When it comes to getting retro hardware running again, there are many approaches. On one hand, the easiest path could be to emulate the hardware on something modern, using nothing …read more

Gen Digital, el grupo especializado en ciberseguridad con marcas como Norton, Avast, LifeLock, Avira, AVG, ReputationDefender y CCleaner, ha publicado su informe Gen Threat Report correspondiente al primer trimestre de 2025, mostrando los cambios má

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed

Take the Speakers, Headphones, and Earphones SurveyTake other PCMag surveys. Each completed survey is a chance to win a $250 Amazon gift card. OFFICIAL SWEEPSTAKES RULESNO PURCHASE NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING. VOID WHERE PROHIBITED. Readers' Choice Sweepstakes (the "Sweepstakes") is governed by these official rules (the "Sweepstakes Rules"). The Sweepstakes begins on May 9, 2025, at 12:00 AM ET and ends on July 27, 2025, at 11:59 PM ET (the "Sweepstakes Period").SPONSOR: Ziff Davis, LLC, with an address of 360 Park Ave South, Floor 17, New York, NY 10010 (the "Sponsor").ELIGIBILITY: This Sweepstakes is open to individuals who are eighteen (18) years of age or older at the time of entry who are legal residents of the fifty (50) United States of America or the District of Columbia. By entering the Sweepstakes as described in these Sweepstakes Rules, entrants represent and warrant that they are complying with these Sweepstakes Rules (including, without limitation, all eligibility requirements), and that they agree to abide by and be bound by all the rules and terms and conditions stated herein and all decisions of Sponsor, which shall be final and binding.All previous winners of any sweepstakes sponsored by Sponsor during the nine (9) month period prior to the Selection Date are not eligible to enter. Any individuals (including, but not limited to, employees, consultants, independent contractors and interns) who have, within the past six (6) months, held employment with or performed services for Sponsor or any organizations affiliated with the sponsorship, fulfillment, administration, prize support, advertisement or promotion of the Sweepstakes ("Employees") are not eligible to enter or win. Immediate Family Members and Household Members are also not eligible to enter or win. "Immediate Family Members" means parents, step-parents, legal guardians, children, step-children, siblings, step-siblings, or spouses of an Employee. "Household Members" means those individuals who share the same residence with an Employee at least three (3) months a year.HOW TO ENTER: There are two methods to enter the Sweepstakes: (1) fill out the online survey, or (2) enter by mail.1. Survey Entry: To enter the Sweepstakes through the online survey, go to the survey page and complete the current survey during the Sweepstakes Period.2. Mail Entry: To enter the Sweepstakes by mail, on a 3" x 5" card, print your first and last name, street address, city, state, zip code, phone number, and email address. Mail your completed entry to:Readers' Choice Sweepstakes - Audio 2025c/o E. Griffith 624 Elm St. Ext.Ithaca, NY 14850-8786Mail Entries must be postmarked by July 28, 2025, and received by Aug. 4, 2025.Only one (1) entry per person is permitted, regardless of the entry method used. Subsequent attempts made by the same individual to submit multiple entries may result in the disqualification of the entrant.Only contributions submitted during the Sweepstakes Period will be eligible for entry into the Sweepstakes. No other methods of entry will be accepted. All entries become the property of Sponsor and will not be returned. Entries are limited to individuals only; commercial enterprises and business entities are not eligible. Use of a false account will disqualify an entry. Sponsor is not responsible for entries not received due to difficulty accessing the internet, service outage or delays, computer difficulties, and other technological problems.Entries are subject to any applicable restrictions or eligibility requirements listed herein. Entries will be deemed to have been made by the authorized account holder of the email or telephone phone number submitted at the time of entry and qualification. Multiple participants are not permitted to share the same email address. Should multiple users of the same e-mail account or mobile phone number, as applicable, enter the Sweepstakes and a dispute thereafter arises regarding the identity of the entrant, the Authorized Account Holder of said e-mail account or mobile phone account at the time of entry will be considered the entrant. "Authorized Account Holder" is defined as the natural person who is assigned an e-mail address or mobile phone number by an Internet access provider, online service provider, telephone service provider or other organization that is responsible for assigned e-mail addresses, phone numbers or the domain associated with the submitted e-mail address. Proof of submission of an entry shall not be deemed proof of receipt by the website administrator for online entries. When applicable, the website administrator's computer will be deemed the official time-keeping device for the Sweepstakes promotion. Entries will be disqualified if found to be incomplete and/or if Sponsor determines, in its sole discretion, that multiple entries were submitted by the same entrant in violation of the Sweepstakes Rules.Entries that are late, lost, stolen, mutilated, tampered with, illegible, incomplete, mechanically reproduced, inaccurate, postage-due, forged, irregular in any way or otherwise not in compliance with these Official Rules will be disqualified. All entries become the property of the Sponsor and will not be acknowledged or returned.WINNER SELECTION AND NOTIFICATION: Sponsor shall select the prize winner(s) (collectively, the "Winner") on or about Aug. 11, 2025, ("Selection Date") by random drawing or from among all eligible entries. The Winner will be notified via email to the contact information provided in the entry. Notification of the Winner shall be deemed to have occurred immediately upon sending of the notification by Sponsor. Selected winner(s) will be required to respond (as directed) to the notification within seven (7) days of attempted notification. The only entries that will be considered eligible entries are entries received by Sponsor within the Sweepstakes Period. The odds of winning depend on the number of eligible entries received. The Sponsor reserves the right, in its sole discretion, to choose an alternative winner in the event that a possible winner has been disqualified or is deemed ineligible for any reason.Recommended by Our EditorsPRIZE: One (1) winner will receive the following prize (collectively, the "Prize"):One (1) $250 Amazon.com gift code via email, valued at approximately two hundred fifty dollars ($250).No more than the stated number of prize(s) will be awarded, and all prize(s) listed above will be awarded. Actual retail value of the Prize may vary due to market conditions. The difference in value of the Prize as stated above and value at time of notification of the Winner, if any, will not be awarded. No cash or prize substitution is permitted, except at the discretion of Sponsor. The Prize is non-transferable. If the Prize cannot be awarded due to circumstances beyond the control of Sponsor, a substitute Prize of equal or greater retail value will be awarded; provided, however, that if a Prize is awarded but remains unclaimed or is forfeited by the Winner, the Prize may not be re-awarded, in Sponsor's sole discretion. In the event that more than the stated number of prize(s) becomes available for any reason, Sponsor reserves the right to award only the stated number of prize(s) by a random drawing among all legitimate, un-awarded, eligible prize claims.ACCEPTANCE AND DELIVERY OF THE PRIZE: The Winner will be required to verify his or her address and may be required to execute the following document(s) before a notary public and return them within seven (7) days (or a shorter time if required by exigencies) of receipt of such documents: an affidavit of eligibility, a liability release, and (where imposing such condition is legal) a publicity release covering eligibility, liability, advertising, publicity and media appearance issues (collectively, the "Prize Claim Documents"). If an entrant is unable to verify the information submitted with their entry, the entrant will automatically be disqualified and their prize, if any, will be forfeited. The Prize will not be awarded until all such properly executed and notarized Prize Claim Documents are returned to Sponsor. Prize(s) won by an eligible entrant who is a minor in his or her state of residence will be awarded to minor's parent or legal guardian, who must sign and return all required Prize Claim Documents. In the event the Prize Claim Documents are not returned within the specified period, an alternate Winner may be selected by Sponsor for such Prize. The Prize will be shipped to the Winner within 7 days of Sponsor's receipt of a signed Affidavit and Release from the Winner. The Winner is responsible for all taxes and fees related to the Prize received, if any.OTHER RULES: This sweepstakes is subject to all applicable laws and is void where prohibited. All submissions by entrants in connection with the sweepstakes become the sole property of the sponsor and will not be acknowledged or returned. Winner assumes all liability for any injuries or damage caused or claimed to be caused by participation in this sweepstakes or by the use or misuse of any prize.By entering the sweepstakes, each winner grants the SPONSOR permission to use his or her name, city, state/province, e-mail address and, to the extent submitted as part of the sweepstakes entry, his or her photograph, voice, and/or likeness for advertising, publicity or other purposes OR ON A WINNER'S LIST, IF APPLICABLE, IN ANY and all MEDIA WHETHER NOW KNOWN OR HEREINAFTER DEVELOPED, worldwide, without additional consent OR compensation, except where prohibited by law. By submitting an entry, entrants also grant the Sponsor a perpetual, fully-paid, irrevocable, non-exclusive license to reproduce, prepare derivative works of, distribute, display, exhibit, transmit, broadcast, televise, digitize, perform and otherwise use and permit others to use, and throughout the world, their entry materials in any manner, form, or format now known or hereinafter created, including on the internet, and for any purpose, including, but not limited to, advertising or promotion of the Sweepstakes, the Sponsor and/or its products and services, without further consent from or compensation to the entrant. By entering the Sweepstakes, entrants consent to receive notification of future promotions, advertisements or solicitations by or from Sponsor and/or Sponsor's parent companies, affiliates, subsidiaries, and business partners, via email or other means of communication.If, in the Sponsor's opinion, there is any suspected or actual evidence of fraud, electronic or non-electronic tampering or unauthorized intervention with any portion of this Sweepstakes, or if fraud or technical difficulties of any sort (e.g., computer viruses, bugs) compromise the integrity of the Sweepstakes, the Sponsor reserves the right to void suspect entries and/or terminate the Sweepstakes and award the Prize in its sole discretion. Any attempt to deliberately damage the Sponsor's website(s) or undermine the legitimate operation of the Sweepstakes may be in violation of U.S. criminal and civil laws and will result in disqualification from participation in the Sweepstakes. Should such an attempt be made, the Sponsor reserves the right to seek remedies and damages (including attorney's fees) to the fullest extent of the law, including pursuing criminal prosecution.DISCLAIMER: EXCLUDING ONLY APPLICABLE MANUFACTURERS' WARRANTIES, THE PRIZE IS PROVIDED TO THE WINNER ON AN "AS IS" BASIS, WITHOUT FURTHER WARRANTY OF ANY KIND. SPONSOR HEREBY DISCLAIMS ALL FURTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE PRIZE.LIMITATION OF LIABILITY: BY ENTERING THE SWEEPSTAKES, ENTRANTS, ON BEHALF OF THEMSELVES AND THEIR HEIRS, EXECUTORS, ASSIGNS AND REPRESENTATIVES, RELEASE AND HOLD THE SPONSOR its PARENT COMPANIES, SUBSIDIARIES, AFFILIATED COMPANIES, UNITS AND DIVISIONS, AND THE CURRENT AND FORMER OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS, SUCCESSORS AND ASSIGNS OF EACH OF THE FOREGOING, AND ALL THOSE ACTING UNDER THE AUTHORITY OF THE FOREGOING, OR ANY OF THEM (INCLUDING, BUT NOT LIMITED TO, ADVERTISING AND PROMOTIONAL AGENCIES AND PRIZE SUPPLIERS) (EACH A "RELEASED PARTY"), HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, ACTIONS, INJURY, LOSS, DAMAGES, LIABILITIES AND OBLIGATIONS OF ANY KIND WHATSOEVER (COLLECTIVELY, THE "CLAIMS") WHETHER KNOWN OR UNKNOWN, SUSPECTED OR UNSUSPECTED, WHICH ENTRANT EVER HAD, NOW HAVE, OR HEREAFTER CAN, SHALL OR MAY HAVE, AGAINST THE RELEASED PARTIES (OR ANY OF THEM), INCLUDING, BUT NOT LIMITED TO, CLAIMS ARISING FROM OR RELATED TO THE SWEEPSTAKES OR ENTRANT'S PARTICIPATION IN THE SWEEPSTAKES (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR LIBEL, DEFAMATION, INVASION OF PRIVACY, VIOLATION OF THE RIGHT OF PUBLICITY, COMMERCIAL APPROPRIATION OF NAME AND LIKENESS, INFRINGEMENT OF COPYRIGHT OR VIOLATION OF ANY OTHER PERSONAL OR PROPRIETARY RIGHT), AND THE RECEIPT, OWNERSHIP, USE, MISUSE, TRANSFER, SALE OR OTHER DISPOSITION OF THE PRIZE (INCLUDING, WITHOUT LIMITATION, CLAIMS FOR PERSONAL INJURY, DEATH, AND/OR PROPERTY DAMAGE). All matters relating to the interpretation and application of these Sweepstakes Rules shall be decided by Sponsor in its sole discretion.DISPUTES: If, for any reason (including infection by computer virus, bugs, tampering, unauthorized intervention, fraud, technical failures, or any other causes beyond the control of the Sponsor which corrupt or affect the administration, security, fairness, integrity, or proper conduct of this Sweepstakes), the Sweepstakes is not capable of being conducted as described in these Sweepstakes Rules, Sponsor shall have the right, in its sole discretion, to disqualify any individual who tampers with the entry process, and/or to cancel, terminate, modify or suspend the Sweepstakes. The Sponsor assumes no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, entries. The Sponsor is not responsible for any problems or technical malfunction of any telephone network or lines, computer online systems, servers, providers, computer equipment, software, or failure of any e-mail or entry to be received by Sponsor on account of technical problems or traffic congestion on the Internet or at any website, or any combination thereof, including, without limitation, any injury or damage to any entrant's or any other person's computer related to or resulting from participating or downloading any materials in this Sweepstakes. Because of the unique nature and scope of the Sweepstakes, Sponsor reserves the right, in addition to those other rights reserved herein, to modify any date(s) or deadline(s) set forth in these Sweepstakes Rules or otherwise governing the Sweepstakes, and any such changes will be posted here in the Sweepstakes Rules. Any attempt by any person to deliberately undermine the legitimate operation of the Sweepstakes may be a violation of criminal and civil law, and, should such an attempt be made, Sponsor reserves the right to seek damages to the fullest extent permitted by law. Sponsor's failure to enforce any term of these Sweepstakes Rules shall not constitute a waiver of any provision.As a condition of participating in the Sweepstakes, entrant agrees that any and all disputes that cannot be resolved between entrant and Sponsor, and causes of action arising out of or connected with the Sweepstakes or these Sweepstakes Rules, shall be resolved individually, without resort to any form of class action, exclusively before a court of competent jurisdiction located in New York, New York, and entrant irrevocably consents to the jurisdiction of the federal and state courts located in New York, New York with respect to any such dispute, cause of action, or other matter. All disputes will be governed and controlled by the laws of the State of New York (without regard for its conflicts-of-laws principles). Further, in any such dispute, under no circumstances will entrant be permitted to obtain awards for, and hereby irrevocably waives all rights to claim, punitive, incidental, or consequential damages, or any other damages, including attorneys' fees, other than entrant's actual out-of-pocket expenses (i.e., costs incurred directly in connection with entrant's participation in the Sweepstakes), and entrant further irrevocably waives all rights to have damages multiplied or increased, if any. EACH PARTY EXPRESSLY WAIVES ANY RIGHT TO A TRIAL BY JURY. All federal, state, and local laws and regulations apply.PRIVACY: Information collected from entrants in connection with the Sweepstakes is subject to Sponsor's privacy policy, which may be found here.SOCIAL MEDIA PROMOTION: Although the Sweepstakes may be featured on Twitter, Facebook, and/or other social media platforms, the Sweepstakes is in no way sponsored, endorsed, administered by, or in association with Twitter, Facebook, and/or such other social media platforms and you agree that Twitter, Facebook, and all other social media platforms are not liable in any way for any claims, damages or losses associated with the Sweepstakes.WINNER(S) LIST: For a list of name(s) of prizewinner(s), after the Selection Date, please send a stamped, self-addressed No. 10/standard business envelope to Ziff Davis, LLC, Attn: Legal Department, 360 Park Ave South, Floor 17, New York, NY 10010 (VT residents may omit return postage).BY ENTERING, YOU AGREE THAT YOU HAVE READ AND AGREE TO ALL OF THESE SWEEPSTAKES RULES.

Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

“The best way to predict the future is to invent it,” the famed computer scientist Alan Kay once said. Uttered more out of exasperation than as inspiration, his remark has nevertheless attained gospel-like status among Silicon Valley entrepreneurs, in particular a handful of tech billionaires who fancy themselves the chief architects of humanity’s future.  Sam Altman, Jeff Bezos, Elon Musk, and others may have slightly different goals and ambitions in the near term, but their grand visions for the next decade and beyond are remarkably similar. Framed less as technological objectives and more as existential imperatives, they include aligning AI with the interests of humanity; creating an artificial superintelligence that will solve all the world’s most pressing problems; merging with that superintelligence to achieve immortality (or something close to it); establishing a permanent, self-­sustaining colony on Mars; and, ultimately, spreading out across the cosmos. While there’s a sprawling patchwork of ideas and philosophies powering these visions, three features play a central role, says Adam Becker, a science writer and astrophysicist: an unshakable certainty that technology can solve any problem, a belief in the necessity of perpetual growth, and a quasi-religious obsession with transcending our physical and biological limits. In his timely new book, More Everything Forever: AI Overlords, Space Empires, and Silicon Valley’s Crusade to Control the Fate of Humanity, Becker calls this triumvirate of beliefs the “ideology of technological salvation” and warns that tech titans are using it to steer humanity in a dangerous direction.  “In most of these isms you’ll find the idea of escape and transcendence, as well as the promise of an amazing future, full of unimaginable wonders—so long as we don’t get in the way of technological progress.” “The credence that tech billionaires give to these specific science-fictional futures validates their pursuit of more—to portray the growth of their businesses as a moral imperative, to reduce the complex problems of the world to simple questions of technology, [and] to justify nearly any action they might want to take,” he writes. Becker argues that the only way to break free of these visions is to see them for what they are: a convenient excuse to continue destroying the environment, skirt regulations, amass more power and control, and dismiss the very real problems of today to focus on the imagined ones of tomorrow.  A lot of critics, academics, and journalists have tried to define or distill the Silicon Valley ethos over the years. There was the “Californian Ideology” in the mid-’90s, the “Move fast and break things” era of the early 2000s, and more recently the “Libertarianism for me, feudalism for thee”  or “techno-­authoritarian” views. How do you see the “ideology of technological salvation” fitting in?  I’d say it’s very much of a piece with those earlier attempts to describe the Silicon Valley mindset. I mean, you can draw a pretty straight line from Max More’s principles of transhumanism in the ’90s to the Californian Ideology [a mashup of countercultural, libertarian, and neoliberal values] and through to what I call the ideology of technological salvation. The fact is, many of the ideas that define or animate Silicon Valley thinking have never been much of a ­mystery—libertarianism, an antipathy toward the government and regulation, the boundless faith in technology, the obsession with optimization.  What can be difficult is to parse where all these ideas come from and how they fit together—or if they fit together at all. I came up with the ideology of technological salvation as a way to name and give shape to a group of interrelated concepts and philosophies that can seem sprawling and ill-defined at first, but that actually sit at the center of a worldview shared by venture capitalists, executives, and other thought leaders in the tech industry.  Readers will likely be familiar with the tech billionaires featured in your book and at least some of their ambitions. I’m guessing they’ll be less familiar with the various “isms” that you argue have influenced or guided their thinking. Effective altruism, rationalism, long­termism, extropianism, effective accelerationism, futurism, singularitarianism, ­transhumanism—there are a lot of them. Is there something that they all share?  They’re definitely connected. In a sense, you could say they’re all versions or instantiations of the ideology of technological salvation, but there are also some very deep historical connections between the people in these groups and their aims and beliefs. The Extropians in the late ’80s believed in self-­transformation through technology and freedom from limitations of any kind—ideas that Ray Kurzweil eventually helped popularize and legitimize for a larger audience with the Singularity.  In most of these isms you’ll find the idea of escape and transcendence, as well as the promise of an amazing future, full of unimaginable wonders—so long as we don’t get in the way of technological progress. I should say that AI researcher Timnit Gebru and philosopher Émile Torres have also done a lot of great work linking these ideologies to one another and showing how they all have ties to racism, misogyny, and eugenics. You argue that the Singularity is the purest expression of the ideology of technological salvation. How so? Well, for one thing, it’s just this very simple, straightforward idea—the Singularity is coming and will occur when we merge our brains with the cloud and expand our intelligence a millionfold. This will then deepen our awareness and consciousness and everything will be amazing. In many ways, it’s a fantastical vision of a perfect technological utopia. We’re all going to live as long as we want in an eternal paradise, watched over by machines of loving grace, and everything will just get exponentially better forever. The end. The other isms I talk about in the book have a little more … heft isn’t the right word—they just have more stuff going on. There’s more to them, right? The rationalists and the effective altruists and the longtermists—they think that something like a singularity will happen, or could happen, but that there’s this really big danger between where we are now and that potential event. We have to address the fact that an all-powerful AI might destroy humanity—the so-called alignment problem—before any singularity can happen.  Then you’ve got the effective accelerationists, who are more like Kurzweil, but they’ve got more of a tech-bro spin on things. They’ve taken some of the older transhumanist ideas from the Singularity and updated them for startup culture. Marc Andreessen’s “Techno-Optimist Manifesto” [from 2023] is a good example. You could argue that all of these other philosophies that have gained purchase in Silicon Valley are just twists on Kurzweil’s Singularity, each one building on top of the core ideas of transcendence, techno­-optimism, and exponential growth.  Early on in the book you take aim at that idea of exponential growth—specifically, Kurzweil’s “Law of Accelerating Returns.” Could you explain what that is and why you think it’s flawed? Kurzweil thinks there’s this immutable “Law of Accelerating Returns” at work in the affairs of the universe, especially when it comes to technology. It’s the idea that technological progress isn’t linear but exponential. Advancements in one technology fuel even more rapid advancements in the future, which in turn lead to greater complexity and greater technological power, and on and on. This is just a mistake. Kurzweil uses the Law of Accelerating Returns to explain why the Singularity is inevitable, but to be clear, he’s far from the only one who believes in this so-called law. “I really believe that when you get as rich as some of these guys are, you can just do things that seem like thinking and no one is really going to correct you or tell you things you don’t want to hear.” My sense is that it’s an idea that comes from staring at Moore’s Law for too long. Moore’s Law is of course the famous prediction that the number of transistors on a chip will double roughly every two years, with a minimal increase in cost. Now, that has in fact happened for the last 50 years or so, but not because of some fundamental law in the universe. It’s because the tech industry made a choice and some very sizable investments to make it happen. Moore’s Law was ultimately this really interesting observation or projection of a historical trend, but even Gordon Moore [who first articulated it] knew that it wouldn’t and couldn’t last forever. In fact, some think it’s already over.  These ideologies take inspiration from some pretty unsavory characters. Transhumanism, you say, was first popularized by the eugenicist Julian Huxley in a speech in 1951. Marc Andreessen’s “Techno-Optimist Manifesto” name-checks the noted fascist Filippo Tommaso Marinetti and his futurist manifesto. Did you get the sense while researching the book that the tech titans who champion these ideas understand their dangerous origins? You’re assuming in the framing of that question that there’s any rigorous thought going on here at all. As I say in the book, Andreessen’s manifesto runs almost entirely on vibes, not logic. I think someone may have told him about the futurist manifesto at some point, and he just sort of liked the general vibe, which is why he paraphrases a part of it. Maybe he learned something about Marinetti and forgot it. Maybe he didn’t care.  I really believe that when you get as rich as some of these guys are, you can just do things that seem like thinking and no one is really going to correct you or tell you things you don’t want to hear. For many of these billionaires, the vibes of fascism, authoritarianism, and colonialism are attractive because they’re fundamentally about creating a fantasy of control.  You argue that these visions of the future are being used to hasten environmental destruction, increase authoritarianism, and exacerbate inequalities. You also admit that they appeal to lots of people who aren’t billionaires. Why do you think that is?  I think a lot of us are also attracted to these ideas for the same reasons the tech billionaires are—they offer this fantasy of knowing what the future holds, of transcending death, and a sense that someone or something out there is in control. It’s hard to overstate how comforting a simple, coherent narrative can be in an increasingly complex and fast-moving world. This is of course what religion offers for many of us, and I don’t think it’s an accident that a sizable number of people in the rationalist and effective altruist communities are actually ex-evangelicals. More than any one specific technology, it seems like the most consequential thing these billionaires have invented is a sense of inevitability—that their visions for the future are somehow predestined. How does one fight against that? It’s a difficult question. For me, the answer was to write this book. I guess I’d also say this: Silicon Valley enjoyed well over a decade with little to no pushback on anything. That’s definitely a big part of how we ended up in this mess. There was no regulation, very little critical coverage in the press, and a lot of self-mythologizing going on. Things have started to change, especially as the social and environmental damage that tech companies and industry leaders have helped facilitate has become more clear. That understanding is an essential part of deflating the power of these tech billionaires and breaking free of their visions. When we understand that these dreams of the future are actually nightmares for the rest of us, I think you’ll see that senseof inevitability vanish pretty fast.  This interview was edited for length and clarity. Bryan Gardiner is a writer based in Oakland, California. 

Macworld Ads are everywhere. From gas pump screens to streaming services and social media, the average American is exposed to anywhere between 4,000 and 10,000 ads per day. Enough is enough. While some ads are just plain annoying (looking at you, Liberty Mutual), others can be straight-up harmful. Protect your kids from inappropriate content and protect your Mac from phishing with Adguard’s Family Plan, now just $15.97 with code FAMPLAN. With AdGuard’s family plan, you can get privacy protection, ad blocking, and malware protection for up to 9 devices, including desktop and mobile. It’s compatible with both Android and iOS devices as long as they’re running on relatively updated operating systems. AdGuard Family Plan: Lifetime SubscriptionSee Deal From banner ads to pop-ups and video ads, AdgGuard blocks them all seamlessly, allowing you to use your computer the way it was intended. Maximize productivity and protect from harmful viruses or phishing attempts. The robust parental controls also allow users to block inappropriate or adult content to keep the web safe for your kids. For less than the monthly price of a streaming service, you can have peace of mind knowing your children will be shielded from inappropriate materials and you can work, stream, and game uninterrupted. Get AdGuard’s Family Plan for $15.97 (reg. $39.99) with code FAMPLAN. StackSocial prices subject to change.

Bungie’s Marathon is still coming out, and when it does, PlayStation plans on giving the extraction shooter a fair shot. During a recent investor interview, Sony Interactive Entertainment head Herman Hulst assured the game would come out before March 31, 2026, when Sony’s fiscal year ends. Touching on its recent alpha test, he descbied the feedback as “varied, but super useful. […] The constant testing, the constant re-validation of assumptions that we just talked about, to me is just so valuable to iterate and to constantly improve the title, so when launch comes, we’re going to give the title the optimal chance of success.” Hanging over PlayStation is 2024’s sci-fi shooter Concord, which shut down weeks after launch and later led to developer Firewalk Studios closing down. That’s been just one of several botched attempts from PlayStation’s attempts to enter live-service games, which includes several canceled projects and layoffs across its first-party studios. While acknowledging these “unique challenges” and attributing Concord’s failure to the “hypercompetitive market” of hero shooters, Hulst talked up how they’re avoiding the same mistakes with Marathon. “It’s going to be the first new Bungie title in over a decade, and it’s our goal to release a very bold, very innovative, and deeply engaging title. We’re monitoring the closed alpha cycle the team has just gone through. We’re taking all the lessons learned, we’re using the capabilities we’ve built and analytics and user testing to understand how audiences are engaging with the title.” One thing Hulst didn’t touch on, though, was the recent accusations of art plagiarism levvied against Bungie. In May, artist Fern “Antireal” Hook released evidence alleging the studio stole assets she made from previous work and failed to credit her. After investigating, Bungie attributed the theft to the work of a former employee, publicly apologized, and said it would do “everything we can to make this right” with Hook. It also promised to review all in-game assets and replace “questionably sourced” art with original, in-house work. With the mention of its arriving before the fiscal year ends, Marathon may be delayed out of its current September 23 launch. At time of writing, Bungie and PlayStation have kept mum on a potential delay, but the game failed to make an appearance at PlayStation’s recent State of Play in early June. [via IGN] Want more io9 news? Check out when to expect the latest Marvel, Star Wars, and Star Trek releases, what’s next for the DC Universe on film and TV, and everything you need to know about the future of Doctor Who.