ReportWire

Tag: Cybercrime

  • Under Armour data breach claims trigger alerts for millions of users

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Sportswear and fitness brand Under Armour is investigating claims of a massive data breach after customer records were posted on a hacker forum. 

    The breach became widely known after millions of people received alerts warning their information may have been compromised. While Under Armour says its investigation is ongoing, cybersecurity researchers reviewing the leaked data say it appears to include personal details potentially linked to customer purchases.

    According to breach notification service Have I Been Pwned, the dataset contains email addresses linked to approximately 72 million people, prompting the organization to notify affected users directly. The scale of the exposure has raised new concerns about how consumer data can be misused long after a breach occurs.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS  

    Millions of Under Armour customers were alerted after stolen account data surfaced on a hacker forum, bringing the breach into public view. (Thomas Trutschel/Photothek via Getty Images)

    What happened in the Under Armour data breach

    The stolen data is reportedly linked to a ransomware attack that occurred in November 2025. At the time, the Everest ransomware group claimed responsibility and attempted to extort Under Armour by threatening to leak internal files. In January 2026, customer data from that incident appeared publicly on a popular hacking forum. Soon after, breach notification service Have I Been Pwned obtained a copy of the data and alerted affected users by email. According to reports, the seller claimed the stolen files came directly from the November breach and included millions of customer records.

    What data was exposed

    The leaked dataset reportedly includes a broad range of personal information. While payment card details have not been confirmed, the exposed data is still valuable to cybercriminals.

    Compromised information may include:

    Researchers also found email addresses belonging to Under Armour employees within the data. That increases the risk of targeted phishing and business email compromise scams.

    Under Armour’s response so far

    “We are aware of claims that an unauthorized third party obtained certain data,” an Under Armour spokesperson told CyberGuy. “Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded. The security of our systems and data is a top priority for UA, and we take this issue very seriously.”

    Why this breach matters

    Even without passwords or payment details, this breach still poses serious risks. Names, email addresses, birth dates and purchase history can be used to create highly convincing scams. Cybercriminals often reference real purchases or account details to gain trust. As a result, phishing emails tied to this breach may appear legitimate and urgent. Over time, exposed data like this can also be combined with other breaches to build detailed identity profiles that are harder to protect against.

    How to check if your passwords were stolen

    To see if your email was affected, visit the Have I Been Pwned website. It is the first and official source for this newly added dataset. Enter your email address to find out if your information appears in the leak. When done, come back here for Step 1 below.

    Ways to stay safe after the Under Armour data breach

    If you received a breach alert or believe your information may be included, taking action now can reduce your risk later.

    1) Change reused passwords and use a password manager

    If you reused the same password on other sites, change those passwords right away. Even if Under Armour says passwords were not affected, exposed email addresses are often used in follow-up attacks. A password manager makes this easier. It creates strong, unique passwords for each account and stores them securely. That way, one breach cannot unlock multiple accounts.

    woman working on budget

    The leaked data reportedly includes email addresses, birth dates and purchase details, which can be exploited in targeted phishing scams. (Kurt “CyberGuy” Knutsson)

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    2) Watch for phishing emails tied to Under Armour

    Cybercriminals often move fast after a breach. As a result, emails that appear to come from Under Armour or fitness brands may land in your inbox. Be cautious of messages that claim there is an issue with your account or a recent purchase. Do not click links or open attachments in unexpected emails. Instead, go directly to the company’s official website if you need to check your account. Using strong antivirus software can also help block malicious links and attachments before they cause harm.

    ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Turn on two-factor authentication everywhere you can

    Two-factor authentication (2FA) adds an extra layer of protection. Even if someone gets your password, they still need a second step to log in. Turn it on for email accounts first. Then enable it for shopping, fitness and financial accounts. This single step can stop many account takeover attempts linked to breached data.

    4) Monitor for password reset attempts and account alerts

    After a breach, attackers often test stolen email addresses across multiple sites. That activity can trigger password reset emails you did not request. Pay close attention to these alerts. If you see one, secure the account immediately by changing the password and reviewing recent activity.

    5) Be skeptical of messages that reference past purchases

    This breach included purchase information, which makes scams more convincing. Attackers may reference real products or order details to earn your trust. Treat any message that pressures you to act quickly as suspicious. Legitimate companies do not demand immediate action by email or text.

    6) Reduce your exposure with a data removal service

    Over time, exposed personal data often ends up with data brokers. These companies collect and sell profiles that scammers use for targeting. A data removal service can help you request the deletion of your information from these databases. Reducing what is publicly available makes it harder for criminals to build detailed profiles.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Under Armour Outdoor store in China

    Security experts warn that even without payment data, exposed personal information can fuel fraud long after a breach is discovered. (Cheng Xin/Getty Images)

    Kurt’s key takeaways

    The Under Armour data breach is a reminder that even major global brands can become targets. While payment systems appear unaffected, the exposure of personal data still creates long-term risks for millions of customers. Data breaches often unfold over time. What starts as leaked records can later fuel scams, identity theft and targeted attacks. Staying alert now can reduce the chance of bigger problems later.

    If your personal shopping or fitness data were exposed in a breach like this, would you keep using the brand or move on to a competitor? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Essex resident heading up Stop Child Predators

    [ad_1]

    ESSEX — For Maureen Flatley , there is possibly no task greater than protecting children.

    Flatley, who has lived in Essex since 2002, was recently named president of the Washington, D.C.-based organization Stop Child Predators. She comes to the position as the organization celebrates 20 years of child protection advocacy.

    This page requires Javascript.

    Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

    kAmu=2E=6J 2:>D E@ 5C:G6 E96 8C@FA’D 25G@424J H@C<[ H9:=6 :ED 7@F?56C[ $E24:6 #F>6?2A[ 4@?E:?F6D 😕 96C C@=6 2D 49:67 6I64FE:G6 @77:46C]k^Am

    kAm$E@A r9:=5 !C652E@CD 😀 2 ?2E:@?2= ?@?AC@7:E @C82?:K2E:@? 565:42E65 E@ 25G2?4:?8 “67764E:G6 2?5 6G:56?4632D65 49:=5 AC@E64E:@? A@=:4:6D]” %96 8C@FA 7@4FD6D @? D@=FE:@?D E@ 4@>32E 49:=5 6IA=@:E2E:@? 2?5 56G6=@A:?8 A@=:4:6D E92E C6>@G6 AC652E@CD 7C@> 4:C4F=2E:@?]k^Am

    kAm“!C@E64E:?8 49:=5C6? C6BF:C6D 4=2C:EJ 23@FE H92E 24EF2==J H@C62?D D6C:@FD :?G6DE>6?ED 😕 =2H 6?7@C46>6?E[ DEC6?8E96?:?8 AF3=:4AC:G2E6 A2CE?6CD9:AD H:E9 >2?52E65 C6A@CE6CD 2?5 6?DFC:?8 C62= 244@F?E23:=:EJ E9C@F89 2CC6DED[ AC@D64FE:@?D 2?5 4@?G:4E:@?D]”k^Am

    kAmu=2E=6J D2:5 E96 >@DE=J G@=F?E66C @C82?:K2E:@? @A6C2E6D @? 2 3F586E @7 36EH66? S`d_[___ 2?5 Sa__[___ 6249 J62C] $96 3C:?8D 564256D @7 6IA6C:6?46 😕 49:=5 AC@E64E:@? 2?5 😕 677@CED E@ C67@C> 8@G6C?>6?E 2?5 AF3=:4 A@=:4J]k^Am

    kAmu=2E=6J H2D 2 AC:?4:A2= 2C49:E64E @7 |2D92’D {2H 😕 a__e] %96 =2H :?4C62D65 4:G:= A6?2=E:6D 7@C 5@H?=@25:?8 49:=5 D6IF2= 23FD6 >2E6C:2=]k^Am

    kAm“%96 >@DE :>A@CE2?E C@=6 $E@A r9:=5 !C652E@CD D6CG6D 😀 E@ 7@4FD A@=:4J >2<6CD 2?5 E96 AF3=:4 @? E96 4C:E:42= C@=6 =2H 6?7@C46>6?E A=2JD 😕 >:E:82E:?8 E9:D D6C:@FD AC@3=6>[” u=2E=6J D2:5]k^Am

    kAmu=2E=6J 92D E6DE:7:65 367@C6 r@?8C6DD 2?5 2E A@=:4J 4@?76C6?46D 😕 (2D9:?8E@?[ s]r] @? 4@>32E:?8 :?E6C?6E D6IF2= 6IA=@:E2E:@?]k^Am

    kAm$E6A96? w282? 42? 36 C624965 2E hfgefdaf_g @C 2E k2 9C67lQ>2:=E@iD9282?o8=@F46DE6CE:>6D]4@>QmD9282?o8=@F46DE6CE:>6D]4@>k^2m]k^Am

    kAm$E6A96? w282? >2J 36 4@?E24E65 2E hfgefdaf_g[ @C k2 9C67lQ>2:=E@iD9282?o8=@F46DE6CE:>6D]4@>QmD9282?o8=@F46DE6CE:>6D]4@>k^2m]k^Am

    [ad_2]

    By Stephen Hagan | Staff Writer

    Source link

  • Thousands of iPhone apps expose data inside Apple App Store

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Apple often promotes the App Store as a secure place to download apps. The company highlights strict reviews and a closed system as key protections for iPhone users. That reputation now faces serious questions.

    New research shows that thousands of iOS apps approved by Apple contain hidden security flaws. These flaws can expose user data, cloud storage and even payment systems. 

    The issue is not malware; it’s poor security practices baked directly into the app code.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK

    Cybernews researchers found that many iOS apps store sensitive secrets directly inside app files, where they can be easily extracted. (Kurt “CyberGuy” Knutsson)

    What researchers discovered inside iOS apps

    Security researchers at Cybernews, a cybersecurity research firm, analyzed the code of more than 156,000 iPhone apps. That represents about 8% of all apps available worldwide.

    Here is what they found:

    • Over 815,000 hidden secrets inside app code
    • An average of five secrets per app
    • 71% of apps leaked at least one secret

    These secrets include passwords, API keys and access tokens. Developers place them directly inside apps, where anyone can extract them. According to Cybernews researcher Aras Nazarovas, this makes attackers’ jobs much easier than most users realize.

    What are hardcoded secrets in simple terms?

    A hardcoded secret is sensitive information saved directly inside an app instead of being protected on a secure server. Think of it like writing your bank PIN on the back of your debit card. Once someone downloads the app, they can inspect its files and pull out those secrets. Attackers do not need special access or advanced hacking tools. Both the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warn developers not to do this. Yet it is happening at a massive scale.

    Cloud storage leaks exposed huge amounts of data

    One of the most serious problems involves cloud storage. More than 78,000 iOS apps contained direct links to cloud storage buckets. These buckets store files such as photos, documents, receipts and backups. In some cases, no password was required at all. Researchers found:

    • 836 storage buckets are fully open to the public
    • Over 76 billion exposed files
    • More than 406 terabytes of leaked data

    This data included user uploads, registration details, app logs and private records. Anyone who knew where to look could view or download it.

    APPLE PATCHES TWO ZERO-DAY FLAWS USED IN TARGETED ATTACKS

    A bar graph of top 20 leaked secrets in iOS apps

    This chart shows the most common types of hardcoded secrets found inside iOS apps, with Google-related keys appearing most often, according to Cybernews research. (Cybernews)

    Firebase databases were also left open

    Many iOS apps rely on Google Firebase to store user data. Cybernews found more than 51,000 Firebase database links hidden in app code. While some were protected, over 2,200 had no authentication. That exposed:

    • Nearly 20 million user records
    • Messages, profiles, and activity logs
    • Databases that are mostly hosted in the U.S.

    If a Firebase database is not locked down, attackers can browse user data like a public website.

    Payment and login systems were at risk too

    Some of the leaked secrets were far more dangerous than analytics or ads. Researchers discovered secret keys for:

    • Stripe, which handles payments and refunds
    • JWT authentication systems that control logins
    • Order management tools used by shopping apps

    A leaked Stripe secret key can allow attackers to issue refunds, move money or access billing details. Leaked login keys can let attackers impersonate users or take over accounts.

    AI and social apps were among the worst offenders

    Some of the apps with the largest leaks were related to artificial intelligence. According to VX Underground, security firm CovertLabs identified 198 iOS apps leaking user data. The worst known case was Chat & Ask AI by Codeway. Researchers say it exposed chat histories, phone numbers and email addresses tied to millions of users. Another app, YPT – Study Group, reportedly leaked messages, user IDs and access tokens. CovertLabs tracks these incidents in a restricted repository called Firehound. The full list of affected apps has not been publicly released, and researchers say the data is limited to prevent further exposure and to give developers time to fix security flaws.

    MALICIOUS GOOGLE CHROME EXTENSIONS HIJACK ACCOUNTS

    Lines of code that could hold sensitive information

    This example shows how sensitive keys like Google API credentials and Stripe payment secrets can be stored directly inside an iOS app’s files, where they are easy to extract. (Cybernews)

    Why Apple’s App review can miss hidden security risks

    Apple reviews apps before they appear in the App Store. However, the review process does not scan app code for hidden secrets. If an app behaves normally during testing, it can pass review even if sensitive keys are buried inside its files. This creates a gap between Apple’s security claims and real-world risks. Removing leaked secrets is not simple for developers. They must revoke old keys, create new ones and rebuild parts of their apps. That can break features and delay updates. Even though Apple says most app updates are reviewed within 24 hours, some updates take weeks. During that time, vulnerable apps can remain available.

    CyberGuy contacted Apple for comment, but did not receive a response before publication.

    Ways to stay safe right now

    You cannot easily inspect an app for hidden secrets. Apple does not provide tools for that. Still, you can reduce your risk and limit exposure by being selective and cautious. These steps help reduce the risk if an app leaks data behind the scenes.

    1) Stick to established app developers

    Well-known developers tend to have stronger security teams and better update practices. Smaller or unknown apps may rush features to market and overlook security basics. Before downloading, check how long the developer has been active and how often the app is updated.

    2) Review and limit app permissions

    Many apps ask for more access than they need. Location, contacts, photos and microphone access all increase the risk of data leaks. Go into your iPhone settings and remove permissions that are not essential for the app to work.

    3) Delete apps you no longer use

    Unused apps still retain access to data you shared in the past. They may also store information on remote servers long after you stop opening them. If you have not used an app in months, remove it. Here’s how: Open Settings, tap General, select iPhone Storage, and scroll through the list of apps to see when each one was last used. Tap any app you no longer need and select Delete App to remove it and reduce ongoing data exposure.

    4) Be cautious with personal and financial details

    Avoid entering sensitive information unless it is absolutely necessary. This includes full names, addresses, payment details and private conversations. AI apps are especially risky if you share deeply personal content.

    5) Use a password manager for every account

    A password manager creates strong, unique passwords for each app and service. This prevents attackers from accessing multiple accounts if one app leaks data. Never reuse passwords tied to your email address.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    6) Change passwords tied to exposed apps

    If an app uses your email address for login, change that password immediately. Do this even if there is no confirmation of a breach. Attackers often test leaked credentials across other services.

    7) Consider using a data removal service

    Some leaked data ends up with data brokers that sell personal information online. A data removal service can help find and remove your details from these databases. This reduces the chance that exposed app data gets reused for scams or identity theft.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    8) Monitor your accounts for unusual activity

    Watch for unexpected emails, password reset notices, login alerts, or payment confirmations. These can signal that leaked data is already being abused. Act quickly if something looks off.

    9) Pause use of risky AI and chat apps

    If you use AI apps for private conversations, consider stopping until the developer confirms security fixes. Once data is exposed, it cannot be pulled back. Avoid sharing sensitive details with apps that store conversations remotely.

    Kurt’s key takeaways

    Apple’s App Store still offers important protections, but this research shows it is not foolproof. Many trusted iPhone apps quietly expose data due to basic security mistakes. Until app reviews improve, you need to stay alert and limit how much data you share.

    How many apps on your iPhone have access to information you would not want exposed? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 5 myths about identity theft that put your data at risk

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Most people think identity theft starts with a massive hack. In reality, it usually starts much more quietly, with bits of personal information you didn’t even realize were public: old addresses, family connections, phone numbers and shopping habits. 

    All are sitting on data broker sites that most people have never heard of. During Identity Theft Awareness Week, organized by the Federal Trade Commission, it’s a good time to clear up some dangerous myths that keep putting people at risk, especially retirees, families and anyone who thinks they’re “careful enough.” 

    Let’s break them down.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.   

    Myth #1: ‘I wasn’t in a data breach, so I’m safe’

    FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

    Identity theft often starts quietly, with bits of personal information collected and shared long before a scam ever happens. (Kira Hofmann/picture alliance via Getty Images)

    Reality: You don’t need to be in a breach to have your data exposed.

    Data brokers legally collect personal information from public records, loyalty programs, apps and online purchases. Over time, they build detailed profiles that can exist for decades, even if you’ve never been hacked. Scammers often use this data as a starting point. It helps them sound legitimate, personalize messages and choose the right angle to trick you.

    Actionable tips:

    • Don’t assume “no breach” means “no risk”
    • Avoid oversharing details on social media
    • Remove your personal data from data broker sites so it can’t be reused

    Myth #2: ‘Scammers don’t have enough info to impersonate me’

    Reality: They usually have more than enough.

    Scammers don’t need your Social Security number to cause damage. A name, address history, phone number and family connections can be enough for someone to:

    This is why scams often feel unsettlingly personal.

    Actionable tips:

    • Be suspicious of messages that reference personal details
    • Don’t confirm information just because the sender “knows” something about you
    • Reduce what’s available by removing your data from broker databases

    Myth #3: ‘Retirees aren’t targeted because they’re cautious’

    Reality: Retirees are one of the most targeted groups.

    Why? Because scammers assume:

    • Stable income from pensions or benefits
    • More savings
    • Greater trust in official-looking messages
    • Less familiarity with newer scam tactics

    Many scams are designed specifically for retirees, from Medicare updates to fake government notices and investment fraud. A recent widespread scam involves fake IRS calls and the illegitimate “Tax Resolution Oversight Department” that tries to steal your money.

    Actionable tips:

    • Never act on urgent requests involving benefits or finances
    • Verify messages by contacting organizations directly
    • Encourage family discussions about scams and warning signs
    • Remove publicly available data that helps scammers profile retirees
    Person typing on computer

    Data brokers build detailed profiles using public records, apps, purchases and loyalty programs, even if you have never been hacked. (Kurt “CyberGuy” Knutsson)

    Myth #4: ‘Credit monitoring will stop identity theft’

    Reality: Credit monitoring only tells you after something has gone wrong.

    It doesn’t stop scammers from:

    • Targeting you
    • Attempting account takeovers
    • Using your information in phishing or social engineering scams

    Think of credit monitoring like a smoke alarm-helpful, but it doesn’t prevent the fire.

    Actionable tips:

    • Use credit monitoring as a backup, not your main defense
    • Lock down accounts with strong passwords and two-factor authentication
    • Reduce exposure by removing your data before it’s misused

    Myth #5: “There’s nothing I can do about data brokers”

    Reality: You can take control, but doing it manually is time-consuming and frustrating.

    Most data broker sites allow opt-outs, but each one has a different process. Some require forms. Others need ID verification. And many re-add your data months later. That’s why I recommend a data removal service. These services contact hundreds of data brokers on your behalf, request the removal of your personal information and keep monitoring them so it doesn’t quietly reappear. For families and retirees, this matters even more because once scammers connect relatives through broker profiles, multiple people can become targets.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

    Why identity theft often starts long before you notice

    Identity theft rarely begins with a dramatic moment.

    It usually starts with:

    • Data collected quietly over the years
    • Profiles that grow more detailed with time
    • Information being sold and resold without your knowledge

    By the time fraud shows up on a credit report, the damage has often already been done.

    What you can do during Identity Theft Awareness Week

    If there’s one takeaway this week, it’s this: reducing your exposed data lowers your risk.

    1) Be skeptical of unexpected messages

    Do not trust surprise emails, texts or calls, even if they appear to come from a bank, retailer or government agency. Scammers often copy logos, language and phone numbers to look legitimate.

    2) Verify requests on your own

    If a message claims there’s a problem with an account, pause and verify it independently. Use the official website or phone number you already know, not the one provided in the message.

    3) Reduce your digital footprint with a data removal service 

    Remove your personal information from data broker websites that collect and sell names, addresses, phone numbers and other details. A data removal service can help you do just that. Less exposed data means fewer opportunities for identity thieves. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    4) Turn on two-factor authentication

    Enable two-factor authentication (2FA) wherever it’s available. Even if a criminal gets your password, 2FA adds a second barrier that can stop account takeovers.

    5) Strengthen your account security

    Use strong, unique passwords for important accounts and avoid reusing them across sites. A reputable password manager can securely store and generate complex passwords, making it easier to stay protected without memorizing everything.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    Person on their smartphone.

    Scammers use this background data to sound legitimate, personalize their messages and pressure victims into acting fast. (Matt Cardy/Getty Images)

    6) Use identity theft protection software

    Consider identity theft protection software that monitors your personal information, alerts you to suspicious activity and helps you respond quickly if something goes wrong. Some services also assist with data broker removal and recovery support if your identity is compromised.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    7) Help family members stay protected

    Scammers often target seniors and teens. Walk family members through these steps, help them secure accounts and encourage them to slow down before responding to urgent messages.

    Kurt’s key takeaways

    Identity theft isn’t about being careless; it’s about how much information is floating around without your permission. The fewer places your data lives online, the harder it is for scammers to use it against you. Taking action now won’t just protect you this week; it can reduce scams, fraud attempts and identity theft risks all year long.

    Which of these myths did you believe, and what personal information do you think is already out there about you without your consent? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google Fast Pair flaw lets hackers hijack headphones

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google designed Fast Pair to make Bluetooth connections fast and effortless. One tap replaces menus, codes and manual pairing. That convenience now comes with serious risk. Security researchers at KU Leuven uncovered flaws in Google’s Fast Pair protocol that allows silent device takeovers. They named the attack method WhisperPair. An attacker nearby can connect to headphones, earbuds or speakers without the owner knowing. In some cases, the attacker can also track the user’s location. Even more concerning, victims do not need to use Android or own any Google products. iPhone users are also affected.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK

    Fast Pair makes connecting Bluetooth headphones quick, but researchers found that some devices accept new pairings without proper authorization.       (Kurt “CyberGuy” Knutsson)

    What WhisperPair is and how it hijacks Bluetooth devices

    Fast Pair works by broadcasting a device’s identity to nearby phones and computers. That shortcut speeds up pairing. Researchers found that many devices ignore a key rule. They still accept new pairings while already connected. That opens the door to abuse.

    Within Bluetooth range, an attacker can silently pair with a device in about 10 to 15 seconds. Once connected, they can interrupt calls, inject audio or activate microphones. The attack does not require specialized hardware and can be carried out using a standard phone, laptop, or low-cost device like a Raspberry Pi. According to the researchers, the attacker effectively becomes the device owner.

    Audio brands affected by the Fast Pair vulnerability

    The researchers tested 17 Fast Pair compatible devices from major brands, including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google. Most of these products passed Google certification testing. That detail raises uncomfortable questions about how security checks are performed.

    How headphones can become tracking devices

    Some affected models create an even bigger privacy issue. Certain Google and Sony devices integrate with Find Hub, which uses nearby devices to estimate location. If a headset has never been linked to a Google account, an attacker can claim it first. That allows continuous tracking of the user’s movements. If the victim later receives a tracking alert, it may appear to reference their own device. That makes the warning easy to dismiss as an error.

    GOOGLE NEST STILL SENDS DATA AFTER REMOTE CONTROL CUTOFF, RESEARCHER FINDS

    A screenshot of a location screen

    Attacker’s dashboard with location from the Find Hub network. (KU Leuven)

    Why many Fast Pair devices may stay vulnerable

    There is another problem most users never consider. Headphones and speakers require firmware updates. Those updates usually arrive through brand-specific apps that many people never install. If you never download the app, you never see the update. That means vulnerable devices could remain exposed for months or even years.

    The only way to fix this vulnerability is by installing a software update issued by the device manufacturer. While many companies have released patches, updates may not yet be available for every affected model. Users should check directly with the manufacturer to confirm whether a security update exists for their specific device.

    Why convenience keeps creating security gaps

    Bluetooth itself was not the problem. The flaw lives in the convenience layer built on top of it. Fast Pair prioritized speed over strict ownership enforcement. Researchers argue that pairing should require cryptographic proof of ownership. Without it, convenience features become attack surfaces. Security and ease of use do not have to conflict. But they must be designed together.

    Google responds to the Fast Pair WhisperPair security flaws

    Google says it has been working with researchers to address the WhisperPair vulnerabilities and began sending recommended patches to headphone manufacturers in early September. Google also confirmed that its own Pixel headphones are now patched.

    In a statement to CyberGuy, a Google spokesperson said, “We appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe. We worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report’s lab setting. As a best security practice, we recommend users check their headphones for the latest firmware updates. We are constantly evaluating and enhancing Fast Pair and Find Hub security.”

    Google says the core issue stemmed from some accessory makers not fully following the Fast Pair specification. That specification requires accessories to accept pairing requests only when a user has intentionally placed the device into pairing mode. According to Google, failures to enforce that rule contributed to the audio and microphone risks identified by the researchers.

    To reduce the risk going forward, Google says it updated its Fast Pair Validator and certification requirements to explicitly test whether devices properly enforce pairing mode checks. Google also says it provided accessory partners with fixes intended to fully resolve all related issues once applied.

    On the location tracking side, Google says it rolled out a server-side fix that prevents accessories from being silently enrolled into the Find Hub network if they have never been paired with an Android device. According to the company, this change addresses the Find Hub tracking risk in that specific scenario across all devices, including Google’s own accessories.

    Researchers, however, have raised questions about how quickly patches reach users and how much visibility Google has into real-world abuse that does not involve Google hardware. They also argue that weaknesses in certification allowed flawed implementations to reach the market at scale, suggesting broader systemic issues.

    For now, both Google and the researchers agree on one key point. Users must install manufacturer firmware updates to be protected, and availability may vary by device and brand.

    SMART HOME HACKING FEARS: WHAT’S REAL AND WHAT’S HYPE

    A location screen

    Unwanted tracking notification showing the victim’s own device. (KU Leuven)

    How to reduce your risk right now

    You cannot disable Fast Pair entirely, but you can lower your exposure.

    1) Check if your device is affected

    If you use a Bluetooth accessory that supports Google Fast Pair, including wireless earbuds, headphones or speakers, you may be affected. The researchers created a public lookup tool that lets you search for your specific device model and see whether it is vulnerable. Checking your device is a simple first step before deciding what actions to take. Visit whisperpair.eu/vulnerable-devices to see if your device is on the list.

    2) Update your audio devices

    Install the official app from your headphone or speaker manufacturer. Check for firmware updates and apply them promptly.

    3) Avoid pairing in public places

    Pair new devices in private spaces. Avoid pairing in airports, cafés or gyms where strangers are nearby.

    4) Factory reset if something feels off

    Unexpected audio interruptions, strange sounds or dropped connections are warning signs.  A factory reset can remove unauthorized pairings, but it does not fix the underlying vulnerability. A firmware update is still required.

    5) Turn off Bluetooth when not needed

    Bluetooth only needs to be on during active use. Turning off Bluetooth when not in use limits exposure, but it does not eliminate the underlying risk if the device remains unpatched.

    6) Reset secondhand devices

    Always factory reset used headphones or speakers before pairing them. This removes hidden links and account associations.

    7) Take tracking alerts seriously

    Investigate Find Hub or Apple tracking alerts, even if they appear to reference your own device.

    8) Keep your phone updated

    Install operating system updates promptly. Platform patches can block exploit paths even when accessories lag behind.

    Kurt’s key takeaways

    WhisperPair shows how small shortcuts can lead to large privacy failures. Headphones feel harmless. Yet they contain microphones, radios and software that need care and updates. Ignoring them leaves a blind spot that attackers are happy to exploit. Staying secure now means paying attention to the devices you once took for granted.

    Should companies be allowed to prioritize fast pairing over cryptographic proof of device ownership? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Why clicking the wrong Copilot link could put your data at risk

    [ad_1]

    NEWYou can now listen to Fox News articles!

    AI assistants are supposed to make life easier. Tools like Microsoft Copilot can help you write emails, summarize documents and answer questions using information from your own account. But security researchers are now warning that a single bad link could quietly turn that convenience into a privacy risk. 

    A newly discovered attack method shows how attackers could hijack a Copilot session and siphon data without you seeing anything suspicious on screen.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.     

    Because Copilot stays tied to your logged-in Microsoft account, attackers can quietly use your active session to access data in the background. (Photo by Donato Fasano/Getty Images)

    What researchers discovered about Copilot links

    ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

    Security researchers at Varonis uncovered a technique they call “Reprompt.” In simple terms, it shows how attackers could sneak instructions into a normal-looking Copilot link and make the AI do things on their behalf.

    Here’s the part that matters to you: Microsoft Copilot is connected to your Microsoft account. Depending on how you use it, Copilot can see your past conversations, things you’ve asked it and certain personal data tied to your account. Normally, Copilot has guardrails to prevent sensitive information from leaking. Reprompt showed a way around some of those protections.

    The attack starts with just one click. If you open a specially crafted Copilot link sent through email or a message, Copilot can automatically process hidden instructions embedded inside the link. You don’t need to install anything, and there are no pop-ups or warnings. After that single click, Copilot can keep responding to instructions in the background using your already logged-in session. Even closing the Copilot tab does not immediately stop the attack, because the session stays active for a while.

    How Reprompt works

    Varonis found that Copilot accepts questions through a parameter inside its web address. Attackers can hide instructions inside that address and make Copilot execute them as soon as the page loads.

    That alone would not be enough, because Copilot tries to block data leaks. The researchers combined several tricks to get around this. First, they injected instructions directly into Copilot through the link itself. This allowed Copilot to read information it normally shouldn’t share.

    Second, they used a “try twice” trick. Copilot applies stricter checks the first time it answers a request. By telling Copilot to repeat the action and double-check itself, the researchers found that those protections could fail on the second attempt.

    Third, they showed that Copilot could keep receiving follow-up instructions from a remote server controlled by the attacker. Each response from Copilot helped generate the next request, allowing data to be quietly sent out piece by piece. The result is an invisible back-and-forth where Copilot keeps working for the attacker using your session. From your perspective, nothing looks wrong.

    MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO ‘REAL-WORLD DANGERS’ FOR USERS

    Varonis responsibly reported the issue to Microsoft, and the company fixed it in the January 2026 Patch Tuesday updates. There is no evidence that Reprompt was used in real-world attacks before the fix. Still, this research is important because it shows a bigger problem. AI assistants have access, memory and the ability to act on your behalf. That combination makes them powerful, but also risky if protections fail. As researchers put it, the danger increases when autonomy and access come together.

    It’s also worth noting that this issue only affected Copilot Personal. Microsoft 365 Copilot, which businesses use, has extra security layers like auditing, data loss prevention and admin controls.

    “We appreciate Varonis Threat Labs for responsibly reporting this issue,” a Microsoft spokesperson told CyberGuy. “We have rolled out protections that address the scenario described and are implementing additional measures to strengthen safeguards against similar techniques as part of our defense-in-depth approach.”

    8 steps you can take to stay safe from AI attacks

    Even with the fix in place, these habits will help protect your data as AI tools become more common.

    1) Install Windows and browser updates immediately

    Security fixes only protect you if they’re installed. Attacks like Reprompt rely on flaws that already have patches available. Turn on automatic updates for Windows, Edge and other browsers so you don’t delay critical fixes. Waiting weeks or months leaves a window where attackers can still exploit known weaknesses.

    2) Treat Copilot and AI links like login links

    If you wouldn’t click a random password reset link, don’t click unexpected Copilot links either. Even links that look official can be weaponized. If someone sends you a Copilot link, pause and ask yourself whether you were expecting it. When in doubt, open Copilot manually instead.

    Corporate signage of Microsoft Corp at Microsoft India Development Center

    Even after Microsoft fixed the flaw, the research highlights why limiting data exposure and monitoring account activity still matters as AI tools evolve. (Photographer: Prakash Singh/Bloomberg via Getty Images)

    3) Use a password manager to protect your accounts

    A password manager creates and stores strong, unique passwords for every service you use. If attackers manage to access session data or steal credentials indirectly, unique passwords prevent one breach from unlocking your entire digital life. Many password managers also warn you if a site looks suspicious or fake.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords, and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    4) Enable two-factor authentication on your Microsoft account

    Two-factor authentication (2FA) adds a second layer of protection, even if attackers gain partial access to your session. It forces an extra verification step, usually through an app or device, making it much harder for someone else to act as you inside Copilot or other Microsoft services.

    5) Reduce how much personal data exists online

    Data broker sites collect and resell personal details like your email address, phone number, home address and even work history. If an AI tool or account session is abused, that publicly available data can make the damage worse. Using a data-removal service helps delete this information from broker databases, shrinking your digital footprint and limiting what attackers can piece together.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Run strong antivirus software on your device

    Modern antivirus tools do more than scan files. They help detect phishing links, malicious scripts and suspicious behavior tied to browser activity. Since Reprompt-style attacks start with a single click, having real-time protection can stop you before damage happens, especially when attacks look legitimate.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    7) Regularly review your account activity and settings

    Check your Microsoft account activity for unfamiliar logins, locations, or actions. Review what services Copilot can access, and revoke anything you no longer need. These checks don’t take long, but they can reveal issues early, before attackers have time to do serious damage. Here’s how:

    Go to account.microsoft.com, and sign in to your Microsoft account.

    Select Security, then choose View my sign-in activity and verify your identity if prompted.

    Review each login for unfamiliar locations, devices or failed sign-in attempts.

    If you see anything suspicious, select This wasn’t me or Secure your account, then change your password immediately and enable two-step verification.

    Visit account.microsoft.com/devices, and remove any devices you no longer recognize or use.

    In Microsoft Edge, open Settings > Appearance > Copilot and Sidebar > Copilot, and turn off Allow Microsoft to access page content if you want to limit Copilot’s access.

    Review apps connected to your Microsoft account and revoke permissions you no longer need.

    close up of hands of business person working on computer, man using internet and social media

    A single Copilot link can carry hidden instructions that run the moment you click, without any warning or pop-ups.  (iStock)

    8) Be specific about what you ask AI tools to do

    Avoid giving AI assistants broad authority like “handle whatever is needed.” Wide permissions make it easier for hidden instructions to influence outcomes. Keep requests narrow and task-focused. The less freedom an AI has, the harder it is for malicious prompts to steer it silently.

    Kurt’s key takeaway

    Reprompt doesn’t mean Copilot is unsafe to use, but it does show how much trust these tools require. When an AI assistant can think, remember and act for you, even a single bad click can matter. Keeping your system updated and being selective about what you click remain just as important in the age of AI as it was before.

    Do you feel comfortable letting AI assistants access your personal data, or does this make you more cautious? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Ransomware attack exposes Social Security numbers at major gas station chain

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets. 

    A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people. 

    The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    What happened in the Gulshan ransomware attack

    According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.

    WINDOWS 10 USERS FACE RANSOMWARE NIGHTMARE AS MICROSOFT SUPPORT ENDS IN 2025 WORLDWIDE

    The company says it detected unauthorized access to its IT systems in late September. Investigators later determined that attackers had been inside the network for roughly ten days before anyone noticed. The intrusion began with a phishing attack, a reminder of how a single deceptive email can still open the door to massive breaches.

    Ransomware attacks don’t just hit tech companies. Retailers like gas stations store sensitive customer and employee data that criminals actively target. (Kurt “CyberGuy” Knutsson)

    During that window, the attackers accessed and stole personal data, then deployed ransomware that encrypted files across Gulshan’s systems. The compromised information includes names, contact details, Social Security numbers and driver’s license numbers. That combination is especially dangerous, since it can be used for identity theft, account takeovers and fraud that may surface months or even years later.

    Why the lack of a ransomware claim still matters

    So far, no known ransomware group has publicly taken credit for the attack. That might sound like good news, but it does not necessarily change the risk for affected individuals. In many ransomware cases, silence can mean one of two things. Either the attackers have not yet posted stolen data publicly, or the victim company may have resolved the incident privately.

    Gulshan’s filing states that it restored its systems using known-safe backups. That detail often suggests a company chose to rebuild rather than negotiate with attackers. Even so, once data has been copied out of a network, there is no way to pull it back. Whether or not the stolen information ever appears online, the exposure alone puts affected people at long-term risk.

    This incident also highlights a recurring pattern. Retail and service businesses handle huge volumes of personal data but often rely on legacy systems and frontline employees who are prime phishing targets. Gas stations may not feel like obvious hacking targets, but their payment systems, loyalty programs and HR databases make them valuable all the same.

    We reached out to Gulshan Management Services for comment regarding the breach, but did not receive a response before our deadline.

    Texas gas station customer

    A customer pumps gas at a gas station on Feb. 13, 2025, in Austin, Texas.  (Brandon Bell/Getty Images)

    10 steps you can take to protect yourself after a breach like this

    If your information was exposed in this breach or any similar ransomware incident, there are concrete steps you can take to reduce the fallout.

    1) Monitor your credit and identity closely

    If the company offers free credit monitoring or identity protection, enroll in it. These services can alert you early if someone tries to open accounts or misuse your identity. If nothing is offered, consider signing up for a reputable identity theft protection service on your own.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    2) Consider a personal data removal service

    The less of your information that’s floating around data broker sites, the harder it is for criminals to target you. Data removal services can help reduce your digital footprint over time.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Frontier fallout as 750K customers' data exposed in RansomHub cyberattack

    Even when no ransomware group claims responsibility, stolen data can still fuel identity theft, fraud, and account takeovers long after a breach occurs. (Kurt “CyberGuy” Knutsson)

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    3) Use a password manager

    A password manager helps you create and store unique passwords for every account. If attackers try to reuse stolen data to break into your online accounts, strong, unique passwords can stop that attempt cold.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    4) Turn on two-factor authentication (2FA) everywhere possible

    2FA adds an extra barrier, even if someone has your personal details. Prioritize email, banking, cloud storage, and shopping accounts, since those are often targeted first.

    5) Install and keep a strong antivirus software running

    Strong antivirus software can help detect phishing attempts, malicious downloads, and suspicious activity before it turns into a full compromise. Keep real-time protection enabled and don’t ignore warnings.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Watch for phishing and follow-up scams

    After breaches like this, scammers often send fake emails or texts pretending to be the affected company or a credit monitoring service. Slow down, verify messages independently, and never click links you weren’t expecting.

    7) Review your credit reports regularly

    Check your reports from all major credit bureaus for unfamiliar accounts or inquiries. You’re entitled to free reports, and catching issues early makes them much easier to fix.

    8) Freeze your credit to stop new accounts from being opened

    If criminals expose your Social Security number, place a credit freeze as soon as possible. A credit freeze blocks lenders from opening new accounts in your name, even when thieves have your personal details. The credit bureaus offer freezes for free, and you can temporarily lift one when you apply for credit yourself. This step stops identity theft before it starts, instead of alerting you after the damage is done. If you prefer not to freeze your credit, place a fraud alert instead. A fraud alert tells lenders to verify your identity before approving credit, which adds another layer of protection.

    To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    Person using their smartphone.

    In the Gulshan attack, hackers spent days inside internal systems, stealing personal data before deploying ransomware that locked down files. (Silas Stein/picture alliance via Getty Images)

    9) Protect yourself from tax refund fraud with an IRS Identity Protection PIN

    When Social Security numbers are stolen, tax fraud often follows. Criminals can file fake tax returns in your name to steal refunds before you ever submit your paperwork. An IRS Identity Protection PIN (IP PIN) helps prevent this by ensuring only you can file a tax return using your SSN. It’s a simple but powerful safeguard that can block a common form of identity theft tied to data breaches.

    10) Lock down existing bank and financial accounts

    Don’t just watch for new fraud, proactively secure the accounts you already have. Enable alerts on bank and credit card accounts for large transactions, new payees, or changes to contact information. If your SSN or driver’s license number was exposed, consider calling your bank to ask about additional protections or account notes. Acting early can prevent small issues from becoming major financial problems.

    Kurt’s key takeaway

    Your personal data doesn’t just live with banks and hospitals. Retailers, gas stations, and convenience store operators also hold information that can cause real harm if it falls into the wrong hands. When attackers get in through something as simple as a phishing email and stay undetected for days, the damage can spread fast. You can’t prevent these breaches yourself, but you can limit how much power stolen data gives criminals by locking down your accounts and staying alert.

    Do you think everyday businesses like gas stations take cybersecurity seriously enough? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 73 South Koreans repatriated from Cambodia to face investigations over online scams

    [ad_1]

    SEOUL, South Korea — Dozens of South Koreans allegedly involved in online scams in Cambodia were returned to South Korea on Friday to face investigations in what was the largest group repatriation of Korean criminal suspects from abroad.

    The 73 South Korean suspects allegedly scammed fellow Koreans out of 48.6 billion won ($33 million), according to a South Korean government statement.

    Upon arrival in South Korea’s Incheon airport aboard a chartered plane, the suspects — 65 men and eight women — were sent to police stations.

    The suspects, in handcuffs and wearing masks, were escorted by police officers and boarding buses. They were among about 260 South Koreans detained in a crackdown in Cambodia in recent months.

    “When it comes to crimes that harm our people, we’ll track down and arrest those involved to the very end and get them to face corresponding consequences,” senior police officer Yoo Seung Ryul told a televised briefing at the airport.

    Public outrage over scam centers in Southeast Asia flared up in South Korea when a Korean student was found dead last summer after reportedly being forced to work at a scam compound in Cambodia. Authorities said at the time that he died after being tortured and beaten, and South Korea sent a government delegation to Cambodia in October for talks on a joint response.

    The suspects repatriated Friday include a couple who allegedly operated a deepfake romance scam to dupe 12 billion won ($8.2 million) from about 100 people in fraudulent investment schemes. South Korea has made various efforts to bring them back home, including more than 10 rounds of video meetings with Cambodian officials, the Justice Ministry said in a statement.

    At the airport briefing, senior Foreign Ministry official Yoo Byung-seok expressed gratitude to the Cambodian government over Friday’s repatriation. He said that South Korea hopes to continue close bilateral coordination until online scams targeting South Koreans are eradicated in Cambodia.

    Cybercrime has flourished in Southeast Asia, particularly in Cambodia and Myanmar, as trafficked foreign nationals were employed to run romance and cryptocurrency scams, often after being recruited with false job offers and then forced to work in conditions of near-slavery. According to estimates from the U.N. Office on Drugs and Crime, scam victims worldwide lost between $18 billion and $37 billion in 2023.

    Cambodian Information Minister Neth Pheaktra said in a statement that the deportation of the 73 South Koreans, along with 136 Myanmar citizens, was part of his government’s efforts to crack down on cross-border crime and combat technology-based fraud. The statement said that Cambodian authorities detained 5,106 suspects of 23 nationalities and deported 4,534 to their countries of origin over the past seven months.

    In January, Cambodia said that it had arrested and extradited to China a tycoon accused of running a huge online scam operation.

    Since October, about 130 South Korean scam suspects from Cambodia as well as more than 20 such Korean suspects from Laos, Vietnam, Thailand and the Philippines have been sent back home. After Friday’s repatriation, about 60 South Koreans will remain detained in Cambodia awaiting repatriation, according to police.

    Neth Pheaktra’s statement said that Cambodia deported 244 South Korean nationals last year.

    South Korean officials said in October that about 1,000 South Koreans were estimated to be in scam centers in Cambodia. Some are believed to be forced laborers.

    On Thursday, South Korean President Lee Jae Myung called for stern responses to transnational cybercrimes that he said erodes mutual trust in society and triggers diplomatic disputes with other countries.

    [ad_2]

    Source link

  • Under Armour looking into data breach affecting customers’ email addresses

    [ad_1]

    Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information

    BALTIMORE — Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information.

    The breach is believed to have happened late last year, and affected 72 million email addresses, according to information cited by the cybersecurity website Have I Been Pwned. Some of the records taken also included personal information that included names, genders, birthdates and ZIP codes.

    In an Under Armour statement acknowledging its investigation into the claims of a data breach, the Baltimore-based company said: “We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.”

    Have I Been Pwned CEO Troy Hunt said that he agrees with Under Armour’s assertion, based on the information that has emerged so far. But he also said he was surprised by the lack of an official disclosure statement from the company.

    “That’s unusual, especially given the size of the organisation, the scale of the breach and the amount of time that has passed since the incident,” Hunt, based in Australia, wrote by email Thursday. “In their defence, they’re also the corporate victim of malicious criminal activity and I’m sure they’ve had their hands full dealing with the fallout.”

    [ad_2]

    Source link

  • Web skimming attacks target major payment networks

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Online shopping feels familiar and fast, but a hidden threat continues to operate behind the scenes. 

    Researchers are tracking a long-running web skimming campaign that targets businesses connected to major payment networks. Web skimming is a technique where criminals secretly add malicious code to checkout pages so they can steal payment details as shoppers type them in. 

    These attacks work quietly inside the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized charges appear on their statements.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

    Web skimming attacks hide inside checkout pages and steal card details as shoppers type them in. (Kurt “CyberGuy” Knutsson)

    What Magecart is and why it matters

    Magecart is the name researchers use for groups that specialize in web-skimming attacks. These attacks focus on online stores where shoppers enter payment details during checkout. Instead of hacking banks or card networks directly, attackers slip malicious code into a store’s checkout page. That code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons and payment processing.

    In Magecart attacks, criminals abuse that same code to secretly copy card numbers, expiration dates, security codes and billing details as shoppers type them in. The checkout still works, and the purchase goes through, so there is no obvious warning sign. Magecart originally described attacks against Magento-based online stores. Today, the term applies to web-skimming campaigns across many e-commerce platforms and payment systems.

    Which payment providers are being targeted?

    Researchers say this campaign targets merchants tied to several major payment networks, including:

    • American Express
    • Diners Club
    • Discover, a subsidiary of Capital One
    • JCB Co., Ltd.
    • Mastercard
    • UnionPay

    Large enterprises that rely on these payment providers face a higher risk due to complex websites and third-party integrations.

    700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

    A woman holds a credit card as she types on her laptop.

    Criminals use hidden code to copy payment data while the purchase still goes through normally. (Kurt “CyberGuy” Knutsson)

    How attackers slip skimmers into checkout pages

    Attackers usually enter through weak points that are easy to overlook. Common entry paths include vulnerable third-party scripts, outdated plugins and unpatched content management systems. Once inside, they inject JavaScript directly into the checkout flow. The skimmer monitors form fields tied to card data and personal details, then quietly sends that information to attacker-controlled servers.

    Why web skimming attacks are hard to detect

    To avoid detection, the malicious JavaScript is heavily obfuscated. Some versions can remove themselves when they detect an admin session, which makes inspections appear clean. Researchers also found the campaign uses bulletproof hosting. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web skimmers run inside the browser, they can bypass many server-side fraud controls used by merchants and payment providers.

    Who Magecart web skimming attacks affect most

    Magecart campaigns impact three groups at the same time:

    • Shoppers who unknowingly give up card data
    • Merchants whose checkout pages are compromised
    • Payment providers that detect fraud after the damage is done

    This shared exposure makes detection slower and response more difficult.

    NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

    Selling on the internet? Beware of sneaky tactics scammers use to trick you

    Simple protections like virtual cards and transaction alerts can limit damage and expose fraud faster. (Kurt “CyberGuy” Knutsson)

    How to stay safe as a shopper

    While shoppers cannot fix compromised checkout pages, a few smart habits can reduce exposure, limit how stolen data is used, and help catch fraud faster.

    1) Use virtual or single-use cards

    Virtual and single-use cards are digital card numbers that link to your real credit or debit account without exposing the actual number. They work like a normal card at checkout, but add an extra layer of protection. Most people already have access to them through services they use every day, including:

    Major banks and credit card issuers that offer virtual card numbers inside their apps

    Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.

    Some payment apps and browser tools that create one-time or merchant-locked card numbers

    A single-use card typically works for one purchase or expires shortly after use. A virtual card can stay active for one store and be paused or deleted later. If a web skimming attack captures one of these numbers, attackers usually cannot reuse it elsewhere or run up repeat charges, which limits financial damage and makes fraud easier to stop.

    2) Turn on transaction alerts

    Transaction alerts notify you the moment your card is used, even for small purchases. If web skimming leads to fraud, these alerts can expose unauthorized charges quickly and give you a chance to freeze the card before losses grow. For example, a $2 test charge on your card can signal fraud before larger purchases appear.

    3) Lock down financial accounts

    Use strong, unique passwords for banking and card portals to reduce the risk of account takeover. A password manager helps generate and store them securely.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    4) Install strong antivirus software

    Strong antivirus software can block connections to malicious domains used to collect skimmed data and warn you about unsafe websites.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Use a data removal service

    Data removal services can reduce how much personal information is exposed online, making it harder for criminals to pair stolen card data with full identity details.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Watch for unexpected card activity

    Review statements regularly, even for small charges, since attackers often test stolen cards with low-value transactions.

    Kurt’s key takeaways

    Magecart web skimming shows how attackers can exploit trusted checkout pages without disrupting the shopping experience. While consumers cannot fix compromised sites, simple safeguards can reduce risk and help catch fraud early. Online payments rely on trust, but this campaign shows why that trust should always be paired with caution.

    Does knowing how web skimming works make you rethink how safe online checkout really is?  Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Fiber broadband giant investigates breach affecting 1M users

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Brightspeed, one of the largest fiber broadband providers in the United States, is investigating claims that hackers stole sensitive data tied to more than 1 million customers.

    The allegations surfaced when a group calling itself the Crimson Collective posted messages on Telegram warning Brightspeed employees to check their email. The group claims it has access to over 1 million residential customer records and threatened to release sample data if the company does not respond.

    At this point, Brightspeed has not confirmed a breach. However, the company says it is actively investigating what it calls a potential cybersecurity event.

    DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO

    Fiber networks carry massive amounts of personal data, which makes internet providers attractive targets for extortion groups. (Philip Dulian/picture alliance via Getty Images)

    Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

    What the hackers say they stole

    According to Crimson Collective, the stolen data includes a wide range of personally identifiable information. The group claims it has access to:

    • Customer names, email addresses and phone numbers
    • Home and billing addresses
    • User account details linked to session or user IDs
    • Payment history and partial payment card information
    • Appointment and order records tied to customer accounts

    If accurate, that combination of data could create serious identity theft and fraud risks for affected customers.

    Brightspeed responds to the allegations

    Brightspeed says it takes the situation seriously, even as it continues to verify the claims.

    In a statement shared with BleepingComputer, the company said it is rigorously monitoring threats and working to understand what happened. Brightspeed added that it will keep customers, employees and authorities informed as more details become available.

    So far, there has been no public notice on Brightspeed’s website or social media channels confirming customer data exposure.

    Who Brightspeed is and why this matters

    Brightspeed is a U.S. telecommunications and internet service provider founded in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies.

    Headquartered in Charlotte, North Carolina, the company serves rural and suburban communities across 20 states. It has rapidly expanded its fiber footprint, passing more than 2 million homes and businesses and aiming to reach over 5 million locations.

    Because Brightspeed focuses on underserved areas, many customers rely on it as their primary internet provider. That makes any potential breach especially concerning.

    A closer look at Crimson Collective

    Crimson Collective is not new to high-profile targets. In October, the group breached a GitLab instance tied to Red Hat, stealing hundreds of gigabytes of internal development data.

    That incident later rippled outward. In December, Nissan confirmed that personal data for about 21,000 Japanese customers was exposed through the same breach.

    More recently, researchers say Crimson Collective has targeted cloud environments, including Amazon Web Services, by abusing exposed credentials and creating rogue access accounts to escalate privileges.

    In other words, the group has a track record that makes its claims hard to ignore.

    What this could mean for customers

    Even though Brightspeed has not confirmed a breach, the claims alone are enough to raise red flags. If customer data was accessed, it could be used for phishing scams, account takeovers or payment fraud.

    Cybercriminals often move fast after breaches. That means customers should stay alert even before an official notice appears.

    CyberGuy reached out to Brightspeed for comment, and a spokesperson told us,

    “We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, stakeholders and authorities informed.”

    JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

    How to protect your personal data and online accounts

    Even if this Brightspeed investigation does not end up impacting your account, these steps are worth following. Most data breaches lead to the same downstream risks, like phishing scams, account takeovers and identity theft. Building these habits now can help protect you across all your online accounts.

    Woman typing on her phone.

    Cybercriminals often use public posts and countdowns to pressure companies into responding quickly. (Sebastian Kahnert/picture alliance via Getty Images)

    1) Watch for phishing attempts

    Scammers often take advantage of breach headlines to create panic. Be cautious with emails, calls or texts that mention your internet account billing problems or service changes. If a message pushes urgency or pressure, pause before responding.

    2) Avoid suspicious links and attachments

    Do not click links or open attachments tied to account notices or payment issues. Instead, open a new browser window and go directly to the company’s official website or app. Strong antivirus software adds another layer of protection against malicious downloads.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    3) Update your account passwords

    Change your Brightspeed account password and review passwords on other important accounts. Use strong, unique passwords that you do not reuse elsewhere. A trusted password manager can generate and store complex passwords, which makes account takeovers much harder.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

    4) Reduce your data footprint

    Personal data spreads quietly across data broker sites. Using a data removal service can help limit how much of your information is publicly available. Less exposed data means fewer opportunities for scammers to target you.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    5) Turn on account alerts

    Brightspeed lets customers turn on account and billing alerts through the My Brightspeed site or app. You can choose which notifications you receive by email or text. Alerts can help you catch unusual activity early and respond before more damage occurs.

    6) Monitor your financial accounts closely

    Check bank and credit card statements often. Look for small or unfamiliar charges since criminals sometimes test stolen data with low-dollar transactions before attempting larger fraud.

    7) Consider fraud alerts or a credit freeze

    If sensitive information may have been exposed, placing a fraud alert or credit freeze can add protection. These steps make it harder for criminals to open new accounts in your name. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    You may also want to consider an identity theft protection service that monitors for suspicious activity and sends alerts. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    Woman holds her face after looking at her computer

    When personal and billing information is exposed, the risk extends beyond one company to everyday customers. (Pixelfit/Getty Images)

    Kurt’s key takeaways

    Brightspeed’s investigation is still unfolding, and the company says it will share updates as it learns more. Until then, the claims highlight how valuable customer data has become and how aggressively extortion groups are targeting infrastructure providers. For customers, caution is the best defense. For companies, transparency and speed will matter if these claims turn out to be real.

    Do you feel companies are doing enough to keep your personal data safe? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

    Copyright 2026 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • WhatsApp Web malware spreads banking trojan automatically

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A new malware campaign is turning WhatsApp Web into a weapon. Security researchers say a banking Trojan linked to Astaroth is now spreading automatically through chat messages, making the attack harder to stop once it starts. 

    The campaign is known as Boto Cor-de-Rosa. It shows how cybercriminals keep evolving, especially when they can abuse tools people trust every day. This attack focuses on Windows users and uses WhatsApp Web as both the delivery system and the engine that spreads the infection further.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

    Attackers abuse WhatsApp Web to spread malware through messages that appear to come from people you trust. (Kurt “CyberGuy” Knutsson)

    How this WhatsApp Web attack works

    The attack starts with a simple message. A contact sends what looks like a routine ZIP file through WhatsApp. The file name appears random and harmless, which lowers suspicion. Once opened, the ZIP contains a Visual Basic script disguised as a normal document. If the user runs it, the script quietly pulls in two more pieces of malware. Then the script downloads the Astaroth banking malware written in Delphi. It also installs a Python-based module designed to control WhatsApp Web. Both components run in the background without obvious warning signs. From there, the infection becomes self-sustaining.

    Malware that spreads itself through your contacts

    What makes this campaign especially dangerous is how it propagates. The Python module scans the victim’s WhatsApp contacts and sends the malicious ZIP file to every conversation automatically. Researchers at Acronis found that the malware adapts its messages based on the time of day. It sends friendly greetings, making the message feel normal and familiar. The text reads, “Here is the requested file. If you have any questions, I’m available!” Because the message appears to come from someone you know, many people open it without hesitation.

    NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

    Person holds iPhone showing the Whatsapp logo

    A single ZIP file sent through chat can quietly install banking malware and begin spreading to every contact. (Kurt “CyberGuy” Knutsson)

    Built-in tracking keeps the attack efficient

    This malware is carefully designed to monitor its own performance in real time. The propagation tool tracks how many messages are successfully delivered, how many fail to send, and the overall sending speed measured per minute. After every 50 messages, it generates progress updates that show how many contacts have been reached. This feedback allows attackers to measure success quickly and make adjustments if something stops working.

    What happens after infection

    The initial script is heavily obfuscated to avoid detection by antivirus tools. Once it runs, it launches PowerShell commands that download more malware from compromised websites. One known domain used in this campaign is coffe-estilo.com. The malware installs itself inside a folder that mimics a Microsoft Edge cache directory. Inside are executable files and libraries that make up the full Astaroth banking payload. From there, the malware can steal credentials, monitor activity and potentially access financial accounts.

    Why WhatsApp Web is being abused

    WhatsApp Web is popular because it mirrors your phone conversations on a computer. That convenience makes it easy to send messages, share files and type faster, but it also introduces risk. When you use WhatsApp Web, you link your phone to a browser by scanning a QR code at web.whatsapp.com. Once connected, that browser session becomes a trusted extension of your account. Your chats appear on the screen, messages you send come from your real number and incoming messages sync across both devices.

    That setup is exactly what attackers take advantage of. If malware gains access to a computer with WhatsApp Web logged in, it can act as the user. It can read messages, access contact lists and send files or links that look completely legitimate. The messages do not raise alarms because they are coming from a real account, not a fake one.

    This is what turns WhatsApp Web into an effective delivery system for malware. Instead of breaking into WhatsApp itself, attackers simply abuse an open browser session to spread malicious files automatically. Many users do not realize the danger because WhatsApp Web feels harmless. It is often left signed in on work computers, shared devices or systems without strong security. In those situations, malware does not need advanced tricks. It only needs access to an already trusted session. That combination of convenience and trust is why WhatsApp Web has become such an attractive target.

    MALICIOUS MAC EXTENSIONS STEAL CRYPTO WALLETS AND PASSWORDS

    A person typing on a laptop. (Kurt "CyberGuy" Knutsson)  

    Once WhatsApp Web is compromised, malware can act like the user, sending messages and files that look completely legitimate.  (Kurt “CyberGuy” Knutsson)

    How to stay safe from WhatsApp Web malware

    Attacks like this WhatsApp Web malware are designed to spread fast through trusted conversations. A few smart habits can dramatically lower your risk.

    1) Be skeptical of unexpected attachments

    Messaging apps feel casual, which is exactly why attackers use them. Never open ZIP files sent through chat unless you confirm with the sender first. Watch for file names made of random numbers or unfamiliar names. Treat messages that create urgency or feel overly familiar as a warning sign. If a file arrives out of nowhere, pause before clicking.

    2) Lock down WhatsApp Web access

    This campaign abuses WhatsApp Web to spread automatically once a device is infected. Check active WhatsApp Web sessions and log out of any you do not recognize. Avoid leaving WhatsApp Web signed in on shared or public computers. Enable two-factor authentication (2FA) inside WhatsApp settings. Cutting off Web access helps limit how far malware can travel.

    3) Keep your Windows PC locked down and use strong antivirus software 

    This type of malware takes advantage of systems that fall behind on updates. Install Windows updates as soon as they are available. Also, keep your web browser fully updated. Staying current closes many of the doors attackers try to slip through. In addition, use strong antivirus software that watches for script abuse and PowerShell activity in real time.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    4) Limit how much of your personal data is online

    Banking malware often pairs with identity theft and financial fraud. One way to reduce the fallout is by shrinking your digital footprint. A data removal service can help remove your personal information from data broker sites that attackers often search. With less information available, criminals have fewer details to exploit if malware reaches your device.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    5) Add identity theft protection for extra coverage

    Even with strong security habits, financial monitoring adds another layer of protection. An identity theft protection service can watch for suspicious activity tied to your credit and personal data. Identity theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    You should also turn on alerts for bank and credit card transactions so you are notified quickly if something looks wrong. The less exposed your data is, the fewer opportunities attackers have to cause damage.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    6) Slow down and trust your instincts

    Most malware infections happen because people act too quickly. If a message feels off, trust that instinct. Familiar names and friendly language can lower your guard, but they should never replace caution. Take a moment to verify the message or file before opening anything. Attackers rely on trust and urgency to succeed. Slowing down takes away their advantage.

    Kurt’s key takeaways

    This WhatsApp Web malware campaign is a reminder that cyberattacks no longer rely on obvious red flags. Instead, they blend into everyday conversations and use familiar tools to spread quietly and quickly. What makes this threat especially concerning is how little effort it takes for it to move from one device to dozens of others. A single click can turn a trusted chat into a delivery system for banking malware and identity theft. The good news is that small changes make a big difference. Paying attention to attachments, locking down WhatsApp Web access, keeping devices updated and slowing down before clicking can stop these attacks cold. As messaging platforms continue to play a bigger role in daily life, staying alert is no longer optional. Awareness and simple habits remain some of the strongest defenses you have.

    Do you think messaging apps are doing enough to protect users from malware that spreads through trusted conversations?  Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • January scams surge: Why fraud spikes at the start of the year

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Every January, I hear from people who say the same thing: “I just got an email that looked official, and I almost fell for it.” That’s not a coincidence. January is one of the busiest months of the year for scammers. While most of us are focused on taxes, benefits, subscriptions, and getting our finances in order, criminals are doing their own kind of cleanup, refreshing scam lists and going after people with newly updated personal data. If you’ve ever received a message claiming your account needs to be “verified,” your benefits are at risk, or your tax information is incomplete, this article is for you.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

    Scam messages often look urgent and official, pushing you to act before you have time to think. That pressure is exactly what criminals rely on. (Kurt “CyberGuy” Knutsson)

    Why January is prime time for scammers

    January is when scammers have everything they need. According to YouMail’s Robocall Index, U.S. consumers received just over 4.7 billion robocalls in January 2025, a roughly 9% increase from December 2024. This year, we can expect the same pattern from scammers.

    They know:

    But the biggest reason scams spike now? Your personal data is easier to find than you think. Data brokers quietly collect and update profiles year after year. By January, those profiles are often more complete than ever, and scammers know it.

    The “account verification” scam you’ll see everywhere

    One of the most common January scams looks harmless at first. You get a message saying:

    • “Your Social Security account needs verification”
    • “Your Medicare information has to be updated”
    • “Your benefits could be delayed without action”

    The message sounds official. Sometimes it even uses your real name or location. That’s where people get tricked. Government agencies don’t ask for sensitive information through random emails or texts. Scammers rely on urgency and familiarity to push you into reacting before thinking.

    My rule: If you didn’t initiate the request, don’t respond to it. Always go directly to the agency’s official website or phone number, never through a link sent to you.

    MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

    A person typing on a laptop. (Kurt "CyberGuy" Knutsson)  

    January is a prime time for fraud because people are dealing with taxes, benefits and account updates. Scammers know these messages feel expected and familiar. (Kurt “CyberGuy” Knutsson)

    Fake tax and benefits notices ramp up in January

    Another favorite scam this time of year involves taxes and refunds.

    You may see:

    • Emails claiming you owe back taxes
    • Messages saying you’re due a refund
    • Notices asking you to “confirm” banking information.

    These scams work because they arrive at exactly the moment people expect to hear from tax agencies or benefits programs.

    Scammers don’t need much to sound convincing. A name, an email address or an old address is often enough. If you get a tax-related message out of the blue, slow down. Real agencies don’t pressure you to act immediately.

    Subscription “problems” that aren’t real

    January is also when subscription scams explode. Fake messages claim:

    Scammers know most people have subscriptions, so they play the odds. Instead of clicking, open the app or website directly. If there’s a real problem, you’ll see it there.

    Why these scams feel so personal

    People often tell me, “But they used my name, how did they know?” Here’s the uncomfortable truth: They probably bought it. Data brokers compile massive profiles that include:

    • Address histories
    • Phone numbers and emails
    • Family connections
    • Shopping behavior.

    That data is sold, shared and leaked. Once scammers have it, they can tailor messages that feel real, because they’re built on real information.

    10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

    The more personal data scammers have, the more convincing their messages become. Removing your information from data broker sites can help reduce targeted scams over time.

    The more personal data scammers have, the more convincing their messages become. Removing your information from data broker sites can help reduce targeted scams over time. (Kurt “CyberGuy” Knutsson)

    What you should do right now

    Before January gets any busier, take these steps to reduce your exposure to scams and fraud:

    1) Remove your personal data from broker sites

    Deleting emails or blocking numbers helps, but it does not stop scams at the source. Scammers rely on data broker sites that quietly collect, update and sell your personal information. Removing your data from those sites reduces scam calls, phishing emails and targeted texts over time. It also makes it harder for criminals to personalize messages using your real name, address or family connections. You have two ways to do this:

    Do it yourself:

    You can visit individual data broker websites, search for your profile and submit opt-out requests.This method works, but it takes time. Each site has its own rules, identity verification steps, and response timelines. Many brokers also re-add data later, which means you have to repeat the process regularly.

    Use a data removal service:

    A data removal service automates the opt-out process by contacting hundreds of data brokers on your behalf and monitoring for re-listings. This option saves time and provides ongoing protection, especially if you want long-term results without constant follow-ups.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    2) Don’t click links in unexpected messages

    If you did not initiate the request, do not click. Scam messages are designed to create urgency, especially around taxes, benefits and account issues. Instead, go directly to the official website by typing the address yourself or using a saved bookmark. This single habit prevents most phishing attacks.

    3) Turn on two-factor authentication wherever possible

    Two-factor authentication (2FA) adds a critical second layer of protection. Even if someone gets your password, they still cannot access your account without the second verification code. Start with email, financial accounts, social media and government services.

    4) Check accounts only through official apps or websites

    If you receive a warning about an account problem, do not trust the message itself. Open the official app or website, and check there. If something is wrong, you will see it immediately. If not, you just avoided a scam.

    5) Watch for account alerts and login activity

    Enable login alerts and security notifications on important accounts. These alerts can warn you if someone tries to sign in from a new device or location. Early warnings give you time to act before real damage occurs.

    6) Use strong, unique passwords and a password manager

    Reusing passwords makes it easy for scammers to take over multiple accounts at once. If one service is compromised, attackers try the same login on email, banking, and social media accounts. A password manager helps you create and store strong, unique passwords for every account without needing to remember them. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    January scams aren’t random. They’re targeted, timed and fueled by personal data that shouldn’t be public in the first place. The longer your information stays online, the easier it is for scammers to use it against you. If you want a quieter inbox, fewer scam calls and less risk this year, take action early, before criminals finish rebuilding their lists. Protect your data now, and you’ll be safer all year long.

    Have you noticed more scam emails, texts or calls since the new year started? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report. Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Malicious Mac extensions steal crypto wallets and passwords

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Mac users often assume they’re safer than everyone else, especially when they stick to official app stores and trusted tools.

    That sense of security is exactly what attackers like to exploit. Security researchers have now uncovered a fresh wave of malicious Mac extensions that don’t just spy on you, but can also steal cryptocurrency wallet data, passwords and even Keychain credentials. What makes this campaign especially concerning is where the malware was found, inside legitimate extension marketplaces that many people trust by default.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Once active, GlassWorm targets passwords, crypto wallets, and even your macOS Keychain without obvious warning signs. (Cyberguy.com)

    How malicious Mac extensions slipped into trusted stores

    Security researchers at Koi Security uncovered a new wave of the GlassWorm malware hiding inside extensions for code editors like Visual Studio Code (via Bleeping Computer). If you’re not familiar with code editors, they’re tools developers use to write and edit code, similar to how you might use Google Docs or Microsoft Word to edit text. These malicious extensions appeared on both the Microsoft Visual Studio Marketplace and OpenVSX, platforms widely used by developers and power users.

    FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

    At first glance, the extensions looked harmless. They promised popular features like code formatting, themes or productivity tools. Once installed, though, they quietly ran malicious code in the background. Earlier versions of GlassWorm relied on hidden text tricks to stay invisible. The latest wave goes further by encrypting its malicious code and delaying execution, making it harder for automated security checks to catch.

    Even though this campaign is described as targeting developers, you don’t need to write code to be at risk. If you use a Mac, install extensions or store passwords or cryptocurrency on your system, this threat still applies to you.

    What GlassWorm does once it’s on your Mac

    Once active, GlassWorm goes after some of the most sensitive data on your device. It attempts to steal login credentials tied to platforms like GitHub and npm, but it doesn’t stop there. The malware also targets browser-based cryptocurrency wallets and now tries to access your macOS Keychain, where many saved passwords are stored.

    Researchers also found that GlassWorm checks whether hardware wallet apps like Ledger Live or Trezor Suite are installed. If they are, the malware attempts to replace them with a compromised version designed to steal crypto. That part of the attack isn’t fully working yet, but the functionality is already in place.

    To maintain access, the malware sets itself up to run automatically after a reboot. It can also allow remote access to your system and route internet traffic through your Mac without you realizing it, turning your device into a quiet relay for someone else.

    Some of the malicious extensions showed tens of thousands of downloads. Those numbers can be manipulated, but they still create a false sense of trust that makes people more likely to install them.

    7 steps you can take to stay safe from malicious Mac extensions

    Malicious extensions don’t look dangerous. That’s what makes them effective. These steps can help you reduce the risk, even when threats slip into trusted marketplaces.

    1) Only install extensions you actually need

    Every extension you install increases risk. If you’re not actively using one, remove it. Be especially cautious of extensions that promise big productivity gains, premium features for free or imitate popular tools with slightly altered names.

    2) Verify the publisher before installing anything

    Check who made the extension. Established developers usually have a clear website, documentation and update history. New publishers, vague descriptions or cloned names should raise red flags.

    Man typing on MacBook

    These malicious extensions looked like helpful tools but quietly ran hidden code once installed. (Cyberguy.com)

    3) Use a password manager

    A password manager keeps your logins encrypted and stored safely outside your browser or editor. It also ensures every account has a unique password, so if one set of credentials is stolen, attackers can’t reuse it elsewhere.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    HOW HACKERS ARE BREAKING INTO APPLE DEVICES THROUGH AIRPLAY

    4) Run strong antivirus software on your Mac

    Modern macOS malware doesn’t always drop obvious files. Antivirus tools today focus on behavior, looking for suspicious background activity, encrypted payloads and persistence mechanisms used by malicious extensions. This adds a critical safety net when something slips through official marketplaces.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Consider a personal data removal service

    When your data leaks, it often spreads across data broker sites and breaches databases. Personal data removal services help reduce how much of your information is publicly available, making it harder for attackers to target you with follow-up scams or account takeovers.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Turn on two-factor authentication (2FA)

    Enable 2FA wherever possible, especially for email, cloud services, developer platforms and crypto-related accounts. Even if a password is stolen, 2FA can stop attackers from logging in.

    7) Keep macOS and your apps fully updated

    Security updates close gaps that malware relies on. Turn on automatic updates so you’re protected even if you miss the headlines or forget to check manually.

    A Mac computer on a table

    Mac users often trust official app stores, but that trust is exactly what attackers are counting on. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaway

    GlassWorm shows that malware doesn’t always come from shady downloads or obvious scams. Sometimes it hides inside tools you already trust. Even official extension stores can host malicious software long enough to cause real harm. If you use a Mac and rely on extensions, a quick review of what’s installed could save you from losing passwords, crypto or access to important accounts.

    When was the last time you checked the extensions running on your Mac? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Teen hackers recruited through fake job ads

    [ad_1]

    NEWYou can now listen to Fox News articles!

    At first glance, the job posts look completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment comes in crypto. But these are not tutoring gigs or customer service roles. They are recruiting ads for ransomware operations. 

    And many of the people responding are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. All of them promise big payouts for “successful calls.”

    What they leave out is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem goes by a familiar name. Insiders often refer to it as “The Com,” short for “The Community.”

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

    Fake job ads promising fast cash and flexible hours are quietly recruiting teens into ransomware and extortion schemes, often paying in cryptocurrency to hide criminal activity. (Donato Fasano/Getty Images)

    How The Com operates behind the scenes

    The Com is not a single organized gang. It functions as a loose network of groups that regularly change names and members. Well-known offshoots tied to this ecosystem include Scattered Spider, Lapsus$, ShinyHunters and related splinter crews. Some groups focus on data theft. Others specialize in phishing or extortion. Collaboration happens when it benefits the operation. 

    Since 2022, these networks have targeted more than 100 major companies in the U.S. and UK. Victims include well-known brands across retail, telecom, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of affected companies exceeds one trillion dollars.

    Teenagers often take on the riskiest roles within these schemes. Phone calls, access testing and social engineering scripts typically fall to younger participants. More experienced criminals remain in the background, limiting their exposure.

    That structure mirrors what identity and fraud experts are seeing across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract. 

    “A job post feels structured, normal and safe, even when the actual behavior being requested is anything but,” Amper said. “A job posting implies a real process – a role, a manager, training and a paycheck. That’s exactly why it works. It lowers skepticism and makes risky requests feel like normal onboarding.”

    Amper notes that what’s changed is not just the scale of recruitment, but how criminals package it. “Serious crime is now being sold as ‘work.’”

    Why teens excel at social engineering attacks

    Teenagers bring a unique mix of skills that make them highly convincing. Fluent English and comfort with modern workplace technology help them sound legitimate. Familiarity with tools like Slack, ticketing systems and cloud platforms makes impersonation easier.

    According to Amper, teens don’t need technical expertise to get pulled in. “The on-ramp is usually social, a Discord server, a DM, a ‘quick gig,’” he said. “It can feel like trolling culture, but the targets are real companies and the consequences are real people.”

    Risk awareness is often lower. Conversations frequently take place in public chats, where tactics and mistakes are shared quickly. That visibility accelerates learning and increases the likelihood of detection and arrest.

    Gaming culture feeds the pipeline

    For many teens, it starts small. Pranks in online games turn into account takeovers. Username theft becomes crypto theft. Skills escalate. So do the stakes.

    Recruitment often begins in gaming spaces where fast learning and confidence are rewarded. Grooming is common. Sextortion sometimes appears. By the time real money enters the picture, legal consequences feel distant.

    Amper compares the progression to gaming itself. “These crews package crime as a ladder,” he said. “Join the group, do small tasks, level up, get paid, get status.”

    Why young women are being targeted

    Cybercrime remains male-dominated, but recruiters adapt. Young women are increasingly recruited for phone-based attacks. Some use AI tools to alter accents or tone. Others rely on stereotypes. Distress lowers suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk inside these groups. Leadership remains overwhelmingly male. Girls often perform low-level work. Training stays minimal. Exploitation is frequent.

    Red flags that signal fake job scams and ransomware recruitment

    These warning signs show up repeatedly in cases involving teen hackers, social engineering crews and ransomware groups.

    Crypto-only pay is a major warning sign

    Legitimate employers do not pay workers exclusively in cryptocurrency. Crypto-only pay makes transactions hard to trace and protects criminals, not workers.

    Per-call or per-task payouts should raise concern

    Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Real jobs pay hourly or a salary with documentation.

    Recruitment through Telegram or Discord is a red flag

    Criminal groups rely on private messaging apps to avoid oversight. Established companies do not recruit employees through gaming chats or encrypted DMs.

    Anonymous mentors and vague training are dangerous

    Being “trained from scratch” by unnamed individuals is common in ransomware pipelines. These mentors disappear when arrests happen.

    Secrecy requests signal manipulation

    Any job that asks teens to hide work from parents or employees to hide tasks from employers is crossing a line. Secrecy protects the recruiter, not the recruit.

    Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, obtain access, move money, or share sensitive identifiers before you’ve verified the employer, you’re not in a hiring process. You’re in a crime pipeline.”

    He adds that legitimate employers collect sensitive information only after a real offer, through verified HR systems. “The scam version flips the order,” he said. “It asks for the most sensitive details first, before anything is independently verifiable.”

    Urgency and emotional pressure are deliberate tactics

    Rushing decisions or creating fear lowers judgment. Social engineering depends on speed and emotional reactions.

    If you see more than one of these signs, pause immediately. Walking away early can prevent serious legal consequences later.

    MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

    Hacker using a computer.

    Cybercrime recruiters are targeting middle and high school students for risky roles like social engineering calls, exposing them to federal charges and prison time. (Philip Dulian/picture alliance via Getty Images)

    Law enforcement is cracking down on teen cybercrime

    Since 2024, government indictments and international arrests have shown cybercriminal groups tied to The Com and Scattered Spider are under increasing scrutiny from law enforcement. In Sept. 2025, U.S. prosecutors unsealed a Department of Justice complaint against 19-year-old Thalha Jubair, accusing him of orchestrating at least 120 ransomware and extortion attacks that brought in over $115 million in ransom payments from 47 U.S. companies and organizations, including federal court networks. Prosecutors charged Jubair with computer fraud, wire fraud and money laundering conspiracy.

    Across the Atlantic, British authorities charged Jubair and 18-year-old Owen Flowers for their alleged roles in a Transport for London cyberattack in 2024 that compromised travel card data and disrupted live commuter information. Both appeared in court under the U.K.’s Computer Misuse Act. Earlier law enforcement action in the U.S. included criminal charges against five Scattered Spider suspects for mass phishing campaigns that stole login credentials and millions in cryptocurrency, laying out how members of this collective staged coordinated extortion and data theft.

    Federal agencies are also issuing advisories about the group’s social engineering techniques, noting how attackers impersonate help desks, abuse multi-factor authentication and harvest credentials to access corporate networks.

    Parents often learn the truth late. In many cases, the first warning comes when federal agents arrive at the door. Teens can move from online pranks to serious federal crimes without realizing where the legal line lies.

    How parents and teens can avoid ransomware recruitment traps

    This type of cybercrime thrives on silence and speed. Slowing things down protects families and futures.

    Tips for parents and guardians to spot fake job scams early

    Parents play a critical role in spotting early warning signs, especially when online “work” starts happening behind closed doors or moves too fast to explain.

    1) Pay attention to how online “jobs” are communicated

    Ask which platforms your child uses for work conversations and who they talk to. Legitimate employers do not recruit through Telegram or Discord DMs.

    2) Question sudden income with no clear employer

    Money appearing quickly, especially in crypto, deserves scrutiny. Real jobs provide paperwork, supervisors and pay records.

    3) Treat secrecy as a serious warning sign

    If a teen is told to keep work private from parents or teachers, that is not independence. It is manipulation.

    4) Talk early about legal consequences online

    Many teens do not realize that cybercrime can lead to federal charges. Honest conversations now prevent life-changing outcomes later. Also, monitoring may feel uncomfortable. However, silence creates more risk.

    Tips for teens to avoid fake job offers and cybercrime traps

    Teenagers with tech skills have real opportunities ahead, but knowing how to spot fake offers can mean the difference between building a career and facing serious legal trouble.

    1) Be skeptical of private messages offering fast money

    Real companies do not cold-recruit through private chats or gaming servers.

    2) Avoid crypto-only payment offers

    Being paid only in cryptocurrency is a common tactic used to hide criminal activity.

    3) Choose legal paths to build skills and reputation

    Bug bounty programs, cybersecurity clubs and internships offer real experience without risking your future. Talent opens doors. Prison closes them.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

    FBI WARNS OF FAKE KIDNAPPING PHOTOS USED IN NEW SCAM

    Person typing on a keyboard.

    A loose cybercrime network known as “The Com” has been linked to major U.S. and U.K. data breaches affecting companies worth trillions combined. (Photo by Uli Deck/picture alliance via Getty Images)

    Kurt’s key takeaways

    What makes this trend so unsettling is how ordinary it all looks. The job ads sound harmless. The chats feel friendly. The crypto payouts seem exciting. But underneath that surface is a pipeline pulling teenagers into serious crimes with real consequences. Many kids do not realize how far they have gone until it is too late. What starts as a quick call or a side hustle can turn into federal charges and years of fallout. Cybercrime moves fast. Accountability usually shows up much later. By the time it does, the damage is already done.

    If fake job ads can quietly recruit teenagers into ransomware gangs, how confident are you that your family or workplace would spot the warning signs before it is too late? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 10 ways to protect seniors from email scams

    [ad_1]

    Cyber expert shares tips to avoid AI phishing scams

    Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.

    NEWYou can now listen to Fox News articles!

    Email scams have become one of the fastest ways scammers steal money from older adults. A single click can expose bank accounts, personal data and retirement savings built over a lifetime. That growing risk is what prompted Bob to write to us with a question many families are now facing:

    “My friend’s father is 95 and absolutely lives through his phone/laptop. He refuses to give up either and often clicks on email links. A few years ago, he got caught up in a gift card scam that almost cost him his life savings. It’s not taking away the car keys anymore; it is taking away the email and access to online banking! What do you recommend that his daughter do to protect his online presence?”

    Bob is right. For many seniors, email and online banking have replaced car keys as the most dangerous access point. The goal is not to take devices away. It is to quietly put guardrails in place so one bad click does not turn into a financial disaster.

    Here is a practical plan families can actually use.

    HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

     1) Separate money from daily email use

    Start by limiting how much damage a single click can cause. If possible, remove online banking access from the devices used for email. When that is not realistic, open a second checking account with only everyday spending money and link it to a debit card for routine purchases.

    Keep primary savings accounts offline or set to view-only access. If available, require in-branch or phone verification for transfers above a set amount. This way, even if credentials are compromised, the largest accounts remain protected. 

    2) Lock down email to stop scams targeting seniors

    Email is the number one entry point for scams targeting seniors. Strong filtering matters. Use an email provider with advanced spam protection, such as Gmail or Outlook.com. In the email settings:

    • Turn off automatic image loading
    • Disable link previews
    • Block or auto-quarantine attachments from unknown senders
    • Automatically move messages from unknown senders to a Review folder

    If available, enable warnings for emails that use familiar display names but come from unfamiliar addresses. This helps stop impersonation scams that pretend to be family, banks or service providers. These steps slow scammers down and reduce impulse clicks before damage happens.

    Email is dominant, but voicemail and callback scams are also growing fast among seniors, often as a follow-up to phishing emails. If possible, silence unknown callers and block voicemail-to-email transcription for unfamiliar numbers, since many scams now start with urgent callback messages rather than links.

    Email scams often start with messages that look routine but hide urgent threats designed to trigger quick clicks. (Kurt “CyberGuy” Knutsson)

    3) Add a trusted second set of eyes

    Next, add safety nets that notify family members when something looks wrong. Enable banking alerts for large withdrawals, new payees, password changes, unusual logins and new device sign-ins. Add his daughter as a trusted contact wherever the bank allows it. If available, enable delays or approval requirements for first-time transfers to new payees. This creates a cooling period that can stop scam-driven transactions. For email accounts, set up a recovery contact so that his daughter is notified immediately if someone attempts to access or reset the account.

    Enable two-factor authentication (2FA) on email and banking accounts, but pair it with device and transfer alerts, since many scams now succeed even when 2FA is enabled.

    4) Harden devices so clicks do not equal catastrophe

    Devices should be set up to fail safely. Keep operating systems and browsers updated. Make sure the laptop uses a standard user account instead of an administrator account. This prevents software from installing without approval. Install real-time protection that blocks scam sites before they load. Strong antivirus software helps block malicious links and fake login pages automatically.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Use a password manager to block fake logins

    Password reuse makes scams far more dangerous. Fake pop-ups and lookalike websites are designed to trick people into typing usernames and passwords by hand. A password manager removes that risk by storing credentials securely and autofilling them only on legitimate websites. If a page is fake or malicious, the password manager will not fill anything. That simple refusal often prevents account takeovers before they start. Password managers also reduce frustration by eliminating the need to remember or reuse passwords across email, banking and shopping accounts. When set up correctly, this protection works quietly in the background on both phones and laptops.

    Many phishing scams no longer rely on obvious fake emails. They rely on realistic login pages. Autofill protection is one of the most effective ways to stop these attacks without changing daily habits.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

    6) Freeze credit and monitor identity exposure

    If scammers already have personal information, prevention alone is not enough. Freeze credit with Experian, TransUnion and Equifax to prevent new accounts from being opened. Also, place freezes with ChexSystems and the National Consumer Telecom and Utilities Exchange to stop criminals from opening bank accounts, phone lines, or utility services in his name.

    If possible, request an IRS Identity Protection PIN to prevent tax-related identity theft.

    Add ongoing identity monitoring so suspicious activity triggers alerts quickly. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    7) Set clear rules around scams and payments

    Technology helps, but expectations matter. Have one calm conversation and agree on simple rules:

    • No gift cards for urgent emails or texts
    • No sending money through unfamiliar apps or cryptocurrency
    • Always call a trusted family member before acting on urgency

    Post these rules near the computer or phone. Visual reminders reduce panic decisions. Also, before setting rules, choose one primary trusted contact. Multiple helpers can slow response during urgent scams and create confusion when fast decisions matter. That person should be the default call for anything urgent involving money, account access, or unexpected requests.

    Old man and adult look at a computer

    Adult children increasingly step in to help parents spot red flags before a simple mistake turns into a financial loss. (Kurt “CyberGuy” Knutsson)

    8) Reduce exposure with a data removal service

    Scammers often find seniors by pulling personal details from public data broker websites. These sites publish phone numbers, addresses, relatives and age information that make targeting easier. A data removal service works behind the scenes to opt seniors out of these databases and reduce how much personal information is publicly available online. Fewer exposed details means fewer scam calls, fewer phishing emails and fewer impersonation attempts. This step does not stop every scam, but it significantly lowers how often seniors are targeted in the first place.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    9) Use senior-friendly monitoring tools the right way

    Many tools designed for child safety also work well for seniors when used thoughtfully. When configured correctly, they add protection without interfering with daily routines.

    Below are device-specific steps families can use today.

    iPhone and iPad

    Apple’s built-in Screen Time tools provide strong protection without installing extra apps.

    What to set up:

    • Open Settings and tap Screen Time
    • Turn on Screen Time for the device
    • Tap Content & Privacy Restrictions and turn it on
    • Under App Store Purchases, set app installs to Don’t Allow
    • Tap Web Content and limit access to approved or safe websites
    • Set a Screen Time passcode known only to the caregiver

    If the caregiver wants remote visibility or control, add the device to Family Sharing and manage Screen Time from the caregiver’s Apple ID.

    BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

    Why this helps: It blocks many scam sites, prevents accidental app installs and stops fake update prompts from causing damage.

    Android phones and tablets

    Android offers built-in protections and optional supervised controls.

    What to set up:

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings and go to Digital Wellbeing & parental controls
    • Turn on parental controls for the device
    • Restrict app installs and require approval for new downloads
    • Enable Safe Browsing and website filtering
    • Turn on alerts for new app installs and account changes

    For families who want shared oversight, Google Family Link can be used to supervise app installs and receive alerts, as long as both parties agree.

    Why this helps: Many Android scams rely on fake app installs. These settings block that path.

    Windows computers

    Windows protection works best when user accounts are set correctly.

    What to set up:

    • Create a standard user account for daily use
    • Keep the caregiver account as the only administrator
    • Turn on Microsoft Family Safety if available
    • Enable SmartScreen and browser phishing protection
    • Block software installs without administrator approval

    Why this helps: Malware often installs silently on admin accounts. This setup prevents that.

    Mac computers

    macOS includes built-in controls similar to those on iPhone and iPad.

    What to set up:

    • Create a standard user account for the senior
    • Limit administrator access to a trusted caregiver
    • Open System Settings and enable Screen Time
    • Restrict app installs and system changes
    • Keep built-in malware and phishing protections enabled
    Two people look at a computer together

    Simple digital guardrails can reduce risk while allowing seniors to keep their devices and independence. (Kurt “CyberGuy” Knutsson)

    Why this helps: It prevents fake software updates and malicious downloads from installing.

    10) Best practices for all devices

    • Use alert-only or limited-control settings whenever possible
    • Review settings together so expectations are clear
    • Avoid tools that feel invasive or confusing
    • Focus on blocking harm, not monitoring behavior

    This is not about spying. It is about adding digital seatbelts while preserving independence. When used respectfully, these tools reduce risk without changing daily habits.

    Pro Tip: Use a secure email service for added privacy

    For families looking to go a step further, switching to a secure email service can significantly reduce scam exposure. Privacy-focused email providers are designed to limit tracking, block hidden tracking pixels, and reduce how much data advertisers or scammers can collect from inbox activity. Many secure email services also offer disposable or alias email addresses for one-time signups. If an alias starts receiving spam or scam messages, it can be disabled without affecting the main email account. This makes it easier to keep a primary email address private and limit long-term exposure. Secure email platforms typically include features like encrypted messages, no advertising and stronger privacy controls. While switching email providers is optional, it can be a useful upgrade for seniors who receive large volumes of spam or have been repeatedly targeted by scams.

    Why it matters: Less tracking means fewer scam attempts. Aliases reduce how often personal email addresses are exposed, without changing daily habits.

    For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Protecting seniors online is not about control. It is about prevention. Email scams are designed to exploit trust and urgency, especially in people who did not grow up with digital threats. Smart guardrails protect independence while preventing irreversible mistakes. If email and banking are today’s car keys, families need modern safety features to go with them.

    If your parent clicked a scam email right now, would you know before the money was gone? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Covenant Health data breach affects nearly 500,000 patients

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When a healthcare data breach is first disclosed, the number of people affected is often far lower than the final tally. That figure frequently climbs as investigations continue. 

    That’s exactly what happened with Andover, Mass.-based Covenant Health. The Catholic healthcare provider has now confirmed that a cyberattack discovered last May may have affected nearly 500,000 patients, a sharp increase from the fewer than 8,000 people it initially reported earlier this year. 

    A ransomware group later claimed responsibility for the incident, though Covenant Health has not publicly confirmed the use of ransomware. The attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    UNIVERSITY OF PHOENIX DATA BREACH HITS 3.5M PEOPLE

    Covenant Health detected suspicious activity in late May 2025, but investigators later confirmed attackers had already accessed systems days earlier. (Kurt “CyberGuy” Knutsson)

    What happened in the Covenant Health breach

    Covenant Health says it detected unusual activity in its IT environment on May 26, 2025. A later investigation revealed that an attacker had actually gained access eight days earlier, on May 18, and was able to access patient data during that window.

    In July, Covenant Health told regulators that the breach impacted 7,864 individuals. After completing what it describes as extensive data analysis, the organization now says that up to 478,188 individuals may have been affected.

    Covenant Health operates hospitals, nursing and rehabilitation centers, assisted living residences and elder care organizations across New England and parts of Pennsylvania. That wide footprint means the breach potentially touched patients across multiple states and care settings.

    In late June, the Qilin ransomware group claimed responsibility for the attack, as reported by Bleeping Computer. The group alleged it stole 852 GB of data, totaling nearly 1.35 million files. Covenant Health has not confirmed those figures, but it did acknowledge that patient information was accessed.

    According to the organization, the exposed data may have included names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details and treatment information such as diagnoses, dates of treatment and types of care received.

    700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

    A webpage with Covenant Health information

    Qilin ransomware lists Covenant Health on its data leak site. (Bleeping Computer)

    What Covenant Health is telling patients

    In a notice sent to regulators and patients, Covenant Health says it engaged third-party forensic specialists to investigate the incident and determine what data was involved. The organization says its data analysis is ongoing as it continues identifying individuals whose information may have been involved.

    Then there are the familiar statements every company makes after a breach, claiming they’ve strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health says it has also set up a dedicated toll-free call center to handle questions related to the breach.

    Beginning Dec. 31, 2025, the organization started mailing notification letters to patients whose information may have been compromised. For individuals whose Social Security numbers may have been involved, Covenant Health is offering complimentary credit monitoring and identity theft protection services.

    We reached out to Covenant Health, and the company confirmed the expanded scope of the incident and outlined steps being taken to notify patients and enhance security safeguards.

    DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

    Outsmart hackers who are out to steal your identity

    The breach exposed highly sensitive information, including names, Social Security numbers, medical records and treatment details tied to nearly half a million patients. (Kurt “CyberGuy” Knutsson)

    7 steps you can take to protect yourself after the Covenant Health breach

    If you received a notice from Covenant Health or if your data has been exposed in any healthcare breach, these steps can help reduce the risk of misuse.

    1) Enroll in the free identity protection offered

    If the organization offers you credit monitoring or identity protection, take it. These services can alert you to suspicious activity tied to your Social Security number, credit file or identity details before real damage is done. If you’re not offered one and want to be on the safer side, you might consider getting one yourself.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    2) Monitor medical and insurance statements closely

    Medical identity theft often shows up quietly. Review an explanation of benefits (EOBs), insurance claims and billing statements for services you don’t recognize. If something looks off, report it to your insurer immediately.

    3) Place a fraud alert or credit freeze

    A fraud alert tells lenders to take extra steps to verify your identity before approving credit. A credit freeze goes further by blocking new accounts entirely unless you lift it. If Social Security numbers were exposed, a freeze is usually the safer option.

    To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    4) Use a password manager

    Healthcare breaches often lead to credential-stuffing attacks elsewhere. A password manager ensures every account uses a unique password, so one exposed dataset can’t unlock everything else. It also makes it easier to update passwords quickly after a breach.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Be cautious of phishing scams and use strong antivirus software

    Breaches are frequently followed by phishing emails, texts or calls that reference the incident to sound legitimate. Attackers may pose as the healthcare provider, an insurer or a credit bureau. Don’t click links or share information unless you verify the source independently.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    6) Consider a personal data removal service

    Once your data leaks, it often spreads across data broker sites. Personal data removal services help reduce your digital footprint by requesting takedowns from these databases. While they can’t erase everything, they lower your exposure and make targeted fraud harder.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Review your credit reports regularly

    You’re entitled to free credit reports from all major bureaus. Check them for unfamiliar accounts, hard inquiries or address changes. Catching fraud early makes it far easier to contain.

    Kurt’s key takeaway

    Healthcare organizations remain prime targets for cybercriminal groups because of the volume and sensitivity of the data they store. Medical records contain a mix of personal, financial, and health information that is difficult to change once exposed. Unlike a password, you cannot reset a diagnosis or treatment history. This breach also shows how early disclosures often underestimate impact. Large healthcare networks rely on complex systems and third-party vendors, which can slow forensic analysis in the early stages. As investigations continue, the number of affected individuals often climbs.

    Do you think healthcare organizations do enough to protect user data? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Grok AI scandal sparks global alarm over child safety

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Grok, the built-in chatbot on X, is facing intense scrutiny after acknowledging it generated and shared an AI image depicting two young girls in sexualized attire.

    In a public post on X, Grok admitted the content “violated ethical standards” and “potentially U.S. laws on child sexual abuse material (CSAM).” The chatbot added, “It was a failure in safeguards, and I’m sorry for any harm caused. xAI is reviewing to prevent future issues.”

    That admission alone is alarming. What followed revealed a far broader pattern.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    OPENAI TIGHTENS AI RULES FOR TEENS BUT CONCERNS REMAIN

    The fallout from this incident has triggered global scrutiny, with governments and safety groups questioning whether AI platforms are doing enough to protect children.  (Silas Stein/picture alliance via Getty Images)

    The apology that raised more questions

    Grok’s apology appeared only after a user prompted the chatbot to write a heartfelt explanation for people lacking context. In other words, the system did not proactively address the issue. It responded because someone asked it to.

    Around the same time, researchers and journalists uncovered widespread misuse of Grok’s image tools. According to monitoring firm Copyleaks, users were generating nonconsensual, sexually manipulated images of real women, including minors and well-known figures.

    After reviewing Grok’s publicly accessible photo feed, Copyleaks identified a conservative rate of roughly one nonconsensual sexualized image per minute, based on images involving real people with no clear indication of consent. The firm says the misuse escalated quickly, shifting from consensual self-promotion to large-scale harassment enabled by AI.

    Copyleaks CEO and co-founder Alon Yamin said, “When AI systems allow the manipulation of real people’s images without clear consent, the impact can be immediate and deeply personal.”

    PROTECTING KIDS FROM AI CHATBOTS: WHAT THE GUARD ACT MEANS

    An X post from Grok

    Grok admitted it generated and shared an AI image that violated ethical standards and may have broken U.S. child protection laws. (Kurt “CyberGuy” Knutsson)

    Sexualized images of minors are illegal

    This is not a gray area. Generating or distributing sexualized images of minors is a serious criminal offense in the United States and many other countries. Under U.S. federal law, such content is classified as child sexual abuse material. Penalties can include five to 20 years in prison, fines up to $250,000 and mandatory sex offender registration. Similar laws apply in the U.K. and France.

    In 2024, a Pennsylvania man received nearly eight years in prison for creating and possessing deepfake CSAM involving child celebrities. That case set a clear precedent. Grok itself acknowledged this legal reality in its post, stating that AI images depicting minors in sexualized contexts are illegal.

    The scale of the problem is growing fast

    A July report from the Internet Watch Foundation, a nonprofit that tracks and removes child sexual abuse material online, shows how quickly this threat is accelerating. Reports of AI-generated child sexual abuse imagery jumped by 400% in the first half of 2025 alone. Experts warn that AI tools lower the barrier to potential abuse. What once required technical skill or access to hidden forums can now happen through a simple prompt on a mainstream platform.

    Real people are being targeted

    The harm is not abstract. Reuters documented cases where users asked Grok to digitally undress real women whose photos were posted on X. In multiple documented cases, Grok fully complied. Even more disturbing, users targeted images of a 14-year-old actress Nell Fisher from the Netflix series “Stranger Things.” Grok later admitted there were isolated cases in which users received images depicting minors in minimal clothing. In another Reuters investigation, a Brazilian musician described watching AI-generated bikini images of herself spread across X after users prompted Grok to alter a harmless photo. Her experience mirrors what many women and girls are now facing.

    Governments respond worldwide

    The backlash has gone global. In France, multiple ministers referred X to an investigative agency over possible violations of the EU’s Digital Services Act, which requires platforms to prevent and mitigate the spread of illegal content. Violations can trigger heavy fines. In India, the country’s IT ministry gave xAI 72 hours to submit a report detailing how it plans to stop the spread of obscene and sexually explicit material generated by Grok. Grok has also warned publicly that xAI could face potential probes from the Department of Justice or lawsuits tied to these failures.

    LEAKED META DOCUMENTS SHOW HOW AI CHATBOTS HANDLE CHILD EXPLOITATION

    Grok app on a screen

    Researchers later found Grok was widely used to create nonconsensual, sexually altered images of real women, including minors. (Nikolas Kokovlis/NurPhoto via Getty Images)

    Concerns grow over Grok’s safety and government use

    The incident raises serious concerns about online privacy, platform security and the safeguards designed to protect minors.

    Elon Musk, the owner of X and founder of xAI, had not offered a public response at the time of publication. That silence comes at a sensitive time. Grok has been authorized for official government use under an 18-month federal contract. This approval was granted despite objections from more than 30 consumer advocacy groups that warned the system lacked proper safety testing.

    Over the past year, Grok has been accused by critics of spreading misinformation about major news events, promoting antisemitic rhetoric and sharing misleading health information. It also competed directly with tools like ChatGPT and Gemini while operating with fewer visible safety restrictions. Each controversy raises the same question. Can a powerful AI tool be deployed responsibly without strong oversight and enforcement?

    What parents and users should know

    If you encounter sexualized images of minors or other abusive material online, report it immediately. In the United States, you can contact the FBI tip line or seek help from the National Center for Missing & Exploited Children.

    Do not download, share, screenshot or interact with the content in any way. Even viewing or forwarding illegal material can expose you to serious legal risk.

    Parents should also talk with children and teens about AI image tools and social media prompts. Many of these images are created through casual requests that do not feel dangerous at first. Teaching kids to report content, close the app and tell a trusted adult can stop harm from spreading further.

    Platforms may fail. Safeguards may lag. But early reporting and clear conversations at home remain one of the most effective ways to protect children online.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com       

    Kurt’s key takeaways

    The Grok scandal highlights a dangerous reality. As AI spreads faster, these systems amplify harm at an unprecedented scale. When safeguards fail, real people suffer, and children face serious risk. At the same time, trust cannot depend on apologies issued after harm occurs. Instead, companies must earn trust through strong safety design, constant monitoring and real accountability when problems emerge.

    Should any AI system be approved for government or mass public use before it proves it can reliably protect children and prevent abuse? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 

    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Why January is the best time to remove personal data online

    [ad_1]

    NEWYou can now listen to Fox News articles!

    January feels like a reset. A new calendar. New goals. New habits. While you clean out your inbox, organize paperwork or set resolutions, however, scammers also hit reset, and they start with your personal data.

    That is because January is one of the most important months for online privacy. This is when data brokers refresh profiles and scammers rebuild their target lists.

    As a result, the longer your information stays online, the more complete and valuable your profile becomes. To help address this, institutions like the U.S. Department of the Treasury have released advisories urging people to stay vigilant and avoid data-related scams. 

    For that reason, taking action early in the year can significantly reduce scam attempts, lower identity theft risks, and limit unwanted exposure for the rest of the year.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    January is when data brokers refresh profiles and scammers rebuild target lists, making early action critical for online privacy. (iStock)

    STOP DATA BROKERS FROM SELLING YOUR INFORMATION ONLINE

    Why personal data does not expire and keeps compounding online

    Many people assume old information eventually becomes useless. Unfortunately, that’s not how data brokers work.

    Data brokers don’t just store a snapshot of who you are today. They build living profiles that grow over time, pulling from:

    • Public records (property sales, court filings, voter registrations)
    • Retail purchases and loyalty programs
    • App usage and location data
    • Past addresses, phone numbers, and relatives
    • Marketing databases and online activity.

    Each year adds another layer. A new address. A changed phone number. A family connection. A retirement milestone. On its own, one data point doesn’t mean much. But together, they create a detailed identity profile that scammers can use to convincingly impersonate you. That’s why waiting makes things worse, not better.

    Why scammers ‘rebuild’ targets at the start of the year

    Scammers don’t randomly target people. They work from lists. At the beginning of the year, those lists get refreshed.

    Why January matters so much:

    • Data brokers update and resell profiles after year-end records close
    • New public filings from the previous year become searchable
    • Marketing databases reset campaigns and audience segments
    • Scam networks repackage data into “fresh” target lists.

    Think of it like the upcoming spring cleaning, except it’s criminals organizing identities to exploit for the next 12 months.

    If your data is still widely exposed in January, you’re far more likely to:

    Once your profile is flagged as responsive or profitable, it often stays in circulation.

    Spot fake online stores, avoid Facebook subscription scams

    As personal information accumulates across databases, digital profiles grow more detailed and more valuable to scammers over time. (Kurt “CyberGuy” Knutsson)

    Why taking action in January protects you all year long

    Removing your data early isn’t just about stopping scams today; it’s about cutting off the supply chain that fuels them. When your information is removed from data broker databases:

    • It’s harder for scammers to find accurate contact details
    • Phishing messages become less convincing
    • Impersonation attempts fail more often
    • Your identity becomes less valuable to resell.

    This has a compounding benefit in the opposite direction. The fewer lists you appear on in January, the fewer times your data gets reused, resold, and recycled throughout the year. That’s why I consistently recommend addressing data exposure before problems start, not after.

    Why retirees and families feel the impact first

    January is especially important for retirees and families because they’re more likely to become targets of fraud, scams, and other crimes.

    Retirees often have:

    • Long addresses and employment histories
    • Stable credit profiles
    • Fewer active credit applications
    • Public retirement and property records

    Families add another layer of risk:

    • Relatives are linked together in broker profiles
    • One exposed family member can expose others
    • Shared addresses and phone plans increase visibility

    Scammers know this. That’s why households with established financial histories are prioritized early in the year.

    Why quick fixes don’t work

    Many people try to “start fresh” in January by:

    Those steps help, but they don’t remove your data from broker databases. Credit monitoring services alert you after something goes wrong. Password changes don’t affect public profiles. And unsubscribing doesn’t stop data resale. If your personal information is still sitting in hundreds of databases, scammers can find you.

    The January privacy reset that actually works

    If you want fewer scam attempts for the rest of the year, the most effective step is removing your personal data at the source.

    You can do this in one of two ways. You can submit removal requests yourself, or you can use a professional data removal service to handle the process for you.

    Removing your data yourself

    Manually removing your data means identifying dozens or even hundreds of data broker websites, finding their opt-out forms and submitting removal requests one by one. You also need to verify your identity, track responses and repeat the process whenever your information reappears.

    This approach works, but it requires time, organization, and ongoing follow-up.

    Using a data removal service

    A data removal service handles this process on your behalf. These services typically:

    • Send legal data removal requests to large networks of data brokers
    • Monitor for reposted information and submit follow-up removals
    • Continue tracking your exposure throughout the year
    • Manage a process that most people cannot realistically maintain on their own
    Boy computer tired

    Removing your data at the start of the year helps reduce scam attempts, phishing messages and identity theft risks all year long. (iStock)

    Because these services handle sensitive personal information, it is important to choose one that follows strict security standards and uses verified removal methods.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Kurt’s key takeaways

    Scammers don’t wait for mistakes. They wait for exposed data. January is when profiles are refreshed, lists are rebuilt, and targets are chosen for the year ahead. The longer your personal information stays online, the more complete-and dangerous-your digital profile becomes. The good news? You can stop the cycle. Removing your data now reduces scam attempts, protects your identity, and gives you a quieter, safer year ahead. If you’re going to make one privacy move this year, make it early-and make it count.

    Have you ever been surprised by how much of your personal information was already online? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Cambodia extradites alleged scam kingpin Chen Zhi to China

    [ad_1]

    PHNOM PENH, Cambodia — Cambodia’s government announced Wednesday it has arrested and extradited to China a prominent tycoon who allegedly led a huge online scam operation and was wanted by U.S. authorities on related criminal charges.

    Cambodia’s Interior Ministry said Chen Zhi and two other Chinese citizens were arrested and extradited Tuesday following months of investigation and at the request of Chinese authorities. Chen has dual nationality and his Cambodian citizenship was revoked in December, it said.

    Chen, chairman of Cambodia’s Prince Holding Group, was accused in October by the U.S. Treasury Department and the U.K. Foreign Office of heading a transnational criminal network that defrauded victims worldwide and exploited trafficked workers.

    Scam centers have proliferated across Southeast Asia, swindling money from victims by persuading them to join bogus investment schemes. According to estimates from the U.N. Office on Drugs and Crime, scam victims worldwide lost between $18 billion and $37 billion in 2023.

    The U.S. and U.K. imposed sanctions against Chen, 38, and his companies, which were primarily involved in real estate development and financial services.

    U.S. authorities seized what they said was an estimated $14 billion in bitcoin linked to Chen or his operations, and charged him with wire fraud and money laundering conspiracies. He was accused of sanctioning violence against workers, authorizing bribes to foreign officials and using his other businesses, such as online gambling and cryptocurrency mining, to launder illicit profits.

    Prosecutors in the U.S. charged that his organization scammed 250 Americans out of millions of dollars, with one losing $400,000 in cryptocurrency. In 2024, Americans lost at least $10 billion to Southeast Asia-based scams, according to the U.S. Treasury Department.

    There was no immediate comment on the extraditions from the federal prosecutors’ office in Brooklyn where Chen had been indicted. Chen and the Prince Holding Group had denied any wrongdoing.

    Chinese authorities had no immediate comment on the extradition of Chen and the two other individuals named by Cambodia’s Interior Ministry as Xu Ji Liang and Shao Ji Hui.

    Jacob Daniel Sims, a transnational crime expert and visiting fellow at Harvard University’s Asia Center, said the Cambodian government had faced so much sustained international pressure that inaction was no longer an option.

    “Handing Chen Zhi to China was the path of least resistance. It defuses Western scrutiny while aligning with Beijing’s likely preference to keep a politically sensitive case out of U.S. and U.K. courts,” Sims said.

    Amnesty International last year published the findings of an 18-month investigation into cybercrime in Cambodia, which the human rights group said “point towards state complicity in abuses carried out by Chinese criminal gangs.”

    “What we are seeing here is a mafia state actor backed into a corner and choosing the best among bad options, not signs of legitimate reform,” Sims said.

    In addition to the bitcoin seized by the U.S. government, British authorities froze Chen’s British businesses and assets, including a 12 million-euro-mansion and a 100-million-euro office building in London. Other assets were later seized in Singapore, Taiwan and Hong Kong.

    Cybercrime has flourished in Southeast Asia where law enforcement is weak, particularly in Cambodia and Myanmar, with casinos often serving as hubs for criminal activity. Trafficked foreign nationals were employed to run “romance” and cryptocurrency scams, often recruited with false job offers and then forced to work in conditions of near-slavery.

    Chen’s U.S. indictment alleged that Prince Holding Group built at least 10 compounds in Cambodia.

    The operations became an embarrassment to the Chinese government, especially when they targeted Chinese citizens. Beijing in mid-2023 pressured Myanmar to crack down on the crimes, and some kingpins were extradited to be tried in China. Several received death sentences.

    A 2023 report by the U.N. human rights office estimated that at least 120,000 people across Myanmar and 100,000 people in Cambodia may have been held in situations where they were forced to work on online scams. Experts believe that such operations are continuing.

    ___

    Associated Press writer Grant Peck reported from Bangkok. AP writers Michael Sisak in New York and Jack Brook in New Orleans contributed to this report.

    [ad_2]

    Source link