There’s a new kind of attack going around, and it’s gotten popular enough that even hackers backed by governments in places like Russia, Iran, and North Korea have started messing around with it. But don’t panic — for most of us, the bigger threat is actually regular cybercriminals who want to steal your passwords, your money, or worse.

The good news? This scam is pretty simple once you know what to look for. It’s called "ClickFix," and it’s really just a fancy way of tricking you into doing the hacker’s dirty work yourself.

Here’s how it works: you might get a fake error message that looks legit, or maybe a pop-up telling you to "register" your PC or "unlock" a secure document. Whatever the story, the goal is always the same — they want you to copy some weird text, open something called PowerShell (basically a command box for your computer), paste the text in, and hit Enter. And just like that, you’ve unknowingly let the bad guys into your system.

​When you do this, you’re actually running a hidden command that downloads malware onto your computer. That malware could do anything from stealing your saved passwords to spying on you or even taking over your whole PC. Some of the nasty programs being used include Lumma Stealer and DarkGate — basically, very bad news.

Early on, these scams mostly used fake "error" messages to scare people into clicking. Now they’re getting sneakier, pretending they’re helping you open a document or access a secured website. But at the end of the day, it’s the same attack every time. Once you recognize the pattern, you’re a lot harder to fool.

If you’re wondering whether this is something only government hackers use, the answer is no. While government-backed groups have tested ClickFix, they mostly moved back to their usual methods after playing around with it. Regular cybercriminals are the ones who are really running with this scam, aiming at everyday people like you and me.

The big red flag you need to remember is this: if anything — an error message, a registration prompt, a document login — tells you to copy some text, open PowerShell, paste it, and hit enter, it’s a scam. Full stop. Just close the window, shut down the app, or back out of whatever website you’re on. Reboot your computer if you want to be extra safe.

Once the malware is active, it can quietly steal your personal information and send it back to the hackers without you even realizing it. Some of it even hides its tracks by clearing out your clipboard or running in a way that’s harder to notice. It's sneaky by design, and it’s counting on you not paying attention.

What I'm saying is never, ever paste anything into PowerShell unless you personally know what it is and why you’re doing it. If a website, app, or random pop-up tries to get you to do it, it’s a scam — plain and simple.

Stay safe out there!

Let’s be real here—passwords are the worst. You’re supposed to make them long, complicated, and unique for every website, but who actually remembers all of that? So we reuse them, or write them down, or forget them entirely. That’s where passkeys come in, and they’re kind of a game-changer.

A passkey is a new, easier, and way more secure way to sign in to apps and websites. Instead of typing out a password, your phone or computer can log you in with something you already use—like your fingerprint, face, or device PIN (this one is best!). It’s still secure, but you don’t have to remember anything.

The cool part is that passkeys are way harder for hackers to steal. With passwords, someone can trick you into typing them on a fake site or grab them in a data breach. Passkeys don’t work like that. They’re tied to your device and your identity, and they never leave your phone or computer. So even if a company gets hacked, your passkey can’t be stolen.

Basically, tech companies are pushing passkeys because they’re safer, simpler, and a whole lot less annoying than passwords. And don’t worry—if you’ve ever used Face ID or a fingerprint to unlock your phone, you’ve already got the hang of it.

Signal has been in the news a lot lately, and maybe you’ve been wondering what it is.
​
Signal is a free app you can use to send messages, make phone calls, and video chat with friends and family. It works a lot like WhatsApp or iMessage—you can send texts, pictures, videos, and even have group chats.

What makes Signal different is that it’s built for privacy. Everything you send on Signal is protected so that only you and the person you’re talking to can see or hear it. Not even the people who run Signal can read your messages.

Signal also doesn’t collect your personal information. It doesn’t store your messages or track who you’re talking to. It’s made by a nonprofit organization, not a big company trying to make money off your data.

That said, no app is 100% foolproof. If someone has access to your phone, they can still read your messages. And if you’re talking to someone who takes screenshots or shares what you say, Signal can’t prevent that. So while it’s one of the safest options out there, it’s still smart to be careful about what you share.
​
If you want a simple, secure way to talk to people without being spied on or tracked, Signal is a great choice.

​Hackers are now using AI to make cyberattacks even easier and more dangerous. In the past, cybercriminals had to do a lot of work to steal passwords or trick people into clicking harmful links. Now, they can use AI to do most of the work for them.

Recently, researchers showed how AI can be tricked into helping hackers. One test got AI on to create a fake email designed to steal someone’s personal information. Another test tricked AI into building malware on the Chrome browser—a type of software that can steal login details, credit card numbers, and other sensitive data.

The scary part is that AI isn’t always able to tell when it’s doing something bad. If someone frames the request in a certain way, AI might help them without realizing it. This means cybercriminals can now create scams and harmful software faster than ever before.

Because of this, traditional security measures like passwords and basic two-factor authentication (2FA) aren’t enough anymore. To protect yourself, switch to passkeys, use app-based authentication instead of text message codes, and be extra careful about where you store your passwords. AI-powered threats aren’t just a possibility—they’re already happening.

The FBI and cybersecurity experts are warning people who use Gmail, Outlook, or other email services about a big online scam called Medusa.

Medusa is a bunch of hackers who break into computers and demand money to give access back. They’ve been doing this since 2021, and now they work with other hackers to hit even more people.
They usually trick people into clicking bad links or opening fake emails. Once they’re in, they lock your files so you can’t use them. Then, they demand money and threaten to leak your personal information if you don’t pay up.

By early 2025, Medusa had already hit over 300 businesses, including hospitals, schools, law firms, insurance companies, and tech companies. They like to target places with weak security because it makes their job easier.

To protect yourself, use strong passwords and turn on extra security steps like two-factor authentication (MFA) for email and other important accounts. Also, keep your computer, phone, and apps updated so hackers have a harder time getting in.

Think of virus protection like a guard dog for your computer. If it’s out of date, it won’t catch new threats. Make sure your antivirus software is updated so it can stop hackers before they cause trouble.
A VPN (Virtual Private Network) is like a secret tunnel for your internet connection. It hides what you’re doing online and keeps your information safe from hackers. If you ever use public Wi-Fi, like at a coffee shop or airport, a VPN helps keep bad guys from stealing your info. It’s an easy way to add an extra layer of security and keep your private stuff private.
​
Online scams and hackers aren’t going away anytime soon, but taking a few simple steps can make a big difference in keeping your personal information safe. Stay cautious, think before clicking on links, and keep your security tools up to date. A little effort now can save you from a big headache later.

​Spyzie, a shady stalkerware app used to secretly monitor people's phones, got hacked—big time. This breach exposed a ton of private data, putting both the spies and their targets at risk.

Stalkerware apps like Spyzie claim to be for “parental control,” but let’s be real—people often use them to spy on partners, employees, or others without consent. These apps collect everything from text messages and call logs to GPS locations and social media activity, all while staying hidden. But in a major security fail, Spyzie didn’t even bother to properly secure this data, making it easy for hackers to access and leak.

Reports say that the breach exposed usernames, passwords, phone details, and even surveillance logs. To make things worse, Spyzie didn’t use encryption, meaning hackers could just grab the data without much effort. This is a huge wake-up call about the dangers of spyware—not only is it creepy and invasive, but it’s also a massive security risk.

Experts are urging people to stay alert for stalkerware by checking for suspicious activity on their devices, keeping software updated, and using strong passwords. Meanwhile, privacy advocates are calling for tougher laws against these sketchy surveillance tools.

The bottom line? If a company’s entire business model is based on sneaky spying, chances are they don’t care much about security either. The Spyzie hack is just another reminder that privacy and cybersecurity should always come first.

Bad news for Avery Products Corporation customers: the company recently announced a data breach that compromised credit card details and personal info. If you’ve shopped on their website, here’s what you need to know.

Avery, known for its labels and printing services, discovered the breach on December 9, 2024, but the trouble started much earlier. Hackers planted a sneaky card-skimming tool on avery.com way back on July 18, 2024. That means any payment info entered on their site between July 18 and December 9 was stolen. Yikes.

​Here’s what the hackers got their hands on:
​

• Full names
• Billing and shipping addresses
• Email addresses
• Phone numbers
• Payment card details (number, CVV, expiration)
• Purchase amounts

​Thankfully, things like Social Security numbers and driver’s licenses weren’t involved, but what was exposed is still enough for hackers to rack up fraudulent charges.

Avery’s notification even mentions reports of suspicious charges and phishing emails from customers. So, while they can’t confirm a direct connection, it’s a good idea to keep an eye on your accounts.

To help out, Avery is offering 12 months of free credit monitoring through Cyberscout. You can also call them at (800) 462-8379 if you think you think you were affected, and be sure to report any fishy account activity to your bank ASAP.

Unfortunately, this breach affected a whopping 61,193 customers, according to the Maine Attorney General’s office. So, if you’ve shopped with Avery recently, it’s worth taking a few extra precautions.

Stay safe out there, and if you’re a victim, don’t wait—get in touch with Avery and your bank to lock things down.

Heads Up! Scammers Exploit Disasters for Fake Charity Schemes

The FBI wants you to stay sharp—scammers are cashing in on tragedies to trick people into donating to fake charities. Whether it's the New Year’s Day attack in New Orleans or wildfires in LA, fraudsters are out there, posing as relief agencies, victims, or even celebrities, to steal your money or personal info.

Here’s what’s happening:

• Impersonation Tactics: Scammers might pretend to be disaster relief groups, victims, or influencers, using fake stories to tug at your heartstrings.
• Tech Trickery: Some are even using AI to make their scams look legit.
• Big Impact: In 2024, over 4,500 cases of charity fraud cost people around $96 million.

How to Protect Yourself

1. Research Before Donating: Look for reviews, news articles, and official registrations of charities.
2. Verify Crowdfunding: Double-check the campaign’s legitimacy—reverse search images and verify the stories.
3. Watch for Pressure: If someone says "act now," it could be a scam.
4. Avoid Unsolicited Requests: Don’t open links or messages from unknown sources.
5. Pay Safely: Skip debit, gift, or prepaid cards for donations.
   
   

Quick Tip: Legit charities don’t use free email services, and their official websites can be checked through tools like ICANN Lookup.

Think You’ve Been Scammed?

• File a report with the FBI’s Internet Crime Complaint Center (IC3).
• Include all the details—names, emails, payment info, and interactions with the scammer.

Stay safe, stay skeptical, and let’s outsmart the scammers!

See the official warning here.