A phishing campaign is targeting residents across multiple US states with fake traffic violation notices delivered by text message, using embedded QR codes to direct victims to sites that steal personal and financial information. The campaign has been reported in New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey. The texts include…
Google has taken down the Chrome extension “Save Image as Type” after security researchers uncovered it had been hijacked and altered to redirect user traffic for affiliate commission fraud. The extension had over a million users when it was removed. The compromise was carried out by a group called Karma, which reportedly acquired the extension…
We have seen our fair share of malicious Chrome extensions in the past 17 or so years since Google released the initial version of its browser. From fake VPN extensions and outright malicious extensions to sophisticated session replay malware. This time, more than 260,000 Chrome users unknowingly installed a browser extension labeled as a helpful AI assistant. According to researchers…
Microsoft has patched a high-severity security vulnerability in Windows 11 Notepad that allowed specially crafted Markdown links to launch local or remote programs – without triggering standard Windows security warnings. The flaw tracked as CVE-2026-20841 was fixed as part of the February 2026 Patch Tuesday updates, which we release monthly. While exploitation required a user to open…
Betterment, a financial app, sent a sketchy-looking notification on Friday asking users to send $10,000 to Bitcoin and Ethereum crypto wallets and promising to “triple your crypto,” according to a thread on Reddit. The Betterment account says in an X thread that this was an “unauthorized message” that was sent via a “third-party system.” Here’s…
China has enacted a major revision of its Cybersecurity Law, effective January 1, 2026. The amendments mark the most significant shift since the law’s original introduction in 2017 and materially change how companies must handle cyber incidents, regulatory reporting, and compliance exposure. The updated framework places speed and accountability at the center of enforcement. Incident…
Two former employees at cybersecurity firms – one of whom was a ransomware negotiator – have pleaded guilty to carrying out a series of ransomware attacks in 2023. The Department of Justice announced the guilty pleas on Tuesday, saying 40-year-old Ryan Goldberg and 36-year-old Kevin Martin extorted $1.2 million in Bitcoin from a medical device…
Windows’ built-in copy function works well enough for small files. Problems start when transfers involve tens or hundreds of gigabytes, or thousands of files. At that point, File Explorer often slows to a crawl, stalls on “Calculating time remaining,” or fails partway through with little clarity on what actually copied. The issue is not storage…
The most serious cyber risks consumers face in 2026 are less about technical break-ins and more about manipulation. Criminals increasingly rely on realistic AI-generated media and social engineering to pressure people into acting quickly, often before they have time to verify what is happening. Law enforcement agencies, including the Federal Bureau of Investigation, have warned…
Xubuntu’s website was the latest to fall victim to hackers. The attackers replaced the download links with a malicious one. For those unaware, Xubuntu is one of the official flavors of Ubuntu, i.e. a fork/derivate of the distro. The name is a portmanteau of Xfce and Ubuntu. Anyway, from what I can tell from user…
