New Windows 11 Update Breaks File Explorer; New Chrome Browser Attack Could Affect Billions; New Windows App Could Make Changing Computers Easy… and more!
Every day, we scan the tech world for interesting news, sometimes from outside the tech world. Every Thursday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Thursday Newsbytes’ informative and interesting!
Windows 11 update is reportedly breaking the operating system’s most vital tool
Windows 11’s KB5051987 update causes problems for File ExplorerAt a pivotal moment in time when Microsoft should be winning the hearts and minds of desktop PC users by presenting a stable and reliable platform in Windows 11, the latest 24H2 update (KB5051987) has caused some users to face several major issues, including problems with the operating system’s most vital tool, File Explorer.
Growing complaints with the latest update are the last thing Microsoft will have wanted to see, with the company currently trying to woo as many Windows users as possible into upgrading to Windows 11 ahead of Windows 10’s October 14, 2025, end-of-support date.
Windows 11’s stability has often been called into question, and yet another update resulting in widespread reports of issues is unlikely to help the stigma surrounding the operating system.
If you’re yet to download the latest KB5051987 security update, or encountering issues after doing so, read on for information on what to expect, and what you can do next…
A new Chrome browser highjacking attack could affect billions of users – here’s how to fight it
It could even take over your OS
Whether you believe it to be the best web browser, Google Chrome is undoubtedly the most popular search engine by a landslide. For that reason, it remains a popular target for hackers as well. And now, a massive new threat is on the horizon, which could threaten billions of users.
A new attack called ‘Browser Syncjacking’ has been discovered by security researchers at the cybersecurity firm SquareX (reported on by BleepingComputer). Though it requires several steps, it’s shockingly easy for the average Chrome user to fall victim, as it needs minimal permissions.
First, a malicious Google Workspace domain is created with multiple user profiles, and security features like multi-factor authentication are disabled. This is used to create managed profiles in the background of the victim’s devices. Then, hackers will then create a malicious Chrome extension to launch on the official Chrome Store, appearing as a useful tool to attract potential victims.
Once any potential victims install the extension, it hides a browser window that runs in the background to log the victim into one of the Workspace profiles previously made. The final step involves tricking the victim into activating Chrome sync by opening a very real Chrome support page that’s been tampered with, then guiding them through turning on sync. If this happens, that person’s full Chrome account and stored data — including browsing history and passwords — are now available on the hacker’s profile.
From here, as SquareX explains, a victim’s entire browser can be taken over, often through a seemingly innocent Zoom invite that, if accepted, gets malicious content from that Chrome extension injected into it. If the victim falls for a prompt that asks to update Zoom, the update (actually an executable file that contains an enrollment token) will allow the hacker to control the browser completely.
Not only does this give hackers free reign over any data stored in your browser and allow them to spy on any websites you browse (and see any sensitive information you input), but it also allows them to access your OS to “install malware, capture keystrokes, extract sensitive data and even activate a device’s webcam and microphone…
A Windows app that could make PC setup as easy as phones? Yes, please!
Microsoft hasn’t announced it, but a pair of Windows hackers say a migration app is hidden inside a recent Windows test build.
Decades after Microsoft shipped Windows, there’s still no mechanism for moving everything from one PC to another, in much the same way Android or iOS sets up a new device. But a solution may be on the way: MigrationApp, a tool that is seemingly hidden within new test builds of Windows.
Fingers crossed that MigrationApp (or Windows Migrate) is what it seems: a one-stop, one-size-fits-all solution to move every file on your existing PC to a new PC….
Anyone who’s used a smartphone, however, knows that easy-peasy data migration is one of the best things a phone offers. Google offers its own solution, as does Apple. Samsung does too. Do you want to move from Android to an iPhone? Not a problem…
“As useful as this can be, many users are less than enthusiastic.”
In recent months, the AI revolution has permeated technology companies. From Apple’s AI notification summarization to Microsoft’s AI email assistance, tech companies are clearly embracing this new tech as the world races toward more advanced and profitable AI methods.
Google’s Gemini tool is one of the tech industry’s many new AI variations, but it has been met with controversy as millions of users seek to disable it.
Users have found that those who ignore the Gemini Workspace feature will be nudged with suggestions to “polish” or “help me write” email drafts.
As useful as this can be, many users are less than enthusiastic. Financial Times gadget editor Rhodri Marsden summed up one major issue with the tech on Bluesky: “I judge my interactions with people based on *what they wrote*, rather than what Gemini thinks they want to write.”
Users have also reported having issues turning the technology off, as the Australian Computer Society detailed.
Companies are said to be moving full force toward AI to be competitive within the tech industry, but the environmental cost should not be overlooked.
AI-driven data centers require vast amounts of materials, with a single 4-pound computer needing 1,763 pounds of resources, and they rely on elements often mined destructively, according to the U.N. Environmental Program. Electronic waste from data centers contains hazardous substances like mercury and lead, while one study projects their water consumption — used for cooling — could soon exceed that of Denmark.
Additionally, AI technology has immense energy demands, with an AI request consuming 10 times the electricity of a Google search…
Hidden text “salting” is letting hackers craft devious email attacks to evade detection
Just because you can’t see certain email text, it doesn’t mean it’s not there
Hackers are increasingly using “hidden text salting”, or “poisoning” techniques, to work around email security measures and get phishing messages to land in people’s inboxes.
A new in-depth guide published by cybersecurity researchers from Cisco Talos outlines how cybercriminals are abusing HTML and CSS properties in email messages, setting the width of some elements to 0, and using the “display: hidden” feature to hide some content from the victims. They are also inserting zero-width space (ZWSP) and zero-width non-joiner (ZWNJ) characters, and ultimately hiding the true email content, by embedding irrelevant language.
As a result, email security solutions, spam filters, and brand name extractors get confused, and the emails that would otherwise end up in the spam folder, make it directly to the inbox.
Advanced filtering
In its writeup, Cisco Talos has given multiple examples, including one in which attackers hid French words in the email’s body. This confused Microsoft’s Exchange Online Protection (EOP) spam filter which ultimately let the message pass.
In another example, Cisco Talos said threat actors were using CSS properties and ZWSP characters to hide email content, successfully mimicking Wells Fargo, and Norton LifeLock.
To tackle this strategy, the researchers suggested IT teams adopt advanced filtering techniques that scan the structure of HTML emails, rather than just their contents..
Thanks for reading this week’s Thursday Newbytes. We hope these articles were informative, interesting, fun, and helpful.
