Tag: Security

Malicious browser extensions hit 4.3M users

NEWYou can now listen to Fox News articles!

A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation affected 4.3 million users who downloaded extensions later updated with hidden malicious code.

These extensions began as simple wallpaper or productivity tools that looked harmless. Years later, silent updates added surveillance functions that most users could not detect.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU

Malicious extensions spread through trusted browsers and quietly collected user data for years. (Kurt “CyberGuy” Knutsson)

How the ShadyPanda campaign unfolded

The operation included 20 malicious Chrome extensions and 125 on the Microsoft Edge Add-ons store. Many first appeared in 2018 with no obvious warning signs. Five years later, the extensions began receiving staged updates that changed their behavior.

Koi Security found that these updates rolled out through each browser’s trusted auto-update system. Users did not need to click anything. No phishing. No fake alerts. Just quiet version bumps that slowly turned safe extensions into powerful tracking tools.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

WeTab functions as a sophisticated surveillance platform disguised as a productivity tool. (Koi)

What the extensions were doing behind the scenes

Once activated, the extensions injected tracking code into real links to earn revenue from user purchases. They also hijacked searches, redirected queries and logged data for sale and manipulation. ShadyPanda gathered an unusually broad range of personal information, including browsing history, search terms, cookies, keystrokes, fingerprint data, local storage, and even mouse movement coordinates. As the extensions gained credibility in the stores, the attackers pushed a backdoor update that allowed hourly remote code execution. That gave them full browser control, letting them monitor websites visited and exfiltrate persistent identifiers.

Researchers also discovered that the extensions could launch adversary-in-the-middle attacks. This allowed credential theft, session hijacking and code injection on any website. If users opened developer tools, the extensions switched into harmless mode to avoid detection. Google removed the malicious extensions from the Chrome Web Store. We reached out to the company, and a spokesperson confirmed that none of the extensions listed are currently live on the platform.

Meanwhile, a Microsoft spokesperson told CyberGuy, “We have removed all the extensions identified as malicious on the Edge Add-on store. When we become aware of instances that violate our policies, we take appropriate action that includes, but is not limited to, the removal of prohibited content or termination of our publishing agreement.”

Most of you will not need the full technical IDs used in the ShadyPanda campaign. These indicators of compromise are primarily for security researchers and IT teams. Regular users should focus on checking your installed extensions using the steps in the guide below.

You can review the full list of affected Chrome and Edge extensions to see every ID tied to the ShadyPanda campaign by clicking here and scrolling down to the bottom of the page.

How to check whether your browser contains these extension IDs

Here is an easy, step-by-step way for you to verify if any malicious extension IDs are installed.

For Google Chrome

Open Chrome.

Type chrome://extensions into the address bar.

Press Enter.

Look for each extension’s ID.

Click Details under any extension.

Scroll down to the Extension ID section.

Compare the ID with the lists above.

If you find a match, remove the extension immediately.

For Microsoft Edge

Open Edge.

Type edge://extensions into the address bar.

Press Enter.

Click Details under each extension.

Scroll to find the Extension ID.

If an ID appears in the lists, remove the extension and restart the browser.

183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW

Simple security steps can block hidden threats and help keep your browsing safer. (Kurt “CyberGuy” Knutsson)

How to protect your browser from malicious extensions

You can take a few quick actions that help lock down your browser and protect your data.

1) Remove suspicious extensions

Before removing anything, check your installed extensions against the IDs listed in the section above. Most of the malicious extensions were wallpaper or productivity tools. Three of the most mentioned are Clean Master, WeTab and Infinity V Plus. If you installed any of these or anything that looks similar, delete them now.

2) Reset your passwords

These extensions have access to sensitive data. Resetting your passwords protects you from possible misuse. A password manager makes the process easier and creates strong passwords for each account.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

3) Use a data removal service to reduce tracking

ShadyPanda collected browsing activity, identifiers and behavioral signals that can be matched with data already held by brokers. A data removal service helps you reclaim your privacy by scanning people-search sites and broker databases to locate your exposed information and remove it. This limits how much of your digital footprint can be linked, sold or used for targeted scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Install strong antivirus software

An antivirus may not have caught this specific threat due to the way it operated. Still, it can block other malware, scan for spyware and flag unsafe sites. Many antivirus tools include cloud backup and VPN options to add more protection.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Limit your extensions

Each extension adds risk. Stick with known developers and search for recent reviews. If an extension asks for permissions it should not need, walk away.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

ShadyPanda ran for years without raising alarms and proved how creative attackers can be. A trusted extension can shift into spyware through a silent update, which makes it even more important to stay alert to changes in browser behavior. You protect yourself by installing fewer extensions, checking them from time to time and watching for anything that feels out of place. Small steps help lower your exposure and reduce the chances that hidden code can track what you do online.

Have you ever found an extension on your browser that you didn’t remember installing or one that started acting in strange ways? How did you handle it? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alert, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

December 11, 2025
The WIRED Guide to Digital Opsec for Teens

Expand your mind, man. Opsec is really all about time travel—taking small, protective steps now before you have a disaster on your hands later. If you’re not on auto-delete, then an explosive, emotional text exchange with the person you’re currently dating—or, ahem, photos you sent to each other—will hang around forever. It’s normal for things to change and for relationships of all types to come and go. You may trust someone and be close to them now but grow apart in a year or two.

If you imagine an even more extreme scenario where you’re being investigated by the police, they could obtain warrants to search your digital accounts or devices. People have to go to great lengths to maintain their opsec if they’re trying to hide activity from law enforcement. To be clear, this guide is definitely not encouraging you to do crimes. Don’t do crimes! The goal is just to understand the value of keeping basic opsec principles in mind, because if some of your digital information is revealed haphazardly or out of context, it could, theoretically, appear incriminating.

You probably intuitively understand a lot of this. Don’t give your password to friends, duh.) So this guide is going to largely skip the obvious and emphasize more subtle, unintended consequences of failing to practice good opsec.

Memorable Opsec Fails

“Signalgate,” 2025: US officials discussed war plans in a group chat on the mainstream, secure messaging app Signal. Then they accidentally added a journalist to the chat. Subsequently, US defense secretary Pete Hegseth famously (embarrassingly) messaged the chat, “we are currently clean on OPSEC.” At least some members of the chat were also potentially using a modified, insecure version of Signal. All extremely not clean on opsec.

Gmail Drafts Exposed, 2012: Then-CIA director David Petraeus and his paramour shared a Gmail account to hide their communications by leaving them for each other to see as draft messages. Kind of ingenious given that this was before most texting or messaging apps offered timed disappearing/ephemeral messages, but the FBI figured out the strategy.

Identities

Opsec is all about compartmentalizing, and that’s the hardest part. Failure to compartmentalize is often how criminals get caught or how information that was meant to stay secret gets exposed. Think of your online life like rooms in a house. Each room has a separate key. If someone breaks into one room, they can grab everything there, but you don’t want them to be able to run wild beyond that room.

You can have multiple identities online and compartmentalize the activities of each, but it takes forethought to maintain the separation. There’s the real you who uses your main Gmail or Apple ID for personal and family stuff and social accounts where you use your real name, plus school and maybe work. Another compartment is your school email and school file storage. Then there’s your more adaptable, online personas who may have semi-anonymous handles, like jnd03 for Jane Doe. Friends know that these accounts are yours and classmates can probably guess them. Finally, there may be a pseudonymous you: alt accounts with no obvious link to real you—like Jane Doe using the handles “_aksdi0_0” or “peter_mayfield01.”

Rules of Separation

You have accounts under your real name, but you probably also need pseudonymous accounts. Tight compartmentalization will prevent people from doxing your pseudonymous accounts. But that’s easier said than done.

Obviously, don’t recycle usernames across platforms. If JaneD03 is your Instagram handle, don’t use it or a similar name for your anonymous Reddit account. Don’t even reuse passwords—but especially don’t reuse passwords between real and pseudonymous accounts. To prevent a compromised pseudonymous account from revealing your name, don’t use your main email address; instead, use a unique, pseudonymous one. Gmail “dot tricks” (jane.doe@, j.ane.doe@) don’t count, because they all equally reveal your master account.

JP Aumasson, Lily Hay Newman

Source link

November 29, 2025
Mexico’s ‘Batman’: The president’s favorite crime fighter, the cartels’ nemesis

MEXICO CITY — No floodlights illuminate the night sky when the citizens of Mexico’s Gotham need a hand. No hot line summons this super-cop from a hidden redoubt.

But Mexico does indeed have its own “Batman”: Omar García Harfuch, security czar in the government of President Claudia Sheinbaum.

He acquired the Batman moniker during his days as Mexico City’s crime-busting police chief under then-Mayor Sheinbaum. Like the stalwart Dark Knight, García Harfuch emits the vibe of a vigilant protector who compensates for a lack of superpowers with more cerebral skills — a mix of intelligence, resolve and moxie.

In his current post (official title: secretary of Security and Citizen Protection), García Harfuch is inevitably dispatched to hot spots from the northern border to the southern hinterlands — sites of assassinations, massacres, gang wars and other headline-grabbing incarnations of Mexican mayhem. The script never varies: He vows to snare the bad guys. Arrests follow.

Like his boss, Sheinbaum, the security chief disputes President Trump’s assertions that Mexico is “run by” cartels, though he doesn’t deny the widespread sway of organized crime.

“Yes, there is definitely a presence of criminal groups, but [Mexico] is not controlled by the cartels,” García Harfuch, 43, recently told the Mexican daily El Universal.

Omar García Harfuch, far left in suit, walks with President Claudia Sheinbaum, center, and other Mexican officials during a ceremony in Mexico City in September to mark the Sept. 19 earthquakes that hit Mexico in 1985 and 2017.

(Juan Abundis / ObturadorMX via Getty Images)

His stern, just-the-facts Joe Friday recitals of arrests, seizures, drug lab takedowns and other enforcement actions are signature moments at presidential news briefings. García Harfuch — always decked out in suit and tie — transmits an aura of competence, and his media-savvy advisors have burnished his image as an implacable foe of the cartels.

Supporters began calling him Batman, in English, when crime rates dropped precipitously in Mexico City during his tenure as police chief. Supporters even circulated online images of a modified Batman action figure, with “Harfuch” emblazoned on the chest.

While emphasizing intelligence-gathering and investigative diligence, he doesn’t shy from praising shoe-leather police work and citing traditional metrics of success. Since Sheinbaum took office Oct. 1, 2024, he says, authorities have arrested more than 37,000 suspects in “high-impact crimes,” seized more than 300 tons of illicit drugs and dismantled more than 600 drug labs.

Such statistics were rarely tossed about during the presidency of Andrés Manuel López Obrador, Sheinbaum’s predecessor and mentor. The ex-president favored a much-criticized “hugs not bullets” strategy — curtailing offensive operations against cartels and instead addressing poverty and other socioeconomic factors driving young people to join organized crime. Many Mexicans appear happy with the shift.

García Harfuch, at the National Palace in September, was chief of police of Mexico City before becoming secretary of Security and Citizen Protection.

(Gerardo Vieyra / NurPhoto via Getty Images)

“Harfuch seems to me a good man who has good intentions, but, unfortunately, crime is so ingrained in Mexican society that it’s hard to get rid of it,” said Gregorio Flores, 57, a shop owner in Mexico City.

García Harfuch is the probably the most visible figure in the Mexican government apart from the president, and polls show him to be among the most popular — and a possible candidate to succeed Sheinbaum, who clearly trusts him explicitly from their time together in Mexico City government. Even rivals of Sheinbaum acknowledge his effectiveness.

Taking a pronounced stance against organized crime is hardly without risk in Mexico, where politicians, cops, journalists and anyone else who stands in the way of the mobs may wind up in the gangsters’ cross-hairs. García Harfuch is well aware of the stakes.

Experts work at the crime scene after García Harfuch was wounded in an assassination attempt in Mexico City on June 26, 2020. Two of his bodyguards and a female bystander were killed.

(Pedro Pardo / AFP via Getty Images)

In 2020, while serving as the capital’s police chief, García Harfuch survived three gunshot wounds in a brazen attack as his SUV traveled along Mexico City’s elegant Paseo de la Reforma. Killed in the assault were two police bodyguards and a female street vendor who was a bystander. The commando-style strike utilizing multiple high-caliber armaments stunned one of the capital’s toniest residential districts, something like a mob hit on Rodeo Drive.

From his hospital bed, García Harfuch — a former federal cop who also has a law degree — blamed the powerful Jalisco New Generation cartel.

Ongoing threats against García Harfuch are frequently reported in the Mexican press, including chilling scribbled death threats found in May alongside several mangled bodies, presumed cartel victims, dumped outside Acapulco.

“García Harfuch is the cartels’ enemy No. 1,” said David Saucedo, a security analyst. “He’s become a headache for them. The cartels were accustomed to making deals with [the government]. … But Harfuch gives the impression that he’s not disposed to reach an agreement with organized crime groups. And that’s a problem for the cartels.”

Security is Mexicans’ major concern, and Garcia Harfuch gives the impression that the good guys are cracking down, even if many are dubious about the steep crime declines Sheinbaum regularly touts.

Homicides have nose-dived by almost 40% since Sheinbaum took office last year, the government says, though critics call the statistic inflated — it excludes, for instance, the rising numbers of “disappeared” people, presumed crime victims consigned to clandestine graves.

And some have suggested that Sheinbaum’s save-the-day call-ups of her media-savvy security chief are more performative than substantive, and probably counterproductive.

“There’s no Batman,” columnist Viri Ríos wrote recently in Mexico’s Milenio newspaper. “The myth of Batman is dangerous, especially for Harfuch. Making him a myth imposes on him the responsibility of pacifying the country. But, as we all know, Omar can’t defeat organized crime by himself.”

In fact, García Harfuch has relatively few forces under his direct command. Corruption remains rampant among state and municipal police, prosecutors and judges in Mexico, often rendering them unreliable partners. Thus García Harfuch is dependent on other agencies, notably the national guard, a 200,000-strong force under military command.

Sheinbaum speaks at her daily press briefing in November as García Harfuch looks on. He is a fixture at the briefings.

(Carl de Souza / AFP via Getty Images)

García Harfuch regularly extols his relationship with the armed forces, despite rumors of resentment against his sweeping powers and his closeness to Sheinbaum. Mexico’s first female president also serves as military commander in chief.

García Harfuch is said to have the trust of U.S. law enforcement, even though the Trump administration’s ever-escalating demands and threats of unilateral strikes on Mexican territory put him in a tough spot. Only last week, Trump declared that he was “not happy” with narcotics-fighting efforts in Mexico.

“The Americans have confidence in García Harfuch, but they are always asking for more — more arrests, more extraditions, more decommissions” of drug labs, said Saucedo, the security analyst.

For security reasons, officials provide few details on García Harfuch’s personal life, beyond saying he is divorced and a father.

García Harfuch descends from a line of prominent government officials, their careers reflecting, in part, Mexico’s past under a repressive, authoritarian government.

His grandfather, Gen. Marcelino García Barragán, was a secretary of defense during the infamous 1968 massacre of student protesters in Mexico City’s Tlatelolco district; and his father, Javier García Paniagua, was a politician who held various posts, including chief of a now-disbanded federal police agency assailed for human rights abuses.

Mexico’s top cop may not wear a cape and mask, but his background does have a touch of show business: His mother, María Sorté, is one of Mexico’s best-known actors, often portraying characters in telenovelas, or soap operas. Few know her real name, María Harfuch Hidalgo, whose paternal surname reflects her Lebanese ancestry.

“Harfuch strikes me as a good man with fine intentions,” said Carmen Zamora, 46, a restaurant owner in Mexico City. “But he needs more time. One cannot resolve in one year the violence that we have seen for so long in Mexico.”

Carlos Monjarraz, 34, a capital car salesman, is not convinced.

“All this Batman stuff is just a joke on Mexicans when everything is the same — the same murders, narco-trafficking, insecurity,” Monjarraz said. “We don’t need a Batman to save us. What we need is for authorities to jail the real criminals — crooked politicians who keep protecting each other.”

Special correspondent Cecilia Sánchez Vidal contributed to this report.

Patrick J. McDonnell

Source link

November 29, 2025
America’s most-used password in 2025 revealed
NEWYou can now listen to Fox News articles!

Passwords play a huge role in how you stay safe online. They protect your accounts, devices and money. Still, many people pick logins that criminals can guess in seconds.

The latest NordPass report shows this problem again. This year, “admin” took the top spot as the most common password in the United States.

NordPass and NordStellar, two cybersecurity companies that track leaked credentials and online threats, reviewed millions of exposed passwords to spot trends. They also examined how password habits differ across generations. The pattern is clear: many of us still rely on simple words, easy number strings and familiar keyboard patterns. These choices give attackers a quick path into countless accounts.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW

Weak passwords like “admin” give attackers a quick way into your accounts before you even realize it. (Kurt “CyberGuy” Knutsson)

Most common passwords in the United States

NordPass shared its top 20 list for 2025. “Admin” sits at number one. Variations of the word “password” take up five spots. Number strings appear nine times. One explicit term even made the list.

Here are the 20 most common passwords in the USA this year:
- admin
- password
- 123456
- 12345678
- 123456789
- 12345
- Password
- 12345678910
- Gmail.12345
- Password1
- Aa123456
- f*******t
- 1234567890
- abc123
- Welcome1
- Password1!
- password1
- 1234567
- 111111
- 123123
Weak logins remain a major problem because criminals rely on automated tools. These tools try simple words and common patterns first. When millions of people reuse the same easy passwords, attackers succeed fast.

HOW TO USE PASSKEYS TO KEEP YOUR COMPUTER SAFE

Reusing the same login across sites makes it easy for criminals to jump from one hacked account to another. (Kurt “CyberGuy” Knutsson)

Global trends show the same risky password behavior

The United States is not alone. Globally, “123456” ranks as the most common password. “Admin” and “12345678” follow closely behind. These patterns appear because they are easy to remember. Sadly, they are also easy to crack.

Researchers noticed one shift worth noting: more passwords now include special characters. The increase is sharp. However, most examples remain weak. Strings like P@ssw0rd and Abcd@1234 still follow predictable rules that tools can break with little effort.

The word “password” stays popular around the world. People even use it in local languages. This shows how widespread the problem is.

Why younger generations still make unsafe password choices

Many people assume younger adults understand digital safety. They grew up with phones and social media. Research shows that this assumption is wrong.

NordPass found that an 18-year-old often picks the same weak password patterns as an 80-year-old. Younger users favor long number sequences. Older users lean toward names. Neither group creates secure or random strings. Generations Z and Y tend to avoid names. Generations X and older use them often. Each approach carries risk because attackers expect both patterns.

AI-POWERED SCAMS TARGET KIDS WHILE PARENTS STAY SILENT

Researchers found that weak and predictable passwords still appear in leaked data again and again. (Kurt “CyberGuy” Knutsson)

Why weak passwords remain a big threat

Weak passwords fuel data breaches and account takeovers. Criminals run scripts that check billions of combinations every second. When your password is common, they break in fast.

A single stolen login can expose your email, social accounts, bank information and more. Many attacks start this way. Once criminals get inside one account, they often try the same password on others.

Steps to stay safe with your passwords

You can improve your digital safety with a few simple habits. These steps help block common attacks and protect your accounts.

1) Create strong random passwords

Pick long passwords or short passphrases. Aim for at least 20 characters. Mix letters, numbers and special characters. Avoid patterns.

2) Avoid password reuse

Use a unique password for each account. If one login gets hacked, the others stay safe.

3) Review and update weak passwords

Check your old logins. Replace anything short, predictable or reused. Fresh passwords lower your risk.

4) Use a password manager

A password manager creates secure passwords and stores them safely. It also fills them in for you, so you do not need to remember them.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Turn on multi-factor authentication (MFA)

MFA adds a second check before you log in. It is one of the easiest ways to block attackers.

6) Keep your software updated

Update your phone, computer browsers and apps on a regular schedule. These updates patch security gaps that criminals try to exploit. When you fall behind on updates, weak passwords become even riskier because attackers can pair old software flaws with easy logins.

Pro Tip: Use a data removal service

Leaked passwords often come from old profiles on data broker sites you forgot about. A data removal service can wipe your personal info from those sites and reduce how much of your data ends up on breach lists. When less of your information is floating around online, your accounts become less tempting targets.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Weak passwords remain a huge issue in 2025, even with new tools and better education. You have the power to improve your security with a few quick changes. When you build strong habits, you make it harder for criminals to get inside your accounts. Small steps add up fast and give you far more protection online.

What do you think keeps people stuck on weak passwords even when the risks are clear? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
November 28, 2025
New Android malware can empty your bank account in seconds

NEWYou can now listen to Fox News articles!

Android users have been dealing with a steady rise in financial malware for years. Threats like Hydra, Anatsa and Octo have shown how attackers can take over a phone, read everything on the screen and drain accounts before you even notice anything wrong. Security updates have helped slow some of these strains, but malware authors keep adapting with new tricks.

The latest variant spotted in circulation is one of the most capable yet. It can silence your phone, take screenshots of banking apps, read clipboard entries, and even automate crypto wallet transactions. This threat is now known as Android BankBot YNRK, and it is far more advanced than typical mobile malware.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

How the malware infiltrates devices

HOW ANDROID MALWARE LETS THIEVES ACCESS YOUR ATM CASH

Android banking malware is getting harder to spot as attackers use new tricks to take over phones and drain accounts. (Thomas Trutschel/Photothek via Getty Images)

BankBot YNRK hides inside fake Android apps that appear legitimate when installed. In the samples analyzed by researchers at Cyfirma, the attackers used apps that impersonated official digital ID tools. Once installed, the malware begins profiling the device by collecting details such as brand, model and installed apps. It checks whether the device is an emulator to avoid automated security analysis. It also maps known models to screen resolutions, which helps it tailor its behavior to specific phones.

To blend in, the malware can disguise itself as Google News. It does this by changing its app name and icon, then loading the real news.google.com site inside a WebView. While the victim believes the app is genuine, the malware quietly runs its background services.

One of its first actions is to mute audio and notification alerts. This prevents victims from hearing incoming messages, alarms or calls that could signal unusual account activity. It then requests access to Accessibility Services. If granted, this allows the malware to interact with the device interface just like a user. From that point onward, it can press buttons, scroll through screens and read everything displayed on the device.

BankBot YNRK also adds itself as a Device Administrator app. This makes it harder to remove and helps it restart itself after a reboot. To maintain long-term access, it schedules recurring background jobs that relaunch the malware every few seconds as long as the phone is connected to the internet.

What does the malware steal

Once the malware receives commands from its remote server, it gains near-complete control of the phone. It sends device information and installed app lists to the attackers, then receives a list of financial apps it should target. This list includes major banking apps used in Vietnam, Malaysia, Indonesia and India, along with several global cryptocurrency wallets.

With Accessibility permissions enabled, the malware can read everything shown on the screen. It captures UI metadata such as text, view IDs and button positions. This helps it reconstruct a simplified version of any app’s interface. Using this data, it can enter login details, swipe through menus or confirm transfers. It can also set text inside fields, install or remove apps, take photos, send SMS, turn call forwarding on and open banking apps in the background while the screen appears inactive.

In cryptocurrency wallets, the malware acts like an automated bot. It can open apps such as Exodus or MetaMask, read balances and seed phrases, dismiss biometric prompts, and carry out transactions. Because all actions happen through Accessibility, the attacker never needs your passwords or PINs. Anything visible on the screen is enough.

The malware also monitors the clipboard, so if users copy OTPs, account numbers or crypto keys, the data is immediately sent to the attackers. With call forwarding enabled, incoming bank verification calls can be silently redirected. All of these actions happen within seconds of the malware activating.

BankBot YNRK hides inside fake apps that look legitimate, then disguises itself as Google News while it runs in the background. (AP Photo/Don Ryan, File)

7 steps you can take to stay safe from banking malware

Banking trojans are getting harder to spot, but a few simple habits can reduce the chances of your phone getting compromised. Here are seven practical steps that help you stay protected.

FBI WARNS OVER 1 MILLION ANDROID DEVICES HIJACKED BY MALWARE

1) Install strong antivirus software

Strong antivirus software helps catch trouble early by spotting suspicious behavior before it harms your Android device or exposes your data. It checks apps as you install them, alerts you to risky permissions and blocks known malware threats. Many top antivirus options also scan links and messages for danger, which adds an important layer of protection when scams move fast.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

2) Use a data-removal service to shrink your digital footprint

Data brokers quietly collect and sell your personal details, which helps scammers target you with more convincing attacks. A reputable data-removal service can find and delete your information from dozens of sites so that criminals have less to work with. This reduces spam, phishing attempts and the chances of ending up on a malware attack list.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

3) Install apps only from trusted sources

Avoid downloading APKs from random websites, forwarded messages or social media posts. Most banking malware spreads through sideloaded apps that look official but contain hidden code. The Play Store is not perfect, but it offers scanning, app verification and regular take-downs that greatly reduce the risk of installing infected apps.

4) Keep your device and apps updated

System updates often patch security issues that attackers exploit to bypass protections. Updating your apps is just as important, since outdated versions may contain weaknesses. Turn on automatic updates so that your device stays protected without you having to check manually.

5) Use a strong password manager

A password manager helps you create long, unique passwords for every account. It also saves you from typing passwords directly into apps, which reduces the chance of malware capturing them from your clipboard or keystrokes. If one password gets exposed, the rest of your accounts remain safe.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Once active, the malware can read your screen, steal financial data, automate crypto transfers and intercept OTPs within seconds. (Kurt “CyberGuy” Knutsson)

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

6) Enable two-factor authentication wherever possible

2FA adds a confirmation step through an OTP, authenticator app or hardware key. Even if attackers steal your login details, they still need this second step to get in. It cannot stop malware that takes over your device, but it significantly limits how far an attacker can go with stolen credentials.

GOOGLE ISSUES WARNING ON FAKE VPN APPS

7) Review app permissions and installed apps regularly

Malware often abuses permissions such as Accessibility or Device Admin because they allow deep control over your phone. Check your settings to see which apps have these permissions and remove anything that looks unfamiliar. Also, look through your installed apps and uninstall any tool or service you do not remember adding. Regular reviews help you spot threats early before they can steal data.

Kurt’s key takeaway

BankBot YNRK is one of the most capable Android banking threats discovered recently. It combines device profiling, strong persistence, UI automation and data theft to gain full control over a victim’s financial apps. Because much of its activity relies on Accessibility permissions, a single tap from the user can give attackers complete access. Staying safe means avoiding unofficial APKs, reviewing installed apps regularly and being cautious of any sudden request to enable special permissions.

Do you think Android phone makers like Samsung or Google are doing enough to protect you from malware? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

November 27, 2025
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’

After Myanmar’s military junta raided a notorious scam compound and destroyed buildings with explosives in October, officials claimed the country would entirely “eradicate” forced scamming within its borders. Now newly released satellite images of the targeted KK Park scam center reveal that only buildings in one limited section of the compound were destroyed during the initial raids. Experts on scam compounds, meanwhile, say the entire effort is likely “propaganda.”

High-resolution images of the KK Park scam compound, which is located near the Myanmar-Thailand border, show how military forces have razed multiple buildings, leaving piles of rubble in their place. However, the images show the destruction is, so-far, confined to the Eastern side of the gigantic compound—with hundreds of buildings across the vast compound being left untouched.

Multiple experts tell WIRED that the raids at KK Park and some other scam compounds are likely part of a wider “performative” effort by Myanmar’s military government, which has come under increasing pressure to tackle the highly lucrative scam compounds that have flourished in recent years. They also raise concerns about the welfare of thousands of people forced to run scams in KK Park.

“The junta is making it sound as though they’re taking down the entire compound, and the imagery that we have seen so far is only limited to one section,” says Eric Heintz, a global analyst at the International Justice Mission, an anti-slavery organization. “It’s important to keep monitoring this to verify what they’re actually doing and [see] if this is just for show or if they’re actually cracking down on the real problem.”

The satellite images, taken on November 16, appear to show that some buildings located around courtyards have been almost totally destroyed, with debris strewn around other buildings. Heintz says that the images, plus extra social media footage, indicates that some “villas” and dormitories where trafficking victims may have been housed appear to have been damaged or destroyed. (Myanmar’s military government has said further destruction started on November 17; third-party reports also suggest more buildings have been destroyed).

“All of the critical buildings that you would need to perpetrate the scams are still intact and still ready for use,” says Mechelle B Moore, the CEO of anti-trafficking nonprofit Global Alms, which is based in Thailand and works to help people who have trafficked into scam compounds in Myanmar. “They’re putting on a good show right now to say that they don’t support scamming compounds or human trafficking. But what they’ve allowed is all the scamming syndicates—all of the scamming bosses and supervisors—have been allowed to flee,” Moore claims.

Over the past decade, dozens of scam compounds have appeared in Southeast Asia, primarily across Myanmar, Cambodia, and Laos. Often operated by or linked to Chinese organized crime groups, the compounds trick people into working at them—often with the offer of high-paying jobs—and then force them to run a range of scams. Trafficking victims often have their passports taken; they can be tortured or beaten if they refuse to scam. By stealing from people around the world, the compounds have made billions for the organized crime groups.

Amid the extensive criminality, KK Park has emerged as one of the largest and most notorious scam compounds in Myanmar. Five years ago, the site was a series of fields near the town of Myawaddy, but has since been transformed into a sprawling compound with hundreds of buildings and thousands of people held there.

Matt Burgess

Source link

November 26, 2025
Google Nest still sends data after remote control cutoff, researcher finds
NEWYou can now listen to Fox News articles!

Google officially shut down remote control features for first and second generation Nest Learning Thermostats last month. Many owners assumed the devices would stop talking to Google once the company removed smart functions.

New research, however, shows that these early Nest devices continue uploading detailed logs to Google even though support has ended.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Early Nest Learning Thermostats still send sensor data to Google even after losing remote features. (Google)

Researcher finds unexpected data uploads from old Nest devices

Security researcher Cody Kociemba uncovered this quiet data flow after digging into the backend as part of a repair bounty challenge run by FULU, a right-to-repair group cofounded by electronics repair expert and YouTuber Louis Rossmann. The challenge asked developers to restore lost smart features for unsupported Nest devices. Kociemba teamed up with the open-source community and created No Longer Evil, software that brings smart functionality back to these aging thermostats.

While cloning Google’s API to build the project, he suddenly received a flood of logs from customer devices. That surprise led to a deeper look at what Google still collects.

Researcher Cody Kociemba uncovered the ongoing data uploads while building a tool to restore smart functions. (Google)

What Nest thermostats keep sending to Google

Even though remote control no longer works, Kociemba found that early Nest Learning Thermostats still upload a steady stream of sensor data to Google. This includes:
- Manual temperature changes
- Whether someone is in the room
- When sunlight hits the device
- Temperature readings
- Humidity levels
- Motion activity
- Ambient light data
Kociemba says the volume of logs was extensive. He turned off the incoming data because he never expected the devices to remain connected to Google after the shutdown.

Google previously said unsupported models will “continue to report logs for issue diagnostics.” However, Kociemba points out that Google cannot use that data to help customers anymore because support is fully discontinued. That makes the continued data flow even more puzzling.

AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH

CyberGuy contacted Google for comment, and a spokesperson provided us with the statement,

“The Nest Learning Thermostat (1st and 2nd Gen) is no longer supported in the Nest and Home apps, but temperature and scheduling adjustments can still be made directly on the unit. These devices will soon be unpaired and removed from all user accounts. Diagnostic logs, which are not tied to a specific user account, will continue to be sent to Google for service and issue tracking. Users who prefer to stop providing these logs can simply disconnect their device from Wi-Fi via the on-device settings menu.”

The thermostats continue reporting temperature, motion and light data even though official support has ended.

Why this discovery matters

Google cut access to remote control, security updates, software updates and status checks through the Nest and Google Home apps. Owners can no longer rely on the devices for key smart features. Yet the thermostats still push data to Google, creating a one-way connection that helps the company more than the customer.

Users do not benefit from the logs because support has been discontinued. Google cannot use these logs to diagnose problems or offer help. That raises questions about transparency and user choice for people who assumed the connection ended.

The FULU bounty that sparked the discovery

FULU’s bounty program encouraged developers to build tools that restore functionality to devices abandoned by their makers. After reviewing submissions, FULU awarded Kociemba and another developer known as Team Dinosaur the top bounty of $14,772 for bringing smart features back to early Nest models.

Their work highlights how community-driven repair efforts can keep useful devices alive. It also reveals how companies handle device data long after official support stops.

Ways to stay safe if you still use an old Nest thermostat

If you keep one of these unsupported Nest thermostats on your network, you can take a few simple steps to protect your privacy. These tips help reduce what the device sends to Google and lower your exposure.

1) Review your Google account activity

Start by checking what Google has linked to your home devices. Visit myactivity.google.com and look for thermostat logs or events you do not expect.

2) Place the device on a separate Wi-Fi network

A guest network keeps the thermostat away from your main devices. This limits what the thermostat can reach and helps prevent broader access.

3) Block outbound traffic when possible

Some routers let you stop individual devices from sending data to the internet. This cuts off log uploads while still letting the thermostat control heating and cooling.

4) Disable any remaining cloud features

If the device menu still offers cloud settings, turn off anything related to remote access or online diagnostics. Even partial controls help reduce data flow.

5) Remove old device associations from your Google account

Check your connected devices in your Google settings. Remove any old Nest entries that no longer serve a purpose. This stops leftover links that may still send data.

6) Adjust router settings that report device analytics

Some routers send analytics back to the router maker. Turn off cloud diagnostics to reduce the footprint of unsupported smart products.

7) Plan your replacement

Unsupported devices lose security updates. If you cannot isolate the thermostat on your network, consider upgrading to a model that still receives patches.

Pro Tip: Reduce your footprint with a data removal service

A data removal service can help you cut down on the amount of personal information available to data brokers. This adds another layer of privacy that supports your smart home security.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

The discovery that old Nest thermostats still send data to Google long after losing smart features gives owners a reason to take a closer look at their connected home. Unsupported devices can continue to talk to servers even when the useful side of the relationship ends. Understanding what your gadgets share helps you make informed decisions about what stays on your network.

Would you keep using a device that still sends data to its manufacturer even after it loses the features you paid for? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
November 25, 2025
How Android malware lets thieves access your ATM cash

NEWYou can now listen to Fox News articles!

Smartphone banking has made life easier, but it has also opened new opportunities for cybercriminals.

Over the past few years, we have seen Android malware steal passwords, intercept OTPs and even take remote control of phones to drain accounts. Some scams focus on fake banking apps, while others rely on phishing messages that trick you into entering sensitive details.

Security researchers have now discovered a new threat that goes a step further. Instead of simply stealing login information, this malware gives thieves the ability to walk up to an ATM and withdraw your money in real time.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Android malware like NGate tricks users into downloading fake banking apps that steal sensitive data. (Kurt “CyberGuy” Knutsson)

How the NGate malware works

The Polish Computer Emergency Response Team (CERT Polska) discovered a new Android malware called NGate that uses NFC activity to access a victim’s bank account. This malware monitors contactless payment actions on the victim’s phone and forwards all transaction data, including the PIN, directly to a server controlled by attackers. It does not just copy card details. Instead, it waits until the victim taps to pay or performs a verification step, then captures the fresh, one-time authentication codes that modern Visa and Mastercard chips generate.

To pull this off, attackers need to infect the phone first. They typically send phishing messages claiming there is a security problem with the victim’s bank account. These messages often push people to download a fake banking app from a non-official source. Once the victim installs it, the app walks them through fake verification prompts and requests permissions that allow it to read NFC activity. As soon as the victim taps their phone or enters their PIN, the malware captures everything the ATM needs to validate a withdrawal.

MANAGE ANDROID APPS WITH THE NEW ‘UNINSTALL’ BUTTON

Once installed, the malware captures NFC tap-to-pay codes and PINs the moment the victim uses their phone. (Kurt “CyberGuy” Knutsson)

What attackers do with the stolen data at the ATM

The attackers rely on speed. The one-time codes generated during an NFC transaction are valid for only a short period. As soon as the infected phone captures the data, the information is uploaded to the attacker’s server. An accomplice waits near an ATM, holding a device capable of emulating a contactless card. This could be another phone, a smartwatch or custom NFC hardware.

When the data arrives, the accomplice presents the card-emulating device at the ATM. Since the information contains fresh, valid authentication codes and the correct PIN, the machine treats it like a real card. The ATM authorizes the withdrawal because everything appears to match a legitimate transaction. All of this happens without the criminal ever touching the victim’s physical card. Everything depends on timing, planning and getting the victim to unknowingly complete the transaction on their own phone.

Criminals use the stolen, time-limited codes at an ATM to make real withdrawals without the victim’s card. (Kurt “CyberGuy” Knutsson)

7 steps you can take to stay safe from Android NGate malware

As attacks like NGate become more sophisticated, staying safe comes down to a mix of good digital habits and a few simple tools that protect your phone and your financial data.

1) Download apps only from the Play Store

Most malicious banking apps spread through direct links sent in texts or emails. These links lead to APK files hosted on random servers. When you install apps only from the Play Store, you get Google’s built-in security checks. Play Protect regularly scans apps for malware and removes harmful ones from your device. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. Even if attackers send convincing messages, avoid installing anything from outside the official store. If your bank wants you to update an app, you will always find it on the Play Store.

2) Use strong antivirus software

One careless tap on a fake bank alert can hand criminals everything they need. Strong antivirus software can stop most threats before they cause damage. It scans new downloads, blocks unsafe links and alerts you when an app behaves in ways that could expose your financial data. Many threats like NGate rely on fake banking apps, so having real-time scanning turned on gives you an early warning if something suspicious tries to install itself.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

ATM ‘JACKPOTTING’ CRIME WAVE GROWS AFTER THIEVES WALK AWAY WITH HUNDREDS OF THOUSANDS IN CASH

3) Keep your device and apps updated

Security patches fix vulnerabilities that attackers use to hijack permission settings or read sensitive data. Updates also improve how Android monitors NFC and payment activity. Turn on automatic updates for both the operating system and apps, especially banking and payment apps. A fully updated device closes many of the holes that malware tries to exploit.

4) Use a password manager to avoid phishing traps

Phishing attacks often direct you to fake websites or fake app login pages that look identical to the real thing. A password manager saves your credentials and fills them in only when the website or app is authentic. If it refuses to autofill, it is a clear sign that you are on a fake page. Consider using a password manager to generate and store complex passwords.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Turn on two-factor authentication for all financial services

Two-factor authentication gives you a second layer of protection, even if your password is compromised. App-based authenticators are more secure than SMS codes because they cannot be intercepted as easily. For banking apps, enabling 2FA adds friction for attackers trying to perform unauthorized actions. Combined with strong passwords from a password manager, it significantly reduces the chance of account takeover.

6) Ignore suspicious texts, emails and calls

Attackers rely on urgency to trick you. They often claim that your card is blocked, your account is frozen or a payment needs verification. These messages push you to act fast and install a fake app. Always pause and check your bank’s official channels. Contact the bank through verified customer care numbers or the official app. Never click links or open attachments in unsolicited messages, even if they look legitimate.

7) Review app permissions

Most people install apps and forget about them. Over time, unused apps pile up with unnecessary permissions that increase risk. Open your phone’s permission settings and check what each app can access. If a simple tool asks for access to NFC, messages or accessibility features, uninstall it. Attackers exploit these excessive permissions to monitor your activity or capture data without your knowledge.

Kurt’s key takeaway

Cybercriminals are now combining social engineering with the secure hardware features inside modern payment systems. The malware does not break NFC security. Instead, it tricks you into performing a real transaction and steals the one-time codes at that moment. This makes the attack difficult to spot and even harder to reverse once the withdrawal goes through. The best defense is simple awareness. If a bank ever urges you to download an app from outside the Play Store, treat it as an immediate warning sign. Keeping your phone clean is now as important as keeping your physical card safe.

Have you ever downloaded an app from outside the Play Store? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

November 25, 2025
Amazon Is Using Specialized AI Agents for Deep Bug Hunting

As generative AI pushes the speed of software development, it is also enhancing the ability of digital attackers to carry out financially motivated or state-backed hacks. This means that security teams at tech companies have more code than ever to review while dealing with even more pressure from bad actors. On Monday, Amazon will publish details for the first time of an internal system known as Autonomous Threat Analysis (ATA), which the company has been using to help its security teams proactively identify weaknesses in its platforms, perform variant analysis to quickly search for other, similar flaws, and then develop remediations and detection capabilities to plug holes before attackers find them.

ATA was born out of an internal Amazon hackathon in August 2024, and security team members say that it has grown into a crucial tool since then. The key concept underlying ATA is that it isn’t a single AI agent developed to comprehensively conduct security testing and threat analysis. Instead, Amazon developed multiple specialized AI agents that compete against each other in two teams to rapidly investigate real attack techniques and different ways they could be used against Amazon’s systems—and then propose security controls for human review.

“The initial concept was aimed to address a critical limitation in security testing—limited coverage and the challenge of keeping detection capabilities current in a rapidly evolving threat landscape,” Steve Schmidt, Amazon’s chief security officer, tells WIRED. “Limited coverage means you can’t get through all of the software or you can’t get to all of the applications because you just don’t have enough humans. And then it’s great to do an analysis of a set of software, but if you don’t keep the detection systems themselves up to date with the changes in the threat landscape, you’re missing half of the picture.”

As part of scaling its use of ATA, Amazon developed special “high-fidelity” testing environments that are deeply realistic reflections of Amazon’s production systems, so ATA can both ingest and produce real telemetry for analysis.

The company’s security teams also made a point to design ATA so every technique it employs, and detection capability it produces, is validated with real, automatic testing and system data. Red team agents that are working on finding attacks that could be used against Amazon’s systems execute actual commands in ATA’s special test environments that produce verifiable logs. Blue team, or defense-focused agents, use real telemetry to confirm whether the protections they are proposing are effective. And anytime an agent develops a novel technique, it also pulls time-stamped logs to prove that its claims are accurate.

This verifiability reduces false positives, Schmidt says, and acts as “hallucination management.” Because the system is built to demand certain standards of observable evidence, Schmidt claims that “hallucinations are architecturally impossible.”

Lily Hay Newman

Source link

November 24, 2025
DoorDash breach exposes contact info for customers and workers

NEWYou can now listen to Fox News articles!

DoorDash confirmed a data breach that exposed personal details for a mix of customers, delivery workers and merchants. The stolen information included names, email addresses, phone numbers and physical addresses. The company said it has no evidence of fraud tied to the breach so far, but the event still raises concerns for anyone who uses the service.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

DoorDash says an employee fell for a social engineering scam that let an unauthorized party access basic contact information. (DoorDash)

How the DoorDash breach happened

The company traced the incident back to a social engineering attack. An employee fell for a lure that gave hackers access to DoorDash systems. Once the company spotted the breach, it shut down access, launched an investigation and notified law enforcement. DoorDash also directly notified users where required.

The company confirmed the incident exposed names, email addresses, phone numbers and physical addresses for some people in its system. (DoorDash)

Who was affected by the DoorDash breach

DoorDash said the breach impacted a mix of users across its platform. That includes customers, delivery workers and merchants. CyberGuy reached out to DoorDash and a representative provided the following statement to us:

“DoorDash recently identified and shut down a cybersecurity incident in which an unauthorized third party gained access to and took basic contact information for some users whose data is maintained by DoorDash. No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed. The information accessed varied by individual and was limited to names, phone numbers, email addresses, and physical addresses. We have deployed enhanced security measures, implemented additional employee training, and engaged an external cybersecurity firm to support our ongoing investigation. For more information, please visit our Help Center.”

LOOKING FOR A CHEAP CHEESEBURGER? 10 AMERICAN CITIES THAT DELIVER THE BEST MEAL DEALS

If you received an alert from the company, take steps to protect your information. If you use the app but did not get a notice, you should still follow the safety tips below because exposed contact information can lead to scams long after a breach.

DoorDash says no sensitive information was accessed and investigators found no signs of fraud or identity theft tied to the breach. (DoorDash)

How to protect yourself after the DoorDash breach

Even though payment data stayed protected, exposed contact details can still open the door to scams. You can lower your risk with a few smart steps that keep your information safer online.

1) Watch for phishing attempts

Scammers move fast after a breach. They often send fake alerts that look like real DoorDash messages. These emails or texts may claim you need to verify your account or update your payment details. Delete any message that asks for personal information or urges you to click a link. When in doubt, go straight to the official app instead of trusting a message.

2) Use a data removal service

Data brokers collect and resell personal details that scammers often exploit. A data removal service works to pull your information off those sites. This limits your exposure and makes it harder for criminals to target you. It is one of the easiest long-term steps you can take to protect your privacy.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Use strong passwords and a password manager

Stronger passwords give you better protection. Create unique passwords for every account so one breach cannot unlock your digital life. A password manager makes this easier by generating secure passwords and storing them safely. It also autofills them, so you spend less time typing.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Turn on multi-factor authentication

Multi-factor authentication (MFA) adds a simple barrier that blocks most break-in attempts. When you turn it on, you confirm each login with a code or app prompt. This keeps your account safe even if someone learns your password. Most major apps let you enable this setting in the Security section.

5) Use strong antivirus protection

Strong antivirus software shields you from malicious links and downloads. It scans files in real time and warns you when something looks dangerous. This gives you an extra layer of defense against phishing attempts that try to install malware.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

6) Review your account activity

It helps to check your DoorDash account for anything unusual. Look at your order history, saved addresses and payment methods. If something looks off, update your password and contact DoorDash support right away. Quick action can stop a small issue from turning into a bigger problem.

Kurt’s key takeaways

A breach like this reminds us how quickly cybercriminals can exploit a single mistake. DoorDash moved fast to cut off access and confirm the damage, but exposed contact information can still create risks. Staying alert and using basic security habits can help you avoid trouble.

CLICK HERE TO GET THE FOX NEWS APP

What concerns you most about companies holding your personal information, and how would you like them to handle incidents like this? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

November 24, 2025
How to stop Google AI from scanning your Gmail
NEWYou can now listen to Fox News articles!

Google shared a new update on Nov. 5, confirming that Gemini Deep Research can now use context from your Gmail, Drive and Chat. This allows the AI to pull information from your messages, attachments and stored files to support your research.

Some people view this as a convenience. They like the idea of faster answers and easier searches. If you feel that way, too, that is completely fine.

However, many people do not want AI scanning private messages or personal documents. If that sounds like you, there is good news. You can turn these features off with a few quick taps in Gmail.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

GOOGLE ISSUES WARNING ON FAKE VPN APPS

Google’s new update allows Gemini to scan Gmail. These steps help you take control of your privacy. (Kurt “CyberGuy” Knutsson)

Why this update matters

This feature gives Google permission to scan every email in your Gmail account. That includes personal notes, financial documents, tax files and any sensitive information in your inbox. AI looks for patterns to improve responses, but Google says Gmail content is not used to train the Gemini model and that no user settings were changed automatically.

Google also says that Gmail, Docs and Sheets are not used for AI training unless you directly give Gemini that content yourself.

While Google says the feature improves your experience, some users prefer more control. You may want privacy first and convenience second. If so, you can opt out today.

GOOGLE CHROME AUTOFILL NOW HANDLES IDS

How to stop AI from scanning your Gmail

You can turn this off directly in Gmail settings. Follow these steps:

Open Gmail to start the process of turning off AI features. (Kurt “CyberGuy” Knutsson)
- Tap the gear icon in the top right
Tap the gear icon to access your main Gmail settings. (Kurt “CyberGuy” Knutsson)

Select See all settings to reach the full menu. (Kurt “CyberGuy” Knutsson)
- Scroll until you find Smart Features
- Turn off Smart features by clicking it off.
Scroll until you find Smart features and personalization. (Kurt “CyberGuy” Knutsson)
- It will ask you to click “Turn off and reload.”
Turn off Smart features to reduce scanning across your inbox. (Kurt “CyberGuy” Knutsson)
- Now, scroll to Google Workspace smart features and click “Manage Workspace smart feature settings.”
Go to Google Workspace smart features for the next control. (Kurt “CyberGuy” Knutsson)
- Turn off both checkboxes and then click Save.
Turn off both checkboxes to stop extra data scanning. (Kurt “CyberGuy” Knutsson)
- A pop-up will appear in the bottom left-hand corner of the screen that says “Your preferences have been saved.”
Watch for the confirmation pop up that tells you the changes are active. (Kurt “CyberGuy” Knutsson)

Once you switch these off, Gmail stops scanning your messages for smart features or AI enhancements. This returns control to you.

What happens when you turn it off

After you disable these settings, features like smart email suggestions may stop working. That includes predictive text, automatic bill reminders and quick booking prompts. You can always turn them back on if you change your mind.

Turning these off does not break Gmail. Your inbox works the same. You simply gain more privacy while you use it.

Want a more private inbox?

If you’d rather keep your email fully separate from AI features, you may want to consider a privacy-focused email service. They don’t scan your messages or use your inbox to train any systems. Everything stays private and encrypted.

For people who want more control over their digital privacy, these private and secure email providers offer a straightforward way to keep email activity protected. They give you peace of mind knowing your messages aren’t being analyzed in the background.

For recommendations on private and secure email providers, visit Cyberguy.com.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Google’s newest update blends convenience with automation. It can simplify research by tapping into your Gmail, Drive and Chat. Still, many people want a clear boundary between AI tools and personal messages. With a few quick steps, you can keep your inbox private without losing access to core Gmail features. Just keep in mind: Google says Gmail content isn’t used to train Gemini unless you explicitly give that content to the AI.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you think AI tools should have access to your messages by default or should companies ask before scanning anything? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
November 24, 2025
Google issues warning on fake VPN apps

NEWYou can now listen to Fox News articles!

Google is sounding the alarm for Android users after uncovering a wave of fake VPN apps that sneak malware onto phones and tablets. These dangerous apps pose as privacy tools but hide info stealers, banking trojans and remote access malware designed to loot personal data.

More people are relying on VPNs to protect their privacy, secure home networks and shield personal information while using public Wi-Fi. Attackers know this demand is growing. They use it to lure users into downloading convincing VPN lookalikes that contain hidden malware.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Fake VPN apps are spreading across Android devices by posing as trusted privacy tools. (iStock)

How fake VPN apps lure users

Cybercriminals create malicious VPN apps that impersonate trusted brands. They use sexually suggestive ads, geopolitical headlines or fake privacy claims to push people into quick downloads. Google says many of these campaigns run across app stores and shady websites.

DELETE THE FAKE VPN APP STEALING ANDROID USERS’ MONEY

Once installed, these apps inject malware that steals passwords, messages and financial details. Attackers can hijack accounts, drain bank balances or lock devices with ransomware. Some campaigns even use professional ad creatives and influencer-style promotions to appear legitimate.

Scammers now use AI tools to design ads, phishing pages and fake brands with alarming speed. This gives them the power to reach large groups of victims with very little effort.

Why malicious VPN apps are spreading

Fake VPN apps remain one of the most effective tools for attackers. These apps request sensitive permissions and often run silently in the background. Once active, they can collect browsing data, cryptocurrency wallet details or private messages.

According to Google, the most dangerous apps pretend to be known enterprise VPNs or premium privacy tools. Many promote themselves through adult ads, push notifications and cloned social media accounts.

How to recognize a genuine VPN app

Google recommends installing VPN services only from trusted sources. In Google Play, legitimate VPNs include a verified VPN badge to show that the app passed an authenticity check.

A real VPN will never ask for access to your contacts, photos or private messages. It will not ask you to sideload updates or follow outside links for installation.

Be careful with free VPN claims. Many free privacy tools rely on excessive data collection or hide malware inside downloadable files.

Ways to stay safe from fake VPN apps

Staying ahead of these fake VPN scams starts with a few smart habits that make your device much harder for attackers to target.

1) Download only from official app stores

Stick to the Google Play Store. Avoid links from ads, pop-ups or messages that try to rush you. Many fake VPN campaigns depend on off-platform downloads because they cannot pass the Play Store security checks.

2) Look for the VPN badge in Google Play

Google now includes a special VPN badge that verifies an app has passed an authenticity review. This badge confirms that the developer followed strict guidelines and that the app went through additional screening.

If you want a reliable VPN that has already been vetted for security and performance, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Use a data removal service

Malicious VPN apps often target information already floating around the web, including your email, phone number and personal details exposed through data brokers. A trusted data removal service can help pull your information from people-search sites and broker databases, which reduces the amount of data scammers can use against you. This limits the damage if a fake VPN app steals your info or if attackers try to match stolen data with public records to build convincing scams.

CAN YOU BE TRACKED WHEN USING A VPN?

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Once installed, these lookalike VPN apps steal passwords, messages and financial details. (iStock)

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Turn on Google Play Protect and use a strong antivirus software

Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all emerging malware from Android devices.

Settings may vary depending on your Android phone’s manufacturer

How to turn it on: Open Google Play Store → Tap your profile icon → Select Play Protect → Tap Settings → Turn on Scan apps with Play Protect → Turn on Improve harmful app detection.

While Google Play Protect offers a helpful first layer of defense, it is not a full antivirus. A strong antivirus software adds another layer of protection. It can block malicious downloads, detect hidden malware and warn you when an app acts in unusual ways. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

5) Review app permissions carefully

A genuine VPN only needs network-related permissions. If a VPN asks for access to photos, contacts or messages, treat it as a major warning sign. Restrict permissions when possible.

6) Avoid sideloading apps from unknown sources

Sideloaded apps bypass Google’s security filters. Attackers often hide malware inside APK files or update prompts that promise extra features. If you’re unfamiliar with the term, sideloading means installing apps outside the Google Play Store, usually by downloading a file from a website, email or message. These apps never go through Google’s safety checks, which makes them far riskier to install.

7) Watch for aggressive ads and scare tactics

Fake VPN ads often claim your device is already infected or that your connection is not secure. Real privacy apps do not use panic-based marketing.

8) Research the developer before downloading

Look up the developer’s website and reviews. A legitimate VPN provider will have a clear privacy policy, customer support and a consistent history of app updates.

9) Be skeptical of anything labeled free

Free VPNs often rely on risky data practices or hide malware. If a service promises premium features at no cost, question how it pays its bills.

DO YOU NEED A VPN AT HOME? HERE ARE 10 REASONS YOU DO

10) Avoid recovery scams after an attack

If someone contacts you claiming they can recover stolen money, cut contact. Real agencies never demand upfront fees and never request remote access to your device.

11) Keep your device updated

Install security patches as soon as they appear. Updates protect your phone from malware strains that rely on old software vulnerabilities.

Scammers now use AI-generated ads and fake brands to trick you into quick downloads. (Kurt “CyberGuy” Knutsson)

Kurt’s key takeaways

Fake VPN apps are becoming a major threat to Android users as scammers exploit the rising demand for privacy tools and home network security. Attackers hide behind familiar logos, aggressive ads and AI-powered campaigns to push apps that steal data the moment you install them. Staying safe requires careful downloading habits, attention to permissions and a healthy amount of skepticism toward anything that claims instant privacy or premium features for free.

Do you think Google should do more to block fake VPN apps in the Play Store? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

November 23, 2025
US Border Patrol Is Spying on Millions of American Drivers

Eight years after a researcher warned WhatsApp that it was possible to extract user phone numbers en masse from the Meta-owned app, another team of researchers found that they could still do exactly that using a similar technique. The issue stems from WhatsApp’s discovery feature, which allows someone to enter a person’s phone number to see if they’re on the app. By doing this billions of times—which WhatsApp did not prevent—researchers from the University of Vienna uncovered what they’re calling “the most extensive exposure of phone numbers” ever.

Vaping is a major problem in US high schools. But is the solution to spy on students in the bathroom? An investigation by The 74, copublished with WIRED, found that schools around the country are turning to vape detectors in an effort to crack down on nicotine and cannabis consumption on school grounds. Some of the vape detectors go far beyond detecting vapor by including microphones that are surprisingly accurate and revealing. While few defend addiction and drug use, even non-vapers say the added surveillance and the punishments that result go too far.

Don’t look now, but that old networking equipment your company hasn’t thought about in years may jump out and bite you. Tech giant Cisco this week launched a new initiative, warning companies that AI tools are making it increasingly simple for attackers to find vulnerabilities in outdated and unpatched networking infrastructure. The message: Upgrade or else.

If you’ve ever attended a conference, you probably worried about getting sick in the cesspools that are a conference center. But one hacker conference in New Zealand, Kawaiicon, invented a novel way to keep attendees a little bit safer. By tracking the CO₂ levels in each conference room, Kawaiicon’s organizers were able to create a real-time air-quality monitoring system, which would tell people which rooms were safe and which seemed … gross. The project brings new meaning to antivirus monitoring.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The US Border Patrol is operating a predictive-intelligence program that monitors millions of American drivers far beyond the border, according to a detailed investigation by the Associated Press. A network of covert license-plate readers—often hidden inside traffic cones, barrels, and roadside equipment—feeds data into an algorithm that flags “suspicious” routes, quick turnarounds, and travel to and from border regions. Local police are then alerted, resulting in traffic stops for minor infractions like window-tint violations, air fresheners, or marginal speeding. AP reviewed police records showing that drivers were questioned, searched, and sometimes arrested despite no contraband being found.

Internal group chats obtained through public-records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car status, home addresses, and social media details of US citizens in real time while coordinating what officers call “whisper stops” to obscure federal involvement. The AP identified plate-reader sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that capture traffic headed toward Chicago and Gary. Border Patrol also taps DEA plate-reader networks and has, at various times, accessed systems run by Rekor, Vigilant Solutions, and Flock Safety.

CBP says the program is governed by “stringent” policies and constitutional safeguards, but legal experts told AP that its scale raises new Fourth Amendment concerns. A UC Law San Francisco official said the system amounts to a “dragnet” tracking Americans’ movements, associations, and daily routines.

Microsoft claims to have mitigated the largest distributed denial-of-service (DDoS) attack ever recorded in a cloud environment—a 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says The attack “originated from the Aisuru botnet,” a Turbo-Mirai–class IoT network of compromised home routers, cameras, and other consumer devices. More than 500,000 IP addresses are said to have participated, generating a massive DDoS attack with little spoofing. Microsoft says its global Azure DDoS Protection network absorbed the traffic without service disruption. Microsoft described the attack as the “the largest DDoS ever observed in the cloud,” emphasizing the single endpoint; however, Cloudflare also recently reported a 22.2 Tbps flood, naming it the largest DDoS attack ever seen.

Researchers note that Aisuru has recently launched multiple attacks exceeding 20 Tbps and is expanding its capabilities to include credential stuffing, AI-driven scraping, and HTTPS floods via residential proxies.

The US Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CISO, Tim Brown, ending a long-running case over the company’s 2020 supply-chain hack, in which Russian SVR operatives allegedly compromised SolarWinds’ Orion software and triggered widespread breaches across government and industry. The agency’s lawsuit—filed in 2023 and centered on alleged fraud and internal-control failures—had already been mostly dismantled by a federal judge in 2024. SolarWinds called the full dismissal a vindication of its argument that its disclosures and conduct were appropriate and said it hopes the outcome eases concerns among CISOs about the case’s potential chilling effect.

Law enforcement records show that the FBI accessed messages from a private Signal group used by New York immigration court-watch activists—a network that coordinates volunteers monitoring public hearings at three federal immigration courts. According to a two-page FBI/NYPD “joint situational information report” dated August 28, 2025, agents quoted chat messages, labeled the nonviolent court watchers as “anarchist violent extremist actors,” and circulated the assessment nationwide. The report did not explain how the FBI penetrated an encrypted Signal group, but it claimed the information came from a “sensitive source with excellent access.”

The documents, first reported by the Guardian, were original obtained by the government-transparency group Property of the People. They describe activists discussing how to enter courtrooms, film officers, and gather identifying details of federal personnel, but provide no evidence to support the FBI’s allegation that a member previously advocated violence. A separate set of records—also obtained by the group—shows the bureau framed ordinary observation of public immigration hearings as a potential threat, even as Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates call “deportation traps.” Civil liberties experts told the paper that the surveillance mirrors earlier FBI campaigns targeting lawful dissent and risks chilling protected political activity.

Dell Cameron, Andrew Couts

Source link

November 22, 2025
‘I was in a headlock’: 14-year-old boy recovering after violent attack at Pleasant Grove High School

A violent attack at Pleasant Grove High School in Elk Grove sent a 14-year-old boy to the hospital after he was assaulted by a group of students, resulting in the arrest of four students. Hunter, who didn’t want to share his last name, said that it all started over a girl he used to date, who he said then dated one of the alleged attackers. “I just got out of class and then I just see that group of kids coming towards me,” Hunter said. He described how one of the students approached him while yelling and punched him. He said as he took off his backpack and tried to defend himself, three other students joined in the attack. “More kids started going in and I was in a headlock. And then, I got thrown to the floor and, like, this kid is like, three times my size, and he’s like sitting on me, throwing punches at me and then another kid joins in, kicks me and starts hitting me,” he said.Screenshots from a video sent to Hunter’s father by the Elk Grove Police Department show the fight ending with Hunter face down on the ground as a teacher intervened. “I literally got full-on stomped into concrete like face down,” Hunter said. “I’m just laying on the floor. I’m not even fighting back.”The four students involved, all 14 years old, were arrested on assault charges and taken to juvenile hall, according to the Elk Grove Police Department. Hunter was taken to the hospital following the attack, where he was treated for his injuries, including a concussion. “He told me he’s like, ‘Dad I could have been killed. I could be paralyzed. I couldn’t play football anymore,’” Sean, Hunter’s father, said. While Hunter is expected to recover, his father said he wished more had been done sooner. “It just blows my mind that where’s security? You know, there’s teachers there,” he said.The school principal sent a message to families on Thursday, stating that school staff and security responded immediately to de-escalate the situation and emphasized that safety is their top priority. “Today, an altercation occurred on campus involving several students. School staff, along with EGUSD Safety and Security, responded immediately to de-escalate the situation and ensure the safety of all students. Due to the nature of the incident, law enforcement was called as a precautionary measure.Thanks to the swift and coordinated actions of our staff, the situation was contained. School administration, law enforcement, and support staff are actively following up with the students involved and have contacted their parents/guardians directly,” the message reads.However, Hunter said he does not feel safe. “I got jumped twice in the same month,” he said. Now, his father is considering pulling him out of Pleasant Grove High School. “What’s going on at the school with social media, the violence, the just the kids getting off on it, like thinking it’s like it’s entertainment at school these days. It’s just, it blows my mind,” he said.Elk Grove Unified School District is investigating the incident.See more coverage of top California stories here | Download our app | Subscribe to our morning newsletter | Find us on YouTube here and subscribe to our channel

ELK GROVE, Calif. —

A violent attack at Pleasant Grove High School in Elk Grove sent a 14-year-old boy to the hospital after he was assaulted by a group of students, resulting in the arrest of four students.

Hunter, who didn’t want to share his last name, said that it all started over a girl he used to date, who he said then dated one of the alleged attackers.

“I just got out of class and then I just see that group of kids coming towards me,” Hunter said.

He described how one of the students approached him while yelling and punched him. He said as he took off his backpack and tried to defend himself, three other students joined in the attack.

“More kids started going in and I was in a headlock. And then, I got thrown to the floor and, like, this kid is like, three times my size, and he’s like sitting on me, throwing punches at me and then another kid joins in, kicks me and starts hitting me,” he said.

Screenshots from a video sent to Hunter’s father by the Elk Grove Police Department show the fight ending with Hunter face down on the ground as a teacher intervened.

“I literally got full-on stomped into concrete like face down,” Hunter said. “I’m just laying on the floor. I’m not even fighting back.”

The four students involved, all 14 years old, were arrested on assault charges and taken to juvenile hall, according to the Elk Grove Police Department.

Hunter was taken to the hospital following the attack, where he was treated for his injuries, including a concussion.

“He told me he’s like, ‘Dad I could have been killed. I could be paralyzed. I couldn’t play football anymore,’” Sean, Hunter’s father, said.

While Hunter is expected to recover, his father said he wished more had been done sooner.

“It just blows my mind that where’s security? You know, there’s teachers there,” he said.

The school principal sent a message to families on Thursday, stating that school staff and security responded immediately to de-escalate the situation and emphasized that safety is their top priority.

“Today, an altercation occurred on campus involving several students. School staff, along with EGUSD Safety and Security, responded immediately to de-escalate the situation and ensure the safety of all students. Due to the nature of the incident, law enforcement was called as a precautionary measure.

Thanks to the swift and coordinated actions of our staff, the situation was contained. School administration, law enforcement, and support staff are actively following up with the students involved and have contacted their parents/guardians directly,” the message reads.

However, Hunter said he does not feel safe.

“I got jumped twice in the same month,” he said.

Now, his father is considering pulling him out of Pleasant Grove High School.

“What’s going on at the school with social media, the violence, the just the kids getting off on it, like thinking it’s like it’s entertainment at school these days. It’s just, it blows my mind,” he said.

Elk Grove Unified School District is investigating the incident.

See more coverage of top California stories here | Download our app | Subscribe to our morning newsletter | Find us on YouTube here and subscribe to our channel

Source link

November 21, 2025
OpenAI Locks Down San Francisco Offices Following Alleged Threat From Activist

OpenAI employees in San Francisco were told to stay inside the office on Friday afternoon after the company purportedly received a threat from an individual who was previously associated with the Stop AI activist group.

“Our information indicates that [name] from StopAI has expressed interest in causing physical harm to OpenAI employees,” a member of the internal communications team wrote on Slack. “He has previously been on site at our San Francisco facilities.”

Just before 11 am, San Francisco police received a 911 call about a man allegedly making threats and intending to harm others at 550 Terry Francois Boulevard, which is near OpenAI’s offices in the Mission Bay neighborhood, according to data tracked by the crime app Citizen. A police scanner recording archived on the app describes the suspect by name and alleges he may have purchased weapons with the intention of targeting additional OpenAI locations.

Hours before the incident on Friday, the individual who police flagged as allegedly making the threat said he was no longer part of Stop AI in a post on social media.

WIRED reached out to the man in question but did not immediately receive a response. San Francisco police also did not immediately respond to a request for comment. OpenAI did not provide a statement prior to publication.

On Slack, the internal communications team provided three images of the man suspected of making the threat. Later, a high-ranking member of the global security team said “At this time, there is no indication of active threat activity, the situation remains ongoing and we’re taking measured precautions as the assessment continues.” Employees were told to remove their badges when exiting the building and to avoid wearing clothing items with the OpenAI logo.

Over the past couple of years, protestors affiliated with groups calling themselves Stop AI, No AGI, and Pause AI have held demonstrations outside the San Francisco offices of several AI companies, including OpenAI and Anthropic, over concerns that the unfettered development of advanced AI could harm humanity. In February, protestors were arrested for locking the front doors to OpenAI’s Mission Bay office. Earlier this month, StopAI claimed its public defender was the man who jumped onstage to subpoena OpenAI CEO Sam Altman during an onstage interview in San Francisco.

In a Pause AI press release from last year, the individual who police said was alleged to have made the threat against OpenAI staffers is described as an organizer and quoted as saying that he would find “life not worth living” if AI technologies were to replace humans in making scientific discoveries and taking over jobs. “Pause AI may be viewed as radical amongst AI people and techies,” he said. “But it is not radical amongst the general public, and neither is stopping AGI development altogether.”

Zoë Schiffer, Maxwell Zeff, Paresh Dave

Source link

November 21, 2025
Fake ChatGPT apps are hijacking your phone without you knowing

NEWYou can now listen to Fox News articles!

App stores are supposed to be reliable and free of malware or fake apps, but that’s far from the truth. For every legitimate application that solves a real problem, there are dozens of knockoffs waiting to exploit brand recognition and user trust. We’ve seen it happen with games, productivity tools and entertainment apps. Now, artificial intelligence has become the latest battleground for digital impostors.

The AI boom has created an unprecedented gold rush in mobile app development, and opportunistic actors are cashing in. AI-related mobile apps collectively account for billions of downloads, and that massive user base has attracted a new wave of clones. They pose as popular apps like ChatGPT and DALL·E, but in reality, they conceal sophisticated spyware capable of stealing data and monitoring users.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

OPENAI ACCUSES NY TIMES OF WANTING TO INVADE MILLIONS OF USERS’ PRIVACY IN PAPER’S LAWSUIT AGAINST TECH GIANT

Fake AI apps pose as trusted tools like ChatGPT and DALL·E while secretly stealing user data. (Kurt “CyberGuy” Knutsson)

What you need to know about the fake AI apps

The fake apps flooding app stores exist on a spectrum of harm, and understanding that range is crucial before you download any AI tools. Take the “DALL·E 3 AI Image Generator” found on Aptoide. It presents itself as an OpenAI product, complete with branding that mimics the real thing. When you open it, you see a loading screen that looks like an AI model generating an image. But nothing is actually being generated.

Network analysis by Appknox showed the app connects only to advertising and analytics services. There’s no AI functionality, just an illusion designed to collect your data for monetization.

Then there are apps like WhatsApp Plus, which are far more dangerous. Disguised as an upgraded version of Meta’s messenger, this app hides a complete malware framework capable of surveillance, credential theft and persistent background execution. It’s signed with a fake certificate instead of WhatsApp’s legitimate key and uses a tool often used by malware authors to encrypt malicious code.

Once installed, it silently requests extensive permissions, including access to your contacts, SMS, call logs, device accounts and messages. These permissions allow it to intercept one-time passwords, scrape your address book and impersonate you in chats. Hidden libraries keep the code running even after you close the app. Network logs show it uses domain fronting to disguise its traffic behind Amazon Web Services and Google Cloud endpoints.

Not every clone is malicious. Some apps identify themselves as unofficial interfaces and connect directly to real APIs. The problem is that you often can’t tell the difference between a harmless wrapper and a malicious impersonator until it’s too late.

Clones hide spyware that can access messages, passwords and contacts. (Kurt “CyberGuy” Knutsson)

Users and businesses are equally at risk

The impact of fake AI apps goes far beyond frustrated users. For enterprises, these clones pose a direct threat to brand reputation, compliance and data security.

When a malicious app steals credentials while using your brand’s identity, customers don’t just lose data but also lose trust. Research shows customers stop buying from a brand after a major breach. The average cost of a data breach now stands at 4.45 million dollars, according to IBM’s 2025 report. In regulated sectors like finance and healthcare, such breaches can lead to violations of GDPR, HIPAA and PCI-DSS, with fines reaching up to 4% of global turnover.

These impostors harm both users and brands, leading to costly data breaches and lost trust. (Kurt “CyberGuy” Knutsson)

8 steps to protect yourself from fake AI apps

While the threat landscape continues to evolve, there are practical measures you can take to protect yourself from malicious clones and impersonators.

1) Install reputable antivirus software

A quality mobile security solution can detect and block malicious apps before they cause damage. Modern antivirus programs scan apps for suspicious behavior, unauthorized permissions and known malware signatures. This first line of defense is especially important as fake apps become more sophisticated in hiding their true intentions.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

2) Use a password manager

Apps like WhatsApp Plus specifically target credentials and can intercept passwords typed directly into fake interfaces. A password manager autofills credentials only on legitimate sites and apps, making it significantly harder for impostors to capture your login information through phishing or fake app interfaces.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

3) Consider identity theft protection services

Given that malicious clones can steal personal information, intercept SMS verification codes and even impersonate users in chats, identity theft protection provides an additional safety net. These services monitor for unauthorized use of your personal information and can alert you if your identity is being misused across various platforms and services.

Identity theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

PROTECTING KIDS FROM AI CHATBOTS: WHAT THE GUARD ACT MEANS

4) Enable two-factor authentication everywhere

While some sophisticated malware can intercept SMS codes, 2FA still adds a critical layer of security. Use authenticator apps rather than SMS when possible, as they’re harder to compromise. Even if a fake app captures your password, 2FA makes it significantly more difficult for attackers to access your accounts.

5) Keep your device and apps updated

Security patches often address vulnerabilities that malicious apps exploit. Regular updates to your operating system and legitimate apps ensure you have the latest protections against known threats. Enable automatic updates when possible to stay protected without having to remember manual checks.

6) Download only from official app stores

Stick to the Apple App Store and Google Play Store rather than third-party marketplaces. While fake apps can still appear on official platforms, these stores have security review processes and are more responsive to removing malicious applications once they’re identified. Third-party app stores often have minimal or no security vetting.

7) Verify the developer before downloading

Check the developer name carefully. Official ChatGPT apps come from OpenAI, not random developers with similar names. Look at the number of downloads, read recent reviews and be suspicious of apps with few ratings or reviews that seem generic. Legitimate AI tools from major companies will have verified developer badges and millions of downloads.

8) Use a data removal service

Even if you avoid downloading fake apps, your personal information may already be circulating on data broker sites that scammers rely on. These brokers collect and sell details like your name, phone number, home address and app usage data, information that cybercriminals can use to craft convincing phishing messages or impersonate you.

A trusted data removal service scans hundreds of broker databases and automatically submits removal requests on your behalf. Regularly removing your data helps reduce your digital footprint, making it harder for malicious actors and fake app networks to target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

The AI boom has driven massive innovation, but it has also opened new attack surfaces built on brand trust. As adoption grows across mobile platforms, enterprises must secure not only their own apps but also track how their brand appears across hundreds of app stores worldwide. In a market where billions of AI app downloads have happened, the clones aren’t coming. They’re already here, hiding behind familiar logos and polished interfaces.

Have you ever downloaded a fake AI app without realizing it? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Source link

November 21, 2025
Craigslist car report scam targets vehicle sellers
NEWYou can now listen to Fox News articles!

Selling your car online should be simple. Lately, though, more sellers are running into fake “vehicle report” demands from so-called buyers. The pitch looks routine, yet it leads straight to a payment page on a site you don’t know.

We heard from Nick K. of Washington, who spotted the pattern in real time.

“In trying to sell a car, it has become apparent that there is a scam related to CarFax-type reports,” Nick wrote in an email to us. “The way it works is a guy texts or emails saying they are interested in your car, but they say they must have a car report from a specific service. At first, I thought it was just a way for a guy to sell more reports, but after thinking about it for a while, it seems like it could be a great way to harvest credit card numbers, etc. I have not been a victim of this, but in the course of selling a car recently, I had several instances of this. There are several warning signs: ‘Will you accept cash?’ Questions indicating they have not read the ad. Offering more than the ad asks for. Short nonsensical first contact. These are just the usual signs I am looking for when I am trying to decide if someone responding to a Craigslist or FB ad is legit.”

Nick’s instincts are spot on. This Craigslist car report scam has been spreading across Craigslist, Facebook Marketplace and other online classifieds.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

CONNECTICUT MAN LOSES LIFE SAVINGS IN CRYPTO SCAM

Scammers posing as buyers on Craigslist are asking sellers to buy fake “vehicle history reports” from fraudulent sites. (Kurt “CyberGuy” Knutsson)

How the Craigslist car report scam works

This scam often starts with a message that looks completely normal. A supposed buyer texts asking something like, “1985 F150 Available?” and quickly follows up with friendly but vague questions such as, “OK, I’m interested in seeing it. When and where would be good for you?”

Once you respond, the “buyer” develops just enough rapport to sound legitimate. Then comes the setup. The “buyer” says he is serious about purchasing but wants to see a detailed ASR report first, something most sellers have never heard of.

That’s exactly what happened to Nick K. After he shared the Craigslist link and vehicle details, the fake buyer sent this reply:

“Auto Smart Report, here’s the link you can get the papers from. Oh, I forgot to ask for your name? I’m Richard. Will you accept a cash payment? Let me know.”

It sounds harmless, even reassuring. But the scam hinges on getting you to click that link. The site looks professional, promising a “Complete Vehicle History at Your Fingertips.” Yet once you enter your information, you’re not buying a report; you’re handing over your credit card details and personal data to criminals.

When the seller, in this case, pushed back, the scammer doubled down with more pressure tactics.

“If you can show me the Auto Smart Report, that would be great, as it’s the most reliable and complete report. My offer to you is $7,000. I have no issue with that.” Notice the scammer just increased the amount that he is willing to pay for the vehicle by $500.

They’ll say anything to keep you engaged and make the transaction sound routine. But the moment you pay for the fake report, the buyer disappears. His only goal is to harvest your financial information, not purchase your vehicle.

INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU

Behind the friendly text messages, these fake buyers are after your payment info, not your vehicle. (Kurt “CyberGuy” Knutsson)

Warning signs to watch for
- Requests for unknown report names like “ASR”
- Messages that ignore your ad details
- Offers above your asking price
- Phrases like “will you accept cash?” or “I just need to see a report first”
- Demands for a specific site instead of accepting a Carfax, AutoCheck or NMVTIS report
- Generic greetings like “dear,” “brother” or “friend”
If you see two or more of these at once, treat the lead as suspicious.

TOP 5 OVERPAYMENT SCAMS TO AVOID

These convincing messages often include phrases like “I just need to see an ASR report first” or “will you accept cash?” to appear legitimate. (Kurt “CyberGuy” Knutsson)

How to stay safe from Craigslist car report scams

Even the most convincing buyer could turn out to be a scammer, but these smart moves can help you stay safe, protect your money and keep your personal data out of the wrong hands.

1) Do not click buyer-sent links, and use strong antivirus software

Avoid clicking any link sent through text, email or messaging apps. These often lead to phishing sites or hidden malware downloads. Keep your devices protected with strong antivirus software. Run regular scans and keep your software updated to block new threats.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

2) Never enter payment info on unfamiliar sites

If a buyer insists you use a website you’ve never heard of, stop immediately. Always verify a site’s legitimacy before sharing any financial or personal details.

3) Use a data removal service

Consider a data removal service to remove your personal details from data broker sites. This limits how easily scammers can find and target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Use trusted report services

Stick to established names like Carfax, AutoCheck or NMVTIS. These are widely recognized and accepted by real buyers.

5) Share your VIN in the ad

Including your vehicle’s VIN lets genuine buyers run their own reports safely without needing your involvement.

6) Block and report scammers

Report suspicious messages directly to the platform and to the FTC at reportfraud.ftc.gov. Sharing details helps others stay safe.

7) If you paid on a fake site

Contact your bank right away, cancel the card and monitor your account for unauthorized charges. Quick action can prevent further loss.

8) Meet smart and stay cautious

When meeting a buyer, choose a public place with security cameras. Bring a friend, keep your phone charged and document all communication.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

This scam works because a vehicle report sounds routine. A fake buyer pushes you to a site you’ve never heard of, then applies pressure to act fast. Slow down, verify and stick to well-known services. Real buyers will accept a report you provide or will run one themselves. You can still sell safely on marketplaces by following a few simple rules. Control the process, choose the report source and avoid links sent by strangers. Thanks to readers like Nick, more sellers can spot the trap before any money or data is at risk.

Have you seen buyers pushing odd report sites when you sell online? What tipped you off first? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
November 20, 2025
Security startup Guardio nabs $80M from ION Crossover Partners | TechCrunch

The Internet today has a new worry. Alongside vibe coding tools, and the codebases, sites and apps built with them, security issues and blind spots have proliferated, too.

Cybersecurity company Guardio is taking aim at a fresh market born amid this flux: finding malicious code written using AI tools. The company says it has found that with AI tools, malicious actors now find it easier than ever to build scam and phishing sites as well as the infrastructure needed to run them.

Now, Guardio is leveraging its experience building browser extensions and apps that scan for malicious and phishing sites to build a tool that looks for artifacts in code and websites made with vibe coding tools.

It’s already found a buyer. Earlier this month, Lovable announced a partnership with Guardio to scan all websites made on its platform and weed out the ones that may pose threats to users. The deal came after a report highlighted that several sites built on Lovable had gaping security holes.

“Everyone is racing for innovation and market capture. But security is kind of an afterthought. And not many AI tools are partnering with any cybersecurity company to make sure that content generated on their platform is secured and used for good,” Michael Vainshtein, the startup’s CTO, told TechCrunch.

To fund its expansion, the company has raised $80 million in a new institutional funding round led by ION Crossover Partners. Existing backers Union Tech Ventures, Vintage Investment Partners, and Emerge also invested.

Image Credits: Guardio

Guardio, founded in 2018 by Vainshtein, CEO Amos Peled, and chief architect Daniel Sirota, did not disclose its exact valuation, but it did say that it has tripled its valuation since its previous fundraise: a $47 million round led by Tiger Global in 2021. The company, however, said it doesn’t consider itself a unicorn yet.

Techcrunch event

San Francisco
|
October 13-15, 2026

Guardio started out as a browser extension that would monitor malicious sites and alert users about data leaks. Since then, it has added phishing protection, and built mobile apps that offer identity management, spam filtering, and scam protection. The company says today it has 500,000 paying users, and claims it reached $100 million in annual recurring revenue this year.

Guardio is also launching new visibility features to tell users more about what documents they have shared publicly, and if they have any sensitive information, along with notifying you of accounts that don’t have multi-factor authentication. The startup said these features are based on enterprise Data Loss Prevention and SaaS Security Posture Management products.

“We use so many services, and our data is so fragmented with so many security settings to deal with. We feel every consumer is an enterprise in itself,” Vainshtein said. “While we don’t want them to become security officers of their accounts, we want to offer capabilities of visibility into their accounts that enterprises have.”

The startup said it is working to let users plug its tool into Outlook and Facebook to surface more details on the security risks users might face in relation to these accounts.

Peled noted that next year, the startup plans to bring some of the new visibility features to its free subscription plan.

Gilad Shany, founder and partner at ION Crossover, said that the investment firm had been monitoring the company for years, and even though Guardio was not actively fundraising, ION started a conversation with the company last year.

“We have been investors in both the cyber and consumer markets, and have had multiple successful IPOs and exits. Guardio is the first company we invest in at the intersection of these two markets – having a team that can lead best-in-class cyber product innovation, while having intimate knowledge about how to scale a direct-to-consumer business,” Shany said.

Ivan Mehta

Source link

November 19, 2025
Hyundai AutoEver America breached: Know the risks to you
NEWYou can now listen to Fox News articles!

Hyundai AutoEver America discovered on March 1, 2025, that hackers had compromised its systems. Investigators found the intrusion began on February 22 and continued until March 2.

Hyundai AutoEver America (HAEA) provides IT services for Hyundai Motor America, including systems that support employee operations and certain connected-vehicle technologies. While the company works across Hyundai’s broader ecosystem, this incident did not involve customer or driver data.

According to the statement provided to CyberGuy, the breach was limited to employment-related information tied to Hyundai AutoEver America and Hyundai Motor America. The company confirmed that about 2,000 current and former employees were notified of the incident in late October. HAEA said it immediately alerted law enforcement and hired outside cybersecurity experts to assess the damage.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Cybercriminals targeted Hyundai AutoEver America’s systems, exposing sensitive data. (Kurt “CyberGuy” Knutsson)

Why this Hyundai AutoEver America breach matters

The exposed data reportedly includes names, Social Security numbers and driver’s license numbers, making this breach far more serious than one involving passwords alone. Experts warn that these details can be used for long-term identity theft and financial fraud. Because Social Security numbers cannot easily be changed, criminals have more time to create fake identities, open fraudulent accounts and launch targeted phishing attacks long after the initial breach.

Experts warn that stolen Social Security and driver’s license information could be used for identity theft and fraud. (Kurt “CyberGuy” Knutsson)

Who was affected in the Hyundai AutoEver America data incident

AEA manages select IT systems tied to Hyundai Motor America’s employee operations, along with broader technology functions for Hyundai and Genesis across North America. Its role includes supporting connected-vehicle infrastructure and dealership systems.

According to the company, this incident was limited to employment-related data and primarily affected approximately 2,000 current and former employees of Hyundai AutoEver America and Hyundai Motor America. No customer information or Bluelink driver details were exposed. While some filings reference sensitive data types such as Social Security numbers or driver’s license information, the incident did not involve Hyundai customers or the millions of connected vehicles HAEA supports.

Earlier reports suggested that 2.7 million individuals were affected, but Hyundai says that figure is unrelated to the breach. Instead, 2.7 million is the estimated number of connected vehicles that Hyundai AutoEver America helps support across North America. None of that consumer or vehicle data was accessed.

GENESIS PREVIEWS G70 SPORTS SEDAN WITH NEW YORK CONCEPT

Hyundai also clarified that the United States has about 850 Hyundai dealerships and emphasized that the scope of this incident was narrow and contained.

We reached out to HAEA for a comment, and a representative for the company provided CyberGuy with this statement:

“Hyundai AutoEver America, an IT vendor that manages certain Hyundai Motor America employee data systems, experienced an incident to that area of business that impacted employment-related data and primarily affected current and former employees of Hyundai AutoEver America and Hyundai Motor America. Approximately 2,000 primarily current and former employees were notified of the incident. The 2.7 million figure that is cited in many media articles has no relation to the actual security incident. The 2.7 million figure represents the alleged total number of connected vehicles that may be supported by Hyundai AutoEver America across North America. No Hyundai consumer data was exposed, and no Hyundai Motor America customer information or Bluelink driver data was compromised.”

Scammers may now pose as company representatives, contacting people to steal more personal details. (Kurt “CyberGuy” Knutsson)

What you should do right now
- Monitor your bank, credit card and vehicle-related accounts for suspicious activity.
- Check for a notification letter from Hyundai AutoEver America or your car brand.
- Enroll in the two years of complimentary credit monitoring offered by HAEA if you qualify.
- Enable multi-factor authentication (MFA) on all important accounts, including those tied to your vehicle.
- Be cautious of emails, texts or calls claiming to be from Hyundai, Kia or Genesis. Always verify through official websites.
Smart ways to stay safe after the Hyundai AutoEver America breach

Whether you were directly affected or just want to stay alert, this breach is a reminder of how important it is to protect your personal information. Follow these practical steps to keep your data secure and reduce the risk of identity theft or scams.

HYUNDAI TO RECALL GENESIS CARS TO FIX BRAKES

1) Freeze or alert your credit

Contact major credit bureaus — Experian, TransUnion and Equifax — to set a fraud alert or freeze. This helps block new accounts from being opened in your name.

2) Protect your vehicle apps

If you use apps tied to your vehicle, update passwords and enable multi-factor authentication. Avoid saving login details in unsecured places. Also, consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

3) Watch for fake support messages

Scammers may use news of the Hyundai AutoEver America breach as a way to contact Hyundai, Kia or Genesis owners, pretending to be from customer support or the dealership. They might claim to help verify your account, update your information or fix a security issue. Do not share personal details or click any links. Type the brand’s web address directly into your browser instead of clicking links in messages or emails. Always confirm through the official brand website or by calling the verified customer service number.

4) Use strong antivirus protection

Using strong antivirus software helps block phishing links, malware downloads and fake websites that might appear after a data breach. It can also scan your devices for hidden threats that may try to steal login data or personal files.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Use a data removal service

Data removal tools automatically find and delete your personal information from people-search and data-broker sites. These services reduce the chances that criminals will use leaked data to target you with phishing or social-engineering scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Monitor your digital footprint

Consider using identity monitoring services to track your personal information and detect possible misuse early.

Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

7) Keep your devices updated

Regularly install security updates on your phone, laptop and smart car systems to reduce the risk of further attacks.

8) Report suspicious activity the right way

If you notice unusual account activity, fraudulent charges, or suspicious messages that appear tied to this breach, report it immediately. Start by contacting your bank or credit card provider to freeze or dispute any unauthorized transactions. Then, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov, where you can create an official recovery plan. If you suspect a scam message or call, forward phishing emails to reportphishing@apwg.org and report fake texts to 7726 (SPAM).

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

This incident highlights how much personal data is connected to modern cars and how vulnerable those systems can be. When your vehicle is linked to your identity, protecting your data becomes just as important as maintaining the car itself. Stay alert, use the tools available to safeguard your accounts and report any suspicious activity right away.

Should companies like Hyundai AutoEver be doing more to keep customer data secure? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Source link
November 18, 2025
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers

WhatsApp’s mass adoption stems in part from how easy it is to find a new contact on the messaging platform: Add someone’s phone number, and WhatsApp instantly shows whether they’re on the service, and often their profile picture and name, too.

Repeat that same trick a few billion times with every possible phone number, it turns out, and the same feature can also serve as a convenient way to obtain the cell number of virtually every WhatsApp user on earth—along with, in many cases, profile photos and text that identifies each of those users. The result is a sprawling exposure of personal information for a significant fraction of the world population.

One group of Austrian researchers have now shown that they were able to use that simple method of checking every possible number in WhatsApp’s contact discovery to extract 3.5 billion users’ phone numbers from the messaging service. For about 57 percent of those users, they also found that they could access their profile photos, and for another 29 percent, the text on their profiles. Despite a previous warning about WhatsApp’s exposure of this data from a different researcher in 2017, they say, the service’s parent company, Meta, still failed to limit the speed or number of contact discovery requests the researchers could make by interacting with WhatsApp’s browser-based app, allowing them to check roughly a hundred million numbers an hour.

The result would be “the largest data leak in history, had it not been collated as part of a responsibly conducted research study,” as the researchers describe it in a paper documenting their findings.

“To the best of our knowledge, this marks the most extensive exposure of phone numbers and related user data ever documented,” says Aljosha Judmayer, one of the researchers at the University of Vienna who worked on the study.

The researchers say they warned Meta about their findings in April and deleted their copy of the 3.5 billion phone numbers. By October, the company had fixed the enumeration problem by enacting a stricter “rate-limiting” measure that prevents the mass-scale contact discovery method the researchers used. But until then, the data exposure could have also been exploited by anyone else using the same scraping technique, adds Max Günther, another researcher from the university who cowrote the paper. “If this could be retrieved by us super easily, others could have also done the same,” he says.

In a statement to WIRED, Meta thanked the researchers, who reported their discovery through Meta’s “bug bounty” system, and described the exposed data as “basic publicly available information,” since profile photos and text weren’t exposed for users who opted to make it private. “We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses,” writes Nitin Gupta, vice president of engineering at WhatsApp. Gupta adds, “We have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.”

Andy Greenberg

Source link

November 18, 2025