Tag: Security

Malicious Google Chrome extensions hijack accounts
NEWYou can now listen to Fox News articles!

Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome.

Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These extensions impersonate popular human resources and business platforms such as Workday, NetSuite and SAP SuccessFactors. Once installed, they can steal login data and block security controls designed to protect users.

Many people who installed them had no warning signs that anything was wrong.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHY CLICKING THE WRONG COPILOT LINK COULD PUT YOUR DATA AT RISK

Cybersecurity researchers warn that fake Google Chrome extensions are silently hijacking user accounts by stealing login data and bypassing security protections. (Bildquelle/ullstein bild via Getty Images)

The fake Chrome extensions to watch out for

Security researchers from Socket’s Threat Research Team identified five malicious Chrome extensions connected to this campaign. The add-ons were marketed as productivity or security tools, but were designed to hijack accounts.

The extensions include:
- DataByCloud Access
- Tool Access 11
- DataByCloud 1
- DataByCloud 2
- Software Access
We reached out to Google, and a spokesperson told CyberGuy that the extensions are no longer available on the Chrome Web Store. However, some are still available on third-party software download sites, which continues to pose a risk. If you see any of these names installed in your browser, remove them immediately.

Why malicious Chrome extensions look legitimate

These malicious add-ons are designed to look legitimate. They use professional names, polished dashboards and business-focused descriptions. Some claim to offer faster access to workplace tools. Others say they restrict user actions to protect company accounts. Privacy policies often promise that no personal data is collected. For people juggling daily work tasks or managing business accounts, the pitch sounds helpful rather than suspicious.

What these extensions actually do

After installation, the extensions operate silently in the background. They steal session cookies, which are small pieces of data that tell websites you are already logged in. When attackers get these cookies, they can access accounts without a password. At the same time, some extensions block access to security pages. Users may be unable to change passwords, disable accounts or review login history. One extension even allows criminals to insert stolen login sessions into another browser. That lets them sign in instantly as the victim.

Why malicious Chrome extensions are so dangerous

This attack goes beyond stealing credentials. It removes the ability to respond. Security teams may detect unusual activity, but cannot fix it through normal controls. Password changes fail. Account settings disappear. Two-factor authentication tools become unreachable. As a result, attackers can maintain access for long periods without being stopped.

How to check for these extensions on your computer

If you use Google Chrome, review your extensions now. The process only takes a few minutes.
- Open Google Chrome
- Click the three-dot menu in the top right corner
- Select Extensions, then choose Manage Extensions
- Review every extension listed
Look for unfamiliar names, especially those claiming to offer access to HR platforms or business tools.

WEB SKIMMING ATTACKS TARGET MAJOR PAYMENT NETWORKS

Malicious Chrome add-ons disguised as productivity tools targeted users of popular business platforms like Workday, NetSuite and SAP SuccessFactors. (Photo by S3studio/Getty Images)

How to remove suspicious Chrome extensions

If you find one of these extensions, remove it immediately.
- Open Manage Extensions in Chrome
- Find the suspicious extension
- Click Remove
- Confirm when prompted
Restart your browser after removal to ensure the extension is fully disabled. If Chrome sync is enabled, repeat these steps on all synced devices before turning sync back on.

What to do after removing the extension

Removal is only the first step. Change passwords for any accounts accessed while the extension was installed. Use a different browser or device if possible.

A password manager can help you create strong, unique passwords for each account and store them securely. This reduces the risk of reused passwords being exploited again.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

Finally, review account activity for unfamiliar logins, locations or devices and be sure to follow the steps below to stay safe moving forward.

Ways to stay safe going forward

Simple habits can significantly reduce your risk.

1) Limit browser extensions

Only install extensions you truly need. The fewer extensions you use, the smaller your attack surface becomes.

2) Be cautious with add-ons

Avoid extensions that promise premium access or special tools for enterprise platforms. Legitimate companies rarely require browser add-ons for account access.

3) Check permissions carefully

Be wary of extensions that request access to cookies, browsing data or account management. These permissions can be abused to hijack sessions.

4) Review extensions regularly

Check your browser every few months and remove tools you no longer use or recognize.

WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

Several fake browser extensions were removed from the Chrome Web Store after researchers linked them to account takeover attacks. (Photo Illustration by Serene Lee/SOPA Images/LightRocket via Getty Images)

5) Use strong antivirus software

Strong antivirus software can help detect malicious extensions, block suspicious behavior and alert you to browser-based threats before damage occurs.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Consider a data removal service

If your work or personal information has been exposed, a data removal service can help reduce your digital footprint by removing your details from data broker sites. This lowers the risk of follow-up scams or identity misuse.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Avoid third-party download sites

Do not reinstall extensions from third-party websites, even if they claim to offer the same features. These sites often host outdated or malicious versions.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Browser extensions can be useful, but this research shows how easily they can also be abused. These fake Chrome add-ons did not rely on flashy tricks or obvious warnings. They blended in, looked professional and quietly did their damage in the background. The good news is that you do not need to be a tech expert to protect yourself. Taking a few minutes to review your extensions, remove anything unfamiliar and lock down your accounts can make a real difference. Small habits, repeated regularly, go a long way in reducing risk. If there is one takeaway here, it is this: convenience should never come at the cost of security. A clean browser and strong account protections give you back control.

How many browser extensions do you have installed right now that you have never looked at twice? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 26, 2026
Google Fast Pair flaw lets hackers hijack headphones

NEWYou can now listen to Fox News articles!

Google designed Fast Pair to make Bluetooth connections fast and effortless. One tap replaces menus, codes and manual pairing. That convenience now comes with serious risk. Security researchers at KU Leuven uncovered flaws in Google’s Fast Pair protocol that allows silent device takeovers. They named the attack method WhisperPair. An attacker nearby can connect to headphones, earbuds or speakers without the owner knowing. In some cases, the attacker can also track the user’s location. Even more concerning, victims do not need to use Android or own any Google products. iPhone users are also affected.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

APPLE WARNS MILLIONS OF IPHONES ARE EXPOSED TO ATTACK

Fast Pair makes connecting Bluetooth headphones quick, but researchers found that some devices accept new pairings without proper authorization. (Kurt “CyberGuy” Knutsson)

What WhisperPair is and how it hijacks Bluetooth devices

Fast Pair works by broadcasting a device’s identity to nearby phones and computers. That shortcut speeds up pairing. Researchers found that many devices ignore a key rule. They still accept new pairings while already connected. That opens the door to abuse.

Within Bluetooth range, an attacker can silently pair with a device in about 10 to 15 seconds. Once connected, they can interrupt calls, inject audio or activate microphones. The attack does not require specialized hardware and can be carried out using a standard phone, laptop, or low-cost device like a Raspberry Pi. According to the researchers, the attacker effectively becomes the device owner.

Audio brands affected by the Fast Pair vulnerability

The researchers tested 17 Fast Pair compatible devices from major brands, including Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech and Google. Most of these products passed Google certification testing. That detail raises uncomfortable questions about how security checks are performed.

How headphones can become tracking devices

Some affected models create an even bigger privacy issue. Certain Google and Sony devices integrate with Find Hub, which uses nearby devices to estimate location. If a headset has never been linked to a Google account, an attacker can claim it first. That allows continuous tracking of the user’s movements. If the victim later receives a tracking alert, it may appear to reference their own device. That makes the warning easy to dismiss as an error.

GOOGLE NEST STILL SENDS DATA AFTER REMOTE CONTROL CUTOFF, RESEARCHER FINDS

Attacker’s dashboard with location from the Find Hub network. (KU Leuven)

Why many Fast Pair devices may stay vulnerable

There is another problem most users never consider. Headphones and speakers require firmware updates. Those updates usually arrive through brand-specific apps that many people never install. If you never download the app, you never see the update. That means vulnerable devices could remain exposed for months or even years.

The only way to fix this vulnerability is by installing a software update issued by the device manufacturer. While many companies have released patches, updates may not yet be available for every affected model. Users should check directly with the manufacturer to confirm whether a security update exists for their specific device.

Why convenience keeps creating security gaps

Bluetooth itself was not the problem. The flaw lives in the convenience layer built on top of it. Fast Pair prioritized speed over strict ownership enforcement. Researchers argue that pairing should require cryptographic proof of ownership. Without it, convenience features become attack surfaces. Security and ease of use do not have to conflict. But they must be designed together.

Google responds to the Fast Pair WhisperPair security flaws

Google says it has been working with researchers to address the WhisperPair vulnerabilities and began sending recommended patches to headphone manufacturers in early September. Google also confirmed that its own Pixel headphones are now patched.

In a statement to CyberGuy, a Google spokesperson said, “We appreciate collaborating with security researchers through our Vulnerability Rewards Program, which helps keep our users safe. We worked with these researchers to fix these vulnerabilities, and we have not seen evidence of any exploitation outside of this report’s lab setting. As a best security practice, we recommend users check their headphones for the latest firmware updates. We are constantly evaluating and enhancing Fast Pair and Find Hub security.”

Google says the core issue stemmed from some accessory makers not fully following the Fast Pair specification. That specification requires accessories to accept pairing requests only when a user has intentionally placed the device into pairing mode. According to Google, failures to enforce that rule contributed to the audio and microphone risks identified by the researchers.

To reduce the risk going forward, Google says it updated its Fast Pair Validator and certification requirements to explicitly test whether devices properly enforce pairing mode checks. Google also says it provided accessory partners with fixes intended to fully resolve all related issues once applied.

On the location tracking side, Google says it rolled out a server-side fix that prevents accessories from being silently enrolled into the Find Hub network if they have never been paired with an Android device. According to the company, this change addresses the Find Hub tracking risk in that specific scenario across all devices, including Google’s own accessories.

Researchers, however, have raised questions about how quickly patches reach users and how much visibility Google has into real-world abuse that does not involve Google hardware. They also argue that weaknesses in certification allowed flawed implementations to reach the market at scale, suggesting broader systemic issues.

For now, both Google and the researchers agree on one key point. Users must install manufacturer firmware updates to be protected, and availability may vary by device and brand.

SMART HOME HACKING FEARS: WHAT’S REAL AND WHAT’S HYPE

Unwanted tracking notification showing the victim’s own device. (KU Leuven)

How to reduce your risk right now

You cannot disable Fast Pair entirely, but you can lower your exposure.

1) Check if your device is affected

If you use a Bluetooth accessory that supports Google Fast Pair, including wireless earbuds, headphones or speakers, you may be affected. The researchers created a public lookup tool that lets you search for your specific device model and see whether it is vulnerable. Checking your device is a simple first step before deciding what actions to take. Visit whisperpair.eu/vulnerable-devices to see if your device is on the list.

2) Update your audio devices

Install the official app from your headphone or speaker manufacturer. Check for firmware updates and apply them promptly.

3) Avoid pairing in public places

Pair new devices in private spaces. Avoid pairing in airports, cafés or gyms where strangers are nearby.

4) Factory reset if something feels off

Unexpected audio interruptions, strange sounds or dropped connections are warning signs. A factory reset can remove unauthorized pairings, but it does not fix the underlying vulnerability. A firmware update is still required.

5) Turn off Bluetooth when not needed

Bluetooth only needs to be on during active use. Turning off Bluetooth when not in use limits exposure, but it does not eliminate the underlying risk if the device remains unpatched.

6) Reset secondhand devices

Always factory reset used headphones or speakers before pairing them. This removes hidden links and account associations.

7) Take tracking alerts seriously

Investigate Find Hub or Apple tracking alerts, even if they appear to reference your own device.

8) Keep your phone updated

Install operating system updates promptly. Platform patches can block exploit paths even when accessories lag behind.

Kurt’s key takeaways

WhisperPair shows how small shortcuts can lead to large privacy failures. Headphones feel harmless. Yet they contain microphones, radios and software that need care and updates. Ignoring them leaves a blind spot that attackers are happy to exploit. Staying secure now means paying attention to the devices you once took for granted.

Should companies be allowed to prioritize fast pairing over cryptographic proof of device ownership? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 25, 2026
Web skimming attacks target major payment networks
NEWYou can now listen to Fox News articles!

Online shopping feels familiar and fast, but a hidden threat continues to operate behind the scenes.

Researchers are tracking a long-running web skimming campaign that targets businesses connected to major payment networks. Web skimming is a technique where criminals secretly add malicious code to checkout pages so they can steal payment details as shoppers type them in.

These attacks work quietly inside the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized charges appear on their statements.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

Web skimming attacks hide inside checkout pages and steal card details as shoppers type them in. (Kurt “CyberGuy” Knutsson)

What Magecart is and why it matters

Magecart is the name researchers use for groups that specialize in web-skimming attacks. These attacks focus on online stores where shoppers enter payment details during checkout. Instead of hacking banks or card networks directly, attackers slip malicious code into a store’s checkout page. That code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons and payment processing.

In Magecart attacks, criminals abuse that same code to secretly copy card numbers, expiration dates, security codes and billing details as shoppers type them in. The checkout still works, and the purchase goes through, so there is no obvious warning sign. Magecart originally described attacks against Magento-based online stores. Today, the term applies to web-skimming campaigns across many e-commerce platforms and payment systems.

Which payment providers are being targeted?

Researchers say this campaign targets merchants tied to several major payment networks, including:
- American Express
- Diners Club
- Discover, a subsidiary of Capital One
- JCB Co., Ltd.
- Mastercard
- UnionPay
Large enterprises that rely on these payment providers face a higher risk due to complex websites and third-party integrations.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Criminals use hidden code to copy payment data while the purchase still goes through normally. (Kurt “CyberGuy” Knutsson)

How attackers slip skimmers into checkout pages

Attackers usually enter through weak points that are easy to overlook. Common entry paths include vulnerable third-party scripts, outdated plugins and unpatched content management systems. Once inside, they inject JavaScript directly into the checkout flow. The skimmer monitors form fields tied to card data and personal details, then quietly sends that information to attacker-controlled servers.

Why web skimming attacks are hard to detect

To avoid detection, the malicious JavaScript is heavily obfuscated. Some versions can remove themselves when they detect an admin session, which makes inspections appear clean. Researchers also found the campaign uses bulletproof hosting. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web skimmers run inside the browser, they can bypass many server-side fraud controls used by merchants and payment providers.

Who Magecart web skimming attacks affect most

Magecart campaigns impact three groups at the same time:
- Shoppers who unknowingly give up card data
- Merchants whose checkout pages are compromised
- Payment providers that detect fraud after the damage is done
This shared exposure makes detection slower and response more difficult.

NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

Simple protections like virtual cards and transaction alerts can limit damage and expose fraud faster. (Kurt “CyberGuy” Knutsson)

How to stay safe as a shopper

While shoppers cannot fix compromised checkout pages, a few smart habits can reduce exposure, limit how stolen data is used, and help catch fraud faster.

1) Use virtual or single-use cards

Virtual and single-use cards are digital card numbers that link to your real credit or debit account without exposing the actual number. They work like a normal card at checkout, but add an extra layer of protection. Most people already have access to them through services they use every day, including:

Major banks and credit card issuers that offer virtual card numbers inside their apps

Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.

Some payment apps and browser tools that create one-time or merchant-locked card numbers

A single-use card typically works for one purchase or expires shortly after use. A virtual card can stay active for one store and be paused or deleted later. If a web skimming attack captures one of these numbers, attackers usually cannot reuse it elsewhere or run up repeat charges, which limits financial damage and makes fraud easier to stop.

2) Turn on transaction alerts

Transaction alerts notify you the moment your card is used, even for small purchases. If web skimming leads to fraud, these alerts can expose unauthorized charges quickly and give you a chance to freeze the card before losses grow. For example, a $2 test charge on your card can signal fraud before larger purchases appear.

3) Lock down financial accounts

Use strong, unique passwords for banking and card portals to reduce the risk of account takeover. A password manager helps generate and store them securely.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Install strong antivirus software

Strong antivirus software can block connections to malicious domains used to collect skimmed data and warn you about unsafe websites.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Use a data removal service

Data removal services can reduce how much personal information is exposed online, making it harder for criminals to pair stolen card data with full identity details.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Watch for unexpected card activity

Review statements regularly, even for small charges, since attackers often test stolen cards with low-value transactions.

Kurt’s key takeaways

Magecart web skimming shows how attackers can exploit trusted checkout pages without disrupting the shopping experience. While consumers cannot fix compromised sites, simple safeguards can reduce risk and help catch fraud early. Online payments rely on trust, but this campaign shows why that trust should always be paired with caution.

Does knowing how web skimming works make you rethink how safe online checkout really is? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 22, 2026
FBI warns QR code phishing used in North Korean cyber spying

NEWYou can now listen to Fox News articles!

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools.

According to the bureau, a North Korean government-sponsored hacking group is using a tactic known as quishing to target people in the United States.

The goal is simple. Trick you into scanning a QR code that sends you to a malicious website. From there, attackers can steal login credentials, install malware or quietly collect device data.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

The FBI is warning Americans about a growing cyber threat that uses QR codes to steal data and spy on victims, tying the attacks to a North Korean hacking group. (Photo by Kevin Carter/Getty Images)

What quishing is and why it works

Quishing is short for QR code phishing. Instead of clicking a suspicious link in an email, the victim scans a QR code that hides the real destination. QR codes themselves are harmless. The danger lies in the link embedded inside them. Once scanned, the link can redirect users to fake login pages, malware downloads or tracking sites. Because QR codes feel familiar and fast, many people scan them without thinking twice. That split second of trust is exactly what attackers rely on.

Who is behind the attacks

The FBI says the activity is tied to a hacking group known as Kimsuky. The group has operated for years as a cyber espionage arm for North Korea. What is new is the delivery method. According to the FBI, the QR code-based attacks began in May 2025. In one example, attackers posed as a foreign policy advisor and emailed a think tank leader with a QR code that linked to a fake questionnaire. Scanning the code sent the victim to a malicious site designed to harvest information.

What happens after you scan the QR code

Once a victim lands on one of these sites, several things can happen. Some pages prompt users to download files that contain malware. Others mimic mobile login portals for popular services such as Okta, Microsoft 365 or VPN services. Even if no form is filled out, the site can still collect device details. That includes IP address, operating system, browser type and approximate location. Over time, that data helps attackers build intelligence profiles on their targets.

Why QR code phishing attacks are highly targeted

The FBI describes these campaigns as spear phishing rather than mass spam. That means the emails are crafted for specific individuals. The language context and sender details are tailored to look relevant and credible. When an email feels personal, people are more likely to trust it. That is why these attacks are especially dangerous for professionals, researchers, executives and anyone working in policy or technology.

Why QR code phishing threats are growing

QR codes are everywhere now. Restaurants, parking meters, event tickets and ads all rely on them. As their use grows, so does the opportunity for abuse. Attackers know people are conditioned to scan without hesitation. That makes caution more important than ever.

Ways to stay safe from QR code phishing

The FBI says one of the best defenses against quishing is slowing down. QR codes remove the visual clues people rely on, so a few extra checks can make a big difference.

1) Be cautious with unexpected QR codes

Treat QR codes like links in emails. If you did not expect it, do not scan it. QR codes sent by email, text or messaging apps are a common entry point for quishing attacks. Criminals rely on curiosity and urgency to push you into scanning without thinking.

2) Verify the source before scanning

Always confirm who sent the QR code. If a message claims to come from a coworker, vendor or organization, reach out through a separate channel before scanning. A quick call or direct message can stop a phishing attempt cold.

JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

Federal investigators say hackers are using “quishing,” or QR code phishing, to lure victims to malicious websites that steal credentials and device data. (Jens Schlueter/Getty Images)

3) Never enter logins after scanning a QR code

QR code phishing often leads to fake mobile login pages. Attackers mimic sign-in screens for email, VPNs and cloud services to steal usernames and passwords. If a QR code takes you to a login page, close it and visit the site manually instead.

4) Inspect the website URL carefully

Once a QR code opens a page, check the address bar. Look for misspellings, extra words or unfamiliar domain endings. A strange URL is often the only warning sign that the site is malicious.

5) Use strong antivirus software for QR-based threats

Strong antivirus software adds an extra layer of protection against quishing. Security tools can block known phishing sites, stop malicious downloads and warn you before harmful pages load. This is especially important on mobile devices, where QR codes are most often scanned.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Use a data removal service to limit exposure

Some quishing sites collect device and location data even if you do nothing. A data removal service helps reduce how much personal information is publicly available online. That makes it harder for attackers to target you with convincing spear phishing emails that include QR codes.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Avoid QR code downloads entirely

Do not download files from QR code links unless you are absolutely certain they are safe. Malware delivered through QR codes can quietly install spyware or remote access tools without obvious warning signs.

INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT

A North Korea-linked cyber group is targeting U.S. professionals by embedding harmful links inside seemingly harmless QR codes, according to the FBI. (Jaap Arriens/NurPhoto via Getty Images)

Kurt’s key takeaways

QR codes are convenient, but convenience can lower defenses. As this FBI warning shows, attackers are evolving and using familiar tools in dangerous ways. A moment of verification can prevent weeks or months of damage.

When was the last time you stopped to question a QR code before scanning it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 21, 2026
Illinois DHS data breach exposes 700K residents’ records

NEWYou can now listen to Fox News articles!

Illinois residents are once again being reminded how fragile government data systems can be. The Illinois Department of Human Services has confirmed a data breach that exposed sensitive records belonging to roughly 700,000 people.

The breach is believed to have exposed two distinct sets of records. One is personal and program-related data tied to more than 672,000 Medicaid and Medicare Savings Program recipients, including addresses, case numbers, demographic details and medical assistance plan names, and another 32,000 Division of Rehabilitation Services customers whose names, addresses, case details and referral information were also exposed over multiple years.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

The Illinois Department of Human Services confirmed a data breach that exposed sensitive records tied to roughly 700,000 residents, including Medicaid and disability services recipients. (Jakub Porzycki/NurPhoto via Getty Images)

What happened in the Illinois DHS data breach

As spotted by Bleeping Computer, the Illinois Department of Human Services disclosed that unauthorized access to one of its systems led to the exposure of records tied to approximately 700,000 Illinois residents. The affected data was connected to individuals who interacted with DHS programs, which can include benefits, assistance services and support programs across the state.

According to the agency, the breach involved personally identifiable information. While officials have not publicly released every technical detail, DHS confirmed that sensitive records were accessed, prompting notifications to impacted individuals. As is typical in cases like this, the investigation is ongoing, and the full scope of how the intrusion occurred is still being reviewed.

For residents, the key issue is not just that data was accessed, but the type of data DHS holds. Government agencies like DHS often store names, addresses, dates of birth, case numbers and, in some instances, Social Security numbers or benefits-related information. Once that data escapes, it can be misused in ways that last for years.

Why breaches like this are especially risky

When a private company is breached, you can often change a password or close an account. Government data is different. You can’t change your Social Security number easily. You can’t erase past interactions with public assistance programs. That makes breaches involving state agencies particularly dangerous.

Exposed records can be used for identity theft, fraudulent benefit claims, phishing scams and long-term impersonation. Criminals often combine government data with information from other breaches to build detailed profiles that make scams far more convincing. Even if there’s no immediate misuse, stolen data frequently resurfaces months or years later.

As with many large breaches, DHS has stated that it is taking steps to secure its systems and prevent similar incidents in the future. That’s an expected response. But for affected residents, the burden of protection now shifts largely to you.

We reached out to the Illinois Department of Human Services for comment, but did not receive a response before our deadline.

JANUARY SCAMS SURGE: WHY FRAUD SPIKES AT THE START OF THE YEAR

Personal information from Illinois DHS programs was accessed without authorization, raising concerns about long-term identity theft and fraud risks. (Philip Dulian/picture alliance via Getty Images)

7 steps you can take to stay safe after the Illinois DHS breach

If you received a notification from Illinois DHS, or if you’ve ever interacted with DHS programs, these steps can help reduce your risk.

1) Enroll in identity theft protection if it’s offered

If DHS provides free identity monitoring or credit protection, sign up. These services can alert you to suspicious activity involving your Social Security number or credit file before the damage spreads. Beyond basic monitoring, full identity theft services can help with recovery, paperwork and financial reimbursement if fraud occurs. This can be especially useful after large-scale government breaches.

Identity Theft companies can monitor personal information like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

2) Use a password manager immediately

A password manager helps you create and store strong, unique passwords for every account. If your personal data is leaked, attackers often try the same credentials across multiple services. Unique passwords stop one breach from turning into many.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

3) Run strong antivirus software on your devices

Strong antivirus tools do more than scan files. They monitor suspicious behavior, phishing attempts and malicious links that often follow large data breaches. This matters because breach victims are frequently targeted with follow-up scams.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Place a fraud alert or credit freeze on your credit file

A fraud alert tells lenders to verify your identity before opening new accounts. A credit freeze goes further by blocking new credit entirely unless you lift it. If Social Security numbers were exposed, a freeze is often the safest option.

5) Use a personal data removal service

Once your information leaks, it often spreads to data broker sites that sell personal details. Personal data removal services work to request takedowns and reduce how much of your information is publicly available. While they can’t erase everything, they significantly lower your exposure.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Watch for phishing and impersonation scams

After breaches involving government agencies, scammers often pretend to be state officials, benefits offices, or support hotlines. Don’t click links or share information unless you independently verify the source through official websites or phone numbers.

7) Review your credit reports regularly

You’re entitled to free credit reports from major credit bureaus. Check them for unfamiliar accounts, inquiries or address changes. Early detection makes identity theft far easier to contain.

COVENANT HEALTH DATA BREACH AFFECTS NEARLY 500,000 PATIENTS

State officials say the breach involved Medicaid, Medicare Savings Program and rehabilitation services records spanning multiple years. (Silas Stein/picture alliance via Getty Images)

Kurt’s key takeaway

Even government agencies are not immune to large-scale security failures. When nearly 700,000 residents are affected, the impact goes far beyond a single system or department. While DHS works through its investigation, protecting your identity now depends largely on the steps you take next. Acting early, layering protections and staying vigilant can make the difference between a breach being an inconvenience or a long-term nightmare.

Do you trust state agencies to protect your personal data? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 20, 2026
Apple warns millions of iPhones are exposed to attack
NEWYou can now listen to Fox News articles!

The Apple iPhone is the most popular smartphone in the United States and one of the most widely used devices in the world. An estimated 1.6 billion people rely on iPhones every day. That massive user base also makes the platform a prime target.

Over the past few weeks, Apple has been sending out warnings about a serious security flaw. New data suggests the risk could affect roughly half of all iPhone users.

That puts hundreds of millions of devices in potential danger right now.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

Apple is warning iPhone users about a serious Safari security flaw that could leave hundreds of millions of devices vulnerable if updates are delayed. (Thomas Trutschel/Photothek via Getty Images)

What Apple discovered in Safari and WebKit

Late last month, Apple confirmed two critical vulnerabilities in WebKit. WebKit powers Safari and every browser that runs on iOS. According to Apple, the flaws were used in an extremely sophisticated attack that targeted specific individuals. The problem allowed malicious websites to trick iPhones and iPads into running harmful code. Once that happens, attackers could gain control of the device, steal passwords or access payment information. In simple terms, visiting the wrong website could have been enough.

Why millions of iPhones are still exposed

Apple moved quickly to release a fix. The patch is included in the latest software update. The problem is that many people have not installed it yet. Estimates suggest that about 50 percent of eligible users have not upgraded from iOS 18 to iOS 26. That would leave around 800 million devices vulnerable worldwide. Data from StatCounter paints an even worse picture. It estimates that only 20 percent of users have updated so far. Once security details become public, the risk grows fast. Attackers know exactly what to exploit.

iPhone and iPad models at the highest risk

Apple says the following devices are affected if they are not updated:
- iPhone 11 and later
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 8th generation and later
- iPad mini 5th generation and later
If your device appears on this list and you have not updated it, it is vulnerable.

INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT

New data suggests nearly half of all iPhone users worldwide may still be exposed to a critical WebKit exploit Apple says was actively used in attacks. (Jakub Porzycki/NurPhoto via Getty Images)

Why upgrading is the only real protection

There is no setting to flip and no safe browsing habit that fixes this issue. The vulnerability lives deep inside the browser engine. Security experts say there is no workaround or user behavior that meaningfully reduces the risk. Installing the latest software is the only effective defense. Apple is no longer offering a security-only update for users who want to stay on iOS 18. Unless your device cannot run iOS 26, the fix is only available through iOS 26.2 and iPadOS 26.2.

Steps to update your iPhone or iPad now

Updating is quick and usually painless. If automatic updates are enabled, the fix may already be installed.

If not, follow these steps:
- Open the Settings app on iPhone
- Tap General
- Select Software Update
- Download and install iOS 26.2 or iPadOS 26.2 or later
Make sure your device is connected to Wi-Fi and has enough battery life or is plugged in.

Pro tip: Use strong antivirus software

Keeping your iPhone updated is critical, but it should not be your only line of defense. Strong antivirus software adds another layer of protection by scanning malicious links, blocking risky websites and alerting you to suspicious activity before damage is done.

This matters even more when attacks rely on compromised websites or hidden browser exploits. Security software can help catch threats that slip through and give you extra visibility into what is happening on your device.

Think of it as backup protection. Software updates close known holes, while strong antivirus tools help guard against the next one.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

FAKE ERROR POPUPS ARE SPREADING MALWARE FAST

Apple says malicious websites could exploit a Safari flaw to steal passwords or payment information from unpatched iPhones and iPads. (David Paul Morris/Bloomberg via Getty Images)

Kurt’s key takeaways

Apple rarely uses language like “extremely sophisticated” unless the threat is serious. This flaw shows how even trusted browsers can become attack paths when updates are delayed. Waiting weeks or months to update now carries real consequences. If you use your iPhone for banking, shopping or work, this update should be treated as urgent.

How long do you usually wait before installing major iPhone updates, and is that delay worth the risk anymore? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 19, 2026
Arlo Europe launches Ultra 3 and Pro 6 Security Cameras – Tech Digest
Share

Arlo Ultra 3

Arlo Europe has announced the launch of two new security cameras, the Ultra 3 and the Pro 6.

These devices are designed to integrate with the Arlo Secure Early Warning System, an AI-powered platform that uses real-time recognition to identify potential threats.

The Arlo Ultra 3 serves as the brand’s flagship model, featuring 4K HDR video and a 180-degree field of view. It uses a SmartHub connection to manage data transmission and local storage.

The camera’s AI is capable of identifying specific subjects, including people, vehicles, animals, packages, and fire. Users can also use custom detection settings to prioritize specific types of alerts.

According to Adrienne Sharkey-Perves, Managing Director at Arlo Europe, the focus of these releases is on proactive monitoring. “Our Early Warning System gives users something no other brand can: a DIY home security camera system with smarter AI that learns, adapts, and acts faster,” Sharkey-Perves stated.

The Arlo Pro 6 offers 2K+ HDR video and utilizes a 12-bit color sensor. This sensor is designed to improve color accuracy for night vision, assisting in the identification of faces, clothing, and vehicles in low-light conditions. The Pro 6 includes 12x zoom with an auto-tracking feature that follows movement within its 160-degree field of view.

Both cameras include a built-in spotlight and siren to act as visible deterrents. They support two-way audio, allowing users to communicate with visitors through the Arlo app.

The systems are engineered for outdoor use with weather-resistant housings and with different power options, including USB-C charging and removable batteries for the Pro 6.

Addressing the importance of visual data, Sharkey-Perves noted that “color accuracy adds another critical layer—it can mean the difference between identifying a suspect or missing a vital detail.” Both models are available starting today (January 19, 2026) via Arlo’s website and major retailers.

Arlo Ultra 3 Specifications:
- Video Quality: 4K HDR video
- Field of View: 180-degree wide angle
- Connectivity: Arlo SmartHub required
- AI Detection: People, vehicles, animals, packages, fire, and custom events
- Night Vision: Color night vision
- Security Features: Built-in spotlight, siren, and two-way audio
- Retail Price: From £529.99/€599.99 for a 2-camera kit
Arlo Pro 6 Specifications:
- Video Quality: 2K+ HDR video
- Color Sensor: 12-bit sensor for improved color accuracy
- Field of View: 160-degree wide-angle
- Zoom: 12x zoom with auto-tracking
- Night Vision: Advanced color night vision
- Security Features: Built-in spotlight, siren, and two-way audio
- Power: USB-C charging with optional removable battery
- Retail Price: £169.99/€199.99 for a single camera kit
For latest tech stories go to TechDigest.tv

Like this:

Like Loading…

Related Posts

Discover more from Tech Digest

Subscribe to get the latest posts sent to your email.
Chris Price

Source link
January 19, 2026
January scams surge: Why fraud spikes at the start of the year
NEWYou can now listen to Fox News articles!

Every January, I hear from people who say the same thing: “I just got an email that looked official, and I almost fell for it.” That’s not a coincidence. January is one of the busiest months of the year for scammers. While most of us are focused on taxes, benefits, subscriptions, and getting our finances in order, criminals are doing their own kind of cleanup, refreshing scam lists and going after people with newly updated personal data. If you’ve ever received a message claiming your account needs to be “verified,” your benefits are at risk, or your tax information is incomplete, this article is for you.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

Scam messages often look urgent and official, pushing you to act before you have time to think. That pressure is exactly what criminals rely on. (Kurt “CyberGuy” Knutsson)

Why January is prime time for scammers

January is when scammers have everything they need. According to YouMail’s Robocall Index, U.S. consumers received just over 4.7 billion robocalls in January 2025, a roughly 9% increase from December 2024. This year, we can expect the same pattern from scammers.

They know:

But the biggest reason scams spike now? Your personal data is easier to find than you think. Data brokers quietly collect and update profiles year after year. By January, those profiles are often more complete than ever, and scammers know it.

The “account verification” scam you’ll see everywhere

One of the most common January scams looks harmless at first. You get a message saying:
- “Your Social Security account needs verification”
- “Your Medicare information has to be updated”
- “Your benefits could be delayed without action”
The message sounds official. Sometimes it even uses your real name or location. That’s where people get tricked. Government agencies don’t ask for sensitive information through random emails or texts. Scammers rely on urgency and familiarity to push you into reacting before thinking.

My rule: If you didn’t initiate the request, don’t respond to it. Always go directly to the agency’s official website or phone number, never through a link sent to you.

MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

January is a prime time for fraud because people are dealing with taxes, benefits and account updates. Scammers know these messages feel expected and familiar. (Kurt “CyberGuy” Knutsson)

Fake tax and benefits notices ramp up in January

Another favorite scam this time of year involves taxes and refunds.

You may see:
- Emails claiming you owe back taxes
- Messages saying you’re due a refund
- Notices asking you to “confirm” banking information.
These scams work because they arrive at exactly the moment people expect to hear from tax agencies or benefits programs.

Scammers don’t need much to sound convincing. A name, an email address or an old address is often enough. If you get a tax-related message out of the blue, slow down. Real agencies don’t pressure you to act immediately.

Subscription “problems” that aren’t real

January is also when subscription scams explode. Fake messages claim:

Scammers know most people have subscriptions, so they play the odds. Instead of clicking, open the app or website directly. If there’s a real problem, you’ll see it there.

Why these scams feel so personal

People often tell me, “But they used my name, how did they know?” Here’s the uncomfortable truth: They probably bought it. Data brokers compile massive profiles that include:
- Address histories
- Phone numbers and emails
- Family connections
- Shopping behavior.
That data is sold, shared and leaked. Once scammers have it, they can tailor messages that feel real, because they’re built on real information.

10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

The more personal data scammers have, the more convincing their messages become. Removing your information from data broker sites can help reduce targeted scams over time. (Kurt “CyberGuy” Knutsson)

What you should do right now

Before January gets any busier, take these steps to reduce your exposure to scams and fraud:

1) Remove your personal data from broker sites

Deleting emails or blocking numbers helps, but it does not stop scams at the source. Scammers rely on data broker sites that quietly collect, update and sell your personal information. Removing your data from those sites reduces scam calls, phishing emails and targeted texts over time. It also makes it harder for criminals to personalize messages using your real name, address or family connections. You have two ways to do this:

Do it yourself:

You can visit individual data broker websites, search for your profile and submit opt-out requests.This method works, but it takes time. Each site has its own rules, identity verification steps, and response timelines. Many brokers also re-add data later, which means you have to repeat the process regularly.

Use a data removal service:

A data removal service automates the opt-out process by contacting hundreds of data brokers on your behalf and monitoring for re-listings. This option saves time and provides ongoing protection, especially if you want long-term results without constant follow-ups.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

2) Don’t click links in unexpected messages

If you did not initiate the request, do not click. Scam messages are designed to create urgency, especially around taxes, benefits and account issues. Instead, go directly to the official website by typing the address yourself or using a saved bookmark. This single habit prevents most phishing attacks.

3) Turn on two-factor authentication wherever possible

Two-factor authentication (2FA) adds a critical second layer of protection. Even if someone gets your password, they still cannot access your account without the second verification code. Start with email, financial accounts, social media and government services.

4) Check accounts only through official apps or websites

If you receive a warning about an account problem, do not trust the message itself. Open the official app or website, and check there. If something is wrong, you will see it immediately. If not, you just avoided a scam.

5) Watch for account alerts and login activity

Enable login alerts and security notifications on important accounts. These alerts can warn you if someone tries to sign in from a new device or location. Early warnings give you time to act before real damage occurs.

6) Use strong, unique passwords and a password manager

Reusing passwords makes it easy for scammers to take over multiple accounts at once. If one service is compromised, attackers try the same login on email, banking, and social media accounts. A password manager helps you create and store strong, unique passwords for every account without needing to remember them. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

January scams aren’t random. They’re targeted, timed and fueled by personal data that shouldn’t be public in the first place. The longer your information stays online, the easier it is for scammers to use it against you. If you want a quieter inbox, fewer scam calls and less risk this year, take action early, before criminals finish rebuilding their lists. Protect your data now, and you’ll be safer all year long.

Have you noticed more scam emails, texts or calls since the new year started? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report. Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 16, 2026
5 simple tech tips to improve digital privacy
NEWYou can now listen to Fox News articles!

Protecting your privacy doesn’t require advanced tools or technical expertise. Some of the most effective protections are already built into your phone; you just need to know where to look.

These five privacy tips show you exactly how to reduce tracking and limit data sharing on both iPhone and Android using the latest software.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

Smartphone users can boost privacy by adjusting built-in settings that limit tracking, location sharing and background data collection on iPhone and Android devices. (Neil Godwin/Future via Getty Images)

1) Reduce app permissions

Apps often request access to your camera, microphone, contacts, photos and location, even when it’s not necessary. Limiting these permissions reduces background data collection.

iPhone
- Open Settings
- Tap Privacy & Security
- Select a permission type such as Microphone, Camera, Photos or Contacts
- Toggle off access for apps that don’t need it
Android

Settings may vary depending on your Android phone’s manufacturer
- Open Settings
- Tap Security and Privacy
- Scroll down and tap More privacy settings or Privacy controls
- Tap Permission Manager
- Choose a permission category and set apps to Don’t allow or Allow only while using the app
2) Turn off location access you don’t need

Location tracking can reveal where you live, work, shop and travel.

iPhone
- Open Settings
- Tap Privacy & Security
- Tap Location Services
- Select an app and choose While Using the App or Never
- Turn off Precise Location when exact coordinates aren’t needed
Android

Settings may vary depending on your Android phone’s manufacturer
- Open Settings
- Tap Location
- Tap App location permissions or App permissions
- Scroll through the list and tap the app you want to change
- Select Allow only while using the app or Don’t allow
3) Turn off photo sharing with apps

Some apps request full access to your photo library, giving them visibility into every image and video you’ve taken.

iPhone
- Open Settings
- Tap Privacy & Security
- Tap Photos
- Select an app and choose Selected Photos or None
Android

Settings may vary depending on your Android phone’s manufacturer
- Open Settings
- Tap Security and Privacy
- Scroll down and tap More privacy settings or Privacy controls
- Tap Permission Manager
- Tap Photos and videos
- Scroll through the list and tap the app you want to change
- Set apps to Don’t allow, or Allow limited access
5 TECH TERMS THAT SHAPE YOUR ONLINE PRIVACY

Turning off unnecessary app permissions and tracking features helps protect sensitive information stored on your phone. (Sebastian Kahnert/picture alliance via Getty Images)

4) Turn off app tracking

App tracking allows advertisers to follow your activity across multiple apps.

iPhone
- Open Settings
- Tap Privacy & Security
- Tap Tracking
- Turn off Allow Apps to Request to Track
Android

Settings may vary depending on your Android phone’s manufacturer
- Open Settings
- Tap Security & privacy
- Scroll down and tap More privacy settings
- Tap Ads
- Tap Delete advertising ID to remove the existing ID tied to your device
- Tap Reset advertising ID to generate a new, blank ID
This removes the identifier apps use to track you for targeted ads and replaces it with a fresh ID that isn’t linked to your previous activity.

5) Turn off unnecessary background app activity

Some apps continue running and collecting data even when you’re not actively using them.

iPhone
- Open Settings
- Tap General
- Tap Background App Refresh
- Turn it off entirely or disable it for individual apps
Android

Settings may vary depending on your Android phone’s manufacturer
- Open Settings
- Tap Apps
- Select an app
- Tap Battery
- Choose Restricted or turn off Allow background usage
Pro tip: Use a password manager

A password manager reduces the need to store logins inside apps, which can limit unnecessary permissions and data collection.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE

Privacy experts say small changes to phone settings can go a long way in reducing digital surveillance and data exposure. (Karl-Josef Hildenbrand/Picture Alliance via Getty Images)

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

Kurt’s key takeaways

Protecting your privacy doesn’t have to be complicated. By reducing app permissions, limiting location access, controlling photo sharing, turning off app tracking and restricting background activity, you can significantly reduce how much personal data your phone shares. A few simple setting changes can go a long way in protecting your digital life.

What privacy setting surprised you the most, or is there one you’re unsure about? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 13, 2026
Teen hackers recruited through fake job ads

NEWYou can now listen to Fox News articles!

At first glance, the job posts look completely harmless. They promise fast money, flexible hours and paid training. No experience required. Payment comes in crypto. But these are not tutoring gigs or customer service roles. They are recruiting ads for ransomware operations.

And many of the people responding are middle and high school students. Some posts openly say they prefer inexperienced workers. Others quietly prioritize young women. All of them promise big payouts for “successful calls.”

What they leave out is the risk. Federal charges. Prison time. Permanent records. This underground ecosystem goes by a familiar name. Insiders often refer to it as “The Com,” short for “The Community.”

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

Fake job ads promising fast cash and flexible hours are quietly recruiting teens into ransomware and extortion schemes, often paying in cryptocurrency to hide criminal activity. (Donato Fasano/Getty Images)

How The Com operates behind the scenes

The Com is not a single organized gang. It functions as a loose network of groups that regularly change names and members. Well-known offshoots tied to this ecosystem include Scattered Spider, Lapsus$, ShinyHunters and related splinter crews. Some groups focus on data theft. Others specialize in phishing or extortion. Collaboration happens when it benefits the operation.

Since 2022, these networks have targeted more than 100 major companies in the U.S. and UK. Victims include well-known brands across retail, telecom, finance, fashion and media, including companies such as T-Mobile, Nike and Instacart. The combined market value of affected companies exceeds one trillion dollars.

Teenagers often take on the riskiest roles within these schemes. Phone calls, access testing and social engineering scripts typically fall to younger participants. More experienced criminals remain in the background, limiting their exposure.

That structure mirrors what identity and fraud experts are seeing across the industry. Ricardo Amper, founder and CEO of Incode Technologies, a digital identity verification company, says fake job ads are effective because they borrow trust from a familiar social contract.

“A job post feels structured, normal and safe, even when the actual behavior being requested is anything but,” Amper said. “A job posting implies a real process – a role, a manager, training and a paycheck. That’s exactly why it works. It lowers skepticism and makes risky requests feel like normal onboarding.”

Amper notes that what’s changed is not just the scale of recruitment, but how criminals package it. “Serious crime is now being sold as ‘work.’”

Why teens excel at social engineering attacks

Teenagers bring a unique mix of skills that make them highly convincing. Fluent English and comfort with modern workplace technology help them sound legitimate. Familiarity with tools like Slack, ticketing systems and cloud platforms makes impersonation easier.

According to Amper, teens don’t need technical expertise to get pulled in. “The on-ramp is usually social, a Discord server, a DM, a ‘quick gig,’” he said. “It can feel like trolling culture, but the targets are real companies and the consequences are real people.”

Risk awareness is often lower. Conversations frequently take place in public chats, where tactics and mistakes are shared quickly. That visibility accelerates learning and increases the likelihood of detection and arrest.

Gaming culture feeds the pipeline

For many teens, it starts small. Pranks in online games turn into account takeovers. Username theft becomes crypto theft. Skills escalate. So do the stakes.

Recruitment often begins in gaming spaces where fast learning and confidence are rewarded. Grooming is common. Sextortion sometimes appears. By the time real money enters the picture, legal consequences feel distant.

Amper compares the progression to gaming itself. “These crews package crime as a ladder,” he said. “Join the group, do small tasks, level up, get paid, get status.”

Why young women are being targeted

Cybercrime remains male-dominated, but recruiters adapt. Young women are increasingly recruited for phone-based attacks. Some use AI tools to alter accents or tone. Others rely on stereotypes. Distress lowers suspicion faster than authority. Researchers say women often succeed because they are underestimated. That same dynamic puts them at risk inside these groups. Leadership remains overwhelmingly male. Girls often perform low-level work. Training stays minimal. Exploitation is frequent.

Red flags that signal fake job scams and ransomware recruitment

These warning signs show up repeatedly in cases involving teen hackers, social engineering crews and ransomware groups.

Crypto-only pay is a major warning sign

Legitimate employers do not pay workers exclusively in cryptocurrency. Crypto-only pay makes transactions hard to trace and protects criminals, not workers.

Per-call or per-task payouts should raise concern

Promises of hundreds of dollars for a single call or quick task often point to illegal activity. Real jobs pay hourly or a salary with documentation.

Recruitment through Telegram or Discord is a red flag

Criminal groups rely on private messaging apps to avoid oversight. Established companies do not recruit employees through gaming chats or encrypted DMs.

Anonymous mentors and vague training are dangerous

Being “trained from scratch” by unnamed individuals is common in ransomware pipelines. These mentors disappear when arrests happen.

Secrecy requests signal manipulation

Any job that asks teens to hide work from parents or employees to hide tasks from employers is crossing a line. Secrecy protects the recruiter, not the recruit.

Amper offers a simple rule of thumb: “If a ‘job’ asks you to pretend to be someone else, obtain access, move money, or share sensitive identifiers before you’ve verified the employer, you’re not in a hiring process. You’re in a crime pipeline.”

He adds that legitimate employers collect sensitive information only after a real offer, through verified HR systems. “The scam version flips the order,” he said. “It asks for the most sensitive details first, before anything is independently verifiable.”

Urgency and emotional pressure are deliberate tactics

Rushing decisions or creating fear lowers judgment. Social engineering depends on speed and emotional reactions.

If you see more than one of these signs, pause immediately. Walking away early can prevent serious legal consequences later.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

Cybercrime recruiters are targeting middle and high school students for risky roles like social engineering calls, exposing them to federal charges and prison time. (Philip Dulian/picture alliance via Getty Images)

Law enforcement is cracking down on teen cybercrime

Since 2024, government indictments and international arrests have shown cybercriminal groups tied to The Com and Scattered Spider are under increasing scrutiny from law enforcement. In Sept. 2025, U.S. prosecutors unsealed a Department of Justice complaint against 19-year-old Thalha Jubair, accusing him of orchestrating at least 120 ransomware and extortion attacks that brought in over $115 million in ransom payments from 47 U.S. companies and organizations, including federal court networks. Prosecutors charged Jubair with computer fraud, wire fraud and money laundering conspiracy.

Across the Atlantic, British authorities charged Jubair and 18-year-old Owen Flowers for their alleged roles in a Transport for London cyberattack in 2024 that compromised travel card data and disrupted live commuter information. Both appeared in court under the U.K.’s Computer Misuse Act. Earlier law enforcement action in the U.S. included criminal charges against five Scattered Spider suspects for mass phishing campaigns that stole login credentials and millions in cryptocurrency, laying out how members of this collective staged coordinated extortion and data theft.

Federal agencies are also issuing advisories about the group’s social engineering techniques, noting how attackers impersonate help desks, abuse multi-factor authentication and harvest credentials to access corporate networks.

Parents often learn the truth late. In many cases, the first warning comes when federal agents arrive at the door. Teens can move from online pranks to serious federal crimes without realizing where the legal line lies.

How parents and teens can avoid ransomware recruitment traps

This type of cybercrime thrives on silence and speed. Slowing things down protects families and futures.

Tips for parents and guardians to spot fake job scams early

Parents play a critical role in spotting early warning signs, especially when online “work” starts happening behind closed doors or moves too fast to explain.

1) Pay attention to how online “jobs” are communicated

Ask which platforms your child uses for work conversations and who they talk to. Legitimate employers do not recruit through Telegram or Discord DMs.

2) Question sudden income with no clear employer

Money appearing quickly, especially in crypto, deserves scrutiny. Real jobs provide paperwork, supervisors and pay records.

3) Treat secrecy as a serious warning sign

If a teen is told to keep work private from parents or teachers, that is not independence. It is manipulation.

4) Talk early about legal consequences online

Many teens do not realize that cybercrime can lead to federal charges. Honest conversations now prevent life-changing outcomes later. Also, monitoring may feel uncomfortable. However, silence creates more risk.

Tips for teens to avoid fake job offers and cybercrime traps

Teenagers with tech skills have real opportunities ahead, but knowing how to spot fake offers can mean the difference between building a career and facing serious legal trouble.

1) Be skeptical of private messages offering fast money

Real companies do not cold-recruit through private chats or gaming servers.

2) Avoid crypto-only payment offers

Being paid only in cryptocurrency is a common tactic used to hide criminal activity.

3) Choose legal paths to build skills and reputation

Bug bounty programs, cybersecurity clubs and internships offer real experience without risking your future. Talent opens doors. Prison closes them.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

FBI WARNS OF FAKE KIDNAPPING PHOTOS USED IN NEW SCAM

A loose cybercrime network known as “The Com” has been linked to major U.S. and U.K. data breaches affecting companies worth trillions combined. (Photo by Uli Deck/picture alliance via Getty Images)

Kurt’s key takeaways

What makes this trend so unsettling is how ordinary it all looks. The job ads sound harmless. The chats feel friendly. The crypto payouts seem exciting. But underneath that surface is a pipeline pulling teenagers into serious crimes with real consequences. Many kids do not realize how far they have gone until it is too late. What starts as a quick call or a side hustle can turn into federal charges and years of fallout. Cybercrime moves fast. Accountability usually shows up much later. By the time it does, the damage is already done.

If fake job ads can quietly recruit teenagers into ransomware gangs, how confident are you that your family or workplace would spot the warning signs before it is too late? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO GET THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 13, 2026
Why your Android TV box may secretly be a part of a botnet

NEWYou can now listen to Fox News articles!

Android TV streaming boxes that promise “everything for one price” are everywhere right now.

You’ll see them on big retail sites, in influencer videos, and even recommended by friends who swear they’ve cut the cord for good. And to be fair, they look irresistible on paper, offering thousands of channels for a one-time payment. But security researchers are warning that some of these boxes may come with a hidden cost.

In several cases, devices sold as simple media streamers appear to quietly turn your home internet connection into part of larger networks used for shady online activity. And many buyers have no idea it’s happening.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHY JANUARY IS THE BEST TIME TO REMOVE PERSONAL DATA ONLINE

Android TV streaming boxes promising unlimited channels for a one-time fee may quietly turn home internet connections into proxy networks, according to security researchers. (Photo By Paul Chinn/The San Francisco Chronicle via Getty Images)

What’s inside these streaming boxes

According to an investigation by Krebs on Security, media streaming devices don’t behave like ordinary media streamers once they’re connected to your network. Researchers closely examine SuperBox, which is an Android-based streaming box sold through third-party sellers on major retail platforms. On paper, SuperBox markets itself as just hardware. The company claims it doesn’t pre-install pirated apps and insists users are responsible for what they install. That sounds reassuring until you look at how the device actually works.

To unlock the thousands of channels SuperBox advertises, you must first remove Google’s official app ecosystem and replace it with an unofficial app store. That step alone should raise eyebrows. Once those custom apps are installed, the device doesn’t just stream video but also begins routing internet traffic through third-party proxy networks.

What this means is that your home internet connection may be used to relay traffic for other people. That traffic can include ad fraud, credential stuffing attempts and large-scale web scraping.

During testing by Censys, a cyber intelligence company that tracks internet-connected devices, SuperBox models immediately contacted servers tied to Tencent’s QQ messaging service, run by Tencent, as well as a residential proxy service called Grass.

Grass describes itself as an opt-in network that lets you earn rewards by sharing unused internet bandwidth. This suggests that SuperBox devices may be using SDKs or tooling that hijack bandwidth without clear user consent, effectively turning the box into a node inside a proxy network.

Why SuperBox activity resembles botnet behavior

In simple terms, a botnet is a large group of compromised devices that work together to route traffic or perform online tasks without the owners realizing it.

Researchers discovered SuperBox devices contained advanced networking and remote access tools that have no business being on a streaming box. These included utilities like Tcpdump and Netcat, which are commonly used for network monitoring and traffic interception.

The devices performed DNS hijacking and ARP poisoning on local networks, techniques used to redirect traffic and impersonate other devices on the same network. Some models even contained directories labeled “secondstage,” suggesting additional payloads or functionality beyond streaming.

SuperBox is just one brand in a crowded market of no-name Android streaming devices. Many of them promise free content and quick setup, but often come preloaded with malware or require unofficial app stores that expose users to serious risk.

In July 2025, Google filed a lawsuit against operators behind what it called the BADBOX 2.0 botnet, a network of more than ten million compromised Android devices. These devices were used for advertising fraud and proxy services, and many were infected before consumers even bought them.

Around the same time, the Feds warned that compromised streaming and IoT devices were being used to gain unauthorized access to home networks and funnel traffic into criminal proxy services.

We reached out to SuperBox for comment but did not receive a response before our deadline.

8 steps you can take to protect yourself

If you already own one of these streaming boxes or are thinking about buying one, these steps can help reduce your risk significantly.

1) Avoid devices that require unofficial app stores

If a streaming box asks you to remove Google Play or install apps from an unknown marketplace, stop right there. This bypasses Android’s built-in security checks and opens the door to malicious software. Legitimate Android TV devices don’t require this.

2) Use strong antivirus software on your devices

Even if the box itself is compromised, strong antivirus software on your computers and phones can detect suspicious network behavior, malicious connections or follow-on attacks like credential stuffing. Strong antivirus software monitors behavior, not just files, which matters when malware operates quietly in the background. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Put streaming devices on a separate or guest network

If your router supports it, isolate smart TVs and streaming boxes from your main network. This prevents a compromised device from seeing your laptops, phones or work systems. It’s one of the simplest ways to limit damage if something goes wrong.

4) Use a password manager

If your internet connection is being abused, stolen credentials often come next. A password manager ensures every account uses a unique password, so one leak doesn’t unlock everything. Many password managers also refuse to autofill on suspicious or fake websites, which can alert you before you make a mistake.

MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

Investigators warn some Android-based streaming boxes route user bandwidth through third-party servers linked to ad fraud and cybercrime. (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

5) Consider using a VPN for sensitive activity

A VPN won’t magically fix a compromised device, but it can reduce exposure by encrypting your traffic when browsing, banking or working online. This makes it harder for third parties to inspect or misuse your data if your network is being relayed.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Watch your internet usage and router activity

Unexpected spikes in bandwidth, slower speeds or strange outbound connections can be warning signs. Many routers show connected devices and traffic patterns.

If you notice suspicious traffic or behavior, unplug the streaming box immediately and perform a factory reset on your router. In some cases, the safest option is to stop using the device altogether.

Also, make sure your router firmware is up to date and that you’ve changed the default admin password. Compromised devices often try to exploit weak router settings to persist on a network.

7) Be wary of “free everything” streaming promises

Unlimited premium channels for a one-time fee usually mean you’re paying in some other way, often with your data, bandwidth or legal exposure. If a deal sounds too good to be true, it usually is.

8) Consider a data removal service

If your internet connection or accounts have been abused, your personal details may already be circulating among data brokers. A data removal service can help opt you out of people-search sites and reduce the amount of personal information criminals can exploit for follow-up scams or identity theft. While it won’t fix a compromised device, it can limit long-term exposure.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

Cyber experts say certain low-cost streaming devices behave more like botnet nodes than legitimate media players once connected to home networks. (Photo by Alessandro Di Ciommo/NurPhoto via Getty Images)

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaway

Streaming boxes like SuperBox thrive on frustration. As subscriptions pile up, people look for shortcuts. But when a device promises everything for nothing, it’s worth asking what it’s really doing behind the scenes. Research shows that some of these boxes don’t just stream TV. They quietly turn your home network into a resource for others, sometimes for criminal activity. Cutting the cord shouldn’t mean giving up control of your internet connection. Before plugging in that “too good to be true” box, it’s worth slowing down and looking a little closer.

Would you still use a streaming box if it meant sharing your internet with strangers? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 12, 2026
Covenant Health data breach affects nearly 500,000 patients

NEWYou can now listen to Fox News articles!

When a healthcare data breach is first disclosed, the number of people affected is often far lower than the final tally. That figure frequently climbs as investigations continue.

That’s exactly what happened with Andover, Mass.-based Covenant Health. The Catholic healthcare provider has now confirmed that a cyberattack discovered last May may have affected nearly 500,000 patients, a sharp increase from the fewer than 8,000 people it initially reported earlier this year.

A ransomware group later claimed responsibility for the incident, though Covenant Health has not publicly confirmed the use of ransomware. The attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

UNIVERSITY OF PHOENIX DATA BREACH HITS 3.5M PEOPLE

Covenant Health detected suspicious activity in late May 2025, but investigators later confirmed attackers had already accessed systems days earlier. (Kurt “CyberGuy” Knutsson)

What happened in the Covenant Health breach

Covenant Health says it detected unusual activity in its IT environment on May 26, 2025. A later investigation revealed that an attacker had actually gained access eight days earlier, on May 18, and was able to access patient data during that window.

In July, Covenant Health told regulators that the breach impacted 7,864 individuals. After completing what it describes as extensive data analysis, the organization now says that up to 478,188 individuals may have been affected.

Covenant Health operates hospitals, nursing and rehabilitation centers, assisted living residences and elder care organizations across New England and parts of Pennsylvania. That wide footprint means the breach potentially touched patients across multiple states and care settings.

In late June, the Qilin ransomware group claimed responsibility for the attack, as reported by Bleeping Computer. The group alleged it stole 852 GB of data, totaling nearly 1.35 million files. Covenant Health has not confirmed those figures, but it did acknowledge that patient information was accessed.

According to the organization, the exposed data may have included names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details and treatment information such as diagnoses, dates of treatment and types of care received.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Qilin ransomware lists Covenant Health on its data leak site. (Bleeping Computer)

What Covenant Health is telling patients

In a notice sent to regulators and patients, Covenant Health says it engaged third-party forensic specialists to investigate the incident and determine what data was involved. The organization says its data analysis is ongoing as it continues identifying individuals whose information may have been involved.

Then there are the familiar statements every company makes after a breach, claiming they’ve strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health says it has also set up a dedicated toll-free call center to handle questions related to the breach.

Beginning Dec. 31, 2025, the organization started mailing notification letters to patients whose information may have been compromised. For individuals whose Social Security numbers may have been involved, Covenant Health is offering complimentary credit monitoring and identity theft protection services.

We reached out to Covenant Health, and the company confirmed the expanded scope of the incident and outlined steps being taken to notify patients and enhance security safeguards.

DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

The breach exposed highly sensitive information, including names, Social Security numbers, medical records and treatment details tied to nearly half a million patients. (Kurt “CyberGuy” Knutsson)

7 steps you can take to protect yourself after the Covenant Health breach

If you received a notice from Covenant Health or if your data has been exposed in any healthcare breach, these steps can help reduce the risk of misuse.

1) Enroll in the free identity protection offered

If the organization offers you credit monitoring or identity protection, take it. These services can alert you to suspicious activity tied to your Social Security number, credit file or identity details before real damage is done. If you’re not offered one and want to be on the safer side, you might consider getting one yourself.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

2) Monitor medical and insurance statements closely

Medical identity theft often shows up quietly. Review an explanation of benefits (EOBs), insurance claims and billing statements for services you don’t recognize. If something looks off, report it to your insurer immediately.

3) Place a fraud alert or credit freeze

A fraud alert tells lenders to take extra steps to verify your identity before approving credit. A credit freeze goes further by blocking new accounts entirely unless you lift it. If Social Security numbers were exposed, a freeze is usually the safer option.

To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”

4) Use a password manager

Healthcare breaches often lead to credential-stuffing attacks elsewhere. A password manager ensures every account uses a unique password, so one exposed dataset can’t unlock everything else. It also makes it easier to update passwords quickly after a breach.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Be cautious of phishing scams and use strong antivirus software

Breaches are frequently followed by phishing emails, texts or calls that reference the incident to sound legitimate. Attackers may pose as the healthcare provider, an insurer or a credit bureau. Don’t click links or share information unless you verify the source independently.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

6) Consider a personal data removal service

Once your data leaks, it often spreads across data broker sites. Personal data removal services help reduce your digital footprint by requesting takedowns from these databases. While they can’t erase everything, they lower your exposure and make targeted fraud harder.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Review your credit reports regularly

You’re entitled to free credit reports from all major bureaus. Check them for unfamiliar accounts, hard inquiries or address changes. Catching fraud early makes it far easier to contain.

Kurt’s key takeaway

Healthcare organizations remain prime targets for cybercriminal groups because of the volume and sensitivity of the data they store. Medical records contain a mix of personal, financial, and health information that is difficult to change once exposed. Unlike a password, you cannot reset a diagnosis or treatment history. This breach also shows how early disclosures often underestimate impact. Large healthcare networks rely on complex systems and third-party vendors, which can slow forensic analysis in the early stages. As investigations continue, the number of affected individuals often climbs.

Do you think healthcare organizations do enough to protect user data? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 10, 2026
Why January is the best time to remove personal data online
NEWYou can now listen to Fox News articles!

January feels like a reset. A new calendar. New goals. New habits. While you clean out your inbox, organize paperwork or set resolutions, however, scammers also hit reset, and they start with your personal data.

That is because January is one of the most important months for online privacy. This is when data brokers refresh profiles and scammers rebuild their target lists.

As a result, the longer your information stays online, the more complete and valuable your profile becomes. To help address this, institutions like the U.S. Department of the Treasury have released advisories urging people to stay vigilant and avoid data-related scams.

For that reason, taking action early in the year can significantly reduce scam attempts, lower identity theft risks, and limit unwanted exposure for the rest of the year.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

January is when data brokers refresh profiles and scammers rebuild target lists, making early action critical for online privacy. (iStock)

STOP DATA BROKERS FROM SELLING YOUR INFORMATION ONLINE

Why personal data does not expire and keeps compounding online

Many people assume old information eventually becomes useless. Unfortunately, that’s not how data brokers work.

Data brokers don’t just store a snapshot of who you are today. They build living profiles that grow over time, pulling from:
- Public records (property sales, court filings, voter registrations)
- Retail purchases and loyalty programs
- App usage and location data
- Past addresses, phone numbers, and relatives
- Marketing databases and online activity.
Each year adds another layer. A new address. A changed phone number. A family connection. A retirement milestone. On its own, one data point doesn’t mean much. But together, they create a detailed identity profile that scammers can use to convincingly impersonate you. That’s why waiting makes things worse, not better.

Why scammers ‘rebuild’ targets at the start of the year

Scammers don’t randomly target people. They work from lists. At the beginning of the year, those lists get refreshed.

Why January matters so much:
- Data brokers update and resell profiles after year-end records close
- New public filings from the previous year become searchable
- Marketing databases reset campaigns and audience segments
- Scam networks repackage data into “fresh” target lists.
Think of it like the upcoming spring cleaning, except it’s criminals organizing identities to exploit for the next 12 months.

If your data is still widely exposed in January, you’re far more likely to:

Once your profile is flagged as responsive or profitable, it often stays in circulation.

As personal information accumulates across databases, digital profiles grow more detailed and more valuable to scammers over time. (Kurt “CyberGuy” Knutsson)

Why taking action in January protects you all year long

Removing your data early isn’t just about stopping scams today; it’s about cutting off the supply chain that fuels them. When your information is removed from data broker databases:
- It’s harder for scammers to find accurate contact details
- Phishing messages become less convincing
- Impersonation attempts fail more often
- Your identity becomes less valuable to resell.
This has a compounding benefit in the opposite direction. The fewer lists you appear on in January, the fewer times your data gets reused, resold, and recycled throughout the year. That’s why I consistently recommend addressing data exposure before problems start, not after.

Why retirees and families feel the impact first

January is especially important for retirees and families because they’re more likely to become targets of fraud, scams, and other crimes.

Retirees often have:
- Long addresses and employment histories
- Stable credit profiles
- Fewer active credit applications
- Public retirement and property records
Families add another layer of risk:
- Relatives are linked together in broker profiles
- One exposed family member can expose others
- Shared addresses and phone plans increase visibility
Scammers know this. That’s why households with established financial histories are prioritized early in the year.

Why quick fixes don’t work

Many people try to “start fresh” in January by:

Those steps help, but they don’t remove your data from broker databases. Credit monitoring services alert you after something goes wrong. Password changes don’t affect public profiles. And unsubscribing doesn’t stop data resale. If your personal information is still sitting in hundreds of databases, scammers can find you.

The January privacy reset that actually works

If you want fewer scam attempts for the rest of the year, the most effective step is removing your personal data at the source.

You can do this in one of two ways. You can submit removal requests yourself, or you can use a professional data removal service to handle the process for you.

Removing your data yourself

Manually removing your data means identifying dozens or even hundreds of data broker websites, finding their opt-out forms and submitting removal requests one by one. You also need to verify your identity, track responses and repeat the process whenever your information reappears.

This approach works, but it requires time, organization, and ongoing follow-up.

Using a data removal service

A data removal service handles this process on your behalf. These services typically:
- Send legal data removal requests to large networks of data brokers
- Monitor for reposted information and submit follow-up removals
- Continue tracking your exposure throughout the year
- Manage a process that most people cannot realistically maintain on their own
Removing your data at the start of the year helps reduce scam attempts, phishing messages and identity theft risks all year long. (iStock)

Because these services handle sensitive personal information, it is important to choose one that follows strict security standards and uses verified removal methods.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaways

Scammers don’t wait for mistakes. They wait for exposed data. January is when profiles are refreshed, lists are rebuilt, and targets are chosen for the year ahead. The longer your personal information stays online, the more complete-and dangerous-your digital profile becomes. The good news? You can stop the cycle. Removing your data now reduces scam attempts, protects your identity, and gives you a quieter, safer year ahead. If you’re going to make one privacy move this year, make it early-and make it count.

Have you ever been surprised by how much of your personal information was already online? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 9, 2026
Hackers abuse Google Cloud to send trusted phishing emails

NEWYou can now listen to Fox News articles!

Cybercriminals have found a clever new way to get phishing emails straight into inboxes.

Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud.

The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – when you join my CYBERGUY.COM newsletter.

How this Google Cloud phishing attack worked

At the center of the campaign was Google Cloud Application Integration. This service allows businesses to send automated email notifications from workflows they build. Attackers exploited the Send Email task inside that system. Because the messages came from a real Google address, they appeared authentic to both users and security tools.

According to Check Point, a global cybersecurity firm that tracks and analyzes large-scale threat campaigns, the emails were sent from a legitimate Google-owned address and closely matched Google’s notification style. Fonts, wording, and layout all looked familiar. Over a two-week period in December 2025, attackers sent more than 9,000 phishing emails targeting roughly 3,200 organizations across the U.S., Europe, Canada, Asia Pacific, and Latin America.

Attackers used trusted Google Cloud infrastructure to route victims through multiple redirects before revealing the scam. (Thomas Fuller/SOPA Images/LightRocket via Getty Images)

MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

Why Google phishing emails were so convincing

The messages looked like routine workplace alerts. Some claimed you had received a voicemail. Others said you were granted access to a shared document, like a Q4 file. That sense of normalcy lowered suspicion. Many people are used to seeing these exact messages every day. Even more concerning, the emails bypassed common protections like SPF and DMARC because they were sent through Google-owned infrastructure. To email systems, nothing looked fake.

What happens after you click

The attack did not stop at the email. Once a victim clicked the link, they were sent to a page hosted on storage.cloud.google.com. That added another layer of trust. From there, the link redirected again to googleusercontent.com. Next came a fake CAPTCHA or image check. This step blocked automated security scanners while letting real users continue. After passing that screen, victims landed on a fake Microsoft login page hosted on a non-Microsoft domain. Any credentials entered there were captured by the attackers.

Who was targeted in the Google Cloud phishing attack

Check Point says the campaign focused heavily on industries that rely on automated alerts and shared documents. That included manufacturing, technology, finance, professional services, and retail. Other sectors like healthcare, education, government, energy, travel and media were also targeted. These environments see constant permission requests and file-sharing notices, which made the lures feel routine.

“We have blocked several phishing campaigns involving the misuse of an email notification feature within Google Cloud Application Integration,” a Google spokesperson told Cyberguy. “Importantly, this activity stemmed from the abuse of a workflow automation tool, not a compromise of Google’s infrastructure. While we have implemented protections to defend users against this specific attack, we encourage continued caution as malicious actors frequently attempt to spoof trusted brands. We are taking additional steps to prevent further misuse.”

The incident demonstrates how attackers can weaponize legitimate cloud automation tools without resorting to traditional spoofing.

Ways to stay safe from trusted-looking phishing emails

Phishing emails are getting harder to spot, especially when attackers abuse real cloud platforms like Google Cloud. These steps help reduce risk when emails look familiar and legitimate.

1) Slow down before acting on alerts

Attackers rely on urgency. Messages about voicemails, shared files or permission changes are designed to make you click fast. Pause before taking action. Ask yourself whether you were actually expecting that alert. If not, verify it another way.

2) Inspect links before you click

Always hover over links to preview the destination domain. In this campaign, links jumped across multiple trusted-looking Google domains before landing on a fake login page. If the final destination does not match the service asking you to sign in, close the page immediately.

3) Treat file access and permission emails with caution

Shared document alerts are a favorite lure because they feel routine at work. If an email claims you were granted access to a file you do not recognize, do not click directly from the message. Instead, open your browser and sign in to Google Drive or OneDrive manually to check for new files.

The final step led users to a fake Microsoft login page, where entered credentials were silently stolen. (Stack Social)

4) Use a password manager to catch fake login pages

Password managers can be a strong last line of defense. They will not autofill credentials on fake Microsoft or Google login pages hosted on non-official domains. If your password manager refuses to fill in a login, that is a red flag worth paying attention to.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

NEW GOOGLE AI MAKES ROBOTS SMARTER WITHOUT THE CLOUD

5) Run strong antivirus software with phishing protection

Modern antivirus tools do more than scan files. Many now detect malicious links, fake CAPTCHA pages, and credential harvesting sites in real time. Strong antivirus software can block phishing pages even after a click, which matters in multi-stage attacks like this one.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

6) Reduce your exposure with a data removal service

Phishing campaigns often succeed because attackers already know your email, employer or role. That information is commonly pulled from data broker sites. A data removal service helps remove your personal information from these databases, making it harder for attackers to craft convincing, targeted emails.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Enable two-factor authentication (2FA) everywhere

Even if attackers steal your password, two-factor authentication (2FA) can stop them from accessing your account. Use app-based authentication or hardware keys when possible, especially for work email, cloud storage, and Microsoft accounts.

8) Report suspicious emails immediately

If something feels off, report it. Flag suspicious Google or Microsoft alerts to your IT or security team so they can warn others. Early reporting can stop a phishing campaign before it spreads further inside an organization.

Google phishing emails looked like routine workplace alerts. (Kurt “CyberGuy” Knutsson)

Kurt’s key takeaways

This campaign highlights a growing shift in phishing tactics. Attackers no longer need to fake brands when they can abuse trusted cloud services directly. As automation becomes more common, security awareness matters more than ever. Even familiar emails deserve a second look, especially when they push urgency or ask for credentials.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

If a phishing email comes from a real Google address, how confident are you that you would spot it before clicking? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 8, 2026
Trump says the US ‘needs’ Greenland for Arctic security. Here’s why

Location, location, location: Greenland’s key position above the Arctic Circle makes the world’s largest island a key part of security strategy in the High North. But for whom?Increasing international tensions, global warming and the changing world economy have put Greenland at the heart of the debate over global trade and security, and U.S. President Donald Trump wants to make sure his country controls this mineral-rich country that guards the Arctic and North Atlantic approaches to North America.Greenland is a self-governing territory of Denmark, a longtime U.S. ally that has rejected Trump’s overtures. Greenland’s own government also opposes U.S. designs on the island, saying the people of Greenland will decide their own future. The island, 80% of which lies above the Arctic Circle, is home to about 56,000 mostly Inuit people who until now have been largely ignored by the rest of the world.Here’s why Greenland is strategically important to Arctic security: Greenland sits off the northeastern coast of Canada, with more than two-thirds of its territory lying within the Arctic Circle. That has made it crucial to the defense of North America since World War II, when the U.S. occupied Greenland to ensure it didn’t fall into the hands of Nazi Germany and to protect crucial North Atlantic shipping lanes.Following the Cold War, the Arctic was largely an area of international cooperation. But climate change is thinning the Arctic ice, promising to create a northwest passage for international trade and reigniting competition with Russia, China and other countries over access to the region’s mineral resources.Video below: Stephen Miller says ‘obviously Greenland should be part of the United States’ Greenland is also a rich source of the so-called rare earth minerals that are a key component of mobile phones, computers, batteries and other gadgets that are expected to power the world’s economy in the coming decades.That has attracted the interest of the U.S. and other Western powers as they try to ease China’s dominance of the market for these critical minerals.Development of Greenland’s mineral resources is challenging because of the island’s harsh climate, while strict environmental controls have proved an additional bulwark against potential investors. The U.S. Department of Defense operates the remote Pituffik Space Base in northwestern Greenland, which was built after the U.S. and Denmark signed the Defense of Greenland Treaty in 1951. It supports missile warning, missile defense and space surveillance operations for the U.S. and NATO.Greenland also guards part of what is known as the GIUK (Greenland, Iceland, United Kingdom) Gap, where NATO monitors Russian naval movements in the North Atlantic. Denmark is moving to strengthen its military presence around Greenland and in the wider North Atlantic. Last year, the government announced a roughly 14.6 billion kroner ($2.3 billion) agreement with parties including the governments of Greenland and the Faroe Islands, another self-governing territory of Denmark, to “improve capabilities for surveillance and maintaining sovereignty in the region.” The plan includes three new Arctic naval vessels, two additional long-range surveillance drones and satellite capacity.Denmark’s Joint Arctic Command is headquartered in Greenland’s capital, Nuuk, and tasked with the “surveillance, assertion of sovereignty and military defense of Greenland and the Faroe Islands,” according to its website. It has smaller satellite stations across the island.The Sirius Dog Sled Patrol, an elite Danish naval unit that conducts long-range reconnaissance and enforces Danish sovereignty in the Arctic wilderness, is also stationed in Greenland. In 2018, China declared itself a “near-Arctic state” in an effort to gain more influence in the region. China has also announced plans to build a “Polar Silk Road” as part of its global Belt and Road Initiative, which has created economic links with countries around the world.Then-U.S. Secretary of State Mike Pompeo rejected China’s move, saying: “Do we want the Arctic Ocean to transform into a new South China Sea, fraught with militarization and competing territorial claims?”Meanwhile, Russian President Vladimir Putin has said Russia is worried about NATO’s activities in the Arctic and will respond by strengthening its military capability in the polar region. European leaders’ concerns were heightened following Russia’s full-scale invasion of Ukraine in 2022. Stefanie Dazio in Berlin contributed to this report.

Location, location, location: Greenland’s key position above the Arctic Circle makes the world’s largest island a key part of security strategy in the High North. But for whom?

Increasing international tensions, global warming and the changing world economy have put Greenland at the heart of the debate over global trade and security, and U.S. President Donald Trump wants to make sure his country controls this mineral-rich country that guards the Arctic and North Atlantic approaches to North America.

Greenland is a self-governing territory of Denmark, a longtime U.S. ally that has rejected Trump’s overtures. Greenland’s own government also opposes U.S. designs on the island, saying the people of Greenland will decide their own future.

The island, 80% of which lies above the Arctic Circle, is home to about 56,000 mostly Inuit people who until now have been largely ignored by the rest of the world.

Here’s why Greenland is strategically important to Arctic security:

Greenland sits off the northeastern coast of Canada, with more than two-thirds of its territory lying within the Arctic Circle. That has made it crucial to the defense of North America since World War II, when the U.S. occupied Greenland to ensure it didn’t fall into the hands of Nazi Germany and to protect crucial North Atlantic shipping lanes.

Following the Cold War, the Arctic was largely an area of international cooperation. But climate change is thinning the Arctic ice, promising to create a northwest passage for international trade and reigniting competition with Russia, China and other countries over access to the region’s mineral resources.

Video below: Stephen Miller says ‘obviously Greenland should be part of the United States’

Greenland is also a rich source of the so-called rare earth minerals that are a key component of mobile phones, computers, batteries and other gadgets that are expected to power the world’s economy in the coming decades.

That has attracted the interest of the U.S. and other Western powers as they try to ease China’s dominance of the market for these critical minerals.

Development of Greenland’s mineral resources is challenging because of the island’s harsh climate, while strict environmental controls have proved an additional bulwark against potential investors.

The U.S. Department of Defense operates the remote Pituffik Space Base in northwestern Greenland, which was built after the U.S. and Denmark signed the Defense of Greenland Treaty in 1951. It supports missile warning, missile defense and space surveillance operations for the U.S. and NATO.

Greenland also guards part of what is known as the GIUK (Greenland, Iceland, United Kingdom) Gap, where NATO monitors Russian naval movements in the North Atlantic.

Denmark is moving to strengthen its military presence around Greenland and in the wider North Atlantic. Last year, the government announced a roughly 14.6 billion kroner ($2.3 billion) agreement with parties including the governments of Greenland and the Faroe Islands, another self-governing territory of Denmark, to “improve capabilities for surveillance and maintaining sovereignty in the region.”

The plan includes three new Arctic naval vessels, two additional long-range surveillance drones and satellite capacity.

Denmark’s Joint Arctic Command is headquartered in Greenland’s capital, Nuuk, and tasked with the “surveillance, assertion of sovereignty and military defense of Greenland and the Faroe Islands,” according to its website. It has smaller satellite stations across the island.

The Sirius Dog Sled Patrol, an elite Danish naval unit that conducts long-range reconnaissance and enforces Danish sovereignty in the Arctic wilderness, is also stationed in Greenland.

In 2018, China declared itself a “near-Arctic state” in an effort to gain more influence in the region. China has also announced plans to build a “Polar Silk Road” as part of its global Belt and Road Initiative, which has created economic links with countries around the world.

Then-U.S. Secretary of State Mike Pompeo rejected China’s move, saying: “Do we want the Arctic Ocean to transform into a new South China Sea, fraught with militarization and competing territorial claims?”

Meanwhile, Russian President Vladimir Putin has said Russia is worried about NATO’s activities in the Arctic and will respond by strengthening its military capability in the polar region. European leaders’ concerns were heightened following Russia’s full-scale invasion of Ukraine in 2022.

Stefanie Dazio in Berlin contributed to this report.

Source link

January 6, 2026
Browser extension malware infected 8.8M users in DarkSpectre attack
NEWYou can now listen to Fox News articles!

Browser extensions promise convenience. Many offer simple tools like new tab pages, translators or video helpers.

Researchers, however, uncovered a long-running malware operation that abused that trust on a massive scale. Koi Security analysts identified the threat while analyzing suspicious infrastructure tied to a campaign known as ShadyPanda. What started as one investigation quickly revealed something far larger.

The group behind it is now known as DarkSpectre. According to Koi researchers, it infected more than 8.8 million users across Chrome, Edge and Firefox over seven years. This was not a smash-and-grab attack. It was slow, deliberate and highly organized. Instead of rushing malicious code into marketplaces, the group played the long game.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

Security researchers say millions of users unknowingly installed browser extensions that later turned malicious after years of appearing legitimate. (Donato Fasano/Getty Images)

One threat actor behind three major campaigns

At first, the activity looked like separate threats. That changed once Koi analysts followed the infrastructure breadcrumbs. By pivoting from domains linked to ShadyPanda, Koi researchers uncovered shared systems powering multiple extension clusters. That analysis confirmed that ShadyPanda, GhostPoster and Zoom Stealer were not separate actors. They were one coordinated operation. Together, these campaigns targeted both everyday users and corporate environments.

ShadyPanda

This campaign focused on mass surveillance and affiliate fraud. Researchers estimate it affected more than 4 million users, with some analyses suggesting the total could reach up to 5.6 million as additional related extensions were linked. In several cases, extensions remained legitimate for more than five years before quietly turning malicious.

GhostPoster

This campaign used a clever trick. It hid malicious code inside image files to bypass security checks. It impacted 1.05 million users.

Zoom Stealer

This operation targeted corporate meeting data across more than 28 conferencing platforms. It affected 2.2 million users.

Different goals. Same operator.

How Koi uncovered DarkSpectre’s hidden network

The breakthrough came when Koi analysts examined two domains tied to ShadyPanda. Those domains powered legitimate extension features like weather widgets and new tab pages. They were not command servers. That was the trick. Those same clean domains appeared again and again across other extensions that quietly connected to entirely different malicious infrastructure.

One domain led to extensions. Those extensions exposed new domains. Those domains were connected to even more extensions. Following that chain allowed Koi to uncover over 100 connected extensions across multiple browser marketplaces. Some extensions even reused infrastructure already flagged in earlier investigations. That overlap confirmed DarkSpectre was operating at a nation-state scale.

How DarkSpectre stayed hidden for years

DarkSpectre succeeded by blending legitimate functionality with hidden malware. Users got what they expected. Meanwhile, the threat ran quietly in the background.

Time-delayed activation fooled reviewers

Some extensions waited days before activating malicious behavior. Others triggered malware on only a small percentage of page loads. This made detection during marketplace reviews extremely difficult.

Malicious code disguised as images

The group hid JavaScript inside PNG image files. The extension loaded its own logo, extracted the hidden code and executed it silently.

No updates required

Instead of pushing new extension versions, DarkSpectre controlled everything from its servers. Operators could change behavior anytime without alerting users or marketplaces. Koi researchers noted this approach gave the attackers long-term flexibility and control.

Why the Zoom Stealer campaign stands out

Most malware focuses on consumer fraud. Zoom Stealer focused on intelligence.

According to Koi analysts, these extensions collected the following:
- Meeting links with embedded passwords
- Meeting IDs, topics and schedules
- Speaker names, titles, bios and photos
- Company affiliations and branding
Worse yet, the data streamed in real time. The moment a user joined or viewed a meeting, the information flowed out. This type of data enables phishing impersonation and corporate espionage at scale.

Why browser extensions remain a weak link

Extension marketplaces typically evaluate code only at submission or update. Koi’s investigation shows how attackers exploit that model. Once an extension earns trust badges and positive reviews, users stop questioning it. That trust becomes a weapon. A clean extension today can become a threat tomorrow.

Ways to stay safe from malicious browser extensions

You do not need to avoid extensions entirely. You do need to stay cautious.

1) Keep your browser up-to-date

Make sure you turn on automatic updates for your browser (e.g., Chrome, Firefox, Edge) so you’re always running the latest version without thinking about it.

2) Review your installed extensions

Remove anything you no longer use. Fewer extensions reduce risk. CyberGuy has step-by-step guides showing how to review and remove browser extensions safely, making it easy to clean up your browser in just a few minutes. In Chrome, Edge and Firefox, open the menu, go to Extensions or Add-ons, and remove anything you do not use or trust.

3) Install extensions only from trusted sources

Official browser stores like the Chrome Web Store have rules and scans to catch bad actors. They’re not perfect, but they are still a better option when compared to a random website on the internet. Extensions from unknown websites or third-party downloads are far more likely to hide malware or spyware.

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

A long-running malware operation quietly abused trusted browser extensions across Chrome, Edge and Firefox, infecting millions worldwide. (Morteza Nikoubazl/NurPhoto via Getty Images)

4) Have strong antivirus software

Strong antivirus software can warn you before you install malicious software, such as sketchy browser extensions. It can also alert you to phishing emails and ransomware scams, helping keep your personal information and digital assets safe.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Invest in personal data removal services

If your personal data was exposed in this security incident, it’s crucial to act quickly to reduce your risk of identity theft and scams. A data removal service can help you remove all this personal information from the internet.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.

It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Be skeptical of extensions requesting unnecessary access

Some extensions overreach on purpose. A calculator tool asking for your browsing history or a weather app wanting your login data is a huge red flag. Before installing, ask: “Does this permission match the extension’s job?” If the answer’s no, don’t install it. Watch out for broad permissions like “Read and change all your data on websites you visit” unless it’s clearly justified (e.g., a password manager). If an update suddenly adds new permission requests, dig into why. It might mean the extension’s been sold or hacked.

7) Change your passwords — and do it safely

If you’ve ever saved passwords in your browser (e.g., via the browser’s built-in password manager or the “Save Password” prompt), those credentials could be at risk if a malicious extension was installed. These built-in managers store passwords locally or in your Google, Microsoft or Firefox account, and a compromised browser can give bad actors a way in.

This doesn’t typically apply to dedicated password manager extensions, which encrypt your data independently and don’t rely on browser storage. However, if you’re unsure whether an extension has been compromised, it’s always smart to update your master password and enable two-factor authentication.

For maximum safety, change your most important passwords (email, bank, shopping, cloud services) from a different, secure device, such as your phone or another computer where the questionable extension was never installed. Avoid using the same browser that may have been exposed. Then, consider switching to a password manager to create and store strong, unique logins going forward.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

Analysts uncovered a coordinated campaign that hid spyware inside everyday browser tools like new tab pages and translators. (Morteza Nikoubazl/NurPhoto via Getty Images)

8) Watch for behavior changes

Subtle changes often appear before obvious damage. Sudden redirects, new tabs opening on their own, unfamiliar search results, popups, slower browsing or websites asking you to re-log in unexpectedly can all signal a malicious or compromised extension. Pay attention if ads appear where they never did before or if your browser settings change without your input.

Koi’s investigation shows how attackers rely on patience. Once an extension earns trust and sits quietly for years, users stop watching it. That makes small behavior changes easy to miss. If something feels off, do not ignore it. Disable extensions one by one to identify the culprit. If the issue disappears, remove that extension permanently.

When in doubt, trust your instincts. Browsers should not surprise you.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

DarkSpectre is a reminder that online threats are getting smarter and quieter. This was not a smash-and-grab attack. It unfolded slowly, over years, and relied on trust most people never think twice about. Koi analysts connected the dots by tracking shared infrastructure across campaigns, but they also warn that some sleeper extensions may still be installed and trusted today. Browser extensions can be helpful, but every extra add-on is another door into your browser. Paying attention, cleaning house now and then, and questioning what you install can make a real difference.

When was the last time you checked what your browser extensions are really doing behind the scenes? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 6, 2026
Malicious Chrome extensions caught stealing sensitive data
NEWYou can now listen to Fox News articles!

Chrome extensions are supposed to make your browser more useful, but they’ve quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered two Chrome extensions that have been doing exactly that for years.

These extensions looked like harmless proxy tools, but behind the scenes, they were hijacking traffic and stealing sensitive data from users who trusted them. What makes this case worse is where these extensions were found. Both were listed on Chrome’s official extension marketplace.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

Security researchers uncovered malicious Chrome extensions that quietly routed users’ web traffic through attacker-controlled servers to steal sensitive data. (Gokhan Balci/Anadolu Agency/Getty Images)

Malicious Chrome extensions hiding in plain sight

Researchers at Socket discovered two Chrome extensions using the same name, “Phantom Shuttle,” that were posing as tools for proxy routing and network speed testing (via Bleeping Computer). According to the researchers, the extensions have been active since at least 2017.

Both extensions were published under the same developer name and marketed towards foreign trade workers who need to test internet connectivity from different regions. They were sold as subscription-based tools, with prices ranging from roughly $1.40 to $13.60.

At a glance, everything looked normal. The descriptions matched the functionality. The pricing seemed reasonable. The problem was what the extensions were doing after installation.

How Phantom Shuttle steals your data

Socket researchers say Phantom Shuttle routes all your web traffic through proxy servers controlled by the attacker. Those proxies use hardcoded credentials embedded directly into the extension’s code. To avoid detection, the malicious logic is hidden inside what appears to be a legitimate jQuery library.

The attackers didn’t just leave credentials sitting in plain text. The extensions hide them using a custom character-index encoding scheme. Once active, the extension listens to web traffic and intercepts HTTP authentication challenges on any site you visit.

To make sure traffic always flows through their infrastructure, the extensions dynamically reconfigure Chrome’s proxy settings using an auto-configuration script. This forces your browser to route requests exactly where the attacker wants them.

In its default “smarty” mode, Phantom Shuttle routes traffic from more than 170 high-value domains through its proxy network. That list includes developer platforms, cloud service dashboards, social media sites and adult content portals. Local networks and the attacker’s own command-and-control domain are excluded, likely to avoid breaking things or raising suspicion.

While acting as a man-in-the-middle, the extension can capture anything you submit through web forms. That includes usernames, passwords, card details, personal information, session cookies from HTTP headers and API tokens pulled directly from network requests.

CyberGuy contacted Google about the extensions, and a spokesperson confirmed that both have been removed from the Chrome Web Store.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

Two Chrome extensions posing as proxy tools were found spying on users for years while listed on Google’s official Chrome Web Store. (Yui Mok/PA Images via Getty Images)

How to review the extensions installed in your browser (Chrome)

The step-by-step instructions below apply to Windows PCs, Macs and Chromebooks. In other words, desktop Chrome. Chrome extensions cannot be fully reviewed or removed from the mobile app.

Step 1: Open your extensions list
- Open Chrome on your computer.
- Click the three-dot menu in the top-right corner.
- Select Extensions
- Then click Manage Extensions.
You can also type this directly into the address bar and press Enter:
chrome://extensions

Step 2: Look for anything you do not recognize

Go through every extension listed and ask yourself:
- Do I remember installing this?
- Do I still use it?
- Do I know what it actually does?
If the answer is no to any of these, take a closer look.

Step 3: Review permissions and access

Click Details on any extension you are unsure about. Pay attention to:
- Permissions, especially anything that can read or change data on websites you visit
- Site access, such as extensions that run on all sites
- Background access, which allows the extension to stay active even when not in use
Proxy tools, VPNs, downloaders and network-related extensions deserve extra scrutiny.

Step 4: Disable suspicious extensions first

If something feels off, toggle the extension off. This immediately stops it from running without deleting it. If everything still works as expected, the extension was likely not essential.

Step 5: Remove extensions you no longer need

To fully remove an extension:
- Click Remove
- Confirm when prompted
Unused extensions are a common target for abuse and should be cleaned out regularly.

Step 6: Restart Chrome

Close and reopen Chrome after making changes. This ensures disabled or removed extensions are no longer active.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

Cybersecurity experts warn that trusted browser extensions can become powerful surveillance tools once installed. (Gabby Jones/Bloomberg via Getty Images)

6 steps you can take to stay safe from malicious Chrome extensions

You can’t control what slips through app store reviews, but you can reduce your risk by changing how you install and manage extensions.

1) Install extensions only when absolutely necessary

Every extension increases your attack surface. If you don’t genuinely need it, don’t install it. Convenience extensions often come with far more permissions than they deserve.

2) Check the publisher carefully

Reputable developers usually have a history, a website and multiple well-known extensions. Be cautious with tools from unknown publishers, especially those offering network or proxy features.

3) Read multiple user reviews, not just ratings

Star ratings can be faked or manipulated. Look for detailed reviews that mention long-term use. Watch out for sudden waves of generic praise.

4) Review permissions before clicking install

If an extension asks to “read and change all data on websites you visit,” take that seriously. Proxy tools and network extensions can see everything you do.

5) Use a password manager

A password manager won’t stop a malicious extension from spying on traffic, but it can limit damage. Unique passwords mean stolen credentials can’t unlock multiple accounts. Many managers also refuse to autofill on suspicious pages.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

6) Install strong antivirus software

Strong antivirus software can flag suspicious network activity, proxy abuse and unauthorized changes to browser settings. This adds a layer of defense beyond Chrome’s own protections.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

This attack doesn’t rely on phishing emails or fake websites. It works because the extension itself becomes part of your browser. Once installed, it sees nearly everything you do online. Extensions like Phantom Shuttle are dangerous because they blend real functionality with malicious behavior. The extensions deliver the proxy service they promise, which lowers suspicion, while quietly routing user data through attacker-controlled servers.

When was the last time you reviewed the extensions installed in your browser? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 5, 2026
U.S. national intelligence director is silent on Venezuela operation

WASHINGTON — Director of National Intelligence Tulsi Gabbard had yet to weigh in on the U.S. operation to remove Nicolás Maduro from power in Caracas as of Saturday night, more than 24 hours since President Trump approved the audacious mission that captured the Venezuelan leader.

Her silence on the operation surprised some in the U.S. intelligence community, which laid the groundwork for the mission over several months, and which had assets in harm’s way on the ground in Venezuela as the operation unfolded.

CIA Director John Ratcliffe, by contrast, accompanied Trump in Mar-a-Lago throughout the night as the extraction was underway, and stood beside the president as he conducted a news conference announcing the results.

“Teamwork at its finest,” Ratcliffe wrote on social media, posted alongside photos of him with the president’s team in the temporary situation room set up at Trump’s Florida estate.

Gabbard, a native of Hawaii who, according to her X account, spent the holidays in her home state, made a name for herself as a member of Congress campaigning against “regime change wars,” particularly the U.S. war in Iraq that toppled Saddam Hussein.

In a speech at Turning Point USA’s annual conference last month, Gabbard criticized “warmongers” in the “deep state” of the intelligence community she leads trying to thwart Trump’s efforts to broker peace between Russia and Ukraine.

“Too often we, the American people, are told we must choose between liberty or security, and which side often wins out in that proposition,” she told the gathered crowd. “Liberty loses, and the warmongers claim that they are doing what they are doing for the sake of our security. It’s a lie.”

Outside of government, during Trump’s first term, Gabbard also criticized advocates for regime change in Venezuela, writing in 2019, “It’s about the oil … again.”

“The United States needs to stay out of Venezuela,” Gabbard wrote at the time. “Let the Venezuelan people determine their future.

“We don’t want other countries to choose our leaders,” she added, “so we have to stop trying to choose theirs.”

Michael Wilner

Source link

January 4, 2026
OpenAI admits AI browsers face unsolvable prompt attacks

NEWYou can now listen to Fox News articles!

Cybercriminals don’t always need malware or exploits to break into systems anymore. Sometimes, they just need the right words in the right place. OpenAI is now openly acknowledging that reality. The company says prompt injection attacks against artificial intelligence (AI)-powered browsers are not a bug that can be fully patched, but a long-term risk that comes with letting AI agents roam the open web. This raises uncomfortable questions about how safe these tools really are, especially as they gain more autonomy and access to your data.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

AI-powered browsers can read and act on web content, which also makes them vulnerable to hidden instructions attackers can slip into pages or documents. (Kurt “CyberGuy” Knutsson)

Why prompt injection isn’t going away

In a recent blog post, OpenAI admitted that prompt injection attacks are unlikely to ever be completely eliminated. Prompt injection works by hiding instructions inside web pages, documents or emails in ways that humans don’t notice, but AI agents do. Once the AI reads that content, it can be tricked into following malicious instructions.

OpenAI compared this problem to scams and social engineering. You can reduce them, but you can’t make them disappear. The company also acknowledged that “agent mode” in its ChatGPT Atlas browser increases risk because it expands the attack surface. The more an AI can do on your behalf, the more damage it can cause when something goes wrong.

OpenAI launched the ChatGPT Atlas browser in October, and security researchers immediately started testing its limits. Within hours, demos appeared showing that a few carefully placed words inside a Google Doc could influence how the browser behaved. That same day, Brave published its own warning, explaining that indirect prompt injection is a structural problem for AI-powered browsers, including tools like Perplexity’s Comet.

This isn’t just OpenAI’s problem. Earlier this month, the National Cyber Security Centre in the U.K. warned that prompt injection attacks against generative AI systems may never be fully mitigated.

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

Prompt injection attacks exploit trust at scale, allowing malicious instructions to influence what an AI agent does without the user ever seeing it. (Kurt “CyberGuy” Knutsson)

The risk trade-off with AI browsers

OpenAI says it views prompt injection as a long-term security challenge that requires constant pressure, not a one-time fix. Its approach relies on faster patch cycles, continuous testing and layered defenses. That puts it broadly in line with rivals like Anthropic and Google, which have both argued that agentic systems need architectural controls and ongoing stress testing.

Where OpenAI is taking a different approach is with something it calls an “LLM-based automated attacker.” In simple terms, OpenAI trained an AI to act like a hacker. Using reinforcement learning, this attacker bot looks for ways to sneak malicious instructions into an AI agent’s workflow.

The bot runs attacks in simulation first. It predicts how the target AI would reason, what steps it would take and where it might fail. Based on that feedback, it refines the attack and tries again. Because this system has insight into the AI’s internal decision-making, OpenAI believes it can surface weaknesses faster than real-world attackers.

Even with these defenses, AI browsers aren’t safe. They combine two things attackers love: autonomy and access. Unlike regular browsers, they don’t just display information, but also read emails, scan documents, click links and take actions on your behalf. That means a single malicious prompt hidden in a webpage, document or message can influence what the AI does without you ever seeing it. Even when safeguards are in place, these agents operate by trusting content at scale, and that trust can be manipulated.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

As AI browsers gain more autonomy and access to personal data, limiting permissions and keeping human confirmation in the loop becomes critical for safety. (Kurt “CyberGuy” Knutsson)

7 steps you can take to reduce risk with AI browsers

You may not be able to eliminate prompt injection attacks, but you can significantly limit their impact by changing how you use AI tools.

1) Limit what the AI browser can access

Only give an AI browser access to what it absolutely needs. Avoid connecting your primary email account, cloud storage or payment methods unless there’s a clear reason. The more data an AI can see, the more valuable it becomes to attackers. Limiting access reduces the blast radius if something goes wrong.

2) Require confirmation for every sensitive action

Never allow an AI browser to send emails, make purchases or modify account settings without asking you first. Confirmation breaks long attack chains and gives you a moment to spot suspicious behavior. Many prompt injection attacks rely on the AI acting quietly in the background without user review.

3) Use a password manager for all accounts

A password manager ensures every account has a unique, strong password. If an AI browser or malicious page leaks one credential, attackers can’t reuse it elsewhere. Many password managers also refuse to autofill on unfamiliar or suspicious sites, which can alert you that something isn’t right before you manually enter anything.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Run strong antivirus software on your device

Even if an attack starts inside the browser, antivirus software can still detect suspicious scripts, unauthorized system changes or malicious network activity. Strong antivirus software focuses on behavior, not just files, which is critical when dealing with AI-driven or script-based attacks.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

5) Avoid broad or open-ended instructions

Telling an AI browser to “handle whatever is needed” gives attackers room to manipulate it through hidden prompts. Be specific about what the AI is allowed to do and what it should never do. Narrow instructions make it harder for malicious content to influence the agent.

6) Be careful with AI summaries and automated scans

When an AI browser scans emails, documents or web pages for you, remember that hidden instructions can live inside that content. Treat AI-generated actions as drafts or suggestions, not final decisions. Review anything the AI plans to act on before approving it.

7) Keep your browser, AI tools and operating system updated

Security fixes for AI browsers evolve quickly as new attack techniques emerge. Delaying updates leaves known weaknesses open longer than necessary. Turning on automatic updates ensures you get protection as soon as they’re available, even if you miss the announcement.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

There’s been a meteoric rise in AI browsers. We’re now seeing them from major tech companies, including OpenAI’s Atlas, The Browser Company’s Dia and Perplexity’s Comet. Even existing browsers like Chrome and Edge are pushing hard to add AI and agentic features into their current infrastructure. While these browsers can be useful, the technology is still early. It’s best not to fall for the hype and to wait for it to mature.

Do you think AI browsers are worth the risk today, or are they moving faster than security can keep up? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

January 4, 2026
University of Phoenix data breach hits 3.5M people
NEWYou can now listen to Fox News articles!

The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident traces back to August when attackers accessed the university’s network and quietly stole sensitive information.

The school detected the intrusion on Nov. 21. That discovery came after the attackers listed the university on a public leak site. In early December, the university disclosed the incident, and its parent company filed an 8-K with regulators.

The scope is large. Notification letters filed with Maine’s Attorney General show 3,489,274 individuals are impacted. Those affected include current and former students, faculty, staff and suppliers.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

DATA BREACH EXPOSES 400K BANK CUSTOMERS’ INFO

The University of Phoenix data breach exposed sensitive personal and financial information tied to nearly 3.5 million people. (Kurt “CyberGuy” Knutsson)

What happened and how attackers got in

According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application handles financial operations and contains highly sensitive data.

Based on the technical details shared so far, security researchers believe the attack aligns with tactics used by the Clop ransomware gang. Clop has a long track record of stealing data through zero-day flaws rather than encrypting systems.

The vulnerability tied to this campaign is tracked as CVE-2025-61882. Investigators say it has been abused since early August.

What data was exposed

The university says the attackers accessed highly sensitive personal and financial information. That includes:
- Full names
- Contact information
- Dates of birth
- Social security numbers
- Bank account numbers
- Routing numbers
This type of data creates a serious risk. It can fuel identity theft, financial fraud, and targeted phishing scams.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Stolen University of Phoenix records could be used by criminals to launch targeted phishing and identity theft attacks. (Kurt “CyberGuy” Knutsson)

Nearly 3.5 million people impacted

In letters sent to affected individuals, the university confirmed the breach affects 3,489,274 people. If you are a current or former student or employee, watch your mail closely.

These notifications often arrive by postal mail, not email. The letter explains what data was exposed and includes instructions for protective services.

We reached out to The University of Phoenix for comment, and a rep provided CyberGuy with the following statement:

“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities.”

Free identity protection is now available

The University of Phoenix is offering impacted individuals free identity protection services. These include:
- 12 months of credit monitoring
- Identity theft recovery assistance
- Dark web monitoring
- A $1 million fraud reimbursement policy
To enroll, you must use the redemption code provided in the notification letter. Without that code, you cannot activate the service.

This attack fits a larger Clop campaign

The University of Phoenix breach is not an isolated case. Clop has used similar tactics in past campaigns involving GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo, and Gladinet CentreStack.

Other universities have also reported Oracle EBS-related incidents. These include Harvard University and the University of Pennsylvania.

The U.S. government is taking notice. The U.S. Department of State is now offering a reward of up to $10 million for information linking Clop’s attacks to a foreign government.

Why colleges are prime targets

Universities store massive amounts of personal data. Student records, financial aid files, payroll systems, and donor databases all live under one roof.

Like healthcare organizations, colleges present a high-value target. A single breach can expose years of data tied to millions of people.

MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

Affected University of Phoenix students and staff should act quickly to monitor accounts and protect their identities. (Kurt “CyberGuy” Knutsson)

Steps to stay safe right now

If you believe you may be affected, act quickly. These steps can reduce your risk.

1) Watch for your breach notification letter

Read it carefully. It explains what data was exposed and how to enroll in protection services.

2) Enroll in the free identity protection

First, use the redemption code provided. Because social security and banking data are involved, credit monitoring and recovery services matter. Even if you do not qualify for the free service, an identity theft protection service is still a smart move.

In addition, these services actively monitor sensitive details like your social security number, phone number and email address. If your information appears on the dark web or if someone tries to open a new account, you receive an alert right away. As a result, many services also help you quickly freeze bank and credit card accounts to limit further fraud.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

3) Use a data removal service

Because this breach exposed names, contact details and other identifiers, reducing what is publicly available about you matters. A data removal service can help remove your personal information from data broker sites, which lowers the risk of targeted phishing or fraud tied to the stolen University of Phoenix records.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Monitor financial accounts daily

Check bank statements and credit card activity for unfamiliar charges. Report anything suspicious immediately.

5) Consider freezing your credit

A credit freeze can stop criminals from opening new accounts in your name. It is free and reversible. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”

6) Be alert for phishing attempts and use strong antivirus software

Expect more scam emails and phone calls. Criminals may reference the breach to sound legitimate.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

7) Secure your devices

Keep your operating systems and apps up to date, as attackers often exploit outdated software to gain access. In addition, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access and causing further harm.

Kurt’s key takeaways

The University of Phoenix data breach highlights a growing problem across higher education. When attackers exploit trusted enterprise software, the fallout spreads fast and wide. While free identity protection helps, long-term vigilance matters most. Staying alert can limit damage long after the headlines fade.

If universities cannot protect this level of sensitive data, should students demand stronger cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
January 3, 2026