Add source Login
Update now! Bluetooth flaw lets attackers silently hijack accessories

Update now! Bluetooth flaw lets attackers silently hijack accessories

Security experts at the Computer Security and Industrial Cryptography research group (COSIC) are warning of a serious Bluetooth security vulnerability that could affect millions of headphones, speakers, and other wireless accessories worldwide. If you have any Bluetooth devices, you should check ASAP whether firmware updates are available—and if they are, install them as soon as you can. The vulnerability exists in Google’s Fast Pair Service (GFPS), which is designed to enable quicker discovery and pairing of Bluetooth accessories. The vulnerability was discovered back in August 2025, but a working exploit called WhisperPair has now been publicly documented. Attackers can exploit GFPS to take control of Bluetooth devices in their vicinity without being noticed, even when said devices aren’t in pairing mode. In practice, this means that strangers can connect to headphones or headsets, then eavesdrop on conversations via integrated microphones or play audio content on the devices. Furthermore, it may also be possible to locate affected devices, provided they support certain additional functions. How dangerous is WhisperPair? The security experts showed the serious consequences of an unsecured Bluetooth device in a demonstration video : Note that this security vulnerability affects Bluetooth accessories with faulty or outdated Fast Pair implementations. It does not affect Android or iOS smartphones themselves. Everyone—whether on Android or iOS—is vulnerable equally, regardless of whether Fast Pair is actively used on their own mobile phones or not. What’s particularly critical is that the vulnerable function is enabled by default on many devices. According to the security researchers involved, it’s also sufficient to be within Bluetooth range. In many cases, prior pairing or confirmation by the owner is not required. Special tracking risk for iPhone users One aspect that’s particularly explosive—and mainly affects users of iPhones with Macs or Windows PCs—is that if a vulnerable Bluetooth headset has never been paired with an Android device, an attacker can register as the “owner” as part of a WhisperPair attack. In this case, the accessory can be tracked via Google’s Find Hub network, similar to how AirTags work. Tracking is then no longer limited to immediate radio range but made possible worldwide, as other Android devices can forward the position data unnoticed. Android users who have already paired their headphones via Fast Pair are generally not affected by this specific tracking scenario. A firmware update is mandatory The security researchers emphasize that changes to smartphone settings are not enough to fix the problem. Only a firmware update directly on the Bluetooth device itself reliably closes the vulnerability. Google and affected manufacturers were already informed of this issue back in the summer of 2025. According to the researchers, updated firmware versions are now available for many Bluetooth models (usually installed via the respective manufacturer’s app). A factory reset is also recommended to remove any unauthorized pairings. If no update is available for a device, experts advise pairing the accessory with an Android smartphone at least once. This establishes a legitimate owner and prevents subsequent third-party tracking. Bluetooth remains a recurring security risk The WhisperPair case is one of a series of Bluetooth security issues that came to light in 2025. Google rewarded the discovery of WhisperPair with a bug bounty of $10,000. Compared to other Bluetooth vulnerabilities, the problem was addressed relatively early—provided that users install the available updates Regardless of the current vulnerability, security experts have long advised only enabling Bluetooth on smartphones when it’s actually needed. Every active wireless connection increases the attack surface. The current case also shows how important regular updates are.

Costco reportedly pulls RAM and GPUs from display PCs due to theft

Costco reportedly pulls RAM and GPUs from display PCs due to theft

You’d think that a big-box store with membership requirements to even enter the building would have fewer problems with shoplifting than, say, Walmart or Target. But according to one Reddit post, at least one Costco store has had to remove the RAM from its display PCs, presumably to prevent shoplifters from exercising their sticky fingers. Reddit user “accent2012” noted the conspicuous absence of RAM from a row of desktops, otherwise powered up to show off their various RGB light shows. Another in the same post claimed that an employee reported on a RAM shoplifter who had been caught on camera. With a 2x16GB kit of RAM currently going for $350 or so on Amazon, it’s easy to see why someone might swipe it when the coast is clear. One of the PCs was also missing a GPU. As other Reddit commenters point out, it might be that Costco is removing the easily-swiped parts that need no tools to access, or it might be that someone already stole the RAM and Costco simply didn’t bother to replace it. The photo appears to show desktops connected to no monitors or input devices, so the retail display is still mostly functional for its intended purpose. According to Tom’s Hardware , many retail stores—including some Costco stores—are placing RAM behind the counter, as is still sometimes the case with graphics cards. (Most of these components are already in locked cases, even if they’re nominally on the shelves.) The AI-driven RAM crunch is causing prices for memory and other components to skyrocket. DDR5 modules sold to consumers—for the purpose of PC building, repair, or upgrades—has tripled and sometimes even quadrupled in price since mid-2025. Prices are rising so fast that some retailers have been seen taking price tags off the modules, in a “market price” setup more akin to seafood sales than electronics parts. Most finished electronics prices are expected to rise in response, though not as dramatically, and relief seems unlikely anytime in 2026 . Incidentally, if you’re looking for a high-powered gaming desktop, a pre-built sold at a big-box retailer might not be a bad choice right now. Due to economies of scale and B2B distribution, those pre-built desktops are now considerably cheaper than a PC you can build yourself, inverting decades of status quo. Take this Skytech gaming desktop on Amazon : with its RTX 5070 Ti graphics card and 32GB of RAM, it’s $500 cheaper than the same set of parts in the cheapest combination I could put together on PCPartPicker. I wouldn’t call $2,000 for this PC a “deal,” but it’s better than you can do on your own right now.

Witchfire Is So Good It Has Me Rethinking Early Access Games

Witchfire Is So Good It Has Me Rethinking Early Access Games

Early Access games have been around for a while now. The trend of launching a game into Early Access to allow curious of players to check out an in-progress game and get their feedback for 1.0 continues to grow. But knowing what I'd be playing is unfinished and could change has always kept me at an arm's length from these games. I even skipped Hades II's Early Access period, despite adoring the first game and knowing developer Supergiant Games is good for its in-development word. I'm starting to wonder if I've been throwing a wet blanket on this type of release after playing Witchfire , an Early Access game that has me hooked. I started it yesterday and already have a dozen hours in it. It is fantastic. But Game Informer Editor-in-Chief Matt Miller has been singing its praises alongside thousands of other early adopters for years now; I'm not saying anything surprising here, and if you want to read about why this game is good, there's lots of great writing out there for that. Having put aside the mouse and keyboard that control my Preyer's arsenal of destruction, I'm stuck thinking about how many other games I've dismissed sight-unseen because they're in Early Access. I know I'm checking Witchfire out years into its Early Access life at this point, which began in 2023, but I'm bewildered by just how much is here, and how much of it is so polished, too. I'm still overwhelmed by how many systems and synergies are at play in Witchfire – various build types, leveling and progression systems, weapons, magic spells, enemy types, biomes to explore, and bosses to fight. I'm not even sure what I want to see in a 1.0 build; if the version of Witchfire I am playing right now launched today, I wouldn't question a thing about all there is to do in the game. That makes it all the more exciting that a 1.0 launch is happening this year, promising even more to come for this so-far excellent FPS roguelite adventure. I'm sure there are examples of Early Access games that are significantly more feature-lite, and to be clear: I think that's okay. I just know I'd rather wait for the full 1.0 release at that point. But there are also probably just as many feature-rich Early Access games I'd likely enjoy as much as The Astronauts' shooter, where I'm left wondering how the game isn't a content-complete 1.0 release. I suppose this is less a dive into the gamut of Early Access games and their role in game releases (typically in the PC ecosystem) and more so an admission of me being plain ole silly. Of course, I check out Early Access games from time to time for work, but prior to Witchfire and outside of work, I only played 1.0+ releases as if Early Access was a black mark unworthy of my free time. But I know all too well how game development works and how Early Access allows developers to accomplish goals they would otherwise never reach. Games like Hades might never have been the success they are if not for what Supergiant learned during its Early Access period: understanding what its players like, love, dislike, and hate, and shaping the game into something both parties enjoy. The same goes for Witchfire, and there's a world where I might have missed the fun and excellence that is this game had I brushed it off as just another Early Access release. The potential of one day checking out its 1.0 release was always there, but that potential has now metastasized into a thrilling excitement – anticipation for changes, an eagerness to dive into what's new, and a newfound enthusiasm for a game I almost ignored. If you're like me and haven't given Witchfire a go yet, it's available in Early Access on PC via Steam and the Epic Games Store . In the meantime, you can read our preview here to learn why it's one of our most anticipated games of 2026 . After that, read about the Webgrave update that added a new region, new enemies, and more last year. What are some of your favorite Early Access games? Let me know which ones I need to check out in the comments below!