When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed

With its first gameplay reveal during this year's Day of the Devs, indie developer Something We Made finally showed off the sequel to their inaugural title TOEM: A Photo Adventure from 2021. This charming photography adventure brought an easygoing monochrome adventure to hundreds of fans and left us wanting more. TOEM 2 opens with the same plucky character from the first title dropped into the world with little more than ambition and a trusty camera. While the first game focused on ascending the TOEM mountain, I didn't catch nary a whiff of the actual motivations and reasoning for the journey this time around. Instead, I was given free reign to meander around the idyllic village and solve a variety of problems for the townsfolk, from trying to retrieve a potion of liquid courage for a scaredy-cat knight to taking photos of three goats in order to permit a bridge troll to let me pass. In my twenty or so minutes of play, I was able to help solve the small-scale problems of four individuals and be rewarded with a stamp for my collection each time. The camera remains the player's best tool in the world of TOEM 2 with players not only able to use their photography skills to solve the plights of the ordinary person, but also a variety of attachments to use as tools in your adventure. The very first unlockable upgrade I earned for my camera was a hammer upgrade that let me smash through select stone blocks that hindered my progression. Using the hammer is just like the other attachments from the first TOEM: simply point and shoot (or in this case, tap on the rocks). It took a moment to realize that there's a small minigame to using the hammer with players having to tap out morse code with short and long taps in order to break those rocks. 2 of 9 One puzzle I encountered was take a 3x3 cube of blocks and chisel away to make a matching sculpture to the quest giver. Rather than trying to memorize the layout or run back and forth between the source sculpture and what I was crafting, I stopped to take photos of each side of the cube and use those to remember the requested shape. The developers from Something We Made seemed surprised that this was a valid solution to their puzzle and it was nice to see the camera being used as a note taking device as well as the tool you'll use to take pictures of every animal around the landscape. New to TOEM 2 is also the addition of jumping, and in true platformer style, I had to test it out by jumping around on top of any short wall I could find and try to scale up the world. I couldn't find any unintended out-of-bounds areas, but I was at least able to find some climbable areas that would lead to new hats for the playable character. With jumping now on the menu, I wouldn't be surprised if the Honk attachment gets phased out for TOEM 2. Sadly, there's still a fair bit of time before TOEM 2 is ready to be in players' hands. Developer Something We Made and publisher popagenda have penciled in this quaint photographical adventure for 2026 across a slew of unannounced consoles as well as PC. Deal of the Day

Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

ZDNET's key takeaways The Eufy E28 robot vacuum, mop, and spot cleaner combination is available for $999.The mop performs better than more expensive flagships, and the water tank system doubles as a portable spot cleaner with a self-cleaning hose.Unplugging the spot cleaner also unplugs the charging station, and the spot cleaner requires you to brush it to scrub. more buying choices The Eufy E28 Omni robot vacuum and mop just hit its lowest price ever at $850, a total of $450 off with an on-page Amazon coupon.Robot vacuum manufacturers are constantly trying to outdo one another. One company develops a detachable cordless vacuum for the robot's dock, and the next makes the robot's dustbin a detachable cordless vacuum. Now, Eufy is upping the ante with the first robot vacuum to also have a detachable spot cleaner for carpet and upholstery. Also: Finally, I found a robot and handheld vacuum combo that's ideal for apartment dwellersThe Eufy Omni E28 is a robot vacuum and mop with a portable spot cleaner for carpets and upholstery. You can run your robot vacuum as you would any other, but you can also pick up the top with a built-in retractable handle and do some deep cleaning on carpets, rugs, or upholstery. I've been testing this robot vacuum over the past couple of weeks, and I'm happy to report on its performance.  details View at Amazon Essentially, the deep cleaner you carry is the Omni station's clean and dirty water tank, so it's where the robot autonomously sources clean water for its mop when it's at the dock. The deep cleaner has a handle for spot-cleaning with a hose, so you can set it down near where you want to clean and plug it in without holding it as you clean. Aside from detachable cordless vacuums, a mop roller system is another big thing for robot vacuums; many makers, including SwitchBot, Yeedi, and Ecovacs, are moving away from detachable rotating mop pads and using mop rollers instead. Eufy's also done this before with the flagship S1 Pro.  Maria Diaz/ZDNETThe Omni E28 also has a mop roller, which looks similar to the S1 Pro but not identical. The Eufy Omni S1 Pro is unequivocally the best mopping robot vacuum I've ever tested, so I was excited to test the new Omni E28, which features a very similar system. Thankfully, the Omni E28 didn't disappoint. The large mop roller covers the length of the vacuum's width and leaves no streaks behind during mopping. Streaky floors are one of my biggest pet peeves when testing robot vacuum and mop combinations, and they're a more common occurrence than I'd like. Also: My favorite indoor security camera has no subscription fees and is on sale right nowEufy is also launching an E25 robot vacuum, which features the same HydroJet self-cleaning mop system as the E28. The robot's mop roller is continuously scraped clean as it spins, and it keeps clean and dirty water in separate tanks within its body, so it only mops with clean water. The mop also exerts more downward pressure to ensure deep cleaning than the S1 Pro, with 1.5kg (3.3 lbs) instead of 1kg.  Maria Diaz/ZDNETHowever, continuously spraying the roller with clean water inside the robot keeps it moist. Scraping off the dirt and wringing out the dirty water as the roller spins ensures your floors are clean instead of streaky or filmy. The Eufy Omni E28, like the S1 Pro, is the closest thing to a manual mopping result you can get from a robot vacuum and mop. Also: I love a vacuum and mop to clean dry and wet messes, especially when it's on saleThe E28 and E25 robot vacuums have 20,000Pa of suction power and anti-tangle technology, including a DuoSpiral double roller brush to remove pet hair and avoid entanglements. The robots are self-emptying robot vacuums with a self-washing mop roller. The only difference is the portable spot cleaner, which only the E28 has. The Eufy Omni E28 robot vacuum and mop has dual brush rollers and a roller mop. Maria Diaz/ZDNETThe spot cleaner proved to be very effective. It's heavy, like most spot cleaners when full of water, but it has a retractable handle on top that makes it easy to carry around. You also don't have to press any buttons or move anything to release it; just unplug it, pull the retractable handle, and go. I didn't like that the spot cleaner powers the base station, so if you take it somewhere else in your home to clean, the robot's charging station is left without power until you return it. This is fine for quick cleanups, but it can be annoying when a forgetful house member takes the spot cleaner upstairs and leaves it in a room for two days after they're done (totally not me). Also: This simple Amazon tablet became one of my biggest smart home upgrades yet (and it's on sale)The spot cleaner has a self-cleaning hose attached, but no other attachments. The hose ends in a static brush head that sprays clean water, which you use to clean messes on soft surfaces, like carpets, rugs, and upholstery. Since it isn't motorized, you must manually brush the rug or fabric with the brush head to scrub it clean. Once you're done, you just have to press a button along one end of the brush head to make the spot cleaner cycle clean water through the hose without spilling, cleaning the hose for you.  These pictures were taken three minutes apart. The left (before) shows yogurt stains on an ottoman. I sprayed a liquid spot cleaner and went over it with the brush and water; the results are on the right (after). Maria Diaz/ZDNETThere's no separate detergent tank for the spot cleaner, though you could add some detergent directly into the clean water tank. I recommend using just water in the clean water tank and spraying your preferred carpet or upholstery cleaning solution directly on the stains to pre-treat them. You can then scrub the mess clean with the Eufy E28 brush and rinse out the detergent. ZDNET's buying adviceThe Eufy Omni E28 is designed to solve a big problem for many US customers: the need for regular floor cleanings and the ability to quickly clean up messes on soft surfaces in a single device. This device isn't meant to replace your existing carpet cleaner, but it's perfect for consumers who may need a spot cleaner and are also in the market for one of the best robot vacuum and mops available.Also: Spring cleaning takes me no time with my favorite smart home devicesI'm not a fan of fully carpeted living spaces, but my home has carpeted bedrooms, one of which we use as our TV room. With three young kids who have movie nights and play time in that TV room, its carpet unfortunately sees a lot of spills. I was in the market for a spot cleaner for a while, but decided to buy a full carpet cleaner instead, which I use to clean our carpets at least once every quarter.  The E28 cleaned up the soy sauce stains comparably to the larger carpet cleaner. Maria Diaz/ZDNETBut there are always little messes in between -- whether it's spilled ketchup on the carpet, a muddy shoeprint on the entryway rug, or yogurt on the fabric ottoman. So I appreciate having the Eufy Omni E28's spot cleaner always handy. Instead of dragging out a heavy carpet cleaning machine and filling it with water to clean a 6-inch in diameter spill, I can just unplug and grab the E28, clean the mess, and return it to the dock with little work on my end. It's also priced quite well for a first-of-its-kind device with a flagship-level robot vacuum and mop. The Eufy Omni E28 robot vacuum, mop, and spot cleaning combination is now available on Eufy's website and Amazon for $1,000. The Eufy E25 robot vacuum and mop without the spot cleaner will be available in June for $900. When will this deal expire? While many sales events feature deals for a specific length of time, deals are on a limited-time basis, making them subject to expire at any time. ZDNET remains committed to finding, sharing, and updating the best offers to help you maximize your savings so you can feel as confident in your purchases as we feel in our recommendations. Our ZDNET team of experts constantly monitors the deals we feature to keep our stories up-to-date. If you missed out on this deal, don't worry -- we're always sourcing new savings opportunities at ZDNET.com. Show more Featured

Call of Duty Season 4 is live in Warzone. The big update brings map changes to Verdansk, new modes, and more weapons to unlock. Season 4 shakes up the weapon meta for battle royale, so we have some new loadout recommendations for you to consider for your next match of Warzone.The Season 4 battle pass adds the new LC10 submachine gun and the FFAR1 assault rifle, and both are powerful options featured in our recommended gun builds listed below. Other weapons will arrive later in the season, and here we highlight all of Season 4's weapons and how to unlock them.Season 4 added the Overlook POI for Verdansk, and we have a full guide on how to complete the Overlook's Safe Room Easter egg. For more details about the latest update, make sure to check out the Season 4 patch notes for all the major changes in Warzone and Black Ops 6. FFAR1Season 4's new FFAR1 is a great choice for Warzone. This is an assault rifle with a very fast fire rate, but the recommended attachments will help with handling the gun's recoil. You'll also want an optic equipped, as the FFAR1's iron sights are pretty bulky and distracting. This gun is great for long-range fights or it can be used as a sniper support weapon.Recommended FFAR1 attachments:Optic: Volzhskiy ReflexMuzzle: CompensatorBarrel: Gain-Twist BarrelUnderbarrel: Vertical ForegripMagazine: Extended Mag II Krig CThe Krig C is one of the best assault rifle choices for long-range combat. This doesn't quite pack the impressive fire rate of the FFAR1, but this is a powerful and easy-to-handle assault rifle. The recommended attachments will help boost the bullet velocity and improve the gun's handling.Recommended Krig C attachments:Optic: Volzhskiy Reflex or Jason Armory 2xMuzzle: CompensatorBarrel: Gain-Twist BarrelUnderbarrel: Vertical ForegripMagazine: Extended Mag II Swat 5.56 (Grau conversion)The Swat 5.56 is still a solid choice for Warzone when using the Grau conversion-kit attachment, which transforms this gun into the fully-auto Grau 5.56 assault rifle from Modern Warfare 2019. With our recommended attachments, this gun has a very fast time-to-kill and very little recoil.Recommended Swat 5.56 attachments:Muzzle: Monolithic SuppressorUnderbarrel: Vertical ForegripMagazine: Full-Auto Extended MagRear Grip: Commando GripFire Mod: Grau Conversion LC10Season 4's new LC10 submachine gun is one of the most powerful choices for close-range combat in Warzone. This weapon is easy to use and boasts a fast time-to-kill. The recommended attachments will boost the gun's damage range and help reduce the recoil.Recommended LC10 attachments:Muzzle: CompensatorBarrel: Long BarrelUnderbarrel: Ranger ForegripMagazine: Extended Mag IIStock: Balanced Stock C9If you don't have the LC10 unlocked yet, the C9 submachine gun is the next best choice for close-range fights. This is a versatile and easy-to-handle weapon, and it's a solid choice for sniper support. The recommended attachments will give you more recoil control, extra bullet velocity, and additional ammo.Recommended C9 attachments:Muzzle: CompensatorBarrel: Reinforced BarrelUnderbarrel: Vertical ForegripMagazine: Extended Mag IIRear Grip: Commando Grip LadraAnother choice for close-range fights is Season 3's Ladra submachine gun. If you missed out on unlocking this weapon through the High Art event, it will be available to unlock by selecting it as an Armory challenge. The recommended attachments will boost the gun's damage range and help reduce the recoil.Recommended Ladra attachments:Muzzle: CompensatorBarrel: Long BarrelUnderbarrel: Vertical ForegripMagazine: Extended Mag IStock: Balanced Stock HDRThe HDR is the best sniper rifle for those long-range engagements across Verdansk. The recommended attachments will help boost the bullet velocity and damage range, making this a one-shot sniper at infinite range. For sniping on Rebirth Island, you can always go for the Kar98k listed below, if you want a lighter and more aggressive sniper option.Recommended HDR attachments:Muzzle: Monolithic SuppressorBarrel: Gain-Twist BarrelUnderbarrel: Lightweight BipodRear Grip: Quickdraw GripFire Mod: 108MM Overpressured Kar98kThe Kar98k marksman rifle is a solid choice for those looking for a faster and more aggressive sniper. This won't get you one-shot potential at infinite range, but this is still a great build for aggressive snipers not looking to challenge players across a massive map like Verdansk.Recommended Kar98k attachments:Optic: Range Caller V3.4Muzzle: VT-7 Spiritfire SuppressorBarrel: Prazisionsgewehr 762 Long BarrelSling: Recon SlingAmmunition: 7.92x57MM High Grain Rounds

Published May 31, 2025 10:00am EDT close iPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' Data breaches are no longer rare events but a persistent problem. We’ve been seeing regular incidents at public-facing companies across various sectors, including healthcare, retail and finance. While bad actors are certainly to blame, these corporations aren’t entirely without fault. They often make it easy for hackers to access user data by failing to protect it properly. A recent example came to light when a cybersecurity researcher discovered an open database containing over 184 million account credentials. Illustration of a hacker at work. (Kurt "CyberGuy" Knutsson)How the database was uncovered and what it containedCybersecurity researcher Jeremiah Fowler has revealed the existence of an open database that contains 184,162,718 million account credentials. These include email addresses, passwords, usernames and URLs for platforms such as Google, Microsoft, Apple, Facebook and Snapchat. The information also covers banking services, medical platforms and government accounts. Most shockingly, the entire dataset was left completely unsecured. There was no encryption, no authentication required and no form of access control. It was simply a plain text file sitting online for anyone to find.19 BILLION PASSWORDS HAVE LEAKED ONLINE: HOW TO PROTECT YOURSELFFowler located the database during routine scanning of publicly exposed assets. What he found was staggering. The file included hundreds of millions of unique records containing user credentials linked to the world’s largest technology and communication platforms. There were also account details for financial services and official portals used by state institutions.The file was not protected in any way. Anyone who discovered the link could open it in a browser and instantly view sensitive personal data. No software exploit was needed. No password was asked for. It was as open as a public document. Illustration of a hacker at work. (Kurt "CyberGuy" Knutsson)Where did the data come fromFowler believes the data was harvested using an infostealer. These lightweight tools are favored by cybercriminals for their ability to silently extract login credentials and other private information from compromised devices. Once stolen, the data is often sold on dark web forums or used in targeted attacks.After reporting the breach, the hosting provider quickly removed access to the file. However, the owner of the database remains unknown. The provider did not disclose who uploaded it or whether the database was part of a legitimate archive that was accidentally published. Fowler could not determine whether this was the result of negligence or an operation with malicious intent.To verify the data, Fowler contacted some individuals listed in the records. Several confirmed that the information was accurate. This confirmation turns what might seem like abstract statistics into something very real. These were not outdated or irrelevant details. These were live credentials that could allow anyone to hijack personal accounts in seconds.1.7 BILLION PASSWORDS LEAKED ON DARK WEB AND WHY YOURS IS AT RISK Login on a tablet. (Kurt "CyberGuy" Knutsson)6 ways to protect yourself after a data breach1. Change your password on every platform: If your login credentials have been exposed, it’s not enough to change the password on just one account. Cybercriminals often try the same combinations across multiple platforms, hoping to gain access through reused credentials. Start by updating your most critical accounts, email, banking, cloud storage and social media, then move on to others. Use a new, unique password for each platform and avoid variations of old passwords, as they can still be predictable. Consider using a password manager to generate and store complex passwords. Our top-rated password manager delivers powerful protection to help keep your accounts secure. It features real-time data breach monitoring to alert you if your login details have been exposed, plus a built-in data breach scanner that checks your saved emails, passwords and credit card information against known leak databases. A password health checker also highlights weak, reused or compromised passwords so you can strengthen your online defenses with just a few clicks. Get more details about my best expert-reviewed Password Managers of 2025 here.2. Enable two-factor authentication: Two-factor authentication, or 2FA, is a critical security feature that drastically reduces the risk of unauthorized access. Even if someone has your password, they won’t be able to log in without the second verification step, usually a one-time code sent to your phone or an authenticator app. Enable 2FA on all services that support it, especially your email, financial accounts and any service that stores sensitive personal data.3. Watch for unusual account activity: After a breach, it’s common for compromised accounts to be used for spam, scams, or identity theft. Pay close attention to signs such as login attempts from unfamiliar locations, password reset requests you didn’t initiate or unexpected messages sent from your accounts. Most platforms allow you to review login history and connected devices. If you see something off, take action immediately by changing your password and revoking suspicious sessions.4. Invest in personal data removal services: You should also consider a data removal service. Given the scale and frequency of breaches like the one described above, relying on personal caution alone is no longer enough. Automated data removal services can provide an essential extra layer of defense by continuously scanning for and helping eliminate your exposed information from data broker sites and other online sources. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web.5. Avoid clicking on suspicious links and use strong antivirus software: One of the most common post-breach threats is phishing. Cybercriminals often use information from leaked databases to craft convincing emails that urge you to verify your account or reset your password. Never click on links or download attachments from unknown or suspicious sources. Instead, visit websites by typing the URL directly into your browser. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.6. Keep your software and devices up to date: Many cyberattacks exploit known vulnerabilities in outdated software. Operating systems, browsers, antivirus programs and even apps need to be updated regularly to patch security flaws. Turn on automatic updates wherever possible so you’re protected as soon as fixes are released. Staying current with your software is one of the easiest and most effective ways to block malware, ransomware and spyware from infiltrating your system. Kurt’s key takeawaySecurity is not only the responsibility of companies and hosting providers. Users need to adopt better practices, including unique passwords, multifactor authentication and regular reviews of their digital footprint. The careless exposure of over 184 million credentials is not just a mistake. It is an example of how fragile our systems remain when even basic protection is absent. In an era where artificial intelligence, quantum computing, and global connectivity are reshaping technology, it is unacceptable that plain text files containing financial and governmental credentials are still left sitting online.CLICK HERE TO GET THE FOX NEWS APPDo you feel that companies are doing enough to protect your data from hackers and other cyber threats? Let us know by writing us atCyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Navigating city streets by bicycle is an experience that blends independence, speed, and a closer connection to your surroundings. Yet, cycling in the urban landscape also means dealing with shifting weather, crowded roads, and the need to carry essentials in a way that doesn’t slow you down. Every ride calls for a careful balance of safety and convenience—whether you’re commuting to work, running errands, or simply exploring the city’s neighborhoods. Urban cyclists know that the right accessories can make all the difference. A secure lock offers peace of mind at every stop, while smart lights and protective gear boost visibility and confidence among traffic. The challenge of unpredictable rain or the need to carry bulky items can turn a simple trip into a logistical headache without the right solutions. Today’s innovative cycling accessories are designed to meet these demands, combining clever engineering with practical features to support every aspect of city riding. We have curated ten excellent products designed for cyclists who want to ride smarter, safer, and more comfortably in the city. 1. Omnilock The Omnilock is a three-in-one accessory that acts as a heavy-duty bike lock, a bright taillight, and a portable tire inflator. Its integrated design means fewer separate gadgets to carry, making commuting more streamlined and convenient. The taillight increases visibility in low light, while the lock’s sturdy construction helps keep your bike secure at public racks or in urban parking spots. Urban cyclists benefit from knowing they have essential safety and emergency features always at hand. The tire inflator is built directly into the device, so unexpected flats can be handled on the go. Combining these tools into one compact accessory saves space in your bag and reduces the risk of forgetting a critical item during busy daily routines. What we like Combines lock, light, and inflator. Improves night visibility and security. What we dislike Heavier than standard locks. Not as compact as basic alternatives. 2. Sherman Bike Backpack This bike backpack features a flexible tri-fold design with open sides, allowing you to carry large or irregularly shaped objects, like spare tires or boxes, that wouldn’t fit in traditional bags. Adjustable straps help secure oversized items, and the backpack adapts to different cargo shapes, making it ideal for city errands or racing support. It is great for urban cyclists, as it offers the freedom to carry whatever the day demands, from groceries and packages to cycling essentials. Its adaptable structure means fewer limitations, supporting spontaneous trips and unexpected needs. The open sides add versatility, while the overall design keeps your load steady and easy to manage on busy city streets. What we like Fits oversized and odd-shaped items. Adjustable, adaptable design. What we dislike Less protection from rain or dust. It can be awkward with heavy loads. 3. BellBeats BellBeats is a digital bike bell that doubles as a Bluetooth speaker, mounting easily to your handlebars. It delivers clear, customizable alert tones for safety and can stream music, navigation, or calls from your phone. Its compact design keeps your cockpit tidy, while the rechargeable battery ensures consistent performance on daily rides. BellBeats makes it easy for cyclists to alert pedestrians and vehicles, even in noisy city environments. The ability to switch between bell functions and speaker mode adds convenience, letting you stay aware of traffic or enjoy entertainment without removing your hands from the bars. It’s a smart solution for both safety and enjoyment in the city. What we like Dual function as a bell and a speaker. Customizable tones for alerts. What we dislike Needs regular charging. Music quality is basic. 4. vabsRider Bicycle Saddle The vabsRider saddle features a split, movable seat design that adapts to your pedaling motion. This dynamic movement reduces pressure on sensitive areas and aims to prevent soreness, allowing for longer, more comfortable rides. The saddle’s engineering helps distribute weight more evenly, supporting healthy posture and reducing fatigue. Urban cyclists are offered increased comfort, especially on longer commutes or frequent rides. The unique design helps alleviate the discomfort that can come from traditional saddles, making daily cycling a more inviting option. With less pain and better support, city riders can focus on navigating traffic and enjoying their journey. What we like Reduces pressure and soreness. Moves with the rider for comfort. What we dislike Unusual feel at first use. May not fit all seat posts. 5. Flitedeck Flitedeck is a carbon fiber smart handlebar that integrates a touchscreen, built-in headlight, and wireless connectivity (Bluetooth, ANT+, WiFi, 5G) into one cockpit. The system provides instant access to navigation, performance data, and lighting, all without cluttering the handlebars with separate devices. Its carbon construction keeps it lightweight and sleek. It is important for cyclists to have all essential controls and information in one place since it increases both safety and convenience. This integration helps reduce distractions, letting you focus on the road. Real-time data and built-in lighting make city rides easier to manage, especially when navigating unpredictable traffic or dimly lit streets. What we like Integrated touchscreen, lights, and connectivity. Streamlined, lightweight design. What we dislike Heavier than non-digital bars. Advanced setup required. 6. STAN Airbag The STAN Airbag backpack deploys an airbag in 0.1 seconds during a crash, protecting your head, neck, chest, and back. The backpack includes an integrated back protector, offering added safety even without airbag deployment. The system is rechargeable and designed for everyday use, making it a practical upgrade for regular city cycling. For urban cyclists, this backpack brings peace of mind on unpredictable streets. The rapid-deploy airbag provides an extra layer of safety beyond a helmet, while the back protector helps shield against impacts. It’s a valuable choice for riders who prioritize safety on busy or high-risk commutes. What we like Fast-deploying airbag protection. Extra back protection is built in. What we dislike Heavier than standard backpacks. Needs regular charging and checks. 7. Soft Top Cover The Soft Top Cover is a bike-mounted rain and wind shield that attaches quickly to most handlebars. It keeps your upper body, legs, and shoes dry without the need for rain gear. The cover tracks with your steering, is lightweight, and can be easily installed or removed for convenience. Urban cyclists benefit by staying dry and visible in wet weather, turning rainy commutes into manageable rides. The cover’s design is streamlined to reduce wind resistance, and its compactness allows easy storage when not in use. It eliminates the hassle of changing clothes or carrying extra rain gear for city trips. What we like Full-body rain and wind protection. Easy installation and removal. What we dislike Not as compact as a poncho. It can be awkward in strong crosswinds. 8. Aerohead II Helmet The Aerohead II Helmet stands out with its aerodynamic, elongated shape and full wraparound visor. Its design reduces wind resistance and protects your eyes from the sun, dust, and debris. The helmet meets strict safety standards and is built for both speed and protection, with ample internal padding for comfort. Urban cyclists gain the advantage of improved safety and efficiency, particularly on fast commutes or when sharing busy roads with vehicles. The extended visor enhances field of vision and shields you from the elements, while the helmet’s streamlined profile helps reduce drag, even in stop-and-go city traffic. What we like Aerodynamic and protective design. Extended visor for sun and debris. What we dislike Bulky for casual use. A distinctive look may not suit everyone. 9. AirBell The AirBell is a discreet bicycle bell that doubles as an anti-theft device by hiding an Apple AirTag inside. Its universal design fits standard handlebars and is easy to install, requiring just a single screw. The bell itself is made from aluminum for a classic, clear ring, while the rugged clamp uses fiber-reinforced plastic for added durability. The hidden compartment keeps your AirTag out of sight, adding a layer of security without drawing attention. The AirBell offers peace of mind and real-time tracking to cyclists, making it easier to locate your bike if it’s lost or stolen in a crowded city. The ability to use Apple’s Find My network gives riders a modern solution to bike theft, all while maintaining the bell’s core function for safety. The compact, affordable design makes it a practical upgrade for anyone who wants to protect their ride without extra bulk. What we like Discreet AirTag holder for tracking. Simple installation and universal fit. What we dislike Only works with Apple AirTag. Bell sound may be quieter than larger bells. 10. The LIVALL LTSW21 The LIVALL LTS21 wireless earphones are purpose-built for cyclists, featuring an open-ear design that preserves situational awareness while you ride. Unlike traditional earbuds, the LTS21 can be used with most cycling helmets thanks to modular attachments, including a secure sports band and a unique helmet bracket that mounts the earphones directly to your helmet. This setup ensures the earphones stay in place whether you’re riding, running, or working out. It offers urban cyclists the ability to listen to music, podcasts, or take calls without blocking out essential city sounds like car horns, traffic, or warnings from other riders. The open-ear design prioritizes safety, while the hands-free features support convenient communication on the go. Riders can interact with voice assistants and remain connected, all without compromising awareness on busy city streets. What we like Open-ear design maintains situational awareness. Helmet-friendly mounting for secure use. What we dislike Audio quality may not match in-ear earbuds. Open design may let in wind noise at high speeds. The post 10 Best Bike Gear For Urban Cyclists To Boost Safety & Convenience first appeared on Yanko Design.

Pros Supports multiple big radiatorsExcellent dust filtrationSpace for open-loop cooling components Cons Not fully EATX-compliantMidpack thermal performance in our tests MSI MPG Velox 300R Airflow PZ Specs 120mm or 140mm Fan Positions 10 120mm to 200mm Fans Included 3 Dimensions (HWD) 20.6 by 9.3 by 19.5 inches Fan Controller Included? Front Panel Ports HD Audio Front Panel Ports USB 3.2 Gen 1 Type-A (2) Front Panel Ports USB 3.2 Gen 2 Type-C Included Fan Lighting Color Addressable RGB Internal 2.5-Inch Bays 5 Internal 3.5-Inch Bays 2 Internal Chassis Lighting Color None Maximum CPU Cooler Height 165 Maximum GPU Length 400 Motherboard Form Factors Supported ATX Motherboard Form Factors Supported MicroATX Motherboard Form Factors Supported Mini-ITX PCI Expansion Slot Positions 7 Power Supply Form Factor Supported ATX Power Supply Maximum Length 260 Power Supply Mounting Location Bottom Side Window(s)? Yes (Tempered Glass) Weight 23.5 All Specs MSI has built a formidable reputation over the past four decades, beginning with motherboards and working its way through servers and graphics cards before finally becoming a premier laptop manufacturer. Its name is synonymous with shopping for PC components, but its PC cases usually come to mind only when we think of its prebuilt desktop machines. Built from sturdy materials and loaded with popular features, its $149.99 MPG Velox 300R Airflow PZ is designed to leave a more lasting impression. Supporting MSI’s reverse-connector Project Zero motherboards and smartly designed for accommodating a substantive build that’s air- or liquid-cooled, the Velox is a worthy rival to Asus’ TUF Gaming cable-hiding case. PC builders weighing a Project Zero build to minimize visible cabling should shortlist this chassis, though the selection of reverse-connector-compatible PC cases is growing fast.Design: Packing in the Features for Project ZeroWith a sturdy steel structure making up most of its 23.5 pounds of heft, the MPG Velox 300R Airflow PZ is as weighty as its name is long. (We’ll call it“Velox 300R” from here on out.) Its numerous strengths include dust filters that cover every air inlet, giant 160mm ARGB intake fans connected to a factory-installed controller/hub, and even a logo-emblazoned low-restriction faceplate that will probably help make any dust that collects on the filter behind it slightly less noticeable as the PC waits for its next cleaning. A light tint on the 4mm-thick tempered glass side panel makes the black 120mm exhaust fan harder to spot against the case’s black interior. Mounted on four snaps and three guide pins, the faceplate easily pulls away to access the front panel’s plastic-framed nylon-sheet dust filter. Secured with three magnets on each side, the filter pulls easily away from the fans for cleaning.(Credit: Thomas Soderstrom)Though “front-panel” ports and buttons often end up on the top panel of modern cases, the Velox 300R’s placement is somewhat unusual in that it’s a bit farther away from the actual front of the case than on most cases. Lined up along its right edge are a power button with a power-indicator LED window, an LED mode button, a headset (headphone/microphone) combo jack, two USB 3.2 Type-A ports, and a Gen 2x2 Type-C port. Unfortunately, there’s no reset button or drive-activity light.(Credit: Thomas Soderstrom)The rear panel features the only Velox 300R vents that aren’t covered in dust filters, though that’s okay; these should probably be viewed as exhaust vents that flow filtered air from those big front-panel fans. We also see the ATX standard’s seven expansion slots, a 120mm exhaust fan screwed onto slots that allow a little vertical adjustment, a power supply mount with two sets of holes to allow inverted mounting, and two vertical vent sections running up the forward and rear portions of the right side panel.The expansion-slot panel is inset, which simplifies graphics card installation. (In short: There's no interference between the card bracket and the clearance area above the screws, as there sometimes is with cheaper cases with non-inset panels.) (Credit: Thomas Soderstrom)A long dust filter that covers most of the bottom panel slides out the back of the case from beneath the power supply bay.(Credit: Thomas Soderstrom)The top panel and two long side panel vents are each covered internally with a perforated metal filter sheet, each of which uses magnetic tape around its periphery to stick to the steel panel.(Credit: Thomas Soderstrom)The Velox 300R’s top panel is designed to hold a 360mm-format radiator up to 420mm long. (The radiator will have around 57mm of clearance above the motherboard’s top edge.) The Velox 300R’s top panel also includes a second set of mounting slots to enable three 140mm fans to be placed there instead.From this angle, we can also see that the power supply cover has two 120mm fan mounts, that an adjustable card brace is attached slightly forward of the power supply cover, and that a removable multi-purpose bracket is factory-mounted to the 120mm fan location at the front of the case’s bottom panel. The bracket is drilled to hold a single 3.5-inch or 2.5-inch drive, as well as a variety of open-loop liquid-cooling pump/reservoir combos.(Credit: Thomas Soderstrom)Like the multifunction bracket that sits in front of it, the outer three-quarters of the power supply cover is removable. That fact eased the installation and removal of modular cables on our power supply.(Credit: Thomas Soderstrom)The Velox 300R’s motherboard tray includes several extra pass-through holes designed to fit the connector locations of MSI’s Project Zero motherboards, but they are not excluded, in any way we can see, from otherwise supporting its largest competitor’s rear-facing-connector design, Asus BTF. A side mount that can hold up to three 120mm fans and/or 360mm-format radiators up to 440mm long is offset an inch behind the motherboard tray, so that a fan up to 38mm thick could fit behind an EATX motherboard if we add the length of the standoffs to that thickness. We wouldn’t call the Velox an EATX case, because it has no mechanical support to hold 13-inch-long boards, but some slightly bigger-than-ATX boards will fit without requiring such supports.(Credit: Thomas Soderstrom)Behind the Velox 300R’s motherboard tray are its ARGB controller/fan hub and two drive trays. (Note that we also pulled the face panel off for our open case photos.) The controller’s hub supports four PWM fans and four ARGB devices.(Credit: Thomas Soderstrom)Removing the plastic plugs above and below the front-face 160mm factory ARGB fans allows us to see that the fan rails running up and down the face are also removable. Had we also removed the factory-fitted 160mm fans themselves, we could have used the extra mounting holes you can see to move the brackets inward to 140mm or 120mm fan spacing. The 480mm of space (height) behind that mount exceeds the length of any 420mm-format radiator we’ve seen, so you could put a really big radiator up front if you so desire. That said, you'll probably want to keep these oversized fans if you are air cooling; they have a nifty design, with an offset circle of blades inside a larger circle(Credit: Thomas Soderstrom)The drive trays include one dual-2.5-inch tray without 3.5-inch provisions and one with 3.5-inch provisions. Installing a 3.5-inch drive fitted with vibration-damping grommets precludes the use of any 2.5-inch drives in the second tray.Recommended by Our Editors(Credit: Thomas Soderstrom)Building With the MSI Velox 300RLet's dig into the accessory kit. The Velox 300R includes an installation guide and a case sticker, four combo-head power supply screws, a Phillips-to-hex-adapter socket for installing standoffs, two spare standoffs, and lots of additional screws. These include 21 standard M3 screws, eight M3 and four #6-32 shoulder screws (for installing drives onto the grommet-filled drive tray), and 12 extra-long #6-32 screws (for installing 120mm fans to the top of the power supply cover). You also get a bag of six replacement snaps for the ball-snap side-panel attachments, and two hook-and-loop and six zip-style cable ties.(Credit: Thomas Soderstrom)Case cables include a 19-pin USB 3.2 Gen 1 for the Type-A ports, a Type-E Gen 2x2 for the Type-C port, and an F_PANEL combo cable with breakout pins for a reset button that the case itself lacks. The ARGB controller/fan hub accepts PWM and ARGB control signals from the motherboard and is powered by a SATA-style power cable from your PSU.(Credit: Thomas Soderstrom)Our standard ATX motherboard fit the Velox 300R perfectly, and its card brace slid up to meet the edge of our test graphics card’s fan bracket nicely.(Credit: Thomas Soderstrom)The ARGB controller defaults to obeying the motherboard’s signal whenever its ARGB input is connected to the motherboard, but those who won’t be using motherboard control can also scroll through the controller’s inbuilt patterns via its mode button or even disable lighting entirely simply by holding the button for a few seconds.Here’s how the Velox looked all fleshed out with our standard test parts...(Credit: Thomas Soderstrom)MSI also sent along one of its motherboards, based on the Z790 chipset, so we could show this PZ (Project Zero) case built with its cable concealment fully deployed. This photo shows how all the cable headers that would have been pointing outward on a traditional motherboard point backward on this model.(Credit: Thomas Soderstrom)We’ll have to push some of those ARGB fan controller/hub cables aside to reach the ARGB and ATX12V headers of the Z790 Project Zero motherboard.(Credit: Thomas Soderstrom)We’ll also have to stuff away a little more cable length since most of our cables are no longer required to reach around to the front of the board.(Credit: Thomas Soderstrom)Though the displaced power and data cabling cleaned up the show side of our build nicely, we still have our graphics card’s supplemental power cable (12VHPWR) and our AIO CPU cooler’s tubes to contend with. Still, mighty clean and almost "Zero."(Credit: Thomas Soderstrom)And though the Z790 Project Zero motherboard has far less lighting than the board from our standardized kit, some would argue that it still looks better thanks to the reduced cable clutter.(Credit: Thomas Soderstrom)Testing the MSI Velox 300R: Twice-Benchmarked, Once With Project ZeroHere’s a list of the internal components from both of the above-photographed builds, along with the settings we used for our tests.The Velox 300R’s thermal performance is exactly mid-pack when using our standard test kit, and swapping in the rear-connector motherboard only resulted in a faster-warming voltage regulator (likely due to the lower mass of its heat sink). Its temperature control falls behind its most direct competitor, the Asus TUF Gaming GT302 ARGB, in both configurations.The reason the Velox 300R’s cooling performance fell behind the Lian Li Lancool 207 and GT302 ARGB appears fairly obvious when observing our noise charts: It’s quieter than both those cases.Both companies were aware that they could get better thermal results simply by spinning their fans a little harder, but MSI appears to have favored a quieter approach. Be aware that simply enabling the automatic fan profiles for your motherboard could potentially put all three of these cases into a tie with regard to both temperature and noise.