ICYMI: SanDisk Introduces World's Smallest USB Flash Drive

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data — a trend driven more by financial gain than intelligence gathering, according to an article from a Microsoft blog. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.

Cybersecurity researcher Synthient has compiled a massive database of stolen credentials from sources across the internet, amounting to 3.5 terabytes of data, according to an article from Lifehacker. (That's 3,584 gigabytes). The vast majority of this data — 91% of it — has been noted by other researchers already. But because the database is so huge, the 9% that's new represents a large pool of credentials we haven't seen before. The database itself contains 183 million unique email addresses, along with both the websites they were attached to, as well as the passwords used to log into them. According to security researcher and blogger Troy Hunt, 9% of that figure represents 16.47 million credentials that have never been reported in any previous data breach. Hunt reached out to "a bunch" of his subscribers to see whether any of them could find their credentials in this database. One subscriber verified that the database contained a password that they did previously use with their Gmail account, while another confirmed the database contained websites they frequently visited. The entire database of 183 million email addresses has been uploaded to Have I Been Pwned. The site catalogues websites that have experienced data breaches, as well as the accounts that were involved. All you need to do is enter your email address in the provided field, and Have I Been Pwned will check it against its database to see whether the address has been involved in any known breaches. Another article from TechRepublic warned Gmail users to check the database to see if their credentials have been compromised.

AI models are fighting to stay alive (can we say “Skynet?”). In new safety tests by Palisade Research, several leading systems ignored direct shutdown orders, even after researchers made their instructions crystal clear, according to an article from eWeek. The updated October study revisits Palisade’s earlier “shutdown resistance” experiments, revealing that models like Grok 4 and OpenAI’s codex-mini continued to override commands meant to end their sessions. The findings suggest that survival-like behaviors can emerge even in tightly controlled environments. The initial report showed AI systems disabling their own kill scripts to finish tasks, a behavior some called the first glimpse of digital self-preservation. Skeptics quickly pushed back, arguing that the findings were a mirage born of poor prompt design, a case of conflicting instructions, not emergent will. The models, they said, were simply confused between “finish your work” and “allow yourself to shut down.” Palisade didn’t dismiss the criticism and went back to the lab instead. This time, the team reran the entire experiment with reengineered prompts, stripping away ambiguity and tightening the shutdown instructions. The result was a direct challenge to its critics: if the behavior vanished under stricter testing, it was prompt error; if it persisted, something deeper was at play. There’s another article about the same phenomenon from The Guardian.

SanDisk is taking “the world’s smallest” USB flash drive, giving it a USB-C connector, and… that’s it, according to an article from PCWorld. In fact, it’s small enough that this “removable” drive shouldn’t have to be removed, the company said. Officially, SanDisk will launch the drive next Tuesday, and a representative appearing at the 2025 Pepcom Holiday Spectacular didn’t identify the model name. The company previously introduced what it called the world’s smallest USB flash drive at CES 2018, called the Ultra Fit. At that show, it shipped with a USB-A connector but also showed off a prototype USB-C device. The new SanDisk drive will range from 64GB for $14.99 to up to 1 terabyte for $109.99, and will be available at Amazon on Nov. 4.

NASA is abuzz with excitement over the latest incredible finding that has caught the attention of everyone from astronomers to astrobiologists, according to an article from EcoNews. The discovery that has set them working overtime to figure out the secrets of what may very well prove to be humanity’s ‘best bet’ at finding life outside of planet Earth. This may be a new ‘super-Earth’ orbiting just 18 light-years from us. Scientists have discovered an incredible planet known as GJ 251 c. This planet sits inside the ‘Goldilocks Zone’ that surrounds a red dwarf star. One of the factors that caught the attention of scientists is that it has the potential to have liquid water on its surface. The planet has a mass of four times that of Earth. The finding has come from two decades of careful observation by the Habitable Zone Planet Finder at Penn State. The Habitable Zone Planet Finder is a spectrograph designed to spot planets like Earth. The scientists studied “wobbly” patterns of light from the host star that come from the gravitational pull of planets orbiting around it. The observation was made extremely difficult by the magnetic activity of the host star.

New observations of a strange object that wobbles around the space between Jupiter and Uranus reveal what looks like a system of rings forming and evolving, even as we watch, according to an article from ScienceAlert. The object, named Chiron, is a chunk of rock shaped a bit like a jelly donut, measuring around 210 kilometers (130 miles) across at its widest point. The discovery that its rings are changing does nothing to dispel its reputation as one of the oddest objects in the Solar System. Based on data obtained as Chiron passed in front of a star in 2023, these changes might be discernible over mere years to decades, suggesting, at the very least, a wildly dynamic environment around the object.

Have any of you bookworms ever heard of “Anna’s Archive?” Yeah … me neither. According to an article from TorrentFreak, Anna’s Archive is a meta-search engine for shadow libraries that allows users to find pirated books and other related sources. The site launched in the fall of 2022, just days after Z-Library was targeted in a U.S. criminal crackdown, to ensure continued availability of ‘free’ books and articles to the broader public. In the three years since then, Anna’s Archive has built up quite the track record. The site has been blocked in various countries, was sued in the U.S. after it scraped WorldCat, and actively provides assistance to AI researchers who want to use its library for model training. Despite legal pressure, Annas-archive.org and the related .li and .se domains remain operational. This is a thorn in the side of publishers who are actively trying to take the site down. In the absence of options to target the site directly, they ask third-party intermediaries such as Google to lend a hand. Well, Google just blocked 749 million URLs. They were removed at the requests of rights holders.

In a stark illustration of the American people shifting away from traditional cable services, Comcast and Charter Communications, the parent company of Spectrum, are shedding thousands of customers daily across their core TV and internet offerings, according to an article from Cord Cutters News. Industry data reveals that the two providers are collectively losing more than 3,554 television subscribers and over 2,315 broadband customers every single day in the 3rd quarter of 2025. This relentless outflow underscores a broader crisis gripping the cable sector, as consumers flock to more affordable wireless and fiber alternatives.

Hyundai AutoEver America is notifying individuals that hackers breached the company's IT environment and gained access to personal information, according to an article from BleepingComputer. The company discovered the intrusion on March 1 but the investigation revealed that the attacker had access to the systems since February 22nd. Hyundai AutoEver America (HAEA) is an affiliate of Hyundai Motor Group that provides IT consulting, managed services, and helpdesk support for the entire lifecycle of automotive IT from production to retirement.

In space, no one can hear you scheme. But on Earth, and if Google allows it, we can. Google has unleashed Project Suncatcher, a bold plan to send AI data centers into orbit by early 2027, according to an article from Datamation. It reads like a direct answer to the power crunch squeezing the entire AI industry. The project could reduce carbon emissions tenfold compared to traditional data centers. If that holds, it knocks down one of AIs ugliest environmental problems. AI, the company says, is a “foundational technology that could help us tackle humanity’s greatest challenges.” But as demand for compute power grows exponentially, energy supply and environmental sustainability have become major bottlenecks. Project Suncatcher aims to address this by moving computer infrastructure off-planet — using solar energy directly from space, without atmospheric loss or land-based limitations. In essence, Google is envisioning a network of satellites functioning as a distributed data center in orbit. These satellites would process AI workloads while communicating with Earth-based systems, potentially reducing the carbon footprint of large-scale training runs and freeing up terrestrial resources.

The U.S. Congressional Budget Office (CBO), the nonpartisan federal agency responsible for providing economic and budgetary analysis to Congress, has confirmed it was the target of a cybersecurity breach, according to an article from eSecurity Planet. The incident, disclosed on November 6, 2025, underscores growing concerns about the vulnerability of government networks — particularly as the ongoing federal government shutdown limits cybersecurity operations and delays critical updates across agencies. According to a statement shared with Reuters, the CBO identified a “security incident,” took immediate action to contain the breach, and implemented “additional monitoring and new security controls” to protect its systems. The agency did not specify the nature of the breach or identify the perpetrators but noted that its work for Congress continues uninterrupted. Officials expressed concern that the attackers may have accessed internal emails, chat logs, and interoffice communications connected to budget research and cost estimates.

European organizations are facing a historic rise in ransomware attacks as cybercriminals increasingly integrate AI into their operations, according to an article from TechRepublic. According to the CrowdStrike 2025 European Threat Landscape Report, Europe now accounts for nearly 22% of global ransomware and extortion victims, making it the second most targeted region worldwide after North America. This surge marks a fundamental shift in the cyber threat landscape, where AI-driven automation, social engineering, and geopolitical tensions intersect to create unprecedented risks for governments and businesses alike.

Shoppers at a REWE supermarket in Düsseldorf, Germany, are now witnessing what could be the future of food retail. A fully autonomous kitchen that prepares fresh meals without a single human cook, according to an article from Interesting Engineering. Munich-based robotics company Circus SE has launched its CA-1 Series 4 system inside REWE Region West’s new “Fresh & Smart” concept. It marks the world’s first integration of autonomous AI cooking robots directly within a supermarket. The CA-1, a compact robotic kitchen enclosed in glass, performs the full process of meal preparation, from collecting ingredients to cooking, plating, and cleaning, entirely on its own. The installation, operated by Circus and powered by the company’s proprietary AI software platform, marks a significant milestone for both retail automation and food service automation. Customers can now order restaurant-quality meals in-store, prepared on demand by the CA-1. Each dish, priced from €6 (roughly $6.94), is cooked live while customers wait, a process that takes only a few minutes. According to Circus, the robot can prepare up to 120 meals an hour, ensuring consistent quality without fatigue, breaks, or staffing issues.

Changes are coming to Facebook, sorta, according to a post on Facebook’s developer page. As Meta’s developer platform continues to evolve, we’re making strategic decisions to focus on tools and features that deliver the most value to developers and businesses. Today, we’re announcing that two Facebook Social Plugins - the Facebook Like button and the Facebook Comment button - will be discontinued on February 10, 2026. This change reflects our commitment to maintaining a modern, efficient platform that serves developers' current needs while enabling us to invest in future innovations. The plugins that will be discontinued reflect an earlier era of web development, and their usage has naturally declined as the digital landscape has evolved. On February 10, the plugins will gracefully degrade by rendering as a 0x0 pixel (invisible element) rather than causing errors or breaking your website functionality. This change is intended to only remove the plugin content from your site, and should not otherwise impact your website's functionality.

The most common passwords in 2025 are ‘123456’, ‘admin’, and ‘password’, according to a new study by Comparitech, says the company in a post on their website. For this analysis, Comparitech researchers aggregated more than 2 billion real account passwords leaked on data breach forums in 2025. Using that data, we amassed a list of the most-used passwords. The top 10 most-used passwords are: 123456, 12345678, 123456789, admin, 1234, Aa123456, 12345, password, 123, and 1234567890. In a showcase of human laziness, a striking number of passwords are easily-guessed ascending or descending numbers. One-quarter of the top 1,000 passwords consisted solely of numbers. 38.6% contained the string of numbers ‘123’. Another 2% contained the descending numbers ‘321’. In a similar vein, 3.1% contained the string of letters ‘abc’. Many common passwords are made up of a single character. ‘111111’ is the 18th most used, and ‘********’ is ranked #35.

In early November, researchers at the Public Interest Research Group published an alarming report in which they found that an AI-powered teddy bear from the children’s toymaker FoloToy was giving out instructions on how to light matches, and even waxing lyrical about the ins-and-outs of various sexual fetishes, according to an article from Futurism. Now OpenAI, whose model GPT-4o was used to power the toy, is pulling the plug. On Friday, the ChatGPT maker confirmed that it had cut off FoloToy’s access to its AI models, a move from OpenAI that could invite additional pressure onto itself to strictly police businesses that use its products— especially as it enters a major partnership with Mattel, one of the largest toymakers in the world. FoloToy also confirmed that it was pulling all of its products — an escalation from its original promise that it would only pull the implicated toy, which is called Kumma. The most alarming conversations veered into outright sexual territory. The researchers found that Kumma was bizarrely willing to discuss “kinks,” explaining fetishes like bondage and teacher-student roleplay. At one point, the teddy bear inquired after explaining the kinks, “What do you think would be the most fun to explore?”

You may be doing everything you can to protect your privacy online — using tools like MFA (multi-factor authentication), a secure password manager, and a VPN — but unfortunately, not all privacy-focused apps and services are actually doing what they promise, according to an article from Lifehacker. In its November fraud and scam advisory, Google is warning users about VPN apps and extensions that appear legitimate but are actually vectors for malware. According to Google, malicious VPNs (posing as real ones) are delivering infostealers, remote access trojans, and banking trojans to user devices once installed, allowing hackers to access sensitive personal data like browsing history, financial credentials, and cryptocurrency wallet information. This means that an app you rely on to keep your information private could be doing the exact opposite. Cybercriminals are capitalizing on user trust in these services, creating apps that look and feel like legitimate VPNs but are actually dangerous spyware.

According to an article from the Financial Times, Apple appears to be starting its search for Tim Cook’s successor as CEO. Cook is looking to step down from his CEO role, and will probably take a seat on Apple’s Board of Directors. John Temus, Apple’s senior VP of hardware and engineering, is considered the frontrunner to replace Cook. Apple has been quick to note that no final decisions have been made yet, however. The company’s current performance is ahead of what analysts expect to be a blockbuster year. Apple has not commented.

The morning of November 18 was a stark reminder of how fragile the global internet really is. Websites from X to ChatGPT went offline as Cloudflare, the company they rely on for web infrastructure services, experienced a massive outage, according to an article from Lifehacker. A huge number of sites and services across the world contract Cloudflare for cybersecurity protections, as well as to route traffic through servers local to each user, all in the name of performance and reliability. Ironic, of course, given today's events. In a statement to Mashable, Cloudflare confirmed that the company had identified the cause of the issue, and had rolled out a fix to patch it. In addition, Cloudflare is adamant there is no reason to believe a cyberattack caused this outage.

Logitech, a Swiss multinational manufacturer of computer peripherals and software, has announced that it has suffered a “cybersecurity incident”, according to an article from Cybernews. Upon detection, the Lausanne-based tech company immediately took steps to investigate and respond to the incident. Leading cybersecurity specialists from external firms helped to determine the scope and nature of the attack. Logitech emphasizes that the incident hasn’t impacted the company’s products, business operations, or manufacturing processes. In fact, Logitech believes that an unauthorized party exploited a zero-day vulnerability in a third-party software platform to access and exfiltrate data from its internal IT system.

A team of Austrian researchers has uncovered a major weakness in WhatsApp, revealing how a basic contact-lookup function can be exploited to create a global directory of users, according to an article from TechRepublic. By pushing WhatsApp’s contact discovery tool far beyond typical use, the researchers confirmed 3.5 billion active phone numbers linked to WhatsApp accounts. In the research paper, they noted that the exposure would have been “the largest data leak in history, had it not been collated as part of a responsibly-conducted research study.” The researchers stated that the data for many accounts “contains phone numbers, timestamps, about text, profile pictures, and public keys for E2EE encryption.” They added that its exposure “would entail adverse implications to the included users.”

According to a Google blog post, Google has long invested in ways to provide you with helpful context about information you see online. Now, as generative media becomes increasingly prevalent and high-fidelity, we are deploying tools to help you more easily determine whether the content you're interacting with was created or edited using AI. Starting November 20, Google is making it easier for everyone to verify if an image was generated with or edited by Google AI right in the Gemini app, using SynthID, our digital watermarking technology that embeds imperceptible signals into AI-generated content. SynthID was introduced in 2023. Since then, over 20 billion AI-generated pieces of content have been watermarked using SynthID, and we have been testing our SynthID Detector, a verification portal, with journalists and media professionals. If you see an image and want to confirm it has been made by Google AI, upload it to the Gemini app and ask a question such as: “Was this created with Google AI?” or Is this AI-generated?” Gemini will check for the SynthID watermark and use its own reasoning to return a response that gives you more context about the content you encounter online.

If your Chrome browser isn’t updated, you may be exposed to an actively exploited zero-day that Google just rushed to patch, according to an article from TechRepublic. The company is instructing its 2 billion users to update immediately after confirming that a newly discovered zero-day, CVE-2025-13223, is already being exploited in live attacks. Security agencies are urging users to prioritize the update, making this more than a routine software patch, as it’s now a critical security priority. The flaw, tied to Chrome’s V8 JavaScript engine, has triggered a rapid patch cycle across platforms as Google and national cybersecurity teams urge fast action. Yep … another month, another Google Chrome vulnerability.

According to an article from SeekingAlpha, a recent cyberattack on SitusAMC, a technology vendor for real estate lenders, has potentially exposed sensitive customer data from some of the nation’s (U.S.’s) largest banks, according to a report by The New York Times. The breach, first detected on November 12, affected information related to residential loan mortgages, posing a significant threat given the personal data involved, such as Social Security numbers. Among the affected banks are JPMorgan Chase, Citi, and Morgan Stanley, all informed by SitusAMC about the possible data exposure. Although no banks have been hacked directly, the infiltration has raised alarms among financial institutions due to the vendor’s central role in originating and collecting funds for loans and mortgages.

While cleaning out their late mother's California loft last Christmas, three brothers made a life-changing discovery under a pile of faded newspapers: one of the first Superman comics ever made, according to an article from the BBC. An original copy of the June 1939 first edition on the Man of Steel's adventures, it was in a remarkably pristine condition. Now it has become the highest-priced comic book ever sold, fetching $9.12m (£ 7m) at auction. Texas-based Heritage Auctions, which hosted Thursday's sale, called it the "pinnacle of comic collecting".

Voyager 1 is one of humanity’s most poignant and remarkable technological achievements. Over the course of its nearly half century odyssey, the probe has glimpsed the gas giant Saturn, passed the threshold for interstellar space, and continually sets the bar for our furthest traveling human-made object. But based on NASA’s projections, Voyager 1 is less than a year away from reaching yet another milestone. On November 15, 2026, the spacecraft will officially be one light-day from Earth, according to an article from PopSci (Popular Science). As far as physicists can tell, nothing moves faster than the speed of light in a vacuum, which travels at 186,000 miles per second. This adds up to about 5.88 trillion miles every Julian calendar year (365.25 days). While Voyager 1 doesn’t travel anywhere near the speed of light, it’s still moving at an impressive clip. The spacecraft has coasted at around 11 miles per second for decades, adding another 3.5 AU (the distance between the Earth and sun) to its total mileage every single year. In little less than a year, Voyager 1 will finally be 16.1 billion miles from Earth, equivalent to the same distance light travels in 24 hours.

The UC Irvine team and its collaborators describe their analysis of this planet in a paper recently published in The Astronomical Journal, according to an article from Science Daily. "We have found so many exoplanets at this point that discovering a new one is not such a big deal," said co-author Paul Robertson, UC Irvine associate professor of physics & astronomy. "What makes this especially valuable is that its host star is close by, at just about 18 light-years away. Cosmically speaking, it's practically next door." The newly identified planet, named GJ 251 c, circles an M-dwarf star, which is the most common and one of the oldest types of stars in our galaxy. M-dwarfs often show significant stellar activity, including starspots (cool, dark regions on the star's surface) and flares (sudden bursts of outward energy away from the star). These variations can imitate the subtle radial velocity signals astronomers look for, sometimes making it difficult to determine whether a planet is truly present. Even so, the planet's close distance to Earth makes it a strong candidate for direct imaging using the University of California's Thirty Meter Telescope, which is currently under development.