On Friday, New York State Senators Liz Krueger and Kristen Gonzales introduced a bill that would stop the issuance of permits for new data centers for at least three years and ninety days to give time for impact assessments and to update regulations. The bill would require the Department of Environmental Conservation and Public Service Commissions to issue impact statements and reports during the pause, along with any new orders or regulations that they deem necessary to minimize data centers’ impacts on the environment and consumers in New York.

The bill would require these departments to study data centers’ water, electricity and gas usage, and their impact on the rates of these resources, among other things. The bill, citing a Bloomberg analysis, notes that, “Nationally, household electricity rates increased 13 percent in 2025, largely driven by the development of data centers.” New York is the sixth state this year to introduce a bill aiming to put the brakes on data centers, following in the footsteps of Georgia, Maryland, Oklahoma, Vermont and Virginia, according to Wired. It’s still very much in the early stages, and is now with the Senate Environmental Conservation Committee for consideration.

Most enterprise work now happens in the browser. SaaS applications, identity providers, admin consoles, and AI tools have made it the primary interface for accessing data and getting work done.

Yet the browser remains peripheral to most security architectures. Detection and investigation still focus on endpoints, networks, and email, layers that sit around the browser, not inside it.

The result is a growing disconnect. When employee-facing threats occur, security teams often struggle to answer a basic question: what actually happens in the browser?

That gap defines an entire class of modern attacks.

At Keep Aware, we’ve called this a “safe haven” problem for attackers, where the target has now become this central point of failure

Browser Attacks Seen in 2026 Leaving Little Traditional Evidence

What makes browser-only attacks hard to deal with isn’t a single technique. It’s that multiple attack types all collapse into the same visibility gap. We continue to see these attacks into 2026:

ClickFix and UI-Driven Social Engineering

Possibly the largest browser-driven attack vector in 2025, users are guided by fake browser messages or prompts to copy, paste, or submit sensitive information themselves. No payload is delivered, no exploit fires, just normal user actions that leave almost no investigation trail.

Malicious Extensions

Seemingly legitimate extensions are installed intentionally and then quietly observe page content, intercept form input, or exfiltrate data. From an endpoint or network perspective, everything appears to be normal browser behavior. When questions arise later, there’s little record of what the extension actually did.

Man-in-the-Browser (and AitB, BitB, …) Attacks

These attacks abuse valid browser sessions rather than exploiting systems. Credentials are entered correctly, MFA is approved, and activity appears authorized. Logs confirm a real user and a real session, but not whether the browser interaction was manipulated or replayed.

HTML Smuggling

Malicious content is assembled directly inside the browser using JavaScript, bypassing traditional download and inspection points. The browser renders content as expected, while the most critical steps never become first-class security events.

Why EDR, Email, and SASE Miss These Attacks by Design

This isn’t a failure of tools or teams. It’s a consequence of what these systems were designed to see, and what they were not.

EDR focuses on processes, files, and memory on the endpoint. Email security tracks delivery, links, and attachments. SASE and proxy technologies enforce policy on traffic moving across the network. Each can block known bad activity, but none are built to understand user interaction inside the browser itself.

When the browser becomes the execution environment, where users click, paste, upload, and authorize, both prevention and detection lose context. Actions may be allowed or denied, but without visibility into what actually happened, controls become blunt and investigations incomplete.

What Our Own the Browser Research Reveals

This gap isn’t limited to one browser or deployment model.

As part of Own the Browser, a vendor-neutral research effort evaluating more than 20 mainstream, enterprise, and AI-native browsers, we examined how browsers are actually secured and governed in practice.

What stood out wasn’t a lack of controls; it was a lack of observable behavior that those controls could learn from.

Across consumer, enterprise, and emerging AI-native browsers, policies are widely deployed. What’s missing is structured visibility into how those policies actually play out in real user behavior. Without that insight, prevention stays blunt, and policies rarely evolve or improve.

AI Tools and AI-Native Browsers Are Widening the Gap

AI is accelerating this problem by increasing both the volume and subtlety of browser-based data movement.

Tools like ChatGPT, Claude, and Gemini normalize copying, pasting, uploading, and summarizing sensitive information directly in the browser. AI-native browsers, built-in assistants, and extensions streamline these actions even further.

From a control standpoint, much of this activity appears legitimate. From a prevention standpoint, it’s difficult to evaluate risk without context.

Policies can allow or block actions, but without observability into how data is being used, teams can’t adapt controls to match reality.

As AI-driven workflows become routine, prevention that isn’t informed by browser-level behavior quickly falls behind.

What Browser-Level Observability Changes: Before and After Incidents

When browser activity becomes observable, security teams don’t just investigate better; they prevent more effectively.

Seeing how data actually moves through the browser allows teams to set smarter, more targeted controls: preventing risky actions at the moment they occur, while preserving evidence when something does go wrong.

Detection improves because behavior can be evaluated in context. Response improves because incidents are reconstructable. Policies improve because they’re informed by real usage, not assumptions.

This creates a feedback loop: observability informs prevention, prevention reduces risk, and every incident, blocked, paused, or allowed, sharpens policy over time.

That leads to a simple question: if this class of attack happened in your environment today, could you both prevent it and explain it? If not, that’s the gap Keep Aware is built to close. See what browser-level visibility enables across prevention and response.

Request a demo. →

Written by Ryan Boerner, CEO of Keep Aware

Boerner, a computer engineer turned cybersecurity practitioner, began as a SOC analyst tackling network threats across Texas agencies. Specializing in network and email security, he later honed his expertise at IBM and Darktrace, working with organizations of all sizes. Seeing a critical gap between security teams and employees—where strong defenses still let threats through—he founded Keep Aware to make the browser a cornerstone of enterprise security.

Sponsored and written by Keep Aware.

This project takes regular door sensors and amps them up a few notches, providing a brilliant way to keep your smart house smart without having a single gadget attached to the frame. Dillan Stock of The Stock Pot got his hands on those cheap Aqara T1 touch sensors and decided to rebuild their housings from scratch, effectively stuffing everything inside the door and frame.

Aqara T1s already have some fantastic specs: they run on Zigbee, have a long battery life from a single CR2 battery, and cost $8 apiece when purchased in bulk. Not awful at all, but the issue arises when you consider how they look, as people just do not want to overload every door with these things. Stock discovered that by stripping the sensor down to its bare circuit board, which contained the reed switch and battery, and then creating a new enclosure for that board, he could make it all disappear.

Sale

YoLink LoRa Smart Door Sensor Starter Kit: – 1/4 Mile Open-Air Range, Door Left-Open Reminders,5 Years…

• A SMART START! Everything you need to get started: one YoLink Hub and four Door Sensors. Batteries are included and preinstalled, good for up to 5…
• WHY PAY A MONTHLY FEE, when you can secure it for free? Self-monitor and save when you take advantage of our many ways to be notified of alarms and…
• THAT WAS EASY! Installs in moments: scan the sensor’s QR code, give it a name, peel off the pre-applied 3M brand mounting tape protective plastic,…

Reed switches do the detecting because they work with a tiny bit of glass and metal; if there is no magnetic field, the two metal bits stay apart and the circuit remains open; however, if a magnet is nearby, it snaps those bits together, closing the circuit and informing you of the status of the door. In this design, the reed switch is hidden inside the door, while the magnet is located just above the door frame on the opposite side. The door closes, the magnet aligns perfectly, and the switch activates. When the door opens, the magnet no longer aligns, and the system immediately begins the change process.

To get things started, Stock was inspired by the Aeotec Recessed Door Sensor 7, but he had to avoid it due to its high cost and dependability difficulties. So he measured the Aqara board after he disassembled it, turned it 90 degrees to fit in the available area, and created a 3D model in Fusion 360. He designed a tubular shape that fits into a hole he drills in the door, as well as a separate cap and little bit for the magnet to sit in.

Printing takes place on a standard 3D printer, and the files are free to use on Printables, or you may download your own enclosures from Stock’s website if you don’t want to make them yourself. Once printed, there are only a few pieces to assemble, usually an M2 screw to fasten the cap and several small wood screws to hold the unit in place within the door hole once it’s all put together.

To ensure proper alignment, begin by marking the center point on the top of the door, preferably a reasonable distance away from the hinges. Grab a 20- or 21-mm spade drill bit and drill a hole around 35 to 40 mm deep; the same bit will work for the frame, but only go 20 mm deep. The downloadable files include a centering tool that will help you get everything perfectly aligned. Pop the magnet enclosure into the frame hole; it should fit tightly, but a dab of glue can help set it in place if necessary. Next, slip the sensor body into the door hole, screw it in, and insert the battery. Don’t worry about the bind button getting in the way; there’s enough space for a pin tool to get in there and do its thing when it’s time to couple up with a Zigbee hub.

Once you’ve completed the setup, the sensors will begin relaying information about your doors to your smart home system. Open the patio door, and the lights turn on. As you enter the children’s bedroom, the lamps will dim gradually. Every door in the house is monitored, without having to change the appearance of any of the rooms. Plus, the battery life is amazing, lasting a year or more depending on how much traffic your doors see. Best of all, the entire setup will be significantly less expensive than any of the commercial recessed systems you’re used to seeing, and you won’t have to worry with the connectivity dropouts that caused so much trouble in Stock’s previous Aeotec efforts.
[Source]

Top Website Builders

Best for Most People

Squarespace Core

Read More

Best Cheap Website Builder

Hostinger Business Website Builder

Read More

Best Free Website Builder

Strikingly Website Builder

Read More

Publishing a website is still more complicated than it has any right to be, but the best website builders streamline the process. Instead of juggling a bunch of files on a server and learning the ins and outs of networking, website builders do exactly what’s written on the tin. Piece by piece, using a drag-and-drop interface, you can design your website the way you want with immediate feedback rather than spending time buried in code and hoping it comes out on the other end.

There are dozens of website builders, and most of them range from decent to straight-up bad. Any web host with a bit of ambition has a website builder floating around, even if it’s slow, clunky, and lacking features. I focused on finding the best tools for building your website that go beyond just an add-on, and these are my favorites. If you’re after something simpler than a full-blown website, check out our list of the Best Portfolio Websites.

Updated February 2026: We’ve added details on new AI features in existing picks like Squarespace and Wix, and also added Webflow, Framer, GoDaddy, Shopify, and WordPress.

Best Website Builder for Most

Squarespace via Jacob Roach

You’ve heard of Squarespace over and over again, I’m sure, and that’s not an accident. It’s an inviting website builder that made a name for itself with bold, striking templates. Beneath the veneer of attractive, but seemingly simple, websites, you’ll find one of the most capable website builders on the market. That balance of power and usability is what sets Squarespace apart.

It feels like a creative tool. Where other website builders lag and stutter to get a new element on your page, Squarespace feels fluid. Your dashboard gives you quick access to edit your site, and around every corner, Squarespace feels designed so you never have to look up a tutorial. I started a simple photography website, and within an hour, I had a custom course page set up, an appointment schedule with automated confirmation emails, and services (with pricing and the ability to accept payments) configured.

Like many companies, Squarespace recently took a dive into AI with several new features, including Blueprint, an AI website design tool, and Squarespace GPT, which allows website design through an AI chat interface. These tools are arguably over-ambitious, as it’s possible to generate designs, images, and video backgrounds, which can leave you with a website detached from reality. Still, these tools can be useful if you have a vague idea of what you want but no idea how to implement it.

Squarespace isn’t cheap, but it also doesn’t meddle in restrictive, low-cost plans. Even on the Basic plan, you have access to ecommerce tools, AI design aids, and space for multiple contributors.

Sometimes you have this project idea in your mind that seems so simple and straightforward, and which feels just so right that you have to roll with it. Then, years later you stumble across the sad remnants of the tearful saga and the dismal failure that it portrays. Do you put it away again, like an unpleasant memory, or write it up in an article, as a tearful confession of past sins? After some coaxing by a friend, [Alessandro] worked up the courage to detail how he set about making a hardware-only password keeper, and why it failed.

The idea was so simple: the device would pretend to be a keyboard and type the passwords for you. This is not that unusual, as hardware devices like the Mooltipass do something similar. Even better, it’d be constructed only out of parts lying around, including an ATtiny85 and an HD44780 display, with bit-banged USB connectivity.

Overcoming the challenge of driving the LC display with one pin on the MCU required adding a 74HC595 demultiplexer and careful timing, which sort of worked when the stars aligned just right. Good enough, but what about adding new passwords?

This is where things quickly skidded off the tracks in the most slapstick way possible, as [Alessandro] solved the problem of USB keyboard HID devices being technically ‘output-only’, by abusing the indicator statuses for Caps Lock, Num Lock, and Scroll Lock. By driving these from the host PC in just the right way you can use them as a sort of serial protocol. This incidentally turned out to be the most reliable part of the project.

Where the project finally tripped and fell down the proverbial flight of stairs was when it came to making the bit-banged USB work reliably. As it turns out, USB is very unforgiving with its timing unlike PS/2, making for an infuriating user experience. After tossing the prototype hardware into a box, this is where the project gathered dust for the past years.

If you want to give it a try yourself, maybe using an MCU that has more GPIO and perhaps even a USB hardware peripheral like the STM32F103, ESP32-S3 or something fruit-flavored, you can take a gander at the project files in the GitHub repository.

We’re always happy to see projects that (ab)use the Lock status indicators, it’s always been one of our favorite keyboard hacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that ransomware actors are exploiting CVE-2026-24423, a critical vulnerability in SmarterMail that allows remote code execution without authentication.

SmarterMail is a self-hosted, Windows-based email server and collaboration platform from SmarterTools. The product provides SMTP/IMAP/POP mail services along with webmail, calendars, contacts, and basic groupware functionality.

It is commonly deployed by managed service providers (MSPs), small and medium-sized businesses, and hosting companies offering email services. According to SmarterTools, its products are used by roughly 15 million users across 120 countries.

The CVE-2026-24423 flaw affects SmarterTools SmarterMail versions prior to build 9511, and successful exploitation can lead to remote code execution (RCE) via the ConnectToHub API.

The vulnerability was discovered and disclosed responsibly  to SmarterTools by security researchers at watchTowr, CODE WHITE, and VulnCheck cybersecurity companies.

The vendor fixed the flaw on January 15 in SmarterMail Build 9511.

CISA has now added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and marked it as actively exploited in ransomware campaigns.

“SmarterTools SmarterMail contains a missing authentication for a critical function vulnerability in the ConnectToHub API method,” the government agency warns.

“This could allow the attacker to point the SmarterMail instance to a malicious HTTP server that serves the malicious OS command and could lead to command execution.”

CISA has given federal agencies and entities with obligations under BOD 22-01 guidance to either apply the security updates and vendor-suggested mitigations or stop using the product by February 26, 2026.

Around the same time that SmarterTools patched CVE-2026-24423, watchTowr researchers discovered another authentication bypass flaw, internally tracked as WT-2026-0001.

The flaw, which has no identification number, permits resetting the administrator password without any verification and has been exploited by hackers shortly after the vendor released a patch.

The researchers base this on anonymous tips, specific calls in the logs of compromised systems, and endpoints that exactly match the vulnerable code path.

Since then, SmarterMail has fixed additional security flaws rated “critical,” so it is recommended that system administrators update to the most recent build, currently 9526, released on January 30.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

• Manual reporting can be replaced entirely using Nvidia GB10 and structured AI workflows
• Automation reduces reliance on additional staff while maintaining consistent reporting accuracy
• Sequential workflows simplify testing and troubleshooting before scaling enterprise-level automation

Many organizations rely on employees to manually collect, organize, and report performance metrics from multiple digital platforms.

A recent Serve The Home (STH) review replaced part of this manual reporting process using local AI systems built around Nvidia GB10 hardware.