pro.

Security showdown

Overall, choosing a password manager boils down to trust. Do you trust a mega-corporation to keep your data safe on their servers, or do you trust yourself and your own secure cloud accounts?

Enpass is the answer for those who choose the latter. This is why the underdog beats the giants.

What are you waiting for? If you still haven’t started your journey or are stuck with one of the industry giants, make the switch. Like any password manager, Enpass makes it quite easy to move your existing data.

Aside from Enpass, here are other Android apps that deserve a place on any home screen.

source

eBooks all to know / Get: Generative AI and LLMs for Dummies

« Last post by javajolt on December 09, 2025, 06:42:33 PM »

Generative AI (gen AI) and large language models (LLMs) are revolutionizing personal and professional lives. From supercharged digital assistants that manage email to seemingly omniscient chatbots that can communicate with enterprise data across industries, languages, and specialties, these technologies are driving a new era of convenience, productivity, and connectivity.

This book provides an introductory overview to LLMs and gen AI applications, along with techniques for training, tuning, and deploying machine learning (ML) models.

Highlights include:

• Five steps to get started with generative AI

• Understand important LLM concepts

• Develop applications with user-friendly interfaces

• Select an appropriate LLM

• Recognize the importance of data governance

• See how to orchestrate AI agents

How to get it

Follow this link to get your copy of Generative AI and LLMs for Dummies. This link will redirect you to my One Drive account and click Download. [system administrator]

source

Patch Tuesday| Updates | Security | Privacy | Anti-virus / 2B emails and 1.2B passwords have been compromised

« Last post by javajolt on December 09, 2025, 05:19:55 PM »

How to check if yours is one of them

A dataset of 2 billion email addresses and 1.3 billion passwords have been discovered online — leaving millions of people vulnerable to account takeovers.

The dataset, compiled by security intelligence firm Synthient, aggregates credentials from years of prior breaches, malware logs and dark web marketplaces.

But it isn’t the result of a single hack.

The information includes data from several hacks — new and old.

And when your data is leaked online, it lives there indefinitely.

The good news is you don’t have to guess whether your information is included.

How to check if your data’s been leaked

The information included in the leaked dataset has been tracked by the widely used service, Have I Been Pwned.

Users can check whether their information is included in the breached data using the service themselves.

By entering your email address on the site, you can quickly check whether your account appears in this massive credential compilation.

If your email appears in the leak, take immediate action.

What you should do now

Experts suggest taking several security measures to avoid being hacked, including:

• Change passwords on any potentially compromised accounts. If you’ve reused that password elsewhere, you should also update those accounts.

• Set up extra security measures, such as two-factor authentication.

• Stop reusing passwords across multiple accounts.

• Use a password manager.

Hackers often use “credential stuffing,” a method in which cybercriminals try the same login credentials across multiple sites, according to Cyber Insider.

This means using the same password across accounts and devices can lead to devastating results.

Cyber security experts suggest running an antivirus and malware scan on your devices before resetting passwords to make sure there are no lingering threats.

Additionally, using additional layers of security, such as two-factor authentication, can prevent unauthorized access even if your password is exposed.

For those struggling to come up with a secure, unique password or keep track of those credentials, password managers can offer help.

These generate strong passwords for every account and stores them securely.

According to Team Password, these tools take the guesswork out of managing dozens of different logins — significantly reducing your risk in future leaks.

An ounce of prevention is worth a pound of cure

While it may be unsettling to see the amount of exposed data, Synthient’s collection spans multiple years and sources.

But being proactive can dramatically reduce your vulnerability.

Experts recommend:

• Remaining vigilant.

• Monitoring your accounts.

• Using strong, unique credentials.

If you think your information has been compromised, you can check Have I Been Pwned as a simple first step.

It tells you not only whether your email has been exposed, but in which breaches — helping you prioritize which accounts to secure immediately.

source

100

Patch Tuesday| Updates | Security | Privacy | Anti-virus / HIBP adds 2 billion leaked emails from credential stuffing dataset

« Last post by javajolt on December 09, 2025, 05:06:16 PM »

Have I Been Pwned (HIBP) has added nearly 2 billion unique email addresses from a sprawling dataset of credential stuffing records, marking the largest single update in the platform's history.

The data, sourced and indexed by US-based threat intelligence firm Synthient, also includes 1.3 billion unique passwords, 625 million of which were previously unseen.

The newly integrated dataset, referred to as the Synthient Credential Stuffing Threat Data, significantly expands the reach of HIBP's exposure database. This follows an earlier October release of 183 million credential pairs from Synthient’s infostealer log collection, also indexed by HIBP. While that first batch stemmed from stealer malware infections, the new trove consists of credential stuffing lists, which aggregate login details from previously breached platforms and are reused by attackers to compromise other accounts.

Credential stuffing data is particularly dangerous because it allows attackers to exploit reused credentials across unrelated services. As HIBP founder Troy Hunt explains, a compromised password from a low-priority site, like a hobby forum, can become the “key to the castle” if reused on more sensitive services such as banking or email platforms.

Data source and validation

Synthient, a private cybersecurity intelligence startup, compiled this dataset by aggregating over 23 billion rows of threat data. Sources included Telegram channels, dark web forums, and Tor-based marketplaces where credential lists and stealer logs are traded or shared freely.

This second tranche includes 1,957,476,021 unique email addresses, significantly more than the first. Unlike stealer logs, which capture credentials as users enter them on infected systems, credential stuffing data typically comes from older breaches that are recombined and repackaged into new lists. These lists are used by attackers in automated login attempts to gain unauthorized access to user accounts across different services.

To validate the accuracy of the dataset, Hunt contacted selected HIBP subscribers whose credentials appeared in the list. Several confirmed that at least some of the passwords, ranging from decades-old to currently active, had indeed been used. In multiple cases, the exposed credentials were still in use on active accounts, underscoring the lingering risk posed by reused passwords.

No, Gmail was not breached

It is critical to clarify, especially amid widespread misreporting seen in the wake of previous Synthient-related disclosures, that this is not a Gmail breach, nor is it a compromise of any specific platform. Although Gmail addresses appear in the dataset (approximately 394 million of them), this simply reflects the scale of Gmail’s global usage, not a vulnerability in Google’s systems.

Google previously responded to similar reports, reaffirming that these exposures stem from malware-infected devices and third-party breaches, not flaws in Gmail itself. The presence of any domain in such datasets should not be conflated with a breach of that service.

In total, the newly added credential stuffing corpus spans 32 million unique email domains, with Gmail comprising just 20% of the total. The data spans many years and includes both long-compromised and never-before-seen credential pairs.

Users should check if their email address or password appears in this dataset by visiting haveibeenpwned.com, and resetting their passwords if the scan result comes back positive. In general, it is recommended to use a password manager to create strong, unique passwords for every site, and enable multi-factor authentication (MFA) on all critical accounts.

source