Tech Wire

03 July 2025 01:27

I'm a Pro Photographer: Here's How to Get the Best Firework Photos With Your Phone
https://www.cnet.com/tech/mobile/im-a-pro-photographer-heres-how-to-get-the-best-firework-photos-with-your-phone/#ftag=CADf328eec

Whether you have the latest iPhone or an older Samsung Galaxy, this Fourth of July is a great time to take firework pictures

Tech Wire

03 July 2025 01:25

Here's When to See July's Spectacular Buck Moon, Along With Mars and Venus
https://www.cnet.com/science/space/heres-when-to-see-julys-buck-moon-along-with-mars-and-venus/#ftag=CADf328eec

July's full moon, also known as the Thunder Moon, will fill the sky on July 10.

Tech Wire

02 July 2025 23:46

Today's NYT Strands Hints, Answers and Help for July 3, #487
https://www.cnet.com/tech/gaming/todays-nyt-strands-hints-answers-and-help-for-july-3-487/#ftag=CADf328eec

Here are hints and answers for the NYT Strands puzzle for July 3, No. 487.

Tech Wire

02 July 2025 23:44

Today's NYT Connections: Sports Edition Hints and Answers for July 3, #283
https://www.cnet.com/tech/gaming/todays-nyt-connections-sports-edition-hints-and-answers-for-july-3-283/#ftag=CADf328eec

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for July 3, No. 283

Tech Wire

02 July 2025 23:42

You Only Have Until July 7 to Grab Some Rare First Chapter Lorcana Cards
https://www.cnet.com/culture/entertainment/you-only-have-until-july-7-to-grab-some-rare-first-chapter-lorcana-cards/#ftag=CADf328eec

Now is the time to get those cards you might have missed from the First Chapter and Floodborn, as well as some special packs.

Tech Wire

02 July 2025 23:40

When an Amazon Driver Broke Down My Gate, This Device Would Have Saved Me $500
https://www.cnet.com/news/when-an-amazon-driver-broke-down-my-gate-this-device-would-have-saved-me-500/#ftag=CADf328eec

Here's what happened and how I'm protecting myself next time.

Tech Wire

02 July 2025 23:38

Tinder Users Must Start Logging In With Their Faces
https://www.cnet.com/tech/mobile/tinder-users-must-start-logging-in-with-their-faces-its-about-catfishing-and-much-more/#ftag=CADf328eec

The social app is rolling out required facial recognition logins in efforts to increase authenticity and block bots.

Tech Wire

02 July 2025 19:44

Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Enterprise%20Chat%20and%20Email%20Stored%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. There is a mitigation that addresses this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc


Security Impact Rating: Medium


CVE: CVE-2025-20310

Tech Wire

02 July 2025 19:42

Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20BroadWorks%20Application%20Delivery%20Platform%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA

Security Impact Rating: Medium


CVE: CVE-2025-20307

Tech Wire

02 July 2025 16:13

The Ultrahuman Ring Air Shamed Me Into Ditching Unhealthy Habits
https://www.cnet.com/tech/mobile/the-ultrahuman-ring-air-shamed-me-into-ditching-unhealthy-habits/#ftag=CADf328eec

This $350 smart ring tracks more than you'll ever need to (and want to) know without committing to a subscription.

Tech Wire

02 July 2025 16:11

Xbox Elite Wireless Controller 2 Is Overkill for Most People, but Still Delivers an Epic Gaming Experience
https://www.cnet.com/tech/gaming/xbox-elite-wireless-controller-2-is-overkill-for-most-people-but-still-delivers-an-epic-gaming-experience/#ftag=CADf328eec

The Xbox Elite Wireless Controller Series 2 still sets the bar for a pro-level controller.

Tech Wire

02 July 2025 16:09

How to Watch England vs. India From Anywhere for Free: Livestream 2nd Test Cricket
https://www.cnet.com/tech/services-and-software/how-to-watch-england-vs-india-from-anywhere-for-free-livestream-2nd-test-cricket/#ftag=CADf328eec

The series moves to Edgbaston as the hosts look to build on a thrilling first-encounter victory.

Tech Wire

02 July 2025 16:07

Asus Rog Delta II Review: Lots To Offer, but Not Worth the Price
https://www.cnet.com/tech/gaming/asus-rog-delta-ii-review-lots-to-offer-but-not-worth-the-price/#ftag=CADf328eec

There's a lot to like, as long as you have the right head size.

Tech Wire

02 July 2025 16:05

6 Devices and Tips if Your Pet Is Afraid of Fireworks This Fourth of July
https://www.cnet.com/home/smart-home/6-devices-and-tips-if-your-pet-is-afraid-of-fireworks-this-fourth-of-july/#ftag=CADf328eec

If the Fourth of July fireworks mean trouble for your pet, there are a few modern options that may be able to help.

Tech Wire

02 July 2025 10:03

Today's NYT Mini Crossword Answers for Wednesday, July 2
https://www.cnet.com/tech/gaming/todays-nyt-mini-crossword-answers-for-wednesday-july-2/#ftag=CADf328eec

Here are the answers for The New York Times Mini Crossword for July 2.

Tech Wire

03 July 2025 01:26

Prepare to Share All Your Pics With Meta If You Turn On Facebook's New AI Photo Tool
https://www.cnet.com/tech/services-and-software/prepare-to-share-all-your-pics-with-meta-if-you-turn-on-facebooks-new-ai-photo-tool/#ftag=CADf328eec

Facebook's camera roll cloud processing feature puts your photos and videos in the hands of Meta.

Tech Wire

02 July 2025 23:47

Today's NYT Connections Hints, Answers and Help for July 3, #753
https://www.cnet.com/tech/gaming/todays-nyt-connections-hints-answers-and-help-for-july-3-753/#ftag=CADf328eec

Here are some hints and the answers for the NYT Connections puzzle for July 3, #753.

Tech Wire

02 July 2025 23:45

Today's Wordle Hints, Answer and Help for July 3, #1475
https://www.cnet.com/tech/gaming/todays-wordle-hints-answer-and-help-for-july-3-1475/#ftag=CADf328eec

Here are hints and the answer for today's Wordle for July 3, No. 1,475.

Tech Wire

02 July 2025 23:43

You Can Still See the Aurora Borealis Tonight. Here's Where the Brightest Lights Will Glow
https://www.cnet.com/science/space/you-can-still-see-the-aurora-borealis-tonight-heres-where-the-brightest-lights-will-glow/#ftag=CADf328eec

While not as strong as Tuesday's lights, tonight's auroras could be impressive for many in the northern US.

Tech Wire

02 July 2025 23:41

Microsoft Layoffs Result in at Least 3 Games Being Cancelled
https://www.cnet.com/tech/gaming/microsoft-layoffs-result-in-at-least-3-games-being-cancelled/#ftag=CADf328eec

Microsoft is cutting upward of 9,000 jobs in its latest round of layoffs; Perfect Dark and Everwild among games to be cancelled.

Tech Wire

02 July 2025 23:39

I Like Microsoft's 13-Inch Surface Laptop, but the Larger Model Is the One to Get
https://www.cnet.com/tech/computing/microsoft-surface-laptop-13-inch-review/#ftag=CADf328eec

It's compact, solidly built and great for travel, but the slightly larger 13.8-inch version is the better choice as a daily driver.

Tech Wire

02 July 2025 19:45

Cisco Unified Communications Manager Static SSH Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20Static%20SSH%20Credentials%20Vulnerability%26vs_k=1

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

Security Impact Rating: Critical


CVE: CVE-2025-20309

Tech Wire

02 July 2025 19:43

Cisco Spaces Connector Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Spaces%20Connector%20Privilege%20Escalation%20Vulnerability%26vs_k=1

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU

Security Impact Rating: Medium


CVE: CVE-2025-20308

Tech Wire

02 July 2025 18:10

These Fast Food Restaurants Hiked Their Prices the Most Last Year
https://www.cnet.com/news/these-fast-food-restaurants-hiked-their-prices-the-most-last-year/#ftag=CADf328eec

Now we know why your favorite fast food now costs more than ever before.

Tech Wire

02 July 2025 16:12

I Can't Wait to Drop Into Tony Hawk's Pro Skater 3 + 4 on Xbox Game Pass Soon
https://www.cnet.com/tech/gaming/i-cant-wait-to-drop-into-tony-hawks-pro-skater-3-4-on-xbox-game-pass-soon/#ftag=CADf328eec

Xbox Game Pass is getting several games this month, including Tony Hawk's Pro Skater 3 + 4, and the return of High on Life.

Tech Wire

02 July 2025 16:10

Driving With CarPlay Ultra: Apple Does Dashboard Displays Right video
https://www.cnet.com/roadshow/videos/driving-with-carplay-ultra-apple-does-dashboard-displays-right/#ftag=CADf328eec

Apple's CarPlay Ultra debuts on the $250,000 Aston Martin DBX, putting Apple's touch on every display. We take it for a ride to see how much it improves the experience -- and if it's any safer.

Tech Wire

02 July 2025 16:08

'Squid Game' on Fortnite: Learn All About the New Skins and Items
https://www.cnet.com/tech/gaming/squid-game-on-fortnite-learn-all-about-the-new-skins-and-items/#ftag=CADf328eec

The super popular Netflix series has landed on the super popular third-person shooter.

Tech Wire

02 July 2025 16:06

Scam Travel Websites Are Real: What To Know Before You Book Your Trip
https://www.cnet.com/tech/services-and-software/scam-travel-websites-are-real-what-to-know-before-you-book-your-trip/#ftag=CADf328eec

That great deal on an amazing vacation may not actually be so amazing.

Tech Wire

02 July 2025 10:04

Let's Talk About the 'Ironheart' Finale and Post-Credits Scene
https://www.cnet.com/tech/services-and-software/lets-talk-about-the-ironheart-finale-and-post-credits-scene/#ftag=CADf328eec

Marvel did its Marvel thing again.

Tech Wire

02 July 2025 02:27

XSAs released on 2025-07-01
https://www.qubes-os.org/news/2025/07/01/xsas-released-on-2025-07-01/

The Xen Project (https://xenproject.org/) has released one or more Xen security advisories (XSAs) (https://xenbits.xen.org/xsa/).
The security of Qubes OS is not affected.

XSAs that DO affect the security of Qubes OS

The following XSAs do affect the security of Qubes OS:


(none)


XSAs that DO NOT affect the security of Qubes OS

The following XSAs do not affect the security of Qubes OS, and no user action is necessary:


XSA-470 (https://xenbits.xen.org/xsa/advisory-470.html)

Denial of service only




About this announcement

Qubes OS uses the Xen hypervisor (https://wiki.xenproject.org/wiki/Xen_Project_Software_Overview) as part of its architecture (https://www.qubes-os.org/doc/architecture/). When the Xen Project (https://xenproject.org/) publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA) (https://xenproject.org/developers/security-policy/). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB) (https://www.qubes-os.org/security/qsb/). (QSBs are also issued for non-Xen vulnerabilities.) However, QSBs can provide only positive confirmation that certain XSAs do affect the security of Qubes OS. QSBs cannot provide negative confirmation that other XSAs do not affect the security of Qubes OS. Therefore, we also maintain an XSA tracker (https://www.qubes-os.org/security/xsa/), which is a comprehensive list of all XSAs publicly disclosed to date, including whether each one affects the security of Qubes OS. When new XSAs are published, we add them to the XSA tracker and publish a notice like this one in order to inform Qubes users that a new batch of XSAs has been released and whether each one affects the security of Qubes OS.