Every tech expert will tell you the App Store is safer than Google Play Store. Some might even claim it is impossible to download a malicious app from the App Store, but they are wrong. 

While I admit the App Store is a secure and tightly controlled ecosystem, it cannot completely shield you. Security researchers have found that hackers are targeting several apps on the App Store to spread malware that steals information from screenshots saved on a device. 

The issue also affects those downloading apps from the Google Play Store.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

According to researchers at Kaspersky, this malware campaign is more advanced than typical info stealers, both in how it works and how it spreads. Instead of relying on social engineering tricks to get users to grant permissions like most banking trojans or spyware, this malware hides inside seemingly legitimate apps and slips past Apple and Google’s security checks.

One of its standout features is Optical Character Recognition. Instead of stealing stored files, it scans screenshots saved on the device, extracts text and sends the information to remote servers.

Once installed, the malware operates stealthily, often activating only after a period of dormancy to avoid raising suspicion. It employs encrypted communication channels to send stolen data back to its operators, making it difficult to trace. Plus, it spreads through deceptive updates or hidden code within app dependencies, an approach that helps it evade initial security screenings by app store review teams.

The infection vectors vary between Apple and Google’s ecosystems. On iOS, the malware is often embedded within apps that initially pass Apple’s rigorous review process but later introduce harmful functionality through updates. On Android, the malware can exploit sideloading options, but even official Google Play apps have been found to carry these malicious payloads, sometimes hidden within SDKs (software development kits) supplied by third-party developers.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The scope of stolen information is alarming. This malware primarily targets crypto wallet recovery phrases but is also capable of exfiltrating login credentials, payment details, personal messages, location data and even biometric identifiers. Some versions are designed to harvest authentication tokens, allowing attackers to access accounts even if users change their passwords.

The apps serving as malware carriers include ComeCome, ChatAi, WeTink, AnyGPT and more. These range from productivity tools to entertainment and utility apps. In some cases, malicious developers create these apps with full knowledge of the malware’s purpose. In others, the issue appears to be a supply chain vulnerability, where legitimate developers unknowingly integrate compromised SDKs or third-party services that introduce malicious code into their applications.

We reached out to Apple for a comment but did not hear back before our deadline. 

Apple has removed the 11 iOS apps mentioned in Kaspersky's report from the App Store. Furthermore, they discovered that these 11 apps shared code signatures with 89 other iOS apps, all of which had been previously rejected or removed for violating Apple's policies, resulting in the termination of their developer accounts.

Apps requesting access to user data such as Photos, Camera or Location must provide relevant functionality or face rejection. They must also clearly explain their data usage when prompting users for permission. iOS privacy features ensure users always control whether their location information is shared with an app. Also, starting in iOS 14, the PhotoKit API — which allows apps to request access to a user’s Photos library — added additional controls to let users select only specific photos or videos to share with an app instead of providing access to their entire library. 

The App Store Review Guidelines mandate that developers are responsible for ensuring their entire app, including ad networks, analytics services and third-party SDKs, complies with the guidelines. Developers must carefully review and choose these components. Apps must also accurately represent their privacy practices, including those of the SDKs they use, in their privacy labels.

In 2023, the App Store rejected over 1.7 million app submissions for failing to meet its stringent privacy, security and content standards. It also rejected 248,000 app submissions found to be spam, copycats or misleading and prevented 84,000 potentially fraudulent apps from reaching users.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A Google spokesperson tells CyberGuy: 

"All of the identified apps have been removed from Google Play and the developers have been banned. Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services."

However, it is important to note that Google Play Protect may not be enough. Historically, it isn't 100% foolproof at removing all known malware from Android devices. Here’s why:

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

1. Use strong antivirus software: Installing strong antivirus software can add an extra layer of protection by scanning apps for malware, blocking suspicious activity and alerting you to potential threats. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Stick to trusted developers and well-known apps: Even though malware has been found in official app stores, users can still minimize their risk by downloading apps from reputable developers with a long track record. Before installing an app, check its developer history, read multiple reviews and look at the permissions it requests. If an app from an unknown developer suddenly gains popularity but lacks a strong review history, approach it with caution.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Review app permissions carefully: Many malicious apps disguise themselves as legitimate tools but request excessive permissions that go beyond their stated purpose. For example, a simple calculator app should not need access to your contacts, messages or location. If an app asks for permissions that seem unnecessary, consider it a red flag and either deny those permissions or avoid installing the app altogether. Go to your phone settings and check app permissions on your iPhone and Android. 

4. Keep your device and apps updated: Cybercriminals exploit vulnerabilities in outdated software to distribute malware. Always keep your operating system and apps updated to the latest versions, as these updates often contain critical security patches. Enabling automatic updates ensures that you stay protected without having to manually check for new versions.

5. Be wary of apps that promise too much: Many malware-infected apps lure users by offering features that seem too good to be true — such as free premium services, extreme battery optimizations or AI-powered functionality that appears unrealistic. If an app’s claims sound exaggerated or its download numbers skyrocket overnight with questionable reviews, it’s best to avoid it. Stick to apps with a transparent development team and verifiable functionalities. 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

The new malware campaign highlights the need for stricter vetting processes, continuous monitoring of app behavior post-approval and greater transparency from app stores regarding security risks. While Apple and Google have removed the malicious apps upon detection, the fact that they made it onto the platform in the first place exposes a gap in the existing security framework. As cybercriminals refine their methods, app stores must evolve just as quickly or risk losing the trust of the very users they claim to protect.

Do you think app stores should take more responsibility for malware slipping through? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

"Love is blind" takes on a more sinister meaning when so-called artificial intelligence (AI) becomes a tool for exploiting our deepest human emotions. 

Convincing AI technologies are increasingly targeting mature online daters, turning fantasies into lucrative and dangerous criminal enterprises.

Romance scams have become the most common type of fraud in 2025 and have swindled would-be lovers out of over $1.3 billion in the United States alone. Just last year, the world heard the cautionary tale of a 53-year-old French woman who lost $850,000 to a convincing AI deepfake of Brad Pitt.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The scammers had wooed her for over 8 months with realistic (yet fake) images, voice calls, videos and even multiple social media accounts. Similarly, a 67-year-old from San Diego was tricked out of her life savings when an AI impostor gang posed as Keanu Reeves, also raising awareness about romance scams impacting the elderly. The worst side of both stories is that the fraudsters haven’t been caught, and the victims’ financial institutions did little to help them recover their funds.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

AI-powered romance scams have become far more sophisticated than "traditional" scams. Criminals use a variety of AI tools together with advanced tactics to create deeply personalized and remarkably realistic digital identities. Unlike traditional scams relying on generic scripts, these AI-powered approaches can generate nuanced, contextually appropriate conversations that adapt in real time to victims' emotional state and personal background. In short, romance scams have become so dangerous because they use multiple advanced methods.

AI-driven romance conversations are increasingly challenging for both victims and traditional anti-fraud mechanisms to detect. Spotting and preventing these scams can be tricky, but privacy experts recommend some tried-and-true ways.

BEST VALENTINE’S DAY GIFTS 2025

Spotting and preventing these sophisticated AI-driven scams can be tricky, but staying informed can help you avoid becoming a victim. By being vigilant, verifying identities and recognizing red flags, you can navigate online dating safely while protecting your finances and personal information. Here are some things to look out for:

STOP THESE V-DAY SCAMS BEFORE THEY BREAK YOUR HEART AND YOUR BANK ACCOUNT

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Your personal information is a scammer’s best tool. This includes your phone number, email and other contact details that allow them to reach you, as well as information like the celebrities you follow, your family members and even the type of content you engage with online to tailor the perfect attack. As scams become more sophisticated and reliant on loads of data, it’s more important than ever to take proactive measures to safeguard your personal information.

1. Vigilance in online dating: In the digital world, not everyone is who they claim to be. Be wary of potential romantic interests who ask for money or gifts or those who want to move the relationship along too quickly. Keep your personal and financial information private and never share it with someone you haven't met in person.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Verify the identity: Request additional information or proof to verify their identity, such as video chatting or meeting in person if possible. Exercise caution before getting emotionally invested in someone you haven't met in real life.

3. Research and verify: Conduct an online search using the person's name, email address or phone number to see if any suspicious or fraudulent activities are associated with them. Reverse image search their profile pictures to check if they are stolen from elsewhere on the internet. You can also reverse-search their phone number for free by following the instructions found here.

4. Privacy settings: Keep your social media profiles private so only those you trust can see what’s going on in your life.

5. Limit sharing: Adjust the privacy settings on all of your online accounts and apps to limit data collection and sharing.

6. Use reputable dating platforms: Stick to well-known and reputable dating websites or apps with security measures to help protect their users from scams. These platforms often have guidelines for safe online dating and report suspicious users.

7. Invest in personal information removal services: I highly recommend you remove your personal information that can be found on various people search sites across the web. If you give someone your email address or phone number, they could potentially reverse-search your information and get your home address. Check out my top picks for data removal services here.

AI-powered romance scams have become a serious threat, exploiting our deepest emotions for financial gain. As you navigate the digital dating landscape, it's crucial to stay vigilant and protect yourself from these sophisticated schemes. Remember, if something seems too good to be true, it probably is. Trust your instincts, take things slow and always prioritize your safety and financial well-being.

How has the rise of AI-powered romance scams changed your approach to online dating or your views on digital relationships? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If something is free, you’re the product being sold. This is especially true for most online services we use. For example, Google’s primary source of revenue is ads. They make money by collecting data about you and me and selling targeted advertising to companies, which then show us products relevant to our interests.

You might have noticed that the moment you search for a product on Google, you start seeing ads for it on Facebook. The same applies to apps like Instagram, Threads and LinkedIn. In fact, research shows that the apps collecting the most data about you are also among the most widely used. 

Let’s look at the top 20 of them and explore how you can take control of your personal information.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Apps collect all sorts of data about you, but let’s get one thing straight. Not all data collection is bad. Some apps genuinely need access to certain information to function properly. For example, Uber stores your location data to help you find a ride faster, while WhatsApp requires access to your contacts so you can send messages.

The real issue is data collection that serves no purpose other than showing you ads or selling your information to third parties. According to Marin Marinčić, head of IT Infrastructure at Nsoft, the top 20 most invasive apps collect data that is not necessary for their core functions.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Leading the list is Meta with all four of its major apps. Facebook, Messenger, Instagram and Threads share 68% of collected data with third parties while also using it for targeted ads. LinkedIn follows, sharing around 37% of user data, with Amazon in third place, followed by YouTube.

What makes this concerning is how deeply embedded these apps are in our daily lives, making it nearly impossible to find alternatives or avoid data collection altogether.

The list also includes Elon Musk’s X at No. 5, followed by Uber Eats, PayPal, Uber, Google and Amazon Prime Video. TikTok, despite ongoing scrutiny over its data policies, ranks 14th. While many of these names were expected, one surprising entry is the mobile game Candy Crush, which uses 28% of collected data for ads. You can find the full list in the image below.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Avoiding data collection is nearly impossible if you use the apps above. The only way to dodge these invasive apps is to switch to apps that respect your privacy. While it may seem impossible to replace some of the biggest platforms, there are alternatives that collect little to no unnecessary data.

Switching to these alternatives may require some effort, but it is the best way to limit how much of your personal data is being collected. Taking control of your privacy starts with making conscious choices about the apps you use.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO GET RID OF ROBOCALLS WITH APPS AND DATA REMOVAL SERVICES

If you’re not able to delete the apps listed above, follow the simple steps below to minimize how much information is being collected and shared.

1. Review app permissions: Most apps request access to data they do not actually need. Go to your phone settings and check app permissions on your iPhone and Android. Disable access to location, microphone, contacts and other sensitive data unless absolutely necessary.

2. Turn off ad personalization: Many companies track your online activity to show targeted ads. You can limit this by disabling ad personalization in Google, Facebook, and other accounts. This reduces the amount of data collected about your interests and behavior.

3. Limit social media tracking: Social media platforms track your activity even when you are not using them. Adjust privacy settings to restrict data collection.

4. Avoid signing in with Google or Facebook: Many websites offer login options using Google or Facebook. While convenient, this shares even more data with these platforms. Instead, create separate accounts using email whenever possible.

5. Use a Virtual Private Network (VPN) and private browsing mode: A VPN hides your IP address, helping to obscure your location and online activity, making it harder for websites to track you. Combined with private browsing or incognito mode, this reduces the amount of data companies can collect about your online activity. Using a VPN service can also enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. 

While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices

6. Regular app cleanup: Uninstall apps you no longer use to reduce passive data collection.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Protect your personal information across the popular platforms mentioned above with these essential privacy adjustments.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The best way to reduce companies from collecting your data is to remove invasive apps from your phone. Many apps request unnecessary permissions that can track your activity, so deleting them limits exposure. Instead of downloading standalone apps, try using the browser versions of popular social media platforms, as they typically have fewer permissions. 

However, web tracking still exists through cookies and fingerprinting, so using a privacy-focused browser like Brave, Firefox with enhanced tracking protection, or Safari with Intelligent Tracking Prevention (ITP) can further reduce data collection. However, some apps are so deeply integrated that replacing them is difficult. For example, if you use an Android phone, avoiding Google’s ecosystem is nearly impossible. Apple, on the other hand, offers more privacy controls, giving users better options to limit data collection.

Do you check app permissions before installing? How do you decide which permissions are acceptable? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

Those of us old enough to remember traveling before the age of smartphones and mobile internet know we have it pretty good these days. You can find the best flights using comparison sites, choose among hundreds of hotels on a single booking site, get tickets sent to your phone rather than picking them up in person, check in online, order a ride and you’re off. 

All this, of course, comes with downsides and trade-offs. 

Most people’s biggest concerns are "getting hacked," which, when you get down to it, really means "being robbed in ways I don’t quite understand." But that’s one of those risks that, although very real, is unlikely to happen if you take the usual precautions. 

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

In a time when personal information is said to be worth more than oil, bad actors are often interested in getting their hands on your personal data as much as your money. And a "bad actor" need not be some guy with his hood up, hunched over a laptop in the back of a coffee shop. 

In 2024, for example, ClassAction.org reported on suspicions of major cruise lines illegally sharing consumers’ data with Facebook. Cruise lines RoyalCaribbean.com, CelebrityCruises.com, Princess.com and HollandAmerica.com are suspected of collecting personal information through the sneaky "Meta tracking pixel" and sending it to Facebook without users’ consent. 

Booking.com, a site most of us have used at one time or another, has also had its fair share of problems. The website has been battling waves of hacking attacks aimed at defrauding its customers; it’s faced accusations of not doing enough to protect its customers and has even been fined for failing to disclose a data breach on time. 

Data gathered from these kinds of incidents often ends up circulating online, being added to what was already out there before, just waiting for someone or some company to make use of it.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

THE BEST TRAVEL GEAR FOR 2025

Avoiding cruise lines and booking sites altogether is hardly a practical solution when you need to book a cruise or accommodation. Here are some things you can do to dramatically reduce the risk when booking flights, cruises, vehicles and accommodation.

1. Invest in personal data removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Use personal security caution: Don't sign in to anything using your social media accounts. Sign in with your email instead and be sure to use an email address you've set aside just for these kinds of situations.

3. Do your homework online: Do an online search for the booking website, cruise line or travel agency in question, keeping an eye out for any recent reports of scams or other issues.

4. Check company reputation carefully: Check ClassAction.org, the Better Business Bureau and Trustpilot specifically. This will help you gain comprehensive insights into a company's track record, customer experiences and potential issues.

5. Verify communication legitimacy: Whenever you receive a call, email or text message from a booking service, confirm that it's really them by first checking your account directly and then contacting the company through official, publicly listed channels (not social media).

BEST TRAVEL ADAPTERS OF 2025

Here are some of the "usual precautions" that can protect you from "getting hacked" while traveling.

1. Update all your apps and operating systems before heading off: All those security patches are that much more important while you're traveling. You'll want to download and install all pending updates at least 24-48 hours before your departure, ensuring you have the latest security protections and giving yourself time to troubleshoot any potential update-related issues that might arise. 

2. Lock everything down: Use strong, unique passwords and a reliable password manager to keep track of them.

3. Turn on two-factor authentication where available: Prioritize using authenticator apps over SMS-based codes. This provides a more secure second layer of verification, as authenticator apps are less vulnerable to SIM swapping attacks and interception compared to text message-based authentication. Choose reputable authenticator apps, which generate time-based one-time passwords that change frequently and are tied directly to your device.

4. Keep location services turned off: NFC, Bluetooth and Wi-Fi should also be turned off while you’re not using them. That’ll make your battery last longer as a side benefit.

5. Go dark: Don’t publicly share news of your trip until you’re back. Avoid posting about your vacation on social media or keeping a blog about your adventures, as this information can be used by criminals to piece together a snapshot of your life.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

6. Limit social media use: Scammers and hackers often exploit social media to gather personal information and target travelers. To stay secure, avoid sharing trip details publicly and use a privacy-focused messaging app like Signal to stay in touch with family and friends.

7. Use privacy-focused browsers: You should consider using browsers like Brave or Firefox with privacy extensions. Enabling "do not track" settings and utilizing private/incognito mode can provide an extra layer of digital protection.

8. Disable automatic Wi-Fi and Bluetooth connections: Disable settings that automatically connect to networks and manually select and verify networks before connecting. This prevents your device from inadvertently joining potentially unsecured networks.

9. Use encrypted messaging and email: Protect your private communications by using services that offer end-to-end encryption for both messaging and email. These platforms ensure your data remains secure from unauthorized access, with features like encryption for non-users, multifactor authentication and tracking protection. See my review of the best secure and private email services here.

10. Travel with minimal digital gear: Consider bringing a "travel-only" phone or laptop with minimal personal data.

11. Be cautious of public charging stations: Avoid using public USB charging ports that could potentially compromise your device. Instead, carry a portable phone charger with you.

12. Monitor your accounts: Set up transaction alerts on financial accounts and use credit cards with strong fraud protection. Regularly check your accounts while traveling to quickly detect any suspicious activity.

13. Bring your own internet access with you: Find a local or international SIM, a mobile hot spot and a trusted VPN (virtual private network) service for those times you can’t help but use public Wi-Fi. Using a VPN can enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

5 WAYS TO SECURELY ACCESS WI-FI ON YOUR PHONE WHILE TRAVELING

There’s plenty of good advice out there when it comes to avoiding public Wi-Fi and protecting your documents while traveling. To really stay safe, though, it’s important to start thinking about your data privacy and data security before even booking your trip. It doesn’t take much when all is said and done, but it could make a huge difference to how you remember your trip for years to come.

When was the last time technology made your travel more stressful instead of easier? What happened? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Generally, iPhones are considered more secure than Android devices. 

Apple’s closed ecosystem and strict App Store policies limit the risk of malware, and its centralized software updates ensure better security. In contrast, Android’s openness allows users to install apps from various sources, and updates are often rolled out at different times, making it more vulnerable to attacks. 

However, iPhones aren’t immune to security flaws. Hackers occasionally find ways to exploit them, as seen in Apple’s latest advisory. The company recently discovered that a vulnerability in iOS had been exploited for over a year. While a fix has now been released, reports suggest that hackers may have already targeted high-value individuals.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Apple has uncovered hackers exploiting a vulnerability in iOS that appears to have been lingering for more than a year. The vulnerability is a "zero-day" flaw, meaning criminals may have already exploited it, according to the latest security advisory from the company. Zero-day flaws like this are especially dangerous because they are exploited before developers can issue fixes. Apple confirmed this marks its first zero-day patch of 2025. The vulnerability affects iPhones dating back to 2018’s XS model, as well as newer iPads, Macs, and even the Vision Pro headset.

The vulnerability, tracked as CVE-2025-24085, resides in Apple’s Core Media framework, a software layer responsible for processing multimedia files. A "use after free" memory corruption error enabled hackers to manipulate the system into executing unstable code, granting them elevated privileges to bypass security protocols. Apple’s advisory suggests hackers weaponized the flaw through malicious apps disguised as legitimate media players. These apps likely abused the Core Media framework by triggering corrupted files, enabling attackers to infiltrate devices.

The attacks reportedly targeted iOS versions predating 17.2, released in December 2023, meaning the vulnerability may have been active since late 2022. Security experts speculate that hackers focused on high-value individuals — such as activists, executives or journalists — to avoid detection. The prolonged stealth of the campaign underscores the challenges of identifying sophisticated, narrowly tailored exploits.

This underscores the critical need for you to update your devices to iOS 17.2 or later, as these versions include essential fixes to safeguard against this actively exploited vulnerability.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

In response, Apple has released fixes across its ecosystem, including iOS 18.3, macOS Sequoia, watchOS, tvOS and VisionOS. You should update your devices as soon as possible to stay protected. To install the update on your iPhone or iPad:

Pro Tip: I recommend you click Update Now and also turn on Automatic Updates to stay covered in the future.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

While Apple has patched this issue, it’s a reminder that staying on top of updates is key. Hackers are always looking for security gaps, so keeping your software up to date is one of the best ways to stay safe.

SCAMMERS FOUND A SNEAKY WAY TO BYPASS YOUR IPHONE'S SAFETY FEATURES

Protecting your iPhone requires proactive security measures. By following these seven essential steps, you can significantly reduce the risk of cyber threats and keep your personal information secure.

1. Keep your iPhone updated: I can’t say this enough. Updating your iPhone regularly is one of the most effective ways to protect it from security threats. Apple frequently releases updates that fix vulnerabilities, including critical zero-day flaws. 

2. Download apps only from the App Store: To minimize the risk of installing malware, only download apps from the official App Store. Apple’s strict app review process helps prevent malicious apps from being published, but some threats can still slip through. Always verify app details, check reviews and be cautious about app permissions before installation.

3. Enable lockdown mode for extra protection: For those of you who may be at higher risk, such as journalists or executives, Lockdown Mode provides an additional layer of security. This feature limits certain device functionalities to prevent sophisticated cyberattacks. It can be turned on via Settings > Privacy & Security > Lockdown Mode and is especially useful for those concerned about targeted threats.

4. Enable message filtering: Use your device's built-in filtering options to sort messages from unknown senders. This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently. Here are steps:

GET FOX BUSINESS ON THE GO BY CLICKING HERE

5. Stay cautious of phishing attacks and install strong antivirus software: Phishing remains one of the most common tactics used by hackers. Be cautious when receiving unsolicited messages or emails on your iPhone, especially those with suspicious links or attachments. Always verify the sender before opening anything. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Review your security and privacy settings: Regularly reviewing your iPhone’s security settings can help you maintain strong protection. You should also review app permissions in Settings > Privacy & Security to restrict access to sensitive data, such as location or contacts. Enable Face ID or Touch ID for secure access and turn on two-factor authentication (2FA) for Apple ID and other accounts. 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

7. Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you deceptive phishing texts and emails in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

This iOS vulnerability is a serious reminder of the importance of staying up to date with software updates. If you’re using an iPhone from 2018 or later, make sure you’ve updated to iOS 17.2 or later as soon as possible. Hackers exploited a hidden flaw for over a year, using fake media apps to gain access to devices. While Apple has now patched the issue, the fact that it remained undetected for so long is concerning. 

Do you think companies like Apple are doing enough to protect you from cyber threats?  Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Almost everything you do online asks for your email. If you have been using the same one for a while, chances are hundreds or even thousands of services have it. They send promotional messages, social media alerts, newsletters and more, turning your inbox into complete chaos. You can tame this madness using an email alias.

An email alias helps declutter your inbox by organizing emails based on their purpose. For example, you can create specific aliases for shopping, newsletters or work and set up filters to sort these messages into separate folders automatically. 

Aliases also help manage spam. If an alias starts receiving too many unwanted messages, you can disable it without affecting your main email.

Let’s dive into how to create an email alias on different platforms, including Gmail, Outlook and iCloud. 

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Gmail doesn’t allow you to create a completely separate alias, but it offers workarounds using "+ addressing" or by adding dots to your existing email address. However, these methods don’t prevent an unscrupulous sender from seeing your primary address, so exercise caution when using them with untrusted correspondents. Follow the steps below to get started.

Use your existing Gmail address and add a "+" followed by any keyword before "@gmail.com."

Example: If your email is yourname@gmail.com, you can use:

No additional setup is needed, just start using this alias when signing up for services or sharing your email.

Gmail ignores dots (.) in email addresses, so you can create variations of your email:

Example: If your email is yourname@gmail.com, you can use:

All variations will deliver emails to your main inbox automatically.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Outlook.com allows you to create additional email addresses (aliases) that are linked to your primary account. Emails sent to an alias will arrive in your primary inbox, and you can send messages using the alias as well.

If your primary email is johnsmith@outlook.com, you can create an alias like john.smith123@outlook.com. Emails sent to john.smith123@outlook.com will still go to johnsmith@outlook.com, but you can choose to send emails using either address.

Steps to create an alias:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Once added, you can send emails using your alias by selecting it in the From field when composing a new message.

Important limitations to note:

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Apple allows you to create up to three email aliases through iCloud. These aliases can be used for specific purposes, helping you manage your inbox effectively. Here’s how to create one:

It's important to note that you can still create up to three email aliases through iCloud. Remember that while these aliases provide some flexibility, they do not create separate Apple IDs or completely hide your primary iCloud email address.

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

While many email providers offer basic alias functionality, most have significant limitations. Gmail's "+" addressing and dot tricks, Outlook's linked aliases and Apple's iCloud aliases all provide some flexibility, but they often fall short of true privacy protection.

For those of you seeking comprehensive email privacy and robust alias management, my No. 1 pick for private and secure email platforms contains no ads, no tracking and powerful privacy features like password-protected email and unlimited disposable email addresses. See my review of the best secure and private email services here.

Protecting your inbox from scammers requires a combination of smart practices and proactive tools. Using email aliases is an effective first step. By creating specific aliases for different activities, such as shopping, subscriptions or work, you can track where spam is coming from and deactivate problematic aliases as needed. Below are some other steps to take.

1. Avoid sharing your primary email address publicly on forums, social media or other platforms to minimize exposure. Most email providers offer robust spam filters, so ensure they are enabled and customize them as needed

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Invest in personal data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

3. Enable two-factor authentication on all your email accounts to add an extra layer of security.

4. Be cautious of suspicious links and attachments. Never click on links or download attachments from unknown senders, as these could be phishing attempts.

5. Use strong antivirus software to protect against potential malware that might come through spam emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Regularly update your email password and make it strong and unique, avoiding common words or easily guessable combinations. Consider using a password manager to generate and store complex passwords.

These steps will provide a more comprehensive approach to protecting your inbox from scammers and reducing unwanted emails.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Taking charge of your inbox doesn’t have to be overwhelming. By implementing the tips and tools mentioned above, you’ll create a more secure, efficient and manageable email experience. Whether you’re battling spam or organizing your digital life, email aliases and secure services are great things to put into place.

Which email platform do you use most often, and how do you organize your messages there? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

UnitedHealth’s Change Healthcare unit suffered a data breach in February 2024, the news of which surfaced Feb. 21. 

Initially reported to have affected around 100 million individuals, the U.S. health insurance giant has now revealed that the actual number is significantly higher: 190 million. This makes it the largest breach of medical data in U.S. history, affecting nearly half the country’s population. 

A breach of this magnitude can have devastating consequences for the American people as malicious actors could exploit the data for a range of attacks if it finds its way to the dark web.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

UnitedHealth confirmed on Friday, Jan. 24, 2025, that the ransomware attack on its Change Healthcare unit affected approximately 190 million people in the United States. The company had previously estimated the number of affected individuals to be around 100 million in its preliminary analysis filed with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that investigates data breaches.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

UnitedHealth stated that the majority of those impacted have already been notified, either directly or through substitute notice. The final tally of affected individuals will be confirmed and submitted to the Office for Civil Rights at a later date.

The company tells CyberGuy it is "not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis." However, UnitedHealth did not disclose when it became aware of the additional 90 million victims, how the revised figure was determined or what changes led to the updated number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The cyberattack on Change Healthcare in February caused widespread disruptions across the U.S. healthcare sector, as the company took its systems offline to contain the breach. This shutdown impacted critical services such as claims processing, payments and data sharing, which many healthcare providers rely on.

The stolen data varied by individual but included a broad range of personal and sensitive information, such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport details.

Plus, hackers may have accessed health-related information, including diagnoses, medications, test results, imaging records, care and treatment plans, and health insurance details. Financial and banking information tied to claims and payment data was also reportedly compromised.

The breach was the result of a ransomware attack carried out by ALPHV/BlackCat, a Russian-speaking ransomware and extortion group. The attack, a form of malware intrusion, locks victims out of their data unless a ransom is paid. ALPHV/BlackCat later took credit for the attack.

During a House hearing in April, Change Healthcare admitted that the breach was made possible due to inadequate security measures, specifically the absence of two-factor authentication to protect its systems.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity and immediately report any issues to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

It’s surprising that a company of UnitedHealth’s scale failed to implement even basic cybersecurity measures when handling customer data. A breach affecting 190 million people – nearly half of the U.S. population – is staggering, leaving almost anyone at risk of becoming a target for hackers. While the company is still assessing the full extent of the breach, you can take precautions now by being cautious with any unknown links or unsolicited calls. Bad actors may use a variety of tactics to cause harm.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. 

Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google's platforms to steal sensitive information. 

This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Hackers leverage the trust in Google's services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

"We recommend users enable the 'Only If The Sender Is Known' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."

ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS

Google has introduced the "known senders" feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here's how to enable it:

This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE

To further protect yourself from phishing scams, follow these steps.

Scrutinize unexpected invites carefully: Examine the sender's details, including their name, domain and email address, for any inconsistencies or signs of spoofing.

Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.

Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.

Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.

HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING

As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the "known senders" setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.

What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It's also reasonable for apps like Uber or DoorDash, which rely on location for their services. 

However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. 

A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans' smartphones.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

In a press release, Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using and selling data about the location and movements of Texans' cellphones. The data was gathered through secretly embedded software in mobile apps, such as Life360. "Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates," the press release stated.

The insurance provider allegedly collected trillions of miles' worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the "world’s largest driving behavior database." When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.

"Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software," said Paxton. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: "Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

1. Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to "simplify" claims, payments or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.

2. Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not.  Always choose "Deny" or "Allow only while using the app" unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.

3. Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.

5. Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing.  VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it — often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.

Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The unveiling of the Skyrider X1, which claims to be the "world’s first amphibious flying passenger motorcycle," has certainly stirred up excitement. 

This innovative vehicle promises to change how we think about personal mobility by combining land and air travel in one sleek design.

Developed by Rictor, a sub-brand of the Chinese company Kuickwheel, the Skyrider X1 marks a big progression from Rictor's previous product, the K1 e-bike. Transitioning from an electric bicycle to a flying motorcycle is no small feat, and it shows Rictor's ambition to push the boundaries of eco-friendly and energy-efficient transportation.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

The Skyrider X1 features amphibious functionality, allowing it to operate on both land and water, although some skeptics are curious about how well it will perform in real-world conditions. This vehicle can reach speeds of up to 62 mph (100 km/h) and offers flight times of around 25 minutes for the base model with a 10.5-kWh battery. The premium version, equipped with a 21-kWh battery, boasts up to 40 minutes of flight time.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Made from lightweight carbon fiber composites and aviation-grade aluminum, the Skyrider X1 balances durability with flight capability. It also incorporates smart technology that includes automatic route planning to determine optimal flight paths based on your destination and real-time adaptability that adjusts altitude, speed and direction according to weather conditions.

CHINESE AUTO GIANT WANTS TO MAKE FLYING CARS YOUR NEXT COMMUTE OPTION

Safety is a top priority for Rictor in the design of the Skyrider X1. The vehicle includes triple-redundant flight control systems that ensure safe operation even if an engine fails. Additionally, it features an integrated emergency parachute for added peace of mind.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

AN ELECTRIC AIRCRAFT THE MILITARY HAS ITS EYES ON CAN TAKE OFF WITH ONLY 150 FEET OF RUNWAY

With an expected price tag of around $60,000, the Skyrider X1 aims to make personal air travel more accessible compared to other eVTOL options. By blending performance with affordability, Rictor hopes to bring flying within reach for more people.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

As cities grow and traffic congestion worsens, innovative solutions like the Skyrider X1 could become essential. This vehicle not only aims to ease urban travel but also promotes sustainable options in personal transportation. With advancements in battery technology and autonomous systems, eVTOL vehicles may soon transform how we navigate our environments.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The Skyrider X1 is a glimpse into a future where flying could actually be part of our everyday lives. Imagine zipping through the skies instead of sitting in traffic. It sounds pretty cool, right? However, there are still some big questions to tackle about how this will all work in practice. We need to think about safety and whether it can really handle the demands of real-world travel. So, while the idea of flying motorcycles is exciting, we’ll have to wait and see how they fit into real-world scenarios.

So, what do you think? Would you be ready to hop on a flying motorcycle like the Skyrider X1? Let us know what you think by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The White House has unveiled a groundbreaking initiative to enhance the security of internet-connected devices in American homes. 

The U.S. Cyber Trust Mark, a new cybersecurity safety label, is set to appear on smart products sold in the United States later this year. 

This program aims to help you make informed decisions about the safety of the smart devices you bring into your home.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

The U.S. Cyber Trust Mark is a label designed for consumer smart devices, including home security cameras, TVs, internet-connected appliances, fitness trackers, climate control systems and baby monitors. This mark signals that a device meets a set of security features approved by the National Institute of Standards and Technology (NIST).

Vendors can label their products with the Cyber Trust Mark logo if they meet NIST's cybersecurity criteria. These criteria include:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Consumers will be able to scan a QR code next to the Cyber Trust Mark label to access additional security information. This information includes:

ARE DATA BROKERS ENDANGERING YOUR RETIREMENT SECURITY?

There is a growing concern about cybercriminals remotely hacking into home security systems and malicious actors tapping into insecure home cameras. With the average U.S. household having 21 connected devices, according to a Deloitte study, the threat of cyberattacks is increasingly significant.

BEWARE OF THESE DOORBELL CAMERAS THAT COULD BE COMPROMISED BY CYBERCRIMINALS

The program is set to launch in 2025. Companies will soon be able to submit their products for testing to earn the label, and major retailers like Best Buy and Amazon have committed to highlighting labeled products. The program has garnered support from major electronics, appliance and consumer product makers, including Amazon, Google, Best Buy, LG Electronics U.S.A., Logitech and Samsung Electronics.

While the U.S. Cyber Trust Mark aims to cover a wide range of smart home gadgets, not everything in your tech arsenal will be sporting this new seal of approval. Here's a rundown of what's left out:

GET FOX BUSINESS ON THE GO BY CLICKING HERE

And here's a surprise: Your trusty personal computer, smartphone and router won't be getting the Cyber Trust Mark either, at least not yet. The program is kicking off with wireless consumer IoT products, but who knows? It might grow to include more devices down the road. For now, NIST is cooking up some cybersecurity rules for those consumer-grade routers we all rely on.

So, while you might not see the Cyber Trust Mark on everything in your tech toolkit, it's a solid start in making our connected homes a bit safer from digital ne'er-do-wells.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

HACKED CHROME EXTENSIONS PUT 2.6 MILLION USERS AT RISK OF DATA LEAK

The U.S. Cyber Trust Mark is a game-changer for you and me as consumers in our hyper-connected world. Let's face it: Understanding device security can be a headache. But this program cuts through the tech jargon, giving us clear, easy-to-grasp info about the gadgets we're considering bringing into our homes.

How do you think the U.S. Cyber Trust Mark will impact your future purchasing decisions for smart home devices? Will you actively look for this label when shopping for new gadgets? Let us know what you think by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

These days, our phones are constantly buzzing with notifications, and it's becoming increasingly difficult to distinguish between legitimate messages and potential scams. Bill from Mesa, Arizona, recently shared an experience that highlights this growing concern:

"Twice in the last week I've received texts supposedly sent elsewhere. The last one asked if I was 'available tomorrow evening.' I did not recognize the number but am active in an old people park so receive many calls and texts from unfamiliar numbers. I texted back that my wife thought we were available. A few minutes later, a text came asking if I was Mrs. Amy. I texted that I wasn't Mrs. Amy and had never been, but it was a problem. 

"A return text came thanking me for being so polite and the texter's appreciation for polite people and if I were ever in LA, I would be welcome to a backyard BBQ. Looking back, there were a couple more texts ending with ‘I like to make friends with polite people.’ The first text which I deleted was in a very similar vein and format. Is this a scam and why, for what?"

Bill's experience is not unique. Many people receive similar messages that seem harmless at first glance but could potentially be part of a more sinister scheme. Let's dive into the world of text message scams and learn how to protect ourselves.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Text message scams, also known as "smishing," a combination of SMS and phishing, have become increasingly sophisticated. Scammers use various tactics to engage potential victims and gain their trust. Here are some common elements:

Unfamiliar numbers: The message comes from a number you don't recognize. For instance, you receive a text from +1-555-123-4567, a number not in your contacts.

Unsolicited contact: The text arrives unexpectedly, often with a friendly or urgent tone. Example: "Hey! Long time no see. How have you been?"

Personal touch: The scammer might use your name or reference a common activity to seem legitimate. Example: "Hi Sarah, it's Mike from the book club. Are you coming to the meeting next week?"

Too good to be true: Offers of prizes, invitations, or other enticing propositions are common. Example: "Congratulations! You've won a $500 gift card. Click here to claim your prize!"

Requests for information: The scammer may ask for personal details, either directly or indirectly. Example: "This is your bank. We need to verify your account. Please reply with your account number and PIN."

Remember, these are all examples of potential scams. Always be cautious when receiving unexpected messages, especially those asking for personal information or containing suspicious links.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

In Bill's case, the scammer employed a "long-play" strategy. By engaging in friendly conversation and offering invitations, the scammer aims to build trust over time. The end goal could be:

Phishing for information: Gradually collecting personal details that can be used for identity theft.

Malware distribution: Eventually sending a link that, when clicked, installs malicious software on your device.

Financial scams: Building trust to eventually request money or financial information.

HOW TO EASILY ACTIVATE AUTO-REPLY FOR TEXT MESSAGES ON IPHONE AND ANDROID

To protect yourself from text message scams, follow these steps:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

SECRET TRICK TO SEND A TEXT MESSAGE AGAIN WITH IOS 18'S NEW "SEND LATER" FEATURE

If you believe you've received a scam text, here are six steps to follow:

1. Don't respond: Avoid engaging with the scammer to prevent further attempts.

2. Block the number: Use your phone's built-in blocking features to prevent further contact.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Report the message: Forward the suspicious text to 7726 (SPAM). Also, report it directly to the FTC at ReportFraud.ftc.gov.

4. Keep your information safe: Never click on links or provide personal information in response to unsolicited texts.

5. Have strong antivirus software: Install and run strong antivirus apps on your phone to scan for malware and ensure your device is secure. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Invest in personal data removal services: Consider using a data removal service to eliminate your personal information from data broker sites. These services can help reduce spam, decrease the risk of identity theft and clean up your online presence by automating the removal of your data from hundreds of data broker sites.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

While it's natural to want to be polite, as Bill was, remember that your safety and personal information are paramount. Trust your instincts, verify unfamiliar contacts and never hesitate to ignore or block suspicious messages. Remember, a true friend won't mind if you take extra steps to verify their identity, and a legitimate organization will have official channels for communication.

How have you or someone you know been affected by text message scams, and what steps did you take to protect yourself? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter 

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

The job market hasn’t been great in the last few years, especially in tech, leaving a lot of people actively looking for jobs. 

Scammers are taking advantage of this. They have come up with a new trick where they pretend to be recruiters to spread crypto miners on people’s devices. 

It starts with an email inviting the person to schedule an interview for a job. But when they click the link, it installs a malicious app that secretly mines cryptocurrency. This app hijacks your PC’s resources, like the CPU and GPU, which slows down its performance significantly.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

This malicious campaign begins with an email that tricks victims into thinking it is part of a recruitment process, as reported by Dark Reading. In most cases, these emails are pretending to be from recruiters at the cybersecurity company CrowdStrike.

The fraudulent email contains a link claiming to take the recipient to a site where they can schedule an interview. However, in reality, it redirects the victim to a malicious website that offers a download for a supposed "CRM application."

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The site provides download options for both Windows and macOS. Regardless of which option the victim selects, the download will be a Windows executable written in Rust. This executable then downloads the XMRig cryptominer.

The executable performs several environmental checks to analyze the device and avoid detection. It scans running processes, checks the CPU and more. If the device passes these checks, the executable will display a fake error message while secretly downloading additional payloads needed to run the XMRig miner.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

A cryptomining app can significantly impact your PC’s performance. Once installed, it hijacks your computer's resources, including the CPU and GPU, to secretly mine cryptocurrency. This process requires a lot of computational power, which can cause your system to slow down drastically. You might notice your computer becoming unresponsive, running hotter than usual, or consuming more power. 

In some cases, prolonged use of cryptominers can also lead to hardware damage due to the increased strain on your components. Additionally, these miners often run in the background without your knowledge, making it harder to detect the issue until the damage is already done.

CrowdStrike is aware of the scam and advises individuals to stay vigilant. "This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files," the company said in a blog post. 

"Organizations can reduce the risk of such attacks by educating employees on phishing tactics, monitoring for suspicious network traffic and employing endpoint protection solutions to detect and block malicious activity."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

1. Check if you applied for the job: If you receive an unsolicited interview invitation, think back to whether you actually applied for that job or company. Scammers often target jobseekers randomly, hoping someone takes the bait. If you didn't apply, it's likely a scam. Always confirm directly with the company before proceeding.

2. Verify recruiter credentials: Always double-check the recruiter’s details before responding to an email or clicking any links. Verify their email address, LinkedIn profile and company association. Legitimate companies will use official email domains, not free services like Gmail or Yahoo.

3. Avoid downloading unsolicited files: Be cautious of emails asking you to download any files or applications. Legitimate recruitment processes rarely require you to install software. If unsure, contact the company directly to confirm the request.

4. Inspect links before clicking: Hover over any links in the email to see their actual URL. Scammers often use URLs that mimic legitimate sites but have subtle differences. If a link looks suspicious, avoid clicking on it.

5. Use strong antivirus software: Use strong antivirus or endpoint protection software to detect and block malicious downloads. Regularly update your security tools to ensure they can handle new threats effectively.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Cybercriminals always manage to come up with new ways to exploit people. While this particular scam is more focused on using your computer’s resources than stealing data, it is still very dangerous. It shows that if a hacker can easily install software on your PC, they can also go ahead and steal your financial information and other personal data. Always verify the emails you receive, and try not to download anything you don’t trust.

Have you ever received a suspicious email that looked like a job offer? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Let's talk about something that's been popping up in inboxes lately — those sneaky "Your Apple ID has been disabled" emails. 

Like many people who've reached out to us, you might have gotten one that looks pretty legit, saying something like, "Your Apple ID has been temporarily disabled. Verify your Apple ID Information." 

Spoiler alert: It's most likely a scam, and we're going to break down why.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

So, here's how these tricksters operate. You get an email that looks totally legit with an Apple logo and creates a sense of urgency, claiming your Apple ID is in trouble. They'll say something like, "If you do not verify your account within 48 hours, it will be permanently locked." Yikes, right? That's exactly what they want you to think. So, you'll "Click the button below to verify as soon as possible." They want you to click where it says, "Go to Apple ID."

Once you do that, you're directed to a fake Apple website designed to look almost identical to the real one. This fraudulent site prompts you to enter your username, password and other sensitive information, which the scammers can then use to access your Apple account and potentially steal your personal data or make unauthorized purchases.

NEW CYBERATTACK TARGETS IPHONE AND APPLE IDS: HERE’S HOW TO STAY SAFE

Urgent language: They're trying to scare you into acting without thinking. Classic scammer move.

Vague claims: "Missing or invalid information"? That's purposely unclear to make you doubt yourself.

Threats of lockout: Nothing like a good threat to get your heart racing, huh?

Terms of service talk: They throw this in to sound official, but it's just smoke and mirrors.

Grammar goofs: Real Apple emails are polished. Scammers? Not so much.

Fishy sender address: Always check if it's actually from @apple.com (spoiler: it's probably not). Any legitimate email from Apple will come from a domain ending in "@email.apple.com. As you can see from the scam email below, it's from a fake email: mfrasier@wavecable.com, not Apple.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

HOW TO SECURELY LOCK YOUR IPHONE AND IPAD FROM PRYING EYES

You might wonder, "Why are these scammers so obsessed with Apple IDs?" Well, there are a few reasons:

 5 THINGS TO DO FIRST IF YOU GOT A NEW MAC

To keep scammers at bay and secure your Apple ID, follow these comprehensive steps:

1. Enable Two-Factor Authentication (2FA): This crucial security feature adds an extra layer of protection to your Apple ID. Set it up by going to Settings > [your name] > Sign-In & Security on your iPhone or iPad, or Apple menu> System Settings > [your name] > Sign-In & Security on your Mac.

2. Use strong passcodes: Opt for alphanumeric passcodes instead of simple PINs. When in public, use biometrics (Face ID or Touch ID) and be cautious when entering your passcode.

3. Enable Stolen Device Protection: If you're using iOS 17.3 or later, turn on this feature for additional security against theft.

4. Keep software updated: Regularly update your operating system and apps to ensure you have the latest security patches.

5. Don’t click on suspicious links, use strong antivirus software: If the email asks you to click a link, don’t do it right away. Hover over the link to see the actual URL. If it doesn’t look like an official Apple website (or any site you trust), don’t click it.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

6. Use a password manager: Generate and store strong, unique passwords for all your accounts by using a password manager.

7. Enable Find My: Turn on Find My iPhone to help locate your device if it's lost or stolen.

8. Use a personal data removal service: Consider using a service that finds and removes your personal information from data broker sites. These services can help reduce your digital footprint, making it harder for scammers to obtain your data to target you in the first place. Look for a service that offers automated removals from hundreds of data aggregators and provides detailed verification of removals.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

9. Don’t click on suspicious links: If the email asks you to click a link, don’t do it right away. Hover over the link to see the actual URL. If it doesn’t look like an official Apple website (or any site you trust), don’t click it.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

TOP PHONE CHARGING CABLES THAT WILL SUPERCHARGE YOUR APPLE DEVICES

Apple will never email you asking for your password or threaten to lock your account. If there's a real issue, you'll usually get a notification on your trusted device or be asked to sign in to your Apple ID account page directly. Remember, Apple will never ask for your password via email, phone or text message. Always access your account through official Apple websites or apps.

These scammers are getting craftier, but with a bit of know-how and caution, you can keep your Apple ID (and all the good stuff connected to it) safe and sound. Remember, if something feels fishy, trust your gut. When in doubt, go straight to Apple's official website or give their support team a call. Keep your digital life secure, and don't let those scammers take a bite out of your Apple.

Have you ever fallen victim to a digital scam, and what steps did you take to protect yourself afterward? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If you suspect your PC has a virus, it's important to act quickly to remove it and protect your data. 

Keep reading to discover the key warning signs and the steps you can take to address the issue.

There are several red flags that could signal your computer may have a virus. One of the most common is if your computer starts running unusually slow. 

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Another warning sign is the appearance of unfamiliar apps or programs that you don’t remember installing. Additionally, if your usual programs start crashing frequently or behaving oddly, it’s a cause for concern. 

Finally, an overheating computer is a good reason to start investigating further.

WINDOW USERS ARE BEING TRICKED BY SNEAKY MALWARE SCHEME

Realizing you have a virus can be scary, but there’s no need to panic. Here’s what to do next.

1. Disconnect from the internet:

2. Enter safe mode:

3. Run a virus scan:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

4. Delete or quarantine infected files:

5. Clear temporary files:

6. Reset browser settings:

7. Check Startup Programs

8. Update your software:

9. Backup your data:

HOW TO REMOVE MALWARE ON A PC

Here’s how to be proactive about protecting your PC from viruses down the road. 

Use safe browsing practices: Avoid clicking on suspicious links or downloading files from untrusted sources.

Enable firewall: Make sure your firewall is enabled to block unauthorized access to your computer.

Download apps and software from trusted sites only: Check the number of downloads, as more suggests greater reliability. 

Use a secure VPN connection: Mask your IP address with a trusted VPN (virtual private network) service to secure your online activity. Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

By following these steps, you can effectively remove a virus from your PC and protect your data. Staying vigilant and practicing good cybersecurity habits will help safeguard your system from future threats.

What other PC issues would you like help with? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Texas Attorney General Ken Paxton is suing Allstate insurance company for allegedly illegally collecting, using and selling the driving behavior data of over 45 million Americans.

Paxton filed the suit in the District Court for Montgomery County, Texas, on Monday morning. In the suit, he accuses Allstate, and its subsidiary data analytics company "Arity," of secretly using driving data from over 45 million Americans’ mobile devices, in-car devices and vehicles to build the "world’s largest driving behavior database," consisting of "trillions of miles" worth of data.

"Our investigation revealed that Allstate and Arity paid millions of dollars to install Allstate’s tracking software," Paxton said in a Monday statement. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

Allstate is one of the largest auto, home and life insurance companies in the U.S. It is headquartered in Glenview, Illinois.

COURT ORDERS BIDEN ADMIN TO STOP SELLING BORDER WALL MATERIALS, WAS 'ILLEGALLY SUBVERTING' LAWS: TEXAS AG

The suit said that in 2015, Allstate and Arity developed and integrated software into several third-party apps so that when a consumer downloaded these apps onto their phone, they unwittingly downloaded the tracking software. Once Allstate’s software was downloaded onto a customer’s device, they could monitor the consumer’s location and movement in real time.

According to the suit, the company used the driving data to justify raising customers’ insurance rates and further profited by selling the data to third parties, including other insurance companies.

"Defendants [Allstate and Arity] never informed consumers about their extensive data collection, nor did Defendants obtain consumers’ consent to engage in such data collection," the suit said. "Finally, Defendants never informed consumers about the myriad of ways Defendants would analyze, use, and monetize their sensitive data."

TEXAS AG SUES NCAA OVER TRANS INCLUSION IN WOMEN'S SPORTS

Because tens of millions of Americans, including millions of Texans, were never informed about their driving data being gathered, Paxton argues that Allstate’s data-gathering scheme violates the Texas Data Privacy and Security Act, the Data Broker Law, and the Texas Insurance Code’s prohibition on unfair and deceptive acts and practices in the insurance business.

He is asking the court to permanently block Allstate from continuing to gather and use customers’ data and to impose thousands of dollars in civil penalties per customer.

According to Paxton, this suit is the first enforcement action ever filed by a state attorney general to enforce a comprehensive data privacy law. 

Fox News Digital reached out to Allstate but did not immediately receive a response.

Cybercriminals spare no industry, targeting sectors like health care, insurance, automotive and education. Health care has been a frequent target, with attacks like the Ascension breach last year and the CVR incident in late 2024. 

Now, education technology giant PowerSchool has become the latest target, with records of millions of students and teachers stolen.

While the exact number of affected individuals remains unknown, the scale of the breach is alarming.

PowerSchool serves 18,000 customers worldwide, including schools in the U.S. and Canada, managing grading, attendance and personal information for over 60 million K-12 students and teachers.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

PowerSchool revealed a cybersecurity breach to its customers Jan. 7, as reported by BleepingComputer. The company said it discovered the breach Dec. 28, after customer data from its PowerSchool SIS platform was stolen through the PowerSource support portal.

PowerSchool SIS is a student information system used for managing grades, attendance, enrollment and other student records. Hackers accessed the PowerSource portal using stolen credentials and used an "export data manager" tool to steal information.

The company said this wasn’t a ransomware attack or a result of software flaws, but rather a straightforward network break-in. The company has hired a third-party cybersecurity firm to investigate the breach, figure out what happened and determine who was affected.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF

The PowerSource portal includes a feature that allows PowerSchool engineers to access customer systems for support and troubleshooting. The attacker exploited this feature to export the PowerSchool SIS "students" and "teachers" database tables to a CSV file, which was then stolen.

PowerSchool confirmed the stolen data primarily includes contact details like names and addresses. However, for some districts, the data may also include sensitive information such as Social Security numbers, personally identifiable information, medical records and grades.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The company said customer support tickets, credentials and forum data were not accessed or stolen during the breach. PowerSchool also emphasized that not all SIS customers were affected and expects only a subset of customers will need to notify those affected.

"We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination," the developer told customers in a notice.

"We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts."

PowerSchool said affected adults will be offered free credit monitoring, while minors will receive subscriptions to an unspecified identity protection service.

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

The PowerSchool data breach has highlighted the importance of staying vigilant about your personal information. Here are five steps you can take to protect yourself:

1. Monitor your accounts regularly: Keep a close eye on your bank accounts, credit cards and any online services linked to your personal information. Watch for unauthorized transactions or changes to your accounts that could signal misuse of your data.

2. Freeze your credit: If your Social Security number or other sensitive details were compromised, consider placing a credit freeze with major credit bureaus like Equifax, Experian and TransUnion. This prevents potential identity thieves from opening new accounts in your name.

3. Use identity theft protection services: Take advantage of any identity protection services offered by PowerSchool as part of its breach response. These services can alert you to suspicious activity and provide support if your identity is stolen.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

One of the best parts of some identity protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

4. Enable two-factor authentication (2FA): Wherever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a text code or app-generated token, to access your accounts.

5. Be aware of phishing links and use strong antivirus software: Cybercriminals often use phishing scams to exploit data breaches. Avoid clicking on suspicious links in emails or text messages, especially those claiming to be from PowerSchool or your school district.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

You can blame hackers for this breach, but PowerSchool shares the responsibility for failing to adequately protect sensitive data. The company may also be in violation of data privacy agreements it signed with school districts, as well as federal and state laws designed to safeguard student privacy. What’s more concerning is that PowerSchool took nearly two weeks to notify its customers about the breach. Schools are now left scrambling to assess the full extent of the intrusion. This delay is not just irresponsible; it puts students, parents and teachers at heightened risk of cyberattacks and identity theft.

Do you think companies like PowerSchool should face stricter regulations for handling sensitive data? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

Fake apps are a big problem, and their clever social engineering tricks make them hard to catch. 

There are tons of these apps out there mimicking popular apps like PayPal and Spotify. Security researchers have found another fake app pretending to be the premium version of Telegram, a messaging app with over a billion downloads. Hackers are using this app to spread malware called FireScam. It can steal everything you type on your Android phone and other personal info. 

Since it tracks your keyboard, it also gets all your passwords, which could give hackers access to sensitive data.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

As reported by threat management company Cyfirma, FireScam is a type of malware that targets Android devices to steal personal information. It works like spyware, keeping an eye on what you do on your Android phone, such as reading your notifications, messages, clipboard content and more. 

Hackers are spreading FireScam by pretending it’s a premium version of Telegram. They’ve created a fake website on GitHub that looks like RuStore (a real app store in Russia). When people visit this fake site, they’re tricked into downloading an app that looks like "Telegram Premium." However, this app is actually a trap. Once installed, it downloads the FireScam malware onto your device and starts stealing your personal data.

To avoid detection, the app is heavily disguised using a tool called DexGuard. It asks for permissions to access your storage, check installed apps and install more software. When you open the app, it shows a fake login page that looks like Telegram’s. If you enter your details, it steals your credentials.

The stolen data is first stored in a Firebase Realtime Database, but hackers later move it to private servers. The malware also registers each compromised device with a unique ID so hackers can keep track of their victims.

ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY

According to Cyfirma’s analysis, the FireScam malware is highly effective at stealing nearly all types of data from an infected Android device. It categorizes and sends anything you type, drag and drop, copy to the clipboard or even data automatically filled by password managers or exchanged between apps directly to the hackers.

The malware also monitors device state changes, such as when the screen turns on or off, and tracks e-commerce transactions to capture financial details. Plus, it spies on messaging apps to steal conversations and monitors screen activity, uploading key events to its server for further exploitation.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

1. Download apps only from official stores: Always use trusted app stores like Google Play or the Apple App Store to download apps. These platforms have security measures to detect and remove fake or harmful apps. Avoid downloading apps from random websites, pop-up ads or unofficial third-party stores as these are common sources of fake apps.

2. Verify the app’s developer: Before installing an app, check who created it. Look at the developer's name and ensure it matches the official company behind the app. Fake apps often copy the names of popular apps but use slightly altered spellings or extra characters. For example, a fake might be called "PayPaal" instead of "PayPal."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Pay attention to reviews and ratings: Reviews and ratings can give you insight into an app's authenticity. If an app has mostly negative reviews, very few downloads or generic comments like "Great app," it could be fake. Genuine apps typically have a large number of detailed reviews over time. Be cautious of apps with five-star ratings but no specific feedback.

4. Be cautious of app permissions: Check the permissions the app requests before installing. A flashlight app, for example, shouldn’t need access to your contacts or messages. If an app is asking for permissions that don’t align with its purpose, it could be a red flag. Always deny permissions that seem excessive or unnecessary.

5. Keep your phone and apps updated: Regular updates for your operating system and apps often include important security fixes that protect your device from malware. Turning on automatic updates can ensure you always have the latest protections.

6. Use strong antivirus software: Install strong antivirus software on your Android. These tools can scan apps for malware, detect suspicious activity and block harmful downloads. Strong antivirus software provides an extra layer of defense, especially when browsing or downloading apps. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The FireScam malware is a powerful tool that can steal everything on your phone, and it’s tough to detect if you're not careful. Such apps can’t be distributed through legitimate app stores like the Play Store or the App Store, so they rely on third-party stores and fake websites to spread. To stay safe, the best approach is to stick to verified app stores and avoid downloading from untrustworthy sources.

When was the last time you read through the permissions an app asked for? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and protecting your online activity. 

There are tons of apps out there that claim to offer VPN services, but not all of them are legit. Some are fakes trying to steal your data. 

In the third quarter of 2024, security researchers found that the number of users encountering fake VPN apps jumped 2½ times compared to the second quarter globally. These apps were either malware or programs that could be used by malicious actors.

I’m diving into the rise of fake VPN apps and how you can stay safe.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

According to Kaspersky, cybercriminals are taking advantage of people who want to use free VPN services. In May 2024, law enforcement shut down a botnet, a network of hijacked devices, called 911 S5. Several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN, were used to create this botnet.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

When users installed these VPN apps, their devices were turned into proxy servers, meaning they were used to redirect someone else’s internet traffic. 

This huge network spread across 19 million unique IP addresses in over 190 countries, making it possibly the largest botnet ever created. The people controlling the botnet sold access to these infected devices to other criminals, who used them for cyberattacks, money laundering and fraud.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

You can’t trust free VPN apps because they have no reason to keep you or your data safe. Here's why you should be cautious:

There's a growing demand for VPN apps across all platforms, including smartphones and computers. Users often believe that if they find a VPN app in an official store, like Google Play, it's safe to use. They're especially drawn to free services, thinking it's a great deal. However, this can often be a trap.

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

If you need a VPN, stick to a service that’s well-known, trusted and not free. Look for ones that are talked about on mainstream sites and backed by solid reviews. If you’re not sure where to start, I’ve put together a handy list of my favorite VPNs. I’ve tested them myself, and you can trust them to keep your data safe. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

Here are seven essential steps to help you choose a reliable VPN and safeguard your online privacy.

1. Stick to official app stores: Always download apps from trusted platforms like the App Store for iOS or the Google Play Store for Android. These stores have built-in security measures that help detect and remove fake or harmful apps. Avoid downloading apps from random websites or third-party stores, as they are more likely to host malicious software. Even on official stores, check the app’s reviews, ratings and download count to ensure it’s trustworthy.

2. Pay attention to app permissions: Be careful about the permissions you grant to apps during installation. A flashlight app, for example, doesn’t need access to your contacts or location. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in your settings, so take the time to double-check what you’ve already allowed.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Use two-factor authentication (2FA): Implement 2FA for your VPN accounts to add an extra layer of security beyond just a password.

4. Keep software updated: Regularly update all VPN-related software, including clients, servers and associated networking hardware, to benefit from the latest security patches and improvements.

5. Use strong encryption: Look for VPN services that use robust encryption protocols like AES-256 to protect your data.

6. Monitor VPN traffic: Continuously monitor VPN traffic and logs for unusual patterns that might indicate security issues.

7. Invest in strong antivirus software: A strong antivirus program can help detect and remove malware before it compromises your device. Many antivirus apps also come with features like web protection, anti-phishing tools and the ability to scan new apps for threats. While there are free options, premium versions often provide more comprehensive protection. Look for a trusted name in cybersecurity when choosing an antivirus solution. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Fake VPN apps are everywhere, and they’re bad news. They’re not just useless. They can turn your device into a tool for cybercriminals. The 911 S5 botnet showed us just how dangerous free VPNs can be, turning millions of devices into a giant network for fraud and attacks. The truth is free VPNs aren’t really free. They often come with weak security, leak your data or demand permissions that put your privacy at risk. If you’re serious about protecting your online activity, invest in a trusted, paid VPN service.

How often do you check the credibility of apps you download? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

You know, it's pretty unsettling when you think about it. We spend our whole lives working hard and saving up for retirement. Then, one day, you find out that some company you've never heard of is selling your personal information to whoever wants to buy it. It's not just alarming. It could actually put your financial security at risk.

These companies are data brokers that collect and sell people's personal information, often without us even knowing about it. And get this: Some of them might be trading info that could affect your retirement savings. 

Crazy, right? But don't worry, it's not all doom and gloom. There are things we can do to protect ourselves. I want to talk about how these data brokers operate and what steps you can take to keep your retirement plans safe.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

There’s one major way in which data brokers are endangering your retirement security, and it’s right there in the name: data brokers buy, sell, trade and otherwise spread your personal information far and wide. This endangers your retirement security in three distinct ways, each more dangerous than the last:

They don’t know anything about you, but they have a way to reach you. Even if a scammer knows only your phone number or email address, it’s enough for them to reach out to you. If they don’t know who you are or anything about you, they have to take the most "one-size-fits-all" approach they can manage. Their goal is to get you to respond to them or click a link that leads to a malicious website. Once they learn more about you, they can better tailor their next moves.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

They know what you’re like but not who you are. Scammers can buy ready-made packages of personal information from data brokers. A set like this might include only the phone numbers of people over the age of 60, for example, while another might provide the addresses of elderly people who require live-in care and are experiencing cognitive decline. The potential for abuse is clear. They don’t have to know your name to target a dangerously effective scam at you.

In other words, something aimed right at you and very difficult to ignore. Scammers can also buy shockingly detailed information about you, from your full name to your health care and financial information. These scams are the most dangerous, with the attackers knowing enough about you to breeze past many of your defenses.

Any of the above types of scams can end in what might be the ultimate fraud – identity theft – but these three are more likely to get there, and in fewer steps, than the others.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MASSIVE DATA BREACH AT FEDERAL CREDIT UNION EXPOSES 240,000 MEMBERS

You can reduce or avoid many of these risks by stopping data brokers from making it easier for scammers to target you and by arming yourself against the most common and effective tactics they use.

1. Invest in personal data removal services: A trusted personal information removal service can stop data brokers in their tracks from sharing your information. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Don’t click on links: No matter how much pressure or stress a message or phone call puts you under, stick to the golden rule of never following or clicking on links. Always go to the source of the communication via official channels from a secure device to confirm what’s happening. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3. Don’t give out sensitive information: If a message or email can put you under enough pressure to do something you shouldn’t (like follow a link to a phishing site), imagine what a phone call can do. Any request for personal information should raise red flags. If something seems off, hang up.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

4. Verify identities before handing over money or information: Always verify who you are dealing with before providing any personal details (name, address, date of birth, Social Security number, financial information, etc.) or money. If someone asks for this information or claims they need to send you money, follow this rule: "Hang up, look up and call back." This applies to phone calls, texts and emails. Hang up or set the message aside, find the legitimate contact information for the organization in question and reach out through official channels (not social media) to confirm the request.

 TOP 5 MISTAKES THAT COULD EXPOSE YOUR FINANCIAL DATA TO CYBERCRIMINALS

You know, it's crazy to think about how much of our personal information is out there, floating around in the digital world. But here's the thing: We're not powerless in this situation. Sure, it can feel overwhelming, but there are steps we can take to protect ourselves and our hard-earned retirement savings. It's all about being aware, staying vigilant and using the tools at our disposal. Remember, your financial security is worth fighting for. So let's not just sit back and hope for the best. Let's take action and show those data brokers that we're not going to be easy targets. After all, we've worked too hard for too long to let anyone mess with our golden years, right?

Do you think there should be regulations in place to limit the activities of data brokers, and what specific measures would you like to see implemented to better protect your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.