For years, Samsung has made products that try to camouflage what they are by displaying works of art. The Frame TV is the most famous example, but the company also released the Music Frame, a speaker disguised as a picture frame, at last year’s CES. Now, instead of hiding a speaker with a piece of art, Samsung worked with designer Erwan Bouroullec to make a speaker into a piece of art.

According to Samsung, the Music Studio line of speakers, debuting at CES 2026, draw inspiration from the “timeless dot concept” found throughout music and art. As a musician, the Music Studio 5 reminds me of a fermata, the symbol meant to hold a note or silence. It has a 4-inch woofer and dual tweeters with built-in waveguide.

The larger Music Studio 7 is a 3.1.1-channel speaker that can be used on its own, in a pair for wider stereo sound, or with compatible Samsung Wi-Fi speakers, soundbars, or TVs using the company’s Q-Symphony technology. The Studio 7 is capable of playing high-resolution audio up to 24-bit/96kHz, and it and the Music Studio 5 use AI Dynamic Bass Control to extend bass response.

Sometimes these aesthetic-first speakers forget about the most important part of a speaker — its sound quality. But Samsung has done an impressive job over the past few years with its audio tuning which makes me optimistic for the Music Studio’s performance.

Apple has released emergency security updates to fix two zero-day vulnerabilities that attackers actively exploited in highly targeted attacks. 

The company described the activity as an “extremely sophisticated attack” aimed at specific individuals. Although Apple did not identify the attackers or victims, the limited scope strongly suggests spyware-style operations rather than widespread cybercrime.

Both flaws affect WebKit, the browser engine behind Safari and all browsers on iOS. As a result, the risk is significant. In some cases, simply visiting a malicious webpage may be enough to trigger an attack.

Below, we break down what these vulnerabilities mean and explain how you can better protect yourself.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

NEW IPHONE SCAM TRICKS OWNERS INTO GIVING PHONES AWAY

What Apple says about the zero-day vulnerabilities

The two vulnerabilities are tracked as CVE-2025-43529 and CVE-2025-14174, and Apple confirmed that both were exploited in the same real-world attacks. According to Apple’s security bulletin, the flaws were abused on versions of iOS released before iOS 26, and the attacks were limited to “specific targeted individuals.”

CVE-2025-43529 is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when a device processes maliciously crafted web content. To put it simply, it allows attackers to run their own code on a device by tricking the browser into mishandling memory. Apple credited Google’s Threat Analysis Group with discovering this flaw, which is often a strong indicator of nation-state or commercial spyware activity.

The second flaw, CVE-2025-14174, is also a WebKit issue, this time involving memory corruption. While Apple describes the impact as memory corruption rather than direct code execution, these types of bugs are often chained together with other vulnerabilities to fully compromise a device. Apple says this issue was discovered jointly by Apple and Google’s Threat Analysis Group.

In both cases, Apple acknowledged that it was aware of reports confirming active exploitation in the wild. That language is important because Apple typically reserves it for situations where attacks have already occurred, not just theoretical risks. The company says it addressed the bugs through improved memory management and better validation checks, without sharing deeper technical details that could help attackers replicate the exploits.

Devices affected and signs of coordinated disclosure

Apple has released patches across its supported operating systems, including the latest versions of iOS, iPadOS, macOS, Safari, watchOS, tvOS and visionOS.

According to Apple’s advisory, affected devices include iPhone 11 and newer models, multiple generations of iPad Pro, iPad Air from the third generation onward, the eighth-generation iPad and newer and the iPad mini starting with the fifth generation. This covers the vast majority of iPhones and iPads still in active use today.

Apple has patched the flaws across its entire ecosystem. Fixes are available in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2 and Safari 26.2. Because Apple requires all iOS browsers to use WebKit under the hood, the same underlying issue also affected Chrome on iOS.

6 steps you can take to protect yourself from such vulnerabilities

Here are six practical steps you can take to stay safe, especially in light of highly targeted zero-day attacks like this.

REAL APPLE SUPPORT EMAILS USED IN NEW PHISHING SCAM

1) Install updates as soon as they drop

This sounds obvious, but it matters more than anything else. Zero-day attacks rely on people running outdated software. If Apple ships an emergency update, install it the same day if you can. Delaying updates is often the only window attackers need. If you tend to forget about updates, let your devices handle them for you. Enable automatic updates for iOS, iPadOS, macOS and Safari. That way, you are protected even if you miss the news or are traveling.

2) Be careful with links, even from people you know

Most WebKit exploits start with malicious web content. Avoid tapping on random links sent over SMS, WhatsApp, Telegram or email unless you are expecting them. If something feels off, open the site later by typing the address yourself.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

3) Use a lockdown-style browsing setup

If you are a journalist, an activist or someone who deals with sensitive information, consider reducing your attack surface. Use Safari only, avoid unnecessary browser extensions, and limit how often you open links inside messaging apps.

4) Turn on Lockdown Mode if you feel at risk

Apple’s Lockdown Mode is designed specifically for targeted attacks. It restricts certain web technologies, blocks most message attachments, and limits attack vectors commonly used by spyware. It is not for everyone, but it exists for situations like this.

5) Reduce your exposed personal data

Targeted attacks often start with profiling. The more personal data about you that is floating around online, the easier it is to pick you as a target. Removing data from broker sites and tightening social media privacy settings can lower your visibility.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Pay attention to unusual device behavior

Unexpected crashes, overheating, sudden battery drain or Safari closing on its own can sometimes be warning signs. These do not automatically mean your device is compromised. However, if something feels consistently wrong, updating immediately and resetting the device is a smart move.

Kurt’s key takeaway

Apple has not shared details about who was targeted or how the attacks were delivered. However, the pattern fits closely with past spyware campaigns that focused on journalists, activists, political figures and others of interest to surveillance operators. With these patches, Apple has now fixed seven zero-day vulnerabilities that were exploited in the wild in 2025 alone. That includes flaws disclosed earlier this year and a backported fix in September for older devices.

Have you installed the latest iOS or iPadOS update yet, or are you still putting it off? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

If you’re taking it easy during the slow, in-between week between Christmas and New Year’s, now’s a good time to catch up on deals you might’ve missed. Many of our favorite discounts from the past week are still hanging around, making this an especially convenient moment to shop. Whether you’re eyeing a new phone, gearing up for travel, or just looking to treat yourself before the year wraps up, we’re seeing notable price drops on Google’s Pixel 10 lineup, AirTags, and a wide selection of Nintendo Switch games, along with a handful of other Verge-approved picks worth grabbing now. Here are the best deals worth checking out before the year comes to a close.

Google’s Pixel 10 phones are among the best Android phones you can buy, and this week they’ve dropped to some of their lowest prices yet. Amazon is selling the Pixel 10 for $499 ($300 off) with promo code PIXEL10, marking its second-best price to date. If you want better cameras, Amazon is also offering record-low prices on the Pixel 10 Pro and 6.8-inch Pixel 10 Pro XL, down to $649 ($350 off) and $799 ($400 off), respectively, with the same code.

All three phones support Qi2 wireless charging with built-in magnets and run on Google’s snappy Tensor G5 chip. In her review, The Verge’s Allison Johnson called the Pixel 10 a great, basic Android phone with meaningful upgrades, including a bright 6.3-inch OLED display with a 120Hz refresh rate and up to 3,000 nits of peak brightness. It also adds a dedicated telephoto lens — a first for a non-Pro Pixel — which makes a noticeable difference for portraits.

If you’re aiming for great (not just good) photos, though, the 6.3-inch Pixel 10 Pro or 6.8-inch Pro XL are better picks. Both offer improved main and 48-megapixel ultrawide cameras, and additional AI-powered features like Pro Res Zoom and an upgraded portrait mode. They also come with extra memory for smoother multitasking along with sharper displays.

Anker’s Laptop Power Bank is once again on sale at Amazon and Walmart for $87.99 ($47 off), which matches the record-low price we last saw a month ago. A favorite among Verge staffers, the 25,000mAh / 90Wh power bank features a retractable USB-C cable along with a second built-in USB-C cable that doubles as a handle for easier portability. You also get a handy LCD screen that shows remaining battery life, total power output, and temperature at a glance. It includes a USB-A port and an extra USB-C port as well, letting you charge a MacBook Pro and up to three other devices at the same time. Power output tops out at 165W when charging two devices, or up to 130W with more plugged in — and since it’s carry-on compliant, you can bring the power bank along on flights.

A few more deals we’re digging: