Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Sovereignty has mattered since the invention of the nation state—defined by borders, laws, and taxes that apply within and without. While many have tried to define it, the core idea remains: nations or jurisdictions seek to stay in control, usually to the benefit of those within their borders. Digital sovereignty is a relatively new concept, also difficult to define but straightforward to understand. Data and applications don’t understand borders unless they are specified in policy terms, as coded into the infrastructure. The World Wide Web had no such restrictions at its inception. Communitarian groups such as the Electronic Frontier Foundation, service providers and hyperscalers, non-profits and businesses all embraced a model that suggested data would look after itself. But data won’t look after itself, for several reasons. First, data is massively out of control. We generate more of it all the time, and for at least two or three decades (according to historical surveys I’ve run), most organizations haven’t fully understood their data assets. This creates inefficiency and risk—not least, widespread vulnerability to cyberattack. Risk is probability times impact—and right now, the probabilities have shot up. Invasions, tariffs, political tensions, and more have brought new urgency. This time last year, the idea of switching off another country’s IT systems was not on the radar. Now we’re seeing it happen—including the U.S. government blocking access to services overseas. Digital sovereignty isn’t just a European concern, though it is often framed as such. In South America for example, I am told that sovereignty is leading conversations with hyperscalers; in African countries, it is being stipulated in supplier agreements. Many jurisdictions are watching, assessing, and reviewing their stance on digital sovereignty. As the adage goes: a crisis is a problem with no time left to solve it. Digital sovereignty was a problem in waiting—but now it’s urgent. It’s gone from being an abstract ‘right to sovereignty’ to becoming a clear and present issue, in government thinking, corporate risk and how we architect and operate our computer systems. What does the digital sovereignty landscape look like today? Much has changed since this time last year. Unknowns remain, but much of what was unclear this time last year is now starting to solidify. Terminology is clearer – for example talking about classification and localisation rather than generic concepts. We’re seeing a shift from theory to practice. Governments and organizations are putting policies in place that simply didn’t exist before. For example, some countries are seeing “in-country” as a primary goal, whereas others (the UK included) are adopting a risk-based approach based on trusted locales. We’re also seeing a shift in risk priorities. From a risk standpoint, the classic triad of confidentiality, integrity, and availability are at the heart of the digital sovereignty conversation. Historically, the focus has been much more on confidentiality, driven by concerns about the US Cloud Act: essentially, can foreign governments see my data? This year however, availability is rising in prominence, due to geopolitics and very real concerns about data accessibility in third countries. Integrity is being talked about less from a sovereignty perspective, but is no less important as a cybercrime target—ransomware and fraud being two clear and present risks. Thinking more broadly, digital sovereignty is not just about data, or even intellectual property, but also the brain drain. Countries don’t want all their brightest young technologists leaving university only to end up in California or some other, more attractive country. They want to keep talent at home and innovate locally, to the benefit of their own GDP. How Are Cloud Providers Responding? Hyperscalers are playing catch-up, still looking for ways to satisfy the letter of the law whilst ignoring (in the French sense) its spirit. It’s not enough for Microsoft or AWS to say they will do everything they can to protect a jurisdiction’s data, if they are already legally obliged to do the opposite. Legislation, in this case US legislation, calls the shots—and we all know just how fragile this is right now. We see hyperscaler progress where they offer technology to be locally managed by a third party, rather than themselves. For example, Google’s partnership with Thales, or Microsoft with Orange, both in France (Microsoft has similar in Germany). However, these are point solutions, not part of a general standard. Meanwhile, AWS’ recent announcement about creating a local entity doesn’t solve for the problem of US over-reach, which remains a core issue. Non-hyperscaler providers and software vendors have an increasingly significant play: Oracle and HPE offer solutions that can be deployed and managed locally for example; Broadcom/VMware and Red Hat provide technologies that locally situated, private cloud providers can host. Digital sovereignty is thus a catalyst for a redistribution of “cloud spend” across a broader pool of players. What Can Enterprise Organizations Do About It? First, see digital sovereignty as a core element of data and application strategy. For a nation, sovereignty means having solid borders, control over IP, GDP, and so on. That’s the goal for corporations as well—control, self-determination, and resilience. If sovereignty isn’t seen as an element of strategy, it gets pushed down into the implementation layer, leading to inefficient architectures and duplicated effort. Far better to decide up front what data, applications and processes need to be treated as sovereign, and defining an architecture to support that. This sets the scene for making informed provisioning decisions. Your organization may have made some big bets on key vendors or hyperscalers, but multi-platform thinking increasingly dominates: multiple public and private cloud providers, with integrated operations and management. Sovereign cloud becomes one element of a well-structured multi-platform architecture. It is not cost-neutral to deliver on sovereignty, but the overall business value should be tangible. A sovereignty initiative should bring clear advantages, not just for itself, but through the benefits that come with better control, visibility, and efficiency. Knowing where your data is, understanding which data matters, managing it efficiently so you’re not duplicating or fragmenting it across systems—these are valuable outcomes. In addition, ignoring these questions can lead to non-compliance or be outright illegal. Even if we don’t use terms like ‘sovereignty’, organizations need a handle on their information estate. Organizations shouldn’t be thinking everything cloud-based needs to be sovereign, but should be building strategies and policies based on data classification, prioritization and risk. Build that picture and you can solve for the highest-priority items first—the data with the strongest classification and greatest risk. That process alone takes care of 80–90% of the problem space, avoiding making sovereignty another problem whilst solving nothing. Where to start? Look after your own organization first Sovereignty and systems thinking go hand in hand: it’s all about scope. In enterprise architecture or business design, the biggest mistake is boiling the ocean—trying to solve everything at once. Instead, focus on your own sovereignty. Worry about your own organization, your own jurisdiction. Know where your own borders are. Understand who your customers are, and what their requirements are. For example, if you’re a manufacturer selling into specific countries—what do those countries require? Solve for that, not for everything else. Don’t try to plan for every possible future scenario. Focus on what you have, what you’re responsible for, and what you need to address right now. Classify and prioritise your data assets based on real-world risk. Do that, and you’re already more than halfway toward solving digital sovereignty—with all the efficiency, control, and compliance benefits that come with it. Digital sovereignty isn’t just regulatory, but strategic. Organizations that act now can reduce risk, improve operational clarity, and prepare for a future based on trust, compliance, and resilience. The post Reclaiming Control: Digital Sovereignty in 2025 appeared first on Gigaom.

Published June 7, 2025 10:00am EDT close Tennessee DMV experiencing long lines ahead of REAL ID deadline May 7 is the deadline to get a REAL ID, and some DMVs are facing large crowds and major backup. FOX's Asher Reed spoke with FOX 35 Orlando from outside a DMV in Antioch, Tennessee, with more on the issue. NEWYou can now listen to Fox News articles! If you've received a text message claiming to be from your state's Department of Motor Vehicles (DMV) and threatening you with fines or penalties unless you pay up, you're not alone. A new wave of scam texts is sweeping across the country, targeting drivers in states like Connecticut, Pennsylvania, Georgia, Florida, New York, California, Illinois, New Jersey, Virginia, Colorado, Vermont, Texas, North Carolina and even Washington, D.C.These messages look official and urgent, warning you about supposed unpaid tickets or tolls and demanding immediate payment. But don't be fooled, as these texts are sophisticated scams designed to steal your personal information or money. The scammers are getting better at making their messages look real, so it can be tricky to spot the fraud. But with a few simple tips, you can learn how to recognize these scams and protect yourself before you click or respond. DMV scam text. (Kurt "CyberGuy" Knutsson)How the DMV scam text message worksThese scam messages vary slightly depending on the state you're in, but they’re generally structured in the same way. The text threatens consequences, such as credit score damage, revoked driving privileges, suspended vehicle registration or increased toll fees, if you do not pay the bill you have supposedly incurred. To make the message appear legit, the scammers often include a date for penalties to begin, a fake administrative code and a link that appears to be an official DMV website.FBI WARNS OF SCAM TARGETING VICTIMS WITH FAKE HOSPITALS AND POLICEPro tip: If you're instructed to copy the link into your browser rather than clicking it directly, it's a scam. A person receiving a scam text message on their phone. (Kurt "CyberGuy" Knutsson)Why DMV text scams are so convincingThe scam relies on two key elements to be effective: fear and a sense of urgency. These are two powerful psychological motivators that can send you into a panic since your driving privileges are at risk, or you're facing financial consequences. The aim is to get you to act hastily without pausing to verify the source. The messages also mimic legitimate government communications by including familiar terms, official-sounding codes and web addresses that appear authentic. Here is an example of what the text might look like: DMV scam text. (Kurt "CyberGuy" Knutsson)States known to have issued warnings about DMV scam texts (as of June 2025):ConnecticutPennsylvaniaGeorgiaFloridaNew YorkCaliforniaIllinoisNew JerseyVirginiaColoradoVermontTexasNorth CarolinaWashington, D.C.Reports are surfacing across the U.S., and the list of affected states is likely to continue growing as more residents come forward.How to spot and avoid DMV text message scamsIf you receive a suspicious text message claiming to be from your state's DMV and demanding payment or personal information, follow these steps to protect yourself:1. Be skeptical of any message creating urgency or panic: Scammers rely on fear and urgency to trick you into acting without thinking. If a message pressures you to act immediately, that's a major red flag.2. Check for obvious red flags: Look for signs like strange sender addresses, awkward language, misspellings or links that don't match your state's official DMV website.3. Do not click any links or reply, and use strong antivirus software: Legitimate DMVs will not ask for payments, personal details or sensitive information via unsolicited text messages. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Verify directly with your DMV: If you're concerned the message might be real, contact your state's DMV using the official website or a trusted phone number. Never use the contact information provided in the suspicious text.5. Consider a Personal Data Removal Service: Your personal information is widely available online, which can make you a bigger target for these types of scams, therefore you might look into a personal data removal service. These services work by submitting opt-out requests to data brokers that collect and sell your information, helping to reduce your digital footprint and making it harder for scammers to find your contact details. GET FOX BUSINESS ON THE GO BY CLICKING HEREWhile no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.6. Delete the message immediately and block the sender: Removing the text helps prevent accidental clicks and reduces the risk of falling for the scam later. Also, be sure to block phone numbers and texts that send spam or scam messages, reducing future risk.7. Register your number with the National Do Not Call Registry: While this won't stop all scams, it can help reduce unwanted communications.8. Don't provide any personal or financial information: Never share your Social Security number, driver's license number, banking information, or passwords in response to an unsolicited text.9. If you clicked the link or gave out information, act quickly: If you accidentally entered personal or financial information, contact your bank, credit card provider or local law enforcement right away to minimize potential damage.10. Keep your phone's security features updated: Ensure your device's operating system and security software are current to help block known scam numbers and malicious links.11. Report the scam: Forward the message to 7726 (SPAM) to alert your mobile provider and help block similar messages in the future. Mark the message as junk or spam within your messaging app, if possible. File a complaint with the Federal Trade Commission at reportfraud.ftc.gov or the FBI's Internet Crime Complaint Center at ic3.gov.Kurt’s key takeawaysScam texts pretending to be from the DMV are getting more convincing, but you don't have to be their next victim. Staying skeptical of urgent messages, double-checking anything that seems off and never clicking suspicious links can go a long way in protecting your personal information. Remember, the real DMV will never pressure you for payment or sensitive details over text. By staying alert, you can help prevent these scams and keep your personal information and money secure.CLICK HERE TO GET THE FOX NEWS APPShould tech companies and telecom providers be doing more to protect you from scam texts, or does the responsibility ultimately fall on you to keep your digital life safe? Let us know by writing to us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 06, 2025The Hacker NewsMalware / Endpoint Security Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation," security researcher Koushik Pal said in a report published this week. "The script uses native macOS commands to harvest credentials, bypass security mechanisms, and execute malicious binaries." It's believed that the activity is the work of Russian-speaking cybercriminals owing to the presence of Russian language comments in the malware's source code. The starting point of the attack is a web page that impersonates Spectrum ("panel-spectrum[.]net" or "spectrum-ticket[.]net"). Visitors to the sites in question are served a message that instructs them to complete a hCaptcha verification check to in order to "review the security" of their connection before proceeding further. However, when the user clicks the "I am human" checkbox for evaluation, they are displayed an error message stating "CAPTCHA verification failed," urging them to click a button to go ahead with an "Alternative Verification." Doing so causes a command to be copied to the users' clipboard and the victim is shown a set of instructions depending on their operating system. While they are guided to run a PowerShell command on Windows by opening the Windows Run dialog, it's substituted by a shell script that's executed by launching the Terminal app on macOS. The shell script, for its part, prompts users to enter their system password and downloads a next-stage payload, in this case, a known stealer called Atomic Stealer. "Poorly implemented logic in the delivery sites, such as mismatched instructions across platforms, points to hastily assembled infrastructure," Pal said. "The delivery pages in question for this AMOS variant campaign contained inaccuracies in both its programming and front-end logic. For Linux user agents, a PowerShell command was copied. Furthermore, the instruction 'Press & hold the Windows Key + R' was displayed to both Windows and Mac users." The disclosure comes amid a surge in campaigns using the ClickFix tactic to deliver a wide range of malware families over the past year. "Actors carrying out these targeted attacks typically utilize similar techniques, tools, and procedures (TTPs) to gain initial access," Darktrace said. "These include spear phishing attacks, drive-by compromises, or exploiting trust in familiar online platforms, such as GitHub, to deliver malicious payloads." The links distributed using these vectors typically redirect the end user to a malicious URL that displays a fake CAPTCHA verification check in an attempt to deceive users into thinking that they are carrying out something innocuous, when, in reality, they are guided to execute malicious commands to fix a non-existent issue. The end result of this effective social engineering method is that users end up compromising their own systems, enabling threat actors to bypass security controls. The cybersecurity company said it identified multiple ClickFix attacks across customer environments in Europe, the Middle East, and Africa (EMEA), and in the United States. And these campaigns are gaining steam, adopting several variations but operating with the same end goal of delivering malicious payloads, ranging from trojans to stealers to ransomware. Earlier this week, Cofense outlined an email phishing campaign that spoofs Booking.com, targeting hotel chains and the food services sector with fake CAPTCHAs that lead to XWorm RAT, PureLogs Stealer, and DanaBot. The fact that ClickFix is flexible and easy to adapt makes it an attractive malware distribution mechanism. "While the exact email structure varies from sample to sample, these campaigns generally provide Booking[.]com-spoofing emails with embedded links to a ClickFix fake CAPTCHA site which is used to deliver a malicious script that runs RATs and/or information stealers," Cofense said. The email security firm said it has also observed ClickFix samples mimicking cookie consent banners, wherein clicking on the "Accept" button causes a malicious script file to be downloaded. The user is subsequently prompted to run the script to accept cookies. In one April 2025 incident analyzed by Darktrace, unknown threat actors were found to utilize ClickFix as an attack vector to download nondescript payloads to burrow deeper into the target environment, conduct lateral movement, send system-related information to an external server via an HTTP POST request, and ultimately exfiltrate data. "ClickFix baiting is a widely used tactic in which threat actors exploit human error to bypass security defenses," Darktrace said. "By tricking endpoint users into performing seemingly harmless, everyday actions, attackers gain initial access to systems where they can access and exfiltrate sensitive data." Other ClickFix attacks have employed phony versions of other popular CAPTCHA services like Google reCAPTCHA and Cloudflare Turnstile for malware delivery under the guise of routine security checks. These fake pages are "pixel-perfect copies" of their legitimate counterparts, sometimes even injected into real-but-hacked websites to trick unsuspecting users. Stealers such as Lumma and StealC, as well as full-fledged remote access trojans (RATs) like NetSupport RAT are some of the payloads distributed via bogus Turnstile pages. "Modern internet users are inundated with spam checks, CAPTCHAs, and security prompts on websites, and they've been conditioned to click through these as quickly as possible," SlashNext's Daniel Kelley said. "Attackers exploit this 'verification fatigue,' knowing that many users will comply with whatever steps are presented if it looks routine." Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Published June 5, 2025 10:00am EDT close Don’t be so quick to click that Google calendar invite. It could be a hacker’s trap Cybercriminals are sending fake meeting invitations that seem legitimate. NEWYou can now listen to Fox News articles! Americans’ personal data is now spread across more digital platforms than ever. From online shopping habits to fitness tracking logs, personal information ends up in hundreds of company databases. While most people worry about social media leaks or email hacks, a far less visible threat comes from data brokers.I still find it hard to believe that companies like this are allowed to operate with so little legal scrutiny. These firms trade in personal information without our knowledge or consent. What baffles me even more is that they aren’t serious about protecting the one thing that is central to their business model: data. Just last year, we saw news of a massive data breach at a data broker called National Public Data, which exposed 2.7 billion records. And now another data broker, LexisNexis, a major name in the industry, has reported a significant breach that exposed sensitive information from more than 364,000 people. A hacker at work (Kurt "CyberGuy" Knutsson)LexisNexis breach went undetected for months after holiday hackLexisNexis filed a notice with the Maine attorney general revealing that a hacker accessed consumer data through a third-party software development platform. The breach happened on Dec. 25, 2024, but the company only discovered it months later. LexisNexis was alerted on April 1, 2025, by an unnamed individual who claimed to have found sensitive files. It remains unclear whether this person was responsible for the breach or merely came across the exposed data.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSA spokesperson for LexisNexis confirmed that the hacker gained access to the company’s GitHub account. This is a platform commonly used by developers to store and collaborate on code. Security guidelines repeatedly warn against storing sensitive information in such repositories; however, mistakes such as exposed access tokens and personal data files continue to occur.The stolen data varies from person to person but includes full names, birthdates, phone numbers, mailing and email addresses, Social Security numbers and driver's license numbers. LexisNexis has not confirmed whether it received any ransom demand or had further contact with the attacker. An individual working on their laptop (Kurt "CyberGuy" Knutsson)Why the LexisNexis hack is a bigger threat than you realizeLexisNexis isn’t a household name for most people, but it plays a major role in how personal data is harvested and used behind the scenes. The company pulls information from a wide range of sources, compiling detailed profiles that help other businesses assess risk and detect fraud. Its clients include banks, insurance companies and government agencies.In 2023, the New York Times reported that several car manufacturers had been sharing driving data with LexisNexis without notifying vehicle owners. That information was then sold to insurance companies, which used it to adjust premiums based on individual driving behavior. The story made one thing clear. LexisNexis has access to a staggering amount of personal detail, even from people who have never willingly engaged with the company.Law enforcement also uses LexisNexis tools to dig up information on suspects. These systems offer access to phone records, home addresses and other historical data. While such tools might assist in investigations, they also highlight a serious issue. When this much sensitive information is concentrated in one place, it becomes a single point of failure. And as the recent breach shows, that failure is no longer hypothetical. A hacker at work (Kurt "CyberGuy" Knutsson)7 expert tips to protect your personal data after a data broker breachKeeping your personal data safe online can feel overwhelming, but a few practical steps can make a big difference in protecting your privacy and reducing your digital footprint. Here are 7 effective ways to take control of your information and keep it out of the wrong hands:1. Remove your data from the internet: The most effective way to take control of your data and avoid data brokers from selling it is to opt for data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Review privacy settings: Take a few minutes to explore the privacy and security settings on the services you use. For example, limit who can see your social media posts, disable unnecessary location-sharing on your phone and consider turning off ad personalization on accounts like Google and Facebook. Most browsers let you block third-party cookies or clear tracking data. The FTC suggests comparing the privacy notices of different sites and apps and choosing ones that let you opt out of sharing when possible.3. Use privacy-friendly tools: Install browser extensions or plugins that block ads and trackers (such as uBlock Origin or Privacy Badger). You might switch to a more private search engine (like DuckDuckGo or Brave) that doesn’t log your queries. Consider using a browser’s "incognito" or private mode when you don’t want your history saved, and regularly clear your cookies and cache. Even small habits, like logging out of accounts when not in use or using a password manager, make you less trackable.GET FOX BUSINESS ON THE GO BY CLICKING HERE4. Beware of phishing links and use strong antivirus software: Scammers may try to get access to your financial details and other important data using phishing links. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.5. Be cautious with personal data: Think twice before sharing extra details. Don’t fill out online surveys or quizzes that ask for personal or financial information unless you trust the source. Create separate email addresses for sign-ups (so marketing emails don’t go to your main inbox). Only download apps from official stores and check app permissions.6. Opt out of data broker lists: Many data brokers offer ways to opt out or delete your information, though it can be a tedious process. For example, there are sites like Privacy Rights Clearinghouse or the Whitepages opt-out page that list popular brokers and their opt-out procedures. The FTC’s consumer guide, "Your Guide to Protecting Your Privacy Online," includes tips on opting out of targeted ads and removing yourself from people-search databases. Keep in mind you may have to repeat this every few months.7. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.Kurt’s key takeawayFor many, the LexisNexis breach may be the first time they realize just how much of their data is in circulation. Unlike a social media platform or a bank, there is no clear customer relationship with a data broker, and that makes it harder to demand transparency. This incident should prompt serious discussion around what kind of oversight is necessary in industries that operate in the shadows. A more informed public and stronger regulation may be the only things standing between personal data and permanent exposure.CLICK HERE TO GET THE FOX NEWS APPShould companies be allowed to sell your personal information without your consent? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.