security meets culture
Office Apps on Windows 10 are No Longer Tied to its October 2025
End-of-Support Date
By Andrew Cunningham for arstechnica
Windows 10 will stop getting free security updates on October 14, 2025.
Windows 10 will stop getting free security updates on October 14, 2025.
Microsoft 365 will encompass Teams, OneDrive, and the suite of productivity apps formerly known as Office. Credit: Microsoft
For most users, Windows 10 will stop receiving security updates and other official support from Microsoft on October 14, 2025, about five months from today. Until recently, Microsoft had also said that users running the Microsoft Office apps on Windows 10 would also lose support on that date, whether they were using the continually updated Microsoft 365 versions of those apps or the buy-once-own-forever versions included in Office 2021 or Office 2024.
Microsoft has recently tweaked this policy, however-- as seen by The Verge. Now, Windows 10 users of the Microsoft 365 apps will still be eligible to receive software updates and support through October of 2028, "in the interest of maintaining your security while you upgrade to Windows 11." Microsoft is taking a similar approach to Windows Defender malware definitions, which will be offered to Windows 10 users "through at least October 2028."
The policy is a change from a few months ago, when Microsoft insisted that Office apps running on Windows 10 would become officially unsupported on October 14. The perpetually licensed versions of Office will be supported in accordance with Microsoft's "Fixed Lifecycle Policy," which guarantees support and security updates for a fixed number of years after a software product's initial release. For Office 2021, this means Windows 10 users will get support through October of 2026; for Office 2024, this should extend to October of 2029.
Some Microsoft support sites still list the old end-of-support dates for Office apps running on Windows 10. We've contacted Microsoft to see whether these sites will be updated to match the new dates.
Microsoft is likely extending this Office support date and the Windows Defender definitions to help cover people who buy into the Extended Security Updates program for Windows 10, which will allow individuals and institutions to stay on Windows 10 past the official public end-of-support date. Businesses and other institutions will be able to buy between 1 and 3 extra years of security updates, with costs that steadily increase for each year of updates. Individuals will be able to buy a single extra year of updates for a flat $30 per PC.
For people who aren't paying for extra Windows 10 updates, Microsoft has stayed firmly committed to both Windows 10's end-of-support date and Windows 11's minimum system requirements, which will prevent many active Windows 10 systems from upgrading to the newer operating system. Perhaps unsurprisingly, Microsoft's solution is that these people should buy a new PC entirely; the company declared 2025 "the year of the Windows 11 PC refresh" back in January.
It's possible to install and run Windows 11 on older "unsupported" PCs, and the day-to-day experience is often indistinguishable from running the software on a "supported" PC. But there are additional hoops to jump through when you're installing and upgrading the OS that may keep most non-technical users from wanting to give it a try.
Microsoft has recently tweaked this policy, however-- as seen by The Verge. Now, Windows 10 users of the Microsoft 365 apps will still be eligible to receive software updates and support through October of 2028, "in the interest of maintaining your security while you upgrade to Windows 11." Microsoft is taking a similar approach to Windows Defender malware definitions, which will be offered to Windows 10 users "through at least October 2028."
The policy is a change from a few months ago, when Microsoft insisted that Office apps running on Windows 10 would become officially unsupported on October 14. The perpetually licensed versions of Office will be supported in accordance with Microsoft's "Fixed Lifecycle Policy," which guarantees support and security updates for a fixed number of years after a software product's initial release. For Office 2021, this means Windows 10 users will get support through October of 2026; for Office 2024, this should extend to October of 2029.
Some Microsoft support sites still list the old end-of-support dates for Office apps running on Windows 10. We've contacted Microsoft to see whether these sites will be updated to match the new dates.
Microsoft is likely extending this Office support date and the Windows Defender definitions to help cover people who buy into the Extended Security Updates program for Windows 10, which will allow individuals and institutions to stay on Windows 10 past the official public end-of-support date. Businesses and other institutions will be able to buy between 1 and 3 extra years of security updates, with costs that steadily increase for each year of updates. Individuals will be able to buy a single extra year of updates for a flat $30 per PC.
For people who aren't paying for extra Windows 10 updates, Microsoft has stayed firmly committed to both Windows 10's end-of-support date and Windows 11's minimum system requirements, which will prevent many active Windows 10 systems from upgrading to the newer operating system. Perhaps unsurprisingly, Microsoft's solution is that these people should buy a new PC entirely; the company declared 2025 "the year of the Windows 11 PC refresh" back in January.
It's possible to install and run Windows 11 on older "unsupported" PCs, and the day-to-day experience is often indistinguishable from running the software on a "supported" PC. But there are additional hoops to jump through when you're installing and upgrading the OS that may keep most non-technical users from wanting to give it a try.
VPN Firm Says it Didn't Know Customers had Lifetime Subscriptions, Cancels Them
By Scharon Harding for arstechnica
"We acknowledge that notifying users after the deactivation was a poor experience..."
"We acknowledge that notifying users after the deactivation was a poor experience..."
Credit: Getty
The new owners of VPN provider VPNSecure have drawn ire after canceling lifetime subscriptions. The owners told customers that they didn't know about the lifetime subscriptions when they bought VPNSecure, and they cannot honor the purchases.
In March, complaints started appearing online about lifetime subscriptions to VPNSecure no longer working.
The first public response Ars Technica found came on April 28, when lifetime subscription holders reported receiving an email from the VPN provider saying:
"To continue providing a secure and high-quality experience for all users, Lifetime Deal accounts have now been deactivated as of April 28th, 2025."
A copy of the email from "The VPN Secure Team" and posted on Reddit notes that VPNSecure had previously deactivated accounts with lifetime subscriptions that it said hadn't been used in 'over 6 months.'" The message noted that VPNSecure was acquired in 2023, "including the technology, domain, and customer database-- but not the liabilities." The email continues:
"Unfortunately, the previous owner did not disclose that thousands of Lifetime Deals (LTDs) had been sold through platforms like StackSocial."
"We discovered this only months later-- when a large portion of our resources were strained by these LTD accounts and high support volume from users, who through part of the database, provided no sustaining income to help us improve and maintain the service."
VPNSecure is offering affected users discounted new subscriptions for either $1.87 for a month-- instead of $9.95-- $19 for a year-- instead of $79.92-- or $55 for 3 years-- instead of $107.64. The deals are available until May 31, per the email.
This week, users reported receiving a follow-up email from VPNSecure providing more details about why it made its bold and sudden move. Screenshots of the email shared on Reddit say that the acquisition by InfiniteQuant Ltd-- which is a different company than InfiniteQuant Capital Ltd, an InfiniteQuant Capital rep told Ars via email-- was "an asset only deal."
A VPNSecure representative claimed on the reviews site Trustpilot that the current owners "did not gain access to the customer database until months" after the acquisition. According to VPNSecure's owners, their acquisition netted them "the tech, the brand, and the infrastructure/technology-- but none of the company, contracts, payments, or obligations from the previous owners."
The current owners said they didn't sue the seller because "a corporate lawsuit would've cost more than the entire purchase of the business."
VPNSecure also apologized to any customers who felt caught offguard by the changes, noted their backlash, and thanked those who purchased new subscriptions.
The email's authors claimed that they could have chosen to shut down VPNSecure after learning about the lifetime subscriptions but "chose the hard path." They also emphasized they "never will" sell lifetime subscriptions.
Unaware of lifetime subscriptions
Customers have been incredulous about VPNSecure's owners not knowing about the purchased lifetime subscriptions before buying the company. The firm's email to customers this week said the current owners reviewed 6 to 12 months of VPNSecure's prior "financials" before making the purchase, but the listing, profit and loss statements, and communications never mentioned lifetime deals.
The email included a link to a VPNSecure sales listing dated April 2023 that shows an "estimated valuation" of $282,090–$344,770 and doesn't mention lifetime subscriptions.
Ars looked at the VPNSecure website's history using the Internet Archive's Wayback Machine and didn't find mention of lifetime subscriptions. Lifetime subscriptions to the service were apparently only offered through 3rd-parties, like these listings on StackSocial and Wccftech, that no longer link to purchaseable subscriptions. VPNSecure's email this week claimed that lifetime subscriptions were sold "between 2015 and 2017"; however, Ars found ads on ZDNET pushing $40 lifetime subscriptions in 2021 and $28 lifetime subscriptions in 2022.
In March, complaints started appearing online about lifetime subscriptions to VPNSecure no longer working.
The first public response Ars Technica found came on April 28, when lifetime subscription holders reported receiving an email from the VPN provider saying:
"To continue providing a secure and high-quality experience for all users, Lifetime Deal accounts have now been deactivated as of April 28th, 2025."
A copy of the email from "The VPN Secure Team" and posted on Reddit notes that VPNSecure had previously deactivated accounts with lifetime subscriptions that it said hadn't been used in 'over 6 months.'" The message noted that VPNSecure was acquired in 2023, "including the technology, domain, and customer database-- but not the liabilities." The email continues:
"Unfortunately, the previous owner did not disclose that thousands of Lifetime Deals (LTDs) had been sold through platforms like StackSocial."
"We discovered this only months later-- when a large portion of our resources were strained by these LTD accounts and high support volume from users, who through part of the database, provided no sustaining income to help us improve and maintain the service."
VPNSecure is offering affected users discounted new subscriptions for either $1.87 for a month-- instead of $9.95-- $19 for a year-- instead of $79.92-- or $55 for 3 years-- instead of $107.64. The deals are available until May 31, per the email.
This week, users reported receiving a follow-up email from VPNSecure providing more details about why it made its bold and sudden move. Screenshots of the email shared on Reddit say that the acquisition by InfiniteQuant Ltd-- which is a different company than InfiniteQuant Capital Ltd, an InfiniteQuant Capital rep told Ars via email-- was "an asset only deal."
A VPNSecure representative claimed on the reviews site Trustpilot that the current owners "did not gain access to the customer database until months" after the acquisition. According to VPNSecure's owners, their acquisition netted them "the tech, the brand, and the infrastructure/technology-- but none of the company, contracts, payments, or obligations from the previous owners."
The current owners said they didn't sue the seller because "a corporate lawsuit would've cost more than the entire purchase of the business."
VPNSecure also apologized to any customers who felt caught offguard by the changes, noted their backlash, and thanked those who purchased new subscriptions.
The email's authors claimed that they could have chosen to shut down VPNSecure after learning about the lifetime subscriptions but "chose the hard path." They also emphasized they "never will" sell lifetime subscriptions.
Unaware of lifetime subscriptions
Customers have been incredulous about VPNSecure's owners not knowing about the purchased lifetime subscriptions before buying the company. The firm's email to customers this week said the current owners reviewed 6 to 12 months of VPNSecure's prior "financials" before making the purchase, but the listing, profit and loss statements, and communications never mentioned lifetime deals.
The email included a link to a VPNSecure sales listing dated April 2023 that shows an "estimated valuation" of $282,090–$344,770 and doesn't mention lifetime subscriptions.
Ars looked at the VPNSecure website's history using the Internet Archive's Wayback Machine and didn't find mention of lifetime subscriptions. Lifetime subscriptions to the service were apparently only offered through 3rd-parties, like these listings on StackSocial and Wccftech, that no longer link to purchaseable subscriptions. VPNSecure's email this week claimed that lifetime subscriptions were sold "between 2015 and 2017"; however, Ars found ads on ZDNET pushing $40 lifetime subscriptions in 2021 and $28 lifetime subscriptions in 2022.
A screenshot from a 2021 ZDNET listing. ZDNET
A screenshot from a 2022 ZDNET listing.ZDNET
Customer backlash
Since March, there have been 20 pages' worth of 1-star reviews on Trustpilot complaining about lifetime subscribers losing access to their VPN. One Trustpilot user wrote on April 30:
"When the service stopped working, I logged a ticket. A couple days later, I got that infamous email informing me my subscription had-- already-- been cancelled. The comms should have been sent earlier-- before the service was interrupted-- and written with more clarity and empathy."
VPNSecure is responding to the complaints on Trustpilot and has acknowledged that it could have communicated better with customers.
"We acknowledge that notifying users after the deactivation was a poor experience, and we take full responsibility for that," a company rep wrote on April 30.
People have also been complaining on Reddit. One user, for example, wrote that the new owners "said they did their due diligence, but a simple Google Search would have shown lifetime deal offers from the past."
VPNSecure ownership
VPNSecure's website lists its owner as InfiniteQuant Ltd in the Bahamas; however, its terms of service names the company "HOLDXB Trading FZCO trading as VPN Secure, IFZA Business Park, Dubai - UAE." According to the Wayback Machine, the terms of service page moved from naming an Australian firm, "Boost Network Pty Ltd trading as VPN Secure" to HOLDXB until 2024. VPNSecure's email to customers this month noted that the team is "in the Bahamas" and "not [in] one [of the] five eyes countries anymore."
Ars has reached out to The VPN Secure support team for more information but didn't hear back in time for publication. There isn't much information or contact details for InfiniteQuant Ltd, HOLDXB Trading FZCO, or Boost Network Pty Ltd online.
Limited lifetime subscriptions
VPNSecure's ordeal is a reminder that so-called lifetime subscriptions often last shorter than advertised. Per comments online, VPNSecure's lifetime subscriptions lasted up to 20 years.
Lifetime subscriptions, as well as lifetime warranties, can also get abruptly voided if a company goes out of business, and as we've seen with VPNSecure, new owners could also jeopardize "lifetime" offerings. Users can also see capabilities reduced or altered in the course of a "lifetime."
VPNSecure could have potentially mitigated backlash by giving users more advanced warning of the changes and a longer opportunity to select a new subscription before deactivating their accounts. We can't confirm if InfiniteQuant Ltd. knew about the lifetime subscriptions before making its purchase. However, the firm claims to have known about the subscriptions a few months after taking ownership, so it had ample time to warn customers before abruptly deactivating "dormant" accounts and killing the subscriptions of thousands of customers.
Since March, there have been 20 pages' worth of 1-star reviews on Trustpilot complaining about lifetime subscribers losing access to their VPN. One Trustpilot user wrote on April 30:
"When the service stopped working, I logged a ticket. A couple days later, I got that infamous email informing me my subscription had-- already-- been cancelled. The comms should have been sent earlier-- before the service was interrupted-- and written with more clarity and empathy."
VPNSecure is responding to the complaints on Trustpilot and has acknowledged that it could have communicated better with customers.
"We acknowledge that notifying users after the deactivation was a poor experience, and we take full responsibility for that," a company rep wrote on April 30.
People have also been complaining on Reddit. One user, for example, wrote that the new owners "said they did their due diligence, but a simple Google Search would have shown lifetime deal offers from the past."
VPNSecure ownership
VPNSecure's website lists its owner as InfiniteQuant Ltd in the Bahamas; however, its terms of service names the company "HOLDXB Trading FZCO trading as VPN Secure, IFZA Business Park, Dubai - UAE." According to the Wayback Machine, the terms of service page moved from naming an Australian firm, "Boost Network Pty Ltd trading as VPN Secure" to HOLDXB until 2024. VPNSecure's email to customers this month noted that the team is "in the Bahamas" and "not [in] one [of the] five eyes countries anymore."
Ars has reached out to The VPN Secure support team for more information but didn't hear back in time for publication. There isn't much information or contact details for InfiniteQuant Ltd, HOLDXB Trading FZCO, or Boost Network Pty Ltd online.
Limited lifetime subscriptions
VPNSecure's ordeal is a reminder that so-called lifetime subscriptions often last shorter than advertised. Per comments online, VPNSecure's lifetime subscriptions lasted up to 20 years.
Lifetime subscriptions, as well as lifetime warranties, can also get abruptly voided if a company goes out of business, and as we've seen with VPNSecure, new owners could also jeopardize "lifetime" offerings. Users can also see capabilities reduced or altered in the course of a "lifetime."
VPNSecure could have potentially mitigated backlash by giving users more advanced warning of the changes and a longer opportunity to select a new subscription before deactivating their accounts. We can't confirm if InfiniteQuant Ltd. knew about the lifetime subscriptions before making its purchase. However, the firm claims to have known about the subscriptions a few months after taking ownership, so it had ample time to warn customers before abruptly deactivating "dormant" accounts and killing the subscriptions of thousands of customers.
Microsoft May 2025 Patch Tuesday Fixes 5 Exploited Zero-Days, 72 Flaws
By Lawrence Abrams for bleepingcomputer
bleepingcomputer
Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including 5 actively exploited and 2 publicly disclosed zero-day vulnerabilities.
This Patch Tuesday also fixes 6 "Critical" vulnerabilities, 5 being remote code execution vulnerabilities and another an information disclosure bug.
The number of bugs in each vulnerability category is listed below:
This count does not include Azure, Dataverse, Mariner, and Microsoft Edge flaws that were fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5058411 and KB5058405 cumulative updates and the Windows 10 KB5058379 update.
Five actively exploited zero-days
This month's Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The actively exploited zero-day vulnerability in today's updates is:
CVE-2025-30400 - Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows DWM allows an authorized attacker to elevate privileges locally," reads the advisory.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
CVE-2025-32701 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally," reads the advisory.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
CVE-2025-32706 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally," explains Microsoft's advisory.
This flaw was disclosed by an "Anonymous" researcher.
CVE-2025-30397 - Scripting Engine Memory Corruption Vulnerability
Microsoft fixed a remote code execution vulnerability that can be exploited through Microsoft Edge or Internet Explorer.
"Access of resource using incompatible type-- 'type confusion'-- in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network," explains Microsoft.
Microsoft says that threat actors need to trick an authenticated user into clicking on a specially crafted link in Edge or Internet Explorer, allowing an unauthenticated attacker to gain remote code execution.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
Microsoft has not shared any details on how these flaws were exploited in attacks.
The publicly disclosed zero-days are:
CVE-2025-26685 - Microsoft Defender for Identity Spoofing Vulnerability
Microsoft fixes a flaw in Microsoft Defender that allows an unauthenticated attack to spoof another account.
"Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network," explains Microsoft.
The flaw can be exploited by an unauthenticated attacker with LAN access.
Microsoft attributes the discovery of this flaw to Joshua Murrell with NetSPI.
CVE-2025-32702 - Visual Studio Remote Code Execution Vulnerability
Microsoft fixed a Visual Studio remote code execution flaw that can be exploited by an unauthenticated attacker.
"Improper neutralization of special elements used in a command-- 'command injection'-- in Visual Studio allows an unauthorized attacker to execute code locally," explains Microsoft.
Microsoft has not shared who disclosed this flaw.
Recent updates from other companies
Other vendors who released updates or advisories in May 2025 include:
The May 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the May 2025 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
This Patch Tuesday also fixes 6 "Critical" vulnerabilities, 5 being remote code execution vulnerabilities and another an information disclosure bug.
The number of bugs in each vulnerability category is listed below:
- 17 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 28 Remote Code Execution Vulnerabilities
- 15 Information Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
This count does not include Azure, Dataverse, Mariner, and Microsoft Edge flaws that were fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5058411 and KB5058405 cumulative updates and the Windows 10 KB5058379 update.
Five actively exploited zero-days
This month's Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.
The actively exploited zero-day vulnerability in today's updates is:
CVE-2025-30400 - Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows DWM allows an authorized attacker to elevate privileges locally," reads the advisory.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
CVE-2025-32701 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally," reads the advisory.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
CVE-2025-32706 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally," explains Microsoft's advisory.
This flaw was disclosed by an "Anonymous" researcher.
CVE-2025-30397 - Scripting Engine Memory Corruption Vulnerability
Microsoft fixed a remote code execution vulnerability that can be exploited through Microsoft Edge or Internet Explorer.
"Access of resource using incompatible type-- 'type confusion'-- in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network," explains Microsoft.
Microsoft says that threat actors need to trick an authenticated user into clicking on a specially crafted link in Edge or Internet Explorer, allowing an unauthenticated attacker to gain remote code execution.
Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.
Microsoft has not shared any details on how these flaws were exploited in attacks.
The publicly disclosed zero-days are:
CVE-2025-26685 - Microsoft Defender for Identity Spoofing Vulnerability
Microsoft fixes a flaw in Microsoft Defender that allows an unauthenticated attack to spoof another account.
"Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network," explains Microsoft.
The flaw can be exploited by an unauthenticated attacker with LAN access.
Microsoft attributes the discovery of this flaw to Joshua Murrell with NetSPI.
CVE-2025-32702 - Visual Studio Remote Code Execution Vulnerability
Microsoft fixed a Visual Studio remote code execution flaw that can be exploited by an unauthenticated attacker.
"Improper neutralization of special elements used in a command-- 'command injection'-- in Visual Studio allows an unauthorized attacker to execute code locally," explains Microsoft.
Microsoft has not shared who disclosed this flaw.
Recent updates from other companies
Other vendors who released updates or advisories in May 2025 include:
- Apple released security updates for iOS, iPadOS, and macOS.
- Cisco fixed a maximum severity vulnerability in IOS XE Software for Wireless LAN Controllers.
- Fortinet released security updates for numerous products, including an actively exploited zero day used in attacks on FortiVoice.
- Google's May 2025 security updates for Android fixed an actively exploited zero-click FreeType 2 code execution vulnerability.
- Intel released CPU microcodes for a flaw named Branch Privilege Injection that leaks data from privileged memory.
- SAP releases security updates for multiple products, including a critical RCE flaw.
- SonicWall fixes a zero-day vulnerability that was exploited in attacks.
The May 2025 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the May 2025 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Harmful Android Apps Can't Hide Anymore by Changing Names and Icons
By Jorge A. Aguilar for howtogeek
Justin Duino / How-To Geek
Google Play announced major upgrades to Play Protect's live threat detection on Android phones and tablets, intended to better detect apps changing their appearance to hide their activity. They were already working on the Pixel 6, but now Google is rolling them out to more devices.
Earlier versions of Play Protect already scanned apps in real time, checking for known harmful software and using on-device machine learning to find suspicious activity. However, Google claims that this update is better at detecting deceptive app behavior. Malicious developers often try to hide harmful apps by changing icons or disguising their true purpose, and that shouldn't work anymore.
Play Protect's live threat detection now actively finds and warns users about these tricks, making identifying and removing dangerous apps easier. This feature first launched on Pixel 6 and newer devices, but it is being expanded to more phones.
Earlier versions of Play Protect already scanned apps in real time, checking for known harmful software and using on-device machine learning to find suspicious activity. However, Google claims that this update is better at detecting deceptive app behavior. Malicious developers often try to hide harmful apps by changing icons or disguising their true purpose, and that shouldn't work anymore.
Play Protect's live threat detection now actively finds and warns users about these tricks, making identifying and removing dangerous apps easier. This feature first launched on Pixel 6 and newer devices, but it is being expanded to more phones.
|
|
The November 2024 update originally brought AI-powered Scam Detection to Phone by Google and Google Messages. This system, which runs on-device AI, actively looks for suspicious call and message patterns linked to scams and warns users right away. The new update adds even stronger scam detection directly to Play Protect, which should help it find and stop malicious behavior from fake apps.
This upgrade lets the app take a more detailed look at an app's code, leading to faster and more precise detection of new or changing malware, which tends to alter itself to avoid being caught. This real-time check gives users instant warnings about an app's safety before they install it, which greatly reduces the chance of accidentally downloading harmful software.
This all started back in October 2023, when Google originally made these features much stronger by adding real-time scanning at the code level for apps that had never been seen before. The new update is going to take what's there and improve Android's overall security system.
Google says Google Play Protect is a key part of Android's multi-layered defense. It is meant to work alongside features like app permission controls, Safe Browsing, and security updates to make sure you don't accidentally download or sideload any malicious apps or files.
This is because even if one security layer fails, others still protect your data. The addition of stronger factory reset protections and improved 1-time password security in Android 16 is a big part of that. I've had to deal with Google's OTP recently, and can say it really needs an upgrade. I still need a 1-time password through text because none of the other options work for my account.
This is all done through Google's AI model. While there are probably a lot of people who don't like that idea, it's being done locally, not by sending data to Google, so there shouldn't be any privacy issues.
Source: Google
Should You Turn On Smart App Control?
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP
and Crafted .ini Files
By Ravie Lakshmanan for thehackernews
thehackernews
ASUS has released updates to address 2 security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution.
DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a dedicated site hosted at "driverhub.asus[.]com."
The flaws identified in the software are listed below:
Security researcher MrBruh, who is credited with discovering and reporting the two vulnerabilities, said they could be exploited to achieve remote code execution as part of a 1-click attack.
The attack chain essentially involves tricking an unsuspecting user into visiting a sub-domain of driverhub.asus[.]com-- e.g., driverhub.asus.com.<random string>.com-- and then leveraging the DriverHub's UpdateApp endpoint to execute a legitimate version of the "AsusSetup.exe" binary with an option set to run any file hosted on the fake domain.
"When executing AsusSetup.exe it first reads from AsusSetup.ini, which contains metadata about the driver," the researcher explained in a technical report.
"If you run AsusSetup.exe with the -s flag-- DriverHub calls it using this to do a silent install-- it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything."
All an attacker needs to successfully pull off the exploit is to create a domain, and host three files, the malicious payload to be run, an altered version of AsusSetup.ini that has the "SilentInstallRun" property set to the malicious binary, and AsusSetup.exe, which then make use of the property to run the payload.
Following responsible disclosure on April 8, 2025, the issues were fixed by ASUS on May 9. There is no evidence that the vulnerabilities have been exploited in the wild.
"This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version," the company said in a bulletin. "The latest Software Update can be accessed by opening ASUS DriverHub, then clicking the Update Now button."
DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a dedicated site hosted at "driverhub.asus[.]com."
The flaws identified in the software are listed below:
- CVE-2025-3462 (CVSS score: 8.4) - An origin validation error vulnerability that may allow unauthorized sources to interact with the software's features via crafted HTTP requests
- CVE-2025-3463 (CVSS score: 9.4) - An improper certificate validation vulnerability that may allow untrusted sources to affect system behavior via crafted HTTP requests
Security researcher MrBruh, who is credited with discovering and reporting the two vulnerabilities, said they could be exploited to achieve remote code execution as part of a 1-click attack.
The attack chain essentially involves tricking an unsuspecting user into visiting a sub-domain of driverhub.asus[.]com-- e.g., driverhub.asus.com.<random string>.com-- and then leveraging the DriverHub's UpdateApp endpoint to execute a legitimate version of the "AsusSetup.exe" binary with an option set to run any file hosted on the fake domain.
"When executing AsusSetup.exe it first reads from AsusSetup.ini, which contains metadata about the driver," the researcher explained in a technical report.
"If you run AsusSetup.exe with the -s flag-- DriverHub calls it using this to do a silent install-- it will execute whatever is specified in SilentInstallRun. In this case, the ini file specifies a cmd script that performs an automated headless install of the driver, but it could run anything."
All an attacker needs to successfully pull off the exploit is to create a domain, and host three files, the malicious payload to be run, an altered version of AsusSetup.ini that has the "SilentInstallRun" property set to the malicious binary, and AsusSetup.exe, which then make use of the property to run the payload.
Following responsible disclosure on April 8, 2025, the issues were fixed by ASUS on May 9. There is no evidence that the vulnerabilities have been exploited in the wild.
"This update includes important security updates and ASUS strongly recommends that users update their ASUS DriverHub installation to the latest version," the company said in a bulletin. "The latest Software Update can be accessed by opening ASUS DriverHub, then clicking the Update Now button."
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+
via Facebook Lures
By Ravie Lakshmanan for thehackernews
thehackernews
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.
"Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms-- often advertised via legitimate-looking Facebook groups and viral social media campaigns," Morphisec researcher Shmuel Uzan said in a report published last week.
Posts shared on these pages have been found to attract over 62,000 views on a single post, indicating that users looking for AI tools for video and image editing are the target of this campaign. Some of the fake social media pages identified include Luma Dreammachine Al, Luma Dreammachine, and gratistuslibros.
Users who land on the social media posts are urged to click on links that advertise AI-powered content creation services, including videos, logos, images, and even websites. One of the bogus websites masquerades as CapCut AI, offering users an "all-in-one video editor with new AI features."
Once unsuspecting users upload their image or video prompts on these sites, they are then asked to download the supposed AI-generated content, at which point a malicious ZIP archive-- "VideoDreamAI.zip"-- is downloaded instead.
Present within the file is a deceptive file named "Video Dream MachineAI.mp4.exe" that kick-starts the infection chain by launching a legitimate binary associated with ByteDance's video editor-- "CapCut.exe". This C++-based executable is used to run a .NET-based loader named CapCutLoader that, in turn, ultimately loads a Python payload-- "srchost.exe"-- from a remote server.
The Python binary paves the way for the deployment of Noodlophile Stealer, which comes with capabilities to harvest browser credentials, cryptocurrency wallet information, and other sensitive data. Select instances have also bundled the stealer with a remote access trojan like XWorm for entrenched access to the infected hosts.
"Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms-- often advertised via legitimate-looking Facebook groups and viral social media campaigns," Morphisec researcher Shmuel Uzan said in a report published last week.
Posts shared on these pages have been found to attract over 62,000 views on a single post, indicating that users looking for AI tools for video and image editing are the target of this campaign. Some of the fake social media pages identified include Luma Dreammachine Al, Luma Dreammachine, and gratistuslibros.
Users who land on the social media posts are urged to click on links that advertise AI-powered content creation services, including videos, logos, images, and even websites. One of the bogus websites masquerades as CapCut AI, offering users an "all-in-one video editor with new AI features."
Once unsuspecting users upload their image or video prompts on these sites, they are then asked to download the supposed AI-generated content, at which point a malicious ZIP archive-- "VideoDreamAI.zip"-- is downloaded instead.
Present within the file is a deceptive file named "Video Dream MachineAI.mp4.exe" that kick-starts the infection chain by launching a legitimate binary associated with ByteDance's video editor-- "CapCut.exe". This C++-based executable is used to run a .NET-based loader named CapCutLoader that, in turn, ultimately loads a Python payload-- "srchost.exe"-- from a remote server.
The Python binary paves the way for the deployment of Noodlophile Stealer, which comes with capabilities to harvest browser credentials, cryptocurrency wallet information, and other sensitive data. Select instances have also bundled the stealer with a remote access trojan like XWorm for entrenched access to the infected hosts.
The developer of Noodlophile is assessed to be of Vietnamese origin, who, on their GitHub profile, claims to be a "passionate Malware Developer from Vietnam." The account was created on March 16, 2025. It's worth pointing out that the Southeast Asian nation is home to a thriving cybercrime ecosystem that has a history of distributing various stealer malware families targeting Facebook.
Bad actors weaponizing public interest in AI technologies to their advantage is not a new phenomenon. In 2023, Meta said it took down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023.
The disclosure comes as CYFIRMA detailed another new .NET-based stealer malware family codenamed PupkinStealer that can steal a wide range of data from compromised Windows systems and exfiltrate it to an attacker-controlled Telegram bot.
"With no specific anti-analysis defenses or persistence mechanisms, PupkinStealer depends on straightforward execution and low-profile behavior to avoid detection during its operation," the cybersecurity company said. "PupkinStealer exemplifies a simple yet effective form of data-stealing malware that leverages common system behaviors and widely used platforms to exfiltrate sensitive information."
Windows 11 Upgrade Block Lifted After Safe Exam Browser Fix
By Sergiu Gatlan for bleepingcomputer
bleepingcomputer
Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues.
Safe Exam Browser is an open-source software used by schools, professional certification bodies, and enterprises to transform computers into secure workstations during online exams, preventing cheating by restricting access to unauthorized resources, apps, and websites.
The compatibility hold was added in September to prevent issues affecting Windows 11, version 24H2 users when opening Safe Exam Browser version 3.7 or lower.
Microsoft says the developers have solved this known issue and advises customers to install the latest Safe Exam Browser version-- 3.8 or later. Affected users should update the Safe Exam Browser app before upgrading their systems to Windows 11 24H2.
"If your device still encounters this safeguard hold 48 hours after updating to the latest version of the application, you will need to contact Safe Exam Browser Support for more information on the resolution," Microsoft said in a Windows release health update.
"If you are trying to install Windows 11, version 24H2 through the media creation tool, you will be able to proceed with the installation after you follow the instructions in the UI that pops up during the installation."
Windows 11 24H2 rolling out to everyone, still blocked on some PCs
Last week, Microsoft announced that the Windows 11 24H2 feature update is ready to roll out to all compatible PCs, excluding those with safeguard holds, and fixed a known issue blocking it from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates.
The company also mitigated a "latent code issue" causing some PCs to be upgraded to Windows 11 despite Intune policies that should've blocked Windows 11 upgrades.
In recent months, Microsoft has lifted other compatibility holds, blocking Windows 11 24H2 upgrades on ASUS devices with very specific hardware components and for some AutoCAD users and Asphalt 8: Airborne players.
Other upgrade blocks prompted by incompatible hardware and software that still stand have also been applied to computers with integrated cameras, Dirac audio improvement software, or the Easy Anti-Cheat application.
Windows 11 24H2 started rolling out in May 2024 for enterprise testing to enterprise customers enrolled in the Windows Insider Release Preview Channel and was released to eligible devices running Windows 11 22H2/23H2 in October.
Safe Exam Browser is an open-source software used by schools, professional certification bodies, and enterprises to transform computers into secure workstations during online exams, preventing cheating by restricting access to unauthorized resources, apps, and websites.
The compatibility hold was added in September to prevent issues affecting Windows 11, version 24H2 users when opening Safe Exam Browser version 3.7 or lower.
Microsoft says the developers have solved this known issue and advises customers to install the latest Safe Exam Browser version-- 3.8 or later. Affected users should update the Safe Exam Browser app before upgrading their systems to Windows 11 24H2.
"If your device still encounters this safeguard hold 48 hours after updating to the latest version of the application, you will need to contact Safe Exam Browser Support for more information on the resolution," Microsoft said in a Windows release health update.
"If you are trying to install Windows 11, version 24H2 through the media creation tool, you will be able to proceed with the installation after you follow the instructions in the UI that pops up during the installation."
Windows 11 24H2 rolling out to everyone, still blocked on some PCs
Last week, Microsoft announced that the Windows 11 24H2 feature update is ready to roll out to all compatible PCs, excluding those with safeguard holds, and fixed a known issue blocking it from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates.
The company also mitigated a "latent code issue" causing some PCs to be upgraded to Windows 11 despite Intune policies that should've blocked Windows 11 upgrades.
In recent months, Microsoft has lifted other compatibility holds, blocking Windows 11 24H2 upgrades on ASUS devices with very specific hardware components and for some AutoCAD users and Asphalt 8: Airborne players.
Other upgrade blocks prompted by incompatible hardware and software that still stand have also been applied to computers with integrated cameras, Dirac audio improvement software, or the Easy Anti-Cheat application.
Windows 11 24H2 started rolling out in May 2024 for enterprise testing to enterprise customers enrolled in the Windows Insider Release Preview Channel and was released to eligible devices running Windows 11 22H2/23H2 in October.
Is Windows Defender Good Enough in 2025?
Should I Update to Windows 11? - May 2025 Update
Everyone Needs to Download This Free Utility Now
- You May Thank Me Later
Windows 11 Home vs. Pro: What's the Difference and is it Worth It?
Google Chrome to Use On-Device AI to Detect Tech Support Scams
By Bill Toulas for bleepingcomputer
bleepingcomputer
Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.
Tech support scams are malicious websites that trick users into thinking their computer has a virus infection or other problem. These alerts are shown as full-screen browser windows or will display additional pop-ups, making them difficult to close.
The goal is to convince the victim to call a listed number for help to either sell unnecessary remote support subscriptions or gain remote access to devices, which can lead to financial losses or data theft.
Tech support scams are malicious websites that trick users into thinking their computer has a virus infection or other problem. These alerts are shown as full-screen browser windows or will display additional pop-ups, making them difficult to close.
The goal is to convince the victim to call a listed number for help to either sell unnecessary remote support subscriptions or gain remote access to devices, which can lead to financial losses or data theft.
Example tech support scam. Source: BleepingComputer
Google Chrome 126 to power AI features directly within the browser for faster, privacy-focused assistance.
Chrome's new anti-scam system, which is integrated into the browser's 'Enhanced Protection,' analyzes web pages in real time to detect scam signals like fake virus alerts or full-screen lockouts, which are hallmarks of tech support scams.
This analysis takes place offline, locally on the user's device using Gemini Nano. When there's a positive match, the data-- LLM output + site metadata-- is sent to 'Google Safe Browsing' for a more thorough evaluation.
If malicious intent is confirmed, Chrome will display a warning message informing the user of the risk.
Overview of how the new system works. Source: Google
Google says the feature respects users' privacy and has only a minimal performance impact, though not many details were given in the announcement.
"This is all done in a way that preserves performance and privacy," announced Google.
"In addition to ensuring that the LLM is only triggered sparingly and run locally on the device, we carefully manage resource consumption by considering the number of tokens used, running the process asynchronously to avoid interrupting browser activity, and implementing throttling and quota enforcement mechanisms to limit GPU usage."
The AI-powered protection feature will be implemented on Chrome 137, scheduled for release next week, and it will be enabled by default on all users who upgrade to the latest version and opt into 'Enhanced Protection' within the browser's Safe Browsing settings.
Open Chrome Settings > Privacy and Security > Security > Enhanced Protection to enable it.
Source: BleepingComputer
Google stated it plans to expand the system in future releases and make it capable of detecting other scam types, such as fake package delivery or toll notices. Also, Chrome for Android will get this feature sometime in 2025.
Google's new anti-scam feature is similar to what Microsoft introduced for Edge earlier this year, which uses a specially trained machine learning model to detect and block scams targeting the user.
How Important is a Clean Uninstall?
Why You Shouldn't Buy Directly from Factory Sources to Save Money
By Jowi Morales for makeuseof
PeopleImages Yuri A / Shutterstock
With tariffs on Chinese imports rising and retail prices climbing, TikTok influencers are encouraging followers to skip the middleman and buy directly from Chinese factories. But is this really the money-saving hack it seems?
What TikTok Gets Wrong About Factory Buying
Many TikTok creators are pushing their followers to buy directly from Chinese factories. This TikTok trend started after President Trump put a 145% tariff on Chinese goods and revoked the de minimis exception.
This means that the cheap items we used to buy from sites like Shein and Temu will become more expensive. These taxes will also significantly push up the prices of luxury goods made in China, like handbags, sunglasses, and more.
Because of this, some influencers say we should go straight to the factory source and cut out the intermediary. These are the same factories from which your favorite brands get their inventories, and the labels are just added to make the items more premium.
You will save some money if you order directly from the factory. However, you're taking on some risks if you do that-- and there are some serious caveats you should be aware of.
You Do Not Get Consumer Protection
The biggest risk you face when purchasing directly from a manufacturer is that you do not get consumer protection. Unlike the US, where we have robust consumer protection, purchasing directly from a factory across the sea that is not bound by American law would make it much harder to get your money back if things don't go right. For example, you can easily return an item on Amazon if the seller shipped you the wrong one or if you were scammed.
You might have similar protection from established platforms like Aliexpress or Alibaba. However, if you contact a business directly via email or a messaging app, the transaction is only between you and the seller. So, if there's an issue with your order (or it doesn't arrive), you have no other recourse but to find a lawyer in the seller's country and sue them there if you want a refund.
Quality Control is Not as Good
Retailers often add additional expenses to the manufacturing cost of the products they sell. However, there's a good reason for this: aside from bearing the risk from the supplier and giving you, the buyer, some protection, they also conduct quality control on the items they sell. That means you're less likely to get a bad product because another set of eyes, aside from the factory, has already checked your item.
Most factories usually also have some sort of quality control, but small imperfections might make it through the line because of the volume of goods they're manufacturing daily. Smaller plants may have fewer people dedicated to evaluating output, which means you're more likely to receive a defective item. So, in turn, a retailer with relationships to many different suppliers is one of the ways you're protected from getting a bad product.
Quality control is especially important for retailers who survive on repeat business and feedback. People are less likely to buy if a store consistently gets bad ratings, whether on Amazon, Etsy, or otherwise. Furthermore, many established businesses already know which factories they can trust, so you're more likely to get a good product if you buy from a retailer. But this also applies to buying directly from a factory: how do you know which is a good factory, and which ones you can trust?
There's No Volume Discount for Single Purchases
What TikTok Gets Wrong About Factory Buying
Many TikTok creators are pushing their followers to buy directly from Chinese factories. This TikTok trend started after President Trump put a 145% tariff on Chinese goods and revoked the de minimis exception.
This means that the cheap items we used to buy from sites like Shein and Temu will become more expensive. These taxes will also significantly push up the prices of luxury goods made in China, like handbags, sunglasses, and more.
Because of this, some influencers say we should go straight to the factory source and cut out the intermediary. These are the same factories from which your favorite brands get their inventories, and the labels are just added to make the items more premium.
You will save some money if you order directly from the factory. However, you're taking on some risks if you do that-- and there are some serious caveats you should be aware of.
You Do Not Get Consumer Protection
The biggest risk you face when purchasing directly from a manufacturer is that you do not get consumer protection. Unlike the US, where we have robust consumer protection, purchasing directly from a factory across the sea that is not bound by American law would make it much harder to get your money back if things don't go right. For example, you can easily return an item on Amazon if the seller shipped you the wrong one or if you were scammed.
You might have similar protection from established platforms like Aliexpress or Alibaba. However, if you contact a business directly via email or a messaging app, the transaction is only between you and the seller. So, if there's an issue with your order (or it doesn't arrive), you have no other recourse but to find a lawyer in the seller's country and sue them there if you want a refund.
Quality Control is Not as Good
Retailers often add additional expenses to the manufacturing cost of the products they sell. However, there's a good reason for this: aside from bearing the risk from the supplier and giving you, the buyer, some protection, they also conduct quality control on the items they sell. That means you're less likely to get a bad product because another set of eyes, aside from the factory, has already checked your item.
Most factories usually also have some sort of quality control, but small imperfections might make it through the line because of the volume of goods they're manufacturing daily. Smaller plants may have fewer people dedicated to evaluating output, which means you're more likely to receive a defective item. So, in turn, a retailer with relationships to many different suppliers is one of the ways you're protected from getting a bad product.
Quality control is especially important for retailers who survive on repeat business and feedback. People are less likely to buy if a store consistently gets bad ratings, whether on Amazon, Etsy, or otherwise. Furthermore, many established businesses already know which factories they can trust, so you're more likely to get a good product if you buy from a retailer. But this also applies to buying directly from a factory: how do you know which is a good factory, and which ones you can trust?
There's No Volume Discount for Single Purchases
Rawpixel.com / Shutterstock
You might think you're saving money when you buy directly from the factory, especially as you might see quotes around 70% to 90% off the retail price. However, these prices are often the result of bulk discounts, meaning the seller will only give you this price if you order at least 100 units of the item you're buying. But if you only need one item, you likely receive a smaller discount, meaning you won't save as much money as expected.
Furthermore, some factories will only sell the extra items they make from a bulk order. For example, say that a manufacturing plant receives an order for 10,000 phone cases. They won't make that exact number for their customer, as they need to account for mistakes during the assembly process and damages to items during transit, among other reasons. So, they might have 10,500 frames once they complete the order. If we assume that the client takes the 10,000 units, the factory will still have 500 leftover items on hand.
These units are often the ones that are sold by the factory as retail items at a discount. But these sometimes have the damaged goods included, and you might be the unlucky one who buys the item rejected by a corporate customer.
Existing Platforms Already Let You Do That
Furthermore, some factories will only sell the extra items they make from a bulk order. For example, say that a manufacturing plant receives an order for 10,000 phone cases. They won't make that exact number for their customer, as they need to account for mistakes during the assembly process and damages to items during transit, among other reasons. So, they might have 10,500 frames once they complete the order. If we assume that the client takes the 10,000 units, the factory will still have 500 leftover items on hand.
These units are often the ones that are sold by the factory as retail items at a discount. But these sometimes have the damaged goods included, and you might be the unlucky one who buys the item rejected by a corporate customer.
Existing Platforms Already Let You Do That
Amazon
Instead of contacting a factory directly on WhatsApp, WeChat, or other messaging services, there are platforms that let you do that and offer protection. These online shopping sites, which sometimes offer free shipping, sometimes have manufacturers and factories that post items directly for retail. Don't expect to get Amazon levels of customer service from many of them, but at least you can easily compare similar products, pay for your item securely, and track its shipment.
Aside from Alibaba and Aliexpress, you can also try apps like Taobao and Tmall, which are owned by Chinese multinational tech companies. While they also protect customers who use these platforms, do not expect to get the same quality of customer service and consumer protection you'll get from Amazon.
You can definitely get the items you buy from online shops and retailers at a much cheaper price from the overseas factory. And while you might be able to secure a good deal through that, you should also know that you're bearing all the risk of the purchase. This means you'll have less of a guarantee of receiving exactly what you want compared to when you're buying it from a retailer.
© vocalbits.com