Bungie has been paving the way for Destiny 2's upcoming The Edge of Fate expansion with a week of free loot for players. Once every day, fans can log in, visit the Emissary vendor, and claim an Infinite Nonary Engram, which drops all sorts of cosmeti

The Guardian’s writers have compiled their favourite new games of the year so far – and we’d like to hear about yours, too.Have you come across a new release that you can’t stop playing? Or one you’d recommend? Tell us your nomination and why you like it below.Share your favouriteYou can tell us your favourite game of the year so far using this form.Please share your story if you are 18 or over, anonymously if you wish. For more information please see our terms of service and privacy policy.Your responses, which can be anonymous, are secure as the form is encrypted and only the Guardian has access to your contributions. We will only use the data you provide us for the purpose of the feature and we will delete any personal data when we no longer require it for this purpose. For true anonymity please use our SecureDrop service instead.Name Where do you live? Tell us a bit about yourself (e.g. age and what you do for a living) OptionalTell us about your favourite game of 2025 so far and why it's your favourite Please include as much detail as possible. If you are happy to, please upload a photo of yourself here OptionalPlease note, the maximum file size is 5.7 MB.Choose fileCan we publish your response? Yes, entirelyYes, but contact me firstYes, but please keep me anonymousNo, this is information onlyPhone number OptionalYour contact details are helpful so we can contact you for more information. They will only be seen by the Guardian.Email address Your contact details are helpful so we can contact you for more information. They will only be seen by the Guardian.You can add more information here OptionalIf you include other people's names please ask them first.Would you be interested in speaking to our audio and/or video teams? Audio onlyVideo onlyAudio and videoNo, I'm not interestedBy submitting your response, you are agreeing to share your details with us for this feature.If you’re having trouble using the form, click here. Read terms of service here and privacy policy here.

Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

DNA testing service 23andMe has undergone serious upheaval in recent months, creating concerns for the 15 million customers who entrusted the company with their personal biological information. After filing for Chapter 11 bankruptcy protection in March, the company became the center of a bidding war that ended Friday when co-founder Anne Wojcicki said she’d successfully reacquired control through her nonprofit TTAM Research Institute for $305 million. The bankruptcy proceedings had sent shockwaves through the genetic testing industry and among privacy advocates, with security experts and lawmakers urging customers to take immediate action to safeguard their data. The company’s interim CEO revealed this week that 1.9 million people, around 15% of 23andMe’s customer base, have already requested their genetic data be deleted from the company’s servers. The situation became even more complex last week after more than two dozen states filed lawsuits challenging the sale of customers’ private data, arguing that 23andMe must obtain explicit consent before transferring or selling personal information to any new entity. While the company’s policies mean you cannot delete all traces of your genetic data — particularly information that may have already been shared with research partners or stored in backup systems — if you’re one of the 15 million people who shared their DNA with 23andMe, there are still meaningful steps you can take to protect yourself and minimize your exposure. How to delete your 23andMe data To delete your data from 23andMe, you need to log in to your account and then follow these steps: Navigate to the Settings section of your profile. Scroll down to the selection labeled 23andMe Data.  Click the View option and scroll to the Delete Data section. Select the Permanently Delete Data button. You will then receive an email from 23andMe with a link that will allow you to confirm your deletion request.  You can choose to download a copy of your data before deleting it. There is an important caveat, as 23andMe’s privacy policy states that the company and its labs “will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations.” The policy continues: “23andMe will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.” This essentially means that 23andMe may keep some of your information for an unspecified amount of time.  How to destroy your 23andMe test sample and revoke permission for your data to be used for research If you previously opted to have your saliva sample and DNA stored by 23andMe, you can change this setting. To revoke your permission, go into your 23andMe account settings page and then navigate to Preferences.  In addition, if you previously agreed to 23andMe and third-party researchers using your genetic data and sample for research, you can withdraw consent from the Research and Product Consents section in your account settings.  While you can reverse that consent, there’s no way for you to delete that information. Check in with your family members Once you have requested the deletion of your data, it’s important to check in with your family members and encourage them to do the same because it’s not just their DNA that’s at risk of sale — it also affects people they are related to.  And while you’re at it, it’s worth checking in with your friends to ensure that all of your loved ones are taking steps to protect their data.  This story originally published on March 25 and was updated June 11 with new information.

Millions of these messages are now targeting smartphone users.

Published June 14, 2025 10:00am EDT close Top lawmaker on cybersecurity panel talks threats to US agriculture Senate Armed Services Committee member Mike Rounds, R-S.D., speaks to Fox News Digital NEWYou can now listen to Fox News articles! Your home address might be easier to find online than you think. A quick search of your name could turn up past and current locations, all thanks to people finder sites. These data broker sites quietly collect and publish personal details without your consent, making your privacy vulnerable with just a few clicks.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)How your address gets exposed online and who’s using itIf you’ve ever searched for your name and found personal details, like your address, on unfamiliar websites, you’re not alone. People finder platforms collect this information from public records and third-party data brokers, then publish and share it widely. They often link your address to other details such as phone numbers, email addresses and even relatives.11 EASY WAYS TO PROTECT YOUR ONLINE PRIVACY IN 2025While this data may already be public in various places, these sites make it far easier to access and monetize it at scale. In one recent breach, more than 183 million login credentials were exposed through an unsecured database. Many of these records were linked to physical addresses, raising concerns about how multiple sources of personal data can be combined and exploited.Although people finder sites claim to help reconnect friends or locate lost contacts, they also make sensitive personal information available to anyone willing to pay. This includes scammers, spammers and identity thieves who use it for fraud, harassment, and targeted scams. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)How do people search sites get your home address?First, let’s define two sources of information; public and private databases that people search sites use to get your detailed profile, including your home address. They run an automated search on these databases with key information about you and add your home address from the search results. 1. Public sourcesYour home address can appear in:Property deeds: When you buy or sell a home, your name and address become part of the public record.Voter registration: You need to list your address when voting.Court documents: Addresses appear in legal filings or lawsuits.Marriage and divorce records: These often include current or past addresses.Business licenses and professional registrations: If you own a business or hold a license, your address can be listed.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?These records are legal to access, and people finder sites collect and repackage them into detailed personal profiles.2. Private sourcesOther sites buy your data from companies you’ve interacted with:Online purchases: When you buy something online, your address is recorded and can be sold to marketing companies.Subscriptions and memberships: Magazines, clubs and loyalty programs often share your information.Social media platforms: Your location or address details can be gathered indirectly from posts, photos or shared information.Mobile apps and websites: Some apps track your location.People finder sites buy this data from other data brokers and combine it with public records to build complete profiles that include address information. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)What are the risks of having your address on people finder sites?The Federal Trade Commission (FTC) advises people to request the removal of their private data, including home addresses, from people search sites due to the associated risks of stalking, scamming and other crimes.People search sites are a goldmine for cybercriminals looking to target and profile potential victims as well as plan comprehensive cyberattacks. Losses due to targeted phishing attacks increased by 33% in 2024, according to the FBI. So, having your home address publicly accessible can lead to several risks:Stalking and harassment: Criminals can easily find your home address and threaten you.Identity theft: Scammers can use your address and other personal information to impersonate you or fraudulently open accounts.Unwanted contact: Marketers and scammers can use your address to send junk mail or phishing or brushing scams.Increased financial risks: Insurance companies or lenders can use publicly available address information to unfairly decide your rates or eligibility.Burglary and home invasion: Criminals can use your location to target your home when you’re away or vulnerable.How to protect your home addressThe good news is that you can take steps to reduce the risks and keep your address private. However, keep in mind that data brokers and people search sites can re-list your information after some time, so you might need to request data removal periodically.I recommend a few ways to delete your private information, including your home address, from such websites.1. Use personal data removal services: Data brokers can sell your home address and other personal data to multiple businesses and individuals, so the key is to act fast. If you’re looking for an easier way to protect your privacy, a data removal service can do the heavy lifting for you, automatically requesting data removal from brokers and tracking compliance.While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web2. Opt out manually : Use a free scanner provided by a data removal service to check which people search sites that list your address. Then, visit each of these websites and look for an opt-out procedure or form: keywords like "opt out," "delete my information," etc., point the way.Follow each site’s opt-out process carefully, and confirm they’ve removed all your personal info, otherwise, it may get relisted.3. Monitor your digital footprint: I recommend regularly searching online for your name to see if your location is publicly available. If only your social media profile pops up, there’s no need to worry. However, people finder sites tend to relist your private information, including your home address, after some time.4. Limit sharing your address online: Be careful about sharing your home address on social media, online forms and apps. Review privacy settings regularly, and only provide your address when absolutely necessary. Also, adjust your phone settings so that apps don’t track your location.Kurt’s key takeawaysYour home address is more vulnerable than you think. People finder sites aggregate data from public records and private sources to display your address online, often without your knowledge or consent. This can lead to serious privacy and safety risks. Taking proactive steps to protect your home address is essential. Do it manually or use a data removal tool for an easier process. By understanding how your location is collected and taking measures to remove your address from online sites, you can reclaim control over your personal data.CLICK HERE TO GET THE FOX NEWS APPHow do you feel about companies making your home address so easy to find? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custom (vanity) invite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string" (i.e., the PowerShell command), and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-control (C2) server by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery network (CDN) abused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

In addition to the flood of spam texts you receive on a daily basis, your email inbox is likely filled with newsletters, promotions, and other messages that you don't care to read and perhaps don't know why you receive. But you shouldn't just start clicking unsubscribe links, which may open you up to certain cybersecurity risks. Email unsubscribe links may be maliciousWhile email unsubscribe links may seem innocuous, especially if you generally trust the sender, security experts say there are a number of ways in which threat actors can leverage these links for malicious purposes. Like responding to a spam text or answering a spam call, clicking "unsubscribe" confirms that your email address is active, giving cyber criminals an incentive to keep targeting you.In some cases, unsubscribe links can be hijacked to send users to phishing websites, where you are asked to enter your login credentials to complete the process. According to the folks at DNSFilter, one in every 644 clicks of email unsubscribe links can land you on a malicious website. While you do have to confirm your email address in some legitimate cases, you shouldn't enter a password, which is likely a scam. Bottom line: If you don't trust the sender, you certainly shouldn't trust any links contained within the email. How to safely unsubscribe from emails Even if unsubscribe links are safe, it's a pain to go through the multi-step process of clicking through individual emails and opening new browser windows to confirm. To minimize hassle and avoid the risk of malicious links in individual emails, you can use unsubscribe features built into your email client, which are less likely to be compromised by threat actors because they aren't tied to the email itself. In Gmail, tap More > Manage subscriptions in your left-hand navigation bar (Menu > Manage subscriptions on mobile) and scroll to the sender. Click Unsubscribe to the right of the number of emails sent recently. You can also unsubscribe from individual emails by opening the message and clicking Unsubscribe next to the sender's name. In some cases, you may be directed to the sender's website to complete the process. (Note that Gmail may not consider all email campaigns eligible for one-click unsubscribe.) You can also mark the message as spam or block the sender. In Outlook, go to Settings > Mail > Subscriptions > Your current subscriptions and select Unsubscribe, then tap OK. Alternatively, you can block the sender by clicking the three dots and selecting Block > OK. Alternatively, you can filter unwanted emails to a different folder (including spam), so while you'll still receive them, they won't clog up your main inbox. In Gmail, open the message then click More > Filter messages like these to set up filter criteria, whether that's sending to another folder, deleting it, or marking it as spam. You can create similar rules in Outlook by right-clicking the message in your message list and going to Rules > Create rule. A final option is to use a disposable email alias to subscribe to newsletters and promotional emails or when signing up for accounts, which makes it easy to filter messages or delete the address entirely without affecting your main inbox.