Category: Software

  • WhatsApp Phone Book: All 3.5 Billion Users Listed by Researchers

    WhatsApp Phone Book: All 3.5 Billion Users Listed by Researchers

    Key Takeaways

    1. Data Collection Vulnerability: Researchers exploited a security flaw in WhatsApp’s contact discovery feature, revealing the identities of 3.5 billion users.

    2. Massive Query Capability: The flaw allowed for the potential lookup of 100 million phone numbers every hour due to a lack of proper rate limits for queries.

    3. Database Creation: The research resulted in a vast database of active WhatsApp accounts, showing publicly accessible metadata like profile photos and last seen details.

    4. Meta’s Response: Meta has implemented strict rate limits to prevent mass queries, although they claim no evidence of prior exploitation exists.

    5. Implications of Shared Keys: Researchers discovered groups of phone numbers sharing the same public key, indicating the use of unofficial software that compromises WhatsApp’s security.

    Security researchers from the University of Vienna and SBA Research have shown a worrying example of how data can be collected on WhatsApp. The team was able to reveal the identities of all 3.5 billion users by utilizing the messenger’s contact discovery feature. This feature is supposed to help users check the contacts in their own address book.

    Exploiting Security Flaws

    The researchers took advantage of a significant security flaw, which has now been patched. They found that the interface lacked proper rate limits for queries. This allowed them to potentially look up a staggering 100 million phone numbers every hour. They simply scanned complete phone number ranges. The study has been shared on GitHub, and the scientists will showcase additional findings and analyses at the Network and Distributed System Security (NDSS) Symposium happening in San Diego from February 23 to 27, 2026.

    A Massive Database of User Accounts

    The results of this research created a vast database containing around 3.5 billion active WhatsApp accounts across the globe. Once a number was verified as registered, WhatsApp’s API (application programming interface) revealed publicly accessible metadata. This included profile photos, status updates, and details about the last time a user was seen online. Technical insights were also available, such as the types of operating systems used. For instance, the data indicates that about 81% of users globally are on Android, while iOS represents about 19%.

    The researchers also looked at this data in relation to the significant Facebook data breach from 2021. Of the numbers leaked during that incident, 58% remain active today. This highlights how valuable large datasets can be, even after a long period. In places with strict internet censorship and bans on WhatsApp, millions of active users were still identified. Specifically, 2,333,519 accounts with Chinese phone numbers were found. Even in North Korea, at least five phone numbers were linked to WhatsApp accounts.

    Meta’s Response to the Issue

    Meta was alerted about the security vulnerability and has since taken steps to enforce strict rate limits, thus preventing mass queries at such speeds. Although the company claims there is no proof that third parties exploited the vulnerability, a thorough review of past attempts is nearly impossible from a technical standpoint. The method used is known among security experts, raising the possibility that it might have been previously used undetected by other parties.

    Additionally, a technical aspect sheds light on the obscure workings of WhatsApp. Typically, each app installation generates a distinct cryptographic key pair necessary for end-to-end encryption and to authenticate the device’s identity. However, the researchers found groups of phone numbers sharing the same public key, which should not be possible with the official app on real devices. This shared key strongly indicates the use of unofficial software. Such tools are often employed in “click farms” or for marketing bots, where operators replicate identical security identities across numerous accounts for efficiency or due to poor implementation. This not only reveals fake accounts but also shows that these unofficial applications can significantly compromise the messenger’s security framework.

    Source:
    Link

     

    Tags: , ,
  • Google Pixel January 2026 Update: Bug Fixes and Improvements

    Google Pixel January 2026 Update: Bug Fixes and Improvements

    Key Takeaways

    1. Google has started releasing the January 2026 software update for compatible Pixel devices, focusing on bug fixes and system reliability.
    2. The update aims to resolve display-related issues on Pixel 10 devices, including Always-On Display flickering and problems while editing HDR images.
    3. Pixel 8 and later models receive fixes for battery drain issues to improve overall performance and reduce unexpected power drops.
    4. A specific fix for noisy ringback sounds during Webex calls is included, benefiting both Pixel 8 and Pixel 7a users.
    5. The rollout of the update will occur in stages over the next week, with users receiving notifications when it’s available for their devices.

    Google has begun to release its January 2026 software update, bringing a variety of bug fixes and enhancements to compatible Pixel devices. As per Google’s announcement, all Pixel smartphones that support Android 16 will start receiving this update from today. As always, the rollout will take place in stages over the next week. When the update is ready for your device, you will receive a notification that encourages you to download and install it.

    Focus on Stability

    This month’s update mainly aims to fix bugs and enhance system reliability instead of introducing new features. For the Pixel 10 devices, Google has tackled multiple display-related problems. These fixes include addressing the Always-On Display flickering in certain situations and resolving an issue where annoying lines could appear on the screen while editing HDR images in Adobe Lightroom. Additionally, general GPU performance improvements have been implemented, which should lead to smoother visuals in certain scenarios. The update also resolves a bug that could make the touchscreen unresponsive at random times.

    Improvements for Newer Models

    For Pixel 8 and later models, the update brings a solution for battery draining that happened in specific instances. This should lead to better overall battery performance and lessen unexpected power drops. Furthermore, Google has fixed an issue that resulted in noisy ringback sounds during Webex calls. This particular fix is also relevant for the Pixel 7a.

    Google’s latest update emphasizes stability and bug fixes, ensuring a smoother user experience across its devices. Users are encouraged to keep an eye out for the update notification to enjoy these improvements.

    Source:
    Link

     

    Tags: , ,
  • iOS 16 Faces Adoption Issues Amid Liquid Glass UI Criticism

    iOS 16 Faces Adoption Issues Amid Liquid Glass UI Criticism

    Key Takeaways

    1. User reactions to iOS 26 are mixed, with some praising Liquid Glass and others finding design updates overwhelming.
    2. Adoption rates for iOS 26 are low at 15.2%, significantly lower than previous versions like iOS 18 (63%).
    3. iOS 26 features design changes focusing on translucency that have disappointed many users.
    4. Despite mixed reactions, iOS 26 introduces positive features like call screening, new iMessage options, and enhanced CarPlay.
    5. iOS 18 will continue to receive support for several years, allowing users time to adapt to the new interface.

    Apple’s iOS 26 was revealed about six months ago, and the response from users has been quite mixed. While some praised Apple’s innovative use of Liquid Glass, others felt that the design updates were too much and not very user-friendly in certain situations.

    Adoption Rates Tell a Story

    The varied reactions to iOS 26 can be seen in the latest adoption statistics. As per StatCounter, around 15.2% of iPhone users have switched to iOS 26. It’s been over four months since the new iOS was released to all compatible iPhone users, making this adoption rate a bit hard to swallow.

    Comparison with Previous Versions

    In comparison, CultOfMac notes that the earlier version, iOS 18, achieved a remarkable 63% adoption in a similar period. Likewise, iOS 17 and iOS 16 also had significantly higher adoption rates than iOS 26, with figures of 54% and 62%, respectively.

    User Reactions to Design Changes

    The design modifications introduced with iOS 26, which focus on translucency and diffusion effects, have left many iPhone users feeling quite let down. Although Apple does not enforce yearly iOS updates, they make the upgrade process very easy to encourage users to adopt the latest version. However, it seems that even Apple’s user-friendly update system is having a tough time persuading people.

    On the plus side, iOS 26 introduces several exciting features that received positive feedback, including call screening, new iMessage options like polls and custom backgrounds, and enhanced CarPlay features. For those who really dislike the new user interface, there’s a way to minimize the translucency by adjusting the settings from ‘Clear’ to ‘Tinted.’

    In conclusion, it appears that iOS 18 will continue to be supported for several more years, giving loyal Liquid Glass critics some time to adjust and breathe easy for the time being.

    Source:
    Link

     

    Tags: , ,
  • Apple Contest Ruling: Britons May Get £1.5 Billion in Refunds

    Apple Contest Ruling: Britons May Get £1.5 Billion in Refunds

    Key Takeaways

    1. A UK court found that Apple misused its dominant position in the App Store by imposing a high 30% commission.
    2. Apple plans to appeal the ruling, arguing for its current commission system and emphasizing the App Store’s economic contributions.
    3. The court suggested lower commission rates of 17.5% on app sales and 10% on in-app purchases.
    4. If Apple’s appeal fails, it may lead to more lawsuits against both Apple and Google from developers.
    5. Over 2,000 app developers are pursuing a separate legal action against Apple and Google, claiming unfair commission practices.

    The ongoing discussion about monopolies in software distribution has gained more attention, especially regarding tech giants like Apple and Google. Recently, a UK court determined that Apple misused its dominant position in the App Store, imposing high prices via its well-known 30% commission, often referred to as the “Apple tax.”

    Apple’s Response to the Ruling

    In response to this decision, Apple has decided to appeal. The judges were clear in their findings, suggesting that a commission of 17.5% on app sales and 10% on in-app purchases would be more suitable than the standard 30%. Apple disagrees with this assessment, claiming that the judges have a “flawed view” of the app economy. The company emphasizes that the App Store contributed over $55 billion to the UK economy in 2024 and provides a safe platform for developers. Moreover, Apple points out that many developers actually pay a lower commission of 15%.

    Implications for Future Lawsuits

    If Apple’s appeal does not succeed, it could lead to a wave of similar lawsuits against both Apple and Google. Developers are also joining the fight against these fees. In a separate legal action, more than 2,000 app developers are demanding up to £1 billion in damages, alleging that Apple and Google place unfair burdens on smaller studios with arbitrary commission rates. As a result, the UK courts could pose significant challenges for both Apple and Google by 2026.

    The Guardian

    Source:
    Link

     

    Tags: , ,
  • Data Leak Exposes 17.5 Million Instagram Users’ Information

    Data Leak Exposes 17.5 Million Instagram Users’ Information

    Key Takeaways

    1. A data breach has exposed personal information of 17.5 million Instagram users, discovered by Malwarebytes and linked to a hacker named “Solonik.”

    2. The leaked data includes usernames, full names, email addresses, phone numbers, and user IDs, but not passwords.

    3. Risks from the breach include impersonation attacks, phishing schemes, and potential account takeovers through Instagram’s password reset feature.

    4. Meta, Instagram’s parent company, has not officially confirmed the breach or informed affected users.

    5. Users are advised to be cautious of suspicious communications, activate two-factor authentication, update passwords, and avoid clicking unknown links.

    A huge data breach has allegedly revealed personal information of 17.5 million Instagram users, sparking major concerns about privacy and security. This situation was first identified by Malwarebytes, which traced the leak to a hacker known as “Solonik.” As stated in the report, the data was shared on BreachForums on January 7, 2026, allowing other cybercriminals to access it.

    Discovery and Investigation

    In a message sent to users, Malwarebytes mentioned they found the leak during a standard dark web investigation. Their analysis uncovered extensive, organized JSON and TXT files believed to come from a possible Instagram API exposure from 2024. The size of the dataset is notable, consisting of records connected to 17.5 million users, indicating that this was not merely a small or isolated event.

    Types of Exposed Data

    The leaked information contains various kinds of sensitive personal data. This reportedly includes Instagram usernames, full names, email addresses, international phone numbers, partial physical addresses, user IDs, and other related contact information. Although passwords were not listed among the leaked data, the volume of personal details involved still poses a significant risk to the affected individuals.

    Risks Associated with the Breach

    Malwarebytes has cautioned that hackers are likely to exploit this data in several ways. The most prevalent dangers include impersonation attacks, targeted phishing schemes, and attempts to gather credentials. A particular worry is the possible misuse of Instagram’s password reset feature. With access to emails and phone numbers, attackers could initiate account takeovers by triggering password reset requests and deceiving users into giving away access.

    As of now, Meta, the parent company of Instagram, has not officially acknowledged the breach. There has been no public announcement detailing how the data was leaked or if the impacted users will receive direct notifications.

    User Precautions

    Until further details emerge, users should remain vigilant. Exercise caution with suspicious emails or SMS that appear to be from Instagram or Meta, particularly those requesting you to reset your password or verify your account. These communications are often designed to seem legitimate but are actually phishing attempts.

    To enhance safety, it is strongly advised to activate two-factor authentication (2FA) with an authenticator app or via SMS, update your Instagram password to something robust and unique, and refrain from clicking on unknown links.

    Malwarebytes via X

    Source:
    Link

     

    Tags: , ,
  • Why Microsoft Defender Blocks Microsoft Activation Scripts (MAS)

    Why Microsoft Defender Blocks Microsoft Activation Scripts (MAS)

    Key Takeaways

    1. Microsoft Defender mistakenly flagged the legitimate “Microsoft Activation Scripts” (MAS) as malware, causing access issues for users.
    2. The problem may stem from network-level issues, such as DNS problems or targeted DNS attacks, rather than a direct error from Microsoft.
    3. The warning from Defender is seen as a protective measure against potential malware, not an actual error.
    4. Disabling Microsoft Defender to bypass the issue poses significant security risks for users.
    5. The situation highlights the challenge of balancing security measures against the potential collateral damage to legitimate tools.

    At first glance, this situation seemed to be a typical failure in IT security. Just yesterday, numerous users indicated that Microsoft Defender unexpectedly began preventing access to the original “Microsoft Activation Scripts” (MAS). The error notice, “Trojan:PowerShell/FakeMas.DA!MTB,” implied that Microsoft’s security tool was confusing the authentic open-source utility with one of the numerous malware versions that are out there. Since MAS is a community-driven method for activating Windows and Office instead of being an official Microsoft offering, many quickly thought there was some intentional action—a kind of backdoor blockage.

    Investigating the Issue

    We believe that this isn’t a mistake from Microsoft’s side but rather an issue at the network level for those affected. A likely reason could be DNS problems or even targeted DNS attacks (known as DNS spoofing). If the domain resolution has been tampered with for these users, trying to reach the supposedly genuine address might actually redirect them to a server that provides a harmful “fake” version. In such a case, the warning from Defender isn’t an error; it’s a genuine, last-minute protective measure. Some websites suggested that temporarily turning off Defender could be a solution, but that would essentially leave users vulnerable to malware or Trojans.

    User Reactions

    On X.com, Powerm1nt shared the first post regarding this error, noting the situation with Windows 11 Pro aarch64.

    The Bigger Picture

    Microsoft Defender has blocked the legitimate MAS during this ongoing battle against fake scripts, causing collateral damage in the process.

    Source:
    Link

     

    Tags: , ,
  • Strava Adds Adaptive Training and Garmin, Amazfit Integration

    Strava Adds Adaptive Training and Garmin, Amazfit Integration

    Key Takeaways

    1. New Feature: Strava introduces Instant Workouts, a feature for paying customers that simplifies workout planning.
    2. Subscription Cost: The service costs $11.99 per month with annual billing, but a free trial is available.
    3. Training Modes: Users can choose from four modes: Build, Maintain, Explore, and Recover, each targeting different training goals.
    4. Personalized Suggestions: Users receive five tailored workout suggestions based on their training history and performance level.
    5. Integration with Devices: Instant Workouts can integrate with Garmin Connect and Amazfit devices for adaptive training planning.

    Strava, a platform familiar to many athletes, is now introducing a new feature called Instant Workouts. This feature is available exclusively to paying customers, as it is behind a paywall, although there is a free trial period available. The subscription cost is $11.99 per month for an individual user with annual billing, making it somewhat pricey.

    A New Approach to Training

    Instant Workouts is designed to significantly reduce the hassle of planning workouts for athletes. Users can select from four training modes: Build, Maintain, Explore, and Recover. The Build mode likely includes more challenging training sessions aimed at boosting endurance. Maintain focuses on keeping current performance levels, while Recover is for those who are feeling fatigued but still want to engage in light training. Explore is meant for trying out new sports or finding different routes, helping users break through training plateaus.

    Tailored Training Suggestions

    Once a mode is selected, users receive five training suggestions to choose from. A workout or route is then automatically created based on the selected suggestions. Strava claims that these recommendations are personalized according to the user’s training history and performance level. This approach aims to help users avoid overtraining while still allowing for improvements in performance through adequate training intensity. While adaptive training planning isn’t completely new—Garmin has daily training suggestions, and Amazfit wearables also offer adaptive training plans—Strava does integrate with both Garmin Connect and the Zepp app for Amazfit devices.

    Source:
    Link

     

    Tags: , ,
  • Kindle Users Can’t Send Word Docs Directly from Microsoft Word

    Kindle Users Can’t Send Word Docs Directly from Microsoft Word

    Key Takeaways

    1. The Send to Kindle feature from Microsoft Word will be discontinued on February 9, 2026.
    2. This feature was introduced in April 2023 but did not gain significant user traction.
    3. The removal affects all platforms, including web, Windows, and Mac.
    4. No explanation for the discontinuation has been provided by Microsoft or Amazon.
    5. Users can still send .doc or .docx files using Amazon’s Send to Kindle web service, which supports multiple file formats.

    Starting in early February, you will no longer be able to send Word documents from Microsoft Word to your Kindle e-reader. This feature, known as Send to Kindle from Microsoft Word, was first introduced in April 2023. It was a useful tool for Microsoft 365 users, allowing them to directly transfer documents to their Kindle library. While all Kindle models supported this feature, it was especially beneficial for the Kindle Scribe, which comes with a stylus for adding annotations directly on documents.

    Update on Feature Removal

    As reported by Good Ereader, Microsoft has quietly changed its support page to indicate that the Send to Kindle feature will be discontinued starting February 9, 2026. This change will apply to all platforms, including web, Windows (Win32), and Mac.

    Lack of Explanation

    Neither Microsoft nor Amazon has provided a reason for this removal, but the decision suggests that the feature was not widely used. Its low-key launch and the lack of awareness among users imply that it never gained significant traction and was eventually considered not worth the effort for further development and upkeep.

    Alternative Options

    On a positive note, you can still send .doc or .docx files through Amazon’s Send to Kindle web service. This service has allowed users to send various file types to their Kindle library for a long time. It supports many formats, including popular ebook types like Epub and PDF, as well as TXT, RTF, HTML, PNG, JPG, JPEG, and GIF.

    Source:
    Link

     

    Tags: , ,
  • Home Assistant Update: New Triggers and Dashboard Enhancements

    Home Assistant Update: New Triggers and Dashboard Enhancements

    Key Takeaways

    1. Significant enhancements to the Home dashboard for a more user-friendly mobile experience, including a new Devices page.
    2. Expanded triggers and conditions with new options like Button, Climate, Humidifier, and Light-specific triggers, currently in testing.
    3. Revamped Settings page with a focus on protocol dashboards.
    4. New integrations introduced, including HomeLink devices, Airpatrol WiFi devices, and eGauge energy monitors.
    5. Improvements to existing integrations, such as new switch entities for FRITZ!Box Smart Home routines.

    The newest update for Home Assistant, called the 2026.1 release, is now here. This update comes about a month after the 2025.12 version, which introduced the Home Assistant Labs section and a new integration with Philips Hue BLE.

    Enhancements to the Home Dashboard

    With the 2026.1 release, there are significant enhancements to the Home dashboard. The mobile experience has been made more user-friendly, eliminating the need for tabs to move around. Summary cards are now positioned at the top of the display, while sections for favorites and areas are located underneath. Additionally, a new Devices page has been implemented, allowing users to see a list of products that aren’t assigned to any area.

    Expanded Triggers and Conditions

    Moreover, Home Assistant is enhancing its specific triggers and conditions, increasing the variety of available triggers. These now include options like Button, Climate, Humidifier, and Light-specific triggers. It’s worth noting that this feature is still in testing within the Home Assistant Labs section. The Settings page has also been revamped, placing more emphasis on the protocol dashboards section.

    New Integrations and Improvements

    As always, Home Assistant 2026.1 also introduces new integrations. Users can now add HomeLink devices, such as the v5 Wireless Garage Door Opener (three color kit currently priced at $149.99 on Amazon Marketplace), Airpatrol WiFi devices, and eGauge energy monitors to their setup. There are also enhancements for existing integrations, like FRITZ!Box Smart Home, which now features new switch entities that let users control routines directly through Home Assistant. For a detailed change log, check out the company’s blog.

    Source:
    Link

     

    Tags: , ,
  • Garmin Nutrition Tracking Feature Faces Issues in Initial Tests

    Garmin Nutrition Tracking Feature Faces Issues in Initial Tests

    Key Takeaways

    1. Garmin’s Nutrition Tracking feature requires a paid Garmin Connect+ subscription and allows food scanning via barcode or photo recognition.
    2. Setup challenges include the need to unlink MyFitnessPal accounts and set target weights for accurate calorie intake recommendations.
    3. The food scanning technology struggles with complex meals, often misidentifying food items and providing incorrect nutritional data.
    4. The app has limitations, such as using standard portion sizes that may not match personal consumption habits, requiring scales for accuracy.
    5. The smartwatch experience is restricted, with users facing app crashes and limited meal input options directly from the device.

    On Monday, Garmin introduced a new feature known as Nutrition Tracking. This feature is available to those who have a paid Garmin Connect+ subscription. Users can scan their food by either using a barcode or by capturing a photo of their dish with their smartphone camera. The AI technology is designed to recognize the food items. The information collected is then analyzed to reveal nutrient patterns and assess how different diets affect workouts and sleep, among other factors.

    Setup Challenges

    Despite the promising concept, early tests from the5krunner and DC Rainmaker reveal that Garmin’s Nutrition Tracking has its share of challenges. To get started, individuals who used MyFitnessPal for nutrition tracking must first unlink their account from Garmin Connect. After the setup is completed, users can set a target weight. Garmin then uses this information to determine the ideal calorie intake, which is distributed throughout meals like breakfast, lunch, dinner, and snacks.

    Recognition Issues

    The food scanning feature does not always function as intended. While it can easily identify simple foods like a single banana, it struggles with complex meals containing multiple components. For instance, a plate with three slices of toast may only be recognized as one slice, and the AI often overlooks the butter under jam, leading to incorrect nutritional data.

    Limitations on Smartwatch

    The app also faces challenges when it comes to differentiating between white and wholegrain toast. Many items are registered with a standard portion size of 100 grams, making it necessary to use scales for accurate nutritional recording. This is particularly inconvenient for items like sauces, jam, or honey, as Garmin’s default serving sizes can be quite different from what is actually consumed, based on personal habits.

    The smartwatch experience is somewhat limited; while Garmin shows the calories and nutritional data for the day, users can only add pre-stored meals directly from the smartwatch. Furthermore, reports indicate that the smartwatch app often crashes, according to findings from DC Rainmaker.

    Source:
    Link

     

    Tags: , ,