Windows 10 users face security risks as support ends

Security concerns are mounting as Windows 10 sees a rise in market share while Windows 11 adoption declines. Microsoft will officially end free security updates and support for Windows 10 on 14 October 2025, leaving millions of users vulnerable unless they upgrade or pay for extended security updates.

Experts warn that continuing to use Windows 10 beyond its support period poses risks of cyberattacks, data breaches, and ransomware. Microsoft strongly recommends switching to Windows 11, which is designed to meet modern security demands, or choosing an alternative operating system.

Cybersecurity professionals urge users not to delay, with ESET‘s Thorsten Urbanski stressing the urgency of upgrading before the deadline to avoid a security crisis. The transition period is quickly closing, making early action essential for those relying on Windows 10.

US Army soldier faces charges for selling phone records

A US Army soldier, Cameron John Wagenius, has been charged with selling and attempting to sell stolen confidential phone records. Arrested on 20 December, Wagenius faces two charges of unlawfully transferring confidential information in a Texas federal court. His rank and station have not been disclosed, though he is reportedly based at Fort Cavazos in Texas.

Authorities allege that Wagenius, known online as ‘Kiberphant0m’, claimed involvement in hacking activities, including phone records linked to high-profile figures. The case is connected to a broader investigation involving hackers accused of stealing sensitive personal and financial information. Prosecutors have revealed the involvement of a hacking group targeting data storage firm Snowflake’s customers.

Cybersecurity researchers identified Wagenius after members of the group issued threats against them. Law enforcement acted swiftly following the tip-off, according to Allison Nixon of Unit 221B. The prosecution is being handled in Seattle, where two co-defendants, Connor Moucka and John Binns, face related charges for extensive data breaches.

The Department of Justice and the FBI have yet to comment on the case. Wagenius has been ordered to appear in Seattle, where the investigation continues.

Major US telecom firms confirm cyberattacks by Chinese group ‘Salt Typhoon’, sparking national security concerns

AT&T and Verizon have confirmed cyberattacks linked to a Chinese hacking group known as “Salt Typhoon,” but assured the public on Saturday that their US networks are now secure. Both companies acknowledged the breaches for the first time, stating they are cooperating with law enforcement and government agencies to address the threat. AT&T disclosed that the attackers targeted a small group of individuals tied to foreign intelligence, while Verizon emphasised that the activities have been contained following extensive remediation efforts.

The attacks, described by US officials as the most extensive telecommunications hack in the nation’s history, reportedly allowed Salt Typhoon operatives to access sensitive network systems, including the ability to geolocate individuals and record phone calls. Authorities have linked the breaches to several telecom firms, with a total of nine entities now confirmed as compromised. In response, the Cybersecurity and Infrastructure Security Agency has urged government officials to transition to encrypted communication methods.

US Senators, including Democrat Ben Ray Luján and Republican Ted Cruz, have expressed alarm over the breach’s scale, calling for stronger safeguards against future intrusions. Meanwhile, Chinese officials have denied the accusations, dismissing them as disinformation and reaffirming their opposition to cyberattacks. Despite assurances from the companies and independent cybersecurity experts, questions remain about how long it will take to fully restore public confidence in the nation’s telecommunications security.

Microsoft warns of Windows 11 bug blocking security updates

Manually created Windows 11 installer media for October and November 2024 patches could leave systems unable to install future security updates. The issue impacts USB or CD installers for version 24H2 and may affect businesses, schools, and PC enthusiasts.

Microsoft clarified that systems receiving October and November updates via Windows Update or the Update Catalog remain unaffected. However, media-created installations require rebuilding with the December 2024 update, followed by a full reinstallation. Microsoft recommends ensuring December’s patch is included in new installation media.

The company acknowledged the issue on its known problems page and is actively developing a permanent fix. Other bugs in version 24H2 have also emerged, affecting audio devices, Outlook with outdated Google Workspace Sync, and certain Ubisoft games.

Serbian spyware targets activists and journalists, Amnesty says

Serbia has been accused of using spyware to target journalists and activists, according to a new Amnesty International report. Investigations revealed that ‘NoviSpy,’ a homegrown spyware, extracted private data from devices and uploaded it to a government-controlled server. Some cases also involved the use of technology provided by Israeli firm Cellebrite to unlock phones before infecting them.

Activists reported unusual phone activity following meetings with Serbian authorities. Forensic experts confirmed NoviSpy exported contact lists and private photos to state-controlled servers. The Serbian government has yet to respond to requests for comment regarding these allegations.

Cellebrite, whose phone-cracking devices are widely used by law enforcement worldwide, stated it is investigating the claims. The company’s representative noted that misuse of their technology could violate end-user agreements, potentially leading to a suspension of use by Serbian officials.

Concerns over these practices are heightened due to Serbia’s EU integration programme, partially funded by Norway and administered by the UN Office for Project Services (UNOPS). Norway expressed alarm over the findings and plans to meet with Serbian authorities and UNOPS for clarification.

Australia targets crypto ATMs in money laundering crackdown

Australia’s financial crime watchdog, AUSTRAC, has launched a dedicated cryptocurrency task force to enforce anti-money laundering laws on crypto ATM providers. The move aims to curb the rising use of cryptocurrency in scams, money laundering, and fraud as the sector grows rapidly.

The task force will focus on ensuring that digital currency exchanges offering crypto ATM services implement robust safeguards against illicit activities. Australia currently has 1,200 crypto ATMs and 400 registered digital currency exchange providers. Non-compliance with regulations will result in financial penalties, AUSTRAC warned.

With Bitcoin surpassing $100,000 following Donald Trump’s election as US president, the global cryptocurrency market has nearly doubled in value this year. AUSTRAC CEO Brendan Thomas emphasised the urgent need for action, citing the increasing number of Australians falling victim to crypto-related scams.

Outlook and Teams back online after disruption

Microsoft announced that most services for Outlook and Teams were restored late Monday after a widespread outage disrupted users throughout the day. While a small number of users continue to face issues with Outlook on the web, the company promised full restoration by Tuesday.

The disruption peaked with over 5,000 complaints logged on Downdetector, though Microsoft implemented fixes that restored functionality to 98% of affected environments by midday. Progress slowed in the afternoon, but by evening, reports of issues had significantly declined.

This outage, which impacted countless office workers ahead of the Thanksgiving holiday, is the latest in a year of major tech disruptions globally. Although significant, the scale of this incident was far smaller than the summer outage of CrowdStrike’s systems, which caused billions in losses across industries.

Crypto firm Gotbit’s founder faces fraud charges

Aleksei Andriunin, the founder of cryptocurrency firm Gotbit, has been indicted in the US for alleged involvement in a conspiracy to manipulate cryptocurrency markets. The Justice Department claims that Andriunin and his firm provided market manipulation services to increase artificial trading volumes for various cryptocurrency companies from 2018 to 2024.

The superseding indictment also names Gotbit’s directors, Fedor Kedrov and Qawi Jalili, who were already charged earlier in October. Prosecutors allege that these actions aimed to distort the cryptocurrency markets, with several companies, including some in the United States, reportedly benefitting from these tactics.

If convicted, Andriunin faces significant penalties, with wire fraud charges carrying a potential 20-year prison sentence. He could also face an additional five years for conspiracy charges. The allegations form part of a larger crackdown on crypto market manipulation, which has already led to several arrests and asset seizures worth $25 million.

Recent moves by federal prosecutors highlight a more aggressive stance on crypto-related fraud. They have targeted multiple firms, including Gotbit, and several leaders have already agreed to plead guilty. The crackdown aims to strengthen transparency and curb malpractice in the cryptocurrency market.

China claims discovery of spy gear in territorial waters

China’s Ministry of State Security announced the discovery of foreign spying devices in its waters, including underwater ‘lighthouses’ that could potentially guide foreign submarines. The ministry revealed on its official WeChat account that it had retrieved several types of devices hidden on the ocean floor, gathering real-time data from within China’s claimed territorial waters.

This revelation comes amid rising tensions in the South China Sea, where China and the Philippines dispute territory, increasing the risk of a broader confrontation potentially involving the US. China’s recent military drills around Taiwan have also heightened concerns, as the US and Taiwan have condemned Beijing’s actions.

China claims nearly all of the South China Sea, overlapping areas claimed by other Southeast Asian nations, and has maintained it will not renounce using force over Taiwan. A new phase in the submarine arms race between China and the US and its allies is underway, with Beijing projected to field nuclear-armed submarines by the decade’s end. The ministry affirmed its commitment to defending China’s maritime sovereignty and addressing threats of foreign espionage in its waters.

New Google AI security update aims to tackle phone theft in London

A Londoner who had his phone stolen while walking near the Science Museum believes Google’s new AI security update would have made a big difference. Tyler, whose phone was snatched by a thief on a bike, struggled to lock it remotely as he couldn’t remember his password. The update, which uses AI and sensors to detect when a phone is stolen, would automatically lock the screen to prevent thieves from accessing data.

Google’s new feature allows users to remotely lock a stolen device using just their phone number, a measure welcomed by Tyler as he believes it would have helped him secure his device in moments of panic. The initiative is part of a broader effort to combat phone theft, with mobile phones now accounting for 69% of all thefts in London. Last year, over 11,800 robberies involved phone thefts.

Sadiq Khan, the Mayor of London, also supports the update, having previously lobbied phone companies to make their devices less attractive to criminals. Tech experts say the update’s AI-driven security, combined with the Offline Device Lock feature, will make it harder for thieves to access stolen phones.

Tyler hopes the new technology will deter criminals from stealing phones altogether, as the devices would become worthless once locked. Without resale value, he believes phone thefts will be a waste of time for criminals.