ReportWire

Tag: Privacy

  • Why clicking the wrong Copilot link could put your data at risk

    NEWYou can now listen to Fox News articles!

    AI assistants are supposed to make life easier. Tools like Microsoft Copilot can help you write emails, summarize documents and answer questions using information from your own account. But security researchers are now warning that a single bad link could quietly turn that convenience into a privacy risk. 

    A newly discovered attack method shows how attackers could hijack a Copilot session and siphon data without you seeing anything suspicious on screen.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.     

    Because Copilot stays tied to your logged-in Microsoft account, attackers can quietly use your active session to access data in the background. (Photo by Donato Fasano/Getty Images)

    What researchers discovered about Copilot links

    ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

    Security researchers at Varonis uncovered a technique they call “Reprompt.” In simple terms, it shows how attackers could sneak instructions into a normal-looking Copilot link and make the AI do things on their behalf.

    Here’s the part that matters to you: Microsoft Copilot is connected to your Microsoft account. Depending on how you use it, Copilot can see your past conversations, things you’ve asked it and certain personal data tied to your account. Normally, Copilot has guardrails to prevent sensitive information from leaking. Reprompt showed a way around some of those protections.

    The attack starts with just one click. If you open a specially crafted Copilot link sent through email or a message, Copilot can automatically process hidden instructions embedded inside the link. You don’t need to install anything, and there are no pop-ups or warnings. After that single click, Copilot can keep responding to instructions in the background using your already logged-in session. Even closing the Copilot tab does not immediately stop the attack, because the session stays active for a while.

    How Reprompt works

    Varonis found that Copilot accepts questions through a parameter inside its web address. Attackers can hide instructions inside that address and make Copilot execute them as soon as the page loads.

    That alone would not be enough, because Copilot tries to block data leaks. The researchers combined several tricks to get around this. First, they injected instructions directly into Copilot through the link itself. This allowed Copilot to read information it normally shouldn’t share.

    Second, they used a “try twice” trick. Copilot applies stricter checks the first time it answers a request. By telling Copilot to repeat the action and double-check itself, the researchers found that those protections could fail on the second attempt.

    Third, they showed that Copilot could keep receiving follow-up instructions from a remote server controlled by the attacker. Each response from Copilot helped generate the next request, allowing data to be quietly sent out piece by piece. The result is an invisible back-and-forth where Copilot keeps working for the attacker using your session. From your perspective, nothing looks wrong.

    MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO ‘REAL-WORLD DANGERS’ FOR USERS

    Varonis responsibly reported the issue to Microsoft, and the company fixed it in the January 2026 Patch Tuesday updates. There is no evidence that Reprompt was used in real-world attacks before the fix. Still, this research is important because it shows a bigger problem. AI assistants have access, memory and the ability to act on your behalf. That combination makes them powerful, but also risky if protections fail. As researchers put it, the danger increases when autonomy and access come together.

    It’s also worth noting that this issue only affected Copilot Personal. Microsoft 365 Copilot, which businesses use, has extra security layers like auditing, data loss prevention and admin controls.

    “We appreciate Varonis Threat Labs for responsibly reporting this issue,” a Microsoft spokesperson told CyberGuy. “We have rolled out protections that address the scenario described and are implementing additional measures to strengthen safeguards against similar techniques as part of our defense-in-depth approach.”

    8 steps you can take to stay safe from AI attacks

    Even with the fix in place, these habits will help protect your data as AI tools become more common.

    1) Install Windows and browser updates immediately

    Security fixes only protect you if they’re installed. Attacks like Reprompt rely on flaws that already have patches available. Turn on automatic updates for Windows, Edge and other browsers so you don’t delay critical fixes. Waiting weeks or months leaves a window where attackers can still exploit known weaknesses.

    2) Treat Copilot and AI links like login links

    If you wouldn’t click a random password reset link, don’t click unexpected Copilot links either. Even links that look official can be weaponized. If someone sends you a Copilot link, pause and ask yourself whether you were expecting it. When in doubt, open Copilot manually instead.

    Corporate signage of Microsoft Corp at Microsoft India Development Center

    Even after Microsoft fixed the flaw, the research highlights why limiting data exposure and monitoring account activity still matters as AI tools evolve. (Photographer: Prakash Singh/Bloomberg via Getty Images)

    3) Use a password manager to protect your accounts

    A password manager creates and stores strong, unique passwords for every service you use. If attackers manage to access session data or steal credentials indirectly, unique passwords prevent one breach from unlocking your entire digital life. Many password managers also warn you if a site looks suspicious or fake.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords, and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    4) Enable two-factor authentication on your Microsoft account

    Two-factor authentication (2FA) adds a second layer of protection, even if attackers gain partial access to your session. It forces an extra verification step, usually through an app or device, making it much harder for someone else to act as you inside Copilot or other Microsoft services.

    5) Reduce how much personal data exists online

    Data broker sites collect and resell personal details like your email address, phone number, home address and even work history. If an AI tool or account session is abused, that publicly available data can make the damage worse. Using a data-removal service helps delete this information from broker databases, shrinking your digital footprint and limiting what attackers can piece together.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Run strong antivirus software on your device

    Modern antivirus tools do more than scan files. They help detect phishing links, malicious scripts and suspicious behavior tied to browser activity. Since Reprompt-style attacks start with a single click, having real-time protection can stop you before damage happens, especially when attacks look legitimate.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    7) Regularly review your account activity and settings

    Check your Microsoft account activity for unfamiliar logins, locations, or actions. Review what services Copilot can access, and revoke anything you no longer need. These checks don’t take long, but they can reveal issues early, before attackers have time to do serious damage. Here’s how:

    Go to account.microsoft.com, and sign in to your Microsoft account.

    Select Security, then choose View my sign-in activity and verify your identity if prompted.

    Review each login for unfamiliar locations, devices or failed sign-in attempts.

    If you see anything suspicious, select This wasn’t me or Secure your account, then change your password immediately and enable two-step verification.

    Visit account.microsoft.com/devices, and remove any devices you no longer recognize or use.

    In Microsoft Edge, open Settings > Appearance > Copilot and Sidebar > Copilot, and turn off Allow Microsoft to access page content if you want to limit Copilot’s access.

    Review apps connected to your Microsoft account and revoke permissions you no longer need.

    close up of hands of business person working on computer, man using internet and social media

    A single Copilot link can carry hidden instructions that run the moment you click, without any warning or pop-ups.  (iStock)

    8) Be specific about what you ask AI tools to do

    Avoid giving AI assistants broad authority like “handle whatever is needed.” Wide permissions make it easier for hidden instructions to influence outcomes. Keep requests narrow and task-focused. The less freedom an AI has, the harder it is for malicious prompts to steer it silently.

    Kurt’s key takeaway

    Reprompt doesn’t mean Copilot is unsafe to use, but it does show how much trust these tools require. When an AI assistant can think, remember and act for you, even a single bad click can matter. Keeping your system updated and being selective about what you click remain just as important in the age of AI as it was before.

    Do you feel comfortable letting AI assistants access your personal data, or does this make you more cautious? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Ransomware attack exposes Social Security numbers at major gas station chain

    NEWYou can now listen to Fox News articles!

    Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets. 

    A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people. 

    The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    What happened in the Gulshan ransomware attack

    According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.

    WINDOWS 10 USERS FACE RANSOMWARE NIGHTMARE AS MICROSOFT SUPPORT ENDS IN 2025 WORLDWIDE

    The company says it detected unauthorized access to its IT systems in late September. Investigators later determined that attackers had been inside the network for roughly ten days before anyone noticed. The intrusion began with a phishing attack, a reminder of how a single deceptive email can still open the door to massive breaches.

    Ransomware attacks don’t just hit tech companies. Retailers like gas stations store sensitive customer and employee data that criminals actively target. (Kurt “CyberGuy” Knutsson)

    During that window, the attackers accessed and stole personal data, then deployed ransomware that encrypted files across Gulshan’s systems. The compromised information includes names, contact details, Social Security numbers and driver’s license numbers. That combination is especially dangerous, since it can be used for identity theft, account takeovers and fraud that may surface months or even years later.

    Why the lack of a ransomware claim still matters

    So far, no known ransomware group has publicly taken credit for the attack. That might sound like good news, but it does not necessarily change the risk for affected individuals. In many ransomware cases, silence can mean one of two things. Either the attackers have not yet posted stolen data publicly, or the victim company may have resolved the incident privately.

    Gulshan’s filing states that it restored its systems using known-safe backups. That detail often suggests a company chose to rebuild rather than negotiate with attackers. Even so, once data has been copied out of a network, there is no way to pull it back. Whether or not the stolen information ever appears online, the exposure alone puts affected people at long-term risk.

    This incident also highlights a recurring pattern. Retail and service businesses handle huge volumes of personal data but often rely on legacy systems and frontline employees who are prime phishing targets. Gas stations may not feel like obvious hacking targets, but their payment systems, loyalty programs and HR databases make them valuable all the same.

    We reached out to Gulshan Management Services for comment regarding the breach, but did not receive a response before our deadline.

    Texas gas station customer

    A customer pumps gas at a gas station on Feb. 13, 2025, in Austin, Texas.  (Brandon Bell/Getty Images)

    10 steps you can take to protect yourself after a breach like this

    If your information was exposed in this breach or any similar ransomware incident, there are concrete steps you can take to reduce the fallout.

    1) Monitor your credit and identity closely

    If the company offers free credit monitoring or identity protection, enroll in it. These services can alert you early if someone tries to open accounts or misuse your identity. If nothing is offered, consider signing up for a reputable identity theft protection service on your own.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    2) Consider a personal data removal service

    The less of your information that’s floating around data broker sites, the harder it is for criminals to target you. Data removal services can help reduce your digital footprint over time.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Frontier fallout as 750K customers' data exposed in RansomHub cyberattack

    Even when no ransomware group claims responsibility, stolen data can still fuel identity theft, fraud, and account takeovers long after a breach occurs. (Kurt “CyberGuy” Knutsson)

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    3) Use a password manager

    A password manager helps you create and store unique passwords for every account. If attackers try to reuse stolen data to break into your online accounts, strong, unique passwords can stop that attempt cold.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    4) Turn on two-factor authentication (2FA) everywhere possible

    2FA adds an extra barrier, even if someone has your personal details. Prioritize email, banking, cloud storage, and shopping accounts, since those are often targeted first.

    5) Install and keep a strong antivirus software running

    Strong antivirus software can help detect phishing attempts, malicious downloads, and suspicious activity before it turns into a full compromise. Keep real-time protection enabled and don’t ignore warnings.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Watch for phishing and follow-up scams

    After breaches like this, scammers often send fake emails or texts pretending to be the affected company or a credit monitoring service. Slow down, verify messages independently, and never click links you weren’t expecting.

    7) Review your credit reports regularly

    Check your reports from all major credit bureaus for unfamiliar accounts or inquiries. You’re entitled to free reports, and catching issues early makes them much easier to fix.

    8) Freeze your credit to stop new accounts from being opened

    If criminals expose your Social Security number, place a credit freeze as soon as possible. A credit freeze blocks lenders from opening new accounts in your name, even when thieves have your personal details. The credit bureaus offer freezes for free, and you can temporarily lift one when you apply for credit yourself. This step stops identity theft before it starts, instead of alerting you after the damage is done. If you prefer not to freeze your credit, place a fraud alert instead. A fraud alert tells lenders to verify your identity before approving credit, which adds another layer of protection.

    To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    Person using their smartphone.

    In the Gulshan attack, hackers spent days inside internal systems, stealing personal data before deploying ransomware that locked down files. (Silas Stein/picture alliance via Getty Images)

    9) Protect yourself from tax refund fraud with an IRS Identity Protection PIN

    When Social Security numbers are stolen, tax fraud often follows. Criminals can file fake tax returns in your name to steal refunds before you ever submit your paperwork. An IRS Identity Protection PIN (IP PIN) helps prevent this by ensuring only you can file a tax return using your SSN. It’s a simple but powerful safeguard that can block a common form of identity theft tied to data breaches.

    10) Lock down existing bank and financial accounts

    Don’t just watch for new fraud, proactively secure the accounts you already have. Enable alerts on bank and credit card accounts for large transactions, new payees, or changes to contact information. If your SSN or driver’s license number was exposed, consider calling your bank to ask about additional protections or account notes. Acting early can prevent small issues from becoming major financial problems.

    Kurt’s key takeaway

    Your personal data doesn’t just live with banks and hospitals. Retailers, gas stations, and convenience store operators also hold information that can cause real harm if it falls into the wrong hands. When attackers get in through something as simple as a phishing email and stay undetected for days, the damage can spread fast. You can’t prevent these breaches yourself, but you can limit how much power stolen data gives criminals by locking down your accounts and staying alert.

    Do you think everyday businesses like gas stations take cybersecurity seriously enough? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Private autonomous pods could redefine ride-sharing

    NEWYou can now listen to Fox News articles!

    Crowded cabins and forced small talk have long defined ride-sharing. A California startup wants to flip that idea on its head. 

    Pliyt believes the future of ride-sharing means sharing the ride as little as possible. Instead of one shared cabin, its autonomous vehicle concept divides the interior into four fully independent pods. Each one acts like a private room on wheels. 

    The goal is simple. Get you from point A to point B without invading your personal space.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    How Pliyt’s autonomous pods work

    One-way glass and independent controls keep each rider anonymous, even when the vehicle is shared. (Pliyt)

    Pliyt’s vehicle is designed from the inside out. Each passenger rides inside a self-contained capsule that prioritizes privacy, comfort and control. The company says the idea resonated strongly when the prototype debuted at CES earlier this month. Here is what sets the concept apart:

    BLUE-CITY RIDERS HIT WITH PRICIEST UBER FARES AS LA, NYC COSTS SOAR PAST COMPARABLE METROS, DATA SHOWS

    • Four fully enclosed passenger pods
    • One-way glass that lets you see out while blocking outside views
    • Independent lighting, sound and privacy controls
    • Personalized entertainment for gaming, streaming or screencasting
    • A retractable workstation with a large display and a side table

    You decide how social or private your ride feels. Traveling with a companion? The divider between pods can be lowered so you can share the space by choice. 

    “We believe rider choice and personal space will be foundational to the future of shared autonomous mobility,” the company told CyberGuy. “As vehicles become autonomous, differentiation will shift from driving to experience. Giving riders control over privacy, comfort, and interaction, rather than forcing a one-size-fits-all shared cabin, will be critical for trust and adoption, especially in dense urban environments. Shared mobility doesn’t have to mean shared personal space, and we see that as a key evolution of the category.”

    Is Pliyt fully autonomous?

    Yes. Pliyt vehicles are designed to operate without human drivers. However, the company does not plan to build its own autonomous driving system. Instead, Pliyt intends to partner with established autonomy providers once development progresses.

    “Our current plan is to launch an initial service in San Francisco around 2028, beginning with controlled, geo-fenced deployments and expanding gradually as autonomy, infrastructure, and regulatory frameworks mature,” a spokesperson for Pliyt told CyberGuy. “Our focus today is on building the right vehicle architecture, partnerships, and user experience to support that rollout responsibly.”

    4 people sitting in individual pods in a car.

    Pliyt’s concept vehicle replaces a shared cabin with four fully enclosed pods designed for personal space and comfort. (Pliyt)

    Privacy-first design sets Pliyt apart

    Privacy sits at the center of Pliyt’s design philosophy. Every pod is built for in-ride anonymity even during shared trips. Fellow passengers cannot see you, and you cannot see them unless you choose to. This approach stands out in a world where many mobility platforms depend on data collection and shared environments. Pliyt positions privacy as foundational rather than optional. The company says no personal identities are visible during rides. The experience aims to feel calm, intentional and free from observation.

    CAN AUTONOMOUS TRUCKS REALLY MAKE HIGHWAYS SAFER?

    Comfort without the awkwardness

    Pliyt also leans heavily into comfort. Seats feature what the company calls zero-gravity positioning. You will not float like an astronaut, but the posture is designed to reduce pressure and fatigue. Large windows offer panoramic city views while still maintaining privacy. Personal lighting and climate controls help tailor the ride to your preferences. If relaxing is not your goal, productivity comes built in. The retractable workstation allows you to work, review documents or create content while moving through the city.

    PLIYT autonomous vehicle at CES in Las Vegas

    A view of autonomous vehicle PLIYT at the CES (Consumer Electronic Show) 2026, the world’s largest annual consumer technology trade on Jan. 6, 2026 at the Las Vegas Convention Center in Las Vegas.  (Tayfun Coskun/Anadolu via Getty Images)

    How Pliyt compares to other autonomous vehicles

    Autonomous pods are not entirely new. Companies like Zoox and Waymo already operate self-driving vehicles with unique interiors. Waymo’s Zeekr RT, for example, focuses on spacious seating and rider comfort. Pliyt’s difference lies in isolation by design. Instead of rethinking a shared cabin, it breaks the vehicle into four private spaces. The result feels closer to a personal lounge than a ride-share.

    What this means for you

    If this concept becomes reality, ride-sharing could feel very different. No forced conversations. No shared armrests. No feeling watched. For commuters, it could mean working quietly on the way to the office. For travelers, it could mean relaxing without distractions. For introverts, it could mean finally enjoying shared mobility on their own terms. It also raises bigger questions about how future cities balance efficiency with dignity and personal space.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Two car passengers talk to each other.

    The interior divider can be lowered, allowing passengers to share space with a companion while keeping control over privacy. (Pliyt)

    Kurt’s key takeaways

    Pliyt is not promising faster rides or cheaper fares. It is promising something more subtle. A calmer, more respectful way to move through cities. Whether the concept scales will depend on partnerships, regulation and public adoption. Still, the idea challenges long-standing assumptions about what ride-sharing has to feel like. If autonomous vehicles are coming either way, designs like this suggest they do not have to feel crowded or impersonal.

    Would you choose a shared ride that feels completely private, or does part of you still want the human element along the way? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Elizabeth Hurley describes ‘monstrous’ privacy invasion by Daily Mail in British media hacking case

    LONDON — Elizabeth Hurley accused the publisher of the Daily Mail on Thursday of tapping her phones, putting microphones outside her windows and stealing her medical records among “other monstrous, staggering things” during testimony in a celebrity-studded privacy invasion lawsuit.

    “The best way I can describe it is like there is someone peeping into your life and into your home,” the model and actor said. It “makes me feel as if my private life had been violated by violent intruders — that there had been sinister thieves in my home all along and that I had been living with them completely unaware.”

    Hurley testified the day after Prince Harry choked up as he spoke of the emotional toll his battle against the British media had taken on him and his family. Harry showed up in the High Court on Thursday to show his support during much of Hurley’s testimony.

    Harry, Hurley and Elton John are among a group of seven claimants who allege that Associated Newspapers Ltd. hired private investigators to unlawfully snoop on them over two decades.

    The publisher denies the claims and has called them preposterous. It said that the articles were reported on with legitimate sources and many will be named by employees at the Daily Mail and Mail on Sunday in the company’s defense during the nine-week trial in London’s High Court.

    Hurley, who like the prince brought similar phone hacking lawsuits against the publishers of the Daily Mirror and The Sun, said that she was unaware of similar allegations against the Mail until she was told in 2020 that Gavin Burrows, a former private eye, purportedly said that he had stolen her information at the behest of the newspapers.

    Burrows has since disavowed that sworn statement and said he never worked for the Mail.

    Hurley claims 15 articles about her between 2002 and 2011 relied on unlawful information-gathering. Several were about the 2002 birth of her son, Damian, and the paternity fight with his father, the late film producer Steve Bing.

    “The Mail’s unlawful acts against me involve landline tapping my phones and recording my live telephone conversations, placing surreptitious mics on my home windows, stealing my medical information when I was pregnant with Damian, and other monstrous, staggering things,” Hurley said.

    She said she had hoped her son, now a model and actor himself who sat in the courtroom, would never see those articles.

    “I felt really mortified that my son would be able to read all this stuff one day, and I feel really bad that that day is today when all this stuff is being regurgitated,” she said as she became upset when shown some of those articles in court. “Yet again, everyone’s privacy is being invaded in this terrible way, and I feel very helpless about that.”

    Source link

  • FBI warns QR code phishing used in North Korean cyber spying

    NEWYou can now listen to Fox News articles!

    The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools.

    According to the bureau, a North Korean government-sponsored hacking group is using a tactic known as quishing to target people in the United States. 

    The goal is simple. Trick you into scanning a QR code that sends you to a malicious website. From there, attackers can steal login credentials, install malware or quietly collect device data.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

    The FBI is warning Americans about a growing cyber threat that uses QR codes to steal data and spy on victims, tying the attacks to a North Korean hacking group. (Photo by Kevin Carter/Getty Images)

    What quishing is and why it works

    Quishing is short for QR code phishing. Instead of clicking a suspicious link in an email, the victim scans a QR code that hides the real destination. QR codes themselves are harmless. The danger lies in the link embedded inside them. Once scanned, the link can redirect users to fake login pages, malware downloads or tracking sites. Because QR codes feel familiar and fast, many people scan them without thinking twice. That split second of trust is exactly what attackers rely on.

    Who is behind the attacks

    The FBI says the activity is tied to a hacking group known as Kimsuky. The group has operated for years as a cyber espionage arm for North Korea. What is new is the delivery method. According to the FBI, the QR code-based attacks began in May 2025. In one example, attackers posed as a foreign policy advisor and emailed a think tank leader with a QR code that linked to a fake questionnaire. Scanning the code sent the victim to a malicious site designed to harvest information.

    What happens after you scan the QR code

    Once a victim lands on one of these sites, several things can happen. Some pages prompt users to download files that contain malware. Others mimic mobile login portals for popular services such as Okta, Microsoft 365 or VPN services. Even if no form is filled out, the site can still collect device details. That includes IP address, operating system, browser type and approximate location. Over time, that data helps attackers build intelligence profiles on their targets.

    Why QR code phishing attacks are highly targeted

    The FBI describes these campaigns as spear phishing rather than mass spam. That means the emails are crafted for specific individuals. The language context and sender details are tailored to look relevant and credible. When an email feels personal, people are more likely to trust it. That is why these attacks are especially dangerous for professionals, researchers, executives and anyone working in policy or technology.

    Why QR code phishing threats are growing

    QR codes are everywhere now. Restaurants, parking meters, event tickets and ads all rely on them. As their use grows, so does the opportunity for abuse. Attackers know people are conditioned to scan without hesitation. That makes caution more important than ever.

    Ways to stay safe from QR code phishing

    The FBI says one of the best defenses against quishing is slowing down. QR codes remove the visual clues people rely on, so a few extra checks can make a big difference.

    1) Be cautious with unexpected QR codes

    Treat QR codes like links in emails. If you did not expect it, do not scan it. QR codes sent by email, text or messaging apps are a common entry point for quishing attacks. Criminals rely on curiosity and urgency to push you into scanning without thinking.

    2) Verify the source before scanning

    Always confirm who sent the QR code. If a message claims to come from a coworker, vendor or organization, reach out through a separate channel before scanning. A quick call or direct message can stop a phishing attempt cold.

    JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

    Hacker using a laptop.

    Federal investigators say hackers are using “quishing,” or QR code phishing, to lure victims to malicious websites that steal credentials and device data. (Jens Schlueter/Getty Images)

    3) Never enter logins after scanning a QR code

    QR code phishing often leads to fake mobile login pages. Attackers mimic sign-in screens for email, VPNs and cloud services to steal usernames and passwords. If a QR code takes you to a login page, close it and visit the site manually instead.

    4) Inspect the website URL carefully

    Once a QR code opens a page, check the address bar. Look for misspellings, extra words or unfamiliar domain endings. A strange URL is often the only warning sign that the site is malicious.

    5) Use strong antivirus software for QR-based threats

    Strong antivirus software adds an extra layer of protection against quishing. Security tools can block known phishing sites, stop malicious downloads and warn you before harmful pages load. This is especially important on mobile devices, where QR codes are most often scanned.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Use a data removal service to limit exposure

    Some quishing sites collect device and location data even if you do nothing. A data removal service helps reduce how much personal information is publicly available online. That makes it harder for attackers to target you with convincing spear phishing emails that include QR codes.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Avoid QR code downloads entirely

    Do not download files from QR code links unless you are absolutely certain they are safe. Malware delivered through QR codes can quietly install spyware or remote access tools without obvious warning signs.

    INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT

    Hacker typing code on his laptop.

    A North Korea-linked cyber group is targeting U.S. professionals by embedding harmful links inside seemingly harmless QR codes, according to the FBI. (Jaap Arriens/NurPhoto via Getty Images)

    Kurt’s key takeaways

    QR codes are convenient, but convenience can lower defenses. As this FBI warning shows, attackers are evolving and using familiar tools in dangerous ways. A moment of verification can prevent weeks or months of damage.

    When was the last time you stopped to question a QR code before scanning it? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Illinois DHS data breach exposes 700K residents’ records

    NEWYou can now listen to Fox News articles!

    Illinois residents are once again being reminded how fragile government data systems can be. The Illinois Department of Human Services has confirmed a data breach that exposed sensitive records belonging to roughly 700,000 people.

    The breach is believed to have exposed two distinct sets of records. One is personal and program-related data tied to more than 672,000 Medicaid and Medicare Savings Program recipients, including addresses, case numbers, demographic details and medical assistance plan names, and another 32,000 Division of Rehabilitation Services customers whose names, addresses, case details and referral information were also exposed over multiple years.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

    The Illinois Department of Human Services confirmed a data breach that exposed sensitive records tied to roughly 700,000 residents, including Medicaid and disability services recipients. (Jakub Porzycki/NurPhoto via Getty Images)

    What happened in the Illinois DHS data breach

    As spotted by Bleeping Computer, the Illinois Department of Human Services disclosed that unauthorized access to one of its systems led to the exposure of records tied to approximately 700,000 Illinois residents. The affected data was connected to individuals who interacted with DHS programs, which can include benefits, assistance services and support programs across the state.

    According to the agency, the breach involved personally identifiable information. While officials have not publicly released every technical detail, DHS confirmed that sensitive records were accessed, prompting notifications to impacted individuals. As is typical in cases like this, the investigation is ongoing, and the full scope of how the intrusion occurred is still being reviewed.

    For residents, the key issue is not just that data was accessed, but the type of data DHS holds. Government agencies like DHS often store names, addresses, dates of birth, case numbers and, in some instances, Social Security numbers or benefits-related information. Once that data escapes, it can be misused in ways that last for years.

    Why breaches like this are especially risky

    When a private company is breached, you can often change a password or close an account. Government data is different. You can’t change your Social Security number easily. You can’t erase past interactions with public assistance programs. That makes breaches involving state agencies particularly dangerous.

    Exposed records can be used for identity theft, fraudulent benefit claims, phishing scams and long-term impersonation. Criminals often combine government data with information from other breaches to build detailed profiles that make scams far more convincing. Even if there’s no immediate misuse, stolen data frequently resurfaces months or years later.

    As with many large breaches, DHS has stated that it is taking steps to secure its systems and prevent similar incidents in the future. That’s an expected response. But for affected residents, the burden of protection now shifts largely to you.

    We reached out to the Illinois Department of Human Services for comment, but did not receive a response before our deadline.

    JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

    Hacker committing cybercrimes.

    Personal information from Illinois DHS programs was accessed without authorization, raising concerns about long-term identity theft and fraud risks. (Philip Dulian/picture alliance via Getty Images)

    7 steps you can take to stay safe after the Illinois DHS breach

    If you received a notification from Illinois DHS, or if you’ve ever interacted with DHS programs, these steps can help reduce your risk.

    1) Enroll in identity theft protection if it’s offered

    If DHS provides free identity monitoring or credit protection, sign up. These services can alert you to suspicious activity involving your Social Security number or credit file before the damage spreads. Beyond basic monitoring, full identity theft services can help with recovery, paperwork and financial reimbursement if fraud occurs. This can be especially useful after large-scale government breaches.

    Identity Theft companies can monitor personal information like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    2) Use a password manager immediately

    A password manager helps you create and store strong, unique passwords for every account. If your personal data is leaked, attackers often try the same credentials across multiple services. Unique passwords stop one breach from turning into many.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    3) Run strong antivirus software on your devices

    Strong antivirus tools do more than scan files. They monitor suspicious behavior, phishing attempts and malicious links that often follow large data breaches. This matters because breach victims are frequently targeted with follow-up scams.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    4) Place a fraud alert or credit freeze on your credit file

    A fraud alert tells lenders to verify your identity before opening new accounts. A credit freeze goes further by blocking new credit entirely unless you lift it. If Social Security numbers were exposed, a freeze is often the safest option.

    5) Use a personal data removal service

    Once your information leaks, it often spreads to data broker sites that sell personal details. Personal data removal services work to request takedowns and reduce how much of your information is publicly available. While they can’t erase everything, they significantly lower your exposure.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Watch for phishing and impersonation scams

    After breaches involving government agencies, scammers often pretend to be state officials, benefits offices, or support hotlines. Don’t click links or share information unless you independently verify the source through official websites or phone numbers.

    7) Review your credit reports regularly

    You’re entitled to free credit reports from major credit bureaus. Check them for unfamiliar accounts, inquiries or address changes. Early detection makes identity theft far easier to contain.

    COVENANT HEALTH DATA BREACH AFFECTS NEARLY 500,000 PATIENTS

    Hacker typing in code.

    State officials say the breach involved Medicaid, Medicare Savings Program and rehabilitation services records spanning multiple years. (Silas Stein/picture alliance via Getty Images)

    Kurt’s key takeaway

    Even government agencies are not immune to large-scale security failures. When nearly 700,000 residents are affected, the impact goes far beyond a single system or department. While DHS works through its investigation, protecting your identity now depends largely on the steps you take next. Acting early, layering protections and staying vigilant can make the difference between a breach being an inconvenience or a long-term nightmare.

    Do you trust state agencies to protect your personal data? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Apple warns millions of iPhones are exposed to attack

    NEWYou can now listen to Fox News articles!

    The Apple iPhone is the most popular smartphone in the United States and one of the most widely used devices in the world. An estimated 1.6 billion people rely on iPhones every day. That massive user base also makes the platform a prime target. 

    Over the past few weeks, Apple has been sending out warnings about a serious security flaw. New data suggests the risk could affect roughly half of all iPhone users.

    That puts hundreds of millions of devices in potential danger right now.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

    Apple is warning iPhone users about a serious Safari security flaw that could leave hundreds of millions of devices vulnerable if updates are delayed. (Thomas Trutschel/Photothek via Getty Images)

    What Apple discovered in Safari and WebKit

    Late last month, Apple confirmed two critical vulnerabilities in WebKit. WebKit powers Safari and every browser that runs on iOS. According to Apple, the flaws were used in an extremely sophisticated attack that targeted specific individuals. The problem allowed malicious websites to trick iPhones and iPads into running harmful code. Once that happens, attackers could gain control of the device, steal passwords or access payment information. In simple terms, visiting the wrong website could have been enough.

    Why millions of iPhones are still exposed

    Apple moved quickly to release a fix. The patch is included in the latest software update. The problem is that many people have not installed it yet. Estimates suggest that about 50 percent of eligible users have not upgraded from iOS 18 to iOS 26. That would leave around 800 million devices vulnerable worldwide. Data from StatCounter paints an even worse picture. It estimates that only 20 percent of users have updated so far. Once security details become public, the risk grows fast. Attackers know exactly what to exploit.

    iPhone and iPad models at the highest risk

    Apple says the following devices are affected if they are not updated:

    • iPhone 11 and later
    • iPad Pro 12.9-inch 3rd generation and later
    • iPad Pro 11-inch 1st generation and later
    • iPad Air 3rd generation and later
    • iPad 8th generation and later
    • iPad mini 5th generation and later

    If your device appears on this list and you have not updated it, it is vulnerable.

    INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT

    An iPhone resting on a keyboard.

    New data suggests nearly half of all iPhone users worldwide may still be exposed to a critical WebKit exploit Apple says was actively used in attacks. (Jakub Porzycki/NurPhoto via Getty Images)

    Why upgrading is the only real protection

    There is no setting to flip and no safe browsing habit that fixes this issue. The vulnerability lives deep inside the browser engine. Security experts say there is no workaround or user behavior that meaningfully reduces the risk. Installing the latest software is the only effective defense. Apple is no longer offering a security-only update for users who want to stay on iOS 18. Unless your device cannot run iOS 26, the fix is only available through iOS 26.2 and iPadOS 26.2.

    Steps to update your iPhone or iPad now

    Updating is quick and usually painless. If automatic updates are enabled, the fix may already be installed.

    If not, follow these steps:

    • Open the Settings app on iPhone
    • Tap General
    • Select Software Update
    • Download and install iOS 26.2 or iPadOS 26.2 or later 

    Make sure your device is connected to Wi-Fi and has enough battery life or is plugged in.

    Pro tip: Use strong antivirus software

    Keeping your iPhone updated is critical, but it should not be your only line of defense. Strong antivirus software adds another layer of protection by scanning malicious links, blocking risky websites and alerting you to suspicious activity before damage is done.

    This matters even more when attacks rely on compromised websites or hidden browser exploits. Security software can help catch threats that slip through and give you extra visibility into what is happening on your device.

    Think of it as backup protection. Software updates close known holes, while strong antivirus tools help guard against the next one.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

     FAKE ERROR POPUPS ARE SPREADING MALWARE FAST

    A person using their iPhone.

    Apple says malicious websites could exploit a Safari flaw to steal passwords or payment information from unpatched iPhones and iPads. (David Paul Morris/Bloomberg via Getty Images)

    Kurt’s key takeaways

    Apple rarely uses language like “extremely sophisticated” unless the threat is serious. This flaw shows how even trusted browsers can become attack paths when updates are delayed. Waiting weeks or months to update now carries real consequences. If you use your iPhone for banking, shopping or work, this update should be treated as urgent.

    How long do you usually wait before installing major iPhone updates, and is that delay worth the risk anymore? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Fiber broadband giant investigates breach affecting 1M users

    NEWYou can now listen to Fox News articles!

    Brightspeed, one of the largest fiber broadband providers in the United States, is investigating claims that hackers stole sensitive data tied to more than 1 million customers.

    The allegations surfaced when a group calling itself the Crimson Collective posted messages on Telegram warning Brightspeed employees to check their email. The group claims it has access to over 1 million residential customer records and threatened to release sample data if the company does not respond.

    At this point, Brightspeed has not confirmed a breach. However, the company says it is actively investigating what it calls a potential cybersecurity event.

    DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO

    Fiber networks carry massive amounts of personal data, which makes internet providers attractive targets for extortion groups. (Philip Dulian/picture alliance via Getty Images)

    Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

    What the hackers say they stole

    According to Crimson Collective, the stolen data includes a wide range of personally identifiable information. The group claims it has access to:

    • Customer names, email addresses and phone numbers
    • Home and billing addresses
    • User account details linked to session or user IDs
    • Payment history and partial payment card information
    • Appointment and order records tied to customer accounts

    If accurate, that combination of data could create serious identity theft and fraud risks for affected customers.

    Brightspeed responds to the allegations

    Brightspeed says it takes the situation seriously, even as it continues to verify the claims.

    In a statement shared with BleepingComputer, the company said it is rigorously monitoring threats and working to understand what happened. Brightspeed added that it will keep customers, employees and authorities informed as more details become available.

    So far, there has been no public notice on Brightspeed’s website or social media channels confirming customer data exposure.

    Who Brightspeed is and why this matters

    Brightspeed is a U.S. telecommunications and internet service provider founded in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies.

    Headquartered in Charlotte, North Carolina, the company serves rural and suburban communities across 20 states. It has rapidly expanded its fiber footprint, passing more than 2 million homes and businesses and aiming to reach over 5 million locations.

    Because Brightspeed focuses on underserved areas, many customers rely on it as their primary internet provider. That makes any potential breach especially concerning.

    A closer look at Crimson Collective

    Crimson Collective is not new to high-profile targets. In October, the group breached a GitLab instance tied to Red Hat, stealing hundreds of gigabytes of internal development data.

    That incident later rippled outward. In December, Nissan confirmed that personal data for about 21,000 Japanese customers was exposed through the same breach.

    More recently, researchers say Crimson Collective has targeted cloud environments, including Amazon Web Services, by abusing exposed credentials and creating rogue access accounts to escalate privileges.

    In other words, the group has a track record that makes its claims hard to ignore.

    What this could mean for customers

    Even though Brightspeed has not confirmed a breach, the claims alone are enough to raise red flags. If customer data was accessed, it could be used for phishing scams, account takeovers or payment fraud.

    Cybercriminals often move fast after breaches. That means customers should stay alert even before an official notice appears.

    CyberGuy reached out to Brightspeed for comment, and a spokesperson told us,

    “We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, stakeholders and authorities informed.”

    JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

    How to protect your personal data and online accounts

    Even if this Brightspeed investigation does not end up impacting your account, these steps are worth following. Most data breaches lead to the same downstream risks, like phishing scams, account takeovers and identity theft. Building these habits now can help protect you across all your online accounts.

    Woman typing on her phone.

    Cybercriminals often use public posts and countdowns to pressure companies into responding quickly. (Sebastian Kahnert/picture alliance via Getty Images)

    1) Watch for phishing attempts

    Scammers often take advantage of breach headlines to create panic. Be cautious with emails, calls or texts that mention your internet account billing problems or service changes. If a message pushes urgency or pressure, pause before responding.

    2) Avoid suspicious links and attachments

    Do not click links or open attachments tied to account notices or payment issues. Instead, open a new browser window and go directly to the company’s official website or app. Strong antivirus software adds another layer of protection against malicious downloads.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    3) Update your account passwords

    Change your Brightspeed account password and review passwords on other important accounts. Use strong, unique passwords that you do not reuse elsewhere. A trusted password manager can generate and store complex passwords, which makes account takeovers much harder.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

    4) Reduce your data footprint

    Personal data spreads quietly across data broker sites. Using a data removal service can help limit how much of your information is publicly available. Less exposed data means fewer opportunities for scammers to target you.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    5) Turn on account alerts

    Brightspeed lets customers turn on account and billing alerts through the My Brightspeed site or app. You can choose which notifications you receive by email or text. Alerts can help you catch unusual activity early and respond before more damage occurs.

    6) Monitor your financial accounts closely

    Check bank and credit card statements often. Look for small or unfamiliar charges since criminals sometimes test stolen data with low-dollar transactions before attempting larger fraud.

    7) Consider fraud alerts or a credit freeze

    If sensitive information may have been exposed, placing a fraud alert or credit freeze can add protection. These steps make it harder for criminals to open new accounts in your name. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    You may also want to consider an identity theft protection service that monitors for suspicious activity and sends alerts. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    Woman holds her face after looking at her computer

    When personal and billing information is exposed, the risk extends beyond one company to everyday customers. (Pixelfit/Getty Images)

    Kurt’s key takeaways

    Brightspeed’s investigation is still unfolding, and the company says it will share updates as it learns more. Until then, the claims highlight how valuable customer data has become and how aggressively extortion groups are targeting infrastructure providers. For customers, caution is the best defense. For companies, transparency and speed will matter if these claims turn out to be real.

    Do you feel companies are doing enough to keep your personal data safe? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

    Copyright 2026 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • WhatsApp Web malware spreads banking trojan automatically

    NEWYou can now listen to Fox News articles!

    A new malware campaign is turning WhatsApp Web into a weapon. Security researchers say a banking Trojan linked to Astaroth is now spreading automatically through chat messages, making the attack harder to stop once it starts. 

    The campaign is known as Boto Cor-de-Rosa. It shows how cybercriminals keep evolving, especially when they can abuse tools people trust every day. This attack focuses on Windows users and uses WhatsApp Web as both the delivery system and the engine that spreads the infection further.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

    Attackers abuse WhatsApp Web to spread malware through messages that appear to come from people you trust. (Kurt “CyberGuy” Knutsson)

    How this WhatsApp Web attack works

    The attack starts with a simple message. A contact sends what looks like a routine ZIP file through WhatsApp. The file name appears random and harmless, which lowers suspicion. Once opened, the ZIP contains a Visual Basic script disguised as a normal document. If the user runs it, the script quietly pulls in two more pieces of malware. Then the script downloads the Astaroth banking malware written in Delphi. It also installs a Python-based module designed to control WhatsApp Web. Both components run in the background without obvious warning signs. From there, the infection becomes self-sustaining.

    Malware that spreads itself through your contacts

    What makes this campaign especially dangerous is how it propagates. The Python module scans the victim’s WhatsApp contacts and sends the malicious ZIP file to every conversation automatically. Researchers at Acronis found that the malware adapts its messages based on the time of day. It sends friendly greetings, making the message feel normal and familiar. The text reads, “Here is the requested file. If you have any questions, I’m available!” Because the message appears to come from someone you know, many people open it without hesitation.

    NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

    Person holds iPhone showing the Whatsapp logo

    A single ZIP file sent through chat can quietly install banking malware and begin spreading to every contact. (Kurt “CyberGuy” Knutsson)

    Built-in tracking keeps the attack efficient

    This malware is carefully designed to monitor its own performance in real time. The propagation tool tracks how many messages are successfully delivered, how many fail to send, and the overall sending speed measured per minute. After every 50 messages, it generates progress updates that show how many contacts have been reached. This feedback allows attackers to measure success quickly and make adjustments if something stops working.

    What happens after infection

    The initial script is heavily obfuscated to avoid detection by antivirus tools. Once it runs, it launches PowerShell commands that download more malware from compromised websites. One known domain used in this campaign is coffe-estilo.com. The malware installs itself inside a folder that mimics a Microsoft Edge cache directory. Inside are executable files and libraries that make up the full Astaroth banking payload. From there, the malware can steal credentials, monitor activity and potentially access financial accounts.

    Why WhatsApp Web is being abused

    WhatsApp Web is popular because it mirrors your phone conversations on a computer. That convenience makes it easy to send messages, share files and type faster, but it also introduces risk. When you use WhatsApp Web, you link your phone to a browser by scanning a QR code at web.whatsapp.com. Once connected, that browser session becomes a trusted extension of your account. Your chats appear on the screen, messages you send come from your real number and incoming messages sync across both devices.

    That setup is exactly what attackers take advantage of. If malware gains access to a computer with WhatsApp Web logged in, it can act as the user. It can read messages, access contact lists and send files or links that look completely legitimate. The messages do not raise alarms because they are coming from a real account, not a fake one.

    This is what turns WhatsApp Web into an effective delivery system for malware. Instead of breaking into WhatsApp itself, attackers simply abuse an open browser session to spread malicious files automatically. Many users do not realize the danger because WhatsApp Web feels harmless. It is often left signed in on work computers, shared devices or systems without strong security. In those situations, malware does not need advanced tricks. It only needs access to an already trusted session. That combination of convenience and trust is why WhatsApp Web has become such an attractive target.

    MALICIOUS MAC EXTENSIONS STEAL CRYPTO WALLETS AND PASSWORDS

    A person typing on a laptop. (Kurt "CyberGuy" Knutsson)  

    Once WhatsApp Web is compromised, malware can act like the user, sending messages and files that look completely legitimate.  (Kurt “CyberGuy” Knutsson)

    How to stay safe from WhatsApp Web malware

    Attacks like this WhatsApp Web malware are designed to spread fast through trusted conversations. A few smart habits can dramatically lower your risk.

    1) Be skeptical of unexpected attachments

    Messaging apps feel casual, which is exactly why attackers use them. Never open ZIP files sent through chat unless you confirm with the sender first. Watch for file names made of random numbers or unfamiliar names. Treat messages that create urgency or feel overly familiar as a warning sign. If a file arrives out of nowhere, pause before clicking.

    2) Lock down WhatsApp Web access

    This campaign abuses WhatsApp Web to spread automatically once a device is infected. Check active WhatsApp Web sessions and log out of any you do not recognize. Avoid leaving WhatsApp Web signed in on shared or public computers. Enable two-factor authentication (2FA) inside WhatsApp settings. Cutting off Web access helps limit how far malware can travel.

    3) Keep your Windows PC locked down and use strong antivirus software 

    This type of malware takes advantage of systems that fall behind on updates. Install Windows updates as soon as they are available. Also, keep your web browser fully updated. Staying current closes many of the doors attackers try to slip through. In addition, use strong antivirus software that watches for script abuse and PowerShell activity in real time.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    4) Limit how much of your personal data is online

    Banking malware often pairs with identity theft and financial fraud. One way to reduce the fallout is by shrinking your digital footprint. A data removal service can help remove your personal information from data broker sites that attackers often search. With less information available, criminals have fewer details to exploit if malware reaches your device.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    5) Add identity theft protection for extra coverage

    Even with strong security habits, financial monitoring adds another layer of protection. An identity theft protection service can watch for suspicious activity tied to your credit and personal data. Identity theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    You should also turn on alerts for bank and credit card transactions so you are notified quickly if something looks wrong. The less exposed your data is, the fewer opportunities attackers have to cause damage.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    6) Slow down and trust your instincts

    Most malware infections happen because people act too quickly. If a message feels off, trust that instinct. Familiar names and friendly language can lower your guard, but they should never replace caution. Take a moment to verify the message or file before opening anything. Attackers rely on trust and urgency to succeed. Slowing down takes away their advantage.

    Kurt’s key takeaways

    This WhatsApp Web malware campaign is a reminder that cyberattacks no longer rely on obvious red flags. Instead, they blend into everyday conversations and use familiar tools to spread quietly and quickly. What makes this threat especially concerning is how little effort it takes for it to move from one device to dozens of others. A single click can turn a trusted chat into a delivery system for banking malware and identity theft. The good news is that small changes make a big difference. Paying attention to attachments, locking down WhatsApp Web access, keeping devices updated and slowing down before clicking can stop these attacks cold. As messaging platforms continue to play a bigger role in daily life, staying alert is no longer optional. Awareness and simple habits remain some of the strongest defenses you have.

    Do you think messaging apps are doing enough to protect users from malware that spreads through trusted conversations?  Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • January scams surge: Why fraud spikes at the start of the year

    NEWYou can now listen to Fox News articles!

    Every January, I hear from people who say the same thing: “I just got an email that looked official, and I almost fell for it.” That’s not a coincidence. January is one of the busiest months of the year for scammers. While most of us are focused on taxes, benefits, subscriptions, and getting our finances in order, criminals are doing their own kind of cleanup, refreshing scam lists and going after people with newly updated personal data. If you’ve ever received a message claiming your account needs to be “verified,” your benefits are at risk, or your tax information is incomplete, this article is for you.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

    Scam messages often look urgent and official, pushing you to act before you have time to think. That pressure is exactly what criminals rely on. (Kurt “CyberGuy” Knutsson)

    Why January is prime time for scammers

    January is when scammers have everything they need. According to YouMail’s Robocall Index, U.S. consumers received just over 4.7 billion robocalls in January 2025, a roughly 9% increase from December 2024. This year, we can expect the same pattern from scammers.

    They know:

    But the biggest reason scams spike now? Your personal data is easier to find than you think. Data brokers quietly collect and update profiles year after year. By January, those profiles are often more complete than ever, and scammers know it.

    The “account verification” scam you’ll see everywhere

    One of the most common January scams looks harmless at first. You get a message saying:

    • “Your Social Security account needs verification”
    • “Your Medicare information has to be updated”
    • “Your benefits could be delayed without action”

    The message sounds official. Sometimes it even uses your real name or location. That’s where people get tricked. Government agencies don’t ask for sensitive information through random emails or texts. Scammers rely on urgency and familiarity to push you into reacting before thinking.

    My rule: If you didn’t initiate the request, don’t respond to it. Always go directly to the agency’s official website or phone number, never through a link sent to you.

    MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

    A person typing on a laptop. (Kurt "CyberGuy" Knutsson)  

    January is a prime time for fraud because people are dealing with taxes, benefits and account updates. Scammers know these messages feel expected and familiar. (Kurt “CyberGuy” Knutsson)

    Fake tax and benefits notices ramp up in January

    Another favorite scam this time of year involves taxes and refunds.

    You may see:

    • Emails claiming you owe back taxes
    • Messages saying you’re due a refund
    • Notices asking you to “confirm” banking information.

    These scams work because they arrive at exactly the moment people expect to hear from tax agencies or benefits programs.

    Scammers don’t need much to sound convincing. A name, an email address or an old address is often enough. If you get a tax-related message out of the blue, slow down. Real agencies don’t pressure you to act immediately.

    Subscription “problems” that aren’t real

    January is also when subscription scams explode. Fake messages claim:

    Scammers know most people have subscriptions, so they play the odds. Instead of clicking, open the app or website directly. If there’s a real problem, you’ll see it there.

    Why these scams feel so personal

    People often tell me, “But they used my name, how did they know?” Here’s the uncomfortable truth: They probably bought it. Data brokers compile massive profiles that include:

    • Address histories
    • Phone numbers and emails
    • Family connections
    • Shopping behavior.

    That data is sold, shared and leaked. Once scammers have it, they can tailor messages that feel real, because they’re built on real information.

    10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

    The more personal data scammers have, the more convincing their messages become. Removing your information from data broker sites can help reduce targeted scams over time.

    The more personal data scammers have, the more convincing their messages become. Removing your information from data broker sites can help reduce targeted scams over time. (Kurt “CyberGuy” Knutsson)

    What you should do right now

    Before January gets any busier, take these steps to reduce your exposure to scams and fraud:

    1) Remove your personal data from broker sites

    Deleting emails or blocking numbers helps, but it does not stop scams at the source. Scammers rely on data broker sites that quietly collect, update and sell your personal information. Removing your data from those sites reduces scam calls, phishing emails and targeted texts over time. It also makes it harder for criminals to personalize messages using your real name, address or family connections. You have two ways to do this:

    Do it yourself:

    You can visit individual data broker websites, search for your profile and submit opt-out requests.This method works, but it takes time. Each site has its own rules, identity verification steps, and response timelines. Many brokers also re-add data later, which means you have to repeat the process regularly.

    Use a data removal service:

    A data removal service automates the opt-out process by contacting hundreds of data brokers on your behalf and monitoring for re-listings. This option saves time and provides ongoing protection, especially if you want long-term results without constant follow-ups.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    2) Don’t click links in unexpected messages

    If you did not initiate the request, do not click. Scam messages are designed to create urgency, especially around taxes, benefits and account issues. Instead, go directly to the official website by typing the address yourself or using a saved bookmark. This single habit prevents most phishing attacks.

    3) Turn on two-factor authentication wherever possible

    Two-factor authentication (2FA) adds a critical second layer of protection. Even if someone gets your password, they still cannot access your account without the second verification code. Start with email, financial accounts, social media and government services.

    4) Check accounts only through official apps or websites

    If you receive a warning about an account problem, do not trust the message itself. Open the official app or website, and check there. If something is wrong, you will see it immediately. If not, you just avoided a scam.

    5) Watch for account alerts and login activity

    Enable login alerts and security notifications on important accounts. These alerts can warn you if someone tries to sign in from a new device or location. Early warnings give you time to act before real damage occurs.

    6) Use strong, unique passwords and a password manager

    Reusing passwords makes it easy for scammers to take over multiple accounts at once. If one service is compromised, attackers try the same login on email, banking, and social media accounts. A password manager helps you create and store strong, unique passwords for every account without needing to remember them. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    January scams aren’t random. They’re targeted, timed and fueled by personal data that shouldn’t be public in the first place. The longer your information stays online, the easier it is for scammers to use it against you. If you want a quieter inbox, fewer scam calls and less risk this year, take action early, before criminals finish rebuilding their lists. Protect your data now, and you’ll be safer all year long.

    Have you noticed more scam emails, texts or calls since the new year started? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report. Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Social media platforms removed 4.7 million accounts after Australia ban for children

    WELLINGTON, New Zealand — Social media companies have revoked access to about 4.7 million accounts identified as belonging to children in Australia since the country banned use of the platforms by those under 16, officials said.

    “We stared down everybody who said it couldn’t be done, some of the most powerful and rich companies in the world and their supporters,” communications minister Anika Wells told reporters on Friday. “Now Australian parents can be confident that their kids can have their childhoods back.”

    The figures, reported to Australia’s government by 10 social media platforms, were the first to show the scale of the landmark ban since it was enacted in December over fears about the effects of harmful online environments on young people. The law provoked fraught debates in Australia about technology use, privacy, child safety and mental health and has prompted other countries to consider similar measures.

    Under Australian law, Facebook, Instagram, Kick, Reddit, Snapchat, Threads, TikTok, X, YouTube and Twitch face fines of up to 49.5 million Australian dollars ($33.2 million) if they fail to take reasonable steps to remove the accounts of Australian children younger than 16. Messaging services such as WhatsApp and Facebook Messenger are exempt.

    To verify age, platforms can either request copies of identification documents, use a third party to apply age estimation technology to an account holder’s face, or make inferences from data already available such has how long an account has been held.

    About 2.5 million Australians are aged between 8 and 15, said the country’s eSafety Commissioner Julie Inman Grant, and past estimates suggested 84% of 8- to 12-year-olds held social media accounts. It was not known how many accounts were held across the 10 platforms but Inman Grant said the figure of 4.7 million “deactivated or restricted” was encouraging.

    “We’re preventing predatory social media companies from accessing our children,” Inman Grant said.

    The 10 biggest companies covered by the ban were compliant with it and had reported removal figures to Australia’s regulator on time, the commissioner said. She added that social media companies were expected to shift their efforts from enforcing the ban to preventing children from creating new accounts or otherwise circumventing the prohibition.

    Australian officials didn’t break the figures down by platform. But Meta, which owns Facebook, Instagram and Threads, said this week that by the day after the ban came into effect it had removed nearly 550,000 accounts belonging to users understood to be under 16.

    In the blog post divulging the figures, Meta criticized the ban and said smaller platforms where the ban doesn’t apply might not prioritize safety. The company also noted browsing platforms would still present content to children based on algorithms — a concern that led to the ban’s enactment.

    The law was widely popular among parents and child safety campaigners. Online privacy advocates and some groups representing teenagers opposed it, with the latter citing the support found in online spaces by vulnerable young people or those geographically isolated in Australia’s sprawling rural areas.

    Some said they had managed to fool age assessing technologies or were helped by parents or older siblings to circumvent the ban.

    Since Australia began debating the measures in 2024, other countries have considered following suit. Denmark’s government is among them, saying in November that it had planned to implement a social media ban for children under 15.

    “The fact that in spite of some skepticism out there, it’s working and being replicated now around the world, is something that is a source of Australian pride,” Prime Minister Anthony Albanese said Friday.

    Opposition lawmakers have suggested that young people have circumvented the ban easily or are migrating to other apps that are less scrutinized than the largest platforms. Inman Grant said Friday that data seen by her office showed a spike in downloads of alternative apps when the ban was enacted but not a spike in usage.

    “There is no real long-term trends yet that we can say but we’re engaging,” she said.

    Meanwhile, she said, the regulator she heads planned to introduce “world-leading AI companion and chatbot restrictions in March.” She didn’t disclose further details.

    Source link

  • 5 simple tech tips to improve digital privacy

    NEWYou can now listen to Fox News articles!

    Protecting your privacy doesn’t require advanced tools or technical expertise. Some of the most effective protections are already built into your phone; you just need to know where to look.

    These five privacy tips show you exactly how to reduce tracking and limit data sharing on both iPhone and Android using the latest software.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

    Smartphone users can boost privacy by adjusting built-in settings that limit tracking, location sharing and background data collection on iPhone and Android devices. (Neil Godwin/Future via Getty Images)

    1) Reduce app permissions

    Apps often request access to your camera, microphone, contacts, photos and location, even when it’s not necessary. Limiting these permissions reduces background data collection.

    iPhone

    • Open Settings
    • Tap Privacy & Security
    • Select a permission type such as Microphone, Camera, Photos or Contacts
    • Toggle off access for apps that don’t need it

    Android

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings
    • Tap Security and Privacy
    • Scroll down and tap More privacy settings or Privacy controls  
    • Tap Permission Manager
    • Choose a permission category and set apps to Don’t allow or Allow only while using the app

    2) Turn off location access you don’t need

    Location tracking can reveal where you live, work, shop and travel.

    iPhone

    • Open Settings
    • Tap Privacy & Security
    • Tap Location Services
    • Select an app and choose While Using the App or Never
    • Turn off Precise Location when exact coordinates aren’t needed

    Android

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings
    • Tap Location
    • Tap App location permissions or App permissions 
    • Scroll through the list and tap the app you want to change
    • Select Allow only while using the app or Don’t allow

    3) Turn off photo sharing with apps

    Some apps request full access to your photo library, giving them visibility into every image and video you’ve taken.

    iPhone

    • Open Settings
    • Tap Privacy & Security
    • Tap Photos
    • Select an app and choose Selected Photos or None

    Android

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings
    • Tap Security and Privacy
    • Scroll down and tap More privacy settings or Privacy controls  
    • Tap Permission Manager
    • Tap Photos and videos 
    • Scroll through the list and tap the app you want to change
    • Set apps to Don’t allow, or Allow limited access

    5 TECH TERMS THAT SHAPE YOUR ONLINE PRIVACY

    Woman holding her phone.

    Turning off unnecessary app permissions and tracking features helps protect sensitive information stored on your phone. (Sebastian Kahnert/picture alliance via Getty Images)

    4) Turn off app tracking

    App tracking allows advertisers to follow your activity across multiple apps.

    iPhone

    • Open Settings
    • Tap Privacy & Security
    • Tap Tracking
    • Turn off Allow Apps to Request to Track

    Android

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings
    • Tap Security & privacy
    • Scroll down and tap More privacy settings
    • Tap Ads
    • Tap Delete advertising ID to remove the existing ID tied to your device
    • Tap Reset advertising ID to generate a new, blank ID

    This removes the identifier apps use to track you for targeted ads and replaces it with a fresh ID that isn’t linked to your previous activity.

    5) Turn off unnecessary background app activity

    Some apps continue running and collecting data even when you’re not actively using them.

    iPhone

    • Open Settings
    • Tap General
    • Tap Background App Refresh
    • Turn it off entirely or disable it for individual apps

    Android

    Settings may vary depending on your Android phone’s manufacturer

    • Open Settings
    • Tap Apps
    • Select an app
    • Tap Battery
    • Choose Restricted or turn off Allow background usage 

    Pro tip: Use a password manager

    A password manager reduces the need to store logins inside apps, which can limit unnecessary permissions and data collection.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE

    Person selecting an item on their phone.

    Privacy experts say small changes to phone settings can go a long way in reducing digital surveillance and data exposure. (Karl-Josef Hildenbrand/Picture Alliance via Getty Images)

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    Kurt’s key takeaways

    Protecting your privacy doesn’t have to be complicated. By reducing app permissions, limiting location access, controlling photo sharing, turning off app tracking and restricting background activity, you can significantly reduce how much personal data your phone shares. A few simple setting changes can go a long way in protecting your digital life.

    What privacy setting surprised you the most, or is there one you’re unsure about? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Teen hackers recruited through fake job ads

    NEWYou can now listen to Fox News articles!

    At first glance, the job posts look completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment comes in crypto. But these are not tutoring gigs or customer service roles. They are recruiting ads for ransomware operations. 

    And many of the people responding are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. All of them promise big payouts for “successful calls.”

    What they leave out is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem goes by a familiar name. Insiders often refer to it as “The Com,” short for “The Community.”

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

    Fake job ads promising fast cash and flexible hours are quietly recruiting teens into ransomware and extortion schemes, often paying in cryptocurrency to hide criminal activity. (Donato Fasano/Getty Images)

    How The Com operates behind the scenes

    The Com is not a single organized gang. It functions as a loose network of groups that regularly change names and members. Well-known offshoots tied to this ecosystem include Scattered Spider, Lapsus$, ShinyHunters and related splinter crews. Some groups focus on data theft. Others specialize in phishing or extortion. Collaboration happens when it benefits the operation. 

    Since 2022, these networks have targeted more than 100 major companies in the U.S. and UK. Victims include well-known brands across retail, telecom, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of affected companies exceeds one trillion dollars.

    Teenagers often take on the riskiest roles within these schemes. Phone calls, access testing and social engineering scripts typically fall to younger participants. More experienced criminals remain in the background, limiting their exposure.

    That structure mirrors what identity and fraud experts are seeing across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract. 

    “A job post feels structured, normal and safe, even when the actual behavior being requested is anything but,” Amper said. “A job posting implies a real process – a role, a manager, training and a paycheck. That’s exactly why it works. It lowers skepticism and makes risky requests feel like normal onboarding.”

    Amper notes that what’s changed is not just the scale of recruitment, but how criminals package it. “Serious crime is now being sold as ‘work.’”

    Why teens excel at social engineering attacks

    Teenagers bring a unique mix of skills that make them highly convincing. Fluent English and comfort with modern workplace technology help them sound legitimate. Familiarity with tools like Slack, ticketing systems and cloud platforms makes impersonation easier.

    According to Amper, teens don’t need technical expertise to get pulled in. “The on-ramp is usually social, a Discord server, a DM, a ‘quick gig,’” he said. “It can feel like trolling culture, but the targets are real companies and the consequences are real people.”

    Risk awareness is often lower. Conversations frequently take place in public chats, where tactics and mistakes are shared quickly. That visibility accelerates learning and increases the likelihood of detection and arrest.

    Gaming culture feeds the pipeline

    For many teens, it starts small. Pranks in online games turn into account takeovers. Username theft becomes crypto theft. Skills escalate. So do the stakes.

    Recruitment often begins in gaming spaces where fast learning and confidence are rewarded. Grooming is common. Sextortion sometimes appears. By the time real money enters the picture, legal consequences feel distant.

    Amper compares the progression to gaming itself. “These crews package crime as a ladder,” he said. “Join the group, do small tasks, level up, get paid, get status.”

    Why young women are being targeted

    Cybercrime remains male-dominated, but recruiters adapt. Young women are increasingly recruited for phone-based attacks. Some use AI tools to alter accents or tone. Others rely on stereotypes. Distress lowers suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk inside these groups. Leadership remains overwhelmingly male. Girls often perform low-level work. Training stays minimal. Exploitation is frequent.

    Red flags that signal fake job scams and ransomware recruitment

    These warning signs show up repeatedly in cases involving teen hackers, social engineering crews and ransomware groups.

    Crypto-only pay is a major warning sign

    Legitimate employers do not pay workers exclusively in cryptocurrency. Crypto-only pay makes transactions hard to trace and protects criminals, not workers.

    Per-call or per-task payouts should raise concern

    Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Real jobs pay hourly or a salary with documentation.

    Recruitment through Telegram or Discord is a red flag

    Criminal groups rely on private messaging apps to avoid oversight. Established companies do not recruit employees through gaming chats or encrypted DMs.

    Anonymous mentors and vague training are dangerous

    Being “trained from scratch” by unnamed individuals is common in ransomware pipelines. These mentors disappear when arrests happen.

    Secrecy requests signal manipulation

    Any job that asks teens to hide work from parents or employees to hide tasks from employers is crossing a line. Secrecy protects the recruiter, not the recruit.

    Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, obtain access, move money, or share sensitive identifiers before you’ve verified the employer, you’re not in a hiring process. You’re in a crime pipeline.”

    He adds that legitimate employers collect sensitive information only after a real offer, through verified HR systems. “The scam version flips the order,” he said. “It asks for the most sensitive details first, before anything is independently verifiable.”

    Urgency and emotional pressure are deliberate tactics

    Rushing decisions or creating fear lowers judgment. Social engineering depends on speed and emotional reactions.

    If you see more than one of these signs, pause immediately. Walking away early can prevent serious legal consequences later.

    MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

    Hacker using a computer.

    Cybercrime recruiters are targeting middle and high school students for risky roles like social engineering calls, exposing them to federal charges and prison time. (Philip Dulian/picture alliance via Getty Images)

    Law enforcement is cracking down on teen cybercrime

    Since 2024, government indictments and international arrests have shown cybercriminal groups tied to The Com and Scattered Spider are under increasing scrutiny from law enforcement. In Sept. 2025, U.S. prosecutors unsealed a Department of Justice complaint against 19-year-old Thalha Jubair, accusing him of orchestrating at least 120 ransomware and extortion attacks that brought in over $115 million in ransom payments from 47 U.S. companies and organizations, including federal court networks. Prosecutors charged Jubair with computer fraud, wire fraud and money laundering conspiracy.

    Across the Atlantic, British authorities charged Jubair and 18-year-old Owen Flowers for their alleged roles in a Transport for London cyberattack in 2024 that compromised travel card data and disrupted live commuter information. Both appeared in court under the U.K.’s Computer Misuse Act. Earlier law enforcement action in the U.S. included criminal charges against five Scattered Spider suspects for mass phishing campaigns that stole login credentials and millions in cryptocurrency, laying out how members of this collective staged coordinated extortion and data theft.

    Federal agencies are also issuing advisories about the group’s social engineering techniques, noting how attackers impersonate help desks, abuse multi-factor authentication and harvest credentials to access corporate networks.

    Parents often learn the truth late. In many cases, the first warning comes when federal agents arrive at the door. Teens can move from online pranks to serious federal crimes without realizing where the legal line lies.

    How parents and teens can avoid ransomware recruitment traps

    This type of cybercrime thrives on silence and speed. Slowing things down protects families and futures.

    Tips for parents and guardians to spot fake job scams early

    Parents play a critical role in spotting early warning signs, especially when online “work” starts happening behind closed doors or moves too fast to explain.

    1) Pay attention to how online “jobs” are communicated

    Ask which platforms your child uses for work conversations and who they talk to. Legitimate employers do not recruit through Telegram or Discord DMs.

    2) Question sudden income with no clear employer

    Money appearing quickly, especially in crypto, deserves scrutiny. Real jobs provide paperwork, supervisors and pay records.

    3) Treat secrecy as a serious warning sign

    If a teen is told to keep work private from parents or teachers, that is not independence. It is manipulation.

    4) Talk early about legal consequences online

    Many teens do not realize that cybercrime can lead to federal charges. Honest conversations now prevent life-changing outcomes later. Also, monitoring may feel uncomfortable. However, silence creates more risk.

    Tips for teens to avoid fake job offers and cybercrime traps

    Teenagers with tech skills have real opportunities ahead, but knowing how to spot fake offers can mean the difference between building a career and facing serious legal trouble.

    1) Be skeptical of private messages offering fast money

    Real companies do not cold-recruit through private chats or gaming servers.

    2) Avoid crypto-only payment offers

    Being paid only in cryptocurrency is a common tactic used to hide criminal activity.

    3) Choose legal paths to build skills and reputation

    Bug bounty programs, cybersecurity clubs and internships offer real experience without risking your future. Talent opens doors. Prison closes them.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

    FBI WARNS OF FAKE KIDNAPPING PHOTOS USED IN NEW SCAM

    Person typing on a keyboard.

    A loose cybercrime network known as “The Com” has been linked to major U.S. and U.K. data breaches affecting companies worth trillions combined. (Photo by Uli Deck/picture alliance via Getty Images)

    Kurt’s key takeaways

    What makes this trend so unsettling is how ordinary it all looks. The job ads sound harmless. The chats feel friendly. The crypto payouts seem exciting. But underneath that surface is a pipeline pulling teenagers into serious crimes with real consequences. Many kids do not realize how far they have gone until it is too late. What starts as a quick call or a side hustle can turn into federal charges and years of fallout. Cybercrime moves fast. Accountability usually shows up much later. By the time it does, the damage is already done.

    If fake job ads can quietly recruit teenagers into ransomware gangs, how confident are you that your family or workplace would spot the warning signs before it is too late? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Why your Android TV box may secretly be a part of a botnet

    NEWYou can now listen to Fox News articles!

    Android TV streaming boxes that promise “everything for one price” are everywhere right now. 

    You’ll see them on big retail sites, in influencer videos, and even recommended by friends who swear they’ve cut the cord for good. And to be fair, they look irresistible on paper, offering thousands of channels for a one-time payment. But security researchers are warning that some of these boxes may come with a hidden cost.

    In several cases, devices sold as simple media streamers appear to quietly turn your home internet connection into part of larger networks used for shady online activity. And many buyers have no idea it’s happening.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE

    Android TV streaming boxes promising unlimited channels for a one-time fee may quietly turn home internet connections into proxy networks, according to security researchers. (Photo By Paul Chinn/The San Francisco Chronicle via Getty Images)

    What’s inside these streaming boxes

    According to an investigation by Krebs on Security, media streaming devices don’t behave like ordinary media streamers once they’re connected to your network. Researchers closely examine SuperBox, which is an Android-based streaming box sold through third-party sellers on major retail platforms. On paper, SuperBox markets itself as just hardware. The company claims it doesn’t pre-install pirated apps and insists users are responsible for what they install. That sounds reassuring until you look at how the device actually works.

    To unlock the thousands of channels SuperBox advertises, you must first remove Google’s official app ecosystem and replace it with an unofficial app store. That step alone should raise eyebrows. Once those custom apps are installed, the device doesn’t just stream video but also begins routing internet traffic through third-party proxy networks.

    What this means is that your home internet connection may be used to relay traffic for other people. That traffic can include ad fraud, credential stuffing attempts and large-scale web scraping.

    During testing by Censys, a cyber intelligence company that tracks internet-connected devices, SuperBox models immediately contacted servers tied to Tencent’s QQ messaging service, run by Tencent, as well as a residential proxy service called Grass.

    Grass describes itself as an opt-in network that lets you earn rewards by sharing unused internet bandwidth. This suggests that SuperBox devices may be using SDKs or tooling that hijack bandwidth without clear user consent, effectively turning the box into a node inside a proxy network.

    Why SuperBox activity resembles botnet behavior

    In simple terms, a botnet is a large group of compromised devices that work together to route traffic or perform online tasks without the owners realizing it.

    Researchers discovered SuperBox devices contained advanced networking and remote access tools that have no business being on a streaming box. These included utilities like Tcpdump and Netcat, which are commonly used for network monitoring and traffic interception.

    The devices performed DNS hijacking and ARP poisoning on local networks, techniques used to redirect traffic and impersonate other devices on the same network. Some models even contained directories labeled “secondstage,” suggesting additional payloads or functionality beyond streaming.

    SuperBox is just one brand in a crowded market of no-name Android streaming devices. Many of them promise free content and quick setup, but often come preloaded with malware or require unofficial app stores that expose users to serious risk.

    In July 2025, Google filed a lawsuit against operators behind what it called the BADBOX 2.0 botnet, a network of more than ten million compromised Android devices. These devices were used for advertising fraud and proxy services, and many were infected before consumers even bought them.

    Around the same time, the Feds warned that compromised streaming and IoT devices were being used to gain unauthorized access to home networks and funnel traffic into criminal proxy services.

    We reached out to SuperBox for comment but did not receive a response before our deadline.

    8 steps you can take to protect yourself

    If you already own one of these streaming boxes or are thinking about buying one, these steps can help reduce your risk significantly.

    1) Avoid devices that require unofficial app stores

    If a streaming box asks you to remove Google Play or install apps from an unknown marketplace, stop right there. This bypasses Android’s built-in security checks and opens the door to malicious software. Legitimate Android TV devices don’t require this.

    2) Use strong antivirus software on your devices

    Even if the box itself is compromised, strong antivirus software on your computers and phones can detect suspicious network behavior, malicious connections or follow-on attacks like credential stuffing. Strong antivirus software monitors behavior, not just files, which matters when malware operates quietly in the background. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Put streaming devices on a separate or guest network

    If your router supports it, isolate smart TVs and streaming boxes from your main network. This prevents a compromised device from seeing your laptops, phones or work systems. It’s one of the simplest ways to limit damage if something goes wrong.

    4) Use a password manager

    If your internet connection is being abused, stolen credentials often come next. A password manager ensures every account uses a unique password, so one leak doesn’t unlock everything. Many password managers also refuse to autofill on suspicious or fake websites, which can alert you before you make a mistake.

    MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

    AndroidTV logo on a phone.

    Investigators warn some Android-based streaming boxes route user bandwidth through third-party servers linked to ad fraud and cybercrime. (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    5) Consider using a VPN for sensitive activity

    A VPN won’t magically fix a compromised device, but it can reduce exposure by encrypting your traffic when browsing, banking or working online. This makes it harder for third parties to inspect or misuse your data if your network is being relayed.

    For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Watch your internet usage and router activity

    Unexpected spikes in bandwidth, slower speeds or strange outbound connections can be warning signs. Many routers show connected devices and traffic patterns.

    If you notice suspicious traffic or behavior, unplug the streaming box immediately and perform a factory reset on your router. In some cases, the safest option is to stop using the device altogether.

    Also, make sure your router firmware is up to date and that you’ve changed the default admin password. Compromised devices often try to exploit weak router settings to persist on a network.

    7) Be wary of “free everything” streaming promises

    Unlimited premium channels for a one-time fee usually mean you’re paying in some other way, often with your data, bandwidth or legal exposure. If a deal sounds too good to be true, it usually is.

    8) Consider a data removal service

    If your internet connection or accounts have been abused, your personal details may already be circulating among data brokers. A data removal service can help opt you out of people-search sites and reduce the amount of personal information criminals can exploit for follow-up scams or identity theft. While it won’t fix a compromised device, it can limit long-term exposure.

    10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

    An AndroidTV display.

    Cyber experts say certain low-cost streaming devices behave more like botnet nodes than legitimate media players once connected to home networks. (Photo by Alessandro Di Ciommo/NurPhoto via Getty Images)

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Kurt’s key takeaway

    Streaming boxes like SuperBox thrive on frustration. As subscriptions pile up, people look for shortcuts. But when a device promises everything for nothing, it’s worth asking what it’s really doing behind the scenes. Research shows that some of these boxes don’t just stream TV. They quietly turn your home network into a resource for others, sometimes for criminal activity. Cutting the cord shouldn’t mean giving up control of your internet connection. Before plugging in that “too good to be true” box, it’s worth slowing down and looking a little closer.

    Would you still use a streaming box if it meant sharing your internet with strangers? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Covenant Health data breach affects nearly 500,000 patients

    NEWYou can now listen to Fox News articles!

    When a healthcare data breach is first disclosed, the number of people affected is often far lower than the final tally. That figure frequently climbs as investigations continue. 

    That’s exactly what happened with Andover, Mass.-based Covenant Health. The Catholic healthcare provider has now confirmed that a cyberattack discovered last May may have affected nearly 500,000 patients, a sharp increase from the fewer than 8,000 people it initially reported earlier this year. 

    A ransomware group later claimed responsibility for the incident, though Covenant Health has not publicly confirmed the use of ransomware. The attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    UNIVERSITY OF PHOENIX DATA BREACH HITS 3.5M PEOPLE

    Covenant Health detected suspicious activity in late May 2025, but investigators later confirmed attackers had already accessed systems days earlier. (Kurt “CyberGuy” Knutsson)

    What happened in the Covenant Health breach

    Covenant Health says it detected unusual activity in its IT environment on May 26, 2025. A later investigation revealed that an attacker had actually gained access eight days earlier, on May 18, and was able to access patient data during that window.

    In July, Covenant Health told regulators that the breach impacted 7,864 individuals. After completing what it describes as extensive data analysis, the organization now says that up to 478,188 individuals may have been affected.

    Covenant Health operates hospitals, nursing and rehabilitation centers, assisted living residences and elder care organizations across New England and parts of Pennsylvania. That wide footprint means the breach potentially touched patients across multiple states and care settings.

    In late June, the Qilin ransomware group claimed responsibility for the attack, as reported by Bleeping Computer. The group alleged it stole 852 GB of data, totaling nearly 1.35 million files. Covenant Health has not confirmed those figures, but it did acknowledge that patient information was accessed.

    According to the organization, the exposed data may have included names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details and treatment information such as diagnoses, dates of treatment and types of care received.

    700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

    A webpage with Covenant Health information

    Qilin ransomware lists Covenant Health on its data leak site. (Bleeping Computer)

    What Covenant Health is telling patients

    In a notice sent to regulators and patients, Covenant Health says it engaged third-party forensic specialists to investigate the incident and determine what data was involved. The organization says its data analysis is ongoing as it continues identifying individuals whose information may have been involved.

    Then there are the familiar statements every company makes after a breach, claiming they’ve strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health says it has also set up a dedicated toll-free call center to handle questions related to the breach.

    Beginning Dec. 31, 2025, the organization started mailing notification letters to patients whose information may have been compromised. For individuals whose Social Security numbers may have been involved, Covenant Health is offering complimentary credit monitoring and identity theft protection services.

    We reached out to Covenant Health, and the company confirmed the expanded scope of the incident and outlined steps being taken to notify patients and enhance security safeguards.

    DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

    Outsmart hackers who are out to steal your identity

    The breach exposed highly sensitive information, including names, Social Security numbers, medical records and treatment details tied to nearly half a million patients. (Kurt “CyberGuy” Knutsson)

    7 steps you can take to protect yourself after the Covenant Health breach

    If you received a notice from Covenant Health or if your data has been exposed in any healthcare breach, these steps can help reduce the risk of misuse.

    1) Enroll in the free identity protection offered

    If the organization offers you credit monitoring or identity protection, take it. These services can alert you to suspicious activity tied to your Social Security number, credit file or identity details before real damage is done. If you’re not offered one and want to be on the safer side, you might consider getting one yourself.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    2) Monitor medical and insurance statements closely

    Medical identity theft often shows up quietly. Review an explanation of benefits (EOBs), insurance claims and billing statements for services you don’t recognize. If something looks off, report it to your insurer immediately.

    3) Place a fraud alert or credit freeze

    A fraud alert tells lenders to take extra steps to verify your identity before approving credit. A credit freeze goes further by blocking new accounts entirely unless you lift it. If Social Security numbers were exposed, a freeze is usually the safer option.

    To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

    4) Use a password manager

    Healthcare breaches often lead to credential-stuffing attacks elsewhere. A password manager ensures every account uses a unique password, so one exposed dataset can’t unlock everything else. It also makes it easier to update passwords quickly after a breach.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Be cautious of phishing scams and use strong antivirus software

    Breaches are frequently followed by phishing emails, texts or calls that reference the incident to sound legitimate. Attackers may pose as the healthcare provider, an insurer or a credit bureau. Don’t click links or share information unless you verify the source independently.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    6) Consider a personal data removal service

    Once your data leaks, it often spreads across data broker sites. Personal data removal services help reduce your digital footprint by requesting takedowns from these databases. While they can’t erase everything, they lower your exposure and make targeted fraud harder.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Review your credit reports regularly

    You’re entitled to free credit reports from all major bureaus. Check them for unfamiliar accounts, hard inquiries or address changes. Catching fraud early makes it far easier to contain.

    Kurt’s key takeaway

    Healthcare organizations remain prime targets for cybercriminal groups because of the volume and sensitivity of the data they store. Medical records contain a mix of personal, financial, and health information that is difficult to change once exposed. Unlike a password, you cannot reset a diagnosis or treatment history. This breach also shows how early disclosures often underestimate impact. Large healthcare networks rely on complex systems and third-party vendors, which can slow forensic analysis in the early stages. As investigations continue, the number of affected individuals often climbs.

    Do you think healthcare organizations do enough to protect user data? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Why January is the best time to remove personal data online

    NEWYou can now listen to Fox News articles!

    January feels like a reset. A new calendar. New goals. New habits. While you clean out your inbox, organize paperwork or set resolutions, however, scammers also hit reset, and they start with your personal data.

    That is because January is one of the most important months for online privacy. This is when data brokers refresh profiles and scammers rebuild their target lists.

    As a result, the longer your information stays online, the more complete and valuable your profile becomes. To help address this, institutions like the U.S. Department of the Treasury have released advisories urging people to stay vigilant and avoid data-related scams. 

    For that reason, taking action early in the year can significantly reduce scam attempts, lower identity theft risks, and limit unwanted exposure for the rest of the year.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    January is when data brokers refresh profiles and scammers rebuild target lists, making early action critical for online privacy. (iStock)

    STOP DATA BROKERS FROM SELLING YOUR INFORMATION ONLINE

    Why personal data does not expire and keeps compounding online

    Many people assume old information eventually becomes useless. Unfortunately, that’s not how data brokers work.

    Data brokers don’t just store a snapshot of who you are today. They build living profiles that grow over time, pulling from:

    • Public records (property sales, court filings, voter registrations)
    • Retail purchases and loyalty programs
    • App usage and location data
    • Past addresses, phone numbers, and relatives
    • Marketing databases and online activity.

    Each year adds another layer. A new address. A changed phone number. A family connection. A retirement milestone. On its own, one data point doesn’t mean much. But together, they create a detailed identity profile that scammers can use to convincingly impersonate you. That’s why waiting makes things worse, not better.

    Why scammers ‘rebuild’ targets at the start of the year

    Scammers don’t randomly target people. They work from lists. At the beginning of the year, those lists get refreshed.

    Why January matters so much:

    • Data brokers update and resell profiles after year-end records close
    • New public filings from the previous year become searchable
    • Marketing databases reset campaigns and audience segments
    • Scam networks repackage data into “fresh” target lists.

    Think of it like the upcoming spring cleaning, except it’s criminals organizing identities to exploit for the next 12 months.

    If your data is still widely exposed in January, you’re far more likely to:

    Once your profile is flagged as responsive or profitable, it often stays in circulation.

    Spot fake online stores, avoid Facebook subscription scams

    As personal information accumulates across databases, digital profiles grow more detailed and more valuable to scammers over time. (Kurt “CyberGuy” Knutsson)

    Why taking action in January protects you all year long

    Removing your data early isn’t just about stopping scams today; it’s about cutting off the supply chain that fuels them. When your information is removed from data broker databases:

    • It’s harder for scammers to find accurate contact details
    • Phishing messages become less convincing
    • Impersonation attempts fail more often
    • Your identity becomes less valuable to resell.

    This has a compounding benefit in the opposite direction. The fewer lists you appear on in January, the fewer times your data gets reused, resold, and recycled throughout the year. That’s why I consistently recommend addressing data exposure before problems start, not after.

    Why retirees and families feel the impact first

    January is especially important for retirees and families because they’re more likely to become targets of fraud, scams, and other crimes.

    Retirees often have:

    • Long addresses and employment histories
    • Stable credit profiles
    • Fewer active credit applications
    • Public retirement and property records

    Families add another layer of risk:

    • Relatives are linked together in broker profiles
    • One exposed family member can expose others
    • Shared addresses and phone plans increase visibility

    Scammers know this. That’s why households with established financial histories are prioritized early in the year.

    Why quick fixes don’t work

    Many people try to “start fresh” in January by:

    Those steps help, but they don’t remove your data from broker databases. Credit monitoring services alert you after something goes wrong. Password changes don’t affect public profiles. And unsubscribing doesn’t stop data resale. If your personal information is still sitting in hundreds of databases, scammers can find you.

    The January privacy reset that actually works

    If you want fewer scam attempts for the rest of the year, the most effective step is removing your personal data at the source.

    You can do this in one of two ways. You can submit removal requests yourself, or you can use a professional data removal service to handle the process for you.

    Removing your data yourself

    Manually removing your data means identifying dozens or even hundreds of data broker websites, finding their opt-out forms and submitting removal requests one by one. You also need to verify your identity, track responses and repeat the process whenever your information reappears.

    This approach works, but it requires time, organization, and ongoing follow-up.

    Using a data removal service

    A data removal service handles this process on your behalf. These services typically:

    • Send legal data removal requests to large networks of data brokers
    • Monitor for reposted information and submit follow-up removals
    • Continue tracking your exposure throughout the year
    • Manage a process that most people cannot realistically maintain on their own
    Boy computer tired

    Removing your data at the start of the year helps reduce scam attempts, phishing messages and identity theft risks all year long. (iStock)

    Because these services handle sensitive personal information, it is important to choose one that follows strict security standards and uses verified removal methods.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Kurt’s key takeaways

    Scammers don’t wait for mistakes. They wait for exposed data. January is when profiles are refreshed, lists are rebuilt, and targets are chosen for the year ahead. The longer your personal information stays online, the more complete-and dangerous-your digital profile becomes. The good news? You can stop the cycle. Removing your data now reduces scam attempts, protects your identity, and gives you a quieter, safer year ahead. If you’re going to make one privacy move this year, make it early-and make it count.

    Have you ever been surprised by how much of your personal information was already online? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • Hackers abuse Google Cloud to send trusted phishing emails

    NEWYou can now listen to Fox News articles!

    Cybercriminals have found a clever new way to get phishing emails straight into inboxes.

    Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud

    The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – when you join my CYBERGUY.COM newsletter.

    How this Google Cloud phishing attack worked

    At the center of the campaign was Google Cloud Application Integration. This service allows businesses to send automated email notifications from workflows they build. Attackers exploited the Send Email task inside that system. Because the messages came from a real Google address, they appeared authentic to both users and security tools. 

    According to Check Point, a global cybersecurity firm that tracks and analyzes large-scale threat campaigns, the emails were sent from a legitimate Google-owned address and closely matched Google’s notification style. Fonts, wording, and layout all looked familiar. Over a two-week period in December 2025, attackers sent more than 9,000 phishing emails targeting roughly 3,200 organizations across the U.S., Europe, Canada, Asia Pacific, and Latin America.

    Attackers used trusted Google Cloud infrastructure to route victims through multiple redirects before revealing the scam. (Thomas Fuller/SOPA Images/LightRocket via Getty Images)

    MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

    Why Google phishing emails were so convincing

    The messages looked like routine workplace alerts. Some claimed you had received a voicemail. Others said you were granted access to a shared document, like a Q4 file. That sense of normalcy lowered suspicion. Many people are used to seeing these exact messages every day. Even more concerning, the emails bypassed common protections like SPF and DMARC because they were sent through Google-owned infrastructure. To email systems, nothing looked fake.

    What happens after you click

    The attack did not stop at the email. Once a victim clicked the link, they were sent to a page hosted on storage.cloud.google.com. That added another layer of trust. From there, the link redirected again to googleusercontent.com. Next came a fake CAPTCHA or image check. This step blocked automated security scanners while letting real users continue. After passing that screen, victims landed on a fake Microsoft login page hosted on a non-Microsoft domain. Any credentials entered there were captured by the attackers.

    Who was targeted in the Google Cloud phishing attack

    Check Point says the campaign focused heavily on industries that rely on automated alerts and shared documents. That included manufacturing, technology, finance, professional services, and retail. Other sectors like healthcare, education, government, energy, travel and media were also targeted. These environments see constant permission requests and file-sharing notices, which made the lures feel routine.

    “We have blocked several phishing campaigns involving the misuse of an email notification feature within Google Cloud Application Integration,” a Google spokesperson told Cyberguy. “Importantly, this activity stemmed from the abuse of a workflow automation tool, not a compromise of Google’s infrastructure. While we have implemented protections to defend users against this specific attack, we encourage continued caution as malicious actors frequently attempt to spoof trusted brands. We are taking additional steps to prevent further misuse.”

    The incident demonstrates how attackers can weaponize legitimate cloud automation tools without resorting to traditional spoofing.

    Ways to stay safe from trusted-looking phishing emails

    Phishing emails are getting harder to spot, especially when attackers abuse real cloud platforms like Google Cloud. These steps help reduce risk when emails look familiar and legitimate.

    1) Slow down before acting on alerts

    Attackers rely on urgency. Messages about voicemails, shared files or permission changes are designed to make you click fast. Pause before taking action. Ask yourself whether you were actually expecting that alert. If not, verify it another way.

    2) Inspect links before you click

    Always hover over links to preview the destination domain. In this campaign, links jumped across multiple trusted-looking Google domains before landing on a fake login page. If the final destination does not match the service asking you to sign in, close the page immediately.

    3) Treat file access and permission emails with caution

    Shared document alerts are a favorite lure because they feel routine at work. If an email claims you were granted access to a file you do not recognize, do not click directly from the message. Instead, open your browser and sign in to Google Drive or OneDrive manually to check for new files.

    Microsoft computer on table.

    The final step led users to a fake Microsoft login page, where entered credentials were silently stolen. (Stack Social)

    4) Use a password manager to catch fake login pages

    Password managers can be a strong last line of defense. They will not autofill credentials on fake Microsoft or Google login pages hosted on non-official domains. If your password manager refuses to fill in a login, that is a red flag worth paying attention to.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    NEW GOOGLE AI MAKES ROBOTS SMARTER WITHOUT THE CLOUD

    5) Run strong antivirus software with phishing protection

    Modern antivirus tools do more than scan files. Many now detect malicious links, fake CAPTCHA pages, and credential harvesting sites in real time. Strong antivirus software can block phishing pages even after a click, which matters in multi-stage attacks like this one.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    6) Reduce your exposure with a data removal service

    Phishing campaigns often succeed because attackers already know your email, employer or role. That information is commonly pulled from data broker sites. A data removal service helps remove your personal information from these databases, making it harder for attackers to craft convincing, targeted emails.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Enable two-factor authentication (2FA) everywhere

    Even if attackers steal your password, two-factor authentication (2FA) can stop them from accessing your account. Use app-based authentication or hardware keys when possible, especially for work email, cloud storage, and Microsoft accounts.

    8) Report suspicious emails immediately

    If something feels off, report it. Flag suspicious Google or Microsoft alerts to your IT or security team so they can warn others. Early reporting can stop a phishing campaign before it spreads further inside an organization.

    Is it safe to unsubscribe from spam you didn’t sign up for?

    Google phishing emails looked like routine workplace alerts. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaways

    This campaign highlights a growing shift in phishing tactics. Attackers no longer need to fake brands when they can abuse trusted cloud services directly. As automation becomes more common, security awareness matters more than ever. Even familiar emails deserve a second look, especially when they push urgency or ask for credentials.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    If a phishing email comes from a real Google address, how confident are you that you would spot it before clicking? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link

  • At CES, auto and tech companies transform cars into proactive companions

    LAS VEGAS — In a vision of the near future shared at CES, a girl slides into the back seat of her parents’ car and the cabin instantly comes alive. The vehicle recognizes her, knows it’s her birthday and cues up her favorite song without a word spoken.

    “Think of the car as having a soul and being an extension of your family,” Sri Subramanian, Nvidia’s global head of generative AI for automotive, said Tuesday.

    Subramanian’s example, shared with a CES audience on the show’s opening day in Las Vegas, illustrates the growing sophistication of AI-powered in-cabin systems and the expanding scope of personal data that smart vehicles may collect, retain and use to shape the driving experience.

    Across the show floor, the car emerged less as a machine and more as a companion as automakers and tech companies showcased vehicles that can adapt to drivers and passengers in real time — from tracking heart rates and emotions to alerting if a baby or young child is accidentally left in the car.

    Bosch debuted its new AI vehicle extension that aims to turn the cabin into a “proactive companion.” Nvidia, the poster child of the AI boom, announced Alpamayo, its new vehicle AI initiative designed to help autonomous cars think through complex driving decisions. CEO Jensen Huang called it a “ChatGPT moment for physical AI.”

    But experts say the push toward a more personalized driving experience is intensifying questions about how much driver data is being collected.

    “The magic of AI should not just mean all privacy and security protections are off,” said Justin Brookman, director of marketplace policy at Consumer Reports.

    Unlike smartphones or online platforms, cars have only recently become major repositories of personal data, Brookman said. As a result, the industry is still trying to establish the “rules of the road” for what automakers and tech companies are allowed to do with driver data.

    That uncertainty is compounded by the uniquely personal nature of cars, Brookman said. Many people see their vehicles as an extension of themselves — or even their homes — which he said can make the presence of cameras, microphones and other monitoring tools feel especially invasive.

    “Sometimes privacy issues are difficult for folks to internalize,” he said. “People generally feel they wish they had more privacy but also don’t necessarily know what they can do to address it.”

    At the same time, Brookman said, many of these technologies offer real safety benefits for drivers and can be good for the consumer.

    On the CES show floor, some of those conveniences were on display at automotive supplier Gentex’s booth, where attendees sat in a mock six-seater van in front of large screens demonstrating how closely the company’s AI-equipped sensors and cameras could monitor a driver and passengers.

    “Are they sleepy? Are they drowsy? Are they not seated properly? Are they eating, talking on phones? Are they angry? You name it, we can figure out how to detect that in the cabin,” said Brian Brackenbury, director of product line management at Gentex.

    Brackenbury said it’s ultimately up to the car manufacturers to decide how the vehicle reacts to the data that’s collected, which he said is stored in the car and deleted after the video frames, for example, have been processed. “

    “One of the mantras we have at Gentex is we’re not going to do it just because we can, just because the technology allows it,” Brackebury said, adding that “data privacy is really important.”

    Source link

  • At CES, Auto and Tech Companies Transform Cars Into Proactive Companions

    LAS VEGAS (AP) — In a vision of the near future shared at CES, a girl slides into the back seat of her parents’ car and the cabin instantly comes alive. The vehicle recognizes her, knows it’s her birthday and cues up her favorite song without a word spoken.

    “Think of the car as having a soul and being an extension of your family,” Sri Subramanian, Nvidia’s global head of generative AI for automotive, said Tuesday.

    Subramanian’s example, shared with a CES audience on the show’s opening day in Las Vegas, illustrates the growing sophistication of AI-powered in-cabin systems and the expanding scope of personal data that smart vehicles may collect, retain and use to shape the driving experience.

    Across the show floor, the car emerged less as a machine and more as a companion as automakers and tech companies showcased vehicles that can adapt to drivers and passengers in real time — from tracking heart rates and emotions to alerting if a baby or young child is accidentally left in the car.

    Bosch debuted its new AI vehicle extension that aims to turn the cabin into a “proactive companion.” Nvidia, the poster child of the AI boom, announced Alpamayo, its new vehicle AI initiative designed to help autonomous cars think through complex driving decisions. CEO Jensen Huang called it a “ChatGPT moment for physical AI.”

    But experts say the push toward a more personalized driving experience is intensifying questions about how much driver data is being collected.

    “The magic of AI should not just mean all privacy and security protections are off,” said Justin Brookman, director of marketplace policy at Consumer Reports.

    Unlike smartphones or online platforms, cars have only recently become major repositories of personal data, Brookman said. As a result, the industry is still trying to establish the “rules of the road” for what automakers and tech companies are allowed to do with driver data.

    That uncertainty is compounded by the uniquely personal nature of cars, Brookman said. Many people see their vehicles as an extension of themselves — or even their homes — which he said can make the presence of cameras, microphones and other monitoring tools feel especially invasive.

    “Sometimes privacy issues are difficult for folks to internalize,” he said. “People generally feel they wish they had more privacy but also don’t necessarily know what they can do to address it.”

    At the same time, Brookman said, many of these technologies offer real safety benefits for drivers and can be good for the consumer.

    On the CES show floor, some of those conveniences were on display at automotive supplier Gentex’s booth, where attendees sat in a mock six-seater van in front of large screens demonstrating how closely the company’s AI-equipped sensors and cameras could monitor a driver and passengers.

    “Are they sleepy? Are they drowsy? Are they not seated properly? Are they eating, talking on phones? Are they angry? You name it, we can figure out how to detect that in the cabin,” said Brian Brackenbury, director of product line management at Gentex.

    Brackenbury said it’s ultimately up to the car manufacturers to decide how the vehicle reacts to the data that’s collected, which he said is stored in the car and deleted after the video frames, for example, have been processed. “

    “One of the mantras we have at Gentex is we’re not going to do it just because we can, just because the technology allows it,” Brackebury said, adding that “data privacy is really important.”

    Copyright 2026 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

    Photos You Should See – December 2025

    Associated Press

    Source link

  • Browser extension malware infected 8.8M users in DarkSpectre attack

    NEWYou can now listen to Fox News articles!

    Browser extensions promise convenience. Many offer simple tools like new tab pages, translators or video helpers. 

    Researchers, however, uncovered a long-running malware operation that abused that trust on a massive scale. Koi Security analysts identified the threat while analyzing suspicious infrastructure tied to a campaign known as ShadyPanda. What started as one investigation quickly revealed something far larger.

    The group behind it is now known as DarkSpectre. According to Koi researchers, it infected more than 8.8 million users across Chrome, Edge and Firefox over seven years. This was not a smash-and-grab attack. It was slow, deliberate and highly organized. Instead of rushing malicious code into marketplaces, the group played the long game.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

    Security researchers say millions of users unknowingly installed browser extensions that later turned malicious after years of appearing legitimate. (Donato Fasano/Getty Images)

    One threat actor behind three major campaigns

    At first, the activity looked like separate threats. That changed once Koi analysts followed the infrastructure breadcrumbs. By pivoting from domains linked to ShadyPanda, Koi researchers uncovered shared systems powering multiple extension clusters. That analysis confirmed that ShadyPanda, GhostPoster and Zoom Stealer were not separate actors. They were one coordinated operation. Together, these campaigns targeted both everyday users and corporate environments.

    ShadyPanda

    This campaign focused on mass surveillance and affiliate fraud. Researchers estimate it affected more than 4 million users, with some analyses suggesting the total could reach up to 5.6 million as additional related extensions were linked. In several cases, extensions remained legitimate for more than five years before quietly turning malicious.

    GhostPoster

    This campaign used a clever trick. It hid malicious code inside image files to bypass security checks. It impacted 1.05 million users.

    Zoom Stealer

    This operation targeted corporate meeting data across more than 28 conferencing platforms. It affected 2.2 million users.

    Different goals. Same operator.

    How Koi uncovered DarkSpectre’s hidden network

    The breakthrough came when Koi analysts examined two domains tied to ShadyPanda. Those domains powered legitimate extension features like weather widgets and new tab pages. They were not command servers. That was the trick. Those same clean domains appeared again and again across other extensions that quietly connected to entirely different malicious infrastructure.

    One domain led to extensions. Those extensions exposed new domains. Those domains were connected to even more extensions. Following that chain allowed Koi to uncover over 100 connected extensions across multiple browser marketplaces. Some extensions even reused infrastructure already flagged in earlier investigations. That overlap confirmed DarkSpectre was operating at a nation-state scale.

    How DarkSpectre stayed hidden for years

    DarkSpectre succeeded by blending legitimate functionality with hidden malware. Users got what they expected. Meanwhile, the threat ran quietly in the background.

    Time-delayed activation fooled reviewers

    Some extensions waited days before activating malicious behavior. Others triggered malware on only a small percentage of page loads. This made detection during marketplace reviews extremely difficult.

    Malicious code disguised as images

    The group hid JavaScript inside PNG image files. The extension loaded its own logo, extracted the hidden code and executed it silently.

    No updates required

    Instead of pushing new extension versions, DarkSpectre controlled everything from its servers. Operators could change behavior anytime without alerting users or marketplaces. Koi researchers noted this approach gave the attackers long-term flexibility and control.

    Why the Zoom Stealer campaign stands out

    Most malware focuses on consumer fraud. Zoom Stealer focused on intelligence.

    According to Koi analysts, these extensions collected the following:

    • Meeting links with embedded passwords
    • Meeting IDs, topics and schedules
    • Speaker names, titles, bios and photos
    • Company affiliations and branding

    Worse yet, the data streamed in real time. The moment a user joined or viewed a meeting, the information flowed out. This type of data enables phishing impersonation and corporate espionage at scale.

    Why browser extensions remain a weak link

    Extension marketplaces typically evaluate code only at submission or update. Koi’s investigation shows how attackers exploit that model. Once an extension earns trust badges and positive reviews, users stop questioning it. That trust becomes a weapon. A clean extension today can become a threat tomorrow.

    Ways to stay safe from malicious browser extensions

    You do not need to avoid extensions entirely. You do need to stay cautious.

    1)  Keep your browser up-to-date

    Make sure you turn on automatic updates for your browser (e.g., Chrome, Firefox, Edge) so you’re always running the latest version without thinking about it. 

    2) Review your installed extensions

    Remove anything you no longer use. Fewer extensions reduce risk. CyberGuy has step-by-step guides showing how to review and remove browser extensions safely, making it easy to clean up your browser in just a few minutes. In Chrome, Edge and Firefox, open the menu, go to Extensions or Add-ons, and remove anything you do not use or trust.

    3) Install extensions only from trusted sources

    Official browser stores like the Chrome Web Store have rules and scans to catch bad actors. They’re not perfect, but they are still a better option when compared to a random website on the internet. Extensions from unknown websites or third-party downloads are far more likely to hide malware or spyware. 

    FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

    Hacker on their laptop.

    A long-running malware operation quietly abused trusted browser extensions across Chrome, Edge and Firefox, infecting millions worldwide. (Morteza Nikoubazl/NurPhoto via Getty Images)

    4) Have strong antivirus software

    Strong antivirus software can warn you before you install malicious software, such as sketchy browser extensions. It can also alert you to phishing emails and ransomware scams, helping keep your personal information and digital assets safe.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Invest in personal data removal services

    If your personal data was exposed in this security incident, it’s crucial to act quickly to reduce your risk of identity theft and scams. A data removal service can help you remove all this personal information from the internet. 

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. 

    It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Be skeptical of extensions requesting unnecessary access

    Some extensions overreach on purpose. A calculator tool asking for your browsing history or a weather app wanting your login data is a huge red flag. Before installing, ask: “Does this permission match the extension’s job?” If the answer’s no, don’t install it. Watch out for broad permissions like “Read and change all your data on websites you visit” unless it’s clearly justified (e.g., a password manager). If an update suddenly adds new permission requests, dig into why. It might mean the extension’s been sold or hacked.

    7) Change your passwords — and do it safely

    If you’ve ever saved passwords in your browser (e.g., via the browser’s built-in password manager or the “Save Password” prompt), those credentials could be at risk if a malicious extension was installed. These built-in managers store passwords locally or in your Google, Microsoft or Firefox account, and a compromised browser can give bad actors a way in.

    This doesn’t typically apply to dedicated password manager extensions, which encrypt your data independently and don’t rely on browser storage. However, if you’re unsure whether an extension has been compromised, it’s always smart to update your master password and enable two-factor authentication. 

    For maximum safety, change your most important passwords (email, bank, shopping, cloud services) from a different, secure device, such as your phone or another computer where the questionable extension was never installed. Avoid using the same browser that may have been exposed. Then, consider switching to a password manager to create and store strong, unique logins going forward. 

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

     10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

    Hackers typing on a laptop.

    Analysts uncovered a coordinated campaign that hid spyware inside everyday browser tools like new tab pages and translators. (Morteza Nikoubazl/NurPhoto via Getty Images)

    8) Watch for behavior changes

    Subtle changes often appear before obvious damage. Sudden redirects, new tabs opening on their own, unfamiliar search results, popups, slower browsing or websites asking you to re-log in unexpectedly can all signal a malicious or compromised extension. Pay attention if ads appear where they never did before or if your browser settings change without your input.

    Koi’s investigation shows how attackers rely on patience. Once an extension earns trust and sits quietly for years, users stop watching it. That makes small behavior changes easy to miss. If something feels off, do not ignore it. Disable extensions one by one to identify the culprit. If the issue disappears, remove that extension permanently.

    When in doubt, trust your instincts. Browsers should not surprise you.

     CLICK HERE TO DOWNLOAD THE FOX NEWS APP 

    Kurt’s key takeaways

    DarkSpectre is a reminder that online threats are getting smarter and quieter. This was not a smash-and-grab attack. It unfolded slowly, over years, and relied on trust most people never think twice about. Koi analysts connected the dots by tracking shared infrastructure across campaigns, but they also warn that some sleeper extensions may still be installed and trusted today. Browser extensions can be helpful, but every extra add-on is another door into your browser. Paying attention, cleaning house now and then, and questioning what you install can make a real difference.

    When was the last time you checked what your browser extensions are really doing behind the scenes? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    Source link