Update your Twitter security keys now, X Warns.

SOPA Images/LightRocket via Getty Images

Given the continuing popularity of Elon Musk’s X social network, and the swathing staffing cuts made when the world’s richest man bought what used to be (and still is in my mind) Twitter, it doesn’t make the cybersecurity headlines as much as you might have thought. With PayPal users currently warned of ongoing attacks, ditto WordPress website owners, and even LastPass password manager customers, all being in the threat actor crosshairs, this is a good thing. However, X users have now been warned that unless they make a change to a legacy Twitter security setting, they will be locked out of their accounts from November 10. Here’s what you need to know.

ForbesAct Now — Microsoft Issues Emergency Windows Update As Attacks BeginBy Davey Winder

The X Safety Team Issues Clarification After Warning Of Twitter Account Lockouts

Whatever you call it, X or Twitter, the social network isn’t immune to security threats. This year alone, I have reported on outages caused by a claimed DDoS attack and a warning for 650 million X users not to change their passwords. Sometimes, though, the perceived security threat comes from inside the building. Such was the case after the X safety team tweeted on October 24: “After November 10, if you haven’t re-enrolled a security key, your account will be locked until you: re-enroll; choose a different 2FA method; or elect not to use 2FA.”

This, rather unsurprisingly if you ask me, created a wave of concern amongst both ordinary users and security experts on the social media platform. One asked whether not using 2FA meant their account would remain active; another asked whether there had been a security breach; and another asked whether this only impacted passkey users?

ForbesGmail Account Lockout Warning — Users Must Check This 1 Setting NowBy Davey Winder

The confusion sat with X warning that “all accounts that use a security key as their two-factor authentication method to re-enroll their key to continue accessing X,” and adding that users could “re-enroll your existing security key, or enroll a new one.” A typical example of someone who knows what they are talking about but not how to communicate that in such a way to people who do not. Translating tech-speak into ordinary language is an essential skill and one that the X safety team appears to have misplaced on this occasion.

What X should have said, and ended up being forced into actually saying a day later, was: “To clarify: this change is not related to any security concern, and only impacts Yubikeys and passkeys – not other 2FA methods (such as authenticator apps). Security keys enrolled as a 2FA method are currently tied to the twitter.com domain. Re-enrolling your security key will associate them with x.com, allowing us to retire the Twitter domain. If this relates to you, you’ll be prompted automatically to re-enroll.”

ForbesOrganizations Can’t Deploy Passwordless, Declare Victory And Walk AwayBy Davey Winder

Google’s Pixel 10 series could soon receive a major performance boost thanks to a newly-released GPU driver.

dpa/picture alliance via Getty Images

Key Takeaways

• Some Pixel 10 users have reported underperforming graphics and battery life.
• Google has confirmed it will release driver updates, potentially addressing these issues and unlocking the Pixel 10’s full potential.
• A new GPU driver update (version 25.2) is available that Google could deploy for significantly improved performance.

October 26 Update Below: A driver update may be essential for security reasons. This article was originally published on October 24

The Pixel 10 could soon receive a significant boost in performance, and potentially battery life, thanks to an upcoming graphics driver upgrade.

Reports indicate that the Pixel 10 series currently underperforms in graphics performance, notably scoring lower than the Pixel 9 Pro in some benchmark tests. The Pixel 10 series uses a PowerVR DXT-48-1536 GPU from Imagination Technologies, rather than the ARM Mali component found in previous models, which has led to complaints of poor performance, especially when playing popular, graphically intensive games such as Genshin Impact, and reduced battery life during video playback in apps like Netflix.

A primary cause of these performance issues appears to be an outdated GPU driver. The Pixel 10 shipped with driver version 24.3, lacking key features and optimizations necessary for the new GPU to reach its full potential. While it’s not unusual for a smartphone to ship with slightly older drivers, the switch from Mail to PowerVR appears to have exacerbated the issue.

A New GPU Driver Is Already Available

Fortunately, Imagination Technologies has since released driver version 25.2, adding official support for Android 16, along with significant performance enhancements, including support for the latest Vulkan 1.4 specification. That means this particular update could greatly benefit Pixel 10 users, and early indications suggest Google will most likely implement it.

A Google representative recently confirmed to Android Authority that the company plans to continue releasing GPU driver improvements in its regular system updates.

“We are continuing to improve driver quality in our monthly and quarterly system updates. For example, the most recent September and October patch releases included driver improvements. In future releases we are planning further GPU driver updates.”

Google has a strong track record in this area, having delivered a significant GPU performance boost for Pixel 8 Pro users in its December 2023 update, and several generations of Pixel smartphones received performance gains thanks to an updated GPU driver in the March 2025 Feature Drop. However, Google’s statement stops short of any commitment to any specific driver versions or performance benefits for the Pixel 10 range.

Google Pixel 10: Performance Upgrades Are Likely

If this pattern continues, Pixel 10 users can expect significant performance gains with future driver updates. Given that the new driver is already available from Imagination Technologies, we can hope it arrives sooner rather than later. For those currently experiencing graphics performance issues, a fix appears to be on the horizon.

October 26 Update: Existing vulnerabilities make a driver update extremely likely.

Driver updates typically offer not only performance improvements but also essential security patches, increasing the urgency of releasing updates.

The Pixel 10’s GPU driver is vulnerable, putting additional pressure on Google to provide an update.

According to Imagination Technologies’ published GPU Driver Vulnerabilities list, versions of the PowerVR GPU driver, up to and including version 24.3, currently deployed in the Pixel 10 series, contain critical vulnerabilities that could result in system instability, reboots and non-privileged access to secure data.

Addressing these vulnerabilities will be a high priority for Google, making a driver update urgent. Imagination Technologies doesn’t appear to have released any driver updates between versions 24.3 and 25.1, which fixes all of the listed vulnerabilities and adds most of the improvements listed in this article.

This means Google’s next Pixel 10 GPU driver update will likely be to least version 25.1, if not the latest version 25.2 released to partners on Oct 8. Pixel 10 Users can therefore expect significant improvements in performance, reliability and security once Google releases this update.

Follow @paul_monckton on Instagram.

ForbesNano Banana AI Image Editing Comes To Billions Of Google UsersBy Paul MoncktonForbesGoogle Photos’ New Update Leaves International Users Wanting MoreBy Paul Monckton

Do not pay, do not phone — PayPal attack warning

Getty Images

Updated October 26 with an official statement from PayPal regarding the do-not-pay, do-not-phone hack attack, as well as further advice on how to detect, deflect and deal with such threats.

Gmail users have been warned of a surge in image-based attacks, TikTok users are facing a VIP upgrade offer threat, and Lastpass has urged users not to change their master passwords as a you’ve been hacked email circulates. Now, security experts at KnowBe4 have issued a warning for PayPal users as cybercriminals use a genuine PayPal email address to send an invoice. Paypal itself has responded to this attack with a ‘do not pay, do not phone’ warning. Here’s everything you need to know about the latest scam that could prove costly if you don’t follow the advice given.

ForbesAct Now — Microsoft Issues Emergency Windows Update As Attacks BeginBy Davey Winder

PayPal Invoice Attack — What You Need To Know

The latest PayPal attack warning dropped into my email from the folks at KnowBe4 this week, informing me to be aware of a scam that purports to be from PayPal and is even delivered from a genuine PayPal email address. “You receive an email from a real PayPal email address,” the email warned, which “contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge.”

This may well sound familiar, not least as this type of TOAD attack is something I have detailed before. A Telephone-Oriented Attack Delivery threat usually contains a PDF invoice or other seemingly official document, along with messaging that uses urgency and fear of financial loss to persuade victims to call an adversary-controlled phone number.

Indeed, the actual PayPal version of the TOAD attack is not new either. I have warned again and again of the dangers of this scam. But nevertheless, it would appear, the very same attack is doing the rounds once more.

ForbesLastPass Warns ‘Are You Dead?’ Master Password Hack Attacks OngoingBy Davey Winder

“Cybercriminals create a PayPal account and use it to send you a fake payment invoice,” KnowBe4 warned, “the email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal’s support team.” Instead, you get through to a threat actor impersonating a PayPal support worker but whose aim is to relieve you of your credit card details in order to refund you, or even ask for a fee to fix your ‘hacked’ account.

Scammers can “send fraudulent invoices, send fake messages using the involved messaging services, and even insert fake messages in the company’s ‘refund’ feature,” Roger Grimes, KnowBe4’s CISO advisor, said. “This particular scam, involving PayPal, has been around for many years as well. I’m not sure why PayPal isn’t better at detecting and blocking them,” Grimes concluded.

PayPal Responds To The Do Not Pay Attack Warning

Of course, it’s important to remember that such phishing attacks are not unique to PayPal, with many well-known brands targeted by attackers. Although security protections won’t save you from this PayPal attack, as they cannot detect the email as fake, because it isn’t, as far as the origin is concerned, you, as a human being, should be able to save yourself. The hackers still have to phish you, after all. The advice is clear: anyone receiving an unexpected or suspicious invoice or payment request, whether it appears to be from PayPal or another service, should not pay it or respond to it. PayPal tells me it is responding to the continual evolution of scamming tactics and methods, taking all the necessary steps to protect customers. These include a combination of manual investigations and technology to prevent fraud, including taking proactive actions like limiting scam accounts or declining risky transactions. But remember, be careful out there.

Furthermore, PayPal warns customers not to call any phone number, open any attachments or click on any links contained within “suspicious invoices or money request messages.”

Checking your PayPal account directly, not using any links in an email or document you have been sent, to look for suspicious transactions of the type that such phishing campaigns claim, is highly recommended, as this can stop you going any further before you even start.

ForbesSecure Your WordPress Website Now — 8.7 Million Attacks In 48 HoursBy Davey Winder

If you think you may have already been tricked into doing so, and have shared any personal information or account details, then it’s of the utmost importance that you change your PayPal password immediately. If you use this password for any other accounts, and please, please, please do not do that, as it expands your attack surface enormously for obvious reasons, then you must change those as well. Just make sure to use something unique and strong. A password manager is your friend here, as it makes the process of creating and using complex and random passwords, unique to each and every account and service, easy peasy. Enabling two-factor authentication shouldn’t be something that you need reminding of, but I will anyway: so do it if you haven’t already. Better still, switch to using a passkey if the option is available. PayPal also advised that in such circumstances, customers should contact both PayPal itself and the financial institutions concerned.

PayPal has said that it partners with leading consumer protection institutions, such as the Better Business Bureau, American Association of Retired Persons, Federal Trade Commission and the Aspen Institute. PayPal has also launched a Smarter Than Scams campaign with the Financial Technology Association to raise awareness of the latest common fraud trends. I highly recommend taking a look at the PayPal anti-scam resources, even if you think you already know how to spot one.

I approached PayPal for a statement, and a spokesperson told me: “We do not tolerate fraudulent activity on our platform and our teams work tirelessly to protect our customers. We are aware of this phishing scam and encourage people to always be vigilant online and mindful of unexpected messages. If customers suspect they are a target of a scam, we recommend they contact Customer Support directly through the PayPal app or our Contact page for assistance.”

ForbesAct Now — Google Issues New Emergency Update For 3 Billion Chrome UsersBy Davey Winder