You (hopefully) know by now that you can't take everything AI tells you at face value. Large language models (LLMs) sometimes provide incorrect information, and threat actors are now using paid search ads on Google to spread conversations with ChatGPT and Grok that appear to provide tech support instructions but actually direct macOS users to install an infostealing malware on their devices.
The campaign is a variation on the ClickFix attack, which often uses CAPTCHA prompts or fake error messages to trick targets into executing malicious commands. But in this case, the instructions are disguised as helpful troubleshooting guides on legitimate AI platforms.
How attackers are using ChatGPT
Kaspersky details a campaign specific to installing Atlas for macOS. If a user searches "chatgpt atlas" to find a guide, the first sponsored result is a link to chatgpt.com with the page title "ChatGPT™ Atlas for macOS – Download ChatGPT Atlas for Mac." If you click through, you'll land on the official ChatGPT site and find a series of instructions for (supposedly) installing Atlas.
However, the page is a copy of a conversation between an anonymous user and the AI—which can be shared publicly—that is actually a malware installation guide. The chat directs you to copy, paste, and execute a command in your Mac's Terminal and grant all permissions, which hands over access to the AMOS (Atomic macOS Stealer) infostealer.
A further investigation from Huntress showed similarly poisoned results via both ChatGPT and Grok using more general troubleshooting queries like "how to delete system data on Mac" and "clear disk space on macOS."
AMOS targets macOS, gaining root-level privileges and allowing attackers to execute commands, log keystrokes, and deliver additional payloads. BleepingComputer notes that the infostealer also targets cryptocurrency wallets, browser data (including cookies, saved passwords, and autofill data), macOS Keychain data, and files on the filesystem.
Don't trust every command AI generates
If you're troubleshooting a tech issue, carefully vet any instructions you find online. Threat actors often use sponsored search results as well as social media platforms to spread instructions that are actually ClickFix attacks. Never follow any guidance that you don't understand, and know that if it asks you to execute commands on your device using PowerShell or Terminal to "fix" a problem, there's a high likelihood that it's malicious—even if it comes from a search engine or LLM you've used and trusted in the past.
Of course, you can potentially turn the attack around by asking ChatGPT (in a new conversation) if the instructions are safe to follow. According to Kaspersky, the AI will tell you that they aren't.
Between the sheer number and the increasing sophistication of phishing campaigns, seeing should not automatically be believing when browsing online. One particularly sneaky scam is a browser-in-the-browser (BitB) attack, in which threat actors create a fake browser window that looks like a trusted single sign-on (SSO) login page within a real browser session.
Because we use SSO to access many of our online accounts, we may not think twice before entering usernames and passwords on these spoofed pages. Cybercriminals are counting on this to steal user credentials.
How a browser-in-the-browser attack works
Rather than redirecting users to a spoofed website, threat actors running a BitB attack create a fake pop-up within the page you're already on (which may either be set up for the attack or compromised in some way). Using HTML, CSS, and JavaScript, they're able to design a login window that looks exactly like the real one, right down to the lock icon and URL in the pop-up's address bar.
These fake login windows typically appear in a seamless fashion, such as after a click or redirect you're expecting to lead to SSO. Obviously, entering your credentials hands them directly to the attackers, who can either use or sell them.
Fraudulent pop-ups often imitates SSO such as Google, Apple, and Microsoft, though they may exploit any login portal. Earlier this year, researchers at Silent Push identified a BitB phishing campaign targeting Steam users, specifically those playing Counter-Strike 2. Gamers saw a fake browser pop-up window displaying the URL of the real Steam portal, making them more likely to enter their credentials without suspicion. The attackers also featured the likenesses of eSports team NAVI to lend credibility.
Signs of a BitB scam
Because threat actors are able to so closely imitate trusted sign-on pages, including using the real domain in the address bar, a visual inspection may not be enough to catch the fraud. Instead, you need to interact with the window in some way.
In many cases, a genuine SSO pop-up can be dragged around and away from the browser page it appears on top of, so you can first try to move it elsewhere on your screen. However, some SSO dialogs are static, so if you can't drag it, try to highlight the URL or click the padlock icon to show certificate details. If these elements are fake, you won't be able to interact with them at all because the window itself is just an image.
This is also an excellent reason to use a secure password manager to fill your credentials instead of entering them manually. A password manager will work only on the legitimate domain. If it doesn't autofill, don't automatically override it—check to ensure the pop-up is real.
You should also have a strong form of multi-factor authentication (MFA) enabled wherever possible, so even if your username and password are somehow compromised, attackers won't have the additional factor needed to actually access your account. Note that hackers can still phish some forms of authentication—physical keys along with biometrics and passkeys are the most secure options.
Android users are getting more tools to combat the seemingly endless stream of scam texts from bad actors looking to steal your data and your money. Circle to Search and Google Lens can now assess messages for scam red flags, and if possible fraud is detected, you'll get recommendations for what to do (or not do) next. Even if you think you know the telltale signs of a scam—a sense of urgency, a demand for money or personal information, a link to log in or pay—using these tools can confirm your suspicions, especially when you feel pressured to act.
Use Circle to Search to identify scams
To activate Circle to Search, long press the home button or navigation bar on your device and circle the text you want to scan. Alternatively, you can take a screenshot, open Lens in the Google app (also available on iOS), and tap the screenshot. The feature works for text messages as well as communication on messaging apps and social media sites. Google says the capability is available "when our systems have high confidence in the quality of the response."
This is just the latest in the Google's suite of security features meant to protect against fraud. Pixel users have real-time, AI-powered scam detection, which identifies and alerts you to suspicious conversational patterns in Google Messages and Phone by Google. In-call protections for Android prevent you from taking certain actions, such as sideloading new apps and changing accessibility permission, on your device while on the phone with anyone not saved in your contacts.
Earlier this month, Google also expanded its in-call scam detection feature, meant to combat bank impersonation schemes, to U.S. users. If you are on a call with a number that's not in your contacts and try to open a participating financial app, you'll get a notification reminding you not to share information and a one-click option to stop screen-sharing and end the call.
If you find yourself in an emergency or crisis situation, the more information you can give first responders, the better. Android users can now share a live stream of their surroundings with 911, allowing emergency services to assess and provide guidance in real time while you wait for help to arrive onsite.
Emergency services on Android
Your Android already shares some information with first responders via Emergency Location Services (unless you disable this feature). This built-in tool sends an accurate location as well as contextual information, such as language settings, when you call or text an emergency number. Now, that includes live video from your device's camera.
You don't need to do anything to set up Emergency Live Video. Once available in your area, responders can send a request during an emergency call or text to securely share your camera's live video. You'll see a prompt on your screen to start sharing with one tap.
According to Google, Emergency Live Video is encrypted by default. Users can choose whether to share their video from the prompt as well as stop the share at any time by clicking the onscreen Stop sharing button.
Live video sharing is rolling out now to U.S. users, as well as those in parts of Germany and Mexico, on Android phones running Android 8 and up. Google says they are partnering with public safety organizations to expand the feature to more users.
Other Android safety features
Emergency Live Video is the latest in Google's suite of safety features designed to make help more accessible—more quickly—in an emergency. Pixel users in Australia, North America, and several dozen countries across Europe now have access to Satellite SOS, which allows you to call emergency services even without a cellular or wifi connection. Car Crash Detection contacts emergency services and shares your location in the event of severe crash, while Fall Detection and Loss of Pulse Detection will call for help based on Pixel Watch sensor data.
Netflix's January lineup is on the lighter side, but includes the return of period romance series Bridgerton (Jan. 29). Season four centers on Benedict, the second-eldest sibling, and Sophie, who he meets at Lady Bridgerton’s masquerade ball. The first four episodes drop in January, with the remaining four coming at the end of February.
Another original series worth watching is Agatha Christie's Seven Dials (Jan. 15), an adaptation of crime author's novel The Seven Dials Mystery. Mia McKenna-Bruce plays sleuth Lady Eileen “Bundle” Brent, who is attempting to solve a murder mystery at a country house party in 1920s England. Martin Freeman and Helena Bonham Carter also star.
On the film side, rom-com People We Meet on Vacation (Jan. 9) is an adaptation of Emily Henry's novel of the same name and stars Tom Blyth and Emily Bader. The Rip (Jan. 16) is an action thriller starring Ben Affleck and Matt Damon as Miami cops who discover millions of dollars in cash at a stash house.
Netflix is also releasing true crime documentary Kidnapped: Elizabeth Smart (Jan. 21) about the 2002 abduction of the 14-year-old from her home in Salt Lake City, and her return several years later.
In addition to hosting WWE's Monday Night Raw every week, Netflix is also streaming Skyscraper Live (Jan. 23), in which free solo climber Alex Honnold will attempt one of the world's tallest skyscrapers in Taipei, Taiwan.
Here's everything else coming to Netflix in January, and everything that's leaving.
Microsoft's Patch Tuesday update for December is here, and Windows users should ensure their machines are updated as soon as possible to fix three zero-day vulnerabilities. These are security flaws that are actively exploited or publicly disclosed before the developer releases an official patch.
As reported by Bleeping Computer, this month's update addresses 56 bugs in total: 28 elevation-of-privilege vulnerabilities, 19 remote-code-execution vulnerabilities, four information-disclosure vulnerabilities, three denial-of-service vulnerabilities, and two spoofing vulnerabilities. Three of the remote code execution flaws are labeled "critical." Note that these figures do not include updates released for Microsoft Edge and Mariner.
Patch Tuesday is typically released on the second Tuesday of every month around 10am PT, so you can anticipate security updates at that time.
Three zero-days fixed
One of the zero-days patched in December has been actively exploited in the wild, though Microsoft has not shared any details as to how. CVE-2025-62221 is an elevation-of-privilege vulnerability in the Windows Cloud Files Mini Filter Driver, and when exploited, give attackers SYSTEM privileges. The mini filter allows cloud applications, such as OneDrive, access to file system functions.
The other two bugs fixed have been publicly disclosed:
CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability: This flaw, which can be exploited through a Cross Prompt Injection in untrusted files or MCP servers, allows attackers to execute commands locally. According to Krebs on Security, this could trick the LLM into adding malicious instructions in the user's auto-approve settings.
CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability: This bug could cause scripts embedded in a webpage to be executed when retrieved using Invoke-WebRequest.
CVE-2025-62221 has been attributed to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC). CVE-2025-64671 was disclosed by Ari Marzuk, while CVE-2025-54100 has been credited to multiple security researchers.
If you don't yet have a REAL ID, you can continue to fly, but it's going to cost you. Beginning Feb. 1, 2026, the Transportation Security Administration (TSA) will start collecting a $45 fee from travelers using non-compliant forms of identification at airport security checkpoints.
The agency previously proposed a fee of $18 to cover the administrative and IT costs of ID verification for those traveling without a REAL ID or passport but increased the total to $45 in an announcement released earlier this month.
REAL ID requirements
The 2005 REAL ID Act mandated the standardization of state-issued driver's licenses and identification cards. After multiple delays since 2008, the Department of Homeland Security earlier this year finally began requiring anyone age 18 and over to have a REAL ID-compliant license to clear airport security or enter certain federal buildings.
Travelers can also comply with the regulations using a U.S. passport, U.S. passport card, DHS Trusted Traveler card, or state-issued Enhanced Driver's License (from Michigan, Minnesota, New York, Vermont, of Washington). Enhanced Tribal Cards, permanent resident and border crossing cards, Department of Defense IDs, and foreign passports are also accepted.
You can still travel without a REAL ID
The vast majority of Americans—94 percent—already have a REAL ID or another accepted form of identification. Those who don't will have to complete an online verification process and pay the $45 fee before they are able to clear airport security. Travelers are being encouraged to do this in advance: If you arrive without approval, you'll be sent out of line to complete the process (which can take up to 30 minutes) before being allowed through.
The $45 fee covers security checkpoint access for up to 10 days, after which you'll have to repeat the process and payment. Travelers whose REAL ID or passport has been lost or stolen also have to pay.
Malicious extensions do occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. They are particularly difficult to catch when they are benign to begin with, only morphing into malware after gaining user trust.
That's what happened with a number of extensions on Google Chrome and Microsoft Edge: researchers at Koi Security identified add-ons across both browsers that operated legitimately for several years before receiving malicious updates that allow hackers to surveil users and collect and exfiltrate sensitive data. The scheme, known as ShadyPanda, reached four million downloads and is still active on Edge.
Threat actors ran a similar campaign targeting Firefox earlier this year: They gained approval for benign extensions mimicking popular crypto wallets, accumulated downloads and positive reviews, and then injected the add-ons with malicious code capable of logging form field inputs, which they used to access and steal crypto assets.
Browser extensions can turn bad
As Koi Security outlines, ShadyPanda started out as an affiliate scam, with 145 extensions masquerading as wallpaper and productivity apps across the two browsers. The initial phase injected affiliate tracking codes and paid commissions with clicks to eBay, Amazon, and Booking.com and then evolved to hijack and manipulate search results before launching the five extensions in 2018 that would later be converted to malware.
Those add-ons were marked as Featured and Verified in Chrome—one, a cache cleaner known as Clean Master, accrued a 4.8 rating from thousands of reviews. The extensions were updated in 2024 to run malware that could check hourly for new instructions and maintain full browser access, feeding information to ShadyPanda's servers. (These have since been removed from Chrome.)
Hackers launched an additional five extensions, including WeTab, to Edge in 2023. Two are comprehensive spyware, and all were still active as of Koi's report.
How to find malicious extensions in Chrome and Edge
Unfortunately, malicious extensions are usually pretending to be something else, so a quick visual check of your installed extensions may not reveal a problem. In this case, Koi Security has a list of the extension IDs associated with the ShadyPanda campaign, and you'll have to search for them one by one.
In Chrome, type chrome://extensions/ into your address bar and hit Enter. Toggle on Developer mode in the top-right corner to reveal the IDs for installed extensions. From here, you can copy and paste each ID into the search bar (Ctrl+F on your PC or Cmd+F on your Mac). If there are no results, your browser is safe. If you do find a malicious add-on, click the Remove button. In Edge, follow the same process from edge://extensions/.
While this campaign shows that extensions can be weaponized long after they've been installed, you should still follow best practices for vetting browser add-ons just as you would apps for your device. Check the name carefully, as fraudulent extensions often have names that are nearly identical to trustworthy ones. Review the description for any red flags, such as misspellings and unrelated images. If you see a lot of positive reviews in a short amount of time on a new extension, or if they seem to be reviewing something else entirely, proceed with caution. You can also do additional research, such as a search on Google or Reddit, to see if the extension is legit.
You may have a keen eye for spotting scams, but fraudsters are finding new ways to weaponize trusted systems to avoid detection. For example, threat actors are generating real Apple support tickets to phish two-factor authentication (2FA) codes and gain access to iCloud accounts.
The scheme, detailed on Medium by a security researcher and software product manager Eric Moret, shows how social engineering tactics can sow just enough fear and confusion to trick even those who know the red flags. (The money transfer scam that conned a financial advice columnist out of $50,000 is another example.)
How scammers are exploiting Apple's support system
The Apple support scam started with a text message from Apple containing a 2FA code, followed by verification notifications across devices, indicating that someone was trying to log into Moret's account. He then received an automated call from Apple with another 2FA code. The text was delivered from a five-digit short code, and the call from a toll-free number, both of which are used by legitimate businesses and not necessarily red flags of a scam.
The next call, however, came from an Atlanta-based 404 phone number. The caller claimed to be from Apple Support, stated that Moret's account was under attack, and assured him that they were opening up a support ticket. During a follow-up call lasting 25 minutes, Moret received a real Apple Support case confirmation via email (it turns out anyone can create an Apple support ticket in someone else's name) and was directed to reset his iCloud password.
He was then sent a link via text—from the 404 number this time—to close the ticket. After clicking through, Moret was directed to a phishing website that spoofed a real Apple page (the URL was appeal-apple[dot]com), where he was prompted to enter a 6-digit 2FA code he'd just received via text. An email to his inbox then alerted him that an unknown Mac mini had been used to sign into his iCloud account, which the rep on the phone told him was "expected as part of the security process" and "standard procedure."
Moret then immediately reset his iCloud password again to kick the unauthorized device off.
It may be easy in hindsight to see the signs: the unsolicited call about an urgent security issue, the 404 number, the phishing link that isn't a real Apple subdomain, the request for an authentication code. But the Apple support ticket—with a real case number and official emails from apple.com domains—lent just enough credibility, and the multiple 2FA notifications just enough urgency, to work.
That's the problem with social engineering. It manipulates emotions and instincts that are stronger than logic and reason, leading to actions that are not in our interest.
How to stay safe
As always, you should be wary of anyone who calls, texts, or emails you about a security or account issue, even if you have received real security alerts or they have a legitimate case number. Don't click links, enter credentials, or provide codes when prompted by these unsolicited callers. Don't accept reassurance from anyone on the phone, no matter how calm and confident they sound.
If you are concerned, you should reach out directly using trusted contact information or open support tickets yourself. Always check URLs and subdomains carefully, as hackers can play tricks to make them look legit.
Also, know that simply having 2FA enabled isn't enough to keep your accounts secure. Some forms are (obviously) easily phished, so if possible, you should use a multi-factor authentication method like a hardware key or WebAuthn credentials (biometrics and passkeys) rather than codes.
Bank impersonation is a popular scam tactic, and one I've writtenabouta lot. Fraudsters prey on people's fear, confusion, and desire to protect their money, which may lead targets to hand over login credentials, make irreversible wire transfers, or provide other sensitive information without stopping to question their actions.
Android users in the U.S. will soon have extra protection against scams targeting their financial apps, preventing threat actors impersonating bank representatives from accessing data on their devices. Google's in-call scam protection is designed to prevent users from sharing their screens with threat actors and help them avoid revealing their banking information.
How Android in-call protection works
Android's scam protection kicks in if you are on a phone call with a number not saved in your contacts and attempt to open a participating financial app. You'll get a pop-up warning that the call is likely a scam with a reminder not to make payments or share personal information and a button to end the call (and stop screen sharing). There's also a 30-second delay on further action on your device, which Google says is designed to disrupt any sense of urgency.
Note that financial institutions must opt into in this feature—at this time, Google has specifically named Cash App and JPMorganChase as partners, though it indicates expansion to other popular fintechs and banks.
Google initially rolled out in-call protections for banking apps to UK users earlier this year as part of a larger package of security features announced ahead of Google I/O. That launch also included real-time scam detection alerts for calls and texts, improved theft protection via remote lock and identity check, key verifier for Google Messages, and device-level Advanced Protection (in addition to account-level settings).
Alongside the US pilot, in-call scam protections will now cover most major banks in the UK as well as financial apps in Brazil and India.
The update screen is a normal occurrence on Windows machines, so of course hackers are now manipulating it to sneak malware onto devices. The scheme, a recent iteration of a ClickFix attack, is designed to trick you into executing a dangerous command under the guise of completing a "critical security update." But what you're actually doing is installing an infostealer that hands data over to bad actors.
When a Windows update pop-up is actually a ClickFix attack
ClickFix is a social engineering ploy that uses tactics like fake error messages, CAPTCHA forms, and command prompts to deliver malware to your device. As PCMag reports, the Windows update scam is a pop-up that looks like a standard Windows blue screen but is actually a full screen browser page being displayed from a malicious domain.
The ClickFix element is a set of keystrokes—not part of the real update interface—that have the user paste and execute a malicious command, ultimately delivering malware to their device. These instructions have an air of urgency, which is a common element of a scam.
Researchers at cybersecurity firm Huntress have detailed the exact mechanism behind this attack, including an iteration in which users are prompted to verify they are human (rather than complete a security update). As Bleeping Computer outlines, the malicious code is embedded into the pixel data of PNG images, and the final payload is one of two known infostealers.
According to the Huntress analysis, following a recent law enforcement operation, fake Windows update pages continue to exist across multiple domains, but those domains no longer seem to host the malware payload. That doesn't mean, however, that this attack, or some version of it, won't pop up elsewhere.
How to stay safe from this ClickFix attack
If you run Windows on your device, you've probably seen a blue or black update or error screen many times, and you may not be suspicious if your computer randomly begins an update or prompts you to take an extra step to confirm it. But while a legitimate update screen will have a progress indicator and instructions not to turn off your computer, you should never need to input manual commands. This is a red flag of a ClickFix attack and not something a trusted service will require.
Of course, it's important to keep your computer up to date. Microsoft releases security updates on the second Tuesday of the month, known as Patch Tuesday, and you can enable automatic updates on your machine to ensure you get fixes as soon as they're available.
If you want to take additional steps to prevent ClickFix attacks on Windows, you can disable the Windows Run box to prevent unauthorized access to commands.
The FBI's Internet Crime Complaint Center (IC3) is warning consumers about a type of fraud in which threat actors pretend to be from trusted financial institutions in order to obtain login credentials and gain access to financial and personal data.
The consequences are high: With stolen credentials, scammers can gain full control of your accounts and your money. According to the FBI advisory, criminals will quickly wire funds from your bank to cryptocurrency wallets, making the money nearly impossible to trace and recover, and lock you out of your account in the process.
Here's how account takeover scams work—and how to avoid becoming a victim.
Account takeover scams may impersonate your bank
Most account takeover scams use social engineering: a series of tactics designed to manipulate you into giving up personal information, downloading malware, or paying money to bad actors. Scammers impersonate financial institution employees as well as customer support and technical support staff and reach out to targets via text, call, or email to say that their account has been compromised in some way.
They may tell you that there have been fraudulent charges on your account and send you a link to report the fraud—but this is actually a phishing site designed to harvest your login credentials. They may ask directly for your username, password, or multi-factor authentication (MFA) code over the phone. In some cases, they may even claim that your information was used to buy firearms and pass you off to a second scammer impersonating law enforcement. They're counting on you to feel fear and confusion and act quickly to "resolve" the issue by handing over your information.
The FBI has also identified a version of account takeover using search engine optimization (SEO) poisoning, in which scammers buy ads that appear to be for legitimate businesses but actually allow them to place malicious links to spoofed bank websites higher in search results.
How to avoid falling for account takeover scams
While being targeted for an account takeover may be unavoidable, there are a few red flags that can help you identify the fraud before it goes south.
First, you should always be wary of calls, texts, emails, and other communication (such as social media messages) from someone claiming to be from your bank or creditor, especially if they ask for personal information like your username, password, or time-based one-time password (TOTP). Reputable institutions will not contact you to request your credentials or other sensitive data—so these are almost certainly phishing attempts.
You should also be wary of trusting websites that look like they belong to your financial institution, especially if you click to them from a browser search. Cybercriminals can easily build convincing (but spoofed) websites and place the malicious links at the top of search results. Bookmark the trusted link rather than going through a search engine, or use the verified app on your mobile device. Always avoid clicking directly from unsolicited communication, and check URLs and email addresses carefully, as scammers can also use homographs to hide malicious links.
Finally, protect your personal information. Use complex, unique passwords stored securely (such as in a password manager), enable a stronger form of MFA (and never give away codes), and limit what you share online. Scammers may use what you've posted—like your date of birth, pet's name, or information about family members—to get past your security questions, guess your password, or make an impersonation attempt sound more convincing.
The IC3 also recommends monitoring your financial accounts for irregularities, such as unauthorized withdrawals or transfers, which may be a sign of an account takeover. Consider setting up transaction alerts with your financial institutions to be notified immediately of any suspicious activity.
In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been exploited in the wild.
The December patch covers 107 bugs across Android Kernel, System, and Framework as well as Qualcomm, MediaTek, Arm, Unisoc, and Imagination Technologies components. The high-severity vulnerabilities include denial of service, elevation of privilege, and information disclosure flaws. There are also a handful of bugs labeled as "critical."
Two active exploits
Two of the vulnerabilities addressed in the December update are zero-days, which are flaws that have been actively exploited or publicly disclosed before the developer makes a patch available. Google notes that both may be under "limited, targeted exploitation."
CVE-2025-48633 is an information disclosure vulnerability, while CVE-2025-48572 is an elevation of privilege flaw. Both affect the Android Framework in versions 13 through 16.
Google hasn't disclosed any additional information about the flaws and how they may have been exploited (or by whom). However, as Bleeping Computer reports, similar bugs have been targeted in the past by commercial spyware operations and nation-state campaigns.
Ensure your Android device is up to date
You should always implement security patches as soon as they're available, so if you see a notification to update, go ahead and follow the prompts to download and install it. You can also check for updates via a path like Settings > Security & privacy > System & updates > Security update. Note that this may be slightly different depending on your device, and you can always search "update" to locate it.
This month's patches apply to Android Open Source Project (AOSP) versions 13, 14, 15, and 16 and are dated 2025-12-01 and 2025-12-05—the latter fixes all known issues.
Pixel users (and the core AOSP code) receive patches from Google, and those on other Android devices from Huawei, LGE, Samsung, Motorola, and Nokia should see updates from their respective manufacturers around the same time.
Sales are accurate at the time of publication, but prices and inventory are always subject to change.
Beats' latest on-ear headphones are on deep discount for Cyber Monday: The Beats Solo 4 are just $79 at Walmart right now, specifically the drenched grey colorway. This is the lowest price ever, according to price-tracking tools. The other colors, including black, pink, and blue, are listed for $129 at Walmart and $129.95 on Amazon, which is also a decent deal at 35% off.
The Beats Solo 4 offer well-balanced sound and are particularly high-value for those in the Apple ecosystem. This is because Apple-owned Beats by Dre integrated features like hands-free Siri and personalized spatial audio into this iteration of the Beats Solo. The headphones also have one-touch pairing with most Apple devices, automatic pairing via iCloud, audio sharing, and simultaneous connection with your iPhone and Apple Watch.
PCMag gives the Beats Solo 4 a "good" review. The headphones don't have Active Noise Cancellation, an adjustable EQ option, or an Android-friendly codec.
Nowadays, both large retailers and small businesses compete for Black Friday and Cyber Monday shoppers, so you can expect practically every store to run sales through Monday, December 1, 2025. The “best” sales depend on your needs, but in general, the biggest discounts tend to come from larger retailers who can afford lower prices: think places like Amazon, Walmart, Target, Best Buy, and Home Depot. You can find all the best sales from major retailers on our live blog.
Are Cyber Monday deals worth it?
In short, yes, Cyber Monday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything.
Are Cyber Monday deals better than Black Friday?
Black Friday used to be bigger for major retailers and more expensive tech and appliances, while Cyber Monday was for cheaper tech and gave smaller businesses a chance to compete online. Nowadays, though, distinction is almost meaningless. Every major retailer will offer sales on both days, and the smart move is to know what you want, use price trackers or refer to guides like our live blog that use price trackers for you, and don’t stress over finding the perfect timing.
Our Best Editor-Vetted Cyber Monday Deals Right Now
Black Friday sales officially start Friday, November 28, and run through Cyber Monday, December 1, and Lifehacker is sharing the best sales based on product reviews, comparisons, and price-tracking tools before it's over.
Follow our live blog to stay up-to-date on the best sales we find.
Browse our editors’ picks for a curated list of our favorite sales on laptops, fitness tech, appliances, and more.
Sales are accurate at the time of publication, but prices and inventory are always subject to change.
Holiday shopping season is ripe for scammers, as consumers rush to find and take advantage of some of the best discounts of the year, and potentially overlook red flags that signal fraud. Security researchers are warning of an uptick in scams capitalizing on the Black Friday and Cyber Monday hype. Fraudsters know that they can prey on shoppers' sense of urgency and excitement for limited-time, exclusive deals—and AI is making these campaigns even more difficult to spot than usual.
New data from McAfee suggest that nearly half of Americans have come across an AI-powered scam while shopping, from deepfakes impersonating celebrities pushing promotions to near-flawless spoofed websites that steal your credit card information.
Black Friday and Cyber Monday shopping scams
Spoofed websites are a common type of a scam, and fraudsters use holiday shopping season to trap users with fake retail sites and sales pages that look legitimate but are actually just collecting data like your login credentials and payment information. Scammers will use stolen assets like logos and product photos from known and trusted brands, and AI makes it easy to set up a convincing (but fake) small business website with elements like a customer service page and consumer reviews in no time.
Another shopping scam facilitated by AI is the impersonation scam. You think you're watching a popular influencer or celebrity promoting an exclusive deal or product giveaway on TikTok or another social media platform, but it's actually a deepfake. If you click through to enter or buy, you'll land on a counterfeit page (as outlined above) designed to steal from you.
According to Google's November fraud and scam advisory, scammers can get eyes on their content by hijacking search terms for Black Friday sales, running deceptive ads, or pushing deals on social media. Fake storefronts may appear as sponsored links, which are easy to overlook if you're in a rush to make a purchase.
Of course, you may encounter other common holiday scams, such as fake shipping notifications that request payment in order to resolve a delivery issue as well as account verification scams that prompt you to confirm personal details. These phishing and smishing campaigns use standard scam tactics like impersonating a legitimate company or service and sending a fraudulent link that collects your bank information or username and password combination.
Black Friday and Cyber Monday scam red flags
When shopping holiday deals, slow down enough to look for common signs of scams. Fraudsters will use urgency—such as a limited time to secure a deal or a limited number of items left in stock—in hopes you won't think before you buy. You should also be wary of any deal that is too good to be true, or a promotion with especially low prices that are out of line with other sales on similar items. This includes influencers pushing "exclusive" opportunities. If you are purchasing from a small business you don't know, google the brand and read third-party reviews to see whether it is legitimate.
Instead of clicking links from emails, texts, and social media posts promoting sales, go directly to the retailer's website and search for the deal. If you do click through, check the URL carefully to ensure it is legitimate (scammers may use homoglyphs that avoid detection at first glance) and look for website elements that real companies have, such as a privacy policy and address. If you see a promotion on social media, check the creator's account to see when they joined the platform, what they've posted in the past, and whether they are verified.
Beware of any site that requires you to pay with a gift card, cryptocurrency, or bank transfer versus a credit card, which has some protection in the case of fraud. Legitimate retailers will use legitimate payment methods.
Finally, never enter your login credentials unless you've confirmed that the site you're using is trustworthy. This includes delivery services and your Amazon and PayPal accounts, all of which scammers may pressure you to "verify" in order to resolve a billing or delivery issue.
Are Cyber Monday deals worth it?
In short, yes, Cyber Monday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything.
What stores have the best sales on Cyber Monday?
Nowadays, both large retailers and small businesses compete for Black Friday shoppers, so you can expect practically every store to run sales through Monday, December 1, 2025. The “best” sales depend on your needs, but in general, the biggest discounts tend to come from larger retailers that can afford lower prices: think places like Amazon, Walmart, Target, Best Buy, and Home Depot. You can find all the best sales from major retailers on our live blog.
Are Cyber Monday deals better than Black Friday?
Black Friday used to be bigger for major retailers and more expensive tech and appliances, while Cyber Monday was for cheaper tech and gave smaller businesses a chance to compete online. Nowadays, though, the distinction is almost meaningless. Every major retailer will offer sales on both days, and the smart move is to know what you want, use price trackers or refer to guides like our live blog that use price trackers for you, and don’t stress over finding the perfect timing.
Our Best Editor-Vetted Cyber Monday Deals Right Now
Login
