Follow ZDNET: Add us as a preferred source on Google.

---

ZDNET’s key takeaways

• Your listening room’s layout has a huge impact on your soundbar’s Dolby Atmos performance.
• There are several audio features that can help improve dialogue clarity.
• Building out your Sonos home theater can help with audio clarity and robustness.

---

Sonos’ webpages and popular reviews are full of specs, but several real-life factors affect your soundbar’s performance more than you’d think. Factors such as placement, your content’s audio format, and your room’s size and furniture all affect your soundbar’s output. 

I use my Sonos Arc and Arc Ultra soundbars, Era 300 speakers, Sub 4 subwoofer, and Ace headphones daily, but achieving complete satisfaction required some adjustments. I’m finally ready to share the secrets.

Also: Your TV’s USB port has hidden superpowers: 4 benefits you’re not taking advantage of

Start with your soundbar’s placement. Regardless of whether you have a flagship Arc or Arc Ultra, or a smaller Beam or Ray, location matters. Ensure your soundbar is as close to eye level as possible and centered on your TV. If you can help it, keep your soundbar out of a cabinet; you want sound to disperse throughout the room rather than be confined within a space.

1. Problem: Dolby Atmos doesn’t sound immersive

The reason: A lack of height

Dolby Atmos is an object-based spatial audio format. However, movie theaters get it right because they have speakers embedded in the ceiling, adding height and achieving an immersive experience that mimics sounds coming from above you. You don’t have ceiling speakers, but your Arc or Arc Ultra has upfiring speakers to create this illusion at home.

The fix: Increase the height channel volume

This one is the most difficult. If you have vaulted ceilings or your soundbar setup doesn’t allow for much space between the soundbar and your TV, your upfiring speakers will struggle. However, you can increase the volume of your Arc or Arc Ultra’s height channels to try to make them louder and more noticeable. 

A set of rear speakers can help significantly expand the horizontal plane of your Dolby Atmos experience, and the Era 300 has an upfiring tweeter for added height effect, if your space can accommodate it. 

Also: 5 ways to use your Chromecast TV beyond streaming shows (including a smart home hack)

Neither the Sonos Ray nor Beam (Gen 2) has dedicated upfiring speakers, but their forward and side-facing channels help with expanding your content’s soundstage. Either compact soundbar is an upgrade from your TV’s thin speakers, but the Beam (Gen 2) is the best compact option from Sonos (when it’s on sale).

2. Problem: Dialogue isn’t clear

The reason: Toggle Speech Enhancement, Night Mode, or Loudness

There are several ways to address this problem by playing with a few audio features. Starting small, you can turn on Speech Enhancement, which decreases bass and increases mids, which is typically where dialogue resides. You can also turn on Night Sound alongside Speech Enhancement to further reduce bass. 

Ensure your soundbar’s Loudness feature is off, as it can also amplify non-dialogue sounds. If you’re still not hearing as clearly as you’d like, you can reduce the soundbar’s bass response in its EQ settings. You can find all these features in the Sonos app.

From my experience, rear speakers and a sub, especially a subwoofer, mitigate this problem entirely, since the additional audio channels allow the soundbar to focus on mids and the sub to handle bass. 

Also: 5 easy ways to make your soundbar sound dramatically better (and they cost nothing)

If you’re this deep into the Sonos ecosystem and want to watch TV without bothering your housemates or neighbors, consider buying the Sonos Ace headphones. They are compatible with the Sonos Arc, Arc Ultra, Beam, and Ray, and play the same audio format as the soundbar’s output. 

3. Problem: Something just sounds ‘off’

The fix: Re-calibrate TruePlay

TruePlay is Sonos’ acoustic tuning feature that helps your speakers perform to their best by accounting for your room’s size, furniture, and layout. If you’re like me, your rooms aren’t the perfect square with minimal furniture like the model rooms on the Sonos website. 

You’ll want to tune your speaker with TruePlay to account for the walls near your soundbar and the sectional-sized barrier in your listening area. If you ever rearrange your listening area, whether that be the speakers or the furniture, run a new TruePlay calibration.

Cargo theft is no longer just about stolen trucks and forged paperwork. Over the past year, security researchers have been warning that hackers are increasingly targeting the technology behind global shipping, quietly manipulating systems that move goods worth millions of dollars. 

In some cases, organized crime groups use hacked logistics platforms to redirect shipments, allowing criminals to steal goods without ever setting foot in a warehouse. One recent case involving a critical U.S. shipping technology provider shows just how exposed parts of the supply chain have been, and for how long.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter     

A key shipping platform was left wide open

CRIME RINGS, HACKERS JOIN FORCES TO HIJACK TRUCKS NATIONWIDE, FUELING MAJOR HOLIDAY SHIPPING SECURITY FEARS

The company at the center of this incident is Bluspark Global, a New York-based firm whose Bluvoyix platform is used by hundreds of companies to manage and track freight moving around the world. While Bluspark isn’t a household name, its software supports a large slice of global shipping, including major retailers, grocery chains and manufacturers.

For months, Bluspark’s systems reportedly contained basic security flaws that effectively left its shipping platform exposed to anyone on the internet. According to the company, five vulnerabilities were eventually fixed, including the use of plaintext passwords and the ability to remotely access and interact with the Bluvoyix platform. These flaws could have given attackers access to decades of shipment records and customer data.

Bluspark says those issues are now resolved. But the timeline leading up to the fixes raises serious concerns about how long the platform was vulnerable and how difficult it was to alert the company in the first place.

How a researcher uncovered the flaws

Security researcher Eaton Zveare discovered the vulnerabilities in October while examining the website of a Bluspark customer. What started as a routine look at a contact form quickly escalated. By viewing the website’s source code, Zveare noticed that messages sent through the form passed through Bluspark’s servers using an application programming interface, or API.

From there, things unraveled fast. The API’s documentation was publicly accessible and included a built-in feature that allowed anyone to test commands. Despite claiming authentication was required, the API returned sensitive data without any login at all. Zveare was able to retrieve large amounts of user account information, including employee and customer usernames and passwords stored in plaintext.

Worse, the API allowed the creation of new administrator-level accounts without proper checks. That meant an attacker could grant themselves full access to Bluvoyix and view shipment data going back to 2007. Even security tokens designed to limit access could be bypassed entirely.

Why it took weeks to fix critical shipping security flaws

One of the most troubling parts of this story isn’t just the vulnerabilities themselves, but how hard it was to get them fixed. Zveare spent weeks trying to contact Bluspark after discovering the flaws, sending emails, voicemails, and even LinkedIn messages, without success.

With no clear vulnerability disclosure process in place, Zveare eventually turned to Maritime Hacking Village, which helps researchers notify companies in the shipping and maritime industries. When that failed, he contacted the press as a last resort.

Only after that did the company respond, through its legal counsel. Bluspark later confirmed it had patched the flaws and said it plans to introduce a formal vulnerability disclosure program. The company has not said whether it found evidence that attackers exploited the bugs to manipulate shipments, stating only that there was no indication of customer impact. It also declined to share details about its security practices or any third-party audits.

10 ways you can stay safe when cyberattacks hit supply chains

Hackers can break into a shipping or logistics platform without you ever realizing your data was involved. These steps help you reduce risk when attacks like this happen.

1) Watch for delivery-related scams and fake shipping notices

After supply chain breaches, criminals often send phishing emails or texts pretending to be shipping companies, retailers, or delivery services. If a message pressures you to click a link or “confirm” shipment details, slow down. Go directly to the retailer’s website instead of trusting the message.

2) Use a password manager to protect your accounts

If attackers gain access to customer databases, they often try the same login details on shopping, email, and banking accounts. A password manager ensures every account has a unique password, so one breach doesn’t give attackers the keys to everything else.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

3) Reduce your exposed personal data online

Criminals often combine data from one breach with information scraped from data broker sites. Personal data removal services can help reduce how much of your information is publicly available, making it harder for criminals to target you with convincing scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Run strong antivirus software on your devices

Strong antivirus software can block malicious links, fake shipping pages, and malware-laced attachments that often follow high-profile breaches. Keeping real-time protection enabled adds an important layer when criminals try to exploit confusion.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

HUGE DATA LEAK EXPOSES 14 MILLION CUSTOMER SHIPPING RECORDS

5) Enable two-factor authentication wherever possible

Two-factor authentication (2FA) makes it much harder for attackers to take over accounts, even if they have your password. Prioritize email, shopping accounts, cloud storage and any service that stores payment or delivery information.

6) Review your account activity and delivery history

Check your online shopping accounts for unfamiliar orders, address changes, or saved payment methods you don’t recognize. Catching changes early can prevent fraud from escalating.

7) Consider identity theft protection

Identity theft protection services can alert you to suspicious credit activity and help you recover if attackers access your name, address or other personal details. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

8) Place a free credit freeze to stop new fraud

If your name, email, or address was exposed, consider placing a credit freeze with the major credit bureaus. A freeze prevents criminals from opening new accounts in your name, even if they obtain additional personal data later. It’s free, easy to lift temporarily, and one of the most effective steps you can take after a breach. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

9) Lock down your shipping and retailer accounts

Review the security settings on major shopping and delivery accounts, including retailers, grocery services and shipping providers. Pay close attention to saved delivery addresses, default shipping locations and linked payment methods. Attackers sometimes add their own address quietly and wait before making a move.

10) Businesses should review third-party logistics access

If you run a business that relies on shipping or logistics platforms, incidents like this are a reminder to review vendor access controls. Limit administrative permissions, rotate API keys regularly, and confirm vendors have a clear vulnerability disclosure process. Supply chain security depends on more than just your own systems.

Kurt’s key takeaway

Shipping platforms sit at the intersection of physical goods and digital systems, making them attractive targets for cybercriminals. When basic protections like authentication and password encryption are missing, the consequences can spill into the real world, from stolen cargo to supply chain disruption. The incident also highlights how many companies still lack clear, public ways for researchers to report vulnerabilities responsibly.

Do you think companies that quietly power global supply chains are doing enough to protect themselves from cyber threats?  Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.

Strands is the NYT’s latest word game after the likes of Wordle, Spelling Bee and Connections – and it’s great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc’s Wordle today page for the original viral word game.

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.

The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It’s said to coincide with the nationwide unrest in Iran that began towards the end of 2025, protesting soaring inflation, rising food prices, and currency depreciation. The ensuing crackdown has resulted in mass casualties and an internet blackout.

“The malware relies on GitHub and Google Drive for configuration and modular payload retrieval, and uses Telegram for command-and-control,” the French cybersecurity company said.

What makes the campaign noteworthy is the threat actor’s likely reliance on large language models (LLMs) to build and orchestrate the necessary tooling. The starting point of the attack is a 7-Zip archive with a Farsi filename that contains macro-laced Microsoft Excel documents.

The XLSM spreadsheets claim to include details about protesters who died in Tehran between December 22, 2025, and January 20, 2026. But embedded within each of them is a malicious VBA macro, which, when enabled, functions as a dropper for a C#-based implant (“AppVStreamingUX_Multi_User.dll”) by means of a technique called AppDomainManager injection.

The VBA macro, for its part, shows signs of being generated by an LLM due to the “overall style of the VBA code, the variable names and methods” used, as well as the presence of comments like “PART 5: Report the result and schedule if successful.”

The attack is likely an effort to target individuals who are looking for information about missing persons, exploiting their emotional distress to provoke a false sense of urgency and trigger the infection chain. Analysis of the spreadsheet data, such as mismatched ages and birthdates, suggests it’s fabricated.

The backdoor, dubbed SloppyMIO, uses GitHub as a dead drop resolver to retrieve Google Drive URLs that host images from which its configuration is steganographically obtained, including details of the Telegram bot token, Telegram chat ID, and links staging various modules. As many as five different modules are supported –

• cm, to execute commands using “cmd.exe”
• do, to collect files on the compromised host and create a ZIP archive for each file that fits in the Telegram API file size limits
• up, to write a file to “%LOCALAPPDATA%\Microsoft\CLR_v4.0_32\NativeImages\,” with the file data encoded within an image fetched via the Telegram API
• pr, to create a scheduled task for persistence to run an executable every two hours
• ra, to start a process

In addition, the malware is capable of contacting a command-and-control (C2) server to beacon to the configured Telegram chat ID, receiving additional instructions and sending the results back to the operator:

• download, which runs the do module
• cmd, which runs the cm module
• runapp, to launch a process

“The malware can fetch and cache multiple modules from remote storage, run arbitrary commands, collect and exfiltrate files and deploy further malware with persistence via scheduled tasks,” HarfangLab said. “SloppyMIO beacons status messages, polls for commands and sends exfiltrated files over to a specified operator leveraging the Telegram Bot API for command-and-control.”

As for attribution, the links to Iranian actors are based on the presence of Farsi artifacts, the lure themes, and tactical similarities with prior campaigns, including that of Tortoiseshell, which has leveraged malicious Excel documents to deliver IMAPLoader using AppDomainManager injection.

The attackers’ choice of GitHub as a dead drop resolver is also not without precedent. In late 2022, Secureworks (now part of Sophos) detailed a campaign undertaken by a sub-cluster of an Iranian nation-state group known as Nemesis Kitten that used GitHub as a conduit to deliver a backdoor referred to as Drokbk.

Complicating matters further is the growing adoption of artificial intelligence (AI) tools by adversaries, making it harder for defenders to distinguish one actor from the other.

“The threat actor’s reliance on commoditized infrastructure (GitHub, Google Drive, and Telegram) hinders traditional infrastructure-based tracking but paradoxically exposes useful metadata and poses other operational security challenges to the threat actor,” HarfangLab said.

The development comes a couple of weeks after U.K.-based Iranian activist and independent cyber espionage investigator Nariman Gharib revealed details of a phishing link (“whatsapp-meeting.duckdns[.]org”) that’s distributed via WhatsApp and captures victims’ credentials by displaying a fake WhatsApp Web login page.

“The page polls the attacker’s server every second via /api/p/{victim_id}/,” Gharib explained. “This lets the attacker serve a live QR code from their own WhatsApp Web session directly to the victim. When the target scans it with their phone, thinking they’re joining a ‘meeting,’ they’re actually authenticating the attacker’s browser session. Attacker gets full access to the victim’s WhatsApp account.”

The phishing page is also designed to request browser permissions to access the device camera, microphone, and geolocation, effectively turning it into a surveillance kit that can capture victims’ photos, audio, and current whereabouts. It’s currently not known who is behind the campaign, or what was the motivation was behind it.

TechCrunch’s Zack Whittaker, who uncovered more specifics about the activity, said it’s also aimed at stealing Gmail credentials by serving a bogus Gmail login page that gathers a victim’s password and two-factor authentication (2FA) code. About 50 individuals have been found to be impacted. This includes ordinary people across the Kurdish community, academics, government officials, business leaders, and other senior figures.

The findings also come in the aftermath of a major leak suffered by the Iranian hacking group Charming Kitten that laid bare its inner workings, organizational structure, and the key personnel involved. The leaks also shed light on a surveillance platform named Kashef (aka Discoverer or Revealer) for tracking Iranian citizens and foreign nationals by aggregating data collected by different departments associated with the Islamic Revolutionary Guard Corps (IRGC).

In October 2025, Gharib also made available a database containing 1,051 individuals who enrolled in various training programs offered by Ravin Academy, a cybersecurity school founded by two operatives of Iran’s Ministry of Intelligence and Security (MOIS), Seyed Mojtaba Mostafavi and Farzin Karimi. The entity was sanctioned by the U.S. Department of the Treasury in October 2022 for supporting and enabling MOIS’s operations.

This includes assisting MOIS with information security training, threat hunting, cybersecurity, red teaming, digital forensics, malware analysis, security auditing, penetration testing, network defense, incident response, vulnerability analysis, mobile penetration testing, reverse engineering, and security research.

“The model allows MOIS to outsource initial recruitment and vetting while maintaining operational control through the founders’ direct relationship with the intelligence service,” Gharib said. “This dual-purpose structure enables MOIS to develop human capital for cyber operations while maintaining a layer of separation from direct government attribution.”

Amazon has agreed to pay $2.5 billion to settle allegations brought by the Federal Trade Commission over how it enrolled customers in Prime and how difficult it made cancellation. 

The FTC alleged Amazon enrolled millions of consumers without clear consent and failed to provide a simple way to cancel.

“The evidence showed that Amazon used sophisticated subscription traps designed to manipulate consumers into enrolling in Prime, and then made it exceedingly hard for consumers to end their subscription,” Federal Trade Commission Chairman Andrew N. Ferguson said.

Rather than proceed to trial, Amazon chose to settle the case. The company did not admit liability and says it has already made changes to Prime enrollment and cancellation flows. Still, the agreement stands as the second-largest monetary judgment ever secured by the Federal Trade Commission.

ALEXA.COM BRINGS ALEXA+ TO YOUR BROWSER

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

How the $2.5 billion settlement breaks down

The court-ordered settlement is divided into two parts. First, Amazon must pay a $1 billion civil penalty to the federal government. As a result, this marks the largest civil penalty ever tied to a violation of an FTC rule. Second, $1.5 billion is set aside for consumer refunds. Eligible Prime subscribers may receive compensation for Prime membership fees paid during the covered period, capped at $51 per person. Because this is an FTC action, only U.S.-based Prime subscribers qualify. Therefore, customers outside the United States are not eligible.

Who qualifies for an Amazon Prime refund

You may qualify for compensation if either of the following applies.

• First, you signed up for Amazon Prime in the United States between June 23, 2019, and June 23, 2025.
• Alternatively, you attempted to cancel Prime through the online cancellation process during that same period but were unable to complete it. This includes entering the cancellation flow and not finishing or accepting a Save Offer.

To confirm when you joined Prime, log in to your Amazon account. Then go to Memberships and Subscriptions and select Payment history under Prime.

How Amazon is issuing refunds

Under the settlement, refunds are distributed in two groups based on eligibility.

Automatic Payment Group

Some consumers qualified for automatic payments.

• You were eligible if you signed up for Prime between June 23, 2019, and June 23, 2025, enrolled through a challenged enrollment flow and used no more than three Prime benefits in any 12-month period.
• Automatic payments were issued within 90 days of the court order, with most eligible customers receiving funds by late December 2025. These payments covered Prime membership fees paid up to $51. No claim was required.

However, if you believe you qualified for an automatic payment but did not receive one, you may still be eligible to file a claim.

Claims Process Payment Group

At this point, the claims process is the primary path for refunds. The claims window opened January 5, 2026. Eligible consumers are being notified by email or postcard through early February. You may qualify to file a claim if you unintentionally enrolled in Prime through a challenged enrollment method or tried but failed to cancel your membership online between June 23, 2019, and June 23, 2025, and used fewer than 10 Prime benefits during any 12-month period. In addition, you must not have already received an automatic payment. To file a claim, you will need to confirm one of two conditions by checking a box on the claim form. Claims are reviewed for eligibility. Approved claims receive compensation for Prime fees paid, capped at $51 per person.

Where to file a Prime settlement claim

If you are eligible to file a claim, official instructions will be provided by email or mail. You can also access the court-approved settlement site directly at: subscriptionmembershipsettlement.com.

Links to the settlement site are also available on Amazon’s website, the Prime membership page and within the Amazon app.

THE WEEK’S BEST AMAZON HOME DEALS: SAVE 40% OR MORE ON PILLOWS, BLENDERS, VACUUMS AND MORE

Even if you do not qualify for a refund, this settlement is a strong reminder to review your subscriptions and confirm you are paying only for services you actively use. Here’s how to cancel a subscription using your iPhone and Android.

“Payments are being handled by the settlement administrator. Customers can find information and submit claims at the administrator’s website subscriptionmembershipsettlement.com,” an Amazon spokesperson told CyberGuy.

How to add or manage your Amazon Prime account

If you already have an Amazon account, adding or managing Prime takes only a few minutes. First, log in to Amazon and open the Accounts and Lists menu. From there, select Prime to view your membership details. Next, follow the prompts to add Prime or manage an existing subscription. Amazon displays pricing, billing dates and available benefits before you confirm. For that reason, review each screen carefully so you know exactly what you are agreeing to. For more on “How to get a cheap Amazon Prime membership,” click here.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Overall, this settlement sends a clear message about subscription transparency. While a $51 refund may feel modest, the broader impact matters. Regulators are forcing companies to simplify signups and make cancellations easier. If you ever felt trapped in a subscription you did not intend to start, this case shows enforcement is finally catching up to deceptive design tactics.

Have you ever tried to cancel a subscription and felt blocked or misled along the way? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

With the recent news that Sony is handing control of the Bravia TV brand to TCL in 2026, retailers are offering discounts to clear the way for the new models scheduled to arrive in 2027. And if you’ve been eyeing the Bravia 8 II as an upgrade to your living room or home theater, you can grab the 65-inch model for $1,100 off right now at Best Buy. 

Also: The best Sony TVs you can buy

The 55-inch model is also on sale — for $1,000 off — but both sizes are still pricey, selling for over $1,000 (or more) with this discount. 

I got to check out the Bravia 8 II in the ZDNET testing lab, and was very impressed with the picture quality. While you’ll get a darker screen than other OLEDs from LG and Samsung, you’ll gain the ability to fine-tune your picture settings for everything from streaming to console gaming.

Review: Sony Bravia 8 II OLED TV

You can also tweak audio settings to fully leverage both Sony’s Acoustic Surface Audio+ technology and Dolby Atmos integration. With Acoustic Surface Audio+, Sony places tiny actuators behind the OLED panel to turn the entire screen into a speaker capable of object-tracking sound. This gives you a much more immersive experience without the hassle of setting up separate home audio equipment, and it delivers near-perfect audio and video syncing.

The Bravia 8 II handles everything from black-and-white Hollywood classics to triple-A gaming on the PlayStation 5 with ease, automatically switching picture and audio modes when the TV detects a console is connected and powered on, or when a supported streaming app is launched. 

Also: You can buy an LG B5 OLED for 50% off at Best Buy for a limited time

The Bravia 8 II integrates VRR support for console gaming to help eliminate annoying screen tearing and stuttering that can happen when your frame rate drops. With the Google TV platform, you’ll get a preloaded suite of apps like Netflix, Disney+, and HBO Max so you can start watching your favorite shows and movies right out of the box. You’ll also get integrated voice controls via Google Assistant or Alexa for hands-free use of your new TV.

How I rated this deal 

Sony’s Bravia 8 II OLED is a premium-grade TV with a price tag to match. It’s not often we see steep discounts on these models, and with Best Buy’s $1,100 discount on one of the best OLED TVs on the market, you’re getting an even better value. That’s why I gave this deal a 4/5 Editor’s rating.

Power stations are quite the investment. I know people who have dropped several thousand on systems that can power their homes for days in the event of a grid failure. However, not everyone needs an expensive power station, especially if it’s only for occasional use.

Also: 12 rules to follow when using and maintaining power stations — from an expert

You don’t have to break the bank to get a quality power station. In fact, every power station listed here is under $400.

This month, we added the Bluetti 30 V2 and the 

Get more in-depth ZDNET tech coverage: Add us as a preferred Google source on Chrome and Chromium browsers.

What’s the best cheap portable power station right now? 

I’ve put over 120 portable power stations to the test to discover the absolute best. My top pick for an affordable option is the EcoFlow River 2 Right now, it’s a steal at Amazon for $179. It delivers an impressive 600W of power and easily connects to a budget-friendly solar panel, transforming it into a cost-effective solar generator. 

Keep reading to explore my other top-tested selections for the best cheap power stations.

The best cheap portable power stations of 2026

Latest info on cheap portable power stations

January 2026: A few changes this month. New in is the Bluetti Elite 30 V2, a power station that I like a lot, partly because of the fact that it’s under 10 pounds category. and it also comes in a range of colors. Along with the traditional black there’s pink, blue, grey, green, and purple.

After previously being sold out, the Jackery Explorer 500 is also back in the list.

Finally, the links and prices of all existing products were checked to make sure everything is current.

October 2025: As we head from summer to winter, it’s very likely that prices will start to creep up as demand for smaller units increases as people fear blackouts and need a way to power essentials like Wi-Fi routers, phone chargers, and CPAP machines. 

Latest Updates: 

• October 2025: All links and prices checked to make sure that you’re getting the best possible deals. 

Other portable power stations we recommend 

For more, check out the best power banks of 2026, how this power bank doubles as a hotspot, and our top home battery and backup systems. 

When is Presidents’ Day? 

Presidents’ Day is observed on the third Monday of February. This year, the holiday lands on February 16.

How did we choose these Presidents’ Day deals? 

ZDNET only writes about deals that genuinely capture our attention. These are products that we’d want ourselves and would confidently recommend to our readers, friends, and family alike. For this roundup, our experts actively searched for smartphones with meaningful discounts, new promotions, and limited-time offers, such as mobile devices bundled with accessories.

Beyond pricing, we evaluated key features of the phone, prioritizing models with solid hardware, strong performance, long battery lives, and high-quality displays. In addition to our own hands-on experience, we also took customer reviews into consideration to see what matters to real people who already own and use the products we’re recommending. Our goal is simple: it is to highlight worthwhile deals and great savings so you can shop smarter.

Ravie LakshmananJan 31, 2026Network Security / SCADA

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country.

The incident took place on December 29, 2025. The agency has attributed the attacks to a threat cluster dubbed Static Tundra, which is also tracked as Berserk Bear, Blue Kraken, Crouching Yeti, Dragonfly, Energetic Bear, Ghost Blizzard (formerly Bromine), and Havex. Static Tundra is assessed to be linked to Russia’s Federal Security Service’s (FSB) Center 16 unit.

It’s worth noting that recent reports from ESET and Dragos attributed the activity with moderate confidence to a different Russian state-sponsored hacking group known as Sandworm.

“All attacks had a purely destructive objective,” CERT Polska said in a report published Friday. “Although attacks on renewable energy farms disrupted communication between these facilities and the distribution system operator, they did not affect the ongoing production of electricity. Similarly, the attack on the combined heat and power plant did not achieve the attacker’s intended effect of disrupting heat supply to end users.”

The attackers are said to have gained access to the internal network of power substations associated with a renewable energy facility to carry out reconnaissance and disruptive activities, including damaging the firmware of controllers, deleting system files, or launching custom-built wiper malware codenamed DynoWiper by ESET.

In the intrusion aimed at the CHP, the adversary engaged in long-term data theft dating all the way back to March 2025 that enabled them to escalate privileges and move laterally across the network. The attackers’ attempts to detonate the wiper malware were unsuccessful, CERT Polska noted.

On the other hand, the targeting of the manufacturing sector company is believed to be opportunistic, with the threat actor gaining initial access via a vulnerable Fortinet perimeter device. The attack targeting the grid connection point is also likely to have involved the exploitation of a vulnerable FortiGate appliance.

At least four different versions of DynoWiper have been discovered to date. These variants were deployed on Mikronika HMI Computers used by the energy facility and on a network share within the CHP after securing access through the SSL‑VPN portal service of a FortiGate device.

“The attacker gained access to the infrastructure using multiple accounts that were statically defined in the device configuration and did not have two‑factor authentication enabled,” CERT Polska said, detailing the actor’s modus operandi targeting the CHP. “The attacker connected using Tor nodes, as well as Polish and foreign IP addresses, which were often associated with compromised infrastructure.”

The wiper’s functionality is fairly straightforward –

• Initialization that involves seeding a pseudorandom number generator (PRNG) called Mersenne Twister
• Enumerate files and corrupt them using the PRNG
• Delete files

It’s worth mentioning here that the malware does not have a persistence mechanism, a way to communicate with a command‑and‑control (C2) server, or execute shell commands. Nor does it attempt to hide the activity from security programs.

CERT Polska said the attack targeting the manufacturing sector company involved the use of a PowerShell-based wiper dubbed LazyWiper that scripts overwrites files on the system with pseudorandom 32‑byte sequences to render them unrecoverable. It’s suspected that the core wiping functionality was developed using a large language model (LLM).

“The malware used in the incident involving renewable energy farms was executed directly on the HMI machine,” CERT Polska pointed out. “In contrast, in the CHP plant (DynoWiper) and the manufacturing sector company (LazyWiper), the malware was distributed within the Active Directory domain via a PowerShell script executed on a domain controller.”

The agency also described some of the code-level similarities between DynoWiper and other wipers built by Sandworm as “general” in nature and does not offer any concrete evidence as to whether the threat actor participated in the attack.

“The attacker used credentials obtained from the on‑premises environment in attempts to gain access to cloud services,” CERT Polska said. “After identifying credentials for which corresponding accounts existed in the M365 service, the attacker downloaded selected data from services such as Exchange, Teams, and SharePoint.”

“The attacker was particularly interested in files and email messages related to OT network modernization, SCADA systems, and technical work carried out within the organizations.”

Follow ZDNET: Add us as a preferred source on Google.

---

ZDNET’s key takeaways

• Moltbot, formerly known as Clawdbot, has gone viral as an “AI that actually does things.”
• Security experts have warned against joining the trend and using the AI assistant without caution.
• If you plan on trying out Moltbot for yourself, be aware of these security issues.

---

Clawdbot, now rebranded as Moltbot following an IP nudge from Anthropic, has been at the center of a viral whirlwind this week — but there are security ramifications of using the AI assistant you need to be aware of.

What is Moltbot?

Moltbot, displayed as a cute crustacean, promotes itself as an “AI that actually does things.” Spawned from the mind of Austrian developer Peter Steinberger, the open-source AI assistant has been designed to manage aspects of your digital life, including handling your email, sending messages, and even performing actions on your behalf, such as checking you in for flights and other services. 

Also: 10 ways AI can inflict unprecedented damage in 2026

As previously reported by ZDNET, this agent, stored on individual computers, communicates with its users via chat messaging apps, including iMessage, WhatsApp, and Telegram. There are over 50 integrations, skills, and plugins, persistent memory, and both browser and full system control functionality.

Rather than operating a standalone backend AI model, Moltbot harnesses the power of Anthropic’s Claude (guess why the name change from Clawdbot was requested, or check out the lobster’s lore page) and OpenAI’s ChatGPT.  

In only a matter of days, Moltbot has gone viral. On GitHub, it now has hundreds of contributors and around 100,000 stars — making Moltbot one of the fastest-growing AI open source projects on the platform to date. 

So, what’s the problem?

1. Viral interest creates opportunities for scammers

Many of us like open source software for its code transparency, the opportunity for anyone to audit software for vulnerabilities and security issues, and, in general, the community that popular projects create. 

However, breakneck-speed popularity and changes can also allow malicious developments to slip through the cracks, with reported fake repos and crypto scams already in circulation. Taking advantage of the sudden name change, scammers launched a fake Clawdbot AI token that managed to raise $16 million before it crashed. 

So, if you are planning to try it out, ensure you use only trusted repositories. 

2. Handing over the keys to your digital kingdom

If you opt to install Moltbot and want to use the AI as a personal, autonomous assistant, you will need to grant it access to your accounts and enable system-level controls. 

There’s no perfectly secure setup, as Moltbot’s documentation acknowledges, and Cisco calls Moltbot an “absolute nightmare” from a security perspective. As the bot’s autonomy relies on permissions to run shell commands, read or write files, execute scripts, and perform computational tasks on your behalf, these privileges can expose you and your data to danger if they are misconfigured or if malware infects your machine. 

Also: Linux after Linus? The kernel community finally drafts a plan for replacing Torvalds

“Moltbot has already been reported to have leaked plaintext API keys and credentials, which can be stolen by threat actors via prompt injection or unsecured endpoints,” Cisco’s security researchers said. “Moltbot’s integration with messaging applications extends the attack surface to those applications, where threat actors can craft malicious prompts that cause unintended behavior.”

3. Exposed credentials

Offensive security researcher and Dvuln founder Jamieson O’Reilly has been monitoring Moltbot and found exposed, misconfigured instances connected to the web without any authentication protection, joining other researchers also exploring this area. Out of hundreds of instances, some had no protections at all, which leaked Anthropic API keys, Telegram bot tokens, Slack OAuth credentials, and signing secrets, as well as conversation histories. 

While developers immediately leapt into action and introduced new security measures that may mitigate this issue, if you want to use Moltbot, you must be confident in how you configure it. 

4. Prompt injection attacks

Prompt injection attacks are nightmare fuel for cybersecurity experts now involved in AI. Rahul Sood, CEO and co-founder of Irreverent Labs, has listed an array of potential security problems associated with proactive AI agents, saying that Moltbot/Clawdbot’s security model “scares the sh*t out of me.”

Also: The best free AI courses and certificates for upskilling in 2026 – and I’ve tried them all

This attack vector requires an AI assistant to read and execute malicious instructions, which could, for example, be hidden in source web material or URLs. An AI agent may then leak sensitive data, send information to attacker-controlled servers, or execute tasks on your machine — should it have the privileges to do so. 

Sood expanded on the topic on X, commenting:

“And wherever you run it… Cloud, home server, Mac Mini in the closet… remember that you’re not just giving access to a bot. You’re giving access to a system that will read content from sources you don’t control. Think of it this way, scammers around the world are rejoicing as they prepare to destroy your life. So please, scope accordingly.”

As Moltbot’s documentation notes, with all AI assistants and agents, the prompt injection attack issue hasn’t been resolved. There are measures you can take to mitigate the threat of becoming a victim, but combining widespread system and account access with malicious prompts sounds like a recipe for disaster. 

“Even if only you can message the bot, prompt injection can still happen via any untrusted content the bot reads (web search/fetch results, browser pages, emails, docs, attachments, pasted logs/code),” the documentation reads. “In other words: the sender is not the only threat surface; the content itself can carry adversarial instructions.”

5. Malicious skills and content

Cybersecurity researchers have already uncovered instances of malicious skills suitable for use with Moltbot appearing online. In one such example, on Jan. 27, a new VS Code extension called “ClawdBot Agent” was flagged as malicious. This extension was actually a fully-fledged Trojan that utilizes remote access software likely for the purposes of surveillance and data theft. 

Moltbot doesn’t have a VS Code extension, but this case does highlight how the agent’s rising popularity will likely lead to a full crop of malicious extensions and skills that repositories will have to detect and manage. If users accidentally install one, they may be inadvertently providing an open door for their setups and accounts to be compromised. 

Also: Claude Cowork automates complex tasks for you now – at your own risk

To highlight this issue, O’Reilly built a safe, but backdoored skill, and released it. It wasn’t long before the skill was downloaded thousands of times.  

While I urge caution in adopting AI assistants and agents that have high levels of autonomy and access to your accounts, it’s not to say that these innovative models and tools don’t have value. Moltbot might be the first iteration of how AI agents will weave themselves into our future lives, but we should still exercise extreme caution and avoid choosing convenience over personal security.