Skip to main content
  1. Home
  2. Computing
  3. News

Your PC’s security is being attacked on two new fronts

Add as a preferred source on Google

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features — one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a “clever” way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Recommended Videos

When you open the HTML file, it opens your browser and engages with Windows Explorer’s search feature. Windows Explorer starts looking for anything called “INVOICE,” and then the search is relabeled to “Downloads,” which tricks the user into thinking they are viewing what they “downloaded.” A batch script is involved in this attack that, when activated, wakes up more malicious operations. At the moment, the type of malware the hackers were trying to distribute is now known.

To alleviate the situation, users can try turning off search-ms/search URI protocol handlers by erasing the related registry entries. To stay safe, users can be cautious in the email with the attachment they are getting; they can do things such as verify who the sender is, confirm the legitimacy, distrust attachments with a file extension you normally wouldn’t get, and if the email urges you to take immediate action, label it as a phishing scam.

The second vulnerability is a bit more dangerous. Microsoft is busy patching a security hole in the Windows Wi-Fi driver that allows hackers to run malicious code on a PC only when it is within a public Wi-Fi range. This vulnerability affects all modern versions of Windows Server and Windows. The attacker does not need prior access to your computer to do this. The weakness is characterized in CVE-202430078 and given a maximum severity of “Important.”

What’s also concerning is that the attack can bypass every authentication protocol and doesn’t need previous access rights or any user interaction. This vulnerability reminds us of the dangers of connecting to a public Wi-Fi network and the precautions that need to be taken. The flaw is called an Improper Input Validation security vulnerability, and unfortunately, it’s on all common versions of the Windows operating system.

Users can be affected if they have an unpatched version of Windows 11 or 10 or Windows Server versions from 2008 and on. Microsoft released a fix on June 11 that tackles 49 CVEs in Windows, Office, and their components. Azure Dynamic Business Central and Visual Studio are also included. These concurrent threats underscore the importance of remaining vigilant against cyberattacks and ensuring all software and security patches on your computer are up to date.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Lenovo’s new gaming laptop is the first to feature a 240Hz inkjet-printed OLED display
TCL’s inkjet-printed OLED technology finally reaches a commercial laptop through Lenovo
Computer, Electronics, Laptop

TCL has spent years saying inkjet-printed OLED could improve image quality, efficiency, lifespan, and manufacturing costs. Back in 2024, the company was still showing prototype laptop panels and promising a “comprehensive breakthrough” once the technology was ready for commercial products.

Two years later, it has finally arrived in a gaming laptop. Lenovo’s new Legion R9000P uses a 16-inch panel that TCL CSOT describes as the world’s first inkjet-printed OLED display integrated into a laptop.

Read more
This new Mac malware won’t let you use your computer until you surrender your password
This Mac malware turns your own computer against you
AI Generated Image

A newly discovered strain of macOS malware is taking social engineering to an unsettling new level. Instead of exploiting a software vulnerability or silently stealing information in the background, it simply refuses to let you use your Mac until you type in your login password.

Dubbed ClickLock, the malware repeatedly shuts down key macOS processes, disables notifications, displays convincing Apple password prompts, and effectively traps users in a loop that only ends when the correct password is entered. Once that happens, it doesn't just steal the password. It goes after browser data, cryptocurrency wallets, saved credentials, password managers, and much more.

Read more
1Password lets Claude inside your accounts without handing over the keys
Claude can now sign in on your behalf while your password stays hidden, though trusting it after login is a separate decision
1Password official

1Password is giving Claude a way into your online accounts without making your passwords part of the bargain. The new 1Password for Claude integration can fill login details while keeping the credentials hidden from Anthropic’s AI agent.

Available now on Mac, the feature kicks in when Claude reaches a sign-in page during a task. Claude requests a saved login, then you approve or deny it. If approved, 1Password submits the credentials through a separate encrypted channel. Passwords and one-time codes never enter Claude’s context or Anthropic’s systems.

Read more