Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Published June 7, 2025 10:00am EDT close Tennessee DMV experiencing long lines ahead of REAL ID deadline May 7 is the deadline to get a REAL ID, and some DMVs are facing large crowds and major backup. FOX's Asher Reed spoke with FOX 35 Orlando from outside a DMV in Antioch, Tennessee, with more on the issue. NEWYou can now listen to Fox News articles! If you've received a text message claiming to be from your state's Department of Motor Vehicles (DMV) and threatening you with fines or penalties unless you pay up, you're not alone. A new wave of scam texts is sweeping across the country, targeting drivers in states like Connecticut, Pennsylvania, Georgia, Florida, New York, California, Illinois, New Jersey, Virginia, Colorado, Vermont, Texas, North Carolina and even Washington, D.C.These messages look official and urgent, warning you about supposed unpaid tickets or tolls and demanding immediate payment. But don't be fooled, as these texts are sophisticated scams designed to steal your personal information or money. The scammers are getting better at making their messages look real, so it can be tricky to spot the fraud. But with a few simple tips, you can learn how to recognize these scams and protect yourself before you click or respond. DMV scam text. (Kurt "CyberGuy" Knutsson)How the DMV scam text message worksThese scam messages vary slightly depending on the state you're in, but they’re generally structured in the same way. The text threatens consequences, such as credit score damage, revoked driving privileges, suspended vehicle registration or increased toll fees, if you do not pay the bill you have supposedly incurred. To make the message appear legit, the scammers often include a date for penalties to begin, a fake administrative code and a link that appears to be an official DMV website.FBI WARNS OF SCAM TARGETING VICTIMS WITH FAKE HOSPITALS AND POLICEPro tip: If you're instructed to copy the link into your browser rather than clicking it directly, it's a scam. A person receiving a scam text message on their phone. (Kurt "CyberGuy" Knutsson)Why DMV text scams are so convincingThe scam relies on two key elements to be effective: fear and a sense of urgency. These are two powerful psychological motivators that can send you into a panic since your driving privileges are at risk, or you're facing financial consequences. The aim is to get you to act hastily without pausing to verify the source. The messages also mimic legitimate government communications by including familiar terms, official-sounding codes and web addresses that appear authentic. Here is an example of what the text might look like: DMV scam text. (Kurt "CyberGuy" Knutsson)States known to have issued warnings about DMV scam texts (as of June 2025):ConnecticutPennsylvaniaGeorgiaFloridaNew YorkCaliforniaIllinoisNew JerseyVirginiaColoradoVermontTexasNorth CarolinaWashington, D.C.Reports are surfacing across the U.S., and the list of affected states is likely to continue growing as more residents come forward.How to spot and avoid DMV text message scamsIf you receive a suspicious text message claiming to be from your state's DMV and demanding payment or personal information, follow these steps to protect yourself:1. Be skeptical of any message creating urgency or panic: Scammers rely on fear and urgency to trick you into acting without thinking. If a message pressures you to act immediately, that's a major red flag.2. Check for obvious red flags: Look for signs like strange sender addresses, awkward language, misspellings or links that don't match your state's official DMV website.3. Do not click any links or reply, and use strong antivirus software: Legitimate DMVs will not ask for payments, personal details or sensitive information via unsolicited text messages. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Verify directly with your DMV: If you're concerned the message might be real, contact your state's DMV using the official website or a trusted phone number. Never use the contact information provided in the suspicious text.5. Consider a Personal Data Removal Service: Your personal information is widely available online, which can make you a bigger target for these types of scams, therefore you might look into a personal data removal service. These services work by submitting opt-out requests to data brokers that collect and sell your information, helping to reduce your digital footprint and making it harder for scammers to find your contact details. GET FOX BUSINESS ON THE GO BY CLICKING HEREWhile no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.6. Delete the message immediately and block the sender: Removing the text helps prevent accidental clicks and reduces the risk of falling for the scam later. Also, be sure to block phone numbers and texts that send spam or scam messages, reducing future risk.7. Register your number with the National Do Not Call Registry: While this won't stop all scams, it can help reduce unwanted communications.8. Don't provide any personal or financial information: Never share your Social Security number, driver's license number, banking information, or passwords in response to an unsolicited text.9. If you clicked the link or gave out information, act quickly: If you accidentally entered personal or financial information, contact your bank, credit card provider or local law enforcement right away to minimize potential damage.10. Keep your phone's security features updated: Ensure your device's operating system and security software are current to help block known scam numbers and malicious links.11. Report the scam: Forward the message to 7726 (SPAM) to alert your mobile provider and help block similar messages in the future. Mark the message as junk or spam within your messaging app, if possible. File a complaint with the Federal Trade Commission at reportfraud.ftc.gov or the FBI's Internet Crime Complaint Center at ic3.gov.Kurt’s key takeawaysScam texts pretending to be from the DMV are getting more convincing, but you don't have to be their next victim. Staying skeptical of urgent messages, double-checking anything that seems off and never clicking suspicious links can go a long way in protecting your personal information. Remember, the real DMV will never pressure you for payment or sensitive details over text. By staying alert, you can help prevent these scams and keep your personal information and money secure.CLICK HERE TO GET THE FOX NEWS APPShould tech companies and telecom providers be doing more to protect you from scam texts, or does the responsibility ultimately fall on you to keep your digital life safe? Let us know by writing to us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Published June 5, 2025 10:00am EDT close Don’t be so quick to click that Google calendar invite. It could be a hacker’s trap Cybercriminals are sending fake meeting invitations that seem legitimate. NEWYou can now listen to Fox News articles! Americans’ personal data is now spread across more digital platforms than ever. From online shopping habits to fitness tracking logs, personal information ends up in hundreds of company databases. While most people worry about social media leaks or email hacks, a far less visible threat comes from data brokers.I still find it hard to believe that companies like this are allowed to operate with so little legal scrutiny. These firms trade in personal information without our knowledge or consent. What baffles me even more is that they aren’t serious about protecting the one thing that is central to their business model: data. Just last year, we saw news of a massive data breach at a data broker called National Public Data, which exposed 2.7 billion records. And now another data broker, LexisNexis, a major name in the industry, has reported a significant breach that exposed sensitive information from more than 364,000 people. A hacker at work (Kurt "CyberGuy" Knutsson)LexisNexis breach went undetected for months after holiday hackLexisNexis filed a notice with the Maine attorney general revealing that a hacker accessed consumer data through a third-party software development platform. The breach happened on Dec. 25, 2024, but the company only discovered it months later. LexisNexis was alerted on April 1, 2025, by an unnamed individual who claimed to have found sensitive files. It remains unclear whether this person was responsible for the breach or merely came across the exposed data.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSA spokesperson for LexisNexis confirmed that the hacker gained access to the company’s GitHub account. This is a platform commonly used by developers to store and collaborate on code. Security guidelines repeatedly warn against storing sensitive information in such repositories; however, mistakes such as exposed access tokens and personal data files continue to occur.The stolen data varies from person to person but includes full names, birthdates, phone numbers, mailing and email addresses, Social Security numbers and driver's license numbers. LexisNexis has not confirmed whether it received any ransom demand or had further contact with the attacker. An individual working on their laptop (Kurt "CyberGuy" Knutsson)Why the LexisNexis hack is a bigger threat than you realizeLexisNexis isn’t a household name for most people, but it plays a major role in how personal data is harvested and used behind the scenes. The company pulls information from a wide range of sources, compiling detailed profiles that help other businesses assess risk and detect fraud. Its clients include banks, insurance companies and government agencies.In 2023, the New York Times reported that several car manufacturers had been sharing driving data with LexisNexis without notifying vehicle owners. That information was then sold to insurance companies, which used it to adjust premiums based on individual driving behavior. The story made one thing clear. LexisNexis has access to a staggering amount of personal detail, even from people who have never willingly engaged with the company.Law enforcement also uses LexisNexis tools to dig up information on suspects. These systems offer access to phone records, home addresses and other historical data. While such tools might assist in investigations, they also highlight a serious issue. When this much sensitive information is concentrated in one place, it becomes a single point of failure. And as the recent breach shows, that failure is no longer hypothetical. A hacker at work (Kurt "CyberGuy" Knutsson)7 expert tips to protect your personal data after a data broker breachKeeping your personal data safe online can feel overwhelming, but a few practical steps can make a big difference in protecting your privacy and reducing your digital footprint. Here are 7 effective ways to take control of your information and keep it out of the wrong hands:1. Remove your data from the internet: The most effective way to take control of your data and avoid data brokers from selling it is to opt for data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Review privacy settings: Take a few minutes to explore the privacy and security settings on the services you use. For example, limit who can see your social media posts, disable unnecessary location-sharing on your phone and consider turning off ad personalization on accounts like Google and Facebook. Most browsers let you block third-party cookies or clear tracking data. The FTC suggests comparing the privacy notices of different sites and apps and choosing ones that let you opt out of sharing when possible.3. Use privacy-friendly tools: Install browser extensions or plugins that block ads and trackers (such as uBlock Origin or Privacy Badger). You might switch to a more private search engine (like DuckDuckGo or Brave) that doesn’t log your queries. Consider using a browser’s "incognito" or private mode when you don’t want your history saved, and regularly clear your cookies and cache. Even small habits, like logging out of accounts when not in use or using a password manager, make you less trackable.GET FOX BUSINESS ON THE GO BY CLICKING HERE4. Beware of phishing links and use strong antivirus software: Scammers may try to get access to your financial details and other important data using phishing links. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.5. Be cautious with personal data: Think twice before sharing extra details. Don’t fill out online surveys or quizzes that ask for personal or financial information unless you trust the source. Create separate email addresses for sign-ups (so marketing emails don’t go to your main inbox). Only download apps from official stores and check app permissions.6. Opt out of data broker lists: Many data brokers offer ways to opt out or delete your information, though it can be a tedious process. For example, there are sites like Privacy Rights Clearinghouse or the Whitepages opt-out page that list popular brokers and their opt-out procedures. The FTC’s consumer guide, "Your Guide to Protecting Your Privacy Online," includes tips on opting out of targeted ads and removing yourself from people-search databases. Keep in mind you may have to repeat this every few months.7. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.Kurt’s key takeawayFor many, the LexisNexis breach may be the first time they realize just how much of their data is in circulation. Unlike a social media platform or a bank, there is no clear customer relationship with a data broker, and that makes it harder to demand transparency. This incident should prompt serious discussion around what kind of oversight is necessary in industries that operate in the shadows. A more informed public and stronger regulation may be the only things standing between personal data and permanent exposure.CLICK HERE TO GET THE FOX NEWS APPShould companies be allowed to sell your personal information without your consent? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Published June 4, 2025 10:00am EDT close Windows bug leaves computer Wi-Fi vulnerable to hackers Kurt "CyberGuy" Knutsson explains how to keep your Windows computer safe and the security risks of online retail giant Temu. NEWYou can now listen to Fox News articles! Hackers are no longer targeting only tech giants or hospitals. Any business that collects valuable personal information, such as names, phone numbers, email addresses or even basic financial details, is now a target.Companies that rely heavily on third-party vendors or outsourced customer support are even more at risk, especially if they are not particularly strong in the technology sector.German retailer Adidas learned this the hard way. The company recently confirmed a data breach involving one of its external partners, and although it has acknowledged the issue, many important details are still missing. A hacker at work (Kurt "CyberGuy" Knutsson)Adidas confirms vendor breach: Here’s what we knowAdidas has officially acknowledged that a third-party vendor suffered a breach, resulting in unauthorized access to consumer data. In a public notice titled "Data Security Information," the company revealed that a "third-party customer service provider" had been compromised. While the brand was initially silent on the scope, it had already been reported earlier this month that customers in Turkey and Korea had received breach notifications.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSAdidas posted this information on both its German and English websites. However, no specific region or number of affected individuals has been confirmed. The company’s statement did clarify that no payment information, such as credit card details, nor passwords were included in the breach. Instead, it involved contact details submitted by users to Adidas’ help desk in the past.Data obtained reportedly includes names, phone numbers, email addresses and dates of birth. While this might seem limited compared to financial data, this type of information can be exploited for phishing scams and identity theft.  An Adidas sign (Kurt "CyberGuy" Knutsson)What Adidas told customers after the breachIn the wake of the breach, Adidas began notifying potentially affected customers directly. The company's email to customers below aimed to reassure recipients and clarify what information was involved. Here is the full text of the notification sent to affected individuals.Dear customer,We are writing to inform you of an issue that we recently became aware of which may have impacted some of your data.What happenedadidas recently learned that an unauthorized external party gained access to certain customer data through a third-party customer service provider.What information was involvedThe affected data does not contain passwords, credit card or any other payment-related information. Nor have any Social Security numbers been impacted.It mainly consists of contact information relating to customers who had contacted our customer service help desk in the past. This may have included one or more of the following: name, email address, telephone number, gender and/or birth date.What we are doing Privacy and the security of your data is our priority. Upon becoming aware of this incident, adidas took proactive and immediate steps to investigate and contain the incident. This includes further enhancing security measures and resetting passwords for customer service accounts.What you can doWe are currently unaware of any harm (such as identity theft or fraud) being caused to our customers as a result of this incident. There are no immediate steps that you need to take. Although, as always, please remain vigilant and look out for any suspicious messages. As a reminder, adidas will never directly contact you to ask that you provide us with financial information, such as your credit card details, bank account information or passwords.Who you can contactIf you have any questions, then please contact our Customer Service team at https://www.adidas.com/us/helpWe apologise for any inconvenience caused by this incident.adidas TeamWhat Adidas hasn’t said about the vendor hackDespite the official acknowledgment, several questions remain unanswered. Adidas has yet to clarify whether this is a single breach affecting multiple regions or several separate incidents. The lack of transparency around the name of the third-party vendor and the absence of concrete numbers or locations for affected users has created frustration among observers and possibly among customers themselves.The earlier regional reports from Turkey and Korea might suggest that this incident was either global in scale or that similar third-party vendors were independently targeted. In either case, the company's current handling of the situation has left room for speculation. Adidas claims it is in the process of informing potentially affected customers, but it has not detailed the method or timeline for this outreach.We reached out to adidas for a comment, and a representative referred us to this statement on their website. In part, the company said, "We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident."GET FOX BUSINESS ON THE GO BY CLICKING HERE An Adidas shoe (Kurt "CyberGuy" Knutsson)6 critical steps to take after the Adidas data breachIf you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Adidas data breach:1. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Adidas breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Watch out for phishing scams and use strong antivirus software: With access to your email and phone number, Adidas attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Adidas breach. This makes you a prime target for identity theft. You might want to consider investing in identity theft protection, which can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft.4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they’ll notify the others. This adds another layer of protection without completely freezing access to credit.5. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here.6. Be wary of social engineering attacks: Hackers may use stolen details like names or birthdates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key.Kurt’s key takeawayThe Adidas breach shows that even companies with decades of brand equity and a massive global footprint are not immune to lapses in data security. It underscores the need for companies to go beyond basic compliance and actively evaluate the cybersecurity standards of every partner in their ecosystem. Consumers are becoming increasingly aware of the trade-offs they make when sharing their personal information, and brands that fail to meet this moment may find their reputations eroding faster than they expect.CLICK HERE TO GET THE FOX NEWS APPShould retailers be penalized for neglecting basic cybersecurity practices? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Published June 2, 2025 10:00am EDT close 'CyberGuy' warns of cyberscams costing Americans billions a year Tech expert Kurt Knutsson joins "Fox & Friends" to warn of new cyberscams and give tips on how to avoid them. NEWYou can now listen to Fox News articles! Given the number of phishing scams we have all faced over the past decade, most of us have developed a basic skill to spot and avoid obvious phishing emails or SMS messages. Cybercriminals are aware of this, and they have evolved their tactics by shifting to more complex and convincing schemes designed to bypass skepticism and lure victims.Their goal remains the same: to trick you into handing over sensitive information, especially credit card data. One of the latest examples is the rise in subscription scam campaigns. Scammers are creating incredibly convincing websites selling everything from shoes and clothes to electronics, tricking people into signing up for monthly subscriptions and willingly providing their credit card information. Facebook is being used as the primary platform to promote these new and sophisticated scams. A woman shopping online (Kurt "CyberGuy" Knutsson)What you need to knowBitdefender researchers have uncovered a massive and highly coordinated subscription scam campaign involving more than 200 active websites designed to look like real online stores. These sites, often promoted through Facebook ads, sell everything from clothes and electronics to beauty products, but the real goal is to trick users into signing up for recurring payments, often without realizing it.One of the most common lures is the "mystery box" scam, where you are promised a surprise package at a bargain price. These offers are made to look fun and harmless, but behind the scenes you are giving away personal and credit card information while unknowingly agreeing to hidden subscription terms, often written in tiny fine print.The scam doesn’t stop there. Once you’re convinced and reach the checkout page, scammers often layer in a second scam, like loyalty cards or VIP memberships that further lock you into payments. It’s all designed to confuse you, overwhelm you with supposed perks and make the scam feel like a good deal.Researchers found that many of these websites share a single Cyprus address, possibly tied to offshore entities linked to the Paradise Papers. Despite being spread across different categories and brand names, the sites often use the same layouts, AI agents and payment structures, all pointing to a centralized fraud network.Scammers frequently rotate the brands they impersonate and have started moving beyond mystery boxes, now peddling low-quality products, counterfeit goods, fake investment schemes, dubious supplements and more. To avoid automatic detection, they employ several tactics. These include running multiple versions of an ad, with only one of which is actually malicious while the others display harmless product images, uploading ad images from platforms like Google Drive so they can be swapped out later and cropping visuals to alter recognizable patterns. Listing fake products (Bitdefender) (Kurt "CyberGuy" Knutsson)The scam is expandingWhat started with simple "mystery box" scams has grown into a sprawling, coordinated campaign. These scams now feature fake surveys, tiered "VIP" memberships and deceptive credit systems that make the purchase process intentionally confusing. Users are promised deep discounts or access to exclusive deals, but in reality they’re just being locked into recurring payments.Many of the scam websites trace back to the same physical address in Cyprus, pointing to what appears to be a centralized operation. Researchers also found links to entities mentioned in the Paradise Papers, suggesting these fraudsters are hiding behind offshore infrastructure.And it’s not just mystery boxes anymore. The same scam format is being used to sell low-quality goods, fake supplements and even bogus investment opportunities. With high-quality site design, aggressive advertising and increasingly sophisticated tactics, subscription scams are becoming the new face of online fraud. A person shopping online (Kurt "CyberGuy" Knutsson)10 proactive measures to take to protect your dataEven as scammers become more sophisticated, there are practical steps you can take right now to protect your personal and financial information from subscription fraud and other online threats. Here are ten proactive measures to help keep your data safe:1) Always read the fine print: One of the simplest yet most effective ways to protect yourself from subscription scams is to slow down and read the fine print, especially on checkout pages. Scammers often hide recurring payment terms in small or lightly colored text that’s easy to miss. What seems like a one-time purchase could actually sign you up for a biweekly or monthly charge. Taking just a moment to scan for hidden terms before hitting "Pay" can help you avoid weeks of silent billing.2) Avoid mystery box or VIP-style deals: These offers often prey on curiosity and the promise of surprise or luxury for a low fee. In reality, the "mystery" is the trap: you might receive nothing or a low-quality item while being unknowingly enrolled in a recurring subscription. Scammers use the illusion of exclusivity or urgency to pressure quick decisions.3) Don’t trust ads blindly on social media: Facebook, Instagram and other platforms are a hotbed for these scams, with criminals running paid ads that mimic well-known brands or influencers. These ads often link to professional-looking but fake storefronts. If you’re interested in a deal you see online, don’t click through immediately. Instead, look up the brand or offer in a separate tab and check if it exists outside social media.4) Investigate before you buy: Before purchasing from any unfamiliar site, take a few quick steps to verify its legitimacy. Search the brand's name alongside words like "scam" or "reviews" to see what others have experienced. Look up the company's physical address and check if it actually exists using tools like Google Maps. Make sure the website uses HTTPS, review the site's contact information and cross-check reviews on trusted third-party sites like the Better Business Bureau or Consumer Reports.5) Use strong antivirus software: Adding a strong antivirus program to your devices can provide an extra layer of defense against fraudulent websites and phishing attempts. Strong antivirus software warns you about suspicious links, blocks malicious ads and scans downloads for malware. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.6) Invest in personal data removal services: Scammers often rely on leaked or publicly available personal information to target victims with convincing subscription scams. Investing in a personal data removal service can help minimize your digital footprint by removing your information from data broker databases and reducing the chances of being targeted in future campaigns. Regularly monitoring and cleaning up your online presence makes it harder for fraudsters to exploit your data for financial gain. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.7) Be cautious with payment methods: Use secure payment options like credit cards, which often offer better fraud protection than wire transfers, gift cards or cryptocurrency.8) Limit personal information shared on social media: Scammers often gather details from public profiles to craft convincing scams. Review your privacy settings and only share necessary information.9) Use strong, unique passwords and enable multifactor authentication: Create strong, unique passwords for each of your online accounts, especially those tied to your finances or shopping. Enable multifactor authentication wherever possible, as this adds an extra layer of security and makes it harder for scammers to access your accounts, even if your password is compromised. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.10) Keep your devices and software updated: Regularly update your operating system, browsers and apps. Security updates often patch vulnerabilities that scammers exploit to gain access to your information or install malicious software.Kurt’s key takeawayWhile the rise of subscription scams and deceptive ads is concerning, it’s especially troubling that platforms like Facebook continue to allow these fraudulent ads to run unchecked. Facebook has repeatedly failed to adequately vet or prevent these malicious campaigns from reaching vulnerable individuals. The platform’s ad approval system should be more proactive in spotting and blocking ads promoting scams, particularly those that impersonate well-known brands or content creators. How do you feel about Facebook’s role in allowing scam ads to circulate? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.At $299.99 (down from $549.99), the TP-Link Deco BE63 mesh wifi system is at its lowest price yet (according to price trackers)—and if you’ve been waiting to upgrade your home network, this is a good time to jump in. TP-Link Tri-Band Wi-Fi 7 BE10000 Whole Home Mesh System $299.99 at Amazon $549.99 Save $250.00 Get Deal Get Deal $299.99 at Amazon $549.99 Save $250.00 The BE63 is a two-piece mesh system that uses Wi-Fi 7, the latest wireless standard, to deliver faster speeds and better coverage across up to 5,800 square feet. PCMag not only gave it an “Excellent” review but also named it their Editors’ Choice and best mesh wifi system of 2024. That’s a lot of praise for something now selling for $300.Getting started is easy with the Deco app: It walks you through the setup step by step, and once it’s live, you can manage everything from your phone. The app lets you check speeds, monitor devices, and create user profiles. There are built-in parental controls that let you block websites, apply age-based filters, or cut internet access at bedtime. These basic tools are free. But if you want deeper control (like enabling SafeSearch, restricting YouTube content, setting daily time limits, or tracking usage history), you’ll need to subscribe to HomeShield's Advanced Parental Controls plan ($2.99/month or $17.99/year).For added network protection—things like web threat filtering, intrusion prevention, and device-level safeguards—you can upgrade to the Security+ plan, which costs $4.99/month or $35.99/year. There’s also a more comprehensive Total Security package that includes antivirus, VPN services, and a password manager. It’s priced at $69.99 for the first year, then renews at $129.99 annually. If you’ve got a busy household or want full visibility into your network, one of these paid plans might be worth it.Performance-wise, this system is built for busy homes. It has three wireless bands—including 6GHz—for less congestion, plus four 2.5GbE ports and a USB 3.0 port on each unit. Those are more wired options than most mesh systems offer. Speeds are strong, even with multiple devices streaming, downloading, or gaming at once. You don’t get 10GbE ports as you do on pricier models, but for most people, this setup covers everything they need.