Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

The Hacker News - 25 Červen, 2025 - 16:51
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

BreachForums hacking forum operators reportedly arrested in France

Bleeping Computer - 25 Červen, 2025 - 16:25
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. [...]
Kategorie: Hacking & Security

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

The Hacker News - 25 Červen, 2025 - 15:37
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Apple should Sherlock SAP’s open-source energy management app

Computerworld.com [Hacking News] - 25 Červen, 2025 - 14:58

SAP’s open-source energy management app, Power Monitor, shows how you could manage energy costs for your devices — and your Mac could help you do so.

Designed for business users managing large fleets, the app should also benefit consumers concerned about energy use. It’s a great example of a tool that does one useful thing well, which is track Mac energy use and calculate cost.

Who doesn’t worry about energy costs? They’ve risen steeply since 2020. That concerns people using Macs at home, but price is a major worry for larger enterprises managing hundreds of Macs in a challenging business environment. Managing energy also matters to larger enterprises struggling to adopt ISO 50001 energy management systems, and we know Apple understands energy use.

What is SAP’s Power Monitor?

Available via GitHub, Power Monitor is designed to help enterprise users get a handle on sustainability efforts. If you are someone who continues to cling to the faith that human impact on the environment is minimal, then Power Monitor does do something else useful, too – it calculates your energy costs. 

What’s neat about the app is that it provides you with this information in a very Apple-like way. Open it up and at a glance you’ll see your current system power in Watts, along with average power, highest peak power, and energy costs that day. You can also see how much CO2 has been emitted by the energy use of your Mac. You can access this information in the app or via the Menu bar.

The application requires you to enter your energy costs and can let you activate flexible energy tariffs for those with suppliers that charge different rates at different times of day. You gain a good, in-depth overview of the costs and consequences of Mac use.

Screenshot

Jonny Evans

When it comes to managed fleets, IT can poll this data from across their devices to gain excellent oversights into energy use. If you’re running a business that uses dozens, hundreds, or thousands of Macs, you’ll already know that this information can tangibly help manage costs. It’s the kind of information any graduate of the Apple-supported Clean Energy Procurement Academy needs sometimes.

What alternatives exist?

I’m sure there are other apps that deliver similar insights, but they seem hard to find. Those I did find either track use on a per-app basis (like Activity Monitor), or are tied to specific energy suppliers, which SAP’s app is not. The Home app will track electricity use across compatible HomeKit devices, but doesn’t track the cost of running your Mac or, weirdly, any other Apple device on the network.

I find it strange that, at a time of rapidly accelerating energy costs, finding an off-the-shelf solution to help manage those costs appears challenging. That should change, which is why I think Apple should Sherlock SAP’s Power Monitor app and provide this simple but useful tool within macOS. 

Why isn’t this a Mac feature already?

Why isn’t a feature like this already inside Macs?

Perhaps because people haven’t said they need it. Or maybe Apple just doesn’t want to remind people that using their Mac costs money? Potentially, it is because the most popular Macs work on battery power. There may be perfectly good reasons not to include a tool of this kind, but one more major reason Apple should do so is for bragging rights.

You see, we already know Macs deliver more performance per watt than other systems, thanks to the five-year-old move to Apple Silicon. What better way to show how that low energy promise translates into real economic benefit than by making it possible to track accurate performance/energy costs against the estimated costs per hour when using other platforms? 

Would you use Power Monitor?

Enterprises attempting to tally their carbon emissions to achieve compliance with national climate targets will eventually demand access to data of that kind. Why not make this information an operating system feature? And why not make this available across all Apple’s products, rather than only Macs? Do you think Apple should integrate a tool like this to help you manage your fleets?

I do.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Kategorie: Hacking & Security

New Chrome Security Vulnerabilities Require Urgent Action

LinuxSecurity.com - 25 Červen, 2025 - 14:54
Two new Chrome vulnerabilities have surfaced, and despite how often we hear about Chrome in the news, these bugs are not the kind we can afford to brush off. Both flaws target core components within Chrome''the V8 JavaScript engine and the Profiler function''and could hand attackers a direct line to exploit your systems. It's the kind of scenario no one wants: arbitrary code execution and potential system compromise just waiting to happen. As a result, Google has flagged both as high-severity issues.
Kategorie: Hacking & Security

Microsoft offers free Windows 10 security updates, but only for consumers

Computerworld.com [Hacking News] - 25 Červen, 2025 - 14:42

Microsoft’s latest Windows 10 Extended Security Updates announcement reveals a telling double standard: while home users get multiple free pathways to maintain security beyond the October 2025 deadline, enterprises face the same expensive pay-or-migrate ultimatum.

The software giant announced in a blog post that individual consumers can secure an additional year of Windows 10 security updates for free, either through Windows Backup, or by redeeming 1,000 Microsoft Rewards points. They also have the option to access the updates by paying a $30 fee.

Meanwhile, businesses must still pay $61 per device for first-year coverage, with costs doubling annually thereafter, and there are no pathways to free access.

“ESU coverage for personal devices runs from Oct. 15, 2025, through Oct. 13, 2026,” Microsoft said in its blog post. But businesses? They’re still looking at the same three-year, escalating fee structure with no free alternatives.

Industry experts see Microsoft’s approach as strategic pressure rather than customer accommodation.

“This fee is a nudge towards Windows 11 and confirms that the vendor has a firm intention to see enterprise customers moving to Windows 11,” said Dario Maisto, senior analyst at Forrester Research.

Enterprise reality: Same expensive options, different messaging

Microsoft first launched its Windows 10 Extended Security Updates program in April 2024 with enterprise-focused pricing: $61 per device for year one, $122 for year two, and $244 for year three. Tuesday’s announcement doesn’t change those enterprise rates.

Business options remain available through the Microsoft Volume Licensing Program, with Cloud Service Provider partners able to sell commercial ESUs starting September 1. Maisto notes this timing “should ease the impact of these measures on the vendor’s cloud services revenue strategy.”

For organizations with 1,000 Windows 10 devices, Microsoft’s ESU program represents a $61,000 first-year commitment. A three-year ESU commitment totals $427,000, enough to purchase significant new hardware.

However, Maisto observes that “many organizations may rather pay the ESU subscription than make major investments in accelerating Windows 11 hardware refresh cycles,” particularly given current economic uncertainties and geopolitical volatility.

Current StatCounter data shows that Windows 10’s market share stands at 53% of the global Windows market, with Windows 11 at 43%. In enterprise environments, where hardware refresh cycles are longer, Windows 10 penetration often runs higher.

The strategic calculation and planning time

Sanchit Vir Gogia, chief analyst at Greyhound Research, warned that enterprises viewing ESU as a long-term solution are accumulating “strategic debt.” He noted that relying on ESU instead of refreshing devices may offer short-term budget relief but defers readiness for AI-era workloads.

However, Maisto pointed to a silver lining: “This additional time will give enterprises a breath to plan for Windows 11 adoption and do a proper risk assessment regarding security and compliance issues related to staying on Windows 10.”

Microsoft’s approach reflects calculated pressure: make staying on Windows 10 expensive enough to drive migration decisions, while offering consumers relief to avoid platform defection. The cloud exception for Windows 365 and Azure Virtual Desktop users proves Microsoft’s priorities — steering organizations toward higher-margin, recurring revenue streams.

Maisto noted that organizations are “trying to understand which scenario will materialize given the current geopolitical volatility,” with each organization taking “a different path depending on its risk appetite.”

Compliance gaps and enterprise risks

Extended Security Updates deliver only critical and important security patches. Even after paying $61 per device, IT departments won’t receive new features, non-security bug fixes, or technical support.

Gogia emphasized that ESU creates compliance risks beyond basic security. “Microsoft’s ESU program may keep vulnerabilities patched, but it doesn’t close the compliance gap,” he said. “Without support for evolving identity frameworks, telemetry, or zero-trust baselines, Windows 10 — even patched — is an aging platform.”

For regulated industries, the absence of advanced encryption support or newer multi-factor authentication integrations may result in failed audits. “Security updates alone do not equal a secure posture — especially in regulated sectors,” Gogia noted.

Maisto acknowledged this will “ease the pressure on organizations in these already turbulent times,” but warned each enterprise must conduct proper risk assessments when weighing ESU against immediate Windows 11 migration.

The cloud backup enterprise dilemma

Microsoft’s free consumer ESU option requires enabling cloud backup through Microsoft services — a condition that creates enterprise policy conflicts.

“Microsoft is not just offering patches — it’s offering them in exchange for cloud footprint expansion,” Gogia explained. The cloud backup requirement raises concerns for organizations managing complex data residency and encryption frameworks.

Many enterprise policies disallow external backups that bypass data loss prevention workflows. For regulated enterprises in healthcare and public infrastructure, defaulting to cloud sync may violate internal mandates.

Implementation complexity

Organizations evaluating ESU face complexity that consumer programs don’t address. Devices must run Windows 10 version 22H2, potentially requiring extensive patch management before ESU activation.

The enrollment process integrates with volume licensing systems rather than simplified consumer wizards. Enterprise IT teams must coordinate with procurement, legal, and finance departments for multi-year ESU agreements.

Most critically, Microsoft offers no technical support as part of ESU programs. Organizations paying premium prices still depend on community forums or expensive Microsoft consulting services for implementation issues.

Microsoft’s enhanced Windows 10 ESU program confirms that enterprises are expected to pay their way through the transition while consumers get multiple free options. The timing of Cloud Service Provider availability in September aligns with Microsoft’s cloud revenue strategy.

Both analysts agree the program serves Microsoft’s interests while providing enterprises limited relief. “It’s security with strings — and a subtle shift in monetization logic,” Gogia said.

For IT leaders, this represents both breathing room and continued pressure. While ESU provides time for proper Windows 11 planning and risk assessment, the escalating costs ensure that staying on Windows 10 becomes increasingly expensive each year, exactly as Microsoft intended.

Kategorie: Hacking & Security

Security Fixes & Enhancements in Firefox 140 ESR

LinuxSecurity.com - 25 Červen, 2025 - 14:01
Stability. Security. Practical, resource-conscious features. It's everything you'd want from a browser, especially when it's being deployed across systems that need predictable performance in production environments. Firefox 140 ESR (Extended Support Release) makes no attempt to dazzle with half-baked experiments or flashy new gimmicks''it's built to be stable, reliable, and secure for the long haul. This makes it an essential tool for Linux admins and infosec professionals who need more focus on functionality and operational efficiency than bleeding-edge features.
Kategorie: Hacking & Security

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

The Hacker News - 25 Červen, 2025 - 13:00
Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Beware the Hidden Risk in Your Entra Environment

The Hacker News - 25 Červen, 2025 - 12:30
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions inThe Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

10 ways to boost Windows security

Computerworld.com [Hacking News] - 25 Červen, 2025 - 12:00

With Microsoft set to stop security updates for Windows 10 in October — unless you pay extra — security is top of mind for many businesses and individual users right now. And whether you’re planning on sticking with Windows 10 or you’ve already upgraded to Windows 11, there’s almost certainly more you can do to increase your PC’s security.

Here’s a look at some of the actual software tools you can use to make your system more secure — not basic behavioral advice like “don’t run sketchy software” or broad, theoretical tips on avoiding threats online. That’s all fine advice, but we’ve all seen it before. 

Instead, we’re going to dive deep into worthwhile tweaks and critical checks in the Windows software already on your PC. They’re simple steps that’ll make an immediate impact on your system’s security and the protection of your professional and/or personal data — and they’re right there just waiting to be used.

Want more Windows PC tips? Sign up for my free Windows Intelligence newsletter. I’ll send you free Windows Field Guides as a special welcome bonus!

Windows security boost #1: Block bad apps

Windows can automatically block “potentially unwanted apps,” but it doesn’t do so by default. The phrase “potentially unwanted apps” is a euphemism for programs that aren’t technically malware or anything illegal, but they may do things you don’t want — like spy on you or show ads. Also called “potentially unwanted programs” or “PUPs,” they’ve been dubbed “malware with a legal team” — an obvious exaggeration, but not exactly wrong.

To ensure Windows is blocking these, launch the “Windows Security” app from the Start menu, select “App & browser control,” click “Reputation-based protection settings,” and ensure “Potentially unwanted app blocking” is set to “On.”

Windows can block annoying apps — but the setting isn’t on by default.

Chris Hoffman, Foundry

Windows security boost #2: Check your encryption

Modern Windows PCs automatically set up “Device Encryption” when you sign into them with a Microsoft account, ensuring someone who steals your laptop can’t get access to your private files. But, again, the option might not always be activated by default out of the box. To check whether your PC storage is encrypted, open the Start menu, search for “BitLocker,” and select “Manage BitLocker.”

The BitLocker page in the Control Panel will show if your PC’s storage is encrypted.

Chris Hoffman, Foundry

If you don‘t see that your PC’s storage is securely encrypted with either Device Encryption or BitLocker, there are two possible explanations:

  • You’ve signed in with a local account and need to sign in with a Microsoft account to activate the Device Encryption feature on your PC.
  • You’re using an older PC that doesn’t support Device Encryption, and you need to pay for an upgrade to the Professional edition of Windows to activate the BitLocker feature.

For what it’s worth, Device Encryption is more of a “BitLocker light” experience without all the features, while BitLocker is the full-featured, more customizable disk encryption software. However, they’re built on the same underlying technology, and both will securely encrypt PC files. 

Read my BitLocker encryption guide for more information.

Windows security boost #3: Consider your syncing setup

On both Windows 10 and 11, Microsoft wants OneDrive to automatically sync folders such as your Desktop, Documents, and Pictures folders. Their contents will be stored in your Microsoft account online and synced between your PCs.

That can be convenient, but depending on the data you work with, you might not want to sync it to your Microsoft account. It’s a matter of data security — especially within organizations, which often want to maintain close control over corporate data.

To control exactly what OneDrive is doing on your PC and what it’s syncing, consult my guide to taming OneDrive on Windows.

Windows security boost #4: Turn off less secure sign-ins

Windows normally lets you sign in by typing your password. If you use a Microsoft account, that same password will be your Microsoft account’s online password. If you have a PC with Windows Hello biometric sign-in support — a fingerprint reader, facial recognition, or both — you can turn off password sign-ins and opt to sign in only with those more secure biometric methods.

To do this, head to Settings > Accounts > Sign-in options. Under Additional settings, activate, “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device.”

Once that’s done, if someone else does gain access to your PC, they won’t be able to sign into it — even if they’ve captured your Microsoft account password. For optimal security, beyond that, be sure to use a long PIN and avoid typing it in public. (Your PC will enforce a limit on how often people can guess the PIN, so it doesn’t have to be uncrackable — just hard to guess.)

Windows security boost #5: Activate ransomware protection

Ransomware literally holds your files for ransom. The malware encrypts your files and prevents you from accessing them until you pay up — often with Bitcoin or another cryptocurrency.

To prevent ransomware from running roughshod over your files, Windows has a “Controlled folder access” feature that will keep questionable-looking apps from tampering with your Documents, Pictures, Music, and Video folders. It’s designed to let friendly apps through, but it might block apps you use and require you to let them through manually. However, it will still provide extra protection — if you’re willing to accept a little bit of extra configuration and the occasional extra bit of hassle.

Here’s what you need to know about Controlled folder access — and how to set it up.

Windows security boost #6: Double-check Office updates

Do you use Microsoft Office? If so, you should ensure it’s getting security updates. I’ve noticed many people end up with outdated versions of Office that aren’t still getting security updates — sometimes even because they (or someone) turned off the Office updates without realizing the implications. It’s important to protect Office from threats that could arrive via malicious downloaded documents, so that’s not an advisable move.

To confirm that your Office setup is in good shape, open an Office app (like Word), click “File,” and click “Account” at the bottom left corner of the window. Look at the Update Options button at the right side of the window and ensure it says “Updates are automatically downloaded and installed” — if not, you can click “Update options” to activate automatic updates.

If you’re using an outdated version of Office, it won’t warn you — it’ll just stop downloading security updates.

Chris Hoffman, Foundry

You should also look at the name of your Office product at the top of the window in this same area. If it says you’re using “Microsoft 365,” then you’re using Microsoft’s subscription-based version of Office that will always get updates.

If it says a specific version (like Office 2021), be sure to consult the end of support table on Microsoft’s website for more information. (As of now, Office 2016 and Office 2019 are set to be phased out in October 2025, while Office 2021 has until October 2026. Office 2024 has until October 2029.)

Windows security boost #7: Check whether your apps are current

Windows apps don’t necessarily always update themselves with security updates. It’s one of the big security challenges on Windows, and it forces many organizations to roll their own software update strategies to monitor and deliver security patches. While Microsoft is finally moving toward fixing this, it’s still a problem.

First, ensure apps managed by the Store app are actively receiving updates. Launch the Store from the Start menu, click your profile picture, and click “Settings.” Ensure the “App updates” option is set to “On.” (Even if you don’t use the Store, many apps included with Windows can still be updated using it.)

Second, check to see whether you have vulnerable, out-of-date apps installed. You can use tools like the winget command built into Windows, the slick UniGetUI tool for it, or Patch My PC’s free Home Updater tool.

Windows security boost #8: Activate isolation

Windows has a variety of low-level system hardening features that will make the Windows system kernel — the core part of Windows — harder to exploit. They should work well with modern PCs, and many of them may be activated automatically, depending on how old your computer is. In general, if you aren’t using extremely old hardware drivers or other low-level software, they should just work — and boost your PC’s security.

To activate them or confirm that they’re active, open the Windows Security app from your Start menu. Click “Device security” and then “Core isolation details.” (This is available on both Windows 10 and 11, but you might not see it, or you might see different features — it depends on the specifics of your PC and what its hardware supports.)

The options you see on the Core isolation settings screen will depend on your PC’s hardware.

Chris Hoffman, Foundry

When you activate any one of these security features, Windows will check to see whether it will work well on your system. If it won’t — for example, if you have an old hardware driver that doesn’t work properly with one of these features — Windows will generally spot the problem and turn the feature off automatically.

Windows security boost #9: Start sandboxing

While it’s always a good idea to avoid sketchy software, let’s say you do want to run a program without giving it too much access to your system. In any such scenario, I recommend using the Windows Sandbox — a feature that requires the Professional edition of Windows 10 or 11.

The Windows Sandbox creates a temporary Windows environment within Windows, letting you run software without giving it to access the rest of your files and hardware. To activate it — assuming you have the right edition of Windows — open the “Turn Windows features on or off” tool from the Start menu and install the “Windows Sandbox” feature.

Since this does require the Professional edition of Windows, many people and organizations won’t have access to it. You can always install Windows in a virtual machine like VirtualBox, too, and run software in there as an alternative.

Windows security boost #10: Consider tighter protection settings

Many years ago, I recommended installing exploit-protection software like Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) or Malwarebytes Anti-Exploit. These days, it generally isn’t necessary; Windows has integrated its own native anti-exploit protection to provide your programs with extra protection from attacks.

To see these settings, you can open the Windows Security app from the Start menu, click “App & browser control,” and click “Exploit protection settings.”

Almost everything there should be turned on by default. If you want some extra security, you could activate “Force randomization for images (Mandatory ASLR).” However, this could cause problems with some old programs, so you’ll probably want to skip it.

I recommend leaving it alone — and feeling secure that anti-exploit protection is now part of Windows and the type of thing you don’t have to hunt down separately, just like antivirus software.

Want more in-depth Windows analysis and useful PC tips? Sign up for my free Windows Intelligence newsletter today. I’ll send you three new things to try each Friday.

Kategorie: Hacking & Security

This is (probably) the unreleased Google Pixel Tablet Pen

Computerworld.com [Hacking News] - 25 Červen, 2025 - 11:45

Google’s Android tablet saga is a seemingly endless series of almosts, what ifs, and coulda-beens — and now, we’ve got one more chapter to add into that book.

First, a quick and very pertinent three-part power-round of context catch-up. Part one:

  • Way back in 2010, Google bought a company called BumpTop and seemed set to bring its wild three-dimensional interface concepts into the Android tablet arena — as I pieced together and recounted some years back.
  • But then, by 2011, with new leadership in place, the BumpTop concepts were mostly set aside.
  • And instead, in 2011, Google came out with an ambitious and almost completely different interface for large-screen Android tablet experiences with the Android 3.0 Honeycomb release. The software reimagined every bit of how we interact with our devices in an effort to take full advantage of the newfound screen space and create a more efficiency-optimized, productivity-minded environment.
  • But then — well, y’know: Google Googled. It failed to get developers on board with its vision, lost focus, pivoted, then flailed for a while, ultimately eliminating most of the Honeycomb concepts and making tablets look and work exactly like Android phones.

That’s the first chapter, in a sense. Then came the middle part of the story — part two, for our purposes:

  • In 2015, Google came out with an awkwardly positioned Android tablet called the Pixel C. It brought back a kinda-sorta tablet-optimized interface, but something always seemed slightly strange about the product — and certain slivers of sleuthing suggested it might’ve originally been intended to be a ChromeOS, not Android, device.
  • By 2017, the lack of any focus or momentum on Android tablets led me to declare that the Chromebook was, for all intents and purposes, the new Android tablet. It was clear by then that Google didn’t see much future in the tablet form or reason to invest in making it a good experience at the platform level.
  • And sure enough, by 2020, the company confirmed to me that it was done making its own tablets and would focus instead on laptop-style devices for its own self-made products.

You might think the fairy tale ends there — but, no siree, Bob, we’ve got another era yet. Here’s part three:

  • In 2022, I discovered and reported that one of Android’s lesser-known original co-founders had rejoined the company with the title of of “CTO, Android tablets.”
  • At the same time, word broke that Google was giving up on laptops, in a dizzying reversal from its two-years-earlier about-face.
  • And sure enough, in 2023, the flip-flop finished and Google revealed it was back in the tablet game with the Pixel Tablet and its bold but never fully realized ideas about reinventing the Android tablet as a whole new type of line-blurring device.
    • Initially, the Pixel Tablet was meant to be a smart-home control panel that you also used as a lean-back-style, more passive-use tablet. The problem is that while the device was — and still is! — an excellent tablet, the smart-home side of the experience felt weirdly half-baked and not especially exceptional.
  • Soon, the Pixel Tablet narrative shifted, and it looked like Google was gearing up to reinvent the device as more of a computer-replacing desktop system in its next iteration — with a wild new Android desktop mode at its core and, according to reports, native keyboard and stylus accessories to flesh out that picture.
  • But then the second-gen Pixel Tablet was reportedly cancelled before it ever even saw the light of day.

And that — insert massively exaggerated deep breath here… — brings us to today.

[Psst: Got a Pixel? Any Pixel? Check out my free Pixel Academy e-course to discover all sorts of advanced intelligence lurking within your phone and/or tablet!]

Your guess is as good as mine as to if Google will ever put out its own tablet again and how many more about-faces we might be facing, but for now, what we have is that aforementioned pile of almosts, what ifs, and coulda-beens. And the latest of ’em is the productivity-centric future the Pixel Tablet almost brought us but never quite had the opportunity to deliver.

And that’s where things get freshly interesting:

  1. The key software piece of that puzzle — the Android desktop mode — is, in fact, still being actively developed. It’s now a part of the latest Android 16 quarterly update beta, with the main purpose of letting you plug an Android phone into a monitor and then use it like a computer later this year.
  2. As part of that development, the feature is now available on the original Pixel Tablet, with that beta Android version installed and the appropriate developer-level option enabled.
  3. And, thanks to the wild luck and generous sharing of a member of my Intelligence Insider uber-geek community, I got my grubby hands on what very much appears to be the never-released Google Pixel Tablet Pen — a.k.a. the stylus we never saw as a part of the Pixel Tablet’s unrealized future.

So without further ado, here it is:

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?quality=50&strip=all 1600w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=300%2C183&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=768%2C468&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1024%2C623&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1536%2C935&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1145%2C697&quality=50&strip=all 1145w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=276%2C168&quality=50&strip=all 276w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=138%2C84&quality=50&strip=all 138w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=789%2C480&quality=50&strip=all 789w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=591%2C360&quality=50&strip=all 591w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=411%2C250&quality=50&strip=all 411w" width="1024" height="623" sizes="(max-width: 1024px) 100vw, 1024px">What by all counts is the unreleased Google Pixel Tablet Pen, in the author’s suspiciously sweaty paw.

JR Raphael, Foundry

The Pen has a clear “Designed by Google” logo on its flat edge, along with the address of Google’s Mountain View campus. It also sports the code “GM0KF,” which — drumroll, please… — is the exact same code noted in a leak about the stylus’s existence last December.

A code on the stylus’s side says “GM0KF,” which matches the code on earlier materials about the product.

JR Raphael, Foundry

The Pen’s tip has a shiny silver metal button with a Google “G” logo printed atop it.

A familiar “G” logo adorns the stylus’s top.

JR Raphael, Foundry

And, yes, it is a dead ringer for the product pictured in that leak. We’re looking at the same exact thing.

The stylus looks exactly like what’s pictured in previously leaked Pixel Tablet Pen materials.

JR Raphael, Foundry

(I’ve reached out to Google several times over the past several days to see if it could provide any context or comment at all about the product, its existence, and if or when it might ever actually be released. As of this writing, the company has yet to offer any information.)

I charged the stylus via the built-in USB-C port, and it immediately started working on my Pixel Tablet. When I hold the Pen’s tip just above the Pixel Tablet’s screen, selectable elements beneath it respond and pop a bit to indicate they’re pressable. If it’s a text field — like the search box on the home screen — a cursor icon appears, and touching the Pen to the box pulls up a pop-up about how to use the stylus to write and have words automatically converted into text as well as how to perform a variety of editing operations entirely with the stylus.

A demo window explains how the Pixel Tablet Pen works in terms of writing and text editing.

JR Raphael, Foundry

Once that demo window is closed, I can just write anywhere on the screen, anytime. Once I bring the Pen close to the Pixel Tablet’s display, that same cursor icon appears, and the entire screen essentially turns into an open surface for input.

You can write anywhere on the Pixel Tablet’s screen and have your words turned into text.

JR Raphael, Foundry

The writing-to-text conversion works quite well, even with my drunken-toddler-level chicken-scratch handwriting. The Pen performs great on surfaces meant for freestyle writing, too, like with the drawing feature in Google Keep. Its input is smooth and consistent, and it’s incredibly easy to use.

The Android Google Keep app is especially well-suited to input with the Pixel Tablet Pen.

JR Raphael, Foundry

Those unofficial reports from a while ago showed an animation indicating that pressing the Pen’s button would pull up a “quick note-taking app” of some sort sort, but that doesn’t seem to work for me. The button doesn’t do anything at all, as far as I can tell — which probably isn’t surprising, since any such function would presumably require a missing software update in order to work.

Beyond that, there isn’t a heck of a lot remarkable about the hardware itself. The Pen has a soft-touch finish and feels light and comfy to hold. Oh, and it even sticks magnetically to a specific spot on the back side of the tablet itself as well as the official Google Pixel Tablet case — which certainly seems like a deliberate touch.

The stylus sticks to the back of the Pixel Tablet as well as its case in a deliberate-seeming position.

JR Raphael, Foundry

Android’s still under-development desktop mode works nicely with the Pen to create a more computer-like experience, meanwhile — especially if you also hook up a keyboard accessory of some sort. The software isn’t quite there yet, though, and is certainly nowhere near the level of true desktop-caliber productivity you get with a Chromebook, in large part because of the ways the Chrome Android app differs from the native desktop version.

But Google seems determined to close that gap, so we’ll see how things progress over time. That mission, however, appears to be more about bringing Android into the desktop domain than bringing the desktop domain into Android — for the moment, at least, though as we’ve seen so many times before, you never know how Google might change its mind in the future.

For now, this is mostly just a glimpse at another Android tablet almost — as far as the Pixel Tablet and the Pen are concerned. It’s an eye-opening look at a future we’ll probably never experience, in this specific scenario. And it’s the latest in a long, ever-expanding line of Android tablet coulda-beens.

Don’t let yourself miss an ounce of Pixel magic. Start my free Pixel Academy e-course and discover tons of hidden features and time-saving tricks for whatever Googley gadget you’re carrying!

Kategorie: Hacking & Security

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

The Hacker News - 25 Červen, 2025 - 10:45
Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

The Hacker News - 25 Červen, 2025 - 10:12
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

The Hacker News - 25 Červen, 2025 - 07:10
Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. TheRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

What are Gemini, Claude, and Meta AI doing with enterprise data?

Computerworld.com [Hacking News] - 25 Červen, 2025 - 01:15

Enterprise users of leading large language models are at risk of making private information public, according to a new study on the data collection and sharing practices of organizations such as Meta, Google, and Microsoft that reveals they are collecting sensitive data and sharing it with unknown third parties.

In fact, businesses may face even greater risks than the multitude of individuals who use the various LLMs, according to the findings from Incogni, a personal data removal services and data privacy company.

“Employees frequently use generative AI tools to help draft internal reports or communications, not realizing that this can result in proprietary data becoming part of the model’s training dataset,” the company said. “This lack of safeguards not only exposes individuals to unwanted data sharing, but could also lead to sensitive business data being reused in future interactions with other users, creating privacy, compliance, and competitive risks.”

Ron Zayas, the CEO of Incogni’s business and government division Ironwall, said, “the analogy would be that we spend a lot of time as businesses making sure that our emails are secure, making sure that our machines lock themselves down after a certain period of time, of following SOC 2 protocols, all these things to protect information.” But now, he said, the concern is that “we’ve opened the door, and we have employees feeding information to engines that will process that and use it [perhaps in responses to competitors or foreign governments].”

To evaluate the LLMs, Incogni developed a set of 11 criteria that allowed it to assess the privacy risk in each, and compiled the results to determine each program’s privacy ranking in the areas of training, transparency, and data collection and sharing. From these, it also derived an overall rating.

Key findings in Incogni’s study revealed that:

  • Le Chat by Mistral AI is the “least privacy invasive platform, with ChatGPT and Grok following closely behind. These platforms performed the best when it comes to how transparent they are on how they use and collect data, and how easy it is to opt out of having personal data used to train underlying models.”
  • LLM platforms developed by the biggest tech companies turned out to be the most privacy-invasive, the report said, with Meta AI (Meta) being the worst, followed by Gemini (Google) and Copilot (Microsoft).
  • Gemini, DeepSeek, Pi AI, and Meta AI don’t seem to allow users to opt out of having prompts used to train the models.
  • ChatGPT turned out to be the most transparent about whether prompts will be used for model training, and it had a clear privacy policy.
  • Grok (xAI) may share photos provided by users with third parties.
  • Meta.ai “shares names, email addresses and phone numbers with external entities, including research partners and corporate group members.”
What not to tell AI

Justin St-Maurice, technical counselor at Info-Tech Research Group, said that from a corporate perspective, “training your staff on what not to put into tools like ChatGPT, Gemini, or Meta’s AI is critical.”

He added, “just as people are taught not to post private or sensitive information on social media, they need similar awareness when using generative AI tools. These platforms should be treated as public, not private. Putting personally identifiable information (PII) or proprietary company data into these systems is no different than publishing it on a blog. If you wouldn’t post it on LinkedIn or Twitter, don’t type it into ChatGPT. The good news? You can do a lot with these tools without needing to expose sensitive data.”

According to St-Maurice, “if you’re worried about Meta or Google sharing your data, you should reconsider your overall platform choices; this isn’t really about how LLMs process your data, but how these large corporations handle your data more generally.”

Privacy concerns are important, he said, “but it doesn’t mean organizations should avoid large language models altogether. If you’re hosting models yourself, on-prem or through secure cloud services like Amazon Bedrock, you can ensure that no data is retained by the model.”

St-Maurice pointed out that, in these scenarios, “the LLM functions strictly as a processor, like your laptop’s CPU. It doesn’t ‘remember’ anything you don’t store and pass back into it yourself. Build your systems so that the LLM does the thinking, while you retain control over memory, data storage, and user history. You don’t need OpenAI or Google to unlock the value of LLMs; host your own internal models, and cut out the risk of third-party data exposure entirely.”

What people don’t understand, added Ironwall’s Zayas, “is that all this information is not only being sucked in, it’s being repurposed, it’s being reused. It’s being publicized out there, and it’s going to be used against you.”

Kategorie: Hacking & Security

Google rolls out text-to-image model Imagen 4 for free

Bleeping Computer - 25 Červen, 2025 - 00:36
Google confirmed that Imagen 4, which is the company's state-of-the-art text-to-image, is rolling out for free, but only on AI Studio. [...]
Kategorie: Hacking & Security

Claude catches up to ChatGPT with built-in memory support

Bleeping Computer - 24 Červen, 2025 - 23:52
AI startup Anthorpic is planning to add a memory feature to Claude in a bid to take on ChatGPT, which has an advanced memory feature. [...]
Kategorie: Hacking & Security

Google Cloud donates A2A AI protocol to the Linux Foundation

Bleeping Computer - 24 Červen, 2025 - 23:34
Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, which has now announced a new community-driven project called the Agent2Agent Project. [...]
Kategorie: Hacking & Security

SonicWall warns of trojanized NetExtender stealing VPN logins

Bleeping Computer - 24 Červen, 2025 - 22:36
SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. [...]
Kategorie: Hacking & Security

Windows 10 KB5061087 update released with 13 changes and fixes

Bleeping Computer - 24 Červen, 2025 - 20:07
Microsoft has released the June 2025 non-security preview update for Windows 10, version 22H2, with fixes for bugs preventing the Start Menu from launching and breaking scanning features on USB multi-function printers. [...]
Kategorie: Hacking & Security
Syndikovat obsah