Recent Security Features and Best Practices for Consumer Devices and Services
Several recent updates and advisories highlight new security features and best practices for consumer devices and services. elementaryOS 8.1 introduces Secure Session as the default, enhancing privacy by requiring explicit app permissions and improving support for modern hardware. Android 16 now offers an Advanced Protection mode, which consolidates Google's strongest security and privacy features, blocking sideloading, spam, unsafe links, and insecure networks, though it must be enabled manually. Additionally, enabling Private DNS mode on Android encrypts DNS queries, protecting users from eavesdropping on public networks. For iPhone users, a shortcut can be configured to trigger the device's camera and location sharing via text, providing a rapid recovery option if the phone is lost or stolen.
Passwordless authentication is gaining traction, with passkeys allowing users to sign in securely without traditional passwords, reducing phishing risks and simplifying cross-device access. The TSA has also reiterated warnings about the risks of public Wi-Fi and USB charging stations at airports, advising travelers to use VPNs and power-only cables to avoid data theft and malware. For organizations using Google Workspace, the Passwd password manager offers enterprise-grade encryption, zero-knowledge architecture, and compliance features, ensuring secure credential management within the Google ecosystem. These developments reflect a broader industry trend toward stronger, user-friendly security measures and increased awareness of digital hygiene for both individuals and organizations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
elementaryOS 8.1 beta makes Secure Session the default
The elementaryOS 8.1 beta became available with Secure Session enabled by default, requiring explicit app permissions for sensitive actions and adding protections during sudo password entry. The beta also includes broader usability and platform improvements, with more than 1,100 issues addressed.
TSA warns holiday travelers about airport USB charging and public Wi‑Fi risks
The TSA issued guidance warning travelers about the risks of using public USB charging ports and airport Wi‑Fi, citing potential juice jacking and data interception threats. It recommended mitigations such as power-only cables, portable chargers, USB data blockers, VPNs, and avoiding sensitive activity on public networks.
Google introduces Android 16 Advanced Protection on supported Pixel devices
Google's Android 16 adds a new Advanced Protection mode that bundles multiple security controls, including blocking app sideloading, enforcing malware scanning, and strengthening protections against unsafe links, insecure networks, scams, and theft. The feature is available on supported Google Pixel devices, with broader rollout expected later.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
I tested the new elementaryOS 8.1 beta, and it absolutely brings the magic
zdnet.com
Open sourcePasswd: A walkthrough of the Google Workspace Password Manager
thehackernews.com
Open sourceYour Android phone's most powerful security feature is off by default - turn it on ASAP
zdnet.com
Open sourceHow to turn on Private DNS Mode on Android - and why it's a must for security
zdnet.com
Open sourceIs your iPhone missing? This genius camera trick helps you find it - fast
zdnet.com
Open sourceWhat are passkeys really? The simple explanation - for anyone tired of passwords
zdnet.com
Open sourceTSA's plea: Don't make these airport Wi-Fi and public charging mistakes this holiday
zdnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Corporate Security Risks and the Shift Toward Passwordless Authentication
A new report from password manager 1Password highlights that weak or compromised passwords remain a significant security risk for organizations, with employee password practices worsening despite increased awareness. Survey data from over 5,000 workers across multiple countries reveals that a majority of employees, including IT professionals, continue to reuse passwords, rely on default credentials, or share passwords via insecure channels, exacerbating the threat landscape for businesses. The report underscores that even as companies move toward passwordless authentication, the transition is gradual and current credential management practices are not keeping pace with evolving threats. In response to these challenges, technology vendors are accelerating the adoption of passwordless solutions. Microsoft has released Edge version 142.0, introducing cross-platform passkey synchronization, allowing users to securely reuse passkeys across devices and browsers. This feature, which requires a dedicated PIN for access, aims to enhance both security and usability, reducing reliance on traditional passwords. The move reflects a broader industry trend toward passkeys and multi-factor authentication as default options, with major platforms like Google and Meta also embracing passwordless technologies to mitigate the risks associated with password-based authentication.
Jun 29, 2026
Risks and Security Practices for Personal and Smart Devices
The proliferation of smart devices, including wearables, tablets, and medical equipment, has significantly increased the potential attack surface for both individuals and organizations. As the adoption of these devices accelerates, users often overlook the security implications associated with their daily use. Many smart devices operate with outdated firmware, which can harbor known vulnerabilities that attackers actively exploit. Unlike operating system updates, firmware updates are frequently manual and neglected, making these devices attractive targets for cybercriminals. Default passwords and unsecured network connections further exacerbate the risk, as they provide easy entry points for unauthorized access. Compromised personal devices can serve as gateways for attackers to infiltrate sensitive corporate networks, especially in environments where remote work is prevalent. Even seemingly innocuous devices like fitness trackers or smartwatches can be leveraged to harvest data or hijack Bluetooth connections. The lack of user awareness regarding the security settings and update requirements of their devices contributes to the persistence of these threats. Security experts emphasize the importance of vigilance and proactive management of device security, including regular firmware updates and the use of strong, unique passwords. Organizations are encouraged to educate employees about the risks posed by personal devices and to implement policies that mitigate potential exposures. Cybersecurity Awareness Month serves as a timely reminder for both individuals and businesses to reassess their device security practices. By understanding the vulnerabilities inherent in smart devices and adopting recommended security measures, users can significantly reduce the likelihood of compromise. The integration of smart devices into daily life and work routines necessitates a heightened focus on cybersecurity hygiene. Security professionals recommend regular audits of device settings and network connections to identify and address weaknesses. The growing interconnectivity of personal and corporate systems underscores the need for comprehensive security strategies that encompass all endpoints. Ultimately, maintaining the security of smart devices is a shared responsibility that requires ongoing attention and education.
Jun 29, 2026
Advancements in Passwordless Authentication and Identity Security
Organizations are increasingly moving towards passwordless authentication methods, with technologies such as passkeys and device identity gaining traction as more secure alternatives to traditional passwords and multi-factor authentication (MFA). Passkey authenticators, often integrated into password managers or as standalone components, play a critical role in enabling seamless and secure login experiences by leveraging new standards and cryptographic techniques. Device identity further enhances security by binding credentials to hardware, making authentication resistant to phishing and social engineering attacks, while also improving user experience by reducing prompt fatigue and streamlining access to applications and networks. The identity security market is also witnessing strategic acquisitions, such as Ping Identity's purchase of Keyless, which aims to integrate privacy-preserving biometric authentication for frontline workers and address emerging threats like deepfakes. These moves reflect a broader industry trend towards comprehensive identity lifecycle management, resilience against AI-driven threats, and scalable support for both human and machine identities. As economic constraints limit large-scale mergers, the focus is shifting to targeted acquisitions that expand platform capabilities and reinforce the shift to passwordless, device-centric authentication models.
Jun 29, 2026