Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Apple signals that the new attack surface is time itself

Computerworld.com [Hacking News] - 9 min 53 sek zpět

The nature of security threats is changing. AI hasn’t just driven up energy prices and consumer electronics costs, it’s also ushering in a new era of AI-augmented cyberattacks, one where the time between a flaw being discovered and being exploited is shrinking fast.

Apple is already signaling that it sees this coming.

Why Apple moved first

The company has begun accelerating the release of security updates specifically to counter AI-assisted hacking. This week’s patch was pushed out ahead of Apple’s usual schedule, and the company told Reuters it’s adapting to a reality in which artificial intelligence can speed up the development of malicious tools

The logic is simple. If an AI system can find a flaw for one user, it can identify vulnerabilities for other users; that’s a benefit for well-resourced attackers prepared to move fast once a vulnerability becomes public. Hackers are, after all, one group in tech that really doesn’t worry much about moving fast and breaking things.

Apple said it has no evidence any of the patched vulnerabilities were actively exploited before the fix shipped, but that’s not a reason for complacency — especially in business and education, where deployment tends to lag.

Caution has become risk

That lag is a vulnerability. Traditionally, some industries — particularly, regulated ones — have delayed the installation of system upgrades. That was sensible because it enabled them to identify compatibility problems before a company-wide deployment took place. 

The new problem is that AI-accelerated attackers can specifically target organizations that haven’t yet patched, turning a cautious rollout window into a viable attack surface.

IT must now think deeply about company security policy. The old playbook needs rethinking, and Apple’s new approach to fast and swift security upgrades shows the way. You only need to review some of the data from a Kandji (now Iru) report to see the extent to which business is vulnerable to time itself. 

Legacy hardware? A gift to attackers

There’s another big problem for most enterprises: legacy hardware. Old, unsupported devices that can’t run the latest security protection must be replaced fast. That old hardware is a viable and attractive launch point for any wise cybercriminal. 

That’s not just an Apple issue; those firms still running Windows 10 systems are very much at risk. That risk is wide, given estimates that around 35% of US business systems are still running Windows 10.

Manufacturing is particularly exposed to the specter of an AI-attack. Apple and Tata Electronics are still reeling from the consequences of the recent attack at Apple’s India iPhone maker, which saw vast troves of confidential data stolen. (We don’t know whether AI was used in that attack, but we do know it is being used in attacks.)

Manufacturing is a target

Manufacturing has emerged as the most heavily targeted sector. Attackers have identified structural vulnerabilities that beset the market, including legacy infrastructure, sprawling supplier networks with inconsistent security postures, and tight margins that limit how fast companies can modernize. 

None of that is likely to change anytime soon, so attackers will continue to make extensive use of artificial intelligence to probe for weak links in manufacturing tech infrastructure. Combined with rapid increases in tech hardware prices and continued constraints on renewal budgets, companies are likely to find themselves even more exposed before things improve. 

What does this mean for the industry?

In general, the manufacturing industry will likely need to invest in more effective security protection, potentially amplifying ongoing inflationary pressure.

At Apple, it means the company must now intensify its race to secure its vast endpoint perimeter as AI weapons are applied by a variety of entities, including the nation state-adjacent hackers who want to subvert platform security in service of authoritarian control and surveillance.

For business, it means IT — and regulators — must swiftly review best-practice approaches to account for a fast-moving security environment in which failure to swiftly deploy updates can leave a company open to attack. For platform providers, it implies an imperative moral obligation to widen the security support windows for older devices. 

And for the rest of us, it means we must be even more conscious of the need to follow good security practices, including timely installation of security updates. And it may be time to retire some of the old devices, or at least take them offline. This is all unfolding at the same time the economy seems ready to call a time-out on affordable consumer electronics everywhere. Good times, indeed.

Please join me on social media at BlueSky,  LinkedIn, or Mastodon, and do subscribe my daily human-curated Apple news headline summary on Substack.

Kategorie: Hacking & Security

Webinar: Why traditional email security is no longer enough

Bleeping Computer - 10 min 49 sek zpět
Modern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making them harder for traditional email defenses to detect. This webinar explores how behavioral AI can help organizations automate detection and response. [...]
Kategorie: Hacking & Security

Hackers target Microsoft 365 accounts with 81 million login attempts

Bleeping Computer - 27 min 10 sek zpět
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]
Kategorie: Hacking & Security

Europe looks to fight any forced shutdown of AI

Computerworld.com [Hacking News] - 30 min 32 sek zpět

It was one of the biggest tech headlines in June: Amid the race leading up to the initial public offerings (IPOs) of artificial intelligence (AI) giants, the United States used its “blocking card” to disable Anthropic’s latest models. Citing national security concerns, the Trump Administration forced the company to prevent non-U.S. citizens (even in the US) from using its most advanced models — the very ones it had just unveiled. Speculation suggests the same thing could happen to OpenAI.

The ban on Anthropic was not lifted until June 30. The US administration said that, in the intervening weeks, it had worked with the company to “review and approve Fable5 to ensure it aligns with the US government and strengthens US leadership in AI.” For its part, OpenAI confirmed that its next major launch would begin with a preview for “trusted partners ”—a list it has shared with the US government.

Are these companies falling victim to their own marketing — having touted that their models are becoming increasingly intelligent and potentially more dangerous? Or are they collateral damage in an uncertain geopolitical world? Whatever the rationale, the recent moves raise questions in Europe, where digital sovereignty movements are on the rise.

The sudden shutdown of Fable 5 and Mythos 5 for European companies had a limited direct impact, because the models were so new. As Fernando Maldonado, senior analyst at Foundry Spain, noted: “Hardly anyone here had even started using them yet.” The indirect impact is more far-reaching, because it shows that a forced technological blackout is possible and that Europe has a limited margin for response.

The doomsday scenarios warn that Europe could be headed for a future tech disaster that will have a domino effect on the economy and society. That’s the conclusion of the “Europe 2031” report, prepared by a group of European AI researchers, analysts, and investors. “The current trajectory of AI calls for the most ambitious political agenda in the history of postwar Europe,” the report concludes. They argue that Europe has failed to grasp the scale of AI ‘s spread and warn that Europe couldl fall into irrelevance. (The group estimates that, in that scenario, the continent would control only 5% of AI computing by 2031, compared to 80% for the US). There is much talk of sovereignty, but little real-world action so far.

That dystopian vision of the future coexists with other, more nuanced perspectives. But analysts and political scientists point out that AI could yet become an economic and political lever that will shape the future balance of power.

The ‘kill switch’ scenario

The total shutdown “kill switch” option, deemed impossible not so long ago, has established itself as one of the real potential fears in geopolitical risk: it was on the agenda at the recent G7 meeting. The Anthropic case was seen as a warning. “Technology is increasingly a strategic asset. Europe must be able to act on its own terms,” European Commission spokesperson Thomas Regnier told Euronews. Speaking to Reuters, he added, “This event is further proof that Europe must strengthen its technological sovereignty.”

The Anthropic outage “has given ammunition to those who have been calling for investment in technological sovereignty and highlights this geopolitical situation,” said Beatriz Arias, director of digital transformation at DigitalES. Arias believes the incident shows that today’s reality requires work in more areas; it is no longer enough to manage telecommunications or standards. Other issues such as interoperability and intellectual property are on the table, as well as “the need to invest more in our own capabilities, without prejudice to our continued commitment to an open model of cooperation and alliances.”

That said, Darío García de Viedma, a researcher in Technology and Digital Policy at the Elcano Royal Institute, does not believe the feared kill switch will be used, “because the US technology export model depends on companies. Companies are the strong arm of US diplomacy in the technological sphere.” For them to play that tole, they need a global presence. But he does agree that what happened with Anthropic helps “explain this risk to the public” — and incidentally showcase what technological sovereignty is.

Even if a catastrophic blackout doesn’t occur, other problems could still hinder access. Political scientist Amélie Férey explained on France Culture how license prices could gradually rise and drive up costs. Or access to certain features could be gradually restricted. As García de Viedma put it, a moratorium on model access would create a “temporal asymmetry.” Disruptions can occur in “the complex supply chain behind all our technology,” through export controls (something now happening in the chip market) or through the degradation of essential services (such as what could happen with Starlink coverage).

In recent years, the European Union has entered a race in that arena, one that involves symbolic measures well as practical legislative moves. The European Parliament has dropped Google as its default search engine and replaced it with the French Qwant. And in early June, the Commission presented its European Technology Sovereignty Package, which addresses, among other issues, AI. They aim to ensure that Europe becomes “a continent of AI, strengthen its digital autonomy, and help build a more sustainable digital future,” while also acknowledging Europe’s technological dependence.

“We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable, and our services secure,” said Commission President Ursula von der Leyen. Specifically, Europe aims to triple the capacity of its data centers over the next five to seven years, boost the adoption of AI, enhance research and innovation, and work on its own development and deployment efforts. The package will now have to go through an approval process to become law and take effect.

Henna Virkkunen and Dan Jørgensen at the presentation of the EU’s technological sovereignty package on June 3.

UE

Has Europe done enough?

The big question is whether what Europe has done — and what it plans to do — will be enough. Are the sovereignty packages sufficient, or are they vague and lacking in concrete details? The Europe 2031 group accuses Europe of making empty promises that don’t translate into tangible results.

García de Viedma said the latest package represents “good progress, which is defining technological sovereignty as risk mitigation.” In this case, risk has three aspects: technological dependence could be used as a coercive measure; tech operations could be disrupted “if at any point our alliances deteriorate;” and IT could be used as a tool for surveillance.

“Not to sound like conspiracy theorists, but the fact is that there is a possibility that whoever controls the communication nodes and software has the ability to see, if not everything, then at least some things,” he said. “That gives them an advantage.” Therefore, sovereignty is not so much “that identity-based vision” but rather one of “risk avoidance.” It’s not about using European technology simply because it’s European, but about understanding the risks of not using it.

Viedma believes the Commission has accurately identified today’s problems (such as governance or the digitization of the power grid, “the main bottleneck for AI”) but wonders about the future. Added to this is the issue of money: investment is a key piece in this chess game.

DigitalES views the efforts currently under way — such as those regarding European chips — favorably. “What’s needed is more determination and focus,” said Arias. Incidents like the Anthropic case can “help move in that direction.” While European investment plans in AI may seem less grandiose than those of the sector’s major companies, Arias warned against defeatist rhetoric.

“The EU is doing what it needs to do,” he said, and is creating “a more geopolitically stable environment for investors. Ultimately, this is about the market and who creates the most value.” European regulations can eventually become global standards, with Europe positioning itself “as an attractive partner for investment” — one that is “reliable and more predictable.”

Arias said the key lies not in complete autonomy, but in finding a balance. “We don’t have to produce 100% of what we use, and we shouldn’t depend 100% on a single supplier or jurisdiction.” What’s needed is technological diplomacy, being able to navigate complex waters and safeguard interests.

Playing by different rules in the global AI market is not feasible. “You must be aware of your strengths and weaknesses.” And she insists: “Europe is by no means a long shot — quite the opposite, because it offers certain guarantees.”

The next great revolution

Europe is late to the AI race, but it can still “assume a certain leadership role,” depending on how the sector evolves, as García de Viedma notes. Europe can carve out its own niche and investments are being made and efforts are under way to do so. In AI, this involves identifying areas of European specialization.

There remains a lot of work to be done and, possibly, lessons learned from past experiences to face what lies ahead. AI issues are part of a very complex reality. Arias warned of the need to prepare for “the convergence of artificial intelligence with the computing power that quantum computing will provide” featuring “dual-use technology that will be employed for both military and civilian purposes.” These will be more powerful tools that “require a more solid foundation.

“Such technological diplomacy will be necessary to negotiate global quantum standards, protect intellectual property, and address the potential impact on national security.”

The quantum revolution is imminent, but has yet to unfold, and Europe can capitalize on it. “Europe is jumping on this bandwagon,” argued Arias, highlighting the investments and work on quantum capabilities. “We’re in a very different situation than we were with the cloud and artificial intelligence.” The EU is “acting quickly” and opening the door to “positioning ourselves country by country.”

Kategorie: Hacking & Security

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

The Hacker News - 1 hodina 38 min zpět
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image. The goal is the usual one: steal banking logins and take Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

The Hacker News - 1 hodina 39 min zpět
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass," Adobe said in an alert released Tuesday. The vulnerabilities are listed Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

The Hacker News - 2 hodiny 22 min zpět
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3 Swati Khandelwalhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Turning Indicators into Intelligence in OpenCTI with Criminal IP

Bleeping Computer - 3 hodiny 4 min zpět
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis. [...]
Kategorie: Hacking & Security

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

The Hacker News - 3 hodiny 8 min zpět
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Azure CLI Password Spraying: Why Cloud Identity Is Now Linux Security

LinuxSecurity.com - 3 hodiny 10 min zpět
Over the span of just 14 days, threat actors unleashed more than 81 million login attempts against Microsoft’s Azure command-line interface (CLI). The campaign, which security researchers at Huntress identified as an ongoing, automated password-spraying effort, successfully compromised at least 78 Microsoft accounts across 64 organizations between June 12 and June 26, 2026.
Kategorie: Hacking & Security

How to Build Behavioral Detections with eBPF on Linux

LinuxSecurity.com - 4 hodiny 47 sek zpět
Building effective behavioral detections starts with understanding how processes behave at runtime, rather than simply collecting more logs. eBPF gives Linux security teams the visibility needed to correlate those behaviors into meaningful detections, moving away from static signatures and toward real-time analysis.
Kategorie: Hacking & Security

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

The Hacker News - 4 hodiny 5 min zpět
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Over 900 Oracle E-Business instances exposed to ongoing attacks

Bleeping Computer - 4 hodiny 35 min zpět
Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]
Kategorie: Hacking & Security

2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience

The Hacker News - 5 hodin 35 min zpět
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals [email protected]
Kategorie: Hacking & Security

US reverses export restrictions on Anthropic’s Fable 5, Mythos 5 AI models

Computerworld.com [Hacking News] - 5 hodin 52 min zpět

The US government has reversed export restrictions on Anthropic’s frontier AI models Fable 5 and Mythos 5, allowing the company to resume global access after nearly three weeks of disruption triggered by concerns over the models’ cybersecurity capabilities.

“As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted,” Anthropic said in a blog post. The company said Fable 5 will begin rolling out globally on July 1 across Claude Platform, Claude.ai, Claude Code and Claude Cowork, while access on Amazon Web Services, Google Cloud, and Microsoft Foundry will be restored “as quickly as possible.”

Commerce Secretary Howard Lutnick said the administration had worked with Anthropic before reversing the restrictions.

“Over the past two weeks, we have worked closely with Anthropic to analyze and approve Fable 5 to ensure alignment across the US Government and strengthen America’s leadership in AI,” Lutnick wrote in a post on X.

Anthropic had launched Fable 5 and Mythos 5 on June 9, and the US authorities restricted their export on June 12.

The Anthropic decision comes as other frontier AI developers are also operating under closer government scrutiny.

In announcing GPT-5.6 Sol, Terra, and Luna last week, OpenAI said it had previewed both its rollout plans and the model’s capabilities to the US government before launch and, “at their request,” was initially making the model available only to “a small group of trusted partners” whose participation had been shared with the government.

OpenAI said it would continue coordinating with government partners before expanding availability, but added that it did not believe “this kind of government access process should become the long-term default” because it keeps advanced AI tools from “users, developers, enterprises, cyber defenders, and global partners who need them.”

Analysts say the Anthropic decision reflects a broader shift in how frontier AI models are governed.

“The reversal is not the story; the instrument beneath it is,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. Washington, he said, has applied the long-standing “deemed export” doctrine to frontier AI models, signalling “negotiated oversight, conditional and monitored, rather than blanket prohibition.”

Immediate order created global disruption

Anthropic said the June 12 export controls required it to restrict access to foreign nationals.

“Because the order took effect immediately and we had no reliable way to verify nationality in real-time, we suspended access to both models for all users,” it added. The company partially restored Mythos 5 last week for a limited group of US organizations.

Anthropic said the restrictions followed a report from Amazon researchers describing a technique that bypassed one of Fable 5’s cybersecurity safeguards. After reviewing the findings with Amazon and the US government, the company concluded the technique “did not expose any unique Mythos-level cyber capabilities” and instead represented “a borderline case for Fable 5’s safeguards.”

It subsequently retrained its safety classifier, saying the reported technique is now blocked in more than 99% of cases, while acknowledging that the stronger protections would increase false positives for some legitimate coding requests. Researchers at the US Department of Commerce’s Center for AI Standards and Innovation also evaluated the updated safeguards, Anthropic said.

Enterprises face a new continuity risk

Experts say the episode demonstrates that frontier AI’s availability can now be shaped by policy decisions as much as technical capability.

“Frontier access has become conditional infrastructure,” Gogia said. “The models went dark globally because nationality could not be verified in real time, so a control aimed at foreign nationals became an outage for everyone.”

He said enterprises should also not assume that deploying models across multiple cloud providers insulates them from regulatory actions affecting the underlying model provider.

According to Gogia, organizations should begin evaluating frontier AI platforms for regulatory interruption, cross-border identity restrictions, channel restoration delays, and trusted-partner eligibility alongside traditional security, commercial, and technical considerations.

Anthropic proposes a common jailbreak framework

Anthropic used the announcement to call for an industry-wide framework to assess AI jailbreaks, saying developers and governments currently lack a common standard for evaluating newly discovered techniques.

“There’s currently no consensus in the AI industry on how to describe, in objective terms, the severity of an AI jailbreak,” the company said. Anthropic said it is working with Amazon, Microsoft, Google, and other Project Glasswing partners on a framework for evaluating jailbreaks, while also expanding collaboration with the US government through pre-release testing of future frontier models, information sharing, and joint AI security research.

“Government involvement in AI releases requires a durable, transparent process that gives cyber defenders and others the certainty they need about access to powerful models,” Anthropic said. “These rules should be codified in strong regulation and applied equally across frontier model developers.”

Gogia said the broader lesson extends beyond Anthropic’s restored access. “Restored access is not restored certainty,” Gogia said. “Build for the detour, because the road now runs through policy.”

The article originally appeared on CIO.

Kategorie: Hacking & Security

Microsoft fixes GIF functionality in the Windows Emoji Panel

Bleeping Computer - 6 hodin 12 min zpět
Microsoft has fixed the GIF functionality in the Emoji Panel for Windows 11 users after the provider shut down its service. [...]
Kategorie: Hacking & Security

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

The Hacker News - 6 hodin 23 min zpět
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

Kaspersky Securelist - 7 hodin 4 min zpět

Introduction

To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these utilities rarely raise red flags: they are signed with valid digital certificates, often allowlisted under corporate IT policies, and fully supported by OS vendors. However, they grant attackers the ability to harvest data from target devices, drop malware, and move laterally across the network.

During a recent investigation engagement, the Kaspersky Managed Detection and Response (MDR) team discovered the ScreenConnect remote access tool being leveraged to deploy and execute an AsyncRAT payload.

A deep dive into this single incident unraveled a massive campaign distributing malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, Bandicam, and others. In total, we uncovered more than 90 domain names localized across 10 languages. The malicious archives bundle a legitimate, signed Microsoft install.exe binary alongside a rogue install.res.1033.dll library. It is loaded onto the device via DLL sideloading and deploys the ScreenConnect service, which awaits further instructions from the threat actors.

As a result, what initially appeared to be an isolated ScreenConnect incident served as the starting point for a full investigation into the threat actor’s C2 infrastructure. Every spoofed site we uncovered followed the exact same playbook: dropping a hidden ScreenConnect remote administration service under the guise of a legitimate software installer. This allowed the attackers to maintain control over compromised endpoints, with victims ranging from individual users to organizations.

We continue to break down complex, multi-stage incidents like this in our ongoing The SOC Files series. In this post, we take a deep dive into the technical execution of the ScreenConnect attack and analyze the broader infrastructure under the threat actor’s control.

Initial incident investigation

The investigation was triggered by an alert from Kaspersky MDR, which flagged the creation and execution of suspicious PowerShell and VBS scripts spawned by a ScreenConnect process.

About ScreenConnect

ScreenConnect is a legitimate remote management utility. Kaspersky solutions detect it as not-a-virus:HEUR:RemoteAdmin.MSIL.ConnectWise.gen.

ScreenConnect was running as an Access-type service — enabling direct remote connectivity — with the server explicitly passed via the command line:

ScreenConnect service execution event with suspicious parameters

Once running, ScreenConnect created and executed a PowerShell script named Fj5NmEsp9EuKrun.ps1:

Malicious PowerShell script creation

Below is an excerpt from the contents of the script:

Snippet of Fj5NmEsp9EuKrun.ps1

This script configures Microsoft Defender exclusions for the following objects:

  • All disks in the system: C:\, D:\, and others
  • All root directories on the C:\ drive, as well as the C:\Users\Public directory
  • RegAsm.exe process

Additionally, the script disables User Account Control (UAC) prompts by setting the ConsentPromptBehaviorAdmin registry parameter to 0.

Following this setup, the ScreenConnect service goes on to create a VBScript file:

Malicious VBScript creation

The installer_method3_stream.vbs script creates five files in the C:\Users\Public directory (msgbox.txt, secret_bytes.txt, 1.vb, cap.ps1, and script.vbs) and immediately triggers their execution by launching script.vbs.

Contents of script.vbs

This script terminates all active powershell.exe processes to cover its tracks and executes cap.ps1 in a hidden window.

Contents of cap.ps1

cap.ps1 reads the contents of the secret_bytes.txt file, extracts sequences matching the [SXX- pattern, and converts XX from hexadecimal representation to a byte. It then uses a 0xA7 XOR key to decrypt each byte and inverts the bit order. The resulting byte array yields a fully formed PE binary, which is then reflectively loaded into the CLR.

Within the loaded assembly, the ConsoleApp1.Module1 type contains a static method named Run. The script uses reflection (Reflection.BindingFlags) to resolve a reference to this method and invoke it.

The Run method executes a process hollowing technique (T1055.012), spawning a new RegAsm.exe process with the CREATE_SUSPENDED flag. The deobfuscated and decrypted PE image from secret_bytes.txt is then copied into its address space. As a result, the RegAsm.exe process no longer executes its original code, instead serving as a container for the injected .NET module — which, in this case, is the AsyncRAT remote access Trojan.

To establish persistence, the malware schedules a task named MasterPackager.Updater:

"schtasks" /Create /TN "MasterPackager.Updater" /TR "wscript.exe "C:\Users\Public\script.vbs" " /SC MINUTE /MO 2 /F

This task triggers every two minutes, ensuring that script.vbs — and consequently the entire loader chain — executes even after a system reboot.

Once the entire infection chain successfully executes, the RegAsm.exe process establishes a connection to the C2 domain mora1987[.]work[.]gd.

AsyncRAT infection and persistence chain via ScreenConnect

How ScreenConnect entered the system

A retrospective analysis of the incident allowed us to pinpoint the source of the ScreenConnect installation: a user-downloaded archive named obs-studio-windows-x64.zip.

The archive was downloaded from hxxps://www.studioobs[.]com/, a typosquatted domain mimicking the official site for OBS Studio, a popular open-source screen recording app. This site is present in search engine results; in this specific incident, the user landed on the malicious domain directly from a search query, a vector we analyze in more detail below.

Clicking the download button for the supposedly legitimate software triggers a request to the following URL, from which the archive is fetched:

hxxps://fileget.loseyourip[.]com/obs-studio-windows-full/gVOMs5VZ9BtlcaM

Site used to deliver ScreenConnect

The archive contains a legitimate, Microsoft-signed executable named install.exe (87603EA025623B19954E460ADD532048), renamed to masquerade as the OBS Studio installer, along with a malicious library named install.res.1033.dll. Additionally, the archive includes an Assets folder containing both a copy of the actual software being impersonated and the ScreenConnect utility.

Contents of obs-studio-windows-x64.zip

The complete file structure of the archive is organized as follows:

Detailed directory tree of obs-studio-windows-x64.zip

When OBS-Studio-Installer.exe is executed, it loads install.res.1033.dll via DLL sideloading. This library contains the instructions required to install both ScreenConnect and OBS Studio. The deployment relies on native Windows utilities (msiexec.exe), but the attackers renamed the standard MSI packages to look like DLL files:

  • Assets\x86\Data\vcredist_x64.dll: ScreenConnect installer
  • Assets\x86\Data\vcredist_x86.dll: OBS Studio installer

The contents of the vcredist_x64.dll MSI package are shown below:

ScreenConnect installation files

The Windows Installer is launched to install ScreenConnect silently in the background without requiring a system reboot:

msiexec.exe /i "C:\Temp\OBS-Studio-Windows-x64\Assets\x86\vcredist_x64.dll" /qn /norestart

Once the installation wraps up, a new service named Microsoft Update Service is created. The command line for this service explicitly defines the connection server as r[.]servermanagemen[.]xyz.

Meanwhile, the MSI package for the actual OBS Studio software runs using a standard graphical user interface.

ScreenConnect and OBS Studio installation workflow

Expanding the investigation

The attackers’ reliance on the legitimate install.exe binary provided a crucial pivot point for our broader investigation. We discovered that this specific file was being deployed in the wild under a variety of suspicious aliases, including:

  • ds4windows.exe
  • crosshairx_installer.exe
  • obs-studio-installer.exe
  • dns jumper.exe
  • glary utilities pro.exe
  • processhacker-2.39-setup.exe

These file names indicate that the threat actor was disguising their ScreenConnect archives as popular utilities beyond OBS Studio. Among the fakes, we identified counterfeit installers for DS4Windows, DNS Jumper, Glary Utilities, and Process Hacker. Crucially, when we search for these utilities on major search engines, these fraudulent sites frequently appear at the very top of the organic search results. This indicates that the threat actor is actively leveraging SEO techniques to boost traffic to their landing pages.

Spoofed software portals appearing in search engine results

For example, here is how the fraudulent download portal for DNS Jumper looks:

Fake website mimicking the official DNS Jumper resource

On this page, the download button directs users to the following address:

hxxps://direct-download.giize[.]com/dns-jumper/iopbsr4hymbo7nfa1q7j

Just like the OBS Studio variant, this drops an archive onto the victim’s device with an identical structure: a renamed legitimate install.exe file, a sideloaded library, and an Assets directory containing the promised software packaged alongside ScreenConnect.

Contents of the DNS Jumper and ScreenConnect archive

Other fraudulent websites that appear in search engine results when querying the corresponding software are designed in a similar fashion.

Spoofed websites used to distribute ScreenConnect

Notably, the vast majority of the fraudulent sites we uncovered are localized into English, Russian, and Chinese. In several instances, the pages were also translated into German, French, Spanish, Arabic, and other languages. This multi-language support underscores the global footprint of the campaign, targeting a broad user base across multiple regions.

Language localization options on a ScreenConnect delivery site

Fake domain infrastructure

To distribute ScreenConnect disguised as freeware, the threat actor spun up an extensive network of domain names mapped across three IP addresses. We have categorized these into two distinct infrastructure clusters.

Cluster 1: 162.216.241[.]242 and 198.23.185[.]81

``` 162.216.241[.]242 Country: United States Org name: Dynu Systems Incorporated ```

The connection graph below illustrates the campaign websites tied to IP address 162.216.241[.]242, which hosts the previously mentioned www[.]studioobs[.]com domain.

URL connection graph for IP 162.216.241[.]242


Looking into the registration dates for the domains on this IP, we found that the threat actor initially attempted to disguise their sites as various gaming portals:

Subsequently, starting in January 2026, they shifted strategy and began registering fake domains designed to mimic popular freeware:

In this specific branch of the ScreenConnect campaign, the malicious archives are hosted on fileget.loseyourip[.]com. Notably, the download resource is hosted on a completely separate provider:

``` 198.23.185[.]81 Country: United States Org name: NOHAVPS LLC ```

Our analysis of this second IP address revealed that it also hosts additional resources tied to the campaign, including fake gaming sites and supplementary download links:

URL connection graph for IP 198.23.185[.]81

Cluster 2: 2.59.134[.]97

``` 2.59.134[.]97 Country: Germany Org name: dataforest GmbH ```

Below is an infrastructure graph showing this IP address and its hosted domains. Notably, unlike the previous case, this address also hosts direct-download.giize[.]com, a resource used to store distributed malicious archives.

URL connection graph for IP 2.59.134[.]97

In this branch of the campaign, the threat actor skipped game-themed lures entirely, focusing exclusively on creating fraudulent freeware sites that bundled ScreenConnect with the requested application. The domains hosted on IP address 2.59.134[.]97 were registered between October 2025 and March 2026.

The chart below shows the volume of fraudulent websites created month by month:

Breakdown of ScreenConnect delivery sites by theme, August 2025 through March 2026 (download)

C2 infrastructure analysis

In total, we identified dozens of different archives distributed across this campaign. All of them share a uniform file structure, containing the malicious install.res.1033.dll library and the ScreenConnect MSI package located at Assets\x86\vcredist_x64.dll.

In some instances, the ScreenConnect installation package also bundles a CAB archive.

Contents of the CAB archive

This archive contains a system.config XML file, which defines the connection address for the ScreenConnect C2 server:

Contents of system.config

By analyzing these ScreenConnect installations, we uncovered additional C2 addresses, which are mapped out in the following graph:

Connection graph of ScreenConnect C2 domains

The next graph illustrates the AsyncRAT command-and-control infrastructure:

AsyncRAT C2 server infrastructure

Based on the registration dates of the C2 domains, we can determine that the campaign was launched in October 2025 and paused at the end of March. However, at the time of publication, many of the landing pages remain accessible via search engine results.

Takeaways

Investigating a single case of AsyncRAT delivered via ScreenConnect allowed us to uncover a massive, multi-domain, multi-language infrastructure designed to distribute a hidden installer for this software and further advance the attack. The threat actor disguises ScreenConnect as popular utilities and distributes it through fraudulent websites that mimic official product pages. The attackers leverage search engine optimization techniques to push these sites to the top of search results in engines like Google and Bing.

This attack chain targets both everyday consumers downloading free software from the internet and corporate networks, where remote access tools are frequently allowlisted and granted elevated privileges.

The potential objective of the campaign is to steal credentials en masse and gain unauthorized access to systems for subsequent resale on dark web marketplaces.

To mitigate the risks associated with this threat, we recommend implementing the following security measures:

  • Enforce strict software installation controls: application allowlisting and blocking MSI package execution from untrusted sources
  • Continuously monitor for the creation of new remote administration services and scheduler tasks
  • Filter outbound traffic to unknown domains and IP addresses
  • Regularly train users on safe downloading practices
  • Verify the authenticity of all software sources

For enterprise users, credential monitoring is a critical mitigation strategy against the risks detailed in this article, as a leaked account or compromised system access frequently serves as a vector for subsequent attacks on the organization.  Kaspersky Digital Footprint Intelligence provides continuous data monitoring across open and dark web sources, enabling security teams to respond proactively to potential threats.

Detection by Kaspersky solutions

Kaspersky Managed Detection and Response detects the malicious activity described in this post using the following indicators of attack:

  1. ScreenConnect service creation with suspicious parameters
    logsource: product: windows category: security detection: selection_access: EventID: 4697 Service File Name|contains: - 'e=Access' - 'ClientService.exe' selection_support: EventID: 4697 Service File Name|contains: - 'e=Support' - 'ClientService.exe' condition: selection_access or selection_support
  2. Anomalous child processes being spawned by the ScreenConnect service
    logsource: product: windows category: process_creation detection: selection: ParentImage|endswith: - '\\ScreenConnect.ClientService.exe' - '\\ScreenConnect.WindowsClient.exe' - '\\ScreenConnect.WindowsBackstageShell.exe' - '\\ScreenConnect.WindowsFileManager.exe' Image|endswith: - '\\powershell.exe' - '\\cmd.exe' - '\\net.exe' - '\\schtasks.exe' - '\\sc.exe' - '\\msiexec.exe' - '\\mshta.exe' - '\\rundll32.exe' condition: selection

Additionally, Kaspersky products detect the malware covered in this post under the following verdicts:

  • Trojan.Win64.DLLhijack.*
  • Trojan.VBS.Agent.*
  • Trojan.PowerShell.Agent.bav
  • Trojan.JS.SAgent.sb

Endpoint malicious activity can be monitored using Kaspersky EDR Expert. Specifically, security teams should look for the execution of commands and scripts containing suspicious patterns, such as XOR operations used for command and data obfuscation by malware operating on the host. This activity is flagged by the suspicious_assembly_loading_into_powershell_via_reflection_amsi and xored_powershell_command_amsi rules.

Additionally, persistence mechanisms involving the creation, modification, or utilization of scheduled tasks via the schtasks.exe utility are caught by the scheduled_task_create_from_public_directory_via_schtasks rule.

Malicious code injection into the RegAsm.exe process — leveraged by attackers to masquerade execution behind a trusted system component — is detected via the code_injection_to_unusual_process rule.

To visualize the stages of the attack, security teams can utilize Kaspersky Cloud Sandbox on the Threat Intelligence portal. For instance, this tool allows defenders to map out the entire deployment and payload execution chain originating from the initial VBS dropper.

Furthermore, the Kaspersky Threat Intelligence portal supports searching and graphing the connections between malicious domains and files involved in this campaign, as demonstrated in our adversary infrastructure analysis section.

Finally, the Similarity engine within Kaspersky Threat Analysis profiles file contents to hunt down samples resembling the original threat, helping organizations identify new or previously undetected malicious objects.

Indicators of compromise Loaders

B32810973132D11AFD61CCEE222BBB79
5B7E1FE55BD7B5EA54BD4ED1677E5A26
9A9CCD8B0E5D05F4EE77667B024844DB
0EEE9BAD07E22415439E854657FA1366
8F4E8B680D3E8D3F5AC39BD72882F713

Malicious library: install.res.1033.dll

5F96C04E3AFAE97017B201BE112284D2
73BEAD922109A61E5F9F85771A7812C5
EDFF4F58722C93D7C09ED71899416396
83601C3D4ED28E8D2BE1B99BEB8EC18C
695E794631EF130583368770E7B81E98
83601C3D4ED28E8D2BE1B99BEB8EC18C
1E6A5C7B620D487D0CFC6874C3B77C90
54025CE2A9405039899FE99A1D77E0BB
BD05FCF80E493CF9AA71EC510319469D
999A63730C9634481D1D76955A2E76A8
479BD3BB617B39CD4A46D0768A2592D4
776DFD3DF9C04BB9FCDD6C1880C3761A
8E4C57358A66EB14D31ABB614DDC68DE
A40D3AEB0DAE5B00BDB3A517F3135BBB
A85A5BFDCB7C65AB93043B8CF9E20065
01325880EFFFEC546F59490089A3B415

AsyncRAT C2

mora1987[.]work[.]gd

Fake websites addresses

ds4windows[.]io
direct-download[.]giize[.]com
tmodloader[.]org
tmodloader[.]app
ds4windows[.]net
losslessscaling[.]app
processhacker[.]dev
steamtools[.]pro
dnsjumper[.]app
free-download[.]camdvr[.]org
defendercontrol[.]org
dns-jumper[.]com
cpuz[.]app
processhacker[.]org
processhacker[.]app
steamtools[.]cc
cpuz[.]pro
wallpaper-engine[.]app
processhacker[.]net
antimicrox[.]net
defendercontrol[.]app
tmodloader[.]pro
dnsjumper[.]io
bandicam[.]app
mgba[.]app
dnsjumper[.]pro
ferdium[.]app
ds4windows[.]pro
lossless-scaling[.]online
defender-control[.]com
gom-player[.]app
defendercontrol[.]pro
lossless-scaling[.]download
antimicrox[.]pro
mgba[.]pro
lossless-scaling[.]app
losslessscaling[.]pro
mgba[.]dev
tmodloader[.]download
tmod-loader[.]com
defendercontrol[.]download
ferdium[.]pro
deadreset[.]com
gom-player[.]net
crosshairx[.]pro
libreoffice[.]pro
studioobs[.]com
studio-obs[.]net
crosshairxv2[.]com
km-player[.]com
corel-draw[.]net
glary-utilities[.]com
download-full-version[.]ooguy[.]com
crosshair-x[.]com
kms-tools[.]com
studio-obs[.]com
crosshairx[.]net
clair-obscur-33[.]com
vlc-player[.]net
arksurvival-ascended[.]com
elden-ringnightreign[.]com
ready-ornot[.]com
arma-reforger[.]com
crusader-kings[.]com
crosshairx2[.]com
mediaplayerclassic[.]net
bandizip[.]pro
obs-studio[.]site
ovr-advanced-settings[.]com
studio-obs[.]pro
vlc-media[.]com
clair-obscur-33[.]town
ovr-toolkit[.]com
crusader-kings[.]church
bandizip[.]net
apexlegends[.]org
obs-studio[.]pro
vlc-media[.]net
crosshairx[.]site
monster-hunterwilds[.]com
km-player[.]pro
mediaplayerclassic[.]pro
kms-tools[.]net
fernbus-simulator[.]com
studioobs[.]pro
bandicam[.]cc
crystaldiskmark[.]cc
crystaldiskmark[.]io
crystaldiskmark[.]dev
crystaldiskmark[.]app
crystaldiskmark[.]pro
bandicam[.]io

Fake domain infrastructure

fileget.loseyourip[.]com
file-download-crosshairx.giize[.]com
all-toll-free.loseyourip[.]com
mpc-update.giize[.]com
all-toll-free.publicvm[.]com
198.23.185[.]81
direct-download.giize[.]com

ScreenConnect C2

servermanagemen[.]xyz
185.254.97[.]249
r.manage-server[.]xyz
45.145.41[.]205
winservec[.]net
manageserver[.]xyz
cloudsynn[.]com
pingserv[.]pro
ehostservers[.]xyz
serverdnsplan[.]net
pingpanl[.]pro
managedevice[.]xyz
edgeserv[.]ru

12 handy hidden Google Docs tricks for Android

Computerworld.com [Hacking News] - 7 hodin 20 min zpět

Few apps are as essential to mobile productivity as the humble word processor. I think I’ve probably spent a solid seven years of my life staring at Google Docs on one device or another at this point, and those minutes only keep ticking up with practically every passing day.

While we can’t do much about the need to gaze at that word-filled white screen, what we can do is learn how to make every moment spent within Docs count — and in the Docs Android app, specifically, there are some pretty spectacular tucked-away time-savers just waiting to be discovered.

Make a mental note of these advanced shortcuts and options, and put ’em to good use the next time you find yourself staring at Docs on your own device.

Google Docs Android feature #1: Smarter document organization

We’ll save the best for, erm, first — ’cause the easily overlooked feature we’re kickin’ things off with can save you some serious time and make your mobile editing experience significantly easier.

After all, dealing with a complex document from your phone can be a real hassle. Who wants to waste time scrolling through endless-seeming screens to find the section of info you need to read, edit, or work on at any given moment?

I sure as heckfire don’t — and if you remember to use Docs’ out-of-the-way Outline option, you’ll never have to do it again, either. While viewing or editing any document with any sort of headers in it (be they actual header-formatted text or even just bolded section titles), tap the three-dot menu icon in Docs’ upper-right corner and then select “Document Outline.”

And by golly, wouldya look at that?

An automatic document outline is never out of reach in the Docs Android app.

JR Raphael, Foundry

Jumping to any part of the document is now just a single tap away.

[Psst: Love shortcuts? My Android Shortcut Supercourse will teach you tons of time-saving tricks for every single part of your smartphone experience. Sign up now for free!]

Google Docs Android feature #2: Instant tab access

Speaking of organization, in that same section of the in-document three-dot menu resides an easily overlooked option called “Document tabs.”

Tap it, and you can then see, manage, and move among any tabs created within the document for added organization — just like in the Docs desktop interface.

Who knew?! Your Google Docs tabs are now accessible within the Docs Android app as well.

JR Raphael, Foundry

Yes, please — and thank you.

Google Docs Android feature #3: Easier Word integration

When you’re working with clients, colleagues, or even camels who for some reason prefer the Microsoft editing ecosystem, you don’t have to do much to bridge that gap. The Docs Android app can already open and allow you to edit Word files, without any work — and with one simple flip of a switch, you can create new files in the .DOCX format just as easily.

To find the feature, you’ve gotta back out of any actual documents and get onto the main Docs screen — the screen with the search box at the top and all your documents listed out beneath it. Tap the three-line menu icon in the upper-left corner of that screen and head into the Settings section of that main menu. There, you should see the very switch we need:

Tick one toggle, and you can then create native Word files within the Docs Android app anytime.

JR Raphael, Foundry

Flip that into the on position, then back yourself out to the main Docs screen. The next time you tap the plus icon in that area’s lower-right corner, you should see “New Word file” show up as an option right above the default “New Docs file” command.

And just as a reminder, if you ever want to save an existing Docs file into the .DOCX format, you can do that, too: Tap the three-dot menu icon while editing a document, select “Share & export,” then select “Save As” and choose the “Word (.docx)” option.

Saving any document as a Word file is also easy, once you know where to look.

JR Raphael, Foundry

You can also save the file as a PDF or other common document format from that same menu.

Google Docs Android feature #4: The swift sender

While we’re thinkin’ about dealing with different document formats, download this into your long-term memory: The next time you need to save or send a document as an actual file — as opposed to an in-app, collaboration-ready Google Docs share — you can save yourself the trouble of downloading and then reuploading the thing and simply send it directly from the Docs Android app.

The trick is to once again tap that three-dot menu icon whilst editing a file and then select that same “Share & export” menu we just went over. But this time, instead of going with the “Save As” option, select “Send a copy.”

You can then pick from the same set of format choices we just finished exploring. And from there, Docs will allow you to choose from any compatible app on your device — everything from Android email and messaging apps to note-storing services like Notion and Trello.

Send any document into any other compatible app on your phone for a simplified sharing setup.

JR Raphael, Foundry

All it takes is one more tap from there, and your document will be on its way to the appropriate place in the format you requested — just like that.

Google Docs Android feature #5: The local file finder

Ever download a document onto your phone — be it from an email, a Slack channel, a website, or any other such source — and then later find yourself struggling to find it? Well, get this: Google’s got its own simple file finder ready and waiting for you right within the regular Docs app. Who woulda thunk, right?!

But oh, it be there, all righty. It’s that innocuous little folder icon within the search bar on the main Docs screen — something I must’ve seen about a thousand times before I ever thought to actually tap it.

Whoa — a built-in Docs file finder?!

JR Raphael, Foundry

When you do, the app will prompt you to find a saved file from either your local phone storage or from your online Drive storage. And once you select either option, you can browse through the associated place to see what’s there or search to find exactly what you’re after — no hopping over to a separate Android file manager required.

Google Docs Android feature #6: The Drive detour

Speaking of Google Drive, if you ever find yourself needing to mosey over to the full Drive interface to dig around more deeply or pull up a file that isn’t text-related, here’s a handy little secret:

You can actually fly from Docs directly to Drive without going through all the usual steps — y’know, heading back to your home screen, finding the Drive icon, and opening it up anew from there.

Just rely on the Docs app’s artfully hidden Drive shortcut to slash steps and zip straight between the two related interfaces. The option is quietly waiting for you within the three-line menu icon on the main Docs screen.

Docs and Drive — BFFs forever.

JR Raphael, Foundry

And now you know.

Google Docs Android feature #7: The account adjuster

Keep that overly moist eyeball of yours in that same area of the Docs app interface for a minute, ’cause we’ve got one more sneaky shortcut worth unearthing there.

It’s a shortcut baked into your face — or whatever sort of image you’ve got in place for your Google account profile photo, up in the app’s upper-right corner.

As is the case with most Google-made apps on Android these days, you can swipe up or down on that image to flip through any additional accounts you’ve got connected on your phone. If you only have a single account set up, this obviously won’t apply to you. But if you have, say, a personal Google account and a work address or even a few different situation-specific personal or work identities, it’s a splendid way to move between ’em with next to no effort and just a single swift swipe.

Google Docs Android feature #8: The direct document shortcut

Another shortcut worth burning into your brainspace: If you find yourself working on a specific document or set of documents frequently — whether they’re evolving documents you access all the time or just specific projects on your radar at one particular moment — save yourself the steps of opening the Docs app, finding ’em there, and then tapping their titles to get into ’em and instead give yourself one-tap shortcuts to open the files directly from your home screen.

The option to do that is pretty buried, but it’s well worth digging up. Start by finding the document in question on the main Docs screen. Long-press it, and then look way down on the menu that pops up for the “Add to home screen” command. (Depending on the size of your phone, you might have to scroll down that menu a bit before you’ll see it appear.)

You’ve usually gotta scroll to find it, but Docs’ “Add to home screen” option is there and ready to save you time.

JR Raphael, Foundry

Tap that bad boy and follow the prompt to place the shortcut wherever you want it — and say “hocus pocus” for good measure, if you’re feelin’ merry — and before you know it, you’ll have an app-like icon sitting right on your home screen. Tapping it will take you directly into the document you selected, without any extra steps required.

You could even get ambitious and create an entire folder on your home screen where you store a variety of high-priority or in-progress documents.

What’s up, Docs?

JR Raphael, Foundry

Three cheers for seconds saved!

Google Docs Android feature #9: Quick function shortcuts

Let’s keep our shortcut mojo goin’ for one more minute, shall we? You can actually follow that same pattern we just went over and and put shortcuts for common Docs commands like creating a new document or searching your existing documents right on your home screen, too. That way, you can perform the associated commands quickly and without any wasted effort opening up the app and hunting around for ’em — and what’s not to love about added efficiency?

These are actually part of Android’s oft-forgotten App Shortcuts system — the thing that came around way back with 2016’s Android 7.1 Nougat release and that’s still vexingly out of sight and out of mind for most of us.

Open up your app drawer, though, and find the Docs icon — or find the Docs icon on your home screen, if it’s there. Press and hold it, and you should see a series of options for direct shortcuts to actions within the app appear.

All sorts of helpful Docs options are accessible right from your home screen.

JR Raphael, Foundry

You can always get to those by long-pressing the Docs icon, but if you find yourself using the functions often, you can make it even easier by pressing and holding one of ’em within that pop-up menu and then dragging it directly onto your home screen for one-touch access.

You could even build yourself a nifty little Docs command center for super-fast access to all the stuff you use the most:

Docs, Docs, everywhere — so many options, never more than a tap away.

JR Raphael, Foundry

And while we’ve got easy access on our minds…

Google Docs Android feature #10: The offline on switch

By default, the Docs Android app will make any files you actively work within the app available for offline use for a while — but if you’re getting ready to travel or expecting any other connectivity-challenged moments, you don’t have to rely on its judgment to make sure your stuff is accessible even without internet access.

From the main Docs screen, tap the three-dot icon alongside any document name and then look for the “Make available offline” option within the menu that pops up.

Pro tip: Turn offline access on before the need actually arises.

JR Raphael, Foundry

Tap that for any document that you expect to need and then rest easy knowing it’ll be there and available for you — no matter your current connection status.

Google Docs Android feature #11: Wordless reactions

Sometimes, a picture really is worth a thousand words. Or at least a couple hundred.

That’s especially true when collaborating on a document and expressing your opinions — which, let’s be honest, often come down to simple reactions like ???? or maybe ????.

Docs has allowed emoji reactions as a part of its editing process for a while now, and at some point along the way, the Android app gained the same ability. It’s just weirdly tucked away in a place where few word-minded mammals would ever find it.

So do this: The next time you’re working on a shared doc, try pressing and holding your finger onto any word to highlight it. (You can then use the selector icons that pop up to expand or shift your selection, if needed.)

Now for the tricky part: In the menu that appears alongside your selection — the one that contains “Copy” and other such commands — look for the three-line icon at its far right side.

See that little three-line icon within the text actions pop-up?

JR Raphael, Foundry

Tap that — and lookie what we have here: the awkwardly hidden option to add an emoji reaction! ????

Emojis for everyone — hip, hip, hoorah!

JR Raphael, Foundry

Hit that sneaky little thing with all your might, then select the most appropriate reaction and move on with a satisfied ???? in your mind.

Google Docs Android feature #12: Your in-doc AI

Generative AI these days is a bit of a mixed bag, to put it politely. Google’s Gemini and other such services are arguably causing more harm than good, on numerous levels, and also just creating paths for lazy, low-quality and accuracy-challenged work.

But in the right scenario and with the right sort of framing, Gemini-style AI can actually be useful. The onus just falls squarely on you to determine how to most effectively use it and avoid falling into the traps of unoriginality or, worse, inaccuracy.

The Docs Android app now offers a direct shortcut to Gemini within its editing interface — via the starburst-shaped icon in the toolbar at the top of the screen — and with some careful considering, it might just end up being a helpful reading or editing tool for you.

A few suggestions that notably don’t involve having AI write lazy, uninspired copy on your behalf:

  • You can use the Gemini in Docs system as a quick ‘n’ easy way to get a definition or list of synonyms for any word in front of you.
  • You can also use it to ask for context or related information — like an integrated research aide. (Just remember that AI doesn’t always get things right, so treat it as more of a starting point than a final quote-ready answer.)
  • And you can lean on it to perform tasks like summarizing or outlining a long document or helping you reorganize a document into a more logical state.
Gemini is now available directly within Docs. Please, use it wisely.

JR Raphael, Foundry

You may still end up spending a ton of time in Docs, but at least now you’ll make the most of every second there and avoid wasting your effort on piddly little tasks that can be made more efficient. And that, as far as I’m concerned, warrants an enthusiastic ???? reaction — maybe even followed by a well-earned ????.

Get six full days of advanced Android knowledge with my free Android Shortcut Supercourse. You’ll learn tons of time-saving tricks for your phone!

Kategorie: Hacking & Security

Amazon fined $2.25M for withholding evidence from fraud victims

Bleeping Computer - 7 hodin 1 min zpět
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records. [...]
Kategorie: Hacking & Security
Syndikovat obsah