Security

Following a period of instability over the last few days, SoundCloud has confirmed a data breach by “a purported threat actor group”. The streaming service says that it “detected unauthorized activity in an ancillary service dashboard” and that an investigation found that “certain limited data that we hold” had been accessed.

SoundCloud says that while around 20 percent of users’ data was involved, “the data involved consisted only of email addresses and information already visible on public […] profiles”.

Google has suddenly – and quietly – announced that its dark web report is to be discontinued. Designed to scan the dark web for leaked personal data, Google has decided that the tool is no longer needed.

There is not long to go until the tool shut down. In just a month’s time, there will be no more scanning of the dark web for data; one month after this, the dark web report will disappear entirely. Here’s what you need to know.

Microsoft is just one of many technology firms that have a bounty program that offers financial rewards for anyone who discovers security flaws in its products and services. The company has just announced a huge expansion of the scheme so it even covers problems found in third party code.

Vice President of Engineering at Microsoft Security Response Center, Tom Gallagher, announced the broadened scope at Black Hat Europe. He stressed that “keeping our customers secure is our top priority”.

Firewalla has announced Firewalla Orange, a portable multi-gigabit firewall and WiFi 7 router built to bring Zero Trust protection to networks in homes, offices, and travel setups. It’s the latest product in the company’s range of cybersecurity devices that includes Firewalla Purple and Firewalla Gold SE.

The new product delivers an advanced security stack that includes intrusion prevention, VqLAN microsegmentation, device isolation, GEO-IP filtering, VLAN support, and Active Protect rules that shut down threats in real time. It’s rated for more than 2Gbps of packet processing, so can support cloud services, smart home devices, and remote work activity.

Microsoft has addressed a security flaw in Windows that has been exploited since at least 2017. The company has not made an official announcement about the fix, but it was spotted by 0patch.

The flaw is known as the Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability and has been tracked as CVE-2025-9491. The fix was included in the November batch of updates for Windows.

Tor (The Onion Router) is switching its encryption algorithm to help boost security and privacy. The change is being introduced to protect users against certain types of attack, and sees the browser adopting a new “research-backed new design” called Counter Galois Onion.

The algorithm that is being updated is the one used to encrypt user data as it travel across a circuit via multiple relays. In making the switch, Tor concedes that its previous encryption design “looks funny”, hence the need to replace it.

Wyze has announced the Wyze Window Cam, a compact camera designed to give users exterior-style security from inside their homes. The camera mounts directly to a window and uses a wide aperture lens and sensors to deliver clear, bright color footage even in low light.

The Window Cam can be used to monitor driveways, gardens or front or back-facing areas. It attaches to the interior side of a window using nylon fastener strips, avoiding the need for tools or permanent fixtures. Wyze bundles a long power cable and clips for any necessary routing.

Windows 11 power users will be pleased to learn that Microsoft is planning to bring the Sysmon (System Monitor) tool to Windows as a native utility. Usually part of the Sysinternals suite of utilities, Sysmon will be integrated into not only Windows 11, but also Windows Server 2025 starting next year.

The announcement was made not by Microsoft, but by Sysinternals creator Mark Russinovich. He says that by integrating the Sysmon utility into Windows, administrators will simplify deployment and bring additional functionality.

Like Apple, Google has gradually made it more difficult to install apps from outside its own store. But the company is aware that neither users nor developers necessarily want to be tied to just the Play Store – this is why it has come up with the Android developer verification program.

The idea is that Google will check and verify developers so the users know they can be trusted. Now the company has an update based on early feedback it has received.

More than a year-and-a-half after announcing its retirement, Microsoft has revealed its plans to fully remove Defender Application Guard from Office.

The journey has been a long a slow one for the this security feature which isolates untrusted Office documents in a virtualized contained. Deprecation was first announced way back in November 2023, and the process of complete removal will not be finished until the end of 2027.

ESET has added new ransomware recovery and scam protection capabilities to its consumer and small business products. The security firm's latest offerings, ESET HOME Security and ESET Small Business Security, bring its enterprise-grade Ransomware Remediation feature to homes and small offices for the first time.

Ransomware incidents remain among the most damaging forms of cybercrime worldwide. ESET’s Ransomware Remediation system automatically creates encrypted backups when a threat is detected, so that users can restore any affected files once the attack has been neutralized, hopefully minimizing downtime and data loss.

It has been known for a little while that Meta has been working on a username system for WhatsApp. The popular messaging app is slightly unusual in not offering people a way to choose a username, but this is going to change at some point in the future.

Recent beta builds of the iOS and Android apps show that work is gathering paced, and the most recent development is a username reservation system. This will serve as a way for users to try to pre-select their preferred username even before the username system rolls out to everyone.

Microsoft may have all but abandoned Windows 10, but this is not true of its users. There are still millions of Windows 10 systems in use around the world, causing security concerns for many. But not all software developers are turning their backs on Windows 10 – Mozilla included.

The company has announced that “Firefox will continue to support Windows 10 for the foreseeable future”.

The impact of Internet Explorer is still being felt years after the world moved on from the web browser. Microsoft has announced that it is “Restraining IE Mode Access” in Microsoft Edge, citing concerns about exploitation of 0day vulnerabilities in Internet Explorer’s JavaScript engine.

That Internet Explorer continues to live on in Edge remains astonishing to many, but it has been retained for compatibility issues. Nonetheless, Microsoft is now taking steps to plug holes that have enabled threat actors to gain access to devices.

Five years after it was launched, Apple has announced major changes to its bug bounty program. The Apple Security Bounty program is entering what the company describes as a “new chapter”, and the headline change is a massive boost to the payments made for the discovery of the most serious types of security issues.

In addition to this and other changes, Apple also reveals that it has paid out over $35 million to more than 800 security researchers since the scheme launched in 2020. The company points out that many of these payouts were for $500,000. But the focus here is what is happening in the future.