Tag: Security

Social media verification systems lose power as scammers purchase checkmarks to appear legitimate

[ad_1]

NEWYou can now listen to Fox News articles!

Social media makes it easy to connect with people, but it also makes it just as easy for fraudsters to pretend they are someone they are not. Fake accounts, misleading checkmarks and smooth-talking profiles are everywhere, and not everyone knows how to spot them. I recently received an email from Marie from Boynton Beach, Florida, with a similar concern:

“I have been on X, and it seems quite a few people turn out to be not who they say they are. Mostly the ones that are verified. I am not that good tech-wise. Is there a way other than me knowing immediately they are a fraud?? Thank God I am not the type to give personal information or money.”

It is a fair concern, Marie. With scams becoming more polished, the line between real and fake accounts is harder to see. Let’s break down why fraud is so common on social media, the red flags you should look out for, and the simple habits that can keep you from getting duped.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL

A man logs into his social media account on a laptop. Fraudsters often exploit online activity to trick users. (Kurt “CyberGuy” Knutsson)

Why social media is a playground for scammers

Social platforms are built for speed and visibility. Anyone can create an account in minutes, post content instantly and connect with strangers worldwide. This openness is what makes social media engaging, but it is also what makes it ripe for abuse. Fraudsters exploit the fact that posts, comments and messages are consumed quickly and often without much scrutiny.

Verification systems that were once meant to help users identify legitimate accounts have also lost some of their power. On platforms where checkmarks can be purchased, scammers can buy credibility without earning it. Add in the algorithms that reward viral content and sudden spikes in engagement, and you get the perfect environment for fraud to spread unnoticed.

Scammers know people often lower their guard on social media. In these spaces, users share personal details, build emotional ties with influencers and trust posts that look familiar. As a result, the combination of speed, trust and visibility creates an ideal environment for fraud to spread rapidly.

META DELETES 10 MILLION FACEBOOK ACCOUNTS THIS YEAR, BUT WHY?

A woman browses social media on her laptop. Scammers use fake accounts and misleading profiles to lure victims. (Kurt “CyberGuy” Knutsson)

The cost of falling for a scam

When people think of scams, they often imagine losing a one-time sum of money. The reality is far more damaging. Clicking a bad link or handing over credentials can snowball into long-term consequences. Once scammers get access to your information, it can be sold on dark web marketplaces, used to open fraudulent accounts or leveraged for identity theft.

There is also the reputational cost. If your social media account is hijacked, scammers can use it to trick your friends, family or followers, spreading fraud even further under your name. Cleaning up that mess can take weeks and may permanently damage your credibility.

Social media apps are prime hunting grounds for scammers who rely on speed and trust to deceive victims. (Kurt “CyberGuy” Knutsson)

Practical steps you can take to stay safe on social media

There are simple ways to protect yourself without needing technical expertise. I have listed some of the crucial steps below.

1) Scrutinize profiles before engaging

Fake accounts often have clear giveaways. Look at how long the account has existed, whether it posts original content and the kind of followers it has. Scammers usually recycle generic profile photos or steal images from real people. Reverse image searches can help you confirm if a photo belongs to someone else.

Even with verification, be skeptical. On platforms where checkmarks can be purchased, anyone can appear “official” without being trustworthy. Treat every new interaction with caution until proven otherwise.

FACEBOOK CRYPTO ADS LEAD TO DANGEROUS MALWARE SCAMS

2) Avoid clicking on random links

Fraudsters often send links over DMs, comments or even ads. These links may lead to phishing sites designed to steal your credentials or malware that installs silently on your device. One careless click can expose your information.

This is where having strong antivirus software comes in. Even if you accidentally land on a malicious site, a strong antivirus can block harmful downloads and warn you before malware runs. Think of it as a safety net for moments when curiosity gets the better of you.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com/.

3) Protect your logins

Phishing scams frequently mimic login screens for X, Instagram or Facebook. They are designed to trick you into typing your username and password into a fake form. Once you do, the scammer immediately takes over your account.

A password manager can be a lifesaver here. It only fills in your login details on the genuine site you have saved. If it does not recognize the page, that is a red flag that you are looking at a fake. On top of that, a password manager makes it easier to use strong, unique passwords for each account, which limits damage if one gets compromised.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/.

4) Keep personal info under wraps

The less information fraudsters can find about you, the weaker their scams become. Many impersonators use details like your hometown, job or relatives to build trust. If your email, phone number or address is floating around the web, scammers can weaponize that too.

A personal data removal service can help here by scrubbing your details from people-search sites and data brokers. While not foolproof, reducing your digital footprint makes you a harder target for impersonation or social engineering scams. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/.

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

5) Stay alert to impersonation scams

Fraudsters often pretend to be well-known figures, influencers or even customer support staff. They use urgency like “limited offer,” “you have won” or “your account will be closed” to pressure you into responding fast.

When money, gift cards or personal details are involved, slow down. Contact the real brand or person through official channels to verify. If you are unsure, simply ignore the request.

6) Trust your instincts

One of the strongest defenses you have is your gut feeling. If a verified profile is asking for money, if a giveaway sounds too good to be true or if someone’s tone feels off, it probably is. Scammers rely on you ignoring that little voice that says something is not right.

Take a breath, pause and think before you act. That moment of hesitation often makes the difference between staying safe and becoming a victim.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Social media can be entertaining, informative and even empowering, but it is also one of the easiest hunting grounds for fraudsters. They thrive on speed, trust and distraction, hoping you will react before you think. While no tool or habit can guarantee absolute safety, combining skepticism with smart protective steps puts you in a much stronger position.

Do you think paid verification badges make it harder to spot scammers? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 23, 2025
‘SIM Farms’ Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds Say

[ad_1]

The phenomenon of SIM farms, even at the scale found in this instance around New York, is far from new. Cybercriminals have long used the massive collections of centrally operated SIM cards for everything from spam to swatting to fake account creation and fraudulent engagement with social media or advertising campaigns. The SIM cards are typically housed in so-called SIM boxes that can control more than a hundred cards at a time, which are in turn connected to servers that can then control thousands of SIMs each.

SIM farms allow “bulk messaging at a speed and volume that would be impossible for an individual user,” one telecoms industry source, who asked not to be named due to the sensitivity of the Secret Service’s investigation, told WIRED. “The technology behind these farms makes them highly flexible—SIMs can be rotated to bypass detection systems, traffic can be geographically masked, and accounts can be made to look like they’re coming from genuine users.”

The telecom industry source adds that the images of SIM servers and boxes published by the Secret Service indicate a “really organized” criminal operation may have been behind the setup. “This means that there is great intelligence and significant resources behind it,” the person added.

The SIM farm found by the Secret Service, Unit 221b’s Coon says, isn’t the biggest operation he’s learned of in the US. But it’s the most concentrated in such a small single geographic area. SIM boxes, he notes, are illegal in the US, and the hundreds of them found in the Secret Service’s investigation must have been smuggled into the US. In one case he was involved in, Coon says, the boxes were imported from China, disguised as audio amplifiers.

The “clean, tidy racks” of equipment in a well-lit room shows that the operation may be well-organized and professional, says Cathal Mc Daid, VP of technology at telecommunication and cybersecurity firm Enea. Photos released by the Secret Service show multiple racks of telecom equipment neatly set up, with individual pieces of tech numbered and labeled, plus cables on the floor being covered and protected with tape. Each SIM box, Mc Daid says, appears to include around 256 ports and associated modems. “This looks more professional than many of the SIM farms you see,” says Mc Daid.

Mc Daid notes, however, that he’s tracked similar operations discovered in Ukraine—some of which have been as large or even larger than the one revealed on Tuesday by the Secret Service. Over the course of the last few years, law enforcement officials in Ukraine have discovered tens of thousands of SIM cards being used in SIM farms allegedly set up by Russian actors. In one case in 2023, around 150,000 SIM cards were reportedly found. These SIM farms have been used to operate fake social media profiles that can spread disinformation and propaganda.

Additional equipment found in the New York–area SIM farm sites.

Courtesy of The U.S. Secret Service

[ad_2]

Andy Greenberg, Lily Hay Newman, Matt Burgess

Source link

September 23, 2025
XRP Price Chatter Heats Up After Developer’s $4 Hint – Details

[ad_1]

According to posts and market watchers, a return by a well-known developer has reignited talk that XRP could move higher.

Harry Harald — a web developer followed closely inside the XRP community — posted about XRP over the weekend in his first message since May.

Related Reading

The post prompted immediate reaction from other big voices, and some in the space now say a move to $4 is possible. XRP opened the week lower, slipping to $2.77 before recovering to about $2.82 at press time. It had been trading around $3 yesterday before sellers pushed prices down.

Community Voices Drive Momentum

Alex Cobb and other influencers amplified Harald’s remark, which helped spark fresh optimism among traders. Based on social posts, Cobb suggested that $4 could be the next stop on a rebound.

When Harry speaks I listen

XRP $4.00 https://t.co/0Bpfx0cnjH

— Cobb (@Cobb_XRPL) September 21, 2025

From the current quote of $2.86, that would mean roughly a 42% rise, a gain that would push XRP above its long-held ceiling. That ceiling has been more than symbolic: XRP has not traded above $3.80 since 2018.

Technical Indicators Point To Recovery

Several chart analysts have flagged signals that they say back the bullish case. Ali Martinez reported a TD Sequential buy on the four-hour chart, an indicator some traders use to time entries after a string of lower closes.

XRP market cap currently at $171 billion. Chart: TradingView

Supporters point to historical backtests showing about 60–70% accuracy on higher timeframes, and that three out of four two-week buy signals since 2022 were followed by major rallies.

Traders also note that XRP has broken a downtrend after bottoming at $2.65 on September 1, and that it is holding above the 50% Fibonacci retracement and the 50-day moving average — both seen as bullish by many.

Price Action And Key Levels

XRP has been stuck near $3 for weeks, first stalling in July and failing to break out since. The token remains below a swing high of $3.65 established two months ago, a drop of about 25% from that peak.

Related Reading

Yes the lawsuit excuse has run its course for any further lack of XRP adoption or flat price action. https://t.co/Gl2U8Z7Ui9

— bill morgan (@Belisarius2020) September 22, 2025

Legal And ETF Narratives Influence Sentiment

Beyond charts, legal and regulatory developments are feeding the story. Reports have disclosed that Ripple initially put a $125 million fine into escrow after Judge Torres issued her final judgment.

@FilanLaw Have the $125Mil in escrowed funds from @Ripple for the Fines imposed by the Judge in the case with the SEC been settled to the Treasury?

— Jake Claver, QFOP (@beyond_broke) September 21, 2025

The SEC agreed earlier this year to reduce the penalty to $50 million in a settlement, but the judge rejected requests to cut the original $125 million order.

Both parties later withdrew appeals in the US Second Circuit in August, and the exact status of the escrowed funds has not been widely explained.

Meanwhile, speculation that SEC approval for an XRP ETF could come next month has added another layer of bullish expectation, with some supporters saying billions might flow in if an ETF wins the regulator’s nod.

Featured image from Unlock Media, chart from TradingView

[ad_2]

Christian Encila

Source link

September 23, 2025
Beware of fake Wi-Fi networks that steal your data when traveling

[ad_1]

NEWYou can now listen to Fox News articles!

Earlier this year, Australian police arrested a passenger for running a malicious Wi-Fi network both at an airport and during a flight. The setup looked just like the airline’s own Wi-Fi service, but it wasn’t. Instead, it was what cybersecurity researchers call an “evil twin,” a fake hotspot designed to trick people into handing over their credentials.

The idea isn’t new, but the setting is. For years, fake Wi-Fi networks have been a common trick in cafes, hotels, and airports. What makes this case stand out is that the attacker took it to the skies, exploiting the growing reliance on in-flight Wi-Fi for entertainment and internet access.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

What is an evil twin Wi-Fi attack?

An evil twin hotspot is a wireless network that impersonates a legitimate one by copying its name, also known as the SSID. When multiple networks with the same name exist, your phone or laptop often connects to the one with the stronger signal, which is usually the attacker’s.

Travelers check their phones while navigating delays and flight cancellations at the Austin-Bergstrom International Airport on July 19, 2024, in Austin, Texas. (Brandon Bell/Getty Images)

Once connected, victims are often redirected to a fake login or landing page. In this case, the malicious portal requested passengers’ email addresses, passwords, or even social media credentials under the pretense of granting access to the airline’s entertainment system. The stolen information could then be used for account takeovers, identity theft, or further attacks.

Why travel Wi-Fi is a prime target

Travel creates a perfect storm for these kinds of attacks. Whether you’re in a hotel, airport, cruise ship or airplane, you often have limited choices for getting online. Mobile data may be patchy or expensive, which pushes people toward the available Wi-Fi networks. Because these services feel official and are tied to trusted brands, travelers tend to assume they’re safe and let their guard down when login requests pop up.

Another trend adds to the risk. Travel providers are increasingly moving entertainment and services onto personal devices instead of offering built-in options. Airlines replace seatback screens with streaming portals, cruise lines promote app-based services and hotels direct guests to digital check-in platforms. All of these require a Wi-Fi connection, which means more people are logging on than ever before.

QANTAS DATA BREACH EXPOSES MILLIONS OF CUSTOMER RECORDS

How hackers trick you with fake in-flight Wi-Fi

Here’s how it worked in the Australian case. The attacker carried a portable hotspot onboard and named it to match the airline’s official Wi-Fi network. Passengers, seeing the fake network with stronger signal strength, connected automatically. They were then taken to a counterfeit login page asking for personal details.

A traveler awaits their delayed luggage after United Airlines grounded flights due to a tech outage at Newark Liberty International Airport in Newark, New Jersey, Aug. 6, 2025. (REUTERS/Ryan Murphy)

On a flight, the consequences are amplified. Passengers either give in and share data or lose access to entertainment for hours. The success rate of this attack is, quite literally, sky-high.

YOUR DISCARDED LUGGAGE TAGS ARE WORTH MONEY TO SCAMMERS

Why you need a VPN for in-flight Wi-Fi security

One of the best defenses against rogue Wi-Fi is a Virtual Private Network, or VPN. A VPN creates an encrypted tunnel between your device and the internet, making it far harder for attackers to intercept your data even if you connect to the wrong hotspot.

There is a catch, though. In-flight Wi-Fi systems often require you to disable your VPN temporarily to access the onboard portal. Even then, a VPN remains an important safeguard. Once you have cleared the login page and, if you have paid, connected to the internet, enabling your VPN ensures that any browsing, messaging, or app traffic stays private.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at CyberGuy.com.

9 tips for using in-flight Wi-Fi safely

A VPN is important, but it isn’t the only defense you should rely on. Here are some other ways to stay safe when connecting midair:

1) Install strong antivirus software

Before you even think about connecting to in-flight Wi-Fi, make sure your device has a strong antivirus installed. It’s your first line of defense against malicious sites and apps that attackers may try to push through fake portals. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

James Garofalo of Colorado Springs is checking cellphone after his flight cancelation at Denver International Airport in Denver, Colorado, on Thursday, Dec. 22, 2022. (Hyoung Chang/The Denver Post)

2) Enable two-factor authentication (2FA)

Even if an attacker manages to steal your login credentials, 2FA can stop them from getting into your accounts. Use app-based authenticators rather than SMS codes whenever possible, since they work offline and are harder to intercept.

3) Turn off automatic Wi-Fi connections

Most phones and laptops are set to reconnect automatically to familiar networks. This makes it easier for a fake hotspot with the same name to trick your device. Before you board, switch off auto-connect and manually choose the correct airline Wi-Fi.

4) Use HTTPS everywhere

When browsing in-flight, check for the padlock icon in your browser’s address bar. HTTPS encrypts the connection between your device and the website, making it harder for attackers on public Wi-Fi to intercept your data.

5) Limit what you access

Even with precautions, in-flight Wi-Fi should be treated as untrusted. Avoid logging in to sensitive accounts like online banking or work systems. Stick to light browsing, streaming or messaging until you’re back on a secure connection.

6) Keep your device updated

Outdated operating systems and apps often have security holes attackers exploit. Before your trip, install the latest updates on your phone, tablet or laptop. Many updates include security patches that protect you against known vulnerabilities.

7) Use airplane mode with Wi-Fi only

When possible, switch your device to airplane mode and then enable only Wi-Fi. This reduces exposure from other radios (like Bluetooth or cellular roaming) that attackers sometimes target on flights.

8) Watch for phishing pop-ups and avoid suspicious clicks

Some fake in-flight portals use pop-ups or redirects designed to trick you into entering login details or clicking on malicious links. If a page asks for unnecessary information, like your full Social Security number, banking details or unrelated logins, treat it as a red flag. Close the page immediately and don’t click.

9) Log out after use

When the flight is over, sign out of the airline’s Wi-Fi portal and any accounts you accessed. This prevents session hijacking if the system keeps tokens cached.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

The rise of evil twin attacks in the air is a reminder that convenience often comes with hidden risks. As airlines push more passengers toward in-flight Wi-Fi, attackers are finding ways to exploit that dependency. Next time you fly, think twice before blindly connecting to the first Wi-Fi network that pops up. Sometimes, the safest choice is to stay offline until you land.

Would you rather go a few hours offline than risk using an untrusted hotspot midair? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 22, 2025
Elon Musk Is Out to Rule Space. Can Anyone Stop Him?

[ad_1]

When the suit didn’t produce instant results, Musk went jingoistic. A few months earlier, in February 2014, Russia had invaded Ukraine, illegally annexing the Crimean Peninsula and triggering a global wave of condemnation against Moscow. Musk rode that wave in his successful push to get Congress and the Obama administration to wind down use of the United Launch Alliance’s signature rocket, the Atlas V, because it relied on Russian RD-180 engines. (The suit was eventually settled out of court.) The combination helped break ULA’s grip on government space launches.

Another big leap came in 2017. SpaceX started reusing its rocket cores, which dramatically brought down the price of getting to orbit. (Eight years later, its Falcon 9 and Falcon Heavy are still the only rockets in their weight classes with reusable cores.) But nothing was more important than Mueller’s continued development of SpaceX’s Merlin engine. It became one of the most durable in aerospace history, even though, as a former employee told me, “performance-wise, it’s terrible.” Its power and efficiency are nothing special. “We didn’t have the resources to do a lot of design and analysis,” he adds. “And so we just tested the ever-loving shit out of the engine. We hot-fired it thousands of times. Now they have an engine that’s super robust.”

Today, thanks in part to its nine reusable Merlin engines, a Falcon 9 can take a kilogram to low Earth orbit for one-third the previous cost; the Falcon Heavy, which uses 27 Merlins, drops the cost nearly in half again. Some 85 percent of Falcon 9 missions go to space with previously used first stages. In 2022, SpaceX jumped from doing around 30 launches per year to more than 60, and last year it hit 138. NASA’s space launch and human exploration efforts are now almost entirely controlled by Musk. A whole new space economy has grown up around him, one that relies on his cheap space access to get networks of small spacecraft into low Earth orbit. Take Planet Labs, the satellite imaging company. Hundreds of its spacecraft were carried by Falcon 9.

Really, no one is even trying to catch up; they’re just trying to find niches in a Musk-dominated ecosystem. ULA is building rockets optimized to reach geostationary orbits, which are farther out, even as many of its customers follow Musk’s lead and keep their satellite constellations closer to Earth. Upstarts like Rocket Lab and Firefly are admired for their ingenuity. But their current operational rockets are tiny by comparison—capable of carrying, at most, a couple thousand pounds, versus 140,000 for the Falcon Heavy.

“SpaceX is a cornerstone in the space industry. And then there’s other cornerstones, like Firefly. We’re very complementary to SpaceX,” says Jason Kim, the CEO of Firefly Aerospace. “It’s kind of like air, land, and sea. There’s no one-size-fits-all kind of transportation method.” (Kim’s not alone in this thinking; Firefly just went public at a valuation of $8.5 billion; Rocket Lab’s market cap is about $21 billion.)

Jeff Bezos has the cash to compete with SpaceX. And he’s certainly been at it long enough—his rocket company, Blue Origin, started a quarter-century ago. But it has had, shall we say, competing priorities. It’s been hard at work on engines; its BE-4 engine is actually powering the first stage of ULA’s new rocket, confusingly enough. You may have seen that Blue Origin has a rocket for near-space tourism, the one that recently carried Bezos’ wife, Lauren Sánchez, and Katy Perry aloft. But the company’s big rocket, the one that’s supposed to compete with SpaceX, has flown exactly once. And when I ask Blue Origin’s rep what makes their rockets any better—or, at least, any different—from Musk’s, he tells me: “I don’t have a solid answer for you on that one.”

China, which once seemed poised to dominate global launch, has had trouble keeping up with Musk’s rising totals, successfully launching between 64 and 68 rockets annually over the past three years. SpaceX is not only launching twice as often, it’s carrying more than 10 times the reported mass to orbit. Stoke Space, founded by Blue Origin engineers, has aerospace geeks in a frenzy, but it has yet to put a rocket on the pad. United Launch Alliance, SpaceX’s OG competitor, has a powerful new rocket—more on that in a bit—but once again, Musk is ahead. He’s working on a truly massive launcher, arguably the biggest ever constructed. Both stages are supposed to be fully reusable (which means, of course, immense cost savings), while neither stage of ULA’s Vulcan will be fully reusable. And that, according to a new report from SpaceNews Intelligence, could relegate the one-time monopolist “to niche roles in government or regional and backup contracts, assuming they survive at all.”

II. SATELLITES

At the end of May, at his factory in Starbase, Texas, Musk was in full Mars evangelist mode. “This is where we’re going to develop the technology necessary to take humanity,” he told his employees, “to another planet for the first time in the four-and-a-half-billion-year history of Earth.”

But as he sketched out his soaring vision of this place cranking out 1,000 enormous Starships per year, Musk repeated a more mundane truth. No, not the part about the Starship’s uneven test record. The one about funding. “Starlink internet is what’s being used to pay for humanity getting to Mars.”

[ad_2]

Noah Shachtman

Source link

September 22, 2025
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster

[ad_1]

Almost immediately after the cyberattack, a group on Telegram called Scattered Lapsus$ Hunters, claimed responsibility for the hack. The group name implies a potential collaboration between three loose hacking collectives— Scattered Spider, Lapsus$, and Shiny Hunters—that have been behind some of the most high-profile cyberattacks in recent years. They are often made up of young, English-speaking, cybercriminals who target major businesses.

Building vehicles is a hugely complex process. Hundreds of different companies provide parts, materials, electronics, and more to vehicle manufacturers, and these expansive supply chain networks often rely upon “just-in-time” manufacturing. That means they order parts and services to be delivered in the specific quantities that are needed and exactly when they need them—large stockpiles of parts are unlikely to be held by auto makers.

“The supplier networks that are supplying into these manufacturing plants, they’re all set up for efficiency—economic efficiency, and also logistic efficiency,” says Siraj Ahmed Shaikh, a professor in systems security at Swansea University. “There’s a very carefully orchestrated supply chain,” Shaikh adds, speaking about automotive manufacturing generally. “There’s a critical dependency for those suppliers supplying into this kind of an operation. As soon as there is a disruption at this kind of facility, then all the suppliers get affected.”

One company that makes glass sun roofs has started laying off workers, according to a report in the Telegraph. Meanwhile, another firm told the BBC it has laid off around 40 people so far. French automotive company OPmobility, which employs 38,000 people across 150 sites, told WIRED it is making some changes and monitoring the events. “OPmobility is reconfiguring its production at certain sites as a consequence of the shutdown of its production by one of its customers based in the United Kingdom and depending on the evolution of the situation,” a spokesperson for the firm says.

While it is unclear which specific JLR systems have been impacted by the hackers and what systems JLR took offline proactively, many were likely taken offline to stop the attack from getting worse. “It’s very challenging to ensure containment while you still have connections between various systems,” says Orla Cox, head of EMEA cybersecurity communications at FTI Consulting, which responds to cyberattacks and works on investigations. “Oftentimes as well, there will be dependencies on different systems: You take one down, then it means that it has a knock on effect on another.”

Whenever there’s a hack in any part of a supply chain—whether that is a manufacturer at the top of the pyramid or a firm further down the pipeline—digital connections between companies may be severed to stop attackers from spreading from one network to the next. Connections via VPNs or APIs may be stopped, Cox says. “Some may even take stronger measures such as blocking domains and IP addresses. Then things like email are no longer usable between the two organizations.”

The complexity of digital and physical supply chains, spanning across dozens of businesses and just-in-time production systems, means it is likely that bringing everything back online and up to full-working speed may take time. MacColl, the RUSI researcher, says cybersecurity issues often fail to be debated at the highest level of British politics—but adds this time could be different due to the scale of the disruption. “This incident has the potential to cut through because of the job losses and the fact that MPs in constituencies affected by this will be getting calls,” he says. That breakthrough has already begun.

[ad_2]

Matt Burgess

Source link

September 21, 2025
Why iPhone users are the new prime scam targets
[ad_1]
NEWYou can now listen to Fox News articles!

New research may shock a lot of Apple fans: iPhone users are actually more likely to fall for online scams than Android owners. The problem isn’t the device itself; it’s the habits of the people using it.

The survey from Malwarebytes, a global cybersecurity company, of 1,300 adults across the United States, United Kingdom, Austria, Germany and Switzerland, found that many iPhone owners put blind trust in Apple’s security. That confidence makes them easier targets for scammers who count on overconfidence.

5 PHONE SETTINGS TO CHANGE RIGHT NOW FOR A SAFER SMARTPHONE

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

New research suggests iPhone users are more likely to fall for online scams than Android users. (Kurt “CyberGuy” Knutsson)

The truth about iPhone security habits

Here’s what the Malwarebytes survey uncovered:
- More than half of iPhone users (53%) admitted they’ve fallen for a scam, compared to 48% of Android users.
- Only 21% of iPhone owners add security software, while 29% of Android users do.
- Just 35% of iPhone users set unique, strong passwords, compared to 41% of Android owners.
- 47% of iPhone users grabbed a “best price” deal from shady sellers, compared to 40% of Android users.
- 41% of iPhone owners DM’d sellers for discounts on social media, compared to 33% of Android owners.
The takeaway? It’s not the phone that makes you safe, it’s your choices every time you go online.

A survey from Malwarebytes found that many iPhone owners blindly trust Apple’s security measures, which makes them easier targets for scammers who count on overconfidence. (Kurt “CyberGuy” Knutsson)

Why this matters

For years, Apple’s reputation led iPhone users to believe they were automatically safer. This study proves otherwise. Cybercriminals don’t care what brand of phone you carry; they care about how easy it is to trick you. And right now, too many iPhone users are letting their guard down.

Many iPhone software updates contain security patches that block new threats to keep users safe. (Kurt “CyberGuy” Knutsson)

7 ways to stay safe on iPhone

Even if you love your iPhone, staying safe means making smarter choices online. Follow these steps to keep scammers one step behind you.

1) Stop and double-check

If something feels off, whether it’s a text, link, or offer, pause. Scammers rely on urgency to trick you.

2) Avoid random links and shady DMs

Never click on links or QR codes from unknown senders. Always visit the company’s website directly. Also, use strong antivirus software to block malicious links before they reach you. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech

3) Keep your software updated

Apple pushes out updates for a reason. Many contain security patches that block new threats. Make sure your iPhone is always running the latest iOS and app updates.

How to update iOS:
- Go to Settings
- Tap General
- Click Software Update and install any available updates.
Manually updating apps:
- Open the App Store.
- Tap your profile icon at the top right.
- Scroll down to see pending updates.
- Tap Update All (or update individual apps).
Enabling Automatic App Updates:
- Open Settings.
- Scroll down and tap App Store.
- Under Automatic Downloads, toggle on App Updates.
This way, your phone will always stay current, reducing the chances that hackers can exploit old vulnerabilities.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

4) Pick stronger, unique passwords

Using the same password everywhere is a hacker’s dream. Create unique ones for each account. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see CyberGuy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at CyberGuy.com/Passwords

5) Consider using a personal data removal service

Scammers thrive on the personal details they can easily find about you online, and iPhone users in particular tend to overshare and trust their device to keep them safe. That leaves a bigger trail for criminals to exploit. A personal data removal service helps wipe your information from data broker sites and shady lists that fuel targeted scams.

While no service can erase everything, it makes it much harder for crooks to connect the dots and trick you. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com/Delete

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com/FreeScan

6) Turn on two-factor authentication (2FA)

Turning on two-factor authentication (2FA) is one of the most powerful ways to lock down your accounts. It adds an extra login step that blocks criminals, even if they already have your password. On your iPhone:
- Open the Settings app.
- Tap on [your name] (your Apple ID at the top).
- Select Sign‑In & Security.
- Tap Turn On Two‑Factor Authentication, then tap Continue.
- Enter a trusted phone number to receive verification codes (via text or call), tap Next, and enter the code sent to you to complete the setup.
Once set up, you’ll get a code each time you or someone else tries to sign in.

7) Don’t trade personal info for deals

Skip giving out your phone number or email just to snag a coupon, unlock a discount code, or enter a giveaway. Scammers use those details to target you later with spam, phishing attempts, and even identity theft schemes. Instead, create and use an alias email address for sign-ups, promotions, or contests. That way your real inbox stays private, and suspicious offers won’t expose your personal data.

For recommendations on private and secure email providers that offer alias addresses, visit CyberGuy.com/Mail

CLICK HERE TO GET THE FOX NEWS APP

What this means for you

If you own an iPhone, don’t assume Apple’s built-in tools are enough. Android users appear to be more proactive, but everyone is vulnerable. Real security comes from your habits, not your hardware.

Kurt’s key takeaways

The bottom line: iPhone users are falling for scams more often because they trust too much and protect too little. The fix is simple: be cautious, be skeptical, and add extra protection. Because when it comes to scams, it’s not about the device, it’s about you.

Do you still believe Apple makes you safer, or are you ready to admit that scammers can outsmart any phone? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 21, 2025
1Password Is Still the Gold Standard for Securely Managing Your Passwords

[ad_1]

Password managers are spotty on Android and iOS in general, and 1Password isn’t above that issue. I’d estimate somewhere around 10 to 15 percent of the fields I encounter on mobile just don’t register with 1Password, sending me out to the app to copy my password over manually. This is more of an issue with how apps categorize different fields and expose them to other apps running, and less of a 1Password-specific problem.

1Password at least attempts to get around this with linked apps. As you start signing into apps using entries in your vault, 1Password will connect your login to whatever app you’re logging into. That doesn’t eliminate autofill problems on mobile, but it helps in the cases where 1Password is looking for a specific URL to autofill, and the mobile app isn’t operating with that URL.

Outside of autofill, using 1Password on Android and iOS is a breeze. You can enter your account password each time you unlock your account if you want, but 1Password supports biometric authentication on Android and iOS, including Face ID support. After a certain amount of time has passed (you can change the amount of time in the settings), 1Password will ask you to re-enter your account password. Thankfully, if you don’t want to use biometrics, you can set up a PIN or passcode, as well.

Quick access is important because 1Password is extremely limited on mobile, and that’s a good thing. Even switching to another app or locking your phone will also lock your account, and if you swipe through your list of open apps, you’ll only see the 1Password login screen.

You’re free to change these settings, from the amount of time you need to re-enter your account password to when 1Password should clear your keyboard history. The defaults work well, but if you can’t be bothered, you can turn these extra security measures off.

Unique Security

1Password may function similarly to other password managers, but its security design is unique. The company has a white paper you can read through for all the gory details, and it maintains a list of certifications and recent penetration testing. The core of 1Password’s security, however, is a zero-knowledge approach. It’s designed in such a way that, even if 1Password wanted to, it has no means to decrypt the contents of your vault.

This works due to what 1Password calls two-secret key derivation, or 2SKD. It takes your account password and a secret key that’s generated on your device when you first sign up for 1Password, and uses them to derive a key encryption key (KEK). Also on your device, 1Password generates a public-private key pair. Your private key is encrypted with the KEK, while your public key is shared.

There are several layers of nested encryption beyond this, but what’s important is that 1Password doesn’t have a copy of your private key, nor a copy of your account password that’s necessary to derive the KEK. And when you authenticate, everything happens locally on your device, including encryption and decryption. Your KEK, master password, and private key never leave your device.

[ad_2]

Jacob Roach

Source link

September 20, 2025
A Dangerous Worm Is Eating Its Way Through Software Packages

[ad_1]

New findings this week showed that a misconfigured platform used by the Department of Homeland Security left sensitive national security information—including data related to the surveillance of Americans—exposed and accessible to thousands of people. Meanwhile, 15 New York officials were arrested by Immigration and Customs Enforcement and the New York Police Department this week in or around 26 Federal Plaza—where ICE detains people in what courts have ruled are unsanitary conditions.

Russia conducted conspicuous military exercises testing hypersonic missiles near NATO borders, stoking tensions in the region after the Kremlin had already recently flown drones into Polish and Romanian airspace. Scammers have a new tool for sending spam texts, known as “SMS blasters,” that can send up to 100,000 texts per hour while evading telecom company anti-spam measures. Scammers deploy rogue cell towers that trick people’s phones into connecting to the malicious devices so they can send the texts directly and bypass filters. And a pair of flaws in Microsoft’s Entra ID identity and access management system, which have been patched, could have been exploited to access virtually all Azure customer accounts—a potentially catastrophic disaster.

WIRED published a detailed guide this week to acquiring and using a burner phone, as well as alternatives that are more private than a regular phone but not as labor-intensive as a true burner. And we updated our guide to the best VPNs

But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The cybersecurity world has seen, to its growing dismay, plenty of software supply-chain attacks, in which hackers hide their code in a legitimate piece of software so that it’s silently seeded out to every system that uses that code around the world. In recent years, hackers have even tried linking one software supply-chain attack to another, finding a second software developer target among their victims to compromise yet another piece of software and launch a new round of infections. This week saw a new and troubling evolution of those tactics: a full-blown self-replicating supply-chain attack worm.

The malware, which has been dubbed Shai-Hulud after the Fremen name for the monstrous Sandworms in the sci-fi novel Dune (and the name of the Github page where the malware published stolen credentials of its victims), has compromised hundreds of open source software packages on the code repository Node Packet Management, or NPM, used by developers of Javascript. The Shai-Hulud worm is designed to infect a system that uses one of those software packages, then hunt for more NPM credentials on that system so that it can corrupt another software package and continue its spread.

By one count, the worm has spread to more than 180 software packages, including 25 used by the cybersecurity firm CrowdStrike, though CrowdStrike has since had them removed from the NPM repository. Another count from cybersecurity firm ReversingLabs put the count far higher, at more than 700 affected code packages. That makes Shai-Hulud one of the biggest supply-chain attacks in history, though the intent of its mass credential-stealing remains far from clear.

Western privacy advocates have long pointed to China’s surveillance systems as the potential dystopia awaiting countries like the United States if tech industry and government data collection goes unchecked. But a sprawling Associated Press investigation highlights how China’s surveillance systems have reportedly been largely built on US technologies. The AP’s reporters found evidence that China’s surveillance network—from the “Golden Shield” policing system that Beijing officials have used to censor the internet and crack down on alleged terrorists to the tools used to target, track, and often detain Uyghurs and the country’s Xinjiang region—appear to have been built with the help of American companies, including IBM, Dell, Cisco, Intel, Nvidia, Oracle, Microsoft, Thermo Fisher, Motorola, Amazon Web Services, Western Digital, and HP. In many cases, the AP found Chinese-language marketing materials in which the Western companies specifically offer surveillance applications and tools to Chinese police and domestic intelligence services.

Scattered Spider, a rare hacking and extortion cybercriminal gang based largely in Western countries, has for years unleashed a trail of chaos across the internet, hitting targets from MGM Resorts and Caesar’s Palace to the Marks & Spencer grocery chain in the United Kingdom. Now two alleged members of that notorious group have been arrested in the UK: 19-year-old Thalha Jubair and 18-year-old Owen Flowers, both charged with hacking the Transport for London transit system—reportedly inflicting more than $50 million in damage—among many other targets. Jubair alone is accused of intrusions targeting 47 organizations. The arrests are just the latest in a string of busts targeting Scattered Spider, which has nonetheless continued a nearly uninterrupted string of breaches. Noah Urban, who was convicted on charges related to Scattered Spider activity, spoke from jail to Bloomberg Businessweek for a long profile of his cybercriminal career. Urban, 21, has been sentenced to a decade in prison.

[ad_2]

Lily Hay Newman, Andy Greenberg

Source link

September 20, 2025
Americans like drugs. Killing drug traffickers won’t change that.

[ad_1]

On Tuesday, the Wall Street Journal published an article titled “America Loves Cocaine Again—Mexico’s New Drug King Cashes In.” It’s a detailed account of the return of cocaine amid a recent drop in fentanyl use by Americans. “Cocaine sold in the U.S. is cheaper and as pure as ever for retail buyers,” according to the article. The drug has seen a 154 percent increase in consumption since 2019.

For a variety of reasons, the U.S. is the most significant illicit drug market in the world, with the most drug users. Though 45 percent of Americans describe the problem of drugs in the U.S. as “extremely serious,” drug use is a growing trend. About 25 percent of Americans reported past-year use of “illicit drugs” in 2024—an increase of three percentage points since 2021—according to the 2024 National Survey on Drug Use and Health.

Many Americans have gone from tolerance of psychoactive drug use to active participation at scale, and demand is edging up. However, public drug use and the rise in fentanyl overdoses in cities such as Portland, San Francisco, and Baltimore have spurred public outcry. Given that the country’s annual drug overdose death rate doubled between 2015 and 2023, it makes sense that 52 percent of Americans feel the U.S. is “losing ground on the illegal drug problem,” according to a Gallup poll.

It appears the president agrees. On September 15, President Donald Trump posted a video on his Truth Social account showing U.S. forces killing three people during the destruction of another alleged drug boat in the Caribbean. Two weeks ago, a similar strike killed 11 people on a vessel the Trump administration alleged belonged to the Venezuelan gang Tren de Aragua.

While the president has justified these strikes as a necessary escalation against “extremely violent drug trafficking cartels” that he claims “POSE A THREAT to U.S. National Security, Foreign Policy, and vital U.S. Interests,” data indicate that drug trafficking, like drug use, is predominantly a domestic issue.

Out of 12,004 nationwide drug trafficking convictions, 78 percent (9,362) involved U.S. citizens, according to the Cato Institute. The trend remains even in regions along the Southwest border, typically seen as cartel havens, where U.S. citizens account for nearly 72 percent of drug trafficking convictions. Similarly, in the Gulf of Mexico and districts along the Caribbean, U.S. citizens account for 68 percent of convicted drug traffickers.

In July, the president signed the HALT Fentanyl Act, which permanently classifies fentanyl-related substances as a Schedule I drug under the Controlled Substances Act. The president has repeatedly cited fentanyl trafficking as justification for his positions on tariffs and immigration. However, most of the fentanyl seizures by U.S. authorities happen at legal ports of entry, and data from the U.S. Sentencing Commission show 86 percent of those sentenced for trafficking fentanyl were U.S. citizens.

Given the data on who’s doing the trafficking and the president’s frank statement to Fox News that “you’ll never really solve the drug problem unless you do what other countries do, and that’s the death penalty for drug dealers,” it’s understandable to question the effects on Americans of this escalation in the war on drugs. Only a few countries carry out executions for drug trafficking offenses; the list includes human rights luminaries like Singapore, Malaysia, Iran, and Brunei.

Director of Immigration Studies at the Cato Institute, David Bier, describes the president’s legal authority for the strikes as fictitious. “If this is an act of war, then Congress must authorize it under the Constitution,” says Bier. “But it’s not an act of war since the combatants are defined by their criminal violations of U.S.-controlled substances laws, and the law spells out the consequences for those offenses. Moreover, the president is…intentionally killing the people on the boats, which shows that this isn’t about the substances being trafficked, but rather illegally raising the penalty for drug trafficking to capital punishment.”

For decades, the U.S. spent billions exporting the same extrajudicial method of drug control recently carried out by the Trump administration, without credible evidence of a dent in domestic drug consumption.

Since most traffickers to the U.S. are citizens, killing suspects at sea is a hollow show—attacking supply while ignoring the demand that fuels it.

[ad_2]

Tosin Akintola

Source link

September 19, 2025
Sam’s Club customers targeted by phishing scam using fake $100 reward offers
[ad_1]
NEWYou can now listen to Fox News articles!

Dennis and Carole recently reached out to us with a warning about a suspicious email claiming to offer a $100 Sam’s Club reward.

“We received this yesterday, and my wife fell for the scam and initiated the free gift offer. No credit card other than email transferred,” Dennis said.

The email looked professional, with the official Sam’s Club logo at the top. It read, “YOUR OPINION IS IMPORTANT. Exclusive. YOU CAN GET A $100 REWARD.” It then invited the recipient to “Take a short survey to claim your $100 reward. Click the button below to get started,” with a bold black button labeled “GET STARTED NOW!”

Despite no credit card being entered, the couple wanted to know:
- Will scammers be able to charge their credit card?
- Do they already have credit card info?
- What steps should they take?
Let’s break this all down.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

THE TRUTH BEHIND THOSE MYSTERIOUS SHIPMENT EMAILS IN YOUR INBOX

A couple warns about a new email scam disguised as a Sam’s Club survey. (Kurt “CyberGuy” Knutsson)

Why this Sam’s Club email is a scam

At first glance, the email looked like it came straight from Sam’s Club, complete with the logo, blue color scheme and a tempting promise of a $100 reward for filling out a short survey. That’s exactly what scammers want you to think.

This is a classic phishing scam. Cybercriminals copy a trusted brand’s style to trick you into clicking their links or entering personal information. Once you engage, they can:
- Collect your email address for spam lists
- Send more realistic-looking phishing attempts
- Try to lure you into giving up payment or account details in future messages
- Direct you to malware-infected websites
In this case, only an email address was entered. That means there’s no direct credit card risk, yet. However, scammers now know the address is active and that someone at it will click through, making it more valuable for targeted scams later. The next step is protecting yourself quickly, because stopping them now is far easier than dealing with identity theft later.

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

Experts warn consumers not to click suspicious looking links. (Peter Dazeley)

How to protect yourself after clicking a link in a scam email

If you entered your email in a scam form, take these steps right away to reduce the risk of further attacks:

1) Use strong antivirus software

Run a scan with a trusted antivirus program. Many modern security tools also include phishing protection, blocking dangerous links before they can load. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com.

2) Mark the email as phishing

Use your email provider’s spam or phishing report tool to flag the message. This helps block future attempts and trains filters to catch similar scams.

3) Consider a data removal service

Data removal services can contact data brokers to remove your personal information from their lists. This makes it harder for scammers to target you with more personalized attacks. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Scammers are claiming to offer a $100 Sam’s Club reward. (REUTERS/Rick Wilking)

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Watch for follow-up scams

Scammers often follow up with urgent-sounding emails to “confirm” your account or claim you won a prize. Delete these immediately without clicking links or opening attachments.

5) Change your passwords and strengthen security

Never reuse the same password across multiple accounts. If scammers target your email address, they may try it with common password guesses. Create unique, strong passwords for each account and store them in a reputable password manager.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

6) Report the scam

Forward the email to:
- Sam’s Club: phishing@samsclub.com
- FTC: reportphishing@apwg.org
Reporting helps both the brand and law enforcement track scam activity.

CLICK HERE TO GET THE FOX NEWS APP

Consumers are advised to report phishing emails to the company or the FTC. (CyberGuy.com)

Kurt’s key takeaways

Even if you avoid entering payment details, your personal information still has value to scammers. An email address can open the door to phishing attacks designed to steal passwords, install malware, or gather more sensitive data. Scammers know how to make an email look convincing, especially when they dangle a gift card as bait. By staying alert, reporting suspicious emails and protecting your personal data, you can reduce your risk.

Have you ever received a fake reward email from a brand you trust? How did you handle it? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 19, 2025
The Shocking Cost of Vendor Data Breaches | Entrepreneur

[ad_1]

Opinions expressed by Entrepreneur contributors are their own.

Modern supply chains are a complex web of interconnected, intertwined digital ecosystems, each supporting the other. Look around you, and everything from how your workstations perform to how your data is being managed consists of several different suppliers and vendors, beyond what might be evident to you on first glance.

You may have bought your web domain from an American company, but your hosting servers are in Europe. You probably bought your cloud infrastructure from AWS or Google, but your data is being stored in a remote village in Norway.

Beyond what is visible lies a plethora of vendors and suppliers that work together like clockwork to make sure your business infrastructure remains up and running.

However, this is where the problem begins. A single outage, data breach or fault with one of these vendors can have a devastating ripple effect on your business operations.

Your direct vendor might not even be responsible, but their service might depend on a third-party provider, with whom you have no connection, and yet, your business takes the complete brunt of the situation.

Therefore, in today’s world, companies don’t just have to prepare for internal data risks but also think about the data risks posed to their suppliers and vendors.

Related: How to Mitigate Cybersecurity Risks Associated With Supply Chain Partners and Vendors

Vulnerabilities due to a web of interdependencies

In 2021, millions of websites across the world suddenly went offline. This included business websites, banks, ecommerce ports and even government agencies. In fact, it took out a major chunk of European and mostly French websites.

After a couple of hours, it was found that one of the four data centers owned by the company OVHcloud was destroyed due to a fire.

While the data centers supposedly had backups, the resulting damage in terms of data breaches and lost business cost tens of millions of dollars.

Even some of the largest companies in the world are regularly attacked and are susceptible to data leaks.

Orange Belgium‘s data breach exposed information of 850,000 customers. Allianz Life‘s data breach exposed personal information of more than a million customers, and a Qantas cyberattack leaked information on over six million airline customers!

More recently, a ransomware attack on the UK’s NHS (National Health Service) disrupted blood tests across several London hospitals, eventually leading to the death of at least one patient. The software provider for the NHS, Advanced Computer Systems, was eventually fined £3 million, but only after an innocent life had already been lost.

While these large organizations cannot be solely blamed, it is clear that even if you have the most robust IT and security infrastructure within your organization, you are never immune to the vulnerabilities of your vendors.

Common mistakes that lead to weak data management

Similar to the example of OVHcloud, many vendors simply lack a robust backup system to ensure operations run smoothly — this is where the problem starts. Due to a poor backup system, they also have an insufficient disaster recovery plan in case of a ransomware attack. Therefore, a fire in only one of their four data centers brought down millions of their customers’ websites.

Another example might be the NHS’s software. They probably had data integrity checks built into their security, but they were insufficient, making it easy for an attack to take place across a number of locations. Overall, a reliance on manual recovery efforts and weak cybersecurity practices creates vulnerabilities that can have devastating consequences.

Related: 3 Ways to Ensure Cybersecurity Is a Priority for the Companies You Partner With

Cost of a vendor data crisis

Any data breaches or attacks on your vendors will have a direct impact on your business. It can directly result in operational downtime, which can include workflows that completely stop working, supply chain disruptions, invoicing issues and much more.

In the short run, it can lead to lost sales, SLA breaches and even penalties, while in the long run, the financial impact due to reputational damage can be even worse. If customers can’t trust you to deliver on time or protect their data, they might never return.

It’s important to safeguard your business against such scenarios, and there are a couple of steps that can help you mitigate these.

How to mitigate a vendor data crisis

Before signing a contract with a vendor, it’s important to do your due diligence and assess their data and security infrastructure. This might seem instructive, but it is one of the important first steps you can take to protect your business and data against vulnerabilities.

It is also important to carry out regular audits and ensure SLAs are met and that they are up-to-date with industry standards.

Overall, there needs to be a plan for diversification so that no single vendor can impact a critical workflow.

Related: Why Cybersecurity is the Key to Unlocking the Full Potential of Supply Chains

Why it’s important to have robust data recovery tools

Despite all the due diligence and backups, no system is 100% fail-proof. This is why your business must have reliable recovery tools that can help recover damaged files, important emails and even complete databases, making sure your organization can be back on its feet as soon as possible.

A company’s data can be worth tens of thousands of dollars for a small business and much more for a larger organization. Using such software is the perfect safety net when prevention fails.

Modern supply chains are a complex web of interconnected, intertwined digital ecosystems, each supporting the other. Look around you, and everything from how your workstations perform to how your data is being managed consists of several different suppliers and vendors, beyond what might be evident to you on first glance.

You may have bought your web domain from an American company, but your hosting servers are in Europe. You probably bought your cloud infrastructure from AWS or Google, but your data is being stored in a remote village in Norway.

Beyond what is visible lies a plethora of vendors and suppliers that work together like clockwork to make sure your business infrastructure remains up and running.

The rest of this article is locked.

Join Entrepreneur+ today for access.

[ad_2]

Chongwei Chen

Source link

September 18, 2025
This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

[ad_1]

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security features of major cloud providers like Microsoft. But with so much riding on these systems, there can be potentially disastrous consequences at a massive scale if something goes wrong. Case in point: Security researcher Dirk-jan Mollema recently stumbled upon a pair of vulnerabilities in Microsoft Azure’s identity and access management platform that could have been exploited for a potentially cataclysmic takeover of all Azure customer accounts.

Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges—essentially god mode—and compromise every Entra ID directory, or what is known as a “tenant.” Mollema says that this would have exposed nearly every Entra ID tenant in the world other than, perhaps, government cloud infrastructure.

“I was just staring at my screen. I was like, ‘No, this shouldn’’t really happen,’” says Mollema, who runs the Dutch cybersecurity company Outsider Security and specializes in cloud security. “It was quite bad. As bad as it gets, I would say.”

“From my own tenants—my test tenant or even a trial tenant—you could request these tokens and you could impersonate basically anybody else in anybody else’s tenant,” Mollema adds. “That means you could modify other people’s configuration, create new and admin users in that tenant, and do anything you would like.”

Given the seriousness of the vulnerability, Mollema disclosed his findings to the Microsoft Security Response Center on July 14, the same day that he discovered the flaws. Microsoft started investigating the findings that day and issued a fix globally on July 17. The company confirmed to Mollema that the issue was fixed by July 23 and implemented extra measures in August. Microsoft issued a CVE for the vulnerability on September 4.

“We mitigated the newly identified issue quickly, and accelerated the remediation work underway to decommission this legacy protocol usage, as part of our Secure Future Initiative,” Tom Gallagher, Microsoft’s Security Response Center vice president of engineering, told WIRED in a statement. “We implemented a code change within the vulnerable validation logic, tested the fix, and applied it across our cloud ecosystem.”

Gallagher says that Microsoft found “no evidence of abuse” of the vulnerability during its investigation.

Both vulnerabilities relate to legacy systems still functioning within Entra ID. The first involves a type of Azure authentication token Mollema discovered known as Actor Tokens that are issued by an obscure Azure mechanism called the “Access Control Service.” Actor Tokens have some special system properties that Mollema realized could be useful to an attacker when combined with another vulnerability. The other bug was a major flaw in a historic Azure Active Directory application programming interface known as “Graph” that was used to facilitate access to data stored in Microsoft 365. Microsoft is in the process of retiring Azure Active Directory Graph and transitioning users to its successor, Microsoft Graph, which is designed for Entra ID. The flaw was related to a failure by Azure AD Graph to properly validate which Azure tenant was making an access request, which could be manipulated so the API would accept an Actor Token from a different tenant that should have been rejected.

[ad_2]

Matt Burgess, Lily Hay Newman

Source link

September 18, 2025
Your discarded luggage tags are worth money to scammers

[ad_1]

NEWYou can now listen to Fox News articles!

Bad actors can use almost anything to scam you. You’ve already heard about them using personal information such as phone numbers, email addresses and government IDs to commit identity theft. But they don’t stop there. There have been reports of hackers using your home’s location on maps to blackmail you or impersonating your boss to demand money.

These are still very believable tactics, but did you know that even the luggage tags you barely notice can be misused? That’s correct. Well, now bad actors are targeting luggage tags to file for reimbursement.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

AIRLINES SECRETLY SOLD US TRAVELERS’ DATA TO HOMELAND SECURITY

Luggage tag scam explained and how to avoid it

An alleged baggage claims manager at Delta Air Lines has warned travelers about a growing scam that uses discarded luggage tags to commit fraud.

In a Reddit post that has since drawn thousands of comments, the worker claimed scammers are watching passengers remove their tags at baggage claim and retrieving them to submit fake claims for lost luggage. The tags often contain enough personal and travel information to file for reimbursement.

A baggage claim manager alleges that scammers are stealing travelers’ information from old bag tags. (iStock)

“There’s been an influx of fraudulent claims using tossed luggage tags,” the worker wrote. “It’s creating issues for people with legitimate claims.”

The post advises waiting until you are away from the airport before removing tags from checked bags and avoiding leaving them in hotel trash cans. Former hotel staff commenting on the post said they had seen similar fraud schemes involving tags found in guest rooms.

Travelers responding to the warning also noted that printed boarding passes can be exploited in the same way, and shared examples of airports, such as in Japan, that provide secure disposal bins for tags.

FBI WARNS OF QR CODE SCAM DISGUISED IN MYSTERY PACKAGES

An airport attendant attaches a label on a suitcase at an airline check-in desk. (iStock)

How serious is the luggage tag scam threat?

The luggage tag scam is a documented and growing problem in 2025, with airport workers, especially baggage claims staff at major airlines, reporting a surge in fraudulent lost luggage claims tied to discarded tags.

Multiple firsthand accounts confirm that processing legitimate compensation is being complicated by false claims using details found on bag tags. However, travel security experts and industry observers note that, while cases are increasing, the scam may not be extremely widespread or high-volume at this time.

Most tags only contain limited information, such as name, flight number and baggage IDs, and airlines’ tracking systems can sometimes detect if a claim is fake by reviewing baggage scan logs and RFID tagging. There are also no official warnings or statistics from major airlines, government authorities or law enforcement indicating this technique has reached epidemic levels or led to confirmed prosecutions.

CLICK HERE TO GET THE FOX NEWS APP

Stay safe with luggage locks, door locks and anti-theft bags. (REUTERS/Vincent Alban)

7 ways to stay safe from the luggage tag scam

The luggage tag scam might not sound like the most dangerous travel threat, but ignoring it can still leave you exposed to fraud. Here are simple, effective steps to protect yourself.

1) Remove tags only after leaving the airport

Wait until you’re at home, in your car or in another private location before taking tags off your checked bags. This prevents scammers from grabbing them in public areas.

2) Shred or destroy old tags

Never toss tags in the trash intact. Tear them up or cut through barcodes and printed details so they can’t be reused for fake claims.

3) Avoid leaving tags in hotel rooms

Dispose of tags yourself instead of leaving them in a hotel wastebasket. Cleaning staff or other guests could find and misuse them.

4) Secure boarding passes too

Treat printed boarding passes the same way as luggage tags. Keep them until you can destroy them securely.

5) Be alert in baggage claim areas

Watch for anyone loitering near the carousel and observing passengers closely. Stay aware of your surroundings while handling travel documents.

6) Use digital boarding passes when possible

Opt for mobile boarding passes instead of printed ones. This removes the risk of discarded paper passes falling into the wrong hands.

7) Limit personal details on luggage tags

Avoid printing your full home address or primary phone number. Instead, use your name, a travel-only email and either a P.O. box or work address. You can even create a simple alias email just for travel, which forwards to your main inbox but keeps your real address private. This way, airlines and honest finders can still reach you without exposing sensitive personal details to scammers.

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com.

8) Track Your Bags with AirTags

Another way to protect yourself is by putting a small tracker inside your luggage, such as an Apple AirTag or a similar Bluetooth tracker. These devices connect to your phone and let you see where your bag is in near real-time. If your suitcase goes missing or ends up in the wrong place, you’ll know faster than waiting for the airline to track it down.

Place the tracker inside your bag rather than on the handle so it can’t be easily removed. Check its location through your phone before leaving the airport, and keep an eye on it during layovers. While AirTags can’t prevent someone from misusing an old luggage tag, they give you proof of where your bag actually is if you ever need to dispute a lost luggage claim or theft.

Kurt’s key takeaway

While the luggage tag scam may not be widespread yet, it exploits a simple oversight that most travelers rarely consider. Until airlines and airports put better safeguards in place, the burden falls on passengers to protect their own information. That means treating something as ordinary as a bag tag like sensitive data.

What do you do with your luggage tags after your trip? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 18, 2025
A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

[ad_1]

The Department of Homeland Security’s mandate to carry out domestic surveillance has been a concern for privacy advocates since the organization was first created in the wake of the September 11 attacks. Now a data leak affecting the DHS’s intelligence arm has shed light not just on how the department gathers and stores that sensitive information—including about its surveillance of Americans—but on how it once left that data exposed to thousands of government and private sector workers and even foreign nationals who were never authorized to see it.

An internal DHS memo obtained by a Freedom of Information Act (FOIA) request and shared with WIRED reveals that from March to May of 2023, a DHS online platform used by the DHS Office of Intelligence and Analysis (I&A) to share sensitive but unclassified intelligence information and investigative leads among the DHS, the FBI, the National Counterterrorism Center, local law enforcement, and intelligence fusion centers across the US was misconfigured, accidentally exposing restricted intelligence information to all users of the platform.

Access to the data, according to a DHS inquiry described in the memo, was meant to be limited to users of the Homeland Security Information Network’s intelligence section, known as HSIN-Intel. Instead it was set to grant access to “everyone,” exposing the information to HSIN’s tens of thousands of users. The unauthorized users who had access included US government workers focused on fields unrelated to intelligence or law enforcement such as disaster response, as well as private sector contractors and foreign government staff with access to HSIN.

“DHS advertises HSIN as secure and says the information it holds is sensitive, critical national security information,” says Spencer Reynolds, an attorney for the Brennan Center for Justice who obtained the memo via FOIA and shared it with WIRED. “But this incident raises questions about how seriously they take information security. Thousands and thousands of users gained access to information they were never supposed to have.”

HSIN-Intel’s data includes everything from law enforcement leads and tips to reports on foreign hacking and disinformation campaigns, to analysis of domestic protest movements. The memo about the HSIN-Intel breach specifically mentions, for instance, a report discussing “protests relating to a police training facility in Atlanta”—likely the Stop Cop City protests opposing the creation of the Atlanta Public Safety Training Center—noting that it focused on “media praising actions like throwing stones, fireworks and Molotov cocktails at police.”

In total, according to the memo about the DHS internal inquiry, 439 I&A “products” on the HSIN-Intel portion of the platform were improperly accessed 1,525 times. Of those unauthorized access instances, the report found that 518 were private sector users and another 46 were non-US citizens. The instances of foreign user accesses were “almost entirely” focused on cybersecurity information, the report notes, and 39 percent of all the improperly accessed intelligence products involved cybersecurity, such as foreign state-sponsored hacker groups and foreign targeting of government IT systems. The memo also noted that some of the unauthorized US users who viewed the information would have been eligible to have accessed the restricted information if they’d asked to be considered for authorization.

“When this coding error was discovered, I&A immediately fixed the problem and investigated any potential harm,” a DHS spokesperson told WIRED in a statement. “Following an extensive review, multiple oversight bodies determined there was no impactful or serious security breach. DHS takes all security and privacy measures seriously and is committed to ensuring its intelligence is shared with federal, state, local, tribal, territorial, and private sector partners to protect our homeland from the numerous adversarial threats we face.”

[ad_2]

Andy Greenberg

Source link

September 16, 2025
I Tried Breaking the Best VPNs. Here Are the 5 That Survived

[ad_1]

Other VPNs We’ve Tested

Private Internet Access (PIA) has a long history in the VPN space, and it’s maintained a track record of defending user privacy—even in the face of actual criminal activity. In 2016, a criminal complaint was filed in Florida against Preston Alexander McWaters for threats made online. McWaters was eventually convicted and sentenced to 42 months in prison. Investigators traced the online threats back to PIA’s servers and subpoenaed the company. As the complaint reads, “A subpoena was sent to [Private Internet Access] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.” McWaters engaged in several other identifying activities, according to the complaint, but PIA wasn’t among them. Despite such a clear view of a VPN provider upholding its no-logging policy, PIA didn’t impress me during my tests. It’s slightly more expensive than a lot of our top picks, and it delivered the worst speeds out of any VPN I tested, with more than a 50 percent drop on the closest US server. (Windscribe, for context, only dropped 15.6 percent of my speed.)

MysteriumVPN is the go-to dVPN, or decentralized VPN, as far as I can tell. The concept of a decentralized VPN has existed for a while, but it’s really gained traction over the last couple of years. The idea is to have a network of residential IP addresses that make up the network, routing your traffic through normal IP addresses to get around the increasingly common block lists for VPN servers. Mysterium accomplishes this network with MystNodes. It’s a crypto node. People buy the node to earn crypto, and they’re put into the Mysterium network. It’s not inherently bad, but routing your traffic through a single residential IP is a little worrisome. Even without the decentralized kick, Mysterium was slow, and it doesn’t maintain any sort of privacy materials, be it a third-party audit, warranty canary, or transparency report.

PrivadoVPN is one of the popular options to recommend as a free VPN. It offers a decent free service, with a handful of full-speed servers and 10 GB of data per month. You’ll have to suffer through four—yes, four—redirects begging you to pay for a subscription before signing up, but the free plan works. The problem is how new PrivadoVPN is. There’s no transparency report or audit available, and although the speeds are decent, they aren’t as good as Proton, Windscribe, or Surfshark. PrivadoVPN isn’t bad, but it’s hard to recommend when Proton and Windscribe exist with free plans that are equally as good.

How We Test VPNs

Functionally, a VPN should do two things: keep your internet speed reasonably fast, and actually protect your browsing data. That’s where I focused my testing. Extra features, a comfy UI, and customization settings are great, but they don’t matter if the core service is broken.

Speed testing requires spot-checking, as the time of day, the network you’re connected to, and the specific VPN server you’re using can all influence speeds. Because of that, I always set a baseline speed on my unprotected connection directly before recording results, and I ran the test three times across both US and UK servers. With those baseline drops, I spot-checked at different times of the day over the course of a week to see if the speed decrease was similar.

Security is a bit more involved. For starters, I checked for DNS, WebRTC, and IP leaks every time I connected to a server using Browser Leaks. I also ran brief tests sniffing my connection with Wireshark to ensure all of the packets being sent were secured with the VPN protocol in use.

On the privacy front, the top-recommended services included on this list have been independently audited, and they all maintain some sort of transparency report. In most cases, there’s a proper report, but in others, such as Windscribe, that transparency is exposed through legal proceedings.

[ad_2]

Jacob Roach

Source link

September 16, 2025
New Evite phishing scam uses emotional event invitations to target victims
[ad_1]
NEWYou can now listen to Fox News articles!

I recently got an email from a friend with the subject “Special Celebration of Life.” It looked like a genuine Evite invitation. But when I clicked the “View Invitation” button, my antivirus software blocked the site, flagging it as a phishing attempt.

It was one of the most convincing scam emails I’ve seen lately, complete with Evite branding, realistic design, and a personal touch. If I didn’t have strong antivirus protection, I might have walked right into it.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

Phishing email appears to be a legitimate Evite invitation titled “Special Celebration Of Life.” (Kurt “CyberGuy” Knutsson)

How this Evite phishing scam works

Scammers send fake Evite messages with emotionally charged subjects, such as a “Special Celebration of Life,” to lure you into clicking. These emails mimic Evite’s design so they appear to come from someone you know, lowering your guard.

Scammers are sending fake Evite invitations that look personal and trustworthy. One click can expose a user’s personal data or install malware. (Kurt “CyberGuy” Knutsson)

Clicking the malicious link can:
- Steal your personal information
- Capture your login credentials
- Install malware on your device
Because these invitations feel personal and urgent, they can bypass skepticism. Always verify sender details before opening event links, especially for sensitive occasions.

Always hover over links and check sender details before clicking, especially on invitations or urgent messages from unfamiliar sources. (Kurt “CyberGuy” Knutsson)

Steps to protect yourself from fake Evite phishing scams

Even the most convincing invitation can be a trap, as the fake Evite email I received proved. By following these steps, you can lower your chances of falling for similar scams and keep your personal information safe.

HOW FAKE MICROSOFT ALERTS TRICK YOU INTO PHISHING SCAMS

1) Use strong antivirus software for real-time protection

Strong antivirus software can stop you from landing on dangerous sites. In my case, the antivirus software blocked the fake Evite link and flagged it as phishing before any damage was done. Choose strong antivirus software with phishing detection and automatic blocking to protect against threats you might not spot yourself.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

2) Check the sender’s email address carefully

Scammers often use email addresses that look almost identical to legitimate ones, but with tiny changes, like an extra letter, a missing character, or a different domain extension. In my fake Evite example, the branding looked perfect, but the sender’s address didn’t match Evite’s official domain. Always double-check before trusting an email.

HOW I ALMOST FELL FOR A MICROSOFT 365 CALENDAR INVITE SCAM

3) Hover over links before clicking

Before you click “You’re Invited!”, “View Invitation” or “RSVP Now,” hover your mouse over the link. Your email client will usually display the destination URL. In the phishing email I received, the link pointed to a suspicious domain, not Evite.com. In the phishing email I received, the link pointed to a suspicious domain, not Evite.com. If you look closely, you’ll see it was misspelled as “envtte.” If the address looks odd or unfamiliar, don’t click.

A closer look reveals the fake link in this email that leads to a suspicious domain, not Evite.com. (Kurt “CyberGuy” Knutsson)

4) Use a personal data removal service to limit your exposure

The less personal information scammers can find about you online, the harder it is for them to target you. A personal data removal service can scrub your personal details, such as your phone number, home address, and email, from public databases. This reduces the risk of scammers crafting convincing, personalized phishing attempts like the fake Evite email I received.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

5) Verify with the sender directly before clicking

If an invitation appears to come from a friend, don’t assume it’s real. Scammers often spoof the names of people you know. Send a quick text or make a phone call to confirm they actually sent the invite. In many cases, they’ll be just as surprised as you are to hear about it.

What this means for you

Phishing scams are evolving to look more authentic than ever. Even if the message seems to come from someone you trust, one careless click can put your personal data at risk. Having strong cybersecurity tools in place and knowing how to spot a scam is your best defense.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

I was lucky my antivirus software blocked this attack before any damage was done. But not everyone has that safety net. The next time an unexpected invitation or urgent message lands in your inbox, take a few extra seconds to verify before you click.

Have you ever almost fallen for a fake event invite? What happened? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 15, 2025
This Chrome VPN extension secretly spies on you
[ad_1]
NEWYou can now listen to Fox News articles!

Browser extensions promise convenience, but some take far more than they give. A new report from Koi Security says that FreeVPN.One, a Chrome extension with more than 100,000 installs and even a “Featured” badge, has been secretly taking screenshots of users’ browsing sessions.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

HOW AI IS NOW HELPING HACKERS FOOL YOUR BROWSER’S SECURITY TOOLS

Google Chrome extension FreeVPN.One has allegedly taken screenshots of users’ sensitive information. (Kurt “CyberGuy” Knutsson)

How FreeVPN.One secretly captured your browsing

Once installed, FreeVPN.One didn’t just handle VPN traffic. It silently captured screenshots of every website you visited, bank logins, private photos, sensitive documents, and sent them to servers controlled by the developer.

Even worse, the extension added permissions step by step, disguising its activity as “AI Threat Detection.” What looked like a useful feature became a tool for constant background surveillance.

Why this Chrome extension threat is so dangerous

People install VPNs to protect their privacy. Instead, this extension flipped that expectation on its head. By using Chrome’s and scripting permissions, FreeVPN.One gained access to every page you opened.

Koi Security researchers tested the extension and confirmed it captured screenshots even on trusted sites like Google Photos and Google Sheets. The developer claimed these images were not stored, but offered no proof.

MALICIOUS BROWSER EXTENSIONS CAUGHT SPYING ON 2 MILLION USERS

The screenshots were allegedly sent to the extension’s developer. (Kurt “CyberGuy” Knutsson)

Warning signs of unsafe free VPN extensions

There were red flags all along:
- Awkward grammar and poorly written descriptions.
- A generic Wix page as the only developer “contact.”
- A promise of unlimited, free VPN service with no clear business model.
While some free VPNs may work responsibly, most need a way to profit. If it isn’t by charging you, it may be by selling your data.

FreeVPN.One developer’s response and Google’s removal

When Koi Security published its findings, the developer behind FreeVPN.One offered a partial explanation. He claimed the automatic screenshot captures were part of a “Background Scanning” feature, intended only for suspicious domains. He also said the images weren’t stored, only briefly analyzed for threats.

But researchers observed screenshots taken on trusted sites like Google Photos and Google Sheets, which don’t fit that explanation. When asked to provide proof of legitimacy, such as a company profile, GitHub repository, or professional contact, the developer stopped responding. The only public link tied to the extension led to a basic Wix starter page.

FreeVPN.One has been removed from the Chrome Web Store. Attempts to visit its page now return the message: “This item is not available.”

While the removal reduces the risk of new downloads, it also highlights a troubling gap. The extension spent months with spyware behavior while still carrying a verified label, raising questions about how thoroughly Chrome reviews updates to featured extensions.

GOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED

FreeVPN.one is not available in the Microsoft Edge store (Koi Security)

Steps to protect yourself from VPN extension spyware

If you’ve installed FreeVPN.One or any suspicious Chrome VPN extension, take these steps if you are concerned for your cybersecurity:

1) Uninstall immediately

Go to Chrome > Window > Extensions and click remove.

2) Use a trusted VPN

Stick to reliable VPN providers that have proven track records, audited policies, and transparent operations. By choosing a legitimate VPN, you take control of your privacy instead of handing it over to an anonymous developer. A reliable VPN is also essential for protecting your online privacy and ensuring a secure, high-speed connection.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com/VPN

3) Scan your device with strong antivirus software

Run a trusted antivirus tool to check for hidden malware. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech

4) Change your passwords

Assume anything typed or viewed could have been logged. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your passwords have been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

5) Use a personal data removal service

Extensions like FreeVPN.One show how easily your private details can be collected and exploited. Even after uninstalling spyware, your personal information may already be circulating on data broker sites that sell your identity to marketers, scammers, and even cybercriminals. A personal data removal service can scan for your information across hundreds of broker sites and automatically request its removal. This limits how much of your data can be weaponized if it’s ever exposed through an extension like this.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

6) Check permissions

Before adding any extension, review what it requests. If a VPN wants access to “all websites,” that’s a red flag.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

FreeVPN.One is a reminder that “free” often comes at a hidden cost; your data. Don’t assume an extension is safe just because it looks popular or carries a badge. Be critical, vet carefully, and use privacy tools backed by real companies.

Would you trade your browsing privacy for a free tool, or is it time to rethink the cost of “free”? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 14, 2025
Mexico’s first female president completes first year with high approval, but challenges loom

[ad_1]

MEXICO CITY — Each September, Mexico’s president appears before a crowd of tens of thousands in the nation’s central square to perform the grito, the shout of independence commemorating the country’s break from colonial rule.

This year, for the first time, a woman will lead the masses in chants of “Long live Mexico!”

Monday’s ceremony in Mexico City’s main plaza will be a historic moment for the nation and for President Claudia Sheinbaum, who, in her first year as the country’s first female leader, has maintained remarkably high marks despite a spate of domestic and international challenges.

Supporters take selfies with the new president of Mexico, Claudia Sheinbaum, after her swearing-in ceremony in Congress in 2024.

(Felix Marquez / Picture Alliance / Getty Images)

Sheinbaum, 63, who took office last Oct. 1, boasts approval ratings above 70% and has notched multiple victories: winning passage of major constitutional reforms, overseeing unprecedented judicial elections and deftly negotiating with President Trump, making concessions on immigration and security to avert the worst of his threatened tariffs on Mexican goods.

She has also overseen a 25% drop in homicides, an impressive feat in a country exhausted by drug violence that she chalks up to her administration’s aggressive new crackdown on organized crime.

“We’re doing well and we’ll get better,” Sheinbaum said this month during a speech to Congress, where members of her political party, which controls both houses of the legislature, cheered her with shouts of “Long live Claudia!”

But perhaps Sheinbaum’s biggest feat has been emerging from the long shadow cast by her predecessor, Andrés Manuel López Obrador, a hero among the working class whose support was crucial to her election.

As a candidate for López Obrador’s Morena party, Sheinbaum promised to continue his populist project, which sought to reduce poverty and shift power away from traditional economic and political elites.

Mexicans line up at a polling station in Guadalajara on June 2, 2024, the day voters cast ballots to elect Claudia Sheinbaum the president of Mexico.

(Ulises Ruiz / AFP via Getty Images)

After she won in a landslide, she faced criticism that she would be his “puppet,” a discourse she dismissed as sexist.

Still, there’s no question that Sheinbaum has had to walk a tricky line: defining her presidency on her own terms while also demonstrating loyalty to the political movement that got her there.

As López Obrador has retreated from public life, retiring to his ranch in southern Mexico, Sheinbaum has embraced many of his signature policies, including a popular welfare program that distributes cash to youth, people with disabilities and senior citizens.

She has continued López Obrador’s practice of daily morning news conferences, where she often pays lip service to the former president and repeats his signature phrase: “For the good of all, the poor first.”

Political analyst Jorge Zepeda Patterson said that Sheinbaum has successfully outmaneuvered other Morena party members, including several former political rivals, to be seen as the new voice of López Obrador’s movement.

“She is the heir, she is the interpreter of the entire movement, and that is no small thing,” he said.

Supreme Court President Hugo Aguilar Ortiz receives a traditional purification ceremony from representatives of Indigenous communities during the swearing-in ceremony at the Supreme Court building on Sept. 1 in Mexico City.

(Hector Vivas / Getty Images)

Sheinbaum also muscled across the finish line one of his most controversial undertakings: an overhaul of the judicial system that mandates judges be elected by popular vote. Critics argue the move was designed to concentrate power in the hands of Morena and opens the door to corruption.

“That’s something dictators only invent to control the judiciary,” said Ernesto Zedillo, a former president and leader of the Institutional Revolutionary Party.

But while furthering López Obrador’s agenda, Sheinbaum has also quietly been carving her own path.

While he was combative and highly ideological, railing for hours at his news conferences against neoliberalism and the “power mafia” that he said long controlled Mexico, Sheinbaum has embraced a more diplomatic tone. She says Mexico’s future depends on its entrepreneurs. In her news conferences, she chooses her words carefully, a serene smile on her face.

Her most significant departure from her mentor has been on matters of security.

As part of his “hugs not bullets” policy, López Obrador scaled back security cooperation with the U.S., ordered soldiers to stop confronting cartels and put an emphasis on new social programs. Throughout his six-year term, homicides hovered near record highs and criminal groups expanded their control.

Sheinbaum, under pressure from Trump to clamp down on drug trafficking, has changed tack, dismantling fentanyl labs, carrying out major drug busts and sending dozens of accused cartel leaders to the U.S. to face justice.

Despite those wins, major challenges loom.

The biggest one is Trump.

Trucks queue near the Mexico-U.S. border before crossing the border at Tijuana on March 4.

(Guillermo Arias / AFP via Getty Images)

Mexico’s economy was already on the rocks when the U.S. president began issuing tariff threats, spooking overseas investors who once viewed Mexico as a pipeline to move products into the U.S. tax-free. As a result, growth has slowed.

Sheinbaum and Trump have yet to meet, but have spoken several times in phone conversations both leaders have described as successful. “More and more, we are getting to know and understand each other,” Trump said in August.

For Sheinbaum one constant pressure is the threat of U.S. military action in Mexico.

Trump recently signed an order allowing the Defense Department to use force against Latin American drug cartels, which he has designated as foreign terrorist groups. The U.S. military recently destroyed a Venezuelan boat it said was trafficking drugs, killing 11.

President-elect Claudia Sheinbaum and President Andrés Manuel López Obrador attend a ceremony on Sept. 19, 2024, commemorating lives lost during major earthquakes that have hit Mexico on Sept. 19 in 1985, 2017 and 2022.

(Guillermo Arias / AFP via Getty Images)

Carlos Bravo Regidor, a Mexican political analyst, said much of Sheinbaum’s first year has been dominated by two men: Trump and López Obrador, who is commonly known by his initials, AMLO.

“She’s trapped between the legacy of AMLO and the reality of Donald Trump,” he said.

Sheinbaum’s posture on possible U.S. military action embodies how she’s dealt with Trump. She’ll speak plainly — “There will be no invasion” and Mexico is “not a colony of anyone” — but resists engaging in tit-for-tat remarks to stoke Trump’s ire.

More than once, when asked to respond to Trump’s latest hyperbolic comment, she’s replied: “President Trump has his own way of communicating.”

President Sheinbaum speaks during the first State of the Union report of her tenure at Palacio Nacional on Sept. 1 in Mexico City, Mexico.

(Manuel Velasquez / Getty Images)

Still, there’s little doubt that Sheinbaum has benefited from the wave of nationalism that has surged here in the face of an American president who persecuted Mexican migrants living in the U.S. and threatened drone strikes on Mexican territory. That sentiment is likely to be on display on Monday, when Mexicans don the red, white and green of their flag and convene in the Zócalo for the independence celebrations.

There will also be a strong current of feminism.

Sheinbaum has often repeated the mantra she first spoke the night she won office: “I didn’t arrive alone, I arrived with all Mexican women.”

For many Mexicans across party lines, her presidency has been transformative.

Mexico City resident Esther Ramos, 40, said she planned to take her young daughters to see Sheinbaum deliver the grito, not as a lesson in politics, per se, but as a lesson in what is possible.

“My two daughters will see that a woman is capable of achieving whatever they want,” she said.

[ad_2]

Kate Linthicum

Source link

September 14, 2025
Charlie Kirk’s widow vows to continue his mission after his killing

[ad_1]

Charlie Kirk’s widow, Erika Kirk, has vowed to continue her husband’s mission after he was shot and killed at an event in Utah, with police arresting 22-year-old Tyler Robinson for the murder.”If you thought my husband’s mission was powerful before, you have no idea, you just have no idea what you have unleashed across this entire country,” Erika Kirk said. Vigils were held across the country last night in honor of the late conservative activist. The FBI has been searching Robinson’s home for evidence and clues. Investigators say Robinson fired a single round from a bolt-action rifle, leaving behind the weapon and bullet casings engraved with messages like, “Hey fascist, catch.” Authorities say Robinson had grown increasingly political in recent years, telling family members he knew Kirk would be on the Utah Valley University campus and criticizing the conservative activist.Police say it was Robinson’s father who recognized his son as the suspect after the FBI released photos. He encouraged Robinson to turn himself in. Utah Gov. Spencer Cox said, “A family member of Tyler Robinson reached out to a family friend who contacted the Washington County Sheriff’s Office with information that Robinson had confessed to them or implied that he had committed the incident.”Robinson is due in court Tuesday on murder charges. Both President Trump and Utah’s governor have expressed their desire for prosecutors to pursue the death penalty.Voter registration records show that Robinson is registered to vote unaffiliated with any party, although he is listed as an “inactive” voter, meaning he hasn’t voted in at least the most recent two general elections.Kentucky Rep. James Comer said people feel safer now that the suspect is in custody, but there are still concerns from lawmakers about the rise of political violence. Some lawmakers have changed or canceled their political events. Lawmakers on both sides of the aisle are calling for calmer rhetoric and more security, something that is being considered on Capitol Hill.

WASHINGTON —

Charlie Kirk’s widow, Erika Kirk, has vowed to continue her husband’s mission after he was shot and killed at an event in Utah, with police arresting 22-year-old Tyler Robinson for the murder.

“If you thought my husband’s mission was powerful before, you have no idea, you just have no idea what you have unleashed across this entire country,” Erika Kirk said.

Vigils were held across the country last night in honor of the late conservative activist.

The FBI has been searching Robinson’s home for evidence and clues. Investigators say Robinson fired a single round from a bolt-action rifle, leaving behind the weapon and bullet casings engraved with messages like, “Hey fascist, catch.”

Authorities say Robinson had grown increasingly political in recent years, telling family members he knew Kirk would be on the Utah Valley University campus and criticizing the conservative activist.

Police say it was Robinson’s father who recognized his son as the suspect after the FBI released photos. He encouraged Robinson to turn himself in.

Utah Gov. Spencer Cox said, “A family member of Tyler Robinson reached out to a family friend who contacted the Washington County Sheriff’s Office with information that Robinson had confessed to them or implied that he had committed the incident.”

Robinson is due in court Tuesday on murder charges. Both President Trump and Utah’s governor have expressed their desire for prosecutors to pursue the death penalty.

Voter registration records show that Robinson is registered to vote unaffiliated with any party, although he is listed as an “inactive” voter, meaning he hasn’t voted in at least the most recent two general elections.

Kentucky Rep. James Comer said people feel safer now that the suspect is in custody, but there are still concerns from lawmakers about the rise of political violence. Some lawmakers have changed or canceled their political events. Lawmakers on both sides of the aisle are calling for calmer rhetoric and more security, something that is being considered on Capitol Hill.

[ad_2]

Source link

September 13, 2025