ICYMI: Security Vulnerabilities Found In Multiple Tunneling Protocols

Can you read this cursive handwriting? The National Archives wants your help, according to an article from Smithsonian Magazine. Anyone with an internet connection can volunteer to transcribe historical documents and help make the archives’ digital catalog more accessible. The National Archives is brimming with historical documents written in cursive, including some that date back more than 200 years. But these texts can be difficult to read and understand — particularly for Americans who never learned cursive in school. That’s why the National Archives is looking for volunteers who can help transcribe and organize its many handwritten records: The goal of the Citizen Archivist program is to help “unlock history” by making digital documents more accessible, according to the project’s website.

The phishing-as-a-service kit from Sneaky Log creates fake authentication pages to farm account information, including two-factor security codes, according to an article from TechRepublic. Security researchers at French firm Sekoia detected a new phishing-as-a-service kit targeting Microsoft 365 accounts in December 2024, the company announced on Jan. 16. The kit, called Sneaky 2FA, was distributed through Telegram by the threat actor service Sneaky Log. It is associated with about 100 domains and has been active since at least October 2024. Sneaky 2FA is an adversary-in-the-middle attack, meaning it intercepts information sent between two devices: in this case, a device with Microsoft 365 and a phishing server. Sneaky 2FA falls under the class of business email compromise attacks.

From the “here we go again” department, the Windows 11 24H2 patch breaks audio, Bluetooth, webcams, and more, continuing the trend from last year, according to an article from PCWorld. The first Windows 11 24H2 patch of 2025 is causing all sorts of problems. Update KB5050009, the first patch of the year for Windows 11, released two weeks ago on January 15. However, instead of fixing and improving the problematic 24H2 version of Windows 11 (which is now mandatory), this update once again brings with it a number of problems. As reported by Windows Latest, users are encountering various errors with sound output, Bluetooth connections, and more.

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks, according to an article from The Hacker News. “Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor and researcher Mathy Vanhoef. As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries. Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks.

Could the Carrington Event happen again? It happened in 1859. Today, it would be catastrophic, according to an article from Popular Science. On a hot and humid Florida night in late August 1859, the sky suddenly lit up. But it was not from fireflies or a fireswamp. Instead, it was the Northern Lights–or aurora borealis. The aurora is usually seen in far more northern latitudes, but it had somehow reached the subtropics and danced across the night sky. Reports of the aurora came in from as far south as Central America, and some in the Rocky Mountains even believed it was morning because the sky was so bright. “In a world that is now so dependent on electricity and electronics, a similar event has the potential to cause widespread disruptions and damage to the electronics aboard Earth-orbiting satellites, ground-based electronics, and the power grid,” said Alex Gianninas, an astrophysicist at Connecticut College.

Security researchers from Georgia Institute of Technology and Ruhr University Bochum discovered two side-channel vulnerabilities in devices with Apple name-brand chips from 2021 or later that could expose sensitive information to attackers, according to an article from TechRepublic. Specifically, the vulnerabilities known as SLAP and FLOP skim credit card information, locations, and other personal data. Data can be gathered from sites like iCloud Calendar, Google Maps, and Proton Mail via Safari and Chrome. As of late January, Apple is aware of the vulnerabilities. “Based on our analysis, we do not believe this issue poses an immediate risk to our users,” an Apple representative told ArsTechnica. According to the researchers, Apple plans to release a patch at an undisclosed time. The researchers have not found evidence of threat actors using these vulnerabilities.

A new study has found that US communities exposed to drinking water contaminated with 'forever chemicals' have up to 33 percent higher rates of certain cancers, according to an article from ScienceAlert. Scientists have good reason to believe a number of compounds referred to as PFAS (per- and poly-fluoroalkyl substances) are linked to cancer: they've already been implicated in kidney, breast, and testicular cancer, with at least one of the chemicals, PFOA, labeled as a carcinogen by the International Agency for Research on Cancer. These chemicals were first used in consumer and industrial products in the 1940s, and though many have been replaced, PFAS unfortunately have a lasting legacy thanks to their remarkable thermal and chemical stability. They're in our raincoats and upholstery, food packages, non-stick pots and pans, and fire-fighting foams. As these things disintegrate and become peppered throughout our environments, they've wound up in our food, our drinking water, and our bodies, too.

According to an article from Lifehacker, Comcast just gave six cities an early look at lag-free internet. L4S is an open-source standard that aims to significantly reduce latency online, and Comcast is among the first to allow customers access to it. If you live in Atlanta, Chicago, Philadelphia, San Francisco, Colorado Springs, or Rockville (Maryland), Comcast might have just given you a sneak peek at the internet of the future. In collaboration with Apple, Meta, Nvidia, and Valve, the service provider is currently rolling out its implementation of a new open standard called “L4S,” which seeks to drastically reduce how much lag impacts its customers, and make gaming and video calls much smoother.

Facebook is banning posts that mention various Linux-related topics, sites, or groups, according to an article from Tom’s Hardware. Some users may also see their accounts locked or limited when posting Linux topics. Major open-source operating system news, reviews, and discussion site DistroWatch is at the center of the controversy, as it seems to be the first to have noticed that Facebook's Community Standards had blackballed it. A post on the site claims, “Facebook's internal policymakers decided that Linux is malware and labeled groups associated with Linux as being 'cybersecurity threats.' We tried to post some blurb about distrowatch.com on Facebook and can confirm that it was barred with a message citing Community Standards. DistroWatch says that the Facebook ban took effect on January 19. Readers have reported difficulty posting links to the site on this social media platform. Moreover, some have told DistroWatch that their Facebook accounts have been locked or limited after sharing posts mentioning Linux topics. Facebook's overzealous ban on some Linux topics in the name of Community Standards and its protection of its users from threats come with a large ladle full of irony. “Facebook runs much of its infrastructure on Linux,” DistroWatch points out, “and often posts job ads looking for Linux developers.” (Editor’s Note: it has been reported in multiple media outlets that Facebook has relaxed their stance on Linux posts, and has blamed the problem on overzealous settings in the software enforcing the “Community Standards.”)

Here’s a nice example of AI producing inaccurate information, or just AI running amok. Google just debuted a series of Super Bowl ads showing how small businesses use Gemini AI across all 50 states, but the cheese lovers out there might notice something a little off about its Wisconsin one, according to an article from The Verge. As spotted by @natejhake on X, the ad shows Gemini AI generating text that says Gouda accounts for “50 to 60 percent of the world’s cheese consumption” — a stat that isn’t quite accurate. The cheese is undoubtedly popular in Europe, but the same can’t be said for the rest of the world. “While Gouda is likely the most common single variety in world trade, it is almost assuredly not the most widely consumed,” Andrew Novakovic, E.V. Baker Professor of Agricultural Economics Emeritus at Cornell University, tells The Verge.

Chinese astronauts have created rocket fuel in space using “artificial photosynthesis,” according to an article from Futurism.com. Could this be the key for generating breathable air on the Moon? Chinese astronauts claim to have created rocket fuel on board the country's Tiangong space station using a new process dubbed “artificial photosynthesis.” As the South China Morning Post reports, space travelers from the current Shenzhou-19 mission produced the necessary ingredients of rocket fuel, as well as oxygen, another useful resource in space. The team used semiconductor catalysts to turn carbon dioxide and water into oxygen and ethylene, a hydrocarbon commonly used to produce spacecraft propellants, according to the SCMP.

A groundbreaking discovery by researchers at the University of California, Los Angeles (UCLA) has challenged a long-standing rule in organic chemistry known as Bredt’s Rule, according to an article from Glass Almanac. Established nearly a century ago, this rule stated that certain types of specific organic molecules could not be synthesized due to their instability. UCLA’s team’s findings open the door to new molecular structures that were previously deemed unattainable, potentially revolutionizing fields such as pharmaceutical research.

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users, according to an article from BleepingComputer. In addition, 158,000 developer accounts were banned for attempting to publish harmful apps like malware and spyware on Android's official app store. In comparison, Google blocked 2,280,000 risky apps in 2023 and 1,500,000 apps in 2022, while the figures for blocked Play developer accounts were 333,000 and 173,000, respectively. The larger number of blocked apps in 2024 is partly attributed to AI assisting human reviews, which was used in 92% of the violating cases. “Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play,” explained Google.

A backdoor has been found in two healthcare patient monitors, linked to an IP in China, according to an article from Bleeping Computer. The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. Contec is a China-based company that specializes in healthcare technology, offering a range of medical devices including patient monitoring systems, diagnostic equipment, and laboratory instruments. CISA learned of the malicious behavior from an external researcher who disclosed the vulnerability to the agency. When CISA tested three Contec CMS8000 firmware packages, the researchers discovered anomalous network traffic to a hard-coded external IP address, which is not associated with the company but rather a university.

Scientists have identified the Camp Hill virus, a henipavirus, in shrews in Alabama, marking its first detection in North America, according to an article from SciTechDaily. Researchers at the University of Queensland have discovered the first henipavirus detected in North America. Dr. Rhys Parry from the School of Chemistry and Molecular Biosciences confirmed the presence of Camp Hill virus in shrews in Alabama, USA. “Henipaviruses have caused serious disease and death in people and animals in other regions,” Dr Parry said. “One of the most dangerous is the Hendra virus, which was first detected in Brisbane, Australia, and has a fatality rate of 70 percent. Another example is Nipah virus, which has recorded fatality rates between 40 and 75 percent in outbreaks in Southeast Asia, including in Malaysia and Bangladesh. The discovery of a henipavirus in North America is highly significant, as it suggests these viruses may be more globally distributed than previously thought.”

It should be as easy to cancel a service as it is to subscribe to it, and at long last, it's about to be, according to an article from Lifehacker. For anyone who's ever found themselves trapped in an endless maze of customer service calls trying to cancel a subscription — especially when the company doesn't want you to — relief is finally on the way. The Federal Trade Commission (FTC) has introduced a new rule that will require companies to make canceling subscriptions as simple as signing up for them. Under the new FTC regulation, if you can sign up for a service online with a single click, companies must provide an equally straightforward cancellation process. No more lengthy phone calls, buried cancellation links, or complicated multi-step procedures. This consumer-friendly rule aims to eliminate what's known as “dark patterns,” aka deceptive design practices that make it unnecessarily difficult to cancel subscriptions.

Google has been feverishly integrating AI into as many of its products as it can, despite all of AI’s failings (at this point). Granted, AI is literally in its infancy, but dealing with the tantrums, fits, and inaccuracy of the toddler known as AI can become trying, at the very least. Well, there is one way to make sure that AI isn’t used for your Google searches: swear at it. Literally. If the first word in your search is fsck (hint: replace the second letter with a vowel that drastically changes its meaning), you will get Google’s non-AI search results, according to an article from Lifehacker. Remarkably (and yet unsurprisingly), the standard search results are almost identical to the “AI-enhanced” search. Who'da thunk it?

I’m a Firefox user, and I have been since Firefox was first released. It is my go-to choice for a web browser. BUT … every six months or so, the Firefox team at Mozilla goes in and messes things up for a large percentage of users. See, I (and many other Firefox users) abhor having my tab bar above my toolbar. So that starts a mad twice-a-year scramble to search for the proper and updated CSS code to change things back to how they should be (with the tabs below the toolbar and bookmarks bar). The endless pursuit of finding the proper code to move my “tabs on bottom” is getting old and tiring. Always before, I went to MrOtherGuy’s GitHub page (firefox-csshacks) and downloaded the updated CSS file to move my tab bar back to the bottom (not the bottom of the window, but below the toolbar and bookmarks bar). Well, that dog-chasing-his-tail dance may be finally over. From the AskVG website, he has come up with an infinitely easier custom CSS file that just may survive the Mozilla devs endless and unyielding attempts to force us into submission. Don’t worry … he has full, easy-to-follow, step-by-step instructions on how to make the change. (Tip: Midori, Xfce’s official browser, is built on the Firefox web engine, and they include a simple radio button to facilitate moving your tab bar to the bottom of the other “bars” under Settings > Design > Tab Bar. It feels and behaves just like Firefox, and is lighter weight than Firefox.)

A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. according to an article from Bleeping Computer. The newly identified attack suite has been used in attacks since mid-November 2024, attributed to the Chinese Evasive Panda, aka DaggerFly, cyber-espionage group. As per the findings of Fortinet's Fortiguard researchers, the attack suite is named "ELF/Sshdinjector.A!tr" and consists of a collection of malware injected into the SSH daemon to perform a broad range of actions. Fortiguard says ELF/Sshdinjector.A!tr was used in attacks against network appliances, but although it has been documented previously, no analytical reports exist on how it works. The Evasive Panda threat actors have been active since 2012 and were recently exposed for conducting attacks deploying a novel macOS backdoor, carrying out supply chain attacks via ISPs in Asia, and collecting intelligence from U.S. organizations in a four-month-long operation.

In September 2023, a round, black capsule the size of a mini fridge fell from the sky, parachuting into a Department of Defense training site in the arid Utah desert. The modest container was holding samples collected from Bennu, a diamond-shaped asteroid billions of miles away, and had been traveling through the dark corridors of space for years, according to an article from SF Gate. After it was airlifted to a hangar via helicopter, researchers connected the capsule to a steady stream of nitrogen to protect its otherworldly cargo from outside contamination. Slowly, they began to study it under a microscope — and, to their surprise, they discovered that this ancient, extraterrestrial object has a similar mineral makeup to one of California’s most unusual lakes. According to a January 2025 study published in Nature, the Bennu asteroid samples contain six of the same minerals observed at San Bernardino County’s Searles Lake: calcite, dolomite, gaylussite/pirssonite, thénardite, trona and halite.

Just when you thought things couldn’t get worse for Boeing, here comes more bad news for the embattled aerospace company. Nearly five months after an uncrewed Starliner undocked from the International Space Station (ISS), Boeing announced that it lost an additional half a billion dollars from its troubled spacecraft as the fate of its contract with NASA remains unclear, according to an article from Gizmodo. In its filing with the Securities and Exchange Commission on Tuesday, Boeing reported a total of $523 million in losses from the Starliner Commercial Crew Program in 2024. That brings the total amount of losses from the ill-fated program to a whopping $2 billion in cost overruns. Boeing cited “highly complex designs and technical challenges,” as well as “schedule delays and cost impacts,” that increased the cost estimates for its programs. Under its $4.2 billion contract with NASA, Boeing retains full ownership of the Starliner spacecraft while NASA acts as a customer. Following Starliner’s failed crewed test to the ISS, the company reported $250 million in losses for the third quarter, covering cost overruns out of its own pocket. That’s on top of the $125 million it lost in the second quarter. Boeing had forewarned that more losses were coming during the fourth quarter of 2024, and it turned out to be the heftiest bill of the entire year.

Ransomware payments took an unexpected plunge in 2024, dropping 35% to approximately $813.55 million — despite payouts surpassing $1 billion for the first time in 2023, according to an article from TechRepublic. The decline was largely driven by a series of successful law enforcement takedowns and improved cyber hygiene, which enabled more victims to refuse payment, according to blockchain platform Chainalysis. The drop came as a surprise, considering the upward trend seen earlier in the year. In fact, ransomware actors extorted 2.38% more in the first half of 2024 compared to the same period in 2023, suggesting that payments would continue to rise. However, this momentum was short-lived, as payment activity plummeted by approximately 34.9% in the second half of the year. According to Chainalysis, Akira was the only one of the top 10 most prolific ransomware groups from the first half of 2024 to have increased its efforts in the second half. Additionally, as the year progressed, fewer exceptionally large payouts were made compared to the record-breaking $75 million payment to Dark Angels in early 2024.

On Jan. 29, U.S.-based Wiz Research announced it responsibly disclosed a DeepSeek database previously open to the public, exposing chat logs and other sensitive information, according to an article from TechRepublic. DeepSeek locked down the database, but the discovery highlights possible risks with generative AI models, particularly international projects. DeepSeek shook up the tech industry over the last week as the Chinese company’s AI models rivaled American generative AI leaders. In particular, DeepSeek’s R1 competes with OpenAI o1 on some benchmarks.

While certain tips and tricks can speed up the process and extend your phone battery’s life, there’s nothing you can do about the limitations of the lithium-ion batteries in your devices. They all eventually stop holding a charge, which means they constantly need replacing. There is, however, new hope for a breakthrough in battery technology, according to an article from Vox. A Boston-based startup called Pure Lithium recently announced a breakthrough with its lithium metal batteries. While the lithium-ion batteries in your phone start to degrade significantly after a few hundred cycles of charging and discharging, these lithium metal batteries, which use pure lithium rather than a lithium compound, can last over 2,000 cycles without significant damage degradation, an ongoing test shows. Plus, the lithium metal batteries can store twice as much energy and weigh half as much as conventional lithium-ion batteries.

While it may be convenient, storing your passwords in Google Chrome’s built-in password manager may not be the best security decision you’ve ever made, according to an article from TechRepublic. Considering the endless roll of Chrome vulnerabilities (many of which get covered virtually every month, right here in this monthly column), I couldn’t agree more. The article will give you guidance on how to locate and remove your passwords from Chrome’s password manager, and to replace it with something a LOT more robust. One of those solutions touted in the article is Bitwarden, which is in the PCLinuxOS repository.

A massive crack is widening across Africa, hinting at a transformation deep beneath the surface, according to an article from Daily Galaxy. Tectonic forces are reshaping the land faster than expected, with signs of an emerging ocean. Scientists are closely monitoring the shift, uncovering clues about what’s unfolding beneath our feet. The continent’s future is changing, and the implications could be enormous. Recent studies suggest this process, once thought to span tens of millions of years, could unfold in as little as a million years — maybe even sooner.

If you are even a little skeptical or concerned about AI and AI “overreach,” you’re gonna love this next little bit. It turns out that getting your news from robots playing telephone with actual sources might not be the best idea, according to an article from Lifehacker. In a BBC study (PDF) of OpenAI, Google Gemini, Microsoft Copilot, and Perplexity’s news prowess, the news organization found that “51% of all AI answers” about news topics had “significant issues of some form.” The study involved asking each bot to answer 100 questions about the news, using BBC sources when available, with their answers then being rated by “journalists who were relevant experts in the subject of the article.”

OK. We don’t usually promote the onslaught of “the sky is falling”/”the Earth is getting hit by an asteroid” articles. My “news” feed in Google News is littered with them — daily (I don’t usually read them … but I’ve clicked on a rare one a long time ago, so Google thinks I want to see them all the time). But this one may be a little different. According to an article from Science Alert, at the end of 2024, astronomers detected an asteroid in the night sky. It was given the designation Y, since it was discovered in the last half of December, and R4 since it was the 117th rock to be found in the last couple of weeks of December, and since it was discovered in 2024, it was assigned the name 2024 YR4. As of this writing, it now has a 2.3% chance of striking Earth on December 22, 2032. While you might think this resembles the plot of Don't Look Up, none of this is too unusual. The 2.3% odds aren't simply the chances of a die roll. What it means is that when astronomers run 1,000 orbital simulations based on the data we have, 23 of them impact Earth. A later article from the New York Times places the chance of 2024 YR4 hitting Earth in 2032 at 3.1%. An even LATER article from the New York Times says, “The odds that the space rock, 2024 YR4, will smash into our planet in 2032 have dropped to nearly zero, leading astronomers to conclude that we are no longer in danger.”

According to an article from TechRepublic, the U.K.’s office of the Home Secretary has allegedly asked Apple to provide a backdoor into any material any user has uploaded to iCloud worldwide, The Washington Post reported on Feb. 7. Anonymous sources provided The Washington Post the information and expressed concerns about tech companies being leveraged for government surveillance. As reported by The Washington Post, Apple received notice of a possible request in March 2024, but the official request occurred in January 2025. Apple has not commented. However, in March, the company provided a statement to Parliament on the occasion of receiving notice of a potential request, saying “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

Microsoft's February 2025 Patch Tuesday, was on February 11, and includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks, according to an article from Bleeping Computer. This Patch Tuesday also fixes three "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed here: 19 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, 22 Remote Code Execution Vulnerabilities, 1 Information Disclosure Vulnerabilities, 9 Denial of Service Vulnerabilities, 3 Spoofing Vulnerabilities, and a partridge in a pear tree. The numbers do not include a critical Microsoft Dynamics 365 Sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities fixed on February 6.

Western Digital acquired SanDisk back in 2015 for $16 billion. Just shy of 10 years later, that marriage is coming to an end. Western Digital (WD) and SanDisk are slated to separate into two independent companies (again) shortly, according to an article from PetaPixel. The plan was announced as far back as 2023 but has been delayed, stretching out the process until 2025. WD announced it planned to split its HDD and flash memory businesses on October 30, 2023, which would create two independent, public companies. Last March, WD said it was “on track” to spin off the Flash memory business from the core WD business sometime in the second half of 2024. That didn’t happen, likely because the separation is what WD describes as “complex.” Support for both businesses has divorced, and WD moved all of its support for flash memory products — including its WD Black SSDs as well as HGST and G-Technology SSDs — to SanDisk’s website last November.

In other news from Sandisk… According to another article from PetaPixel, after a series of lousy hardware faults, SanDisk’s name turned to mud. More than a year later, the company hopes to make people forget with a fresh new logo. As spotted by Creative Bloq, the new Sandisk logo is making waves, although not entirely for the right reasons. As Joe Foley observes, Sandisk’s — yes, it’s “Sandisk” now, not “SanDisk” — rebrand follows recent design trends by removing bits of typeface from the wordmark. Kia did it, and so too did Nokia. In Sandisk’s words, though, there’s more to it than simple trend-chasing — the company is trying to rebrand, relaunch, and, reading between the lines, help people forget about recent controversies.

It's hard to escape AI these days. Apple just made Apple Intelligence opt out, and Google Workspace users are now seeing big, hard-to-dismiss Gemini buttons all over their apps. The world's biggest tech companies are doing their best to sell you on a generative AI future, but even when you can't turn AI off, there are steps you can take to fight back. Even outside of Workspace, Google is one of the most egregious AI pushers around. The company has tried to push its Gemini AI in almost all of its properties, even though it's shown inaccurate search results recommending everything from eating rocks to adding glue to pizza. Even if you have no interest in AI search results, you'll still be forced to see elements of Google's Gemini all over Gmail and its other web apps. If that gets your goat, no worries—you can use Hide Gemini, a Chrome extension that hides Google Gemini elements from various Google sites — to pretend you live in the good older days of 2020.

As kids become older, they become savvier at working their way around the parental controls on their devices. Time limits are tampered with, and apps I thought were deleted from our iPad suddenly reappear. While they're not yet accessing dangerous content, it's only a matter of time until they do. Most routers have parental controls included, allowing concerned parents to put controls over all the devices that rely on wifi to ensure they don't go to dangerous sites. If you're looking for a way to control what your family can access on the internet and for how long, this Lifehacker article has instructions for the three of the most popular router brands: TPLink, NetGear, and ASUS.

PirateFi, a Steam game, was found spreading Vidar malware, stealing user data. Steam removed it, but gamers must take urgent security steps, according to an article from TechRepublic. Earlier this month, researchers discovered that a free-to-play game called PirateFi was distributing the Vidar information-stealing malware to users on gaming platform Steam. From Feb. 6-12, as many as 1,500 users downloaded the game before Steam removed it from the platform.