Agrégateur de flux

Phishing and its many variants are still a major threat on today's Internet. Email phishing is still a dominant attack type. You receive an email that usually claims to come from a legitimate company or service, in order to steal your passwords, other data, or gain access to information.

Experienced Internet users may detect most phishing emails immediately. One look at the sender's email address or the content of the email, and they know whether it is legitimate or not. Yes, a deep dive into the mail headers is usually the better option to determine whether an email is real or fake, but often, that is not necessary. If you get a claim from a company that you do not do business with, you can almost be certain that the email that you received is not legitimate.

Decade-old best practices against phishing still reign supreme. Do not click on links, do not use information to call someone, send them a message, or open a website listed in the phishing email. Bad grammar or spelling used to be a good indicator, but the increased use of AI by threat actors is eliminating most of that in emails.

If you are unsure, you may also hover with the mouse over links in phishing emails. At least on desktop systems, you see the link target. Often, it is a destination that has nothing to do with the entity the email supposedly came from. Even if an URL shortener is used or a new strategy is implemented, like showing mailto links instead of web links, it should ring the alarm bells loud and clear immediately.

On mobile, you may be able to long-press on links to display a context menu with options or information. There is still the risk of accidentally opening a link that you want to check though.

The following email, for example, has quite a few red flags. The sender claims that the recipient has to pay customs duties for a parcel transported by DHL.

Apart from the sender's email, it is the link that provides you with additional information. It screams fake, and if you used DHL before, you know that the company does not use the t.co URL shortening service.

Hovering over links may give help you distinguish fake emails from real ones. I still recommend that you open links manually only. If you get an email from your bank, a shopping site, or any other service or site that you use, you could still open it manually in your browser instead of clicking on a link, if you believe that there is a high chance that the email is legitimate.

Now You: How do you handle the threat of phishing? Do you use specialized security tools to protect against phishing attacks? Feel free to leave a comment down below.

Thank you for being a Ghacks reader. The post Hovering over links in emails is still one of the best defenses you have against phishing appeared first on gHacks Technology News.

There is certainly no shortage of password managers for all modern operating systems. From traditional password managers like Keepass that save passwords locally to cloud-based solutions like Bitwarden that sync data between devices to increase the convenience of using a password manager.

The makers of the open source authenticator 2Fas Auth have expanded this year into password manager territories. Their 2Fas Pass application is open source and was launched just a few months ago.

2Fas Pass uses the same design principles as the oganization's authenticator app. It is designed with security and privacy in mind and follows the organization's local-first principle. Its zero-knowledge architecture protects data at rest and while in transit.

First, the basics. The password manager is available as a native app for Android and iOS only. You can install browser extensions to integrate it with desktop operating systems, but still need to run the mobile app as data needs to be retrieved from the application.

You can install the app free of charge and are not required to create an account. The very first thing you need to do after installation of the password manager is to generate secret words and set a master password. The first part happens automatically, the second asks for a password that needs to be at least nine characters long.

Once you have set the local password you are good to go. You need to download the vault decryption kit as a PDF or print it. This is the only option to restore access to the password database if you forget the password.

The password manager can import or export passwords. It supports a wide range of password services, including 1Password, Bitwarden, browsers like Chrome or Firefox, or LastPass. There is also an option to import a backup of 2Fas Pass passwords, for instance to move the database to another device.

The free version has three main restrictions. First, you can only save up to 200 items in the password manager. Second, you can't sync the passwords between devices. Third, you can only install and use one browser extension. The paid version removes the restrictions and costs about $10 per year. It is for you to decide whether the restrictions are too limiting.

One interesting feature of 2Fas Pass is the ability to set security tiers for passwords.  The password manager supports secret, highly secret, and top secret tiers.

The main differentiating factor is access to the passwords. Secret passwords work with autofill and are also available in the browser extensions. Highly secret passwords become available only after you complete an additional confirmation step. Top secret passwords, finally, are isolated and they do not support autofill at all.

2Fas Pass is a new open source password with an interesting option to set the security level of individual passwords and a security- and local-first design. Desktop users may find the lack of dedicated desktop apps problematic. The limits of the free version may also keep some users from making the switch. While many may not run into the 200 passwords limit, restricting extension installations to just one browser could keep some users from even trying the password manager.

The price of a subscription is reasonable on the other hand and the only way for the organization to fund development and support.

Thank you for being a Ghacks reader. The post 2FAS Pass: local-first password manager from the makers of 2FAS Auth appeared first on gHacks Technology News.

Over the past couple of weeks, some reports claimed that Google had sent an emergency warning to all Gmail users after a security breach. Google says that these claims are false.

Here's what happened. In early August 2025, the Google Threat Intelligence Group confirmed that Google had been hacked in June this year, by a ransomware threat group called ShinyHunters, aka UNC6040.

After the attack, Google had performed an impact analysis, and prepared mitigations. Its analysis revealed that one of its corporate Salesforce instances (Salesforce Drift) had been breached. This instance had been used to store contact details for small and medium businesses, and the attackers managed to retrieve some of it. Google said the data the hackers accessed during a small window of time was limited to basic and largely publicly available business information, such as business names and contact details.

The words "largely publicly" do suggest some private data was stolen. Google says that the threat actors also compromised OAuth tokens for the "Drift Email" integration. Perhaps that's the private data that was affected?

Google said it had notified those affected by the breach by August 8. More details about this incident are available on Google's blog. Here's another article by Google that explains more about the attack.

A few weeks ago, some reports alleged that Google had sent out warnings to all Gmail users. I can't find the exact source where this rumor began. It doesn't make sense, the attack wasn't even related to Gmail. I mean, there are over 2.5 Billion Gmail users around the world. If Google had issued a warning for "all users", surely we would have seen one by now, right? Still, the number of articles that began reporting the news kept rising without quoting any shred of evidence. I rarely defend Google or any big tech for that matter, but spreading panic and fake news is wrong, and irresponsible.  It wasn't just blogs that were doing this.

As Forbes says, it was unusual for Google to put out a statement to clarify the situation. "Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false. "It also mentions that phishers are always on the lookout for finding ways to breach inboxes, but Google's security blocks 99.9% of the attempts from affecting users.

Google is advising users to use secure password alternatives like Passkeys to secure their accounts.

Thank you for being a Ghacks reader. The post Google says reports about a major Gmail security warning are false appeared first on gHacks Technology News.

L'été reste actif pour la Coopérative The Originals Hotels qui poursuit le développement de son réseau avec 4 nouveaux adhérents, portant à 16 le nombre de nouvelles adresses depuis le début de l'année.
Ces établissements aux profils variés intègrent différentes catégories : Relais, Résidence et City. Ils ont en commun le choix d'intégrer une coopérative afin de bénéficier d'un accompagnement collectif et du soutien d'autres hôteliers indépendants. Plus qu'une marque, ils rejoignent une communauté soudée, pour gagner (...)

Radisson Hotel Group accélère son développement en France avec une série de signatures et d'ouvertures emblématiques. Soutenu par de solides partenariats avec des acteurs de majeurs de l'immobilier tels que Covivio et Byron Capital, le groupe renforce sa présence dans des destinations françaises clés grâce à des conversions ciblées allant du segment lifestyle luxe au haut de gamme.
Notre stratégie de croissance en France repose fermement sur la confiance de nos partenaires existants, tout en établissant (...)

BARNES Hospitality a le plaisir d'annoncer la nomination de Delphine Morant au poste de Directrice de Maison Boissière – BARNES Residences, résidence hôtelière de luxe située au cœur du XVIe arrondissement de Paris.
Avec plus de vingt ans d'expérience dans l'hôtellerie haut de gamme, Delphine Morant incarne l'art du service à la française. Avant de rejoindre Maison Boissière – BARNES Residences, elle occupait le poste de Directrice de la Résidence Officielle de l'Ambassade du Canada à Paris, où elle était (...)

YouTube has started cracking down on Premium Family plan accounts that are not located under the same roof. The streaming service has required users to be in the same household, but it didn't really enforce the rule until now.

A month's subscription of YouTube Family Premium costs $23, and allows up to five family members to share the subscription, and includes YouTube Music, Background Play, Downloads, and ad-free YouTube. A regular YouTube Premium plan for individuals costs $13.99 per month. I wonder why people want to share the accounts?

Google's support page related to the subscription says, "To be eligible to share a YouTube family membership, each family members must live at the same residential address as the family manager. Every 30 days, an electronic check-in will confirm this requirement."

Reports from users reveal that YouTube is sending emails to users warning them that they may not be in the same household, and that their membership will be paused in 14 days. Users will remain in the family group, and watch YouTube with ads, but won't get any Premium benefits.  So it appears Google is tracking the location of the accounts, to determine whether they are in the same house. This is probably done by monitoring and comparing the IP addresses of each member, as well as some other location-based data.

Netflix does it, so does Disney+, Hulu as well. HBO Max is about to tighten its rules about account sharing this month. I'm not saying it's right, I'm just pointing out that it's a common practice by streaming services. Frankly, I'm surprised it took Google this long to do implement this rule, given how aggressively it has been pushing YouTube Premium for those who use ad blockers. Android Police points out that this Family rule change could be related to the new two-person Premium plan that YouTube introduced a few months ago.

If you don't need to download videos for offline viewing, or any of the other Premium benefits, just watch YouTube with an ad blocker on. I use Firefox and uBlock Origin on my computer, and Safari with uBlock Origin Lite on my iPhone. You can do the same with any Chromium based browser with uBlock Origin Lite. As for mobile apps, there's NewPipe, Revanced. Want to watch YouTube on your Android TV? Use SmartTube. There's also AdGuard, Pihole, etc.

Thank you for being a Ghacks reader. The post YouTube Premium Family plan accounts are being flagged for not being in the same household appeared first on gHacks Technology News.

Microsoft has confirmed that Windows 11 version 25H2 is now available in the Release Preview Channel. This is the final version of the software, before it hits general availability later this year.

Usually, when Microsoft releases an annual feature update, there is a lot of discussion about what's new in it. Well, things are a little different this time around. Windows 11 25H2 won't have any new features.

A blog post on Microsoft's website says, "Windows 11, version 24H2 and version 25H2 use a shared servicing branch. It also means that they also share the same new features and enhancements..."

So, why bother with an annual release? Each feature update receives two years of security updates, after which users will need to upgrade to a newer version. Here is a reminder for those who are still on Windows 11 23H2, Microsoft is ending support for this version on Nov 11, 2025. You will need to upgrade to Windows 11 24H2 or above to continue receiving updates. Version 24H2 will be supported until October 13, 2026. Likewise, Windows 11 25H2 will be supported until, you guessed it, 2027.

Version 25H2 does not have a launch date yet. Microsoft itself points out that Windows 11 25H2 removes some features, namely PowerShell 2.0 and Windows Management Instrumentation command-line (WMIC).

It's not a bug, it's a feature. Only, when it comes to Windows, it's mostly bugs. Windows 11 24H2 had plenty of bugs related to gaming, incompatibility with apps.

Recently, reports emerged stating that the KB5063878 Windows update was making SSDs inaccessible while writing large files. Some SSDs would reappear after a restart, but some SSDs were bricked permanently. Rumors suggested that SSDs with Phison controllers were primarily affected by the issue, but Phison has denied allegations that its controllers were faulty. In a statement to Tom's Hardware, Phison said that it was not able to reproduce the reported issue in over 4,500 cumulative testing hours and over 2,200 test cycles on potentially impacted drives.

Microsoft denied that it was a faulty Windows update, stating that it found no connection between the August 2025 Windows security update and the types of hard drive failures that were being reported on social media. Whodunnit?

Thank you for being a Ghacks reader. The post Windows 11 25H2 won't have any new features appeared first on gHacks Technology News.

Alors que plane la menace d'une remise en cause de l'exonération fiscale et sociale des pourboires dans le cadre du budget 2026, l'UMIH a réalisé, cet été, deux enquêtes complémentaires : La première avec l'institut IPSOS BVA auprès d'un échantillon représentatif de salariés de la branche (1004 salariés – du 10 au 21 juillet 2025)1. La seconde auprès d'employeurs/ chefs d'entreprise, adhérents Umih ou non (1 023 – du 22 juillet au 5 août 2025).
Des résultats sans appel : un rejet unanime de la part des (...)

Points-clés Nouveau credo de marque : The Home of the Maldivian Spirit Lancement du programme de fidélité Siyam Rewards Nouvelles Expériences Signature : Insta Villa, Maldivian Roots et Sun Siyam Beach Club Une nouvelle identifié unifiée autour de trois collections : Luxury, Privé et Lifestyle Un site Internet entièrement repensé : sunsiyam.com
Sun Siyam dévoile une étape historique de son évolution alors que le groupe fête ses 35 ans d'hospitalité maldivienne. Bien plus qu'un simple rafraîchissement (...)

Wagram Food Service annonce la nomination d'Émilie Genty au poste de Directrice marketing et communication pour ses deux marques en portefeuille : Columbus Café et Krispy Kreme Doughnuts France.
Émilie Genty apporte à Wagram Food Service une expérience marketing de plus de 15 ans, acquise auprès de grandes marques leader sur leur marché (digital, retail et rest-auration). À la tête d'une équipe de 10 personnes, Émilie Genty, qui succède à Célia Refalo, sera membre du comité de direction de Wagram Food (...)

Un rendez-vous d'experts très attendu pour les hôteliers souhaitant structurer et dynamiser leur stratégie de commercialisation.
Doyield annonce aujourd'hui le lancement d'un tout nouveau podcast construit autour d'un échange entre deux experts reconnus : Chedi Chaari, cofondateur de Doyield, et Tony Loeb, cofondateur du média 10 minutes pour un hôtelier qui totalise plus de 4 millions de vues annuelles et figure parmi les médias hôteliers les plus lus en Europe. Doyield a invité Tony Loeb pour faire (...)

Un nouveau chapitre s'ouvre au restaurant étoilé Galanga de l'Hôtel Monsieur George Après avoir accompagné l'ascension du Galanga jusqu'à sa première étoile Michelin, le chef Thomas Danigo passe le flambeau. C'est désormais Florian Gravelle qui prend les commandes des cuisines du Galanga par Monsieur George, porté par la vision de Nicolas Saltiel, fondateur de Chapitre Six, et sous la direction de Valentin Brietz, directeur de l'Hôtel Monsieur George.
Un parcours façonné par l'excellence Originaire de (...)

ATG Travel Worldwide B.V. (« ATG »), fournisseur mondial privé de solutions de gestion des voyages et des dépenses, a annoncé aujourd'hui la finalisation de l'acquisition des activités de voyages d'affaires de CWT en Allemagne. Cette opération stratégique renforce la présence d'ATG sur un marché clé en Europe et s'inscrit dans sa stratégie de croissance mondiale à long terme.
Accueillir nos nouveaux collègues et clients marque une nouvelle étape passionnante pour notre activité en Allemagne, a déclaré Torsten (...)

Booking.com dévoile aujourd'hui les tendances estivales pour les mois de juillet et août 2025, ainsi que les destinations les plus convoitées pour l'« été indien » en septembre. Entre destinations méditerranéennes, grandes métropoles européennes et littoraux français, les voyageurs ont exprimé un fort désir d'évasion, confirmant des hausses significatives par rapport à l'an dernier.
À retenir Marrakech arrive en tête des destinations internationales les plus recherchées par les Français sur l'ensemble de (...)

Alors que les vacances estivales touchent à leur fin, TheFork, l'appli N°1 en Europe qui donne le pouvoir d'aller au restaurant, dresse un bilan encourageant des réservations au restaurant en France cet été. Des données qui viennent légitimer la position de TheFork en qualité de partenaire de croissance des restaurateurs.
Quelques chiffres sur la période du 1er juillet au 22 août : +15% de réservations vs n-1 avec un pic de réservations constaté le 20 juillet 2025
Nous avons bien sûr entendu les (...)

Fort de plus de 20 ans d'expérience dans l'hôtellerie de luxe, Xander Labuschagne prend la direction de l'un des plus prestigieux safaris d'Afrique.
Jumeirah, leader mondial de l'hôtellerie de luxe et membre de Dubai Holding, annonce la nomination de Xander Labuschagne au poste de Directeur Général de l'Hospitalité pour Jumeirah Thanda Safari en Afrique du Sud.
Xander apporte plus de vingt ans d'expérience variée dans l'hôtellerie, les lodges safari de luxe, les résidences et les opérations en Afrique (...)

Wondering what Hollow Knight: Silksong will cost you? $20 bucks, that's not a joke!

Fans of the original Hollow Knight game have been eagerly waiting for the 2nd title ever since it was announced in 2019. A couple of weeks ago, Team Cherry finally revealed the launch date for Silksong, saying that the game will be released on the fourth of September 2025.

That didn't necessarily calm down the game's cult following, who were rejoicing the news about the much awaited sequel. One question that was raised among the community was how much the game would cost? This wasn't really a concern because it is an Indie game, and hence was expected to be affordable.

Many fans were expecting the game to be priced somewhere between $25 to $40. Team Cherry has surprised everyone by announcing a much lower price than expected. Silksong has been priced at $19.99 in the United States, €19.99 in Europe, and ¥2300 in Japan. It's unclear how much the game will cost in other regions, here is the listing on SteamDB, which will be updated in the coming days.

Hollow Knight sold 15 million copies worldwide. Of course, not all of them would have been sold at the full price, which was $15 BTW. Still, that is a lot of sales, very impressive for a small studio. There's no reason why Silksong can't achieve the same, or even break that record.

According to today's announcement, Hollow Knight: Silksong will release on September 4 at 7:00AM Pacific Time (PT) | 10:00 AM Eastern Time (ET) | 4:00 PM Central European Summer Time (CEST) | 11:00 PM Japan Standard Time (JST).

The Hollow Knight community has been celebrating the pricing announcement, and can you blame them? It's a rare win for gamers in these days, where game prices are reaching $80 or $90. Game console prices are being increased like crazy. Meanwhile, Team Cherry is not even doing preorders. It's refreshing to see something positive for a change.

Thank you for being a Ghacks reader. The post Hollow Knight: Silksong has been priced at $19.99 appeared first on gHacks Technology News.

Apple has taken down iTorrent, a torrent client for iOS. The open source app was distributed via the AltStore PAL in the EU.

It wasn't even hosted on the App Store? Why do this?

Initially, things were unclear when the app disappeared from the AltStore PAL in July. iTorrent developer, Daniil Vinogradov (aka XITRIX), confirmed that Apple had removed Alternative Distribution functionality from iTorrent's Developer Portal, and that no warning was given. The dev also expressed concern that Apple had not responded properly, beyond saying that "their escalation team is looking into it." AltStore PAL Co-founder Shane Gill also requested Apple to clarify the issue.

Many people believed it was the fact that the app was a torrent client, that led Apple to take the app down. That is a fair assumption, given that Apple has a rough history with torrent apps. It has been banning torrent clients since 2009. Torrent clients are not illegal, neither is the act of downloading stuff via torrents. Ever heard of Linux ISO torrents? LibreOffice? Public domain media? What steps the legal boundaries, is the act of downloading and distributing copyrighted content without permission. That's when the issue of piracy arises. A torrent client is in its basic form, like a download manager, a tool which is used by the person responsible for downloading the torrent, aka the user, not the app developer.

After two months of emails, Apple finally revealed what had happened. As it turns out, Apple didn't block iTorrent for its torrent capabilities. According to a statement provided by Apple to TorrentFreak, “Notarization for this app was removed in order to comply with government sanctions-related rules in various jurisdictions. We have communicated this to the developer.”

What does that mean? Well, Vinogradov has a Russia-based Apple account, which is against the sanctions, so the app's EU distribution permissions had been revoked. But here is the thing, the developer has been living in Malta for over 3 years, with an EU Residence permit. In a comment on GitHub, Vinogradov explained that the account wasn't updated with the new details, and the fault lies with them, not Apple. While Vinogradov acknowledged the ban is far, the developer was frustrated why Apple not notifying about the ban, and the long time it took to get a response from the company. The developer hopes to reintroduce the app in AltStore PAL soon.

I still feel Apple is overreaching with its power. Apple's compliance with the Digital Markets Act has been questionable.

Sadly, things like this might happen to Android apps too, as Google wants developers to sign their apps, and verify their identities.

Thank you for being a Ghacks reader. The post Apple takes down iTorrent app which was hosted on a third-party app market appeared first on gHacks Technology News.

Lefay Resorts & Residences présente son « Rapport sur le développement durable 2024 ». La onzième édition présente de manière claire et transparente les résultats du groupe en matière d'économie, d'environnement et de territoire, ainsi que ses objectifs d'amélioration. Les résultats officiels sont résumés dans les chiffres clés suivants : 2 établissements 4 310 000 € de chiffre d'affaires total (+7 % par rapport à 2023) 100 % des émissions de CO2 ont été compensées pour la dixième année consécutive 83 % (...)