Technology news Supporting these networks yamechanic.com/2Kkn TechCrunch Cnet Letstalkbitcoin TheHackersNews EnGadget PCMag Defcon Bitcoin Coindesk Wired Wisprtech KaliLinux BBC SecruityFocus Cisco Qubes-OS Google Wikileaks TorProject GameStop IGN E3
I'm a Pro Photographer: Here's How to Get the Best Firework Photos With Your Phone
https://www.cnet.com/tech/mobile/im-a-pro-photographer-heres-how-to-get-the-best-firework-photos-with-your-phone/#ftag=CADf328eec
Whether you have the latest iPhone or an older Samsung Galaxy, this Fourth of July is a great time to take firework pictures
Here's When to See July's Spectacular Buck Moon, Along With Mars and Venus
https://www.cnet.com/science/space/heres-when-to-see-julys-buck-moon-along-with-mars-and-venus/#ftag=CADf328eec
July's full moon, also known as the Thunder Moon, will fill the sky on July 10.
Today's NYT Strands Hints, Answers and Help for July 3, #487
https://www.cnet.com/tech/gaming/todays-nyt-strands-hints-answers-and-help-for-july-3-487/#ftag=CADf328eec
Here are hints and answers for the NYT Strands puzzle for July 3, No. 487.
Today's NYT Connections: Sports Edition Hints and Answers for July 3, #283
https://www.cnet.com/tech/gaming/todays-nyt-connections-sports-edition-hints-and-answers-for-july-3-283/#ftag=CADf328eec
Here are hints and the answers for the NYT Connections: Sports Edition puzzle for July 3, No. 283
You Only Have Until July 7 to Grab Some Rare First Chapter Lorcana Cards
https://www.cnet.com/culture/entertainment/you-only-have-until-july-7-to-grab-some-rare-first-chapter-lorcana-cards/#ftag=CADf328eec
Now is the time to get those cards you might have missed from the First Chapter and Floodborn, as well as some special packs.
When an Amazon Driver Broke Down My Gate, This Device Would Have Saved Me $500
https://www.cnet.com/news/when-an-amazon-driver-broke-down-my-gate-this-device-would-have-saved-me-500/#ftag=CADf328eec
Here's what happened and how I'm protecting myself next time.
Tinder Users Must Start Logging In With Their Faces
https://www.cnet.com/tech/mobile/tinder-users-must-start-logging-in-with-their-faces-its-about-catfishing-and-much-more/#ftag=CADf328eec
The social app is rolling out required facial recognition logins in efforts to increase authenticity and block bots.
Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Enterprise%20Chat%20and%20Email%20Stored%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1
A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. There is a mitigation that addresses this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
Security Impact Rating: Medium
CVE: CVE-2025-20310
Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20BroadWorks%20Application%20Delivery%20Platform%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA
Security Impact Rating: Medium
CVE: CVE-2025-20307
The Ultrahuman Ring Air Shamed Me Into Ditching Unhealthy Habits
https://www.cnet.com/tech/mobile/the-ultrahuman-ring-air-shamed-me-into-ditching-unhealthy-habits/#ftag=CADf328eec
This $350 smart ring tracks more than you'll ever need to (and want to) know without committing to a subscription.
Xbox Elite Wireless Controller 2 Is Overkill for Most People, but Still Delivers an Epic Gaming Experience
https://www.cnet.com/tech/gaming/xbox-elite-wireless-controller-2-is-overkill-for-most-people-but-still-delivers-an-epic-gaming-experience/#ftag=CADf328eec
The Xbox Elite Wireless Controller Series 2 still sets the bar for a pro-level controller.
How to Watch England vs. India From Anywhere for Free: Livestream 2nd Test Cricket
https://www.cnet.com/tech/services-and-software/how-to-watch-england-vs-india-from-anywhere-for-free-livestream-2nd-test-cricket/#ftag=CADf328eec
The series moves to Edgbaston as the hosts look to build on a thrilling first-encounter victory.
Asus Rog Delta II Review: Lots To Offer, but Not Worth the Price
https://www.cnet.com/tech/gaming/asus-rog-delta-ii-review-lots-to-offer-but-not-worth-the-price/#ftag=CADf328eec
There's a lot to like, as long as you have the right head size.
6 Devices and Tips if Your Pet Is Afraid of Fireworks This Fourth of July
https://www.cnet.com/home/smart-home/6-devices-and-tips-if-your-pet-is-afraid-of-fireworks-this-fourth-of-july/#ftag=CADf328eec
If the Fourth of July fireworks mean trouble for your pet, there are a few modern options that may be able to help.
Today's NYT Mini Crossword Answers for Wednesday, July 2
https://www.cnet.com/tech/gaming/todays-nyt-mini-crossword-answers-for-wednesday-july-2/#ftag=CADf328eec
Here are the answers for The New York Times Mini Crossword for July 2.
Prepare to Share All Your Pics With Meta If You Turn On Facebook's New AI Photo Tool
https://www.cnet.com/tech/services-and-software/prepare-to-share-all-your-pics-with-meta-if-you-turn-on-facebooks-new-ai-photo-tool/#ftag=CADf328eec
Facebook's camera roll cloud processing feature puts your photos and videos in the hands of Meta.
Today's NYT Connections Hints, Answers and Help for July 3, #753
https://www.cnet.com/tech/gaming/todays-nyt-connections-hints-answers-and-help-for-july-3-753/#ftag=CADf328eec
Here are some hints and the answers for the NYT Connections puzzle for July 3, #753.
Today's Wordle Hints, Answer and Help for July 3, #1475
https://www.cnet.com/tech/gaming/todays-wordle-hints-answer-and-help-for-july-3-1475/#ftag=CADf328eec
Here are hints and the answer for today's Wordle for July 3, No. 1,475.
You Can Still See the Aurora Borealis Tonight. Here's Where the Brightest Lights Will Glow
https://www.cnet.com/science/space/you-can-still-see-the-aurora-borealis-tonight-heres-where-the-brightest-lights-will-glow/#ftag=CADf328eec
While not as strong as Tuesday's lights, tonight's auroras could be impressive for many in the northern US.
Microsoft Layoffs Result in at Least 3 Games Being Cancelled
https://www.cnet.com/tech/gaming/microsoft-layoffs-result-in-at-least-3-games-being-cancelled/#ftag=CADf328eec
Microsoft is cutting upward of 9,000 jobs in its latest round of layoffs; Perfect Dark and Everwild among games to be cancelled.
I Like Microsoft's 13-Inch Surface Laptop, but the Larger Model Is the One to Get
https://www.cnet.com/tech/computing/microsoft-surface-laptop-13-inch-review/#ftag=CADf328eec
It's compact, solidly built and great for travel, but the slightly larger 13.8-inch version is the better choice as a daily driver.
Cisco Unified Communications Manager Static SSH Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Manager%20Static%20SSH%20Credentials%20Vulnerability%26vs_k=1
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
Security Impact Rating: Critical
CVE: CVE-2025-20309
Cisco Spaces Connector Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Spaces%20Connector%20Privilege%20Escalation%20Vulnerability%26vs_k=1
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
Security Impact Rating: Medium
CVE: CVE-2025-20308
These Fast Food Restaurants Hiked Their Prices the Most Last Year
https://www.cnet.com/news/these-fast-food-restaurants-hiked-their-prices-the-most-last-year/#ftag=CADf328eec
Now we know why your favorite fast food now costs more than ever before.
I Can't Wait to Drop Into Tony Hawk's Pro Skater 3 + 4 on Xbox Game Pass Soon
https://www.cnet.com/tech/gaming/i-cant-wait-to-drop-into-tony-hawks-pro-skater-3-4-on-xbox-game-pass-soon/#ftag=CADf328eec
Xbox Game Pass is getting several games this month, including Tony Hawk's Pro Skater 3 + 4, and the return of High on Life.
Driving With CarPlay Ultra: Apple Does Dashboard Displays Right video
https://www.cnet.com/roadshow/videos/driving-with-carplay-ultra-apple-does-dashboard-displays-right/#ftag=CADf328eec
Apple's CarPlay Ultra debuts on the $250,000 Aston Martin DBX, putting Apple's touch on every display. We take it for a ride to see how much it improves the experience -- and if it's any safer.
'Squid Game' on Fortnite: Learn All About the New Skins and Items
https://www.cnet.com/tech/gaming/squid-game-on-fortnite-learn-all-about-the-new-skins-and-items/#ftag=CADf328eec
The super popular Netflix series has landed on the super popular third-person shooter.
Scam Travel Websites Are Real: What To Know Before You Book Your Trip
https://www.cnet.com/tech/services-and-software/scam-travel-websites-are-real-what-to-know-before-you-book-your-trip/#ftag=CADf328eec
That great deal on an amazing vacation may not actually be so amazing.
Let's Talk About the 'Ironheart' Finale and Post-Credits Scene
https://www.cnet.com/tech/services-and-software/lets-talk-about-the-ironheart-finale-and-post-credits-scene/#ftag=CADf328eec
Marvel did its Marvel thing again.
XSAs released on 2025-07-01
https://www.qubes-os.org/news/2025/07/01/xsas-released-on-2025-07-01/
The Xen Project (https://xenproject.org/) has released one or more Xen security advisories (XSAs) (https://xenbits.xen.org/xsa/).
The security of Qubes OS is not affected.
XSAs that DO affect the security of Qubes OS
The following XSAs do affect the security of Qubes OS:
(none)
XSAs that DO NOT affect the security of Qubes OS
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-470 (https://xenbits.xen.org/xsa/advisory-470.html)
Denial of service only
About this announcement
Qubes OS uses the Xen hypervisor (https://wiki.xenproject.org/wiki/Xen_Project_Software_Overview) as part of its architecture (https://www.qubes-os.org/doc/architecture/). When the Xen Project (https://xenproject.org/) publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA) (https://xenproject.org/developers/security-policy/). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB) (https://www.qubes-os.org/security/qsb/). (QSBs are also issued for non-Xen vulnerabilities.) However, QSBs can provide only positive confirmation that certain XSAs do affect the security of Qubes OS. QSBs cannot provide negative confirmation that other XSAs do not affect the security of Qubes OS. Therefore, we also maintain an XSA tracker (https://www.qubes-os.org/security/xsa/), which is a comprehensive list of all XSAs publicly disclosed to date, including whether each one affects the security of Qubes OS. When new XSAs are published, we add them to the XSA tracker and publish a notice like this one in order to inform Qubes users that a new batch of XSAs has been released and whether each one affects the security of Qubes OS.