Skip to main content
  1. Home
  2. Computing
  3. News

Your PC’s security is being attacked on two new fronts

Add as a preferred source on Google

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features — one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a “clever” way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Recommended Videos

When you open the HTML file, it opens your browser and engages with Windows Explorer’s search feature. Windows Explorer starts looking for anything called “INVOICE,” and then the search is relabeled to “Downloads,” which tricks the user into thinking they are viewing what they “downloaded.” A batch script is involved in this attack that, when activated, wakes up more malicious operations. At the moment, the type of malware the hackers were trying to distribute is now known.

To alleviate the situation, users can try turning off search-ms/search URI protocol handlers by erasing the related registry entries. To stay safe, users can be cautious in the email with the attachment they are getting; they can do things such as verify who the sender is, confirm the legitimacy, distrust attachments with a file extension you normally wouldn’t get, and if the email urges you to take immediate action, label it as a phishing scam.

The second vulnerability is a bit more dangerous. Microsoft is busy patching a security hole in the Windows Wi-Fi driver that allows hackers to run malicious code on a PC only when it is within a public Wi-Fi range. This vulnerability affects all modern versions of Windows Server and Windows. The attacker does not need prior access to your computer to do this. The weakness is characterized in CVE-202430078 and given a maximum severity of “Important.”

What’s also concerning is that the attack can bypass every authentication protocol and doesn’t need previous access rights or any user interaction. This vulnerability reminds us of the dangers of connecting to a public Wi-Fi network and the precautions that need to be taken. The flaw is called an Improper Input Validation security vulnerability, and unfortunately, it’s on all common versions of the Windows operating system.

Users can be affected if they have an unpatched version of Windows 11 or 10 or Windows Server versions from 2008 and on. Microsoft released a fix on June 11 that tackles 49 CVEs in Windows, Office, and their components. Azure Dynamic Business Central and Visual Studio are also included. These concurrent threats underscore the importance of remaining vigilant against cyberattacks and ensuring all software and security patches on your computer are up to date.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
1Password lets Claude inside your accounts without handing over the keys
Claude can now sign in on your behalf while your password stays hidden, though trusting it after login is a separate decision
1Password official

1Password is giving Claude a way into your online accounts without making your passwords part of the bargain. The new 1Password for Claude integration can fill login details while keeping the credentials hidden from Anthropic’s AI agent.

Available now on Mac, the feature kicks in when Claude reaches a sign-in page during a task. Claude requests a saved login, then you approve or deny it. If approved, 1Password submits the credentials through a separate encrypted channel. Passwords and one-time codes never enter Claude’s context or Anthropic’s systems.

Read more
New open-weight AI from China is toppling the best of OpenAI and Claude Fable
Moonshot’s 2.8-trillion-parameter Kimi K3 beats Fable 5 and GPT 5.6 Sol in select benchmarks
Art, Drawing, Plant

China's Moonshot AI has launched Kimi K3, a massive 2.8-trillion-parameter model built for coding, research, reasoning, and visual tasks. Moonshot admits K3 still trails Claude Fable 5 and GPT 5.6 Sol overall. Even so, its benchmark results put it surprisingly close to both, and it finishes ahead in several tests.

How close is Kimi K3 to the best closed models?

Read more
Gemini could finally let you choose how friendly it sounds
Finally, you can stop Gemini from sounding like your HR manager
Google Gemini

Google has spent the past few months making Gemini sound more natural, expressive, and conversational. Now, it appears the company is preparing to give users far more control over how the AI speaks.

Code spotted by Android Authority's APK Insights - the latest beta version of the Google app suggests Gemini may soon allow users to customise its voice across four separate parameters: Energy, Formality, Warmth, and Speed. Instead of choosing from a fixed list of personalities, users could tweak these characteristics to create a voice that better suits their preferences.

Read more