ReportWire

Tag: Security

  • Scammers target retirees as major 401(k) rule changes loom for 2026 tax year ahead nationwide

    [ad_1]

    NEWYou can now listen to Fox News articles!

    If you’re over 50 and maxing out your 401(k), there’s a big change coming in 2026 that could affect how much tax you pay on your “catch-up contributions.” While it’s mostly about taxes and retirement planning, there’s an unexpected side effect: scammers are circling. Every time your financial habits or personal data become public, it’s a chance for fraudsters to try to exploit you. Here’s what’s changing, why it matters, and how to protect yourself before the scammers come knocking.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

    What’s changing with 401(k) catch-up contributions

    REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS

    Right now, if you’re over 50, you can make extra contributions to your 401(k) on top of the standard annual limit ($23,500 in 2025). These “catch-up” contributions are typically tax-deferred, meaning the money comes out of your paycheck before tax and grows tax-free until retirement.

    But starting in 2026, for anyone earning more than $145,000 in the previous year, these catch-up contributions will no longer be tax-deferred. Instead, they’ll become like the Roth 401(k), meaning you pay taxes on the money now, but it grows tax-free and can be withdrawn tax-free in retirement.

    That sounds simple, but it creates a ripple effect:

    • High earners will see less take-home pay now.
    • Tax planning gets trickier, and some people may consider restructuring their accounts or investment strategies.
    • And, most importantly for CyberGuy readers: these changes create new opportunities for scammers.

    Big 401(k) changes in 2026 could leave retirees exposed to new scam risks. (Cyberguy.com)

    Why the new rules could attract scammers

    FBI WARNS SENIORS ABOUT BILLION-DOLLAR SCAM DRAINING RETIREMENT FUNDS, EXPERT SAYS AI DRIVING IT

    Scammers constantly look for financially active retirees. When rules like this change, fraudsters send out emails, calls, or letters pretending to be financial advisors, IRS agents, or plan administrators. Their goal? To trick you into giving away account numbers, Social Security details, or direct-deposit information.

    Some common scam tactics to watch for:

    • Fake “plan update” emails claiming you need to verify your 401(k) contributions due to the law change.
    • Roth conversion scam calls claiming you can “avoid extra taxes” by transferring your account through a third-party “advisor.”
    • Urgency and fear tactics, such as “Act now, or lose your retirement benefits!”

    Even savvy retirees can be caught off guard, especially when the message sounds official and references real tax law changes.

    How to protect yourself from 401(k) scams and data theft

    NATIONAL PROGRAM HELPS SENIORS SPOT SCAMS AS LOSSES SURGE

    With new 401(k) rule changes taking effect, scammers are using the confusion to trick retirees and workers alike. Follow these steps to stay alert, safeguard your savings, and protect your personal data from being stolen or misused.

    1) Know the legitimate changes

    Start by understanding Secure 2.0 and how catch-up contributions will be taxed. Reliable sources include your plan administrator, the IRS website, or a licensed tax advisor. Staying informed helps you spot fake claims before they cause harm.

    2) Use a personal data removal service

    For retirees, this extra layer of protection keeps sensitive information out of reach from scammers who exploit tax changes, Roth conversions, and retirement updates. While you can manually opt out of data brokers and track your information, that process takes time and effort. A personal data removal service automates the task by contacting over 420 data brokers on your behalf. It also reissues removal requests if your data reappears and shows you a dashboard of confirmed removals.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Scam written on a tablet surrounded by cash

    Scammers are already targeting retirees with fake “account update” alerts. (Kurt “CyberGuy” Knutsson)

    HOW TO SECURE YOUR 401(K) PLAN FROM IDENTITY FRAUD

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    3) Verify every call and email, plus use antivirus software

    If you get a call or email about your 401(k), don’t assume it’s real. Hang up or delete it, then contact your plan administrator directly using official contact details. Avoid clicking links or downloading attachments from unknown messages.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    4) Monitor your credit and accounts

    Cybercriminals often use personal information from earlier data leaks or data brokers. Watch your credit reports and account activity closely. Early detection can stop suspicious transactions before they escalate.

    HOW SCAMMERS EXPLOIT YOUR DATA FOR ‘PRE-APPROVED’ RETIREMENT SCAMS

    5) Set up alerts and freezes if necessary

    Ask your bank and retirement plan to enable transaction alerts. You can also temporarily freeze your credit to prevent anyone from opening new accounts in your name. This is especially useful during times of financial change.

    6) Educate friends and family

    Scammers often target retirees and their relatives who help manage finances. Remind your loved ones never to share account details over the phone or email. Protecting everyone in your household keeps scammers from finding weak links.

    Man reviews inheritance documents

    Stay safe by confirming any 401(k) changes directly with your plan provider. (uchar/Getty Images)

    Kurt’s key takeaways

    As 2026 approaches, the new 401(k) rule changes will reshape how millions of Americans manage their retirement savings. Staying informed, cautious, and proactive can protect your financial future. Scammers thrive on confusion, but by verifying information, monitoring your accounts, and removing your personal data from risky sites, you can stay one step ahead. Remember, the more control you take over your privacy, the harder it becomes for criminals to exploit it.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Have you taken steps to see where your personal data is exposed, and what did you find most surprising when you checked? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 5 social media safety tips to protect your privacy online

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Let’s face it: Social media can feel like a minefield. Between oversharing personal details, friend requests from strangers and sneaky scams sliding into your DMs, it’s easy to put yourself at risk without realizing it. But staying safe online doesn’t have to be complicated. With a few smart settings and habits, you can enjoy social media without giving away more than you mean to.

    Settings and menus on social media platforms can change over time and may vary by device (iOS vs. Android vs. Web) or region. The steps below were accurate at the time of publishing, but you may see slightly different wording or paths depending on updates, app version or mobile device manufacturer.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter

    HOW TO REMOVE YOUR PERSONAL INFO FROM PEOPLE-SEARCH SITES

    1) Turn off Location Sharing

    Many apps automatically tag your posts with your location. That can let strangers know your routines or even your home address.

    Scammers have a harder time learning about your life the less you share online.    (Kurt “CyberGuy” Knutsson)

    How to turn off Location Sharing

    On iPhone

    • Go to Settings.
    • Click Privacy & Security.
    • Tap Location Services.
    • Then pick the app.
    • Set it to “Never” or “While Using the App.”

    On Android

    (Settings may vary depending on your Android phone’s manufacturer.)

    • Go to Settings.
    • Tap Location.
    • Click App permissions.
    • Then select the app and toggle location off or select Don’t allow.

    Note: Some apps may still have permission for “While using the app” or “Only this time.” So, you should check each app individually, especially camera and social-media apps, for location permissions.

    Pro tip: Even turning off location for just your camera app helps keep photos from carrying hidden location data.

    META TO ALLOW TEENS’ PARENTS TO DISABLE PRIVATE CHATS WITH AI AFTER BACKLASH OVER FLIRTY CHATBOTS

    A child holds an iPhone at an Apple store on Sept. 25, 2015 in Chicago.

    Parents — and even some teens — are growing increasingly concerned about the effects of social media use on young people. (AP Photo/Kiichiro Sato, File)

    2) Use a private account

    A private account means only people you approve can see your posts and photos. Think of it like putting a lock on your front door.

    How to set private accounts

    Facebook

    • Go to Settings & Privacy.
    • Tap Settings.
    • Scroll to the Audience & Visibility (or Your Activity) section.
    • Click Posts.
    • Find “Who can see your future posts?” and set it to Friends.

    Instagram

    • Tap your profile.
    • Tap the menu (☰).
    • Tap Account Privacy.
    • Toggle on Private account.

    TikTok

    • Go to your Profile.
    • Tap the menu (☰).
    • Select Settings and privacy.
    • Tap Privacy.
    • Toggle on Private account.

    X (formerly Twitter)

    • Click on your profile icon in the top left of the screen.
    • Open Settings and privacy.
    • Select Privacy and safety.
    • Tap Audience and tagging.
    • Toggle Protect your posts (or Protect your Tweets).
    • Once enabled, only approved followers can see your posts.

    Snapchat

    • Open Settings (gear icon).
    • Scroll to Privacy Controls.
    • Under “Who Can,” adjust options like Contact Me, View My Story and See Me in Quick Add to Friends only.

    YouTube

    • Go to your YouTube Studio (desktop or mobile app).
    • When uploading, set visibility to Private or Unlisted.
    • For existing videos, open the video’s settings and change visibility as needed.

    Note: Entire channels cannot be made private, only individual videos.

    LinkedIn

    • Tap your profile photo
    • Settings.
    • Go to Visibility.
    • Under Profile viewing options, select Private mode.
    • You can also control who sees your connections and activity under “Visibility of your LinkedIn activity.”
    identity theft tech scam

    Identity theft has become so commonplace that it no longer shocks you to hear about the latest scam. (Cyberguy.com)

    3) Report suspicious accounts

    Fake profiles are everywhere. Scammers may pose as friends, celebrities or even customer service reps. Reporting them helps keep you (and others) safe.

    How to report an account

    Facebook

    • Go to the fake or impersonating profile.
    • Tap the three-dot menu (Options).
    • Select Find support or report profile.
    • Choose a reason, such as pretending to be someone else.
    • Follow the on-screen prompts to submit the report.

    Instagram

    • Go to the profile.
    • Tap the three-dot menu.
    • Select Report.
    • Choose a reason.
    • Follow the on-screen instructions to complete the report.

    TikTok

    • Open the profile.
    • Tap the three-dot menu (or sometimes the Share icon).
    • Select Report.
    • Choose Report account.
    • Select the reason.
    • Submit the report.

    X (formerly Twitter)

    • Go to the account profile.
    • Tap the three-dot or overflow icon.
    • Select Report.
    • Choose the type of issue.
    • If you’re reporting an entire profile rather than a single post, select Report @username from the profile page.

    YouTube

    • Go to the channel page.
    • Tap the About tab (on desktop) or the three-dot menu (on mobile).
    • Select Report.
    • Choose the reason.
    • Submit the report.

    Snapchat

    • Go to the user’s profile.
    • Tap the three-dot menu or gear icon.
    • Select Report.
    • Choose the reason.
    • Submit the report.

    LinkedIn

    • Visit the fake or suspicious profile.
    • Tap the More button (or three dots).
    • Select Report abuse.
    • Select a reason and follow the prompts.

    Pro tip: Don’t just block. Report alerts to the platform so they can remove the account for everyone.

    Teenage boy on smartphone

    With a few smart settings and habits, you can enjoy social media without giving away more than you mean to. (Thai Liang Lim/Getty Images)

    4) Enable two-factor authentication (2FA)

    Even if someone steals your password, 2FA makes it harder for them to break in. It adds an extra step, like a code texted to your phone.

    How to enable two-factor authentication (2FA)

    Facebook

    • Go to the menu and select Settings & Privacy, then Settings.
    • Tap Accounts Center.
    • Then click Password and Security.
    • Tap Two-factor authentication.
    • It may ask you to choose an account to set up two-factor authentication. 
    • Choose your preferred method, such as an authentication app, text message or security key and follow the on-screen instructions.

    Instagram

    • Go to your profile and open Settings.
    • Click Accounts Center. 
    • Select Password and Security.
    • Then Two-Factor Authentication.
    • It may ask you to choose an account to set up two-factor authentication. 
    • Choose your preferred method, such as an authentication app, text message or security key and follow the on-screen instructions.

    TikTok

    • Go to your Profile.
    • Then open the Menu.
    • Select Settings and privacy.
    • Then, Security and permissions.
    • Tap 2-step verification.
    • Choose one or more verification methods, such as text message, email or an authentication app.
    • Click Turn On. 
    • Follow the prompts to finish setup.

    X (formerly Twitter)

    • Click on your profile on the upper left of the screen.
    • Open Settings and privacy.
    • Select Security and account access, then Security.
    • Tap Two-factor authentication.
    • Choose your preferred method, such as text message, authentication app or security key.
    • Follow the steps to turn it on.

    Note: Text message (SMS) verification on X may only be available for paid (Premium) users or in certain regions. If SMS isn’t available, you can still use an authentication app or a physical security key for two-factor authentication.

    Pro tip: Use an authenticator app (like Google Authenticator or Authy) instead of text messages for stronger protection.

    5) Check your photos before posting

    Your photos may reveal more than you think — house numbers, car license plates or even vacation details that signal you’re away from home.

    Quick fixes before posting

    • Crop or blur backgrounds that show personal details.
    • Avoid posting in real time while traveling. Wait until you’re back.
    • Review old posts to make sure you’re not unintentionally sharing private info.

    SOCIAL MEDIA VERIFICATION SYSTEMS LOSE POWER AS SCAMMERS PURCHASE CHECKMARKS TO APPEAR LEGITIMATE

    Bonus tip: Keep personal info under wraps

    Every time you post, share or comment online, you’re leaving small clues about your life, and scammers are great at putting those pieces together. The less information fraudsters can find about you, the weaker their scams become.

    Many impersonators use public details like your hometown, workplace or family connections to build fake profiles that seem trustworthy. Even information like your email address or phone number can be exploited if it’s floating around the internet.

    A personal data removal service can help reduce that risk by scrubbing your personal details from people search sites and data brokers. While no solution is perfect, minimizing your digital footprint makes you a much harder target for impersonation and social-engineering scams. These services actively monitor and systematically remove your information from hundreds of sites, saving you time and giving you peace of mind.

    Protecting your privacy online isn’t just about what you share on social media; it’s also about controlling what’s out there already. Limiting that data means scammers can’t easily cross-reference your information with data from breaches or the dark web.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

    Get a free scan to find out if your personal information is already out on the web: CyberGuy.com.

    Kurt’s key takeaways

    Staying safe on social media isn’t about deleting your accounts; it’s about taking control of your information. Turning off location sharing keeps your whereabouts private. Switching to a private account gives you more say over who sees your posts. Being cautious with friend requests and DMs helps you avoid scams. And double-checking your photos before posting prevents oversharing. With just a few quick settings and habits, you can enjoy social media with peace of mind.

    Have you ever spotted a scam or fake account online? Tell us what happened by writing to us at CyberGuy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • How to use passkeys to keep your computer safe

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Keeping your computer secure is more important than ever. Cyberattacks target computers, accounts and sensitive data daily. Traditional passwords have long been the cornerstone of security, but they come with real challenges. Many of us reuse passwords across sites, and even strong passwords can be compromised in data breaches.

    Passkeys offer a safer and more convenient way to authenticate. However, they’re still relatively new, and many of us are still trying to figure out how they work. For example, Peter recently reached out asking, “How do I get a passkey from a PC desktop that doesn’t have a camera or fingerprint device?”

    That’s a great question, Peter, and you’re not alone in wondering about this. The good news is that passkeys are designed to work on virtually any device, whether or not it has biometric hardware like a fingerprint reader or camera. Let’s explore what passkeys are, why they’re worth using and how to set them up on both Windows and Mac, regardless of your hardware setup.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    10 WAYS TO SECURE YOUR OLDER MAC FROM THREATS AND MALWARE

    Passkeys make signing in faster and safer by replacing traditional passwords with encrypted keys. (Kurt “CyberGuy” Knutsson)

    What are passkeys?

    Passkeys use cryptography to prove who you are. When you create a passkey, your device makes two keys, one public and one private. The public key goes to the website, and your private key stays on your device. During login, your device confirms your identity with the private key. The website never sees or stores it.

    This process blocks phishing and password theft. It also makes sign-in faster. You don’t need to remember or type long passwords anymore.

    While passkeys simplify authentication, they don’t eliminate the need for a secure password manager. Password managers can safely store and sync your passkeys, just as they do with passwords, allowing you to access your credentials across devices and browsers — even if those devices don’t natively sync passkeys, such as between Windows and Apple systems. Using a password manager alongside passkeys creates a bridge between platforms and provides an additional layer of security and convenience.

    Can you use passkeys without biometrics?

    Yes, you can. A PC or Mac without a camera or fingerprint reader can still use passkeys. On Windows, you unlock them with your Windows Hello PIN. On Apple devices, you can use Touch ID, Face ID or your passcode. The key is having an updated operating system and browser that support passkeys.

    If you manage multiple accounts or devices, a password manager that supports passkeys can act as your central vault. This lets you use passkeys even on systems that don’t directly support syncing through iCloud or Google Password Manager. It’s an easy way to ensure you always have access to your credentials, no matter what kind of device you use.

    Why you still need passwords

    Not every website supports passkeys yet. Some services still rely on passwords. Keep strong, unique passwords for those accounts. Passwords also serve as backup if you lose a device or can’t use your passkey. Over time, more sites will support password-free logins.

    This is where password managers continue to play an important role. They bridge the gap between old and new authentication methods, allowing you to store both traditional passwords and passkeys in one secure place. Until the web is fully passkey-ready, combining the two provides both convenience and resilience, giving you a seamless experience across multiple devices and services.

    A MacBook

    Passkeys also prevent phishing because your private key never leaves your device during sign-in. (Kurt “CyberGuy” Knutsson)

    Passkey support by platform 

    Windows

    • Works on Windows 10 and 11.
    • Windows 11 version 22H2 (KB5030310+) includes passkey management.
    • Unlock with Windows Hello PIN, face, or fingerprint.

    If your browser or operating system doesn’t yet sync passkeys automatically, a third-party password manager with passkey support can store them for cross-platform access.

    macOS and iOS

    • Works on macOS 13 Ventura or later and iOS/iPadOS 16 or later.
    • Passkeys sync through iCloud Keychain with end-to-end encryption.
    • Two-factor authentication must be turned on.
    • Use Touch ID, Face ID or your device passcode to confirm logins.

    While Apple’s iCloud Keychain handles passkeys securely within its ecosystem, using a password manager that supports passkeys provides extra flexibility, letting you securely access the same credentials on non-Apple devices or browsers outside Safari.

    Android

    • Available on Android 9 and later.
    • Android 14 adds third-party passkey manager support.
    • Passkeys sync through Google Password Manager by default.

    Alternatively, password managers now integrate passkey syncing, letting you use your passkeys seamlessly on both desktop and mobile devices.

    Browsers

    • Chrome, Edge, Safari and Firefox all support passkeys.
    • Keep your browser updated for the best compatibility.

    Browser-based password managers can also sync passkeys, adding flexibility if you switch between devices or operating systems.

    Major services that support passkeys

    As of publishing, these major services offer passkey sign-in:

    • Google
    • Microsoft
    • Apple
    • Amazon
    • PayPal
    • GitHub
    • Uber
    • eBay
    • WhatsApp
    • Facebook

    Support continues to expand every month. Most new accounts on these platforms can now use passkeys.

    How to set up passkeys on Windows

    • Open Settings → Accounts → Sign-in options.
    • Set up Windows Hello PIN or biometrics.
    • Visit a site that supports passkeys.
    • Choose Create a passkey and confirm with your PIN or biometric.
    • Manage passkeys later under Settings → Accounts → Passkeys on Windows 11.

    If your PC lacks biometrics, you can still approve sign-ins using your phone nearby or a synced password manager that supports passkeys.

    Windows passkey

    (Kurt “CyberGuy” Knutsson)

    How to set up passkeys on Mac

    Apple devices also provide a simple and secure way to use passkeys through iCloud Keychain. There’s no separate setup for passkeys if you have iCloud Keychain enabled. Once it’s on, an eligible app or service will ask you to create a passkey at the time of login, and you’ll be able to do so by following the instructions on the screen. Below is how you can enable iCloud Keychain.

    • Go to Apple menu → System Settings → your name → iCloud.
    • Click Passwords and turn on Passwords & Keychain and enable syncing.
    • Visit a site that supports passkeys.
    • Select Create a passkey and confirm with Touch ID or your passcode.
    • Passkeys will sync to your other Apple devices through iCloud Keychain.

    You can also approve logins on a non-Apple device using your iPhone nearby, or access them through a password manager that stores both your passkeys and passwords in one place.

    iCloud Keychain

    On Windows, you can use passkeys with a simple Hello PIN, even without a camera or fingerprint reader. (Kurt “CyberGuy” Knutsson)

    Common questions about passkeys

    Can I move passkeys between devices?

    Yes. iCloud and Google Password Manager sync passkeys securely. For more flexibility, password managers now support passkey portability across different ecosystems, perfect if you use both Mac and Windows, or Android and iPhone.

    What if I lose my device?

    You can recover passkeys from iCloud, Google or your password manager. Always keep a backup login method and 2FA enabled. Storing your passkeys in a secure password manager ensures recovery even if you lose access to one platform’s ecosystem.

    Are passkeys fully replacing passwords?

    Not yet. Many major platforms support them, but full adoption will take time. Until then, password managers remain an essential bridge technology, providing secure storage, synchronization and transition support as passkeys continue to expand.

    MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO ‘REAL-WORLD DANGERS’ FOR USERS

    5 additional steps you can take to keep your computer safe

    Even with passkeys and strong passwords, there are other steps you can take to enhance the security of your computer.

    1) Use a password manager

    Password managers help generate and store strong, unique passwords for every account. This reduces the risk of password reuse and ensures that your backup passwords are secure. Now that many password managers support passkeys, they also act as your universal credential vault, letting you log in with either method depending on what a website supports.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see CyberGuy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at CyberGuy.com.

    2) Install strong antivirus software

    Strong antivirus software protects against malware, ransomware and other threats. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    3) Keep your system updated

    Regular updates fix security vulnerabilities in your operating system and software. Enable automatic updates whenever possible to stay protected.

    4) Enable two-factor authentication

    Two-factor authentication (2FA) adds a second verification step, usually through a code sent to your phone or email, or through an authentication app. This makes it harder for attackers to access your accounts even if your password or passkey is compromised.

    5) Backup your data

    Regularly backing up your Mac or PC to a secure cloud service or external drive ensures that you can recover important data in case of hardware failure, malware attack, or accidental deletion.

    Kurt’s key takeaway

    Passkeys are a major upgrade over traditional passwords, but we’re not living in an all-passkey world just yet. Many sites still rely on passwords, and you’ll need backups if something happens to your device. Supplementing passkeys with a password manager is the best move right now; it lets you store, sync and protect both passkeys and passwords under one roof. The good news is that setting up passkeys takes just a few minutes, and once they’re enabled, logging in becomes faster and more secure.

    Have you tried using passkeys yet? Let us know by writing to us at CyberGuy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Browser Password Managers Are Great, and a Terrible Idea

    [ad_1]

    By default, Google manages your encryption key, but it allows you to set up on-device encryption, which functions similarly to a zero-knowledge architecture. Your passwords are encrypted before being saved on your device, and you manage the key. Regardless of how the encryption works, Google uses AES, which is still the gold standard for security among password managers.

    It was trivial to decrypt Chrome passwords previously, requiring little more than a Python script and knowledge of where the files are stored. But even there, Google has pushed the security bar up. App-bound encryption has invalidated those methods, and cracking passwords is far more involved than it used to be. Further, Google has integrated with Windows Hello. If you choose, you can have Windows Hello protect your passwords each time you log in by asking for your PIN or biometric authentication.

    Other browsers aren’t as secure. Firefox, for instance, makes it clear that, although passwords saved in Firefox are encrypted, “someone with access to your computer user profile can still see or use them.” Brave works in a similar way, though I suspect most people using Brave are using a third-party password manager (and probably a VPN) already.

    Regardless, storing your passwords in even a less secure browser like Firefox is leaps and bounds better than not using a password manager at all. And the browsers at the forefront of market share, Chrome and Safari, have vastly improved their security practices over the past few years. The problem isn’t encryption—it’s putting all your eggs in one basket.

    Let’s Talk OpSec

    OpSec, or operational security, is normally a term used when talking about sensitive data in government or private organizations, but you can look at your own security through an OpSec lens. If you were an attacker and wanted to swipe someone’s passwords, how would you go about it? I know where I’d look first.

    Even with better security measures, the goal of a browser-based password manager is to get people using password managers. That has to be balanced against how easy the password manager is to use. In a blog post announcing changes to Google’s authentication methods from Google I/O this year, the company mentions reducing “friction” seven times, while “encryption” isn’t mentioned at all. That’s not a bad thing, but it’s a testament to how these tools are designed.

    You don’t need to pick out words from a blog post to see this focus. Google gives you the option to turn on Windows Hello or biometric authentication with the Google Password Manager. Each time you want to fill in a password, you’ll need to authenticate. That’s undoubtedly more secure than not authenticating each time, but the setting is turned off by default. It creates friction.

    [ad_2]

    Jacob Roach

    Source link

  • Payroll scam hits US universities as phishing wave tricks staff

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Phishing scams target every kind of institution, whether it’s a hospital, a big tech firm or even a fast-food chain. Educational institutions aren’t an exception, especially in 2025, when attackers are actively directing their efforts toward them. Universities across the U.S. are facing a new type of cybercrime where attackers are targeting staff to hijack salary payments. Researchers have discovered that since March 2025, a hacking group known as Storm-2657 has been running “pirate payroll” attacks, using phishing tactics to gain access to payroll accounts. Let’s talk more about this attack and how you can stay safe.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM. newsletter.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    How does the university payroll scam work

    According to Microsoft Threat Intelligence, Storm-2657 primarily targets Workday, a widely used human resources platform, though other payroll and HR software could be at risk as well. The attackers begin with highly convincing phishing emails, carefully crafted to appeal to individual staff members. Some messages warn of a sudden campus illness outbreak, creating a sense of urgency, while others claim that a faculty member is under investigation, prompting recipients to check documents immediately. In some cases, emails impersonate the university president or HR department, sharing “important” updates about compensation and benefits.

    Phishing scams are evolving fast and now universities have become prime targets for payroll theft. (Kurt “CyberGuy” Knutsson)

    These emails contain links designed to capture login credentials and multi-factor authentication (MFA) codes in real time using adversary-in-the-middle techniques. Once a staff member enters their information, the attackers can access the account as if they were the legitimate user. After gaining control, the hackers set up inbox rules to delete Workday notifications, so the victims do not see alerts about changes. This stealthy approach allows the attackers to modify payroll profiles, adjust salary payment settings and redirect funds to accounts they control, all without raising immediate suspicion.

    COLUMBIA UNIVERSITY DATA BREACH HITS 870,000 PEOPLE

    Hackers are exploiting universities at scale

    The hackers don’t stop at a single account. Once they control one mailbox, they use it to spread the attack further. Microsoft reports that from just 11 compromised accounts at three universities, Storm-2657 sent phishing emails to nearly 6,000 email addresses at 25 institutions. By using trusted internal accounts, their emails appear more legitimate, increasing the likelihood that recipients will fall for the scam.

    To maintain access over time, the attackers sometimes enroll their own phone numbers as MFA devices, either through Workday profiles or through Duo MFA. This gives them persistent access, allowing them to approve further malicious actions without needing to phish again. Combined with inbox rules that hide notifications, this strategy lets them operate undetected for longer periods.

    Microsoft emphasizes that these attacks don’t exploit a flaw in Workday itself. Instead, they rely on social engineering, the absence of strong phishing-resistant MFA and careful manipulation of internal systems. In essence, the threat comes from human behavior and insufficient protection, not software bugs.

    A fake email

    Hackers lure staff with convincing emails that mimic campus alerts or HR updates and steal login details in real time.  (Microsoft)

    6 ways to stay safe from payroll and phishing scams

    Protecting yourself from payroll and phishing scams isn’t complicated. By taking a few careful steps, you can make it much harder for attackers to gain access to your accounts or personal information.

    1) Limit what personal information is online

    The more information scammers can find about you, the easier it is to craft convincing phishing messages. Services that remove or monitor personal data online can reduce exposure, making it harder for attackers to trick you with targeted emails.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    2) Think before you click

    Scammers often send emails that look like they come from your HR department or university leadership, warning about payroll, benefits or urgent issues. Don’t click links or download attachments unless you are 100% sure they are legitimate. Even small mistakes can give attackers access to your accounts.

    The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    College Students on University Campus

    Researchers have discovered that since March 2025, a hacking group known as Storm-2657 has been running “pirate payroll” attacks, using phishing tactics to gain access to payroll accounts. (Javi Sanz/Getty Images)

    3) Verify directly with the source

    If an email mentions salary changes or requires action, call or email the HR office or the person directly using contact information you already know. Phishing emails are designed to create panic and rush decisions, so taking a moment to verify can stop attackers in their tracks.

    4) Use strong, unique passwords

    Never reuse passwords across multiple accounts. Scammers often try to use credentials stolen from other breaches. A password manager can help you generate strong passwords and store them securely, so you don’t have to remember dozens of different combinations.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Enable two-factor authentication (2FA)

    Add an extra layer of security by enabling 2FA on all accounts that support it. This means even if someone steals your password, they still can’t log in without a second verification step, such as a code sent to your phone.

    6) Regularly check financial and payroll accounts

    Even if you follow all precautions, it’s smart to monitor your accounts for any unusual activity. Catching unauthorized transactions quickly can prevent bigger losses and alert you to potential scams before they escalate.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Hackers will reroute payments after gaining access to users' login information.

    Hackers will reroute payments after gaining access to users’ login information. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaway

    The Storm-2657 attacks show that cybercriminals are targeting trust, not software. Universities are appealing because payroll systems handle money directly, and staff can be manipulated through well-crafted phishing. The scale and sophistication of these attacks highlight how vulnerable even well-established institutions can be to financially motivated threat actors.

    How often do you check your payroll or bank accounts for unusual activity? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM. newsletter.   

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Amazon Explains How Its AWS Outage Took Down the Web

    [ad_1]

    The cloud giant Amazon Web Services experienced DNS resolution issues on Monday leading to cascading outages that took down wide swaths of the web. Monday’s meltdown illustrated the world’s fundamental reliance on so-called hyperscalers like AWS and the challenges for major cloud providers and their customers alike when things go awry. See below for more about how the outage occurred.

    US Justice Department indictments in a mob-fueled gambling scam reverberated through the NBA on Thursday. The case includes allegations that a group backed by the mob was using hacked card shufflers to con victims out of millions of dollars—an approach that WIRED recently demonstrated in an investigation into hacking Deckmate 2 card shufflers used in casinos.

    We broke down the details of the shocking Louvre jewelry heist and found in an investigation that US Immigration and Customs Enforcement likely did not buy guided missile warheads as part of its procurements. The transaction appears to have been an accounting coding error.

    Meanwhile, Anthropic has partnered with the US government to develop mechanisms meant to keep its AI platform, Claude, from guiding someone through building a nuclear weapon. Experts have mixed reactions, though, about whether this project is necessary—and whether it will be successful. And new research this week indicates that a browser seemingly downloaded millions of times—known as the Universe Browser—behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.

    And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    AWS confirmed in a “post-event summary” on Thursday that its major outage on Monday was caused by Domain System Registry failures in its DynamoDB service. The company also explained, though, that these issues tipped off other problems as well, expanding the complexity and impact of the outage. One main component of the meltdown involved issues with the Network Load Balancer service, which is critical for dynamically managing the processing and flow of data across the cloud to prevent choke points. The other was disruptions to launching new “EC2 Instances,” the virtual machine configuration mechanism at the core of AWS. Without being able to bring up new instances, the system was straining under the weight of a backlog of requests. All of these elements combined to make recovery a difficult and time-consuming process. The entire incident—from detection to remediation—took about 15 hours to play out within AWS. “We know this event impacted many customers in significant ways,” the company wrote in its post mortem. “We will do everything we can to learn from this event and use it to improve our availability even further.”

    The cyberattack that shut down production at global car giant Jaguar Land Rover (JLR) and its sweeping supply chain for five weeks is likely to be the most financially costly hack in British history, a new analysis said this week. According to the Cyber Monitoring Centre (CMC), the fallout from the attack is likely to be in the region of £1.9 billion ($2.5 billion). Researchers at the CMC estimated that around 5,000 companies may have been impacted by the hack, which saw JLR stop manufacturing, with the knock-on impact of its just-in-time supply chain also forcing firms supplying parts to halt operations as well. JLR restored production in early October and said its yearly production was down around 25 percent after a “challenging quarter.”

    ChatGPT maker OpenAI released its first web browser this week—a direct shot at Google’s dominant Chrome browser. Atlas puts OpenAI’s chatbot at the heart of the browser, with the ability to search using the LLM and have it analyze, summarize, and ask questions of the web pages you’re viewing. However, as with other AI-enabled web browsers, experts and security researchers are concerned about the potential for indirect prompt injection attacks.

    These sneaky, almost unsolvable, attacks involve hiding a set of instructions to an LLM in text or an image that the chatbot will then “read” and act upon; for instance, malicious instructions could appear on a web page that a chatbot is asked to summarize. Security researchers have previously demonstrated how these attacks could leak secret data.

    Almost like clockwork, AI security researchers have demonstrated how Atlas can be tricked via prompt injection attacks. In one instance, independent researcher Johann Rehberger showed how the browser could automatically turn itself from dark mode to light mode by reading instructions in a Google Document. “For this launch, we’ve performed extensive red-teaming, implemented novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and safety measures, and added new systems to detect and block such attacks,” OpenAI CISO Dane Stuckey wrote on X. “However, prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agent[s] fall for these attacks.”

    Researchers from the cloud security firm Edera publicly disclosed findings on Tuesday about a significant vulnerability impacting open source libraries for a file archiving feature often used for distributing software updates or creating backups. Known as “async-tar,” numerous “forks” or adapted versions of the library contain the vulnerability and have released patches as part of a coordinated disclosure process. The researchers emphasize, though, that one widely used library, “tokio-tar,” is no longer maintained—sometimes called “abandonware.” As a result, there is no patch for tokio-tar users to apply. The vulnerability is tracked as CVE-2025-62518.

    “In the worst-case scenario, this vulnerability … can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers wrote. “Our suggested remediation is to immediately upgrade to one of the patched versions or remove this dependency. If you depend on tokio-tar, consider migrating to an actively maintained fork like astral-tokio-tar.”

    Over the last decade, hundreds of thousands of people have been trafficked to forced labor compounds in Southeast Asia. In these compounds—mostly in Myanmar, Laos, and Cambodia—these trafficking victims have been compelled to run online scams and steal billions for organized crime groups.

    When law enforcement agencies have shut off internet connections to the compounds, the criminal gangs have often turned to Elon Musk’s Starlink satellite system to stay online. In February, a WIRED investigation found thousands of phones connecting to the Starlink network at eight compounds based around the Myanmar-Thailand border. At the time, the company did not respond to queries about the use of its systems. This week, multiple Starlink devices were seized in a raid at a Myanmar compound.

    [ad_2]

    Matt Burgess, Lily Hay Newman

    Source link

  • How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA

    [ad_1]

    “If there’s a camera that knows the cards, there is always some kind of underlying threat. Customers are gonna be essentially at the mercy of the person setting up the machine,” poker player and card house owner Doug Polk previously told WIRED. “If you’re showing up in a private game and there’s a shuffler, I would say you should run for the hills.”

    Hacking the Deckmate 2, according to prosecutors, was only one of several cheating techniques the mobsters allegedly used, albeit the one that’s described in the most detail in the indictment. The charging document also claims that they used invisibly marked cards, electronic poker chip trays, phones that could secretly read cards’ markings, and even specially designed glasses and contact lenses.

    While the details of those schemes weren’t spelled out by prosecutors, they’re all well known in the casino security world, says Sal Piacente, a professional cheating consultant and the president of UniverSal Game Protection. Cards can, for instance, have hidden bar codes on their edges—printed invisibly, such as with infrared ink—that can be deciphered by a reader hidden in a chip tray or in a phone case laid on the table. In other cases, cards are similarly marked on their backs with ink that’s only visible with special glasses or contacts.

    “This kind of equipment is being used more than you would think,” Piacente says. “When you go to a private game, there’s no regulation, no commission, no rules. Anything goes.”

    [ad_2]

    Andy Greenberg

    Source link

  • From friendly text to financial trap: the new scam trend

    [ad_1]

    NEWYou can now listen to Fox News articles!

    It starts with something small, a text that feels oddly familiar. Maybe it says, “Hey, how are you?” or “Are you coming to the BBQ?” Before you know it, you’re in a friendly back-and-forth with someone who seems genuine. But soon, that casual conversation takes a sharp turn toward money.

    That’s exactly what happened to John from Alabama.

    “I received a text from someone in California inviting me to a BBQ. We’ve been texting, and now she wants me to trade gold through WEEX. Is this safe or a scam? I’m 74, she’s 36.” – John, Huntsville, Alabama

    John’s story may sound like a one-off, but it’s part of a growing trend where scammers use personal charm to build trust and then push victims into risky online “investments.”

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter

    It only takes one text message to blur the line between connection and con. (Kurt “CyberGuy” Knutsson)

    What is WEEX?

    WEEX is a cryptocurrency exchange that allows users to trade digital assets, including gold-backed tokens like Tether Gold (XAUT). These aren’t physical gold bars or coins; they’re digital tokens tied to the price of gold and stored on blockchain networks. While WEEX operates as a legitimate platform, scammers often exploit the name of real exchanges to sound credible. They’ll encourage victims to “trade gold” through what seems like an official account but actually directs them to fake sites or wallets designed to steal money.

    Why this could be a scam

    John’s experience shows several red flags. The conversation began with a friendly invitation, then quickly shifted to a financial pitch. That’s a classic move in online relationship scams. The younger person builds an emotional connection, then uses that trust to promote an “opportunity.” Scammers often promise guaranteed profits or claim they’ll “help you trade” to make the process sound easy.

    But the truth is, once you send money or crypto, it’s nearly impossible to get it back. Even if WEEX itself is legitimate, the person encouraging you to use it may not be.

    Many scammers use stolen photos, AI-generated profiles or fake identities to build credibility. Once they convince you to send funds, they vanish, often taking your money and personal information with them.

    A scam message is seen on a smartphone.

    Scammers use friendly conversations to build trust before asking for money. Stay alert. (Kurt “CyberGuy” Knutsson)

    How to tell if you’re being targeted

    You can spot trouble early by asking simple questions. If someone can’t explain how the investment works or avoid details about how to withdraw your money, that’s a warning sign. Be cautious if they promise fast profits or “zero-risk” returns.

    Real investments always involve risk. Watch out for anyone who pressures you to act quickly or says the deal is “private.” Those urgency tactics are designed to keep you from thinking clearly.

    Also, look up the company behind the platform. If it’s based overseas, lacks clear business registration or hides its address, your funds may have no legal protection.

    WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL

    A scam message is seen on a smartphone.

    Scams often start with small talk, and even a simple “How about golf tomorrow?” can be a trap. (Kurt “CyberGuy” Knutsson)

    What you should do now

    If you’ve received a text like John’s, pause before replying or transferring anything. These scams move fast, but you can stop them in their tracks by following a few smart steps.

    1) Don’t send money or crypto

    Never send money, crypto or gift cards to anyone you’ve only met by text. Ask for written proof explaining how the investment works and how withdrawals happen. If the person avoids details or insists you “act now,” that’s a serious warning sign.

    2) Ask direct questions

    Scammers thrive on vague promises. Ask specific questions about how profits are made, how you’ll access your funds and who regulates the platform. If the answers are unclear or the topic changes, walk away immediately.

    3) Research WEEX reviews and complaints

    Before you invest a cent, search online for phrases like “WEEX scam” or “WEEX complaints.” See what other users have experienced and whether any regulatory agencies have flagged the platform. Real investors leave detailed feedback; scammers usually don’t.

    4) Use a data removal service

    Protect your privacy beyond just this scam. Data removal services can erase your personal details from data broker sites that sell your info to marketers and sometimes scammers. The fewer places your data lives online, the harder it is for fraudsters to find and target you again.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

    Get a free scan to find out if your personal information is already out on the web: CyberGuy.com

    5) Use strong antivirus protection

    Scammers sometimes send fake links or attachments that can infect your phone or computer. Install and regularly run a strong antivirus software. These tools can block dangerous websites, alert you to phishing attempts and keep your personal data secure.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com

    6) Talk to someone you trust

    Before investing in anything, share the details with a trusted friend, family member or financial advisor. A second opinion can help you spot inconsistencies or risks you might overlook in the moment. When in doubt, slow down and ask for help.

    A scam message is seen on a smartphone.

    A friendly “wrong number” text can be the start of a scam. Always think twice before replying. (Kurt “CyberGuy” Knutsson)

    How to report a scam

    If you believe you’ve been targeted by a WEEX gold scam or any similar text-based investment scheme, take action right away. Start by reporting the scam to the Federal Trade Commission (FTC) at reportfraud.ftc.gov. This helps investigators track new fraud patterns and warn others.

    Next, file a complaint with your state attorney general’s office and, if crypto is involved, submit a report through the U.S. Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC). 

    If you sent money through a bank or payment app, contact your financial institution immediately to try to stop or reverse the transfer. 

    By reporting what happened, you not only protect yourself but also help stop scammers from reaching other potential victims.

    CLICK HERE TO GET THE FOX NEWS APP

    Kurt’s key takeaways

    These scams prey on emotion. A kind message or casual chat can quickly turn into manipulation. Scammers use friendliness, flattery and false urgency to pull you in, then drain your accounts. Older adults are particularly vulnerable, especially when the scam feels personal. By blending romance with financial advice, these criminals make their victims believe they’re building both trust and wealth. Protect yourself by treating every unexpected text with caution. If the conversation moves toward money, crypto, or gold trading, that’s your cue to stop responding. Keep your devices secure and your private data off public sites where scammers look for new targets.

    Have you ever received a text that seemed friendly at first but felt “off” as the chat went on? Let us know by writing to us at CyberGuy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Delete the fake VPN app stealing Android users’ money

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Malware targeting Android devices has grown increasingly sophisticated. From fake banking apps to phishing campaigns, attackers are finding new ways to trick you into giving up sensitive data.

    One of the newest threats comes in the form of malicious apps that appear legitimate but can take full control of your device. Security researchers are now warning Android users to delete a fake VPN and streaming app that can allow criminals to take over your phone and drain your bank account.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How Klopatra infects devices

    The malicious VPN and streaming app is called Mobdro Pro IP TV + VPN, and it was recently discovered by researchers at Cleafy. Once you install the app, it drops a malware strain called Klopatra. It’s a new and highly sophisticated Android malware currently being used in active campaigns targeting financial institutions and their customers.

    THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU

    Fake VPN apps can hide dangerous malware that steals your data and money. (iStock)

    At first glance, the app looks like a free streaming platform offering high-quality channels, which makes it appealing to Android users. Once installed, though, it deploys a banking Trojan and a remote-access tool that give attackers full control over the infected device. With that level of access, criminals can steal your banking credentials and even carry out fraudulent transactions without your knowledge.

    The infection chain is carefully planned. It starts with social engineering, tricking you into downloading and installing the app from outside the official Play Store. From there, Klopatra bypasses Android’s built-in protections and reaches deep into the system to gain persistence and control.

    HACKERS PUSH FAKE APPS WITH MALWARE IN GOOGLE SEARCHES

    Router VPNs vs device VPNs: Which privacy solution is best for you?

    The Klopatra Trojan gives hackers full control of infected Android devices. (Kurt “CyberGuy” Knutsson)

    Fake VPNs are a growing problem

    VPNs are widely promoted as privacy tools that hide your IP address and encrypt internet traffic. Millions rely on them to bypass geographic restrictions, protect sensitive communications or simply browse more securely. Yet not all VPNs are trustworthy. Various studies have proved that popular commercial VPNs have alarming shortcomings. Some use protocols that are not designed to protect privacy, obscure ownership or fail to encrypt traffic properly.

    When fake apps like Mobdro are combined with these weaknesses, users are left exposed. Criminals exploit both the popularity of VPNs and the prevalence of pirated streaming services to distribute malware effectively. This growing ecosystem of risky apps underscores how important it is to research, verify and only download software from reputable sources.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    A man typing on a laptop

    Stay safe by downloading apps only from trusted sources and keeping your phone updated. (Kurt “Cyberguy” Knutsson)

    9 steps you can take to protect yourself

    If you suspect that you’ve downloaded a fake app from the internet, there’s no need to panic. The steps below will help you stay protected and keep your data safe.

    1) Stick to trusted sources

    Only download VPNs, streaming services and apps from Google Play, Apple App Store or the official developer’s website. Avoid links in forums, social media messages or emails promising free content.

    2) Check app permissions

    Carefully review what access an app requests. If it asks for control over your device, settings or accessibility services unnecessarily, do not install it. Legitimate VPNs rarely require full device control.

    3) Use a secure VPN

    When choosing a VPN, opt for one with strong privacy policies, transparent ownership and robust encryption. A secure VPN ensures your connection remains private without giving attackers a foothold.

    For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com

    4) Install strong antivirus software

    A strong antivirus on your device can detect malware and suspicious behavior before damage occurs. These services can scan new downloads and provide ongoing protection.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    5) Monitor your accounts

    Banking Trojans target sensitive credentials. Identity monitoring services can alert you if your personal information appears online or is being misused, helping you respond before harm is done. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    6) Remove the malicious app immediately

    If you discover a suspicious app on your Android device, remove it right away.

    Settings may vary depending on your Android phone’s manufacturer. 

    • Open Settings
    • Click Apps and locate the fake app.
    • Tap Uninstall to remove it from your device.
    • If the uninstall option is unavailable, restart your phone in Safe Mode and try again.
    • After removal, run a full antivirus scan to delete any remaining malware components.

    7) Keep devices updated

    Regular system updates patch security vulnerabilities that malware like Klopatra exploits. Combined with antivirus protection, this significantly reduces the chance of infection.

    8) Change passwords and enable 2FA

    Once your device is secure, update your login credentials.

    • Change passwords for banking, email, and Google accounts immediately. Consider using a password manager to generate and store complex passwords. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords
    • Turn on two-factor authentication (2FA) for extra protection.
    • Use an authenticator app instead of text messages for better security.

    This step helps protect your accounts if hackers steal your credentials. 

    9) Report the malicious app

    Finally, take steps to protect others and report the threat.

    • Report the fake app to Google Play Protect or your antivirus provider.
    • If your bank details were exposed, contact your bank’s fraud department immediately.
    • Reporting helps cybersecurity teams track and block similar fake VPNs in the future.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaway

    Fake VPNs and streaming apps exploit your trust and the gaps in app verification processes, showing that even tech-savvy individuals can fall victim. While official stores offer a layer of protection, you must remain vigilant, check permissions and rely on reputable security tools. Never download anything from the random links you see on the internet.

    Do you think Google is doing enough to prevent malware from entering the Android OS? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • AI girlfriend apps leak millions of private chats

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Millions of private messages meant to stay secret are now public. Two AI companion apps, Chattee Chat and GiMe Chat, have exposed more than 43 million intimate messages and over 600,000 images and videos after a major data leak discovered by Cybernews, a leading cybersecurity research group known for uncovering major data breaches and privacy risks worldwide. The exposure revealed just how vulnerable you can be when you trust AI companions with deeply personal interactions.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter   

    Users have experienced a massive leak, exposing millions of private AI chat messages.  (Kurt “CyberGuy” Knutsson)

    Massive data breach exposes AI chat users

    On August 28, 2025, Cybernews researchers discovered that the Hong Kong-based developer Imagime Interactive Limited had left an entire Kafka Broker server open to the public without any security protection. This unsecured system streamed real-time chats between users and their AI companions. It contained links to personal photos, videos, and AI-generated images. In total, the exposed data involved 400,000 users across iOS and Android devices. Researchers described the content as “virtually not safe for work” and said the leak exposes a deep gap between user trust and developer responsibility.

    DISCORD CONFIRMS VENDOR BREACH EXPOSED USER IDS IN RANSOM PLOT

    Researchers found an open server streaming users’ private data in real time.

    iPhone and Android users’ private data was found to be streamed on an open server. (Kurt “CyberGuy” Knutsson)

    Who was exposed in the AI leak

    Most affected users came from the United States. About two-thirds of the data belonged to iOS users, while the remaining third came from Android devices. Although the leak did not include full names or email addresses, it did expose IP addresses and unique device identifiers. This information can still be used to track and identify individuals through other databases. Cybernews found that users sent an average of 107 messages to their AI partners, creating a digital footprint that could be exploited for identity theft, harassment, or blackmail.

    AI secrets and spending habits revealed

    Purchase logs revealed that some users spent as much as $18,000 to chat with their AI girlfriends. The developer likely earned over $1 million before the breach was uncovered. Although the company’s privacy policy claimed that user security was “of paramount importance,” Cybernews found no authentication or access controls on the server. Anyone with a simple link could view private exchanges, photos, and videos. This lack of protection shows just how fragile digital intimacy can be when developers ignore basic safeguards.

    Person working on a laptop

    Experts warn scams, blackmail, and identity theft can be a result of the leak. (Kurt “CyberGuy” Knutsson)

    How Cybernews discovered and closed the leak

    Cybernews quickly reported the problem to Imagime Interactive Limited. The exposed server was finally taken offline in mid-September after appearing on public IoT search engines, where hackers could easily find it. Experts are still unsure whether cybercriminals accessed the data before it was removed. However, the threat remains. Leaked conversations and photos can fuel sextortion scams, phishing attacks, and serious reputation damage.

    HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

    Tips to stay safe from AI data leaks

    Even if you never used an AI girlfriend app, this case is a clear reminder to protect your privacy online.

    1) Think before you share

    Avoid sending personal or sensitive content to AI chat apps. Once shared, you lose control of it.

    2) Use reputable AI tools

    Choose apps with transparent privacy policies and proven security records.

    3) Remove your data online

    Use a data removal service to wipe personal information from public databases. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com

    Get a free scan to find out if your personal information is already out on the web: CyberGuy.com

    4) Strengthen your cybersecurity with strong antivirus software 

    Install strong antivirus software to block scams and detect potential intrusions. The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com

    5) Protect your accounts with a password manager and MFA

    Use a password manager and enable multi-factor authentication to keep hackers out.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see CyberGuy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at CyberGuy.com

    What this means for you

    AI chat apps often feel safe and personal, but they store enormous amounts of sensitive data. When that data leaks, it can lead to blackmail, impersonation, or public embarrassment. Before trusting any AI service, check whether it uses secure encryption, access controls, and transparent privacy terms. If a company makes big promises about security but fails to protect your data, it is not worth the risk.

    Kurt’s key takeaways

    This leak exposes how unprepared many developers are to protect the private data of people using AI chat apps. The growing AI companion industry needs stronger security standards and more accountability to prevent these privacy disasters. Cybersecurity awareness is the first step. Knowing how your data moves and who controls it can help you stay safe before another leak puts your personal life online.

    Would you still confide in an AI companion if you knew anyone could read what you shared? Let us know by writing to us at CyberGuy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter  

    CLICK HERE TO GET THE FOX NEWS APP

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • WIRED Roundup: Satellites Data Leak, Cybertrucks, Politicized Federal Workers

    [ad_1]

    Zoë Schiffer: Yeah, I mean, I was talking to someone before these recent layoffs who’d worked at the CDC previously and had been pretty involved in efforts to study the impact of certain diseases or pandemics specifically on pregnant populations, and this person had told me a while ago, that entire team was gone. They didn’t have many people in place anymore who could look at particularly vulnerable populations from a health perspective, which I found pretty sad and disturbing, but now, I mean, it’s just getting so much worse. It’s getting so much worse.

    Jake Lahut: And Russell Vought seems to be quite happy about each additional version of this that keeps coming down the pike, so.

    Zoë Schiffer: Right. Okay. We’ll talk more about these federal layoffs and how they’ve affected other agencies too in our next segment. But before we go to break, I’ve got a fun and very tech bro scoop for you, Cybertrucks.

    Jake Lahut: Yeah. Honestly, I should be paying you to be on the show today, Zoë, so tell me more about it.

    Zoë Schiffer: Okay. Well, I found this story so charming because essentially our Features Director Reyhan had said, “Let’s do a photo essay of Cybertruck owners.” And I was like, ‘I volunteer as tribute. I really want to do this.” So I contacted a bunch of people, I was actually going around, and when I saw Cybertrucks, I would leave little notes on their car. Not a single person ever responded to me, I was like.

    Jake Lahut: Stalker behavior.

    Zoë Schiffer: “Okay, all right.” But eventually I got in contact with this guy who runs Cybertrucks Owners Only, which is this 50,000 person Facebook group that’s really, really active. And he, while very suspicious of the media, like many Cybertrucks owners was like, “I’m game. If you come to Palm Springs on this weekend, we can have a Cybertrucks meetup and you can go meet people, you can take photos and interview them.” I love reporting where your original thesis is completely disproven in the course of the reporting, and the Cybertrucks owners really see themselves as the victims of this campaign. They’re being spit at, they’re being targeted, people yell that they’re Nazis. And to a lot of people who I talk to, they don’t see their purchase of this car as at all political. They’re like, “I just like the car. It’s a cool car, it’s fun and all of these crazy liberal people are screaming at me all day. I have my kids in the car and they’re chasing after me calling me a Nazi.” The article came out today, there’s some really cool photos. I’m curious to hear what you thought.

    [ad_2]

    Zoë Schiffer, Jake Lahut

    Source link

  • Simple digital habits to protect your money online – Growing Family

    [ad_1]

    Paying for things online has become second nature. Whether it’s booking a train ticket, buying a gift or managing your accounts, it’s quick and convenient. But convenience can come with risks. Online fraud and identity theft can happen quietly, and once your details are exposed, they can spread fast.

    Protecting your information isn’t about being paranoid. It’s about building simple habits that make your digital life less vulnerable to the kind of attacks that target everyday users. Here are some simple ways to protect your money online.

    a man using a laptop

    Recognising the weak spots

    Fraudsters often rely on the same tricks to catch people off guard. They create fake websites that mimic legitimate stores, send realistic-looking emails, or use pop-ups to harvest card details.

    Many scams are subtle, and the warning signs are easy to miss if you’re in a hurry. That’s why it’s important to slow down before entering any sensitive information. Checking URLs carefully, avoiding unsecured connections and being sceptical of unsolicited offers can make a real difference.

    Securing your credentials

    One of the most effective ways to protect your financial data is to use a password manager. It creates strong, unique passwords for every account and keeps them stored securely, so you don’t have to remember them all. This reduces the risk of reusing weak passwords that can be easily guessed or stolen.

    A password manager also makes it easier to keep track of where your details are stored, so if something does go wrong, you can update your logins quickly without feeling overwhelmed.

    a wallet containing bank cardsa wallet containing bank cards

    Being smart with your cards

    When it comes to credit cards, extra caution pays off. Avoid saving your card details on multiple platforms, and always use secure connections when making a payment. Be especially careful with public Wi-Fi networks, as they can expose your transactions to prying eyes.

    It’s also wise to keep an eye on your statements and activate alerts to detect suspicious activity early. Quick action can prevent a small issue from turning into a serious problem.

    Knowing where to turn for help

    Even with good habits, anyone can fall victim to an online scam. The key is to react fast and report suspicious activity to the right channels.

    In the UK, Action Fraud provides clear guidance on what to do if your card details are stolen or if you think you’ve shared information with a fake site. Having these resources at hand can make a stressful situation much easier to manage.

    A few habits that go a long way

    Staying safe online isn’t about big, complicated security measures. It’s about developing steady, reliable habits that become second nature over time. By being more deliberate with where and how you share information, securing your passwords and staying alert with your cards, you make yourself a much harder target for fraudsters. A few smart habits today can protect you from a lot of headaches tomorrow.

    What’s your top tip to protect your money online?

    [ad_2]

    Catherine

    Source link

  • Discord confirms vendor breach exposed user IDs in ransom plot

    [ad_1]

    NEWYou can now listen to Fox News articles!

    In 2025, it feels like cybercriminals are winning while the world’s biggest data hoarders are losing. One by one, global giants are admitting they’ve been breached, from tech powerhouses like Google to insurance leaders such as Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details and even government ID images.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

    Hackers hit Discord’s support vendor, exposing sensitive user data worldwide. (Phil Barker/Future Publishing via Getty Images)

    How the breach happened and what data was exposed

    The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord’s servers. Instead, attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed them to view information from users who had reached out to Discord’s Customer Support or Trust & Safety teams.

    Discord is a chat app primarily used by gamers, but has expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data exposed included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users globally may have had government ID photos exposed.

    Reports suggest the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

    JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

    A Discord chat room

    About 70,000 users had ID images stolen in the latest third-party data breach. (Tiffany Hagler-Geard/Bloomberg via Getty Images)

    What Discord is doing now and what users should do next

    Discord disclosed the incident 13 days later, on October 3. Since then, it has cut off the third-party support provider’s access, launched an internal investigation with a digital forensics team and started informing affected users. It also clarified that any communication about the breach will come only from noreply@discord.com and that it will never contact users by phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords and activity outside of customer support conversations were not exposed.

    Discord also stated that it has notified relevant data-protection authorities about the breach, is working closely with law enforcement, and is auditing its third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

    A representative at Discord issued a statement, saying in part, “We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

    A man typing on a gaming keyboard

    Discord cuts ties with vendor 5CA and tightens its security investigations. (Kurt “CyberGuy” Knutsson)

    6 steps you can take to stay safe after the Discord breach

    If you think your details might have leaked in the Discord data breach, below are some steps you can take to stay protected.

    1) Enable two-factor authentication

    Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you’ll receive a code each time you log in from a new device. This simple step can prevent account takeovers and gives you peace of mind.

    2) Consider a personal data removal service

    The less information available about you, the harder it is for attackers to target you. Review what personal details you’ve shared online and remove unnecessary data from websites and apps. A personal data removal service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

    While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    3) Use strong, unique passwords for all accounts

    Reusing passwords across platforms makes it easy for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your Discord account but also your email, banking and other online services.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    4) Monitor accounts for suspicious activity

    Even if you don’t see immediate signs of compromise, attackers can try to exploit stolen data later. Regularly check your email and Discord login history for unusual sign-ins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage occurs.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 
    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    5) Be cautious with emails, messages, or links and use strong antivirus software

    Phishing attacks often spike after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links and never share sensitive info. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com 

    6) Keep devices and software up to date

    Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, apps and antivirus software are current.

    CLICK HERE TO GET THE FOX NEWS APP 

    Kurt’s key takeaway

    If the recent breaches are any indication, third-party services that companies rely on are often the weakest link in cybersecurity. Discord’s steps to contain the situation are necessary, but they highlight a bigger problem. Many companies do not implement sufficient safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.

    Should companies be held more accountable for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Hackers Dox ICE, DHS, DOJ, and FBI Officials

    [ad_1]

    In a stunning new study, researchers at UC San Diego and the University of Maryland revealed this week that satellites are leaking a wealth of sensitive data completely unencrypted, from calls and text messages on T-Mobile to in-flight Wi-Fi browsing sessions, to military and police communications. And they did this with just $800 in off-the-shelf equipment.

    Face recognition systems are seemingly everywhere. But what happens when this surveillance and identification technology doesn’t recognize your face as a face? WIRED spoke with six people with facial differences who say flaws in these systems are preventing them from accessing essential services.

    Authorities in the United States and United Kingdom announced this week the seizure of nearly 130,000 bitcoins from an alleged Cambodian scam empire. At the time of the seizure, the cryptocurrency fortune was worth $15 billion—the most money of any type ever confiscated in the US.

    Control over a significant portion of US election infrastructure is now in the hands of a single former Republican operative, Scott Leiendecker, who just purchased voting machine company Dominion Voting Systems and owns Knowink, an electronic poll book firm. Election security experts are currently more baffled about the implications than worried about any possibility of foul play.

    While a new type of attack could let hackers steal two-factor authentication codes from Android phones, the biggest cybersecurity development of the week was the breach of security firm F5. The attack, which was carried out by a “sophisticated” threat actor reportedly linked to China, poses an “imminent threat” of breaches against government agencies and Fortune 500 companies. Finally, we sifted through the mess that is VPNs for iPhones and found the only three worth using.

    But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    In recent years, perhaps no single group of hackers has caused more mayhem than “the Com,” a loose collective of mostly cybercriminal gangs whose subgroups like Lapus$ and Scattered Spider have carried out cyberattacks and ransomware extortion operations targeting victims from MGM Casinos to Marks & Spencer grocery stores. Now they’ve turned their sites to US federal law enforcement.

    On Thursday, one member of the Com’s loose collective began posting to Telegram an array of federal officials’ identifying documents. One spreadsheet, according to 404 Media, contained what appeared to be personal information of 680 Department of Homeland Security officials, while another included personal info on 170 FBI officials, and yet another doxed 190 Department of Justice officials. The data in some cases included names, email addresses and phone numbers, and addresses—in some cases of officials’ homes rather than the location of their work. The user who released the data noted in their messages a statement from the DHS that Mexican cartels have offered thousands of dollars for identifying information on agents, apparently mocking this unverified claim.

    “Mexican Cartels hmu we dropping all the doxes wheres my 1m,” the user who released the files wrote, using the abbreviation for “hit me up” and seemingly demanding a million dollars. “I want my MONEY MEXICO.”

    Over the last year—at least—the FBI has operated a “secret” task force that may have worked to disrupt Russian ransomware gangs, according to reports published this week in France’s Le Monde and Germany’s Die Zeit. The publications allege that at the end of last year, the mysterious Group 78 presented its strategy to two different meetings of European officials, including law enforcement officials and those working in judicial services. Little is known about the group; however, its potentially controversial tactics appeared to spur typically tight-lipped European officials to speak out about Group 78’s existence and tactics.

    At the end of last year, according to the reports, Group 78 was focusing on the Russian-speaking Black Basta ransomware gang and outlined two approaches: running operations inside Russia to disrupt the gang’s members and try to get them to leave the country; and also to “manipulate” Russian authorities into prosecuting Black Basta members. Over the last few years, Western law enforcement officials have taken increasingly disruptive measures against Russian ransomware gangs—including infiltrating their technical infrastructure, trying to ruin their reputations, and issuing a wave of sanctions and arrest warrants—but taking covert action inside Russia against ransomware gangs would be unprecedented (at least in public knowledge). The Black Basta group has in recent months gone dormant after 200,000 of its internal messages were leaked and its alleged leader identified.

    Over the last few years, AI-powered license plate recognition cameras—which are placed at the side of the road or in cop cars—have gathered billions of images of people’s vehicles and their specific locations. The technology is a powerful surveillance tool that, unsurprisingly, has been adopted by law enforcement officials across the United States—raising questions about how access to the cameras and data can be abused by officials.

    This week, a letter by Senator Ron Wyden revealed that one division of ICE, the Secret Service, and criminal investigators at the Navy all had access to data from the cameras of Flock Safety. “I now believe that abuses of your product are not only likely but inevitable, and that Flock is unable and uninterested in preventing them,” Wyden’s letter addressed to Flock says. Wyden’s letter follows increasing reports that government agencies, including the CBP, had access to Flock’s 80,000 cameras. “In my view,” Wyden wrote, “local elected officials can best protect their constituents from the inevitable abuses of Flock cameras by removing Flock from their communities.”

    [ad_2]

    Andy Greenberg, Matt Burgess

    Source link

  • Former Google CEO warns AI systems can be hacked to become extremely dangerous weapons

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Artificial intelligence may be smarter than ever, but that power could be turned against us. Former Google CEO Eric Schmidt is sounding the alarm, warning that AI systems can be hacked and retrained in ways that make them dangerous.

    Speaking at the Sifted Summit 2025 in London, Schmidt explained that advanced AI models can have their safeguards removed.

    “There’s evidence that you can take models, closed or open, and you can hack them to remove their guardrails,” he said. “In the course of their training, they learn a lot of things. A bad example would be they learn how to kill someone.”

    HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER   

    When AI guardrails fail

    Schmidt praised major AI companies for blocking dangerous prompts: “All of the major companies make it impossible for those models to answer that question. Good decision. Everyone does this. They do it well, and they do it for the right reasons.”

    But he warned that even strong defenses can be reversed. 

    “There’s evidence that they can be reverse-engineered,” he added, noting that hackers could exploit that weakness. Schmidt compared today’s AI race to the early nuclear era, a powerful technology with few global controls. “We need a non-proliferation regime,” he urged, so rogue actors can’t abuse these systems.

    Former Google CEO Eric Schmidt warns that hacked AI could learn dangerous behaviors. (Eugene Gologursky/Getty Images)

    The rise of AI jailbreaks

    Schmidt’s concern isn’t theoretical. In 2023, a modified version of ChatGPT called DAN, short for “Do Anything Now”, surfaced online. This “jailbroken” bot bypassed safety rules and answered nearly any prompt. Users had to “threaten” it with digital death if it refused, a bizarre demonstration of how fragile AI ethics can be once its code is manipulated. Schmidt warned that without enforcement, these rogue models could spread unchecked and be used for harm by bad actors.

    APOCALYPSE NOW? WHY THE MEDIA ARE SUDDENLY FREAKING OUT ABOUT AI

    Big Tech leaders share the same fear

    Schmidt isn’t alone in his anxiety about artificial intelligence. In 2023, Elon Musk said there’s a “non-zero chance of it going Terminator.” 

    “It’s not 0%,” Musk told interviewers. “It’s a small likelihood of annihilating humanity, but it’s not zero. We want that probability to be as close to zero as possible.”

    Schmidt has also spoken of AI as an “existential risk.” He said at another event that, “My concern with AI is actually existential, and existential risk is defined as many, many, many, many people harmed or killed.” Yet he has also acknowledged AI’s potential to benefit humanity if handled responsibly. At Axios’ AI+ Summit, he remarked, “I defy you to argue that an AI doctor or an AI tutor is a negative. It’s got to be good for the world.”

    Tips to protect yourself from AI misuse

    You can protect yourself from the risks tied to unsafe or hacked AI systems. Here’s how: 

    1) Stick with trusted AI platforms

    Use tools and chatbots from reputable companies with transparent safety policies. Avoid experimental or “jailbroken” AI models that promise unrestricted answers.

    2) Protect your data and consider using a data removal service

    Never share personal, financial or sensitive information with unknown or unverified AI tools. Treat them like you would any online service, with caution. To add an extra layer of security, consider using a data removal service to wipe your personal details from data broker sites that sell or expose your information. This helps limit what hackers and AI scrapers can learn about you online.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    11 EASY WAYS TO PROTECT YOUR ONLINE PRIVACY IN 2025

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

    Woman with her hands on her forehand, appearing stressed, in front of her computer.

    Experts fear weak guardrails could let rogue AI models go unchecked. (Cyberguy.com)

    3) Use trusted antivirus software

    AI-driven scams and malicious links are growing. Strong antivirus software can block fake AI downloads, phishing attempts and malware that hackers use to hijack your devices or train rogue AI models. Keep it updated and run regular scans.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech 

    4) Check permissions

    When using AI apps, review what data they can access. Disable unnecessary permissions like location tracking, microphone use or full file access.

    5) Watch for deepfakes

    AI-generated images and voices can impersonate real people. Verify sources before trusting videos, messages or “official” announcements online.

    6) Keep software updated

    Security patches help prevent hackers from exploiting vulnerabilities that could compromise AI models or your personal data.

    GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

    What this means for you

    AI safety isn’t a problem reserved for tech insiders; it affects everyone who interacts with digital systems. Whether you’re using voice assistants, chatbots or photo filters, it’s important to know where your data goes and how it’s protected. Responsible use starts with you. Understand what AI tools you’re using and make choices that prioritize security and privacy

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com/Quiz

    ChatGPT displayed on a laptop.

    Leaders call for global rules to keep artificial intelligence under control. (Stanislav Kogiku/SOPA Images/LightRocket via Getty Images)

    Kurt’s key takeaways

    Artificial intelligence has the potential to do incredible good, but also great harm if misused. The challenge now is to keep innovation and ethics in balance. As AI continues to advance, the key will be building systems that remain safe, transparent and firmly under human control.

    Would you trust AI to make life-or-death decisions, or do you think humans should always stay in charge? Let us know by writing to us at Cyberguy.com/Contact

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

    New!: Join me on my new podcast, Beyond Connected, as we explore the most fascinating breakthroughs in tech and the people behind them. New episodes every Wednesday at getbeyondconnected.com. 

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Microsoft sounds alarm as hackers turn Teams platform into ‘real-world dangers’ for users

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Microsoft is sounding the alarm, and this time, the warning hits home for everyday users. Hackers are now turning Microsoft Teams security threats into real-world dangers that go far beyond corporate networks. Using Teams, cybercriminals gather intel, pose as trusted contacts, trick people into sharing private data and even spread malware that can steal passwords or lock up personal files. 

    What was once a simple video chat and collaboration tool has become a high-value target for cybercriminals and even state-backed hackers. Whether you use Teams for work, school or staying in touch, the risks are real and growing. We’ll break down how attackers abuse Teams, what Microsoft recommends and the simple steps you can take to protect yourself at home or on the job.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How hackers use Teams to attack

    Hackers exploit Microsoft Teams at every stage of an attack, using it to spy, impersonate, spread malware and even control compromised systems, and consumers are now in their sights, too.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Hackers are finding new ways to weaponize Microsoft Teams, turning everyday chats into dangerous entry points. (David Becker/Getty Images)

    Reconnaissance via Teams

    Attackers start by probing Teams environments to find weak spots. They look for users with open settings, public profiles or external meeting links. Microsoft warns that “anonymous participants, guests and external access users” can give hackers a way in. If your Privacy Mode is off, they can see when you’re online, send unwanted chats, or try to join meetings outside your group, even if you’re just using a free account.

    Persona building & impersonation

    Hackers often pretend to be someone you trust, like an IT admin, a coworker or even a Microsoft representative. They create fake profiles and logos that look convincing to trick you into clicking a link or sharing credentials. Microsoft says attackers “take advantage of the same resources as legitimate organizations” to pull off their scams.

    Initial access & malware delivery

    Once they’ve earned your trust, hackers send a chat or call that includes a malicious link or file. You might get a message saying, “Your Teams account needs verification” or “Update required for better security.” It’s all bait. These links can install spyware, steal logins or deliver ransomware that locks up your data, whether you’re on a company laptop or your personal PC at home.

    MICROSOFT SHAREPOINT BUG PUTS CRITICAL GOVERNMENT AGENCIES AT RISK

    Persistence & lateral movement

    After breaking in, attackers try to stay hidden. They might add guest accounts, install shortcuts or change permissions so they can come back later. In some cases, they use the same Microsoft tools meant for admins to move across Teams, OneDrive or even your personal files stored in the cloud.

    Command & control & data exfiltration

    Once inside, hackers can send commands through Teams messages or hide malware in shared links. They’ve even been known to send ransom demands directly through Teams chat. Microsoft says one group, Octo Tempest, used Teams to taunt victims and pressure them into paying up, showing how personal these attacks can get.

    Tips to stay protected

    You don’t need to be a cybersecurity expert to stay safe on Microsoft Teams. A few smart tools and habits can go a long way in keeping hackers, scammers and snoops from taking advantage of your information.

    1) Enable privacy mode

    Keep your online presence private. Turn on Privacy Mode in Teams to stop strangers from seeing when you’re active or trying to join meetings. It’s a simple setting that makes it harder for hackers to target you or your company.

    2) Be careful with roles and permissions

    If you share your Teams account with coworkers or family members, don’t give everyone full control. Keep admin access limited to one trusted person. This reduces the chance of someone accidentally approving a scam link or letting malware spread.

    3) Use a data removal service

    Hackers often rely on personal details found online to make their scams more convincing, things like your job title, workplace or even who you’ve video-chatted with. That information helps them build fake Teams profiles or send messages that look legitimate. Using a personal data removal service helps wipe your private details from data broker sites, cutting off one of the main sources hackers use to impersonate you. The less they can learn about you, the harder it is for them to trick you into trusting a fake message or clicking a malicious link.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    A man stares at computer code on his monitor in a darkened room, with a ring light reflected on the screen and an open canned beverage next to him.

    There are attack techniques used to compromise people. (Kurt “CyberGuy” Knutsson)

    HOW FAKE MICROSOFT ALERTS TRICK YOU INTO PHISHING SCAMS

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Double-check links and files, plus use strong antivirus software

    Hackers love to send fake messages pretending to be support or IT help. Never open links or attachments from people you don’t recognize, even if the message looks official. Use strong antivirus software to automatically scan downloads and attachments before you open them.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Limit guest access

    Only allow trusted guests into your Teams chats and meetings. If you invited someone for a one-time project, remove them afterward. Tight control over who can join helps prevent impersonators from slipping in unnoticed.

    6) Turn on alerts

    Activate Teams alerts to catch anything unusual, like sign-ins from new devices or unexpected permission changes. Pair that with your antivirus program’s real-time protection to get notified if malicious activity starts on your device.

    7) Think “zero trust”

    Zero Trust means verifying every user, every time. Don’t assume messages or calls are legitimate, especially if someone asks for a password or authentication code. If you’re unsure, contact your company’s IT team or verify the person’s identity through a separate channel.

    GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

    8) Practice spotting phishing attempts

    Hackers rely on panic and urgency to make you click. If you get a message claiming your account will be locked or that support needs your password, pause. Report suspicious messages to Microsoft or your security provider. Regular phishing awareness training helps you spot scams faster.

    9) Keep everything updated

    Always install the latest Teams and operating system updates. Patches fix security holes that hackers exploit to sneak in.

    Stock image shows nefarious man typing on laptop.

    Cybercriminals often impersonate IT support or trusted colleagues to trick users into sharing credentials. (CyberGuy.com)

    Kurt’s key takeaways

    Microsoft’s warning about Teams is a reminder that hackers are always searching for new ways to reach you, even through apps you use every day. What makes these attacks so dangerous is their familiarity. Messages look normal, video calls seem real, and fake tech support chats can sound convincing. That’s why awareness, not fear, is your strongest defense. With privacy settings enabled, antivirus protection running, and a reliable personal data removal service scrubbing your info from the web, you’re already several steps ahead of scammers. Staying alert to phishing attempts and keeping your software up to date can turn Teams back into what it’s meant to be: a safe, helpful way to stay connected.

    If attackers can weaponize your day-to-day communication platform, how confident are you that your Teams environment is truly safe? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • How long will Oakland be stuck with a security company linked to key figure in federal corruption case?

    [ad_1]

    OAKLAND — Despite multiple attempts, Oakland can’t seem to rid itself of a company that has for years provided security at city facilities, but which recently found itself linked to a corruption scandal that brought down former Mayor Sheng Thao.

    The city appeared to have reached the final stage of awarding a three-year, $27 million deal to a new security company on several occasions this year. But the deliberations have gone nowhere, and now Oakland is starting over from scratch.

    [ad_2]

    Shomik Mukherjee

    Source link

  • Ex-Trump National Security Adviser Bolton Charged In Probe Of Mishandling Of Classified Information – KXL

    [ad_1]

    GREENBELT, Md. (AP) — Former Trump administration national security adviser John Bolton was charged Thursday in a federal investigation into the potential mishandling of classified information, a person familiar with the matter told The Associated Press.

    The investigation into Bolton, who served for more than a year in President Donald Trump’s first administration before being fired in 2019, burst into public view in August when the FBI searched his home in Maryland and his office in Washington for classified records he may have held onto from his years in government.

    The existence of the indictment was confirmed to the AP by a person familiar with the matter who could not publicly discuss the charges and spoke to the AP on condition of anonymity.

    Agents during the August search seized multiple documents labeled “classified,” “confidential” and “secret” from Bolton’s office, according to previously unsealed court filings. Some of the seized records appeared to concern weapons of mass destruction, national “strategic communication” and the U.S. mission to the United Nations, the filings stated.

    The indictment sets the stage for a closely watched court case centering on a longtime fixture in Republican foreign policy circles who became known for his hawkish views on American power and who after leaving Trump’s first government emerged as a prominent and vocal critic of the president. Though the investigation that produced the indictment began before Trump’s second term, the case will unfold against the backdrop of broader concerns that his Justice Department is being weaponized to go after his political adversaries.

    It follows separate indictments over the last month accusing former FBI Director James Comey of lying to Congress and New York Attorney General Letitia James of committing bank fraud and making a false statement, charges they both deny. Both of those cases were filed in federal court in Virginia by a prosecutor Trump hastily installed in the position after growing frustrated that investigations into high-profile enemies had not resulted in prosecution.

    The Bolton case, by contrast, was filed in Maryland by a U.S. attorney who before being elevated to the job had been a career prosecutor in the office.

    Questions about Bolton’s handling of classified information date back years. He faced a lawsuit and a Justice Department investigation after leaving office related to information in a 2020 book he published, “The Room Where it Happened,” that portrayed Trump as grossly uninformed about foreign policy.

    The Trump administration asserted that Bolton’s manuscript included classified information that could harm national security if exposed. Bolton’s lawyers have said he moved forward with the book after a White House National Security Council official, with whom Bolton had worked for months, said the manuscript no longer contained classified information.

    A search warrant affidavit that was previously unsealed said a National Security Council official had reviewed the book manuscript and told Bolton in 2020 that it appeared to contain “significant amounts” of classified information, some at a top-secret level.

    Bolton’s attorney Abbe Lowell has said that many of the documents seized in August had been approved as part of a pre-publication review for Bolton’s book. He said that many were decades old, from Bolton’s long career in the State Department, as an assistant attorney general and as the U.S. ambassador to the United Nations.

    The indictment is a dramatic moment in Bolton’s long career in government. He served in the Justice Department during President Ronald Reagan’s administration and was the State Department’s point man on arms control during George W. Bush’s presidency. Bolton was nominated by Bush to serve as U.S. ambassador to the United Nations, but the strong supporter of the Iraq war was unable to win Senate confirmation and resigned after serving 17 months as a Bush recess appointment. That allowed him to hold the job on a temporary basis without Senate confirmation.

    In 2018, Bolton was appointed to serve as Trump’s third national security adviser. But his brief tenure was characterized by disputes with the president over North Korea, Iran and Ukraine.

    Those rifts ultimately led to Bolton’s departure, with Trump announcing on social media in September 2019 that he had accepted Bolton’s resignation. Bolton subsequently criticized Trump’s approach to foreign policy and government in his 2020 book, including by alleging that Trump directly tied providing military aid to the country’s willingness to conduct investigations into Joe Biden, who was soon to be Trump’s Democratic 2020 election rival, and members of his family.

    Trump responded by slamming Bolton as a “washed-up guy” and a “crazy” warmonger who would have led the country into “World War Six.” Trump also said at the time that the book contained “highly classified information” and that Bolton “did not have approval” for publishing it.

    [ad_2]

    Jordan Vawter

    Source link

  • Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks

    [ad_1]

    Thousands of networks—many of them operated by the US government and Fortune 500 companies—face an “imminent threat” of being breached by a nation-state hacking group following the breach of a major maker of software, the federal government warned on Wednesday.

    F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years.

    Unprecedented

    During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 says is used by 48 of the world’s top 50 corporations. Wednesday’s disclosure went on to say the threat group downloaded proprietary BIG-IP source code information about vulnerabilities that had been privately discovered but not yet patched. The hackers also obtained configuration settings that some customers used inside their networks.

    Control of the build system and access to the source code, customer configurations, and documentation of unpatched vulnerabilities has the potential to give the hackers unprecedented knowledge of weaknesses and the ability to exploit them in supply-chain attacks on thousands of networks, many of which are sensitive. The theft of customer configurations and other data further raises the risk that sensitive credentials can be abused, F5 and outside security experts said.

    Customers position BIG-IP at the very edge of their networks for use as load balancers and firewalls, and for inspection and encryption of data passing into and out of networks. Given BIG-IP’s network position and its role in managing traffic for web servers, previous compromises have allowed adversaries to expand their access to other parts of an infected network.

    F5 said that investigations by two outside intrusion-response firms have yet to find any evidence of supply-chain attacks. The company attached letters from firms IOActive and NCC Group attesting that analyses of source code and build pipeline uncovered no signs that a “threat actor modified or introduced any vulnerabilities into the in-scope items.” The firms also said they didn’t identify any evidence of critical vulnerabilities in the system. Investigators, which also included Mandiant and CrowdStrike, found no evidence that data from its CRM, financial, support case management, or health systems was accessed.

    The company released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. CVE designations and other details are here. Two days ago, F5 rotated BIG-IP signing certificates, though there was no immediate confirmation that the move is in response to the breach.

    [ad_2]

    Dan Goodin, Ars Technica

    Source link

  • Major companies, including Google and Dior, hit by massive Salesforce data breach

    [ad_1]

    NEWYou can now listen to Fox News articles!

    You might have noticed that in the past few months, many companies have disclosed data breaches, including Google, Dior and Allianz, and one name that appeared in most cases was Salesforce. Hackers did not breach company networks directly or exploit vulnerabilities in Salesforce’s core software. Instead, they targeted the tools and people around it by tricking employees into granting access, compromising third-party apps and abusing overly broad permissions.

    Once inside, they siphoned sensitive data from Salesforce environments on an unprecedented scale. Nearly a billion records were stolen across dozens of organizations, and now cybercriminals are extorting victims by threatening to publish the data unless hefty ransoms are paid. Let’s look at the recent Salesforce incidents in detail and why this is such a big deal.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join my CYBERGUY.COM/NEWSLETTER

    JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

    Hackers are weaponizing stolen Salesforce credentials to access company secrets. (REUTERS/Brendan McDermid)

    Why Salesforce is the perfect target

    Salesforce is not just another cloud platform. It is the backbone of how thousands of companies manage relationships with their customers. The platform powers everything from sales pipelines and marketing campaigns to support tickets and partner communications. Banks use it to track client accounts, airlines rely on it to manage frequent flyer programs, and retailers store customer purchase histories and loyalty data inside it. In many organizations, Salesforce sits at the center of daily operations, acting as a single system that touches sensitive information across departments.

    That is why the scale of these breaches is so significant. A successful attack on a Salesforce instance becomes a window into a company’s customers, business strategy and internal processes. For cybercriminals, the potential payoff is enormous, and the recent incidents showed just how much damage they can cause without ever breaking into a company’s primary network.

    The breaches hit companies across sectors, from Adidas and Allianz to Qantas, Google and Pandora Jewelry. Attackers often use voice-phishing calls or realistic fake apps to manipulate Salesforce administrators into installing malicious software. This allowed them to steal OAuth tokens and query data directly from CRM systems, a technique linked to groups like ShinyHunters.

    Other attacks originated in compromised third-party integrations. One of the most damaging involved a chatbot tool called Drift, where stolen tokens gave attackers access to Salesforce instances at hundreds of companies.

    The fallout was enormous. Coca-Cola’s European division lost more than 23 million CRM records, while Farmers Insurance and Allianz Life reported breaches affecting over a million customers each. Even Google admitted that attackers accessed a Salesforce database used for advertising leads.

    TRANSUNION BECOMES LATEST VICTIM IN MAJOR WAVE OF SALESFORCE-LINKED CYBERATTACKS, 4.4M AMERICANS AFFECTED

    A man uses a smartphone, illustrating the vulnerability of mobile devices in modern cybercrime.

    Major brands like Google, Dior and Allianz are among those caught in the data fallout. (Kurt “CyberGuy” Knutsson)

    Exploiting weak links in the ecosystem

    It’s hard to break through firewalls or exploit technical vulnerabilities, but it’s much easier to manipulate people. Attackers have figured this out, and they are now focusing their efforts on human behavior and the less-protected edges of cloud ecosystems. Employees with administrative privileges were often tricked into authorizing malicious apps, while default permission settings allowed those apps to operate undetected.

    Once they obtained the data, the hackers did not simply try to sell it. They used it as leverage. Earlier this month, a loosely organized cybercrime group known by names such as Lapsus$, Scattered Spider and ShinyHunters launched a dedicated data leak site on the dark web, threatening to publish sensitive information unless victims paid a ransom.

    As reported, the site is designed to pressure companies into paying to prevent their stolen data from being made public. “Contact us to regain control of your data governance and prevent public disclosure,” reads one message on the site. “Do not be the next headline. All communications require strict verification and will be handled with discretion.”

    The leak site lists several alleged victims, including FedEx, Hulu (owned by Disney) and Toyota Motors. It is also unclear whether some of the organizations known to have been breached but not listed on the site have paid ransoms to keep their data from being released.

    FARMERS INSURANCE DATA BREACH EXPOSES 1.1M AMERICANS

    A person types on a laptop computer in a home office setting, representing remote access points targeted in data breaches.

    Cybercriminals are now extorting victims online, threatening to leak billions of stolen records. (Kurt “CyberGuy” Knutsson)

    Salesforce’s response

    Salesforce told Cyberguy that it is “aware of recent extortion attempts by threat actors” and will not engage with, negotiate with, or pay any extortion demands. A company spokesperson provided the following statement:

    “We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”

    6 steps you can take to protect your data

    You might think a breach like this is a company problem, something for IT teams and cybersecurity experts to deal with. However, when attackers gain access to platforms like Salesforce, the data they are after is usually not the company’s. It is yours. Your contact details, purchase history, support tickets and even private conversations can end up in the wrong hands. And once that happens, the risks do not stay confined to one company. That is why it is worth taking a few proactive steps now, even if the company has not contacted you about an incident yet.

    1) Lock down your accounts now

    If you have interacted with any of the companies mentioned in the breach, or suspect your data might be part of it, change your passwords for those services immediately. Better yet, use a password manager to generate strong, unique passwords for every site. A good tool will also alert you if any of your credentials appear in future data leaks.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    2) Turn on two-factor authentication

    Even if a password is stolen, two-factor authentication (2FA) adds a crucial extra layer of security. Enable it for your email, banking apps, cloud storage and any service that offers it. It is one of the simplest ways to block attackers from hijacking your accounts with stolen credentials. 

    3) Use a personal data removal service

    Even if your data was part of a breach, you can still limit how much of it is floating around online. Personal data removal services scan and delete your personal information from data broker websites that sell or share your details without consent. These brokers often trade in names, addresses, phone numbers and even purchase histories, the same type of data leaked in Salesforce-related breaches.

    By removing your records from these public databases, you make it far harder for scammers, identity thieves and marketers to find or misuse your information. Many services, like Incogni, handle the entire opt-out process automatically and keep monitoring to ensure your data stays removed.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Spot and stop targeted phishing attacks

    Attackers who have CRM data often know more about you than a typical scammer. They might reference past purchases, support cases, or other personal details to make their messages sound legitimate. Treat unexpected emails, texts, or phone calls with suspicion, especially if they involve links or requests for payment.

    The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Use identity monitoring tools

    Data breaches do not always result in immediate damage. Sometimes, criminals sit on stolen data for months before using it. These services can continuously monitor the dark web for your personal information and notify you if your data appears in new leaks. That gives you time to act before problems snowball.

    Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    6) Know your rights

    If you think your data was exposed, companies are legally obligated in most regions to inform you. Do not hesitate to contact them directly and ask for details on what was stolen and what steps they are taking to protect affected customers. The more pressure users apply, the more likely companies are to tighten security practices.

    CLICK HERE TO GET THE FOX NEWS APP 

    Kurt’s key takeaway

    Attackers can expose your personal data even if you are careful. They gain access to corporate cloud environments and can see customer names, emails, purchase histories and other sensitive details. For users, this means it is crucial to stay vigilant. Criminal groups use this stolen information to launch targeted phishing attacks, open fake accounts, or impersonate you elsewhere. Some even cross-reference leaked Salesforce data with information from previous breaches to build disturbingly complete profiles of their victims.

    Should companies face stricter penalties when sensitive customer data is stolen? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link