Lego introduced Smart Bricks as part of its new Smart Play system — tiny tech-filled 2×4 bricks that can react with lights, sound, motion, and other pieces to create interactive play experiences for kids. These bricks include sensors and a miniature speaker to generate effects in real time rather than using pre-recorded clips. 🔹 What they do Communicate with each other and with Smart Tags and Smart Minifigures to trigger lights and sounds based on how they’re arranged and moved. • Charge wirelessly on a dedicated pad and contain batteries designed to last for years. • Use a proprietary encrypted protocol for privacy and have no internet connection. 🔹 What they don’t do They don’t record sound or video — the microphone only detects sound levels. • They don’t rely on companion apps or screens. • They don’t use AI, despite the technology inside. 📌 Why it matters These bricks add physical interactivity without screens or internet access, easing privacy concerns while blending classic building with responsive technology. 🔗 References https://www.malwarebytes.com/blog/family-and-parenting/2026/01/legos-smart-bricks-explained-what-they-do-and-what-they-dont https://www.lego.com/en-us/aboutus/news/2026/december/lego-smart-play-announcement https://en.wikipedia.org/wiki/Lego_Smart_Brick

Countries and tech watchdogs worldwide are taking a hard look at Grok, the AI chatbot from xAI that can generate images, after it started producing non-consensual sexual deepfakes — including manipulated photos of real people and minors. 🛑 Why this matters Users exploited Grok’s image tools to create sexually suggestive and nude images of women and children without consent. • These kinds of deepfakes can violate laws and digital safety standards in many countries. 🌍 Global response so far • Indonesia and Malaysia blocked access to Grok over the issue. • Lawmakers in the UK, EU, France, India, and others are investigating whether the platform broke rules about harmful content. • In the US, several senators urged Apple and Google to remove Grok and the X app from their stores. 🔧 What xAI has done• Grok limited its image generation and editing tools to paid users only, but regulators say this isn’t enough. 📌 Bottom line Governments are using this incident to test how to regulate AI that can create harmful fake images. It shows how quickly generative tools can be misused and how urgent safety and policy responses are becoming. 🔗 References https://www.malwarebytes.com/blog/news/2026/01/regulators-around-the-world-are-scrutinizing-grok-over-sexual-deepfakes https://en.wikipedia.org/wiki/Grok_%28chatbot%29 https://apnews.com/article/c7cb320327f259c4da35908e1269c225 https://www.thesun.co.uk/news/37884164/ofcom-probes-elon-musks-x-sexualised-deepfake-images-children-women/

Recent security research revealed a major spyware campaign that compromised about 4.3 million users of Google Chrome and Microsoft Edge through a set of browser extensions that once appeared harmless. Malwarebytes+1 Starting around 2018, a group now known as ShadyPanda published browser add-ons offering simple functions — things like wallpaper themes, new-tab customizations, or basic productivity tools. Over several years these extensions gained large user bases, positive reviews, and “Featured” or “Verified” status within the Chrome and Edge extension stores. In mid-2024, those trusted add-ons quietly received updates that secretly transformed them into spyware and remote-code-execution tools. Those updates gave the extensions the power to run arbitrary JavaScript within the browser and monitor everything users did online — everything from browsing history, search terms, mouse clicks, and URLs visited. All of that data was sent back to servers believed to be operated by actors in China. One of the most widespread culprits was an extension called WeTab, with roughly three million installs on Edge. Even though some of the malicious extensions have since been removed from Chrome, copies remain available in the Edge store at the time of reporting. Security experts warn this incident illustrates a significant flaw: extension stores may vet a plugin when it’s first submitted — but rarely re-check updates. That lapse allowed these “sleeper” extensions to lie undetected for years before turning malicious. For everyday users, the risk is clear: even long-trusted browser extensions can turn dangerous. It’s wise to review installed extensions, remove those you don’t trust, and stay alert to sudden behavior changes in your browser. 🚩 Known Malicious Extensions - Clean Master: the best Chrome Cache Cleaner The Hacker News - Speedtest Pro-Free Online Internet Speed Test The Hacker News - BlockSite The Hacker News - Address bar search engine switcher The Hacker News - SafeSwift New Tab The Hacker News - Infinity V+ New Tab The Hacker News - OneTab Plus: Tab Manage & Productivity The Hacker News - WeTab 新标签页 (WeTab New Tab) The Hacker News - Infinity New Tab for Mobile / Infinity New Tab / Infinity New Tab (Pro) The Hacker News - Dream Afar New Tab The Hacker News - Download Manager Pro The Hacker News - Galaxy Theme Wallpaper HD 4k HomePage The Hacker News - Halo 4K Wallpaper HD HomePage The Hacker New

Account piggybacking happens when someone gains access to an employee’s account—not through hacking a password, but by quietly staying logged in after borrowing a device, sharing a workstation, or using someone else’s phone or browser. It also happens when employees forget to sign out of shared PCs, kiosks, or web portals. The “piggybacker” can read email, download files, impersonate staff, or change settings without needing credentials. Small businesses often overlook this because it feels like a convenience issue, not a security risk. In reality, it’s one of the easiest ways unauthorized people move through company systems unnoticed. What to Do ~ Enforce automatic sign-out timers on Microsoft 365, Google Workspace, and financial portals. Require MFA so even if someone tries to re-enter, they can’t proceed without the second factor. Disable browser “remember me” settings on company devices. Set policies that block employees from sharing accounts entirely. Add workstation lock policies so computers auto-lock after a few minutes of inactivity. On shared PCs, use separate user profiles with sign-out reminders. For field staff, enable remote-wipe and login-session controls on mobile devices. Review login logs weekly to catch unusual access patterns from unknown locations or unexpected times.

Wi-Fi shoulder surfing is when someone nearby—at a café, airport, hotel, or conference—monitors what a person does on their device by exploiting unsecured Wi-Fi or simply watching traffic on the same network. Attackers use cheap tools to capture unencrypted data, intercept logins, or mimic the same network name (“Evil Twin Wi-Fi”). Even when a person thinks they’re on the correct network, an attacker may control it, capturing everything that passes through. This threat is common because it targets normal work habits: checking email during travel, sending documents from a hotel room, or logging into cloud apps on guest networks. What to Do ~ Avoid logging into business systems on public Wi-Fi unless using a trusted VPN. Use a mobile hotspot when traveling; it’s far safer than hotel or café networks. Disable automatic Wi-Fi connections on all devices. Verify network names before connecting—attackers often use similar names like “CoffeeShop_Guest1.” Require MFA so stolen credentials can’t be reused. Encrypt devices so captured sessions are harder to exploit. For teams that travel frequently, provide a company VPN and enforce it through device policies. Review device settings monthly to ensure “Secure DNS” or “HTTPS-Only Mode” is enabled in all modern browsers.