Tag: Security

Netflix suspension scam targets your inbox

[ad_1]

NEWYou can now listen to Fox News articles!

Holiday phishing attempts surge every year, and scammers know people juggle subscriptions, gifts and billing changes. That makes a fake alert feel real for a split second. Stacey P. emailed to tell us that he received one of these messages and wrote:

“I thought I should forward this message to you that I received today that was ostensibly from Netflix. Without clicking on any links, I called Netflix and they advised me that my account is in good standing. They asked me to forward this to them.”

— Stacey P.

Stacey’s experience shows how convincing these emails can appear and why taking a moment to verify can make all the difference. These Netflix suspension emails look polished at first glance. When you look closer, however, the warning signs jump out.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

HOLIDAY DELIVERIES AND FAKE TRACKING TEXTS: HOW SCAMMERS TRACK YOU

Holiday phishing scams spike as fake Netflix suspension emails exploit seasonal billing confusion and urgency. (Zeng Hui/Xinhua via Getty Images)

Why scammers use this approach

People expect billing reminders during the holidays. When you see a familiar logo during a busy day, your guard drops for a moment. Scammers build templates that look clean, simple and trustworthy because it increases their odds of success.

Red flags inside the fake Netflix message

The Netflix scam email attempts to mimic Netflix’s branding, but several details reveal it is fraudulent.

Spelling and grammar issues

The email includes mistakes real companies would never send. It uses valldate instead of validate, Communicication instead of communication and even writes “sent to yo” with the u missing from you. Errors like these are major signs of a scam.

Strange tone and pressure tactics

The message claims your billing info failed and says your membership will be suspended within 48 hours unless you act. Criminals rely on urgency because it stops people from thinking clearly.

Fake login buttons

The bold red Restart Membership button aims to lure you into entering your credentials on a phishing page. Once you type your password and payment details, you hand them over to attackers.

Generic greeting

The message uses Dear User instead of your name. Netflix includes your account name in official communications.

Suspicious footer and address

The footer contains off wording about inbox preferences and a Scottsdale address not tied to Netflix. Real subscription providers use consistent company details.

FACEBOOK SETTLEMENT SCAM EMAILS TO AVOID NOW

A reader narrowly avoided a Netflix phishing scam by calling the company instead of clicking the email link. (Luis Boza/NurPhoto via Getty Images)

How to stay safe from the Netflix suspension scam

A few habits can protect your account even when a phishing attempt looks convincing.

1) Check your account on Netflix.com

Open Netflix on your browser or app instead of clicking any link in the email. Your account status there is always accurate.

2) Avoid entering payment details through email links

Phishing pages often copy real sites. Instead of clicking the link in the message, open your browser and type the official website address yourself. This keeps you in control and away from fake pages.

3) Use a data removal service

Scammers often pull email addresses and personal details from data broker sites. These lists fuel subscription scams that look like the Netflix alert Stacey received. A trusted data removal service can pull your information off those sites and cut down on future phishing attempts.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Hover over links to reveal the true URL

On a computer, hovering over a link shows where it really goes. If the address looks strange, delete the message.

5) Report the scam

Forward suspicious Netflix emails to phishing@netflix.com. This helps the fraud team block similar messages.

6) Strengthen your device security

Use two-factor authentication (2FA) for your email and install strong antivirus software to catch malicious pages. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

THE FAKE REFUND SCAM: WHY SCAMMERS LOVE HOLIDAY SHOPPERS

Scammers use polished branding and urgent language to trick users into giving up login and payment details. (Gabby Jones/Bloomberg via Getty Images)

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

7) Consider an identity theft protection service

If you ever enter your billing info into a fake login page, attackers can use that data for much more than streaming fraud. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Stacey’s caution prevented him from becoming another victim of this email scam. These messages keep getting more believable, so spotting the red flags and using the steps above can save you time, money and frustration.

Have you seen a fake subscription alert recently that nearly fooled you? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 22, 2025
FBI warns of fake kidnapping photos used in new scam
[ad_1]
NEWYou can now listen to Fox News articles!

The FBI is warning about a disturbing scam that turns family photos into powerful weapons. Cybercriminals are stealing images from social media accounts, altering them and using them as fake proof of life in virtual kidnapping scams.

These scams do not involve real abductions. Instead, criminals rely on fear, speed and believable images to pressure victims into paying ransom before they can think clearly.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

FACEBOOK SETTLEMENT SCAM EMAILS TO AVOID NOW

Scammers steal photos from public social media accounts and manipulate them to create fake proof of life images that fuel fear and urgency. (Kurt “CyberGuy” Knutsson)

How the fake kidnapping scam works

According to the FBI, scammers usually start with a text message. They claim they have kidnapped a loved one and demand immediate payment for their release. To make the threat feel real, the criminals send an altered photo pulled from social media. The FBI says these images may be sent using timed messages to limit how long victims can examine them. The agency warns that scammers often threaten extreme violence if the ransom is not paid right away. This urgency is designed to shut down rational thinking.

Signs the photo may be fake

When victims slow down and look closely, the altered images often fall apart. The FBI says warning signs may include missing scars or tattoos, strange body proportions or details that do not match reality. Scammers may also spoof a loved one’s phone number, which makes the message feel even more convincing. Reports on sites like Reddit show this tactic is already being used in the real world.

Why this fake kidnapping scam is so effective

Virtual kidnapping scams work because they exploit emotion. Fear pushes people to act fast, especially when the message appears to come from someone they trust. The FBI notes that criminals use publicly available information to personalize their threats. Even posts meant to help others, such as missing person searches, can provide useful details for scammers.

Ways to stay safe from virtual kidnapping scams

The FBI recommends several steps to protect yourself and your family.
- Be mindful of what you post online, especially photos and personal details
- Avoid sharing travel information in real time
- Create a family code word that only trusted people know
- Pause and question whether the claims make sense
- Screenshot or record proof of life photos
- If you receive a message like this, try to contact your loved one directly before doing anything else.
Staying calm is one of your strongest defenses. Slowing down gives you time to spot red flags and avoid costly mistakes.

How to strengthen your digital defenses against virtual kidnapping scams

When scammers can access your photos, phone numbers and personal details, they can turn fear into leverage. These steps help reduce what criminals can find and give you clear actions to take if a threat appears.

1) Lock down your social media accounts

Review the privacy settings on every social platform you use. Set profiles to private so only trusted friends and family can see your photos, posts and personal updates. Virtual kidnapping scams rely heavily on publicly visible images. Limiting access makes it harder for criminals to steal photos and create fake proof-of-life images.

Limiting what you share online and slowing down to verify claims can help protect your family from panic-driven scams like this one. (Jaap Arriens/NurPhoto via Getty Images)

2) Be cautious about what you share online

Avoid posting real-time travel updates, daily routines or detailed family information. Even close-up photos that show tattoos, scars or locations can give scammers useful material. The less context criminals have, the harder it is for them to make a threat feel real and urgent.

3) Use strong antivirus software on all devices

Install strong antivirus software on computers, phones and tablets. Strong protection helps block phishing links, malicious downloads and spyware often tied to scam campaigns. Keeping your operating system and security tools updated also closes security gaps that criminals exploit to gather personal data.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

4) Consider a data removal service to reduce exposure

Data brokers collect and sell personal information pulled from public records and online activity. A data removal service helps locate and remove your details from these databases. Reducing what is available online makes it harder for scammers to impersonate loved ones or personalize fake kidnapping threats.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

5) Limit facial data in public profiles

Review older public photo albums and remove images that clearly show faces from multiple angles. Avoid posting large collections of high-resolution facial photos publicly. Scammers often need multiple images to convincingly alter photos. Reducing facial data weakens their ability to manipulate images.

6) Establish a family verification plan

Create a simple verification plan with loved ones before an emergency happens. This may include a shared code word, a call back rule or a second trusted contact. Scammers depend on panic. Having a preset way to verify safety gives you something steady to rely on when emotions run high.

7) Secure phone accounts and enable SIM protection

Contact your mobile carrier and ask about SIM protection or a port-out PIN. This helps prevent criminals from hijacking phone numbers or spoofing calls and texts. Since many fake kidnapping scams begin with messages that appear to come from a loved one, securing phone accounts adds an important layer of protection.

The FBI warns that these virtual kidnapping scams often begin with a text message that pressures victims to pay a ransom immediately. (Getty Images)

8) Save evidence and report the scam

If you receive a threat, save screenshots, phone numbers, images and message details. Do not continue engaging with the sender. Report the incident to the FBI’s Internet Crime Complaint Center. Even if no money is lost, reports help investigators track patterns and warn others.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Virtual kidnapping scams show how quickly personal photos can be weaponized. Criminals do not need real victims when fear alone can drive action. Taking time to verify claims, limiting what you share online and strengthening your digital defenses can make a major difference. Awareness and preparation remain your best protection.

Have you or someone you know encountered a scam like this? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
December 21, 2025
Holiday deliveries and fake tracking texts: How scammers track you
[ad_1]
NEWYou can now listen to Fox News articles!

As we head into the last stretch of December (and last-minute gift shopping), your doorstep is probably busier than ever. And if you’re anything like me, you’re probably also juggling shipping updates, tracking numbers, and “out for delivery” alerts from half a dozen retailers.

Unfortunately, scammers know this too, and they’ve likely been preparing for it all year. Like clockwork, I’ve already started seeing the usual wave of fake tracking texts hitting people’s phones. They look legit, they show up right when you’re expecting a package, and they rely on one inescapable truth: during the holiday rush, most of us are too overwhelmed to notice when something feels off.

No need to panic, though. You can still come out ahead of the scammers. I’ll show you what to look out for and how you can prevent being targeted in the first place.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

THE FAKE REFUND SCAM: WHY SCAMMERS LOVE HOLIDAY SHOPPERS

Holiday shoppers are being hit with a surge of fake delivery texts designed to steal personal information and account logins. (Photo by Sebastian Kahnert/picture alliance via Getty Images)

What fake delivery text messages look like

Most of these fake shipping texts include a “tracking link” that looks close enough to the real thing that you might tap without thinking twice about it. In some cases, like one Maryland woman found out, you may even receive fake deliveries with a QR code that works in a similar way.

These links usually lead to a spoofed tracking page that looks almost identical to the real thing. It’ll ask you to “confirm” your login or enter your delivery details. The moment you type anything in, scammers capture it and use it to access your real accounts.

Even worse, the “tracking link” may contain malware or spyware, triggering silent installs that can steal passwords, monitor keystrokes, or give scammers remote access to your device.

Red flags that reveal fake shipping and tracking messages

So how can you distinguish between a legitimate message for a delivery you’re actually waiting for and one of these scams? Here are the red flags I look for:
- Weird or slightly altered URLs. Scammers use domains that look almost right. Except there’s usually one extra letter, a swapped character, or a completely unfamiliar extension.
- Requests for additional payment. Real carriers don’t ask you to pay a “small fee” to release a package. That’s an instant giveaway.
- A package you’re not expecting. If the text is vague or you can’t match it to a recent order, pause before you tap anything.
- Delivery attempts at odd hours. “Missed delivery at 6:12 AM” or “late-night attempt” messages are usually fake. Carriers don’t normally operate like that.
- Updates that don’t match what you see in the retailer’s app or email. If Amazon says your package is arriving tomorrow, but a random text says it’s delayed or stuck, trust Amazon, not the text.
- Language that is designed to rush you. Anything screaming “immediate action required!” is designed to make you stop thinking and start tapping.
If a text triggers any one of these, I delete it on the spot. When in doubt, always check directly with the delivery service provider first before opening any links.

WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW

Scammers are sending deceptive tracking links that mimic real carriers, hoping rushed shoppers won’t notice red flags. (Silas Stein/picture alliance via Getty Images)

How scammers know your address, phone number, and shopping habits

Scammers don’t magically know where you live or what you’ve ordered — they buy that information. There’s actually an entire industry of data brokers built on collecting and selling personal data. This can include your:
- Phone number
- Home address
- Email
- Purchase history
- Browsing patterns
- Retailers accounts and apps
- Loyalty programs
- Even preferred delivery times.
These data brokers can sell profiles containing hundreds of data points on you. And they aren’t always discerning about who they sell to. In fact, some of them have been caught intentionally selling data to scammers.

Once scammers have those details, creating a convincing delivery scam is no problem.

But scammers can’t target what they can’t find

I’ve been very vocal about the importance of keeping personal information under lock and key. And this is just one of the reasons why.

Criminals rely on your personal information to target you with these types of scams. They also need at least a phone number or email address to reach you in the first place.

So your best bet to avoid delivery scams (and, honestly, most other scams year-round) is removing your info from data brokers and people search sites. Doing this will keep your details out of circulation online and out of the wrong hands.

FBI WARNS EMAIL USERS AS HOLIDAY SCAMS SURGE

Fraudsters use spoofed shipping pages and malware to capture passwords and gain access to victims’ devices. (Martin Ollman/Getty Images)

How to remove your personal information from scammers’ reach

You can start by looking yourself up online. Searching for different combinations of your name, address, email, and phone number should bring up a bunch of people search sites. Just visit the “opt-out” page on each site to request removal of your data.

Private-database data brokers are a bit trickier. They sell data in bulk, usually to marketers and other third parties. So you won’t be able to check if they have your information. But if you look into which data brokers operate in your area, you can just send opt-out requests to them all. There’s a good chance they’ll have your information.

You can also turn to a data removal service. They completely remove the headache from this process and just automatically keep your personal info off data broker sites. If, like me, you don’t have the time to keep manually checking data broker sites and sending removal requests every few months (because your data will keep reappearing), a personal data removal service is the way to go.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaways

Holiday delivery scams work because they blend perfectly into the chaos of December shopping. A well-timed text and a familiar tracking link are often all it takes to lower your guard. By slowing down, checking messages directly with retailers, and reducing how much of your personal data is circulating online, you can take away the advantage scammers rely on. A little caution now can save you a major headache later.

Have you received a suspicious delivery text or tracking message this holiday season? If so, tell us what it looked like and how you handled it by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
December 19, 2025
Facebook settlement scam emails to avoid now

[ad_1]

NEWYou can now listen to Fox News articles!

Millions of Facebook users filed claims in a recent privacy settlement after the platform was accused of mishandling user data. The approved payouts have been rolling out, which means people are watching their inboxes for updates. Scammers know this and are sending look-alike emails that push you to click a “Redeem Virtual Card” button. Arlene B emailed us to share what landed in her inbox.

“I received an email stating that it was from (Facebook User Privacy Settlement Administrator) and that I needed to click on the button below to “Redeem Virtual Card.” Do you know if this is a scam or not?”

Her question shows how convincing these fake messages appear. A real settlement did happen, and people have been getting payments. Still, criminals are now piggybacking on the rollout with messages that look official but lead to dangerous sites that steal your information. Let’s walk through how to tell real emails from fake ones.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES

Scammers send fake settlement emails that mimic the real payout notices to trick you into clicking. (Kurt “CyberGuy” Knutsson)

How to check if your Facebook settlement email is legitimate

Scammers rely on confusion and urgency. These steps help you confirm the message before you click anything.

Confirm the sender’s address

Real settlement emails come from facebookuserprivacysettlement@notifications.kroll.com. Kroll is the official administrator.

Look for your claimant ID

Real notices include your unique claimant ID and reference the claim you filed last year. Fake emails skip this personalized detail.

Check where the link leads

Real payout links go to DigitalPay / Veritas or domains tied to krollsettlementadministration. If the link points to a strange or shortened URL, it is likely unsafe.

Watch for common red flags

Pressure to act right away. Clumsy wording or spelling mistakes. A button that goes to a suspicious URL. You never filed a claim in the first place. Any sender address that is not the official Kroll domain.

Remember that you are not required to click anything

If your claim was approved, you have already received a legitimate notice. Emails that say you must “redeem” again or “confirm” payment are signs of a scam.

GEEK SQUAD SCAM EMAIL: HOW TO SPOT AND STOP IT

A quick hover over the “Redeem Virtual Card” button often reveals a suspicious link that gives the scam away. (Kurt “CyberGuy” Knutsson)

Why scammers target large settlements

Whenever a major payout occurs, criminals blend in with legitimate messages because people expect money and may open emails quickly. When fake notices look similar to real ones, it only takes one careless click for scammers to grab your data.

DON’T FALL FOR FAKE SETTLEMENT SITES THAT STEAL YOUR DATA

A person logging onto Facebook (Kurt “CyberGuy” Knutsson)

Ways to stay safe from settlement scams

Use these simple habits to protect yourself from Facebook settlement scams and any future payout scam.

1) Verify the sender every time

Look at the full address. Scammers often change one character in hopes you will not notice.

2) Hover over links before tapping

Check the destination without clicking. A strange URL is your warning sign.

3) Never share sensitive information through email

Real administrators do not ask for banking info or logins.

4) Use a data removal service

Data brokers often collect your email address, phone number and other personal details that scammers use to target victims. A data removal service can pull you out of those databases, which reduces the amount of scam email that reaches you in the first place.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

5) Go directly to the official settlement site

Type in the address yourself instead of using a link from an email.

6) Use strong antivirus software

Good security software blocks dangerous links and pages. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

7) Delete emails that push urgency

Scammers want fast reactions. Slow down and confirm details.

Kurt’s key takeaways

The Facebook settlement payout created the perfect moment for scammers to slip fake messages into inboxes. Once you know the signs, it becomes much easier to separate real notices from dangerous ones. Stay alert, trust your instincts and verify before you click.

Would you open a payout email if you were not expecting money in the first place? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 18, 2025
Password manager fined after major data breach

[ad_1]

NEWYou can now listen to Fox News articles!

Any data breach affecting 1.6 million people is serious. It draws even more attention when it involves a company trusted to guard passwords. That is exactly what happened to LastPass.

The U.K. Information Commissioner’s Office has fined LastPass about $1.6 million for security failures tied to its 2022 breach. Regulators say those failures allowed a hacker to access a backup database and put users at risk.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK

Why the LastPass breach still matters

LastPass is one of the most widely used password managers in the world. It serves more than 20 million individual users and around 100,000 businesses. That popularity also makes it an attractive target for cybercriminals.

The U.K. Information Commissioner’s Office fined LastPass for security failures tied to its 2022 breach. (LaylaBird/Getty Images)

In 2022, LastPass confirmed that an unauthorized party accessed parts of its customer information through a third-party cloud storage service. While the incident initially raised alarms, the long-term impact has taken time to fully surface.

The ICO now says the breach affected about 1.6 million U.K. users alone. That scope played a major role in the size of the fine.

What regulators say went wrong

According to the ICO, LastPass failed to put strong enough technical and security controls in place. Those gaps made it possible for attackers to reach a backup database that should have been better protected.

The regulator added that LastPass promises to help people improve security, but failed to meet that expectation. As a result, users were left exposed even if their passwords were not directly cracked.

Were passwords exposed or decrypted?

There is still no evidence that attackers decrypted customer passwords. That point matters.

Despite the breach, security experts continue to recommend password managers for most people. Storing unique, strong passwords in an encrypted vault is still far safer than reusing weak passwords across accounts.

As one expert noted, modern breaches often succeed after identity access rather than password cracking alone. Once attackers get a foothold, the damage can spread quickly.

Although attackers accessed a backup database, there is no evidence that customer passwords were decrypted. (Kurt “CyberGuy” Knutsson)

Why the LastPass fine is a wake-up call for cybersecurity

The ICO called the LastPass fine a turning point. It reinforces the idea that security is about governance, staff training and supplier risk as much as software.

Users have a right to expect that companies handling sensitive data take every reasonable step to protect it.

Breaches may be inevitable, but weak safeguards are not.

LastPass on the UK data breach

We reached out to LastPass for comment on the UK fine, and a spokesperson provided CyberGuy with the following statement:

“We have been cooperating with the UK ICO since we first reported this incident to them back in 2022. While we are disappointed with the outcome, we are pleased to see that the ICO’s decision has recognized many of the efforts we have already taken to further strengthen our platform and enhance our data security measures. Our focus remains on delivering the best possible service to the 100,000 businesses and millions of individual consumers who continue to rely on LastPass.”

MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS

How to protect yourself after a password manager breach

Breaches like this are a reminder that security requires layers. No single tool can protect everything on its own.

1) Use a strong password manager correctly

Keep using a reputable password manager. Set a long, unique master password and enable two-factor authentication. Avoid reusing your master password anywhere else.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

2) Rotate sensitive passwords

Change passwords for financial accounts, email accounts and work logins. Focus on services that could cause real damage if compromised.

3) Lock down your email

Your email account is the key to password resets. Use a strong password, two-factor authentication and recovery options you control.

4) Reduce your exposed personal data

Data brokers collect and sell personal information that criminals use for targeting. A data removal service can help reduce what is publicly available about you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

The fine sends a warning to the entire cybersecurity industry. Companies that handle sensitive data must protect it with strong safeguards and oversight. (REUTERS/Andrew Kelly)

5) Watch for phishing attempts and use strong antivirus software

After major breaches, scammers follow. Be cautious of emails claiming urgent account problems or asking for verification details. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Keep devices updated

Install updates for your operating system, browser and security tools. Many attacks rely on known vulnerabilities that updates already fix.

Kurt’s key takeaways

The fine against LastPass is about more than one company. It highlights how much trust we place in tools that manage our digital lives. Password managers remain a smart security choice. Still, this case shows why you should stay alert even when using trusted brands. Strong settings, regular reviews and layered protection matter more than ever. In the end, security works best when companies and we share the responsibility. Tools help, but habits and awareness finish the job.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you believe companies are doing enough to protect user data, or should regulators step in more often? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 16, 2025
Petco confirms major data breach involving customer data

[ad_1]

NEWYou can now listen to Fox News articles!

Petco revealed a data breach that exposed sensitive customer information. The company disclosed the details in state filings after identifying a configuration in one of its software applications that made certain files accessible online. This issue has now been corrected, but the impact is significant.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

Petco disclosed a breach that exposed customer data after a software setting left files accessible online. (Photographer: Tiffany Hagler-Geard/Bloomberg via Getty Images)

What Petco says the breach exposed

According to reports filed with the Texas attorney general’s office, the exposed data included names, Social Security numbers, driver’s license numbers, financial account details, credit or debit card numbers and dates of birth. Filings in California, Massachusetts and Montana confirm additional affected residents.

In California, companies must report breaches involving at least 500 state residents. Petco did not disclose the exact number, which suggests the real total is higher. For context, Petco said in 2022 that it served more than 24 million customers.

Petco says the company sent notifications to individuals whose information was involved. The sample notice released by the California attorney general explains that a software setting allowed certain files to be accessible online. Petco says it removed those files, corrected the setting and added new security measures.

The company is offering free credit and identity theft monitoring to victims in California, Massachusetts and Montana. It is not clear if similar support is being offered to affected Texas residents.

We reached out to Petco for comment, and a representative provided CyberGuy with the following statement,

“We recently identified a setting in one of our applications which inadvertently made certain Petco files accessible online. Upon identifying the issue, we took immediate steps to correct the error and began an investigation. We notified individuals whose information was involved and continue to monitor for further issues. We take this incident seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to enhance the security of our network.”

What this breach means for you

A breach that exposes government IDs, financial numbers and birth dates creates long-term risks. Criminals use this mix of information to open accounts, take over existing ones or try to pass identity checks. Even if no fraud happens right away, exposed data can sit in criminal markets for years.

Ways to stay safe after a breach like this

You can take several steps today that help lower your risk and protect your identity going forward.

1) Place a credit freeze

A freeze blocks new credit accounts in your name. It also stops criminals from opening loans or credit cards with your stolen information. You can freeze your credit for free at Equifax, Experian and TransUnion.

2) Add two more freezes

Two additional freezes cover accounts that do not run through the major credit bureaus. Freeze ChexSystems to stop criminals from opening checking or savings accounts. Freeze NCTUE to block fake phone, cable or utility accounts.

3) Turn on account alerts

Set up alerts for banking, credit cards and online shopping accounts. Alerts help you spot suspicious activity fast.

4) Use a password manager

Strong passwords protect you from credential stuffing attacks. This happens when criminals take stolen passwords from one breach and try them on other sites. A password manager creates unique passwords for every account and helps you stop those attacks before they start.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

5) Monitor your identity

If Petco offered you free identity theft monitoring, enroll as soon as possible. It helps you catch fraud that can happen months or years later.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW

State filings show Petco customers had Social Security and financial information exposed in the breach. (Photo by Justin Sullivan/Getty Images)

6) Remove exposed personal data

Data broker sites collect and share personal details that fuel scams. Removing your information reduces your exposure and makes you a harder target.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

WHY SCAMMERS OPEN BANK ACCOUNTS IN YOUR NAME

Petco says it corrected the software issue and notified individuals whose information was compromised. (Photo by Paul Weaver/SOPA Images/LightRocket via Getty Images)

7) Watch for phishing and use strong antivirus software

Scammers often follow a breach with emails or texts that look real. Slow down and check every message before you click. A strong antivirus helps block malicious links and alerts you when something looks risky.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

Data breaches happen often, but this one involves information that can cause lasting harm. You can protect yourself with a few quick steps that reduce the chance of fraud and limit how far criminals can get with your data.

How much trust do you place in companies to protect your personal information? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 15, 2025
A CISO’s guide to future-proofing security – Microsoft in Business Blogs
[ad_1]
Setting the stage: Why these conversations matter

In today’s rapidly evolving threat landscape, security leaders are being asked to do more with less. Shrinking budgets, hiring freezes, and reduced access to critical tools are the new reality for CISOs and their teams. Yet, the expectations have never been higher: business resilience, regulatory compliance, and innovation must all move forward often simultaneously.

That’s why I sought out Microsoft’s top security minds during Security Summit Days. My goal was to surface the questions that matter most to CISOs to share actionable insights for navigating uncertainty, driving transformation, and building a future-ready security strategy.

The silo problem: Why integration is non-negotiable

I started by asking: What’s the biggest challenge facing security leaders today? The answer was unanimous.

“The biggest challenge for leaders is that a lot of products work in silos… We need to focus more on the ecosystem versus these siloed products.”
— Emmanuel Taiwo, Microsoft Senior AI Security Solution Engineer Leader

This resonates with what I’m hearing across the industry. CISOs are expected to manage everything from risk assessments and compliance to incident response and board-level strategy—often with fewer resources and less support¹. Integration isn’t optional; it’s the only way to do more with less.

From reactive to proactive: The AI advantage

I pressed the team on how organizations can shift from a reactive to a proactive security posture. The consensus? AI is a game-changer.

“Leaders have moved from a reactive to a more proactive approach… They want to focus more on a proactive approach to know about a vulnerability and threat before it could happen.”
— Kriti Arora, Microsoft Senior Security & Compliance Solution Engineer

With budgets tight, CISOs are prioritizing high-impact areas like identity management and zero-trust architecture over broader awareness programs². AI-driven tools like Microsoft 365 Copilot, Defender, and Sentinel help organizations anticipate threats, automate responses, and visualize their entire attack surface—across cloud, hybrid, and on-premises environments.

Data at the center: Know what you’re protecting

With so much data, how do you know what to protect? I challenged the group, and the answer was refreshingly practical:

“First, you need to understand what is the data that is important for your organization. If you don’t have the knowledge, it is very hard to put controls on it.”
— Liliane Scarpari, Microsoft Security Solution Engineer

For CISOs, this means investing in data classification, governance, and compliance, especially as new AI regulations emerge globally. When resources are limited, knowing your “crown jewels” is the only way to focus your defenses where they matter most.

Security is everyone’s job: Building a security-first culture

Who owns security in a modern enterprise? The answer: Everyone.

“I don’t think we could just look at this as an IT professional, a security professional… We have to think about everyone being part of this transformation.”
— Michael Billy, Microsoft Security General Manager

Training, awareness, and inclusive practices are essential. But with CISOs stretched thin, it is more important than ever to empower every employee to play their part.

Real-world impact: What success looks like

I wanted specifics. What does success look like when organizations get this right?

“When you bring [in] Sentinel and you’re able to bring these third party applications into that platform, you have cross correlation across everything—that’s immediate response data. In my experience in industry, that’s unheard of. Usually you’re having to pull this data set, pull that data set, and trying to bring them together. It just doesn’t work. With Sentinel and XDR, you’re getting a full picture of your estate quickly and more effectively. Overall, it’s going to take you a lot less time.”
— Mike Taylor, Microsoft Senior Security Solution Engineer Leader

The bottom line: Integrated, AI-powered security delivers measurable business value—speed, efficiency, and resilience—even when budgets are tight.

Responsible AI and continuous improvement

How do we keep improving? I closed by asking about the future.

“Go back to the core fundamentals, know your estate, know what data you’re trying to protect. Ultimately, as you prepare for AI, you have to ensure that you have those identities. Make sure you have the data classifications established so you’ll be able to quickly move and pivot.” — Mike Taylor, Microsoft Senior Security Solution Engineer Leader

Continuous learning, responsible AI, and transparent governance are non-negotiable for leaders who want to stay ahead.

My takeaways for CISOs, BDMs, and SDMs

If you are leading security, here is what I would tell you after these conversations:
- Break down silos. Integration is your best defense.
- Invest in AI. Use it to anticipate, not just react.
- Know your data. You cannot protect what you do not understand.
- Empower your people. Security is everyone’s job.
- Never stop learning. The threat landscape—and the technology—will keep evolving.
Continue your security leadership journey

The journey to future-proofing security does not end here. Each interview in the Security in the Age of AI: A Microsoft Leadership Series offers actionable insights and proven strategies from Microsoft’s security leadership—designed to help you lead with confidence in an evolving threat landscape.

Explore the full interview series and actionable knowledge directly from Microsoft’s security leaders on the topics that matter most:
[ad_2]

Dr. Kenneth Johnson

Source link
December 15, 2025
Smart home hacking fears: What’s real and what’s hype

[ad_1]

NEWYou can now listen to Fox News articles!

News of more than 120,000 Korean home cameras being hacked recently can shake your confidence in connected devices. Stories like that make you picture cybercriminals breaking into homes with high-tech gadgets and spying on families through smart cams. That reaction is natural. But most of these headlines leave out important context that can help you breathe a little easier.

First, smart home hacking is rare. Most incidents stem from weak passwords or from someone you already know, rather than from a stranger with advanced tools. Today’s smart home brands push out updates to block intrusion attempts, including patches for new AI-related vulnerabilities that often make headlines.

Let’s break down what actually puts a smart home at risk and what you can do to stay safe.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

SMART HOME DEVICE MAKER EXPOSES 2.7 BILLION RECORDS IN HUGE DATA BREACH

Smart home hacking headlines can look scary, but most threats come from weak passwords rather than targeted attacks. (Kurt “CyberGuy” Knutsson)

Why criminals are not circling your house with hacking gear

Many people imagine cybercriminals driving around neighborhoods with scanners that look for vulnerable devices. In reality, Wi-Fi ranges and technical limits make that nearly impossible. Even high-profile hacks of casinos and large companies do not translate to criminals trying to breach residential smart locks for petty theft.

Burglars still choose low-tech methods. They look for unlocked doors or easy entry points. They avoid complicated hacking tools because the payoff is too small to justify the work.

So how do smart homes get hacked? Here are the real attack paths and how they work.

Common ways smart homes get attacked

Smart homes face a handful of digital threats, but most come from broad automated attacks rather than someone targeting your house.

1) Automated online attacks

Bots constantly scan the internet for weak passwords and outdated logins. These brute force attacks throw billions of guesses at connected accounts. When one works, the device becomes part of a botnet used for future attacks. That doesn’t mean someone is targeting your home on purpose. Bots search for anything they can breach. A strong password stops them.

2) Phishing attempts

Some phishing emails impersonate smart home brands. Clicking a fake link or sharing login details can open the door for criminals to reach your network. Even a general phishing attack can expose your Wi-Fi info and lead to broader access.

3) Data breaches from IoT companies

Hackers often go after company servers, not individual homes. These breaches may expose account details or stored camera footage kept in the cloud. Criminals may sell that data to others who might try to use it. It rarely leads to direct smart home hacking, but it still puts your accounts at risk.

4) Attacks on device communications

Early IoT devices had vulnerabilities that allowed criminals to intercept the data they sent and received. (IoT stands for Internet of Things and includes everyday connected gadgets like smart plugs, smart thermostats or Wi-Fi cameras.) Modern products now use stronger encryption, making these attacks extremely rare in the real world.

5) Bluetooth malware

Bluetooth issues still pop up from time to time, but most modern smart home devices use stronger security than older models. When a new flaw is discovered, companies usually release fast patches, which is why it’s important to keep your apps and gadgets updated. Today, these Bluetooth risks rarely lead to real smart home problems.

ADT HACKED: IS YOUR HOME SECURITY SYSTEM REALLY SECURE?

Who actually tries to hack smart homes

When hacking happens, it usually involves someone with some level of access already. In many cases, no technical hack occurs at all.

Simple steps like stronger Wi-Fi security and regular updates go a long way toward protecting connected devices. ( Al Drago/Bloomberg via Getty Images)

A relation or acquaintance

Exes, former roommates or relatives often know login info. They may try to spy or cause trouble. Update all passwords if you suspect this.

Untrustworthy employees

There have been cases where employees at security companies snooped through camera feeds. This isn’t remote hacking. It’s a misuse of internal access.

Data thieves

They steal account lists and login details to sell. Others may buy those lists and try to log in using exposed credentials.

Blackmail scammers

Some send fake messages claiming they hacked your cameras and threaten you. Most of these scams rely on lies because they have no access at all.

Foreign governments

Some banned foreign manufacturers pose surveillance risks. The FCC maintains a list of companies that cannot sell security tech in the U.S. Always check that list before buying unfamiliar brands.

Smart home devices that can raise concerns

Some everyday gadgets create small but real entry points for trouble, especially when their settings or security features get overlooked.

Smart fridges

They often arrive with default passwords that owners forget to change. Older models may use outdated IoT protocols with weaker protections. Many do not get frequent security updates.

Wi-Fi baby monitors

Wi-Fi offers convenience but also adds risk. Weak routers and poor passwords can allow strangers to access a feed. Closed network monitors avoid Wi-Fi risks but still face basic signal interception attempts.

Smart bulbs

During setup, some bulbs broadcast an open temporary network. If a criminal joins at the exact right moment, they could reach the rest of your devices. These cases are rare but possible in theory.

Smart speakers

Voice ordering can be exploited by curious kids or guests. Set a purchase PIN so no one can order items with simple voice commands.

Steps to stay safe in your smart home

Strong habits and a few simple tools can block the most common threats that target connected homes.

1) Use strong passwords

Choose long, complex passwords for your Wi-Fi router and smart home apps. A password manager makes this simple. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

2) Turn on two-factor authentication

Brands like Ring and Blink already use it. Add two-factor authentication (2FA) to every account that supports it.

3) Use a reputable data removal service

Removing your personal details from data broker sites helps prevent criminals from using leaked or scraped information to access your accounts or identify your home.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Add strong antivirus software on phones and computers

Strong antivirus protection blocks malware that could expose login details or give criminals a path into the devices that manage your smart home. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Choosing brands with clear privacy practices and local storage options helps keep your home and data in your control. (CyberGuy.com)

5) Choose brands with strong encryption

Pick smart home products from companies that explain how they protect your data and use modern encryption to lock down your footage and account details. Look for brands that publish clear security policies, offer regular updates and show how they keep your information private.

6) Store sensitive footage locally

Pick security cameras that let you save video directly to an SD card or a home hub, rather than uploading it to the cloud. This keeps your recordings under your control (and helps protect them if a company server is breached). Many cameras from trusted lines support local storage, so you do not have to rely on a company server.

7) Keep devices updated

Install firmware updates quickly. Enable automatic updates when possible. Replace older gadgets that no longer receive patches.

8) Secure your Wi-Fi

Your router is the front door to your smart home, so lock it down with a few simple tweaks. Use WPA3 encryption if your router supports it, rename the default network, and install firmware updates to patch security holes. For a full step-by-step guide on tightening your home network, check out our instructions in “How to set up a home network like a pro.”

Kurt’s key takeaways

Smart homes feel intimidating when scary headlines surface. But when you look at real-world data, you see far fewer risks than the stories suggest. Most attacks rely on weak passwords, poor router settings or old devices. With the right habits, your smart home can stay both convenient and secure.

What smart home risk concerns you most, and what part of your setup makes you nervous? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 14, 2025
Fake Windows update pushes malware in new ClickFix attack

[ad_1]

NEWYou can now listen to Fox News articles!

Cybercriminals keep getting better at blending into the software you use every day.

Over the past few years, we’ve seen phishing pages that copy banking portals, fake browser alerts that claim your device is infected and “human verification” screens that push you to run commands you should never touch. The latest twist comes from the ongoing ClickFix campaign.

Instead of asking you to prove you are human, attackers now disguise themselves as a Windows update. It looks convincing enough that you might follow the instructions without thinking, which is exactly what they want.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES

The malware hides inside seemingly normal image files, using steganography to slip past traditional security tools. (Microsoft)

How the fake update works

Researchers noticed that ClickFix has upgraded its old trick. The campaign used to rely on human verification pages, but now you get a full-screen Windows update screen that looks almost identical to the real thing. Joe Security showed how the page displays fake progress bars, familiar update messages and a prompt that tells you to complete a critical security update.

If you are on Windows, the site tells you to open the Run box, copy something from your clipboard and paste it in. That “something” is a command that silently downloads a malware dropper. The final payload is usually an infostealer, which steals passwords, cookies and other data from your machine.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

Fake update screens are getting harder to spot as attackers mimic Windows with near-perfect precision. (Joe Security)

The moment you paste the command, the infection chain begins. First, a file called mshta.exe reaches out to a remote server and grabs a script. To avoid detection, these URLs often use hex encoding for parts of the address and rotate their paths. The script then runs obfuscated PowerShell code filled with junk instructions to throw researchers off. Once PowerShell does its work, it decrypts a hidden .NET assembly that functions as the loader.

Why is this attack so hard to detect?

The loader hides its next stage inside what looks like a regular PNG file. ClickFix uses custom steganography, which is a technique that hides secret data inside normal-looking content. In this case, the malware sits inside the image’s pixel data. The attackers tweak color values in certain pixels, especially in the red channel, to embed pieces of shellcode. When you view the image, everything appears normal.

The script knows exactly where the hidden data sits. It extracts the pixel values, decrypts them and rebuilds the malware directly in memory. That means nothing obvious is written to disk. Security tools that rely on file scanning miss it, since the shellcode never appears as a standalone file.

Once rebuilt, the shellcode is injected into a trusted Windows process like explorer.exe. The attack uses familiar in-memory techniques such as VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. Recent ClickFix activity has delivered infostealers like LummaC2 and updated versions of Rhadamanthys. These tools are built to harvest credentials and send them back to the attacker with very little noise.

Once the hidden code loads into a trusted Windows process, infostealers quietly begin harvesting your data. (Kurt “CyberGuy” Knutsson)

7 steps you can take to protect yourself from the ClickFix campaign

The best way to stay protected is to slow down for a moment and follow a few steps that cut off these attacks before they start.

1) Never run commands you didn’t ask for

If any site tells you to paste a command into Run, PowerShell or Terminal, treat it as an immediate warning sign. Real operating system updates never require you to run commands from a webpage. When you run that command, you hand full control to the attacker. If something feels off, close the page and don’t interact further.

2) Keep Windows updates inside Windows

Updates should only come from the Windows Settings app or through official system notifications. A browser tab or pop-up pretending to be a Windows update is always fake. If you see anything outside the normal update flow asking for your action, ignore it and check the real Windows Update page yourself.

3) Use a reputable antivirus

Choose a security suite that can detect both file-based and in-memory threats. Stealthy attacks like ClickFix avoid leaving obvious files for scanners to pick up. Tools with behavioral detection, sandboxing and script monitoring give you a much better chance of spotting unusual activity early.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Use a password manager

Password managers create strong, unique passwords for every account you use. They also autofill only on legitimate websites, which helps you catch fake login pages. If a manager refuses to fill out your credentials, take a second look at the URL before entering anything manually.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Use a personal data removal service

Many attacks start by targeting emails and personal details already exposed online. Data removal services help shrink your digital footprint by requesting takedowns from data broker sites that collect and sell your information. They can’t erase everything, but reducing your exposure means fewer attackers have easy access to your details.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Check URLs before trusting anything

A convincing layout doesn’t mean it is legitimate. Always look at the domain name first. If it doesn’t match the official site or uses odd spelling or extra characters, close it. Attackers rely on the fact that people recognize a page’s design but ignore the address bar.

7) Close suspicious full-screen pages

Fake update pages often run in full-screen mode to hide the browser interface and make the page look like part of your computer. If a site suddenly goes full screen without your permission, exit with Esc or Alt+Tab. Once you’re out, scan your system and don’t return to that page.

Kurt’s key takeaway

ClickFix works because it leans on user interaction. Nothing happens unless you follow the instructions on the screen. That makes the fake Windows update page especially dangerous, because it taps into something most people trust. If you are used to Windows updates freezing your screen, you may not question a prompt that appears during the process. Cybercriminals know this. They copy trusted interfaces to lower your guard and then rely on you to run the final command. The technical tricks that follow are complex, but the starting point is simple. They need you to help them.

Do you ever copy commands from a website without thinking twice about what they do? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 13, 2025
Malicious browser extensions hit 4.3M users

[ad_1]

NEWYou can now listen to Fox News articles!

A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation affected 4.3 million users who downloaded extensions later updated with hidden malicious code.

These extensions began as simple wallpaper or productivity tools that looked harmless. Years later, silent updates added surveillance functions that most users could not detect.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU

Malicious extensions spread through trusted browsers and quietly collected user data for years. (Kurt “CyberGuy” Knutsson)

How the ShadyPanda campaign unfolded

The operation included 20 malicious Chrome extensions and 125 on the Microsoft Edge Add-ons store. Many first appeared in 2018 with no obvious warning signs. Five years later, the extensions began receiving staged updates that changed their behavior.

Koi Security found that these updates rolled out through each browser’s trusted auto-update system. Users did not need to click anything. No phishing. No fake alerts. Just quiet version bumps that slowly turned safe extensions into powerful tracking tools.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

WeTab functions as a sophisticated surveillance platform disguised as a productivity tool. (Koi)

What the extensions were doing behind the scenes

Once activated, the extensions injected tracking code into real links to earn revenue from user purchases. They also hijacked searches, redirected queries and logged data for sale and manipulation. ShadyPanda gathered an unusually broad range of personal information, including browsing history, search terms, cookies, keystrokes, fingerprint data, local storage, and even mouse movement coordinates. As the extensions gained credibility in the stores, the attackers pushed a backdoor update that allowed hourly remote code execution. That gave them full browser control, letting them monitor websites visited and exfiltrate persistent identifiers.

Researchers also discovered that the extensions could launch adversary-in-the-middle attacks. This allowed credential theft, session hijacking and code injection on any website. If users opened developer tools, the extensions switched into harmless mode to avoid detection. Google removed the malicious extensions from the Chrome Web Store. We reached out to the company, and a spokesperson confirmed that none of the extensions listed are currently live on the platform.

Meanwhile, a Microsoft spokesperson told CyberGuy, “We have removed all the extensions identified as malicious on the Edge Add-on store. When we become aware of instances that violate our policies, we take appropriate action that includes, but is not limited to, the removal of prohibited content or termination of our publishing agreement.”

Most of you will not need the full technical IDs used in the ShadyPanda campaign. These indicators of compromise are primarily for security researchers and IT teams. Regular users should focus on checking your installed extensions using the steps in the guide below.

You can review the full list of affected Chrome and Edge extensions to see every ID tied to the ShadyPanda campaign by clicking here and scrolling down to the bottom of the page.

How to check whether your browser contains these extension IDs

Here is an easy, step-by-step way for you to verify if any malicious extension IDs are installed.

For Google Chrome

Open Chrome.

Type chrome://extensions into the address bar.

Press Enter.

Look for each extension’s ID.

Click Details under any extension.

Scroll down to the Extension ID section.

Compare the ID with the lists above.

If you find a match, remove the extension immediately.

For Microsoft Edge

Open Edge.

Type edge://extensions into the address bar.

Press Enter.

Click Details under each extension.

Scroll to find the Extension ID.

If an ID appears in the lists, remove the extension and restart the browser.

183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW

Simple security steps can block hidden threats and help keep your browsing safer. (Kurt “CyberGuy” Knutsson)

How to protect your browser from malicious extensions

You can take a few quick actions that help lock down your browser and protect your data.

1) Remove suspicious extensions

Before removing anything, check your installed extensions against the IDs listed in the section above. Most of the malicious extensions were wallpaper or productivity tools. Three of the most mentioned are Clean Master, WeTab and Infinity V Plus. If you installed any of these or anything that looks similar, delete them now.

2) Reset your passwords

These extensions have access to sensitive data. Resetting your passwords protects you from possible misuse. A password manager makes the process easier and creates strong passwords for each account.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

3) Use a data removal service to reduce tracking

ShadyPanda collected browsing activity, identifiers and behavioral signals that can be matched with data already held by brokers. A data removal service helps you reclaim your privacy by scanning people-search sites and broker databases to locate your exposed information and remove it. This limits how much of your digital footprint can be linked, sold or used for targeted scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Install strong antivirus software

An antivirus may not have caught this specific threat due to the way it operated. Still, it can block other malware, scan for spyware and flag unsafe sites. Many antivirus tools include cloud backup and VPN options to add more protection.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Limit your extensions

Each extension adds risk. Stick with known developers and search for recent reviews. If an extension asks for permissions it should not need, walk away.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

ShadyPanda ran for years without raising alarms and proved how creative attackers can be. A trusted extension can shift into spyware through a silent update, which makes it even more important to stay alert to changes in browser behavior. You protect yourself by installing fewer extensions, checking them from time to time and watching for anything that feels out of place. Small steps help lower your exposure and reduce the chances that hidden code can track what you do online.

Have you ever found an extension on your browser that you didn’t remember installing or one that started acting in strange ways? How did you handle it? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alert, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

December 11, 2025
Symposit Acquires HumanLink, LLC to Launch Dedicated Security Operations Training and Human Factors Engineering Division

[ad_1]

FAIRFAX, Va., December 9, 2025 (Newswire.com)
–
Symposit, LLC (“Symposit”), an 8(a)-certified national security, IT, and AI logistics solutions firm, today announced the acquisition of HumanLink, LLC (“HumanLink”), a human-factors engineering consultancy specializing in aviation and transportation security training and implementation. The acquisition strengthens Symposit’s offerings in national security, cybersecurity, and training by integrating HumanLink’s deep expertise in Human Factors Engineering (HFE), performance, and data analysis.

Founder and CEO of HumanLink, Bonnie Kudrick, will lead Symposit’s security training division. The former DHS executive brings over three decades of delivering human-performance-centric solutions across the commercial and federal security, aviation, and transportation domains, including at the Department of Homeland Security (DHS), the Transportation Security Administration (TSA), and Lockheed Martin.

“We are thrilled to welcome Bonnie Kudrick and the HumanLink team to Symposit, amplifying and expanding on our ability to support federal and state customers in national security solutions,” said Bobby Bermudez, CEO of Symposit. “Customers like CBP, Department of State, and TSA need rapid responses and cutting-edge technology to help their workforce do their jobs more efficiently, identify threats faster, and expand safety processes for security professionals and the general population.”

By acquiring HumanLink and formally launching a dedicated HFE training division, Symposit elevates its ability to deliver end-to-end solutions that not only meet system and network requirements but also optimize the people-system interface for safer, higher-performing operations.

Bonnie Kudrick added, “Joining forces with Symposit enables us to deliver our human factors training and methodology to federal customers for greater security impact and effectiveness. The alignment between Symposit’s systems and network engineering capabilities and our human-performance focus means we can deliver comprehensive solutions that address technology, processes, and people that make holistic improvements in worker welfare, security training performance, threat detection, and customer experience.”

The acquisition of HumanLink allows Symposit to meet increasing demand for security screener training and performance across aviation and transportation environments. Symposit’s Human Factors Engineering Division will add human-system research, interface analysis, workflow optimization, training design, and risk mitigation to the organization’s capabilities. These combined solutions enhance Symposit’s competitive advantage and reinforce its position as a full-lifecycle partner for federal agencies, transportation operators, and private-sector clients seeking comprehensive solutions that unite technology, processes, and human performance.

About Symposit: Symposit is a mission-centric technology and advisory company with federal and commercial clients across infrastructure, aviation, homeland security, and transportation. As an 8(a)-certified firm, Symposit delivers low time-to-value solutions in cloud architecture, cybersecurity, systems/network engineering, advisory services, security training, and human factors engineering. Symposit’s track record includes secure deployments in aviation environments, mission-critical federal systems support, infrastructure risk mitigation, and rapid-turn technology enablement. www.symposit.com

Source: Symposit, LLC

[ad_2]

Source link

December 9, 2025
The WIRED Guide to Digital Opsec for Teens

[ad_1]

Expand your mind, man. Opsec is really all about time travel—taking small, protective steps now before you have a disaster on your hands later. If you’re not on auto-delete, then an explosive, emotional text exchange with the person you’re currently dating—or, ahem, photos you sent to each other—will hang around forever. It’s normal for things to change and for relationships of all types to come and go. You may trust someone and be close to them now but grow apart in a year or two.

If you imagine an even more extreme scenario where you’re being investigated by the police, they could obtain warrants to search your digital accounts or devices. People have to go to great lengths to maintain their opsec if they’re trying to hide activity from law enforcement. To be clear, this guide is definitely not encouraging you to do crimes. Don’t do crimes! The goal is just to understand the value of keeping basic opsec principles in mind, because if some of your digital information is revealed haphazardly or out of context, it could, theoretically, appear incriminating.

You probably intuitively understand a lot of this. Don’t give your password to friends, duh.) So this guide is going to largely skip the obvious and emphasize more subtle, unintended consequences of failing to practice good opsec.

Memorable Opsec Fails

“Signalgate,” 2025: US officials discussed war plans in a group chat on the mainstream, secure messaging app Signal. Then they accidentally added a journalist to the chat. Subsequently, US defense secretary Pete Hegseth famously (embarrassingly) messaged the chat, “we are currently clean on OPSEC.” At least some members of the chat were also potentially using a modified, insecure version of Signal. All extremely not clean on opsec.

Gmail Drafts Exposed, 2012: Then-CIA director David Petraeus and his paramour shared a Gmail account to hide their communications by leaving them for each other to see as draft messages. Kind of ingenious given that this was before most texting or messaging apps offered timed disappearing/ephemeral messages, but the FBI figured out the strategy.

Identities

Opsec is all about compartmentalizing, and that’s the hardest part. Failure to compartmentalize is often how criminals get caught or how information that was meant to stay secret gets exposed. Think of your online life like rooms in a house. Each room has a separate key. If someone breaks into one room, they can grab everything there, but you don’t want them to be able to run wild beyond that room.

You can have multiple identities online and compartmentalize the activities of each, but it takes forethought to maintain the separation. There’s the real you who uses your main Gmail or Apple ID for personal and family stuff and social accounts where you use your real name, plus school and maybe work. Another compartment is your school email and school file storage. Then there’s your more adaptable, online personas who may have semi-anonymous handles, like jnd03 for Jane Doe. Friends know that these accounts are yours and classmates can probably guess them. Finally, there may be a pseudonymous you: alt accounts with no obvious link to real you—like Jane Doe using the handles “_aksdi0_0” or “peter_mayfield01.”

Rules of Separation

You have accounts under your real name, but you probably also need pseudonymous accounts. Tight compartmentalization will prevent people from doxing your pseudonymous accounts. But that’s easier said than done.

Obviously, don’t recycle usernames across platforms. If JaneD03 is your Instagram handle, don’t use it or a similar name for your anonymous Reddit account. Don’t even reuse passwords—but especially don’t reuse passwords between real and pseudonymous accounts. To prevent a compromised pseudonymous account from revealing your name, don’t use your main email address; instead, use a unique, pseudonymous one. Gmail “dot tricks” (jane.doe@, j.ane.doe@) don’t count, because they all equally reveal your master account.

[ad_2]

JP Aumasson, Lily Hay Newman

Source link

November 29, 2025
Mexico’s ‘Batman’: The president’s favorite crime fighter, the cartels’ nemesis

[ad_1]

MEXICO CITY — No floodlights illuminate the night sky when the citizens of Mexico’s Gotham need a hand. No hot line summons this super-cop from a hidden redoubt.

But Mexico does indeed have its own “Batman”: Omar García Harfuch, security czar in the government of President Claudia Sheinbaum.

He acquired the Batman moniker during his days as Mexico City’s crime-busting police chief under then-Mayor Sheinbaum. Like the stalwart Dark Knight, García Harfuch emits the vibe of a vigilant protector who compensates for a lack of superpowers with more cerebral skills — a mix of intelligence, resolve and moxie.

In his current post (official title: secretary of Security and Citizen Protection), García Harfuch is inevitably dispatched to hot spots from the northern border to the southern hinterlands — sites of assassinations, massacres, gang wars and other headline-grabbing incarnations of Mexican mayhem. The script never varies: He vows to snare the bad guys. Arrests follow.

Like his boss, Sheinbaum, the security chief disputes President Trump’s assertions that Mexico is “run by” cartels, though he doesn’t deny the widespread sway of organized crime.

“Yes, there is definitely a presence of criminal groups, but [Mexico] is not controlled by the cartels,” García Harfuch, 43, recently told the Mexican daily El Universal.

Omar García Harfuch, far left in suit, walks with President Claudia Sheinbaum, center, and other Mexican officials during a ceremony in Mexico City in September to mark the Sept. 19 earthquakes that hit Mexico in 1985 and 2017.

(Juan Abundis / ObturadorMX via Getty Images)

His stern, just-the-facts Joe Friday recitals of arrests, seizures, drug lab takedowns and other enforcement actions are signature moments at presidential news briefings. García Harfuch — always decked out in suit and tie — transmits an aura of competence, and his media-savvy advisors have burnished his image as an implacable foe of the cartels.

Supporters began calling him Batman, in English, when crime rates dropped precipitously in Mexico City during his tenure as police chief. Supporters even circulated online images of a modified Batman action figure, with “Harfuch” emblazoned on the chest.

While emphasizing intelligence-gathering and investigative diligence, he doesn’t shy from praising shoe-leather police work and citing traditional metrics of success. Since Sheinbaum took office Oct. 1, 2024, he says, authorities have arrested more than 37,000 suspects in “high-impact crimes,” seized more than 300 tons of illicit drugs and dismantled more than 600 drug labs.

Such statistics were rarely tossed about during the presidency of Andrés Manuel López Obrador, Sheinbaum’s predecessor and mentor. The ex-president favored a much-criticized “hugs not bullets” strategy — curtailing offensive operations against cartels and instead addressing poverty and other socioeconomic factors driving young people to join organized crime. Many Mexicans appear happy with the shift.

García Harfuch, at the National Palace in September, was chief of police of Mexico City before becoming secretary of Security and Citizen Protection.

(Gerardo Vieyra / NurPhoto via Getty Images)

“Harfuch seems to me a good man who has good intentions, but, unfortunately, crime is so ingrained in Mexican society that it’s hard to get rid of it,” said Gregorio Flores, 57, a shop owner in Mexico City.

García Harfuch is the probably the most visible figure in the Mexican government apart from the president, and polls show him to be among the most popular — and a possible candidate to succeed Sheinbaum, who clearly trusts him explicitly from their time together in Mexico City government. Even rivals of Sheinbaum acknowledge his effectiveness.

Taking a pronounced stance against organized crime is hardly without risk in Mexico, where politicians, cops, journalists and anyone else who stands in the way of the mobs may wind up in the gangsters’ cross-hairs. García Harfuch is well aware of the stakes.

Experts work at the crime scene after García Harfuch was wounded in an assassination attempt in Mexico City on June 26, 2020. Two of his bodyguards and a female bystander were killed.

(Pedro Pardo / AFP via Getty Images)

In 2020, while serving as the capital’s police chief, García Harfuch survived three gunshot wounds in a brazen attack as his SUV traveled along Mexico City’s elegant Paseo de la Reforma. Killed in the assault were two police bodyguards and a female street vendor who was a bystander. The commando-style strike utilizing multiple high-caliber armaments stunned one of the capital’s toniest residential districts, something like a mob hit on Rodeo Drive.

From his hospital bed, García Harfuch — a former federal cop who also has a law degree — blamed the powerful Jalisco New Generation cartel.

Ongoing threats against García Harfuch are frequently reported in the Mexican press, including chilling scribbled death threats found in May alongside several mangled bodies, presumed cartel victims, dumped outside Acapulco.

“García Harfuch is the cartels’ enemy No. 1,” said David Saucedo, a security analyst. “He’s become a headache for them. The cartels were accustomed to making deals with [the government]. … But Harfuch gives the impression that he’s not disposed to reach an agreement with organized crime groups. And that’s a problem for the cartels.”

Security is Mexicans’ major concern, and Garcia Harfuch gives the impression that the good guys are cracking down, even if many are dubious about the steep crime declines Sheinbaum regularly touts.

Homicides have nose-dived by almost 40% since Sheinbaum took office last year, the government says, though critics call the statistic inflated — it excludes, for instance, the rising numbers of “disappeared” people, presumed crime victims consigned to clandestine graves.

And some have suggested that Sheinbaum’s save-the-day call-ups of her media-savvy security chief are more performative than substantive, and probably counterproductive.

“There’s no Batman,” columnist Viri Ríos wrote recently in Mexico’s Milenio newspaper. “The myth of Batman is dangerous, especially for Harfuch. Making him a myth imposes on him the responsibility of pacifying the country. But, as we all know, Omar can’t defeat organized crime by himself.”

In fact, García Harfuch has relatively few forces under his direct command. Corruption remains rampant among state and municipal police, prosecutors and judges in Mexico, often rendering them unreliable partners. Thus García Harfuch is dependent on other agencies, notably the national guard, a 200,000-strong force under military command.

Sheinbaum speaks at her daily press briefing in November as García Harfuch looks on. He is a fixture at the briefings.

(Carl de Souza / AFP via Getty Images)

García Harfuch regularly extols his relationship with the armed forces, despite rumors of resentment against his sweeping powers and his closeness to Sheinbaum. Mexico’s first female president also serves as military commander in chief.

García Harfuch is said to have the trust of U.S. law enforcement, even though the Trump administration’s ever-escalating demands and threats of unilateral strikes on Mexican territory put him in a tough spot. Only last week, Trump declared that he was “not happy” with narcotics-fighting efforts in Mexico.

“The Americans have confidence in García Harfuch, but they are always asking for more — more arrests, more extraditions, more decommissions” of drug labs, said Saucedo, the security analyst.

For security reasons, officials provide few details on García Harfuch’s personal life, beyond saying he is divorced and a father.

García Harfuch descends from a line of prominent government officials, their careers reflecting, in part, Mexico’s past under a repressive, authoritarian government.

His grandfather, Gen. Marcelino García Barragán, was a secretary of defense during the infamous 1968 massacre of student protesters in Mexico City’s Tlatelolco district; and his father, Javier García Paniagua, was a politician who held various posts, including chief of a now-disbanded federal police agency assailed for human rights abuses.

Mexico’s top cop may not wear a cape and mask, but his background does have a touch of show business: His mother, María Sorté, is one of Mexico’s best-known actors, often portraying characters in telenovelas, or soap operas. Few know her real name, María Harfuch Hidalgo, whose paternal surname reflects her Lebanese ancestry.

“Harfuch strikes me as a good man with fine intentions,” said Carmen Zamora, 46, a restaurant owner in Mexico City. “But he needs more time. One cannot resolve in one year the violence that we have seen for so long in Mexico.”

Carlos Monjarraz, 34, a capital car salesman, is not convinced.

“All this Batman stuff is just a joke on Mexicans when everything is the same — the same murders, narco-trafficking, insecurity,” Monjarraz said. “We don’t need a Batman to save us. What we need is for authorities to jail the real criminals — crooked politicians who keep protecting each other.”

Special correspondent Cecilia Sánchez Vidal contributed to this report.

[ad_2]

Patrick J. McDonnell

Source link

November 29, 2025
America’s most-used password in 2025 revealed
[ad_1]
NEWYou can now listen to Fox News articles!

Passwords play a huge role in how you stay safe online. They protect your accounts, devices and money. Still, many people pick logins that criminals can guess in seconds.

The latest NordPass report shows this problem again. This year, “admin” took the top spot as the most common password in the United States.

NordPass and NordStellar, two cybersecurity companies that track leaked credentials and online threats, reviewed millions of exposed passwords to spot trends. They also examined how password habits differ across generations. The pattern is clear: many of us still rely on simple words, easy number strings and familiar keyboard patterns. These choices give attackers a quick path into countless accounts.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW

Weak passwords like “admin” give attackers a quick way into your accounts before you even realize it. (Kurt “CyberGuy” Knutsson)

Most common passwords in the United States

NordPass shared its top 20 list for 2025. “Admin” sits at number one. Variations of the word “password” take up five spots. Number strings appear nine times. One explicit term even made the list.

Here are the 20 most common passwords in the USA this year:
- admin
- password
- 123456
- 12345678
- 123456789
- 12345
- Password
- 12345678910
- Gmail.12345
- Password1
- Aa123456
- f*******t
- 1234567890
- abc123
- Welcome1
- Password1!
- password1
- 1234567
- 111111
- 123123
Weak logins remain a major problem because criminals rely on automated tools. These tools try simple words and common patterns first. When millions of people reuse the same easy passwords, attackers succeed fast.

HOW TO USE PASSKEYS TO KEEP YOUR COMPUTER SAFE

Reusing the same login across sites makes it easy for criminals to jump from one hacked account to another. (Kurt “CyberGuy” Knutsson)

Global trends show the same risky password behavior

The United States is not alone. Globally, “123456” ranks as the most common password. “Admin” and “12345678” follow closely behind. These patterns appear because they are easy to remember. Sadly, they are also easy to crack.

Researchers noticed one shift worth noting: more passwords now include special characters. The increase is sharp. However, most examples remain weak. Strings like P@ssw0rd and Abcd@1234 still follow predictable rules that tools can break with little effort.

The word “password” stays popular around the world. People even use it in local languages. This shows how widespread the problem is.

Why younger generations still make unsafe password choices

Many people assume younger adults understand digital safety. They grew up with phones and social media. Research shows that this assumption is wrong.

NordPass found that an 18-year-old often picks the same weak password patterns as an 80-year-old. Younger users favor long number sequences. Older users lean toward names. Neither group creates secure or random strings. Generations Z and Y tend to avoid names. Generations X and older use them often. Each approach carries risk because attackers expect both patterns.

AI-POWERED SCAMS TARGET KIDS WHILE PARENTS STAY SILENT

Researchers found that weak and predictable passwords still appear in leaked data again and again. (Kurt “CyberGuy” Knutsson)

Why weak passwords remain a big threat

Weak passwords fuel data breaches and account takeovers. Criminals run scripts that check billions of combinations every second. When your password is common, they break in fast.

A single stolen login can expose your email, social accounts, bank information and more. Many attacks start this way. Once criminals get inside one account, they often try the same password on others.

Steps to stay safe with your passwords

You can improve your digital safety with a few simple habits. These steps help block common attacks and protect your accounts.

1) Create strong random passwords

Pick long passwords or short passphrases. Aim for at least 20 characters. Mix letters, numbers and special characters. Avoid patterns.

2) Avoid password reuse

Use a unique password for each account. If one login gets hacked, the others stay safe.

3) Review and update weak passwords

Check your old logins. Replace anything short, predictable or reused. Fresh passwords lower your risk.

4) Use a password manager

A password manager creates secure passwords and stores them safely. It also fills them in for you, so you do not need to remember them.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Turn on multi-factor authentication (MFA)

MFA adds a second check before you log in. It is one of the easiest ways to block attackers.

6) Keep your software updated

Update your phone, computer browsers and apps on a regular schedule. These updates patch security gaps that criminals try to exploit. When you fall behind on updates, weak passwords become even riskier because attackers can pair old software flaws with easy logins.

Pro Tip: Use a data removal service

Leaked passwords often come from old profiles on data broker sites you forgot about. A data removal service can wipe your personal info from those sites and reduce how much of your data ends up on breach lists. When less of your information is floating around online, your accounts become less tempting targets.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Weak passwords remain a huge issue in 2025, even with new tools and better education. You have the power to improve your security with a few quick changes. When you build strong habits, you make it harder for criminals to get inside your accounts. Small steps add up fast and give you far more protection online.

What do you think keeps people stuck on weak passwords even when the risks are clear? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
November 28, 2025
New Android malware can empty your bank account in seconds

[ad_1]

NEWYou can now listen to Fox News articles!

Android users have been dealing with a steady rise in financial malware for years. Threats like Hydra, Anatsa and Octo have shown how attackers can take over a phone, read everything on the screen and drain accounts before you even notice anything wrong. Security updates have helped slow some of these strains, but malware authors keep adapting with new tricks.

The latest variant spotted in circulation is one of the most capable yet. It can silence your phone, take screenshots of banking apps, read clipboard entries, and even automate crypto wallet transactions. This threat is now known as Android BankBot YNRK, and it is far more advanced than typical mobile malware.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

How the malware infiltrates devices

HOW ANDROID MALWARE LETS THIEVES ACCESS YOUR ATM CASH

Android banking malware is getting harder to spot as attackers use new tricks to take over phones and drain accounts. (Thomas Trutschel/Photothek via Getty Images)

BankBot YNRK hides inside fake Android apps that appear legitimate when installed. In the samples analyzed by researchers at Cyfirma, the attackers used apps that impersonated official digital ID tools. Once installed, the malware begins profiling the device by collecting details such as brand, model and installed apps. It checks whether the device is an emulator to avoid automated security analysis. It also maps known models to screen resolutions, which helps it tailor its behavior to specific phones.

To blend in, the malware can disguise itself as Google News. It does this by changing its app name and icon, then loading the real news.google.com site inside a WebView. While the victim believes the app is genuine, the malware quietly runs its background services.

One of its first actions is to mute audio and notification alerts. This prevents victims from hearing incoming messages, alarms or calls that could signal unusual account activity. It then requests access to Accessibility Services. If granted, this allows the malware to interact with the device interface just like a user. From that point onward, it can press buttons, scroll through screens and read everything displayed on the device.

BankBot YNRK also adds itself as a Device Administrator app. This makes it harder to remove and helps it restart itself after a reboot. To maintain long-term access, it schedules recurring background jobs that relaunch the malware every few seconds as long as the phone is connected to the internet.

What does the malware steal

Once the malware receives commands from its remote server, it gains near-complete control of the phone. It sends device information and installed app lists to the attackers, then receives a list of financial apps it should target. This list includes major banking apps used in Vietnam, Malaysia, Indonesia and India, along with several global cryptocurrency wallets.

With Accessibility permissions enabled, the malware can read everything shown on the screen. It captures UI metadata such as text, view IDs and button positions. This helps it reconstruct a simplified version of any app’s interface. Using this data, it can enter login details, swipe through menus or confirm transfers. It can also set text inside fields, install or remove apps, take photos, send SMS, turn call forwarding on and open banking apps in the background while the screen appears inactive.

In cryptocurrency wallets, the malware acts like an automated bot. It can open apps such as Exodus or MetaMask, read balances and seed phrases, dismiss biometric prompts, and carry out transactions. Because all actions happen through Accessibility, the attacker never needs your passwords or PINs. Anything visible on the screen is enough.

The malware also monitors the clipboard, so if users copy OTPs, account numbers or crypto keys, the data is immediately sent to the attackers. With call forwarding enabled, incoming bank verification calls can be silently redirected. All of these actions happen within seconds of the malware activating.

BankBot YNRK hides inside fake apps that look legitimate, then disguises itself as Google News while it runs in the background. (AP Photo/Don Ryan, File)

7 steps you can take to stay safe from banking malware

Banking trojans are getting harder to spot, but a few simple habits can reduce the chances of your phone getting compromised. Here are seven practical steps that help you stay protected.

FBI WARNS OVER 1 MILLION ANDROID DEVICES HIJACKED BY MALWARE

1) Install strong antivirus software

Strong antivirus software helps catch trouble early by spotting suspicious behavior before it harms your Android device or exposes your data. It checks apps as you install them, alerts you to risky permissions and blocks known malware threats. Many top antivirus options also scan links and messages for danger, which adds an important layer of protection when scams move fast.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

2) Use a data-removal service to shrink your digital footprint

Data brokers quietly collect and sell your personal details, which helps scammers target you with more convincing attacks. A reputable data-removal service can find and delete your information from dozens of sites so that criminals have less to work with. This reduces spam, phishing attempts and the chances of ending up on a malware attack list.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

3) Install apps only from trusted sources

Avoid downloading APKs from random websites, forwarded messages or social media posts. Most banking malware spreads through sideloaded apps that look official but contain hidden code. The Play Store is not perfect, but it offers scanning, app verification and regular take-downs that greatly reduce the risk of installing infected apps.

4) Keep your device and apps updated

System updates often patch security issues that attackers exploit to bypass protections. Updating your apps is just as important, since outdated versions may contain weaknesses. Turn on automatic updates so that your device stays protected without you having to check manually.

5) Use a strong password manager

A password manager helps you create long, unique passwords for every account. It also saves you from typing passwords directly into apps, which reduces the chance of malware capturing them from your clipboard or keystrokes. If one password gets exposed, the rest of your accounts remain safe.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Once active, the malware can read your screen, steal financial data, automate crypto transfers and intercept OTPs within seconds. (Kurt “CyberGuy” Knutsson)

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

6) Enable two-factor authentication wherever possible

2FA adds a confirmation step through an OTP, authenticator app or hardware key. Even if attackers steal your login details, they still need this second step to get in. It cannot stop malware that takes over your device, but it significantly limits how far an attacker can go with stolen credentials.

GOOGLE ISSUES WARNING ON FAKE VPN APPS

7) Review app permissions and installed apps regularly

Malware often abuses permissions such as Accessibility or Device Admin because they allow deep control over your phone. Check your settings to see which apps have these permissions and remove anything that looks unfamiliar. Also, look through your installed apps and uninstall any tool or service you do not remember adding. Regular reviews help you spot threats early before they can steal data.

Kurt’s key takeaway

BankBot YNRK is one of the most capable Android banking threats discovered recently. It combines device profiling, strong persistence, UI automation and data theft to gain full control over a victim’s financial apps. Because much of its activity relies on Accessibility permissions, a single tap from the user can give attackers complete access. Staying safe means avoiding unofficial APKs, reviewing installed apps regularly and being cautious of any sudden request to enable special permissions.

Do you think Android phone makers like Samsung or Google are doing enough to protect you from malware? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

November 27, 2025
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’

[ad_1]

After Myanmar’s military junta raided a notorious scam compound and destroyed buildings with explosives in October, officials claimed the country would entirely “eradicate” forced scamming within its borders. Now newly released satellite images of the targeted KK Park scam center reveal that only buildings in one limited section of the compound were destroyed during the initial raids. Experts on scam compounds, meanwhile, say the entire effort is likely “propaganda.”

High-resolution images of the KK Park scam compound, which is located near the Myanmar-Thailand border, show how military forces have razed multiple buildings, leaving piles of rubble in their place. However, the images show the destruction is, so-far, confined to the Eastern side of the gigantic compound—with hundreds of buildings across the vast compound being left untouched.

Multiple experts tell WIRED that the raids at KK Park and some other scam compounds are likely part of a wider “performative” effort by Myanmar’s military government, which has come under increasing pressure to tackle the highly lucrative scam compounds that have flourished in recent years. They also raise concerns about the welfare of thousands of people forced to run scams in KK Park.

“The junta is making it sound as though they’re taking down the entire compound, and the imagery that we have seen so far is only limited to one section,” says Eric Heintz, a global analyst at the International Justice Mission, an anti-slavery organization. “It’s important to keep monitoring this to verify what they’re actually doing and [see] if this is just for show or if they’re actually cracking down on the real problem.”

The satellite images, taken on November 16, appear to show that some buildings located around courtyards have been almost totally destroyed, with debris strewn around other buildings. Heintz says that the images, plus extra social media footage, indicates that some “villas” and dormitories where trafficking victims may have been housed appear to have been damaged or destroyed. (Myanmar’s military government has said further destruction started on November 17; third-party reports also suggest more buildings have been destroyed).

“All of the critical buildings that you would need to perpetrate the scams are still intact and still ready for use,” says Mechelle B Moore, the CEO of anti-trafficking nonprofit Global Alms, which is based in Thailand and works to help people who have trafficked into scam compounds in Myanmar. “They’re putting on a good show right now to say that they don’t support scamming compounds or human trafficking. But what they’ve allowed is all the scamming syndicates—all of the scamming bosses and supervisors—have been allowed to flee,” Moore claims.

Over the past decade, dozens of scam compounds have appeared in Southeast Asia, primarily across Myanmar, Cambodia, and Laos. Often operated by or linked to Chinese organized crime groups, the compounds trick people into working at them—often with the offer of high-paying jobs—and then force them to run a range of scams. Trafficking victims often have their passports taken; they can be tortured or beaten if they refuse to scam. By stealing from people around the world, the compounds have made billions for the organized crime groups.

Amid the extensive criminality, KK Park has emerged as one of the largest and most notorious scam compounds in Myanmar. Five years ago, the site was a series of fields near the town of Myawaddy, but has since been transformed into a sprawling compound with hundreds of buildings and thousands of people held there.

[ad_2]

Matt Burgess

Source link

November 26, 2025
Google Nest still sends data after remote control cutoff, researcher finds
[ad_1]
NEWYou can now listen to Fox News articles!

Google officially shut down remote control features for first and second generation Nest Learning Thermostats last month. Many owners assumed the devices would stop talking to Google once the company removed smart functions.

New research, however, shows that these early Nest devices continue uploading detailed logs to Google even though support has ended.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Early Nest Learning Thermostats still send sensor data to Google even after losing remote features. (Google)

Researcher finds unexpected data uploads from old Nest devices

Security researcher Cody Kociemba uncovered this quiet data flow after digging into the backend as part of a repair bounty challenge run by FULU, a right-to-repair group cofounded by electronics repair expert and YouTuber Louis Rossmann. The challenge asked developers to restore lost smart features for unsupported Nest devices. Kociemba teamed up with the open-source community and created No Longer Evil, software that brings smart functionality back to these aging thermostats.

While cloning Google’s API to build the project, he suddenly received a flood of logs from customer devices. That surprise led to a deeper look at what Google still collects.

Researcher Cody Kociemba uncovered the ongoing data uploads while building a tool to restore smart functions. (Google)

What Nest thermostats keep sending to Google

Even though remote control no longer works, Kociemba found that early Nest Learning Thermostats still upload a steady stream of sensor data to Google. This includes:
- Manual temperature changes
- Whether someone is in the room
- When sunlight hits the device
- Temperature readings
- Humidity levels
- Motion activity
- Ambient light data
Kociemba says the volume of logs was extensive. He turned off the incoming data because he never expected the devices to remain connected to Google after the shutdown.

Google previously said unsupported models will “continue to report logs for issue diagnostics.” However, Kociemba points out that Google cannot use that data to help customers anymore because support is fully discontinued. That makes the continued data flow even more puzzling.

AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH

CyberGuy contacted Google for comment, and a spokesperson provided us with the statement,

“The Nest Learning Thermostat (1st and 2nd Gen) is no longer supported in the Nest and Home apps, but temperature and scheduling adjustments can still be made directly on the unit. These devices will soon be unpaired and removed from all user accounts. Diagnostic logs, which are not tied to a specific user account, will continue to be sent to Google for service and issue tracking. Users who prefer to stop providing these logs can simply disconnect their device from Wi-Fi via the on-device settings menu.”

The thermostats continue reporting temperature, motion and light data even though official support has ended.

Why this discovery matters

Google cut access to remote control, security updates, software updates and status checks through the Nest and Google Home apps. Owners can no longer rely on the devices for key smart features. Yet the thermostats still push data to Google, creating a one-way connection that helps the company more than the customer.

Users do not benefit from the logs because support has been discontinued. Google cannot use these logs to diagnose problems or offer help. That raises questions about transparency and user choice for people who assumed the connection ended.

The FULU bounty that sparked the discovery

FULU’s bounty program encouraged developers to build tools that restore functionality to devices abandoned by their makers. After reviewing submissions, FULU awarded Kociemba and another developer known as Team Dinosaur the top bounty of $14,772 for bringing smart features back to early Nest models.

Their work highlights how community-driven repair efforts can keep useful devices alive. It also reveals how companies handle device data long after official support stops.

Ways to stay safe if you still use an old Nest thermostat

If you keep one of these unsupported Nest thermostats on your network, you can take a few simple steps to protect your privacy. These tips help reduce what the device sends to Google and lower your exposure.

1) Review your Google account activity

Start by checking what Google has linked to your home devices. Visit myactivity.google.com and look for thermostat logs or events you do not expect.

2) Place the device on a separate Wi-Fi network

A guest network keeps the thermostat away from your main devices. This limits what the thermostat can reach and helps prevent broader access.

3) Block outbound traffic when possible

Some routers let you stop individual devices from sending data to the internet. This cuts off log uploads while still letting the thermostat control heating and cooling.

4) Disable any remaining cloud features

If the device menu still offers cloud settings, turn off anything related to remote access or online diagnostics. Even partial controls help reduce data flow.

5) Remove old device associations from your Google account

Check your connected devices in your Google settings. Remove any old Nest entries that no longer serve a purpose. This stops leftover links that may still send data.

6) Adjust router settings that report device analytics

Some routers send analytics back to the router maker. Turn off cloud diagnostics to reduce the footprint of unsupported smart products.

7) Plan your replacement

Unsupported devices lose security updates. If you cannot isolate the thermostat on your network, consider upgrading to a model that still receives patches.

Pro Tip: Reduce your footprint with a data removal service

A data removal service can help you cut down on the amount of personal information available to data brokers. This adds another layer of privacy that supports your smart home security.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

The discovery that old Nest thermostats still send data to Google long after losing smart features gives owners a reason to take a closer look at their connected home. Unsupported devices can continue to talk to servers even when the useful side of the relationship ends. Understanding what your gadgets share helps you make informed decisions about what stays on your network.

Would you keep using a device that still sends data to its manufacturer even after it loses the features you paid for? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
November 25, 2025
How Android malware lets thieves access your ATM cash

[ad_1]

NEWYou can now listen to Fox News articles!

Smartphone banking has made life easier, but it has also opened new opportunities for cybercriminals.

Over the past few years, we have seen Android malware steal passwords, intercept OTPs and even take remote control of phones to drain accounts. Some scams focus on fake banking apps, while others rely on phishing messages that trick you into entering sensitive details.

Security researchers have now discovered a new threat that goes a step further. Instead of simply stealing login information, this malware gives thieves the ability to walk up to an ATM and withdraw your money in real time.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Android malware like NGate tricks users into downloading fake banking apps that steal sensitive data. (Kurt “CyberGuy” Knutsson)

How the NGate malware works

The Polish Computer Emergency Response Team (CERT Polska) discovered a new Android malware called NGate that uses NFC activity to access a victim’s bank account. This malware monitors contactless payment actions on the victim’s phone and forwards all transaction data, including the PIN, directly to a server controlled by attackers. It does not just copy card details. Instead, it waits until the victim taps to pay or performs a verification step, then captures the fresh, one-time authentication codes that modern Visa and Mastercard chips generate.

To pull this off, attackers need to infect the phone first. They typically send phishing messages claiming there is a security problem with the victim’s bank account. These messages often push people to download a fake banking app from a non-official source. Once the victim installs it, the app walks them through fake verification prompts and requests permissions that allow it to read NFC activity. As soon as the victim taps their phone or enters their PIN, the malware captures everything the ATM needs to validate a withdrawal.

MANAGE ANDROID APPS WITH THE NEW ‘UNINSTALL’ BUTTON

Once installed, the malware captures NFC tap-to-pay codes and PINs the moment the victim uses their phone. (Kurt “CyberGuy” Knutsson)

What attackers do with the stolen data at the ATM

The attackers rely on speed. The one-time codes generated during an NFC transaction are valid for only a short period. As soon as the infected phone captures the data, the information is uploaded to the attacker’s server. An accomplice waits near an ATM, holding a device capable of emulating a contactless card. This could be another phone, a smartwatch or custom NFC hardware.

When the data arrives, the accomplice presents the card-emulating device at the ATM. Since the information contains fresh, valid authentication codes and the correct PIN, the machine treats it like a real card. The ATM authorizes the withdrawal because everything appears to match a legitimate transaction. All of this happens without the criminal ever touching the victim’s physical card. Everything depends on timing, planning and getting the victim to unknowingly complete the transaction on their own phone.

Criminals use the stolen, time-limited codes at an ATM to make real withdrawals without the victim’s card. (Kurt “CyberGuy” Knutsson)

7 steps you can take to stay safe from Android NGate malware

As attacks like NGate become more sophisticated, staying safe comes down to a mix of good digital habits and a few simple tools that protect your phone and your financial data.

1) Download apps only from the Play Store

Most malicious banking apps spread through direct links sent in texts or emails. These links lead to APK files hosted on random servers. When you install apps only from the Play Store, you get Google’s built-in security checks. Play Protect regularly scans apps for malware and removes harmful ones from your device. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. Even if attackers send convincing messages, avoid installing anything from outside the official store. If your bank wants you to update an app, you will always find it on the Play Store.

2) Use strong antivirus software

One careless tap on a fake bank alert can hand criminals everything they need. Strong antivirus software can stop most threats before they cause damage. It scans new downloads, blocks unsafe links and alerts you when an app behaves in ways that could expose your financial data. Many threats like NGate rely on fake banking apps, so having real-time scanning turned on gives you an early warning if something suspicious tries to install itself.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

ATM ‘JACKPOTTING’ CRIME WAVE GROWS AFTER THIEVES WALK AWAY WITH HUNDREDS OF THOUSANDS IN CASH

3) Keep your device and apps updated

Security patches fix vulnerabilities that attackers use to hijack permission settings or read sensitive data. Updates also improve how Android monitors NFC and payment activity. Turn on automatic updates for both the operating system and apps, especially banking and payment apps. A fully updated device closes many of the holes that malware tries to exploit.

4) Use a password manager to avoid phishing traps

Phishing attacks often direct you to fake websites or fake app login pages that look identical to the real thing. A password manager saves your credentials and fills them in only when the website or app is authentic. If it refuses to autofill, it is a clear sign that you are on a fake page. Consider using a password manager to generate and store complex passwords.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Turn on two-factor authentication for all financial services

Two-factor authentication gives you a second layer of protection, even if your password is compromised. App-based authenticators are more secure than SMS codes because they cannot be intercepted as easily. For banking apps, enabling 2FA adds friction for attackers trying to perform unauthorized actions. Combined with strong passwords from a password manager, it significantly reduces the chance of account takeover.

6) Ignore suspicious texts, emails and calls

Attackers rely on urgency to trick you. They often claim that your card is blocked, your account is frozen or a payment needs verification. These messages push you to act fast and install a fake app. Always pause and check your bank’s official channels. Contact the bank through verified customer care numbers or the official app. Never click links or open attachments in unsolicited messages, even if they look legitimate.

7) Review app permissions

Most people install apps and forget about them. Over time, unused apps pile up with unnecessary permissions that increase risk. Open your phone’s permission settings and check what each app can access. If a simple tool asks for access to NFC, messages or accessibility features, uninstall it. Attackers exploit these excessive permissions to monitor your activity or capture data without your knowledge.

Kurt’s key takeaway

Cybercriminals are now combining social engineering with the secure hardware features inside modern payment systems. The malware does not break NFC security. Instead, it tricks you into performing a real transaction and steals the one-time codes at that moment. This makes the attack difficult to spot and even harder to reverse once the withdrawal goes through. The best defense is simple awareness. If a bank ever urges you to download an app from outside the Play Store, treat it as an immediate warning sign. Keeping your phone clean is now as important as keeping your physical card safe.

Have you ever downloaded an app from outside the Play Store? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

November 25, 2025
Amazon Is Using Specialized AI Agents for Deep Bug Hunting

[ad_1]

As generative AI pushes the speed of software development, it is also enhancing the ability of digital attackers to carry out financially motivated or state-backed hacks. This means that security teams at tech companies have more code than ever to review while dealing with even more pressure from bad actors. On Monday, Amazon will publish details for the first time of an internal system known as Autonomous Threat Analysis (ATA), which the company has been using to help its security teams proactively identify weaknesses in its platforms, perform variant analysis to quickly search for other, similar flaws, and then develop remediations and detection capabilities to plug holes before attackers find them.

ATA was born out of an internal Amazon hackathon in August 2024, and security team members say that it has grown into a crucial tool since then. The key concept underlying ATA is that it isn’t a single AI agent developed to comprehensively conduct security testing and threat analysis. Instead, Amazon developed multiple specialized AI agents that compete against each other in two teams to rapidly investigate real attack techniques and different ways they could be used against Amazon’s systems—and then propose security controls for human review.

“The initial concept was aimed to address a critical limitation in security testing—limited coverage and the challenge of keeping detection capabilities current in a rapidly evolving threat landscape,” Steve Schmidt, Amazon’s chief security officer, tells WIRED. “Limited coverage means you can’t get through all of the software or you can’t get to all of the applications because you just don’t have enough humans. And then it’s great to do an analysis of a set of software, but if you don’t keep the detection systems themselves up to date with the changes in the threat landscape, you’re missing half of the picture.”

As part of scaling its use of ATA, Amazon developed special “high-fidelity” testing environments that are deeply realistic reflections of Amazon’s production systems, so ATA can both ingest and produce real telemetry for analysis.

The company’s security teams also made a point to design ATA so every technique it employs, and detection capability it produces, is validated with real, automatic testing and system data. Red team agents that are working on finding attacks that could be used against Amazon’s systems execute actual commands in ATA’s special test environments that produce verifiable logs. Blue team, or defense-focused agents, use real telemetry to confirm whether the protections they are proposing are effective. And anytime an agent develops a novel technique, it also pulls time-stamped logs to prove that its claims are accurate.

This verifiability reduces false positives, Schmidt says, and acts as “hallucination management.” Because the system is built to demand certain standards of observable evidence, Schmidt claims that “hallucinations are architecturally impossible.”

[ad_2]

Lily Hay Newman

Source link

November 24, 2025
DoorDash breach exposes contact info for customers and workers

[ad_1]

NEWYou can now listen to Fox News articles!

DoorDash confirmed a data breach that exposed personal details for a mix of customers, delivery workers and merchants. The stolen information included names, email addresses, phone numbers and physical addresses. The company said it has no evidence of fraud tied to the breach so far, but the event still raises concerns for anyone who uses the service.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

DoorDash says an employee fell for a social engineering scam that let an unauthorized party access basic contact information. (DoorDash)

How the DoorDash breach happened

The company traced the incident back to a social engineering attack. An employee fell for a lure that gave hackers access to DoorDash systems. Once the company spotted the breach, it shut down access, launched an investigation and notified law enforcement. DoorDash also directly notified users where required.

The company confirmed the incident exposed names, email addresses, phone numbers and physical addresses for some people in its system. (DoorDash)

Who was affected by the DoorDash breach

DoorDash said the breach impacted a mix of users across its platform. That includes customers, delivery workers and merchants. CyberGuy reached out to DoorDash and a representative provided the following statement to us:

“DoorDash recently identified and shut down a cybersecurity incident in which an unauthorized third party gained access to and took basic contact information for some users whose data is maintained by DoorDash. No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed. The information accessed varied by individual and was limited to names, phone numbers, email addresses, and physical addresses. We have deployed enhanced security measures, implemented additional employee training, and engaged an external cybersecurity firm to support our ongoing investigation. For more information, please visit our Help Center.”

LOOKING FOR A CHEAP CHEESEBURGER? 10 AMERICAN CITIES THAT DELIVER THE BEST MEAL DEALS

If you received an alert from the company, take steps to protect your information. If you use the app but did not get a notice, you should still follow the safety tips below because exposed contact information can lead to scams long after a breach.

DoorDash says no sensitive information was accessed and investigators found no signs of fraud or identity theft tied to the breach. (DoorDash)

How to protect yourself after the DoorDash breach

Even though payment data stayed protected, exposed contact details can still open the door to scams. You can lower your risk with a few smart steps that keep your information safer online.

1) Watch for phishing attempts

Scammers move fast after a breach. They often send fake alerts that look like real DoorDash messages. These emails or texts may claim you need to verify your account or update your payment details. Delete any message that asks for personal information or urges you to click a link. When in doubt, go straight to the official app instead of trusting a message.

2) Use a data removal service

Data brokers collect and resell personal details that scammers often exploit. A data removal service works to pull your information off those sites. This limits your exposure and makes it harder for criminals to target you. It is one of the easiest long-term steps you can take to protect your privacy.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Use strong passwords and a password manager

Stronger passwords give you better protection. Create unique passwords for every account so one breach cannot unlock your digital life. A password manager makes this easier by generating secure passwords and storing them safely. It also autofills them, so you spend less time typing.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Turn on multi-factor authentication

Multi-factor authentication (MFA) adds a simple barrier that blocks most break-in attempts. When you turn it on, you confirm each login with a code or app prompt. This keeps your account safe even if someone learns your password. Most major apps let you enable this setting in the Security section.

5) Use strong antivirus protection

Strong antivirus software shields you from malicious links and downloads. It scans files in real time and warns you when something looks dangerous. This gives you an extra layer of defense against phishing attempts that try to install malware.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

6) Review your account activity

It helps to check your DoorDash account for anything unusual. Look at your order history, saved addresses and payment methods. If something looks off, update your password and contact DoorDash support right away. Quick action can stop a small issue from turning into a bigger problem.

Kurt’s key takeaways

A breach like this reminds us how quickly cybercriminals can exploit a single mistake. DoorDash moved fast to cut off access and confirm the damage, but exposed contact information can still create risks. Staying alert and using basic security habits can help you avoid trouble.

CLICK HERE TO GET THE FOX NEWS APP

What concerns you most about companies holding your personal information, and how would you like them to handle incidents like this? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

November 24, 2025