AI-powered browser extensions continue to be a popular vector for threat actors looking to harvest user information. Researchers at security firm LayerX have analyzed multiple campaigns in recent months involving malicious browser extensions, including the widespread GhostPoster scheme targeting Chrome, Firefox, and Edge. In the latest one—dubbed AiFrame—threat actors have pushed approximately 30 Chrome add-ons that impersonate well-known AI assistants, including Claude, ChatGPT, Gemini, Grok, and "AI Gmail." Collectively, these fakes have more than 300,000 installs.

Fake Chrome extensions look like popular AI assistants

The Chrome extensions identified as part of AiFrame look like legitimate AI tools commonly used for summarizing, chat, writing, and Gmail assistance. But once installed, they grant attackers wide-ranging remote access to the user's browser. Some of the capabilities observed include voice recognition, pixel tracking, and email content readability. Researchers note that extensions are broadly capable of harvesting data and monitoring user behavior.

Though the extensions analyzed by LayerX used a variety of names and branding, all 30 were found to have the same internal structure, logic, permissions, and backend infrastructure. Instead of implementing functionality locally on the user's device, they render a full-screen iframe that loads remote content as the extension's interface. This allows attackers to push changes silently at any time without a requiring Chrome Web Store update.

LayerX has a complete list of the names and extension IDs to refer to. Because threat actors use familiar and/or generic branding, such as "Gemini AI Sidebar" and "ChatGPT Translate," you may not be able to identify fakes at first glance. If you have an AI assistant installed in Chrome, go to chrome://extensions, toggle on Developer mode in the top-right corner, and search for the ID below the extension name. Remove any malicious add-ons and reset passwords.

As BleepingComputer reports, some of the malicious extensions have already been removed from the Chrome Web Store, but others remain. Several have received the "Featured" badge, adding to their legitimacy. Threat actors have also been able to quickly republish add-ons under new names using the existing infrastructure, so this campaign and others like it may persist. Always vet extensions carefully—don't just rely on a familiar name like ChatGPT—and note that even AI-powered add-ons from trusted sources can be highly invasive.

It's once again time to update your Apple devices. The company just released a whole host of security patches, including a fix for an actively exploited zero-day affecting iOS 26, iPadOS 26, and macOS Tahoe. These updates arrived alongside the official release of iOS 26.3, which includes features like more seamless data transfer between iPhone and Android. Other security patches address bugs in Photos, VoiceOver, and Screenshots, to name a few.

iOS 26.3 patches a zero-day affecting dyld

According to Apple's latest security bulletin, the zero-day—tracked as CVE-2026-20700—is a memory corruption issue in dyld, Apple's "Dynamic Link Editor." The flaw could allow attackers with memory write capability to execute arbitrary code—or, in other words, run their own code on your device.

Apple says that the vulnerability may have been exploited in an "extremely sophisticated attack against specific targeted individuals" in earlier versions of iOS alongside CVE-2025-14174 and CVE-2025-43529. Those at greatest risk with this bug are likely high-profile users with access to sensitive data—users who might be inclined to use Apple's Lockdown Mode—but everyone should install the update to patch the issue.

The patch for this flaw is available for the following iOS and iPadOS devices, in addition to all Macs that run macOS Tahoe:

• iPhone 11 and later

• iPad Pro 12.9-inch 3rd generation and later

• iPad Pro 11-inch 1st generation and later

• iPad Air 3rd generation and later

• iPad 8th generation and later

• iPad mini 5th generation and later

How to install the latest security update for iPhone

You should have automatic updates enabled to ensure you receive critical security patches ASAP, but you can confirm that you're on the latest OS version under Settings > General > Software Update. As a reminder, Apple won't message you urging you to click links, download attachments, or install apps related to security updates. Always go through your device settings to receive official fixes.

Threat actors don't have to work that hard to obtain sophisticated malware to deploy against unsuspecting targets. A new spyware platform known as ZeroDayRAT is reportedly being sold on Telegram, complete with customer support and updates.

According to mobile security company iVerify, this aggressive spyware grants full remote control over devices running Android 15 through 16 and iOS versions up to iOS 26. Once deployed, it allows everything from user profiling and location tracking to live surveillance and financial theft.

What ZeroDayRAT can gather from your device

This spyware has wide-ranging capabilities that, according to iVerify, have traditionally been found on platforms sponsored by state actors. Here's a look at what ZeroDayRAT can do:

• Collect information about the device, such as model, OS, battery, country, lock status, SIM and carrier info, app usage, live activity, and SMS message previews. This allows threat actors to develop user profiles for further targeting.

• Pull GPS coordinates, capture notifications from apps and systems, and harvest account information, such as usernames and emails.

• Send SMS messages and receive verification codes to bypass two-factor authentication.

• Log keystrokes (including biometric unlocks, gestures, and app launches), access the camera and microphone, and screen record.

• Log crypto wallet addresses and target banking and payment app credentials via overlay attacks.

How to protect against spyware

ZeroDayRAT can infect your device only if a malicious binary—an APK on Android or iOS payload—is downloaded and installed. These may be distributed through phishing, such as links sent via emails, texts, or messaging platforms, as well as in fake app stores.

All standard guidance for avoiding scams and malware applies: never click links in unsolicited communication, including conversations in apps like Telegram and WhatsApp, and only download apps and extensions from official, trusted sources.

Users at high risk of being targeted and anyone who wants an extra layer of security can consider enabling Lockdown Mode (iOS) or Advanced Protection (Android).

Microsoft's February security update is a big one. This latest "Patch Tuesday" fixes 58 vulnerabilities in total, six of which are zero-day flaws. As a reminder, a zero-day is a vulnerability that has been either actively exploited in the wild or publicly disclosed before an official fix is released by the developer.

As BleepingComputer reports, security flaws were found in the following categories: 25 elevation-of-privilege vulnerabilities, five security feature bypass vulnerabilities, 12 remote code-execution vulnerabilities, six information disclosure vulnerabilities, three denial of service vulnerabilities, and seven spoofing vulnerabilities. Three of the elevation of privilege vulnerabilities and two of the information disclosure vulnerabilities are considered "critical." (These numbers do not include the three Microsoft Edge vulnerabilities patched earlier in February.)

Patch Tuesday updates are typically released around 10 am PT on the second Tuesday of every month, and your device should receive them automatically. BleepingComputer reports that this month's release also includes Secure Boot certificate updates for 2011 certificates that are expiring in June.

Six zero-days patched in February

Three of the six actively exploited zero-days fixed in February are security feature bypass vulnerabilities:

• CVE-2026-21510: This is a flaw the Windows Shell that allows an attacker to execute content without warning or gaining user consent, though the user does need to open a malicious link or shortcut file.

• CVE-2026-21513: This MSHTML Framework vulnerability allows an unauthorized attacker to bypass a security feature over a network. Microsoft has not released details on how this flaw was exploited.

• CVE-2026-21514: This vulnerability in Microsoft Word allows an attacker to bypasses OLE mitigations in Microsoft 365 and Microsoft Office once a user has opened a malicious Office file.

All three of the above flaws have been attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, and Google Threat Intelligence Group along with an anonymous researcher for CVE-2026-21510 and CVE-2026-21514.

Two of the zero-days are elevation of privilege vulnerabilities. CVE-2026-21519 is a Desktop Windows Manager flaw that allows an attacker to gain SYSTEM privileges, while CVE-2026-21533 is a Windows Remote Desktop Services flaw that allows an attacker to elevate privileges locally. The former has been attributed to MSTIC and MSRC, while the latter was discovered by the Advanced Research Team at CrowdStrike.

Finally, CVE-2026-21525 is a denial of service vulnerability in the Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally. This flaw was discovered by the ACROS Security team with 0patch—it was reportedly found in a public malware repository in December 2025.

If you were affected by 23andMe's data breach—which involved the information of approximately 6.4 million U.S. residents—you have just a few more days to claim your compensation. Following the 2023 credential-stuffing attack, 23AndMe in 2024 agreed to a $30–$50 million payout for impacted consumers. The genetic testing company then filed for Chapter 11 bankruptcy in 2025 (introducing new privacy concerns around the potential sale of customer data). The courts approved the deal last month, and class members have until Feb. 17 to submit claims related to the cyber incident.

How much you'll receive from the 23andMe settlement

There are several tiers of payouts with the 23andMe settlement. Users with an "extraordinary claim"—those who experienced identity theft or fraudulent tax filings as a result of the breach—could qualify for up to $10,000 to reimburse verified expenses, including costs for physical or cyber security systems as well as mental health treatment.

Claimants who received notices that certain health information was leaked in the breach will be paid up to $165. Eligible data include raw genotype data, health reports (including health predisposition reports, wellness reports, and carrier status reports), and self-reported health conditions. Individuals residing in Alaska, California, Illinois, and Oregon will receive an additional $100 thanks to state privacy laws. Note that payments will likely take time to be distributed.

The settlement also provides for five years of identity monitoring services through a customized program called Privacy & Medical Shield + Genetic Monitoring. This is available to all class members regardless of payout.

How to file a 23andMe claim

Consumers who were impacted by the 2023 data breach can file a Cyber Security Incident Claim, which must be submitted by Feb. 17, 2026 (unless you received a notice in 2026 indicating otherwise). To be eligible, you must have been a 23andMe customer between May 1, 2023 and October 1, 2023 and have received a notice (via letter or email) that your information was compromised in the breach. You also must attest that you incurred damages (monetary or non-monetary) as a result of the incident.

Claims can be filed online via the settlement website, or you can mail a hard copy of your claim form (postmarked by Feb. 17) to the address listed. To complete a claim, you must provide some personal information as well as details about the harm incurred with supporting documentation, such as bank or credit card statements substantiating losses.

With iOS 26, Apple made it easier for users to reduce spam and overall clutter in their Messages inbox. Your iPhone will detect and hide spam messages, and with the Screen Unknown Senders feature, you can filter out texts from anyone you don't know. You can also disable push notifications for these conversations to reduce how often you're alerted for messages you don't need to see.

Note that this feature works only on iOS, so if you have Messages synced on your Mac, you'll see everything and receive notifications for all messages unless you mute specific conversations.

How to reduce clutter in Messages on iOS

To send messages from numbers you don't know to a separate folder, go to Settings > Apps > Messages and toggle on Screen Unknown Senders. You can also get here through the Messages app on your iPhone by tapping the three horizontal menu lines in the top-right corner and selecting Manage Filtering. Enabling Screen Unknown Senders will hide notifications and move messages to your Unknown Senders list. If you want to allow (or disallow) certain types of notifications, tap Allow Notifications and toggle categories on or off:

• Time Sensitive includes alerts, verification codes, and urgent requests.

• Personal includes messages identified as not sent by a business or organization.

• Transactions include order updates, receipts, and confirmations.

• Promotions include general offers and updates sent to multiple recipients.

Most users will want to enable time-sensitive notifications to receive messages that include time-based one-time passwords (TOTPs) and other urgent alerts. You may also want to allow personal notifications so you don't miss messages directed to you individually from real people who aren't saved in your contacts.

When you allow notifications, texts identified in those categories will appear in your Messages list for only 12 hours before being moved to Unknown Senders—a behavior that keeps your primary inbox streamlined. If you want to make an unknown sender a known sender to prevent future messages from being filtered out, open the conversation and tap Mark as Known at the bottom or add the number to your contacts. A known sender is anyone you've added to your Contacts, sent a message to, or marked as known in the conversation.

Finally, if you enable Filter Spam under the same menu in your device settings, Apple will send messages identified as spam to a separate Spam list and hide notifications. You can view these and conversations from unknown senders at any time via Messages > Menu.

Browser extensions, even ones from trustworthy sources, are not without privacy and security risks. I've written before about add-ons that manage to slip through official store safeguards and even some that "wake up" as malware after operating normally for several years, so it should come as no surprise that a host of AI-powered browser extensions—collectively installed by tens of millions of users—may also be invading your privacy.

Researchers at data removal service Incogni looked at browser extensions available in the Chrome Web Store that included "AI" in their name or description and employed AI as part of their core functionality. By analyzing the data collected and permissions required, they assessed both how likely extensions are to be used maliciously and their potential to cause significant damage if compromised.

AI-powered browser extensions collect extensive user data

Incogni found that website content, such as text, images, sounds, videos, and hyperlinks, was the most commonly collected data type (by nearly a third of AI-powered extensions). More than 29% of extensions investigated harvest personally identifiable information (PII)—name, address, email, age, identification number, for example—from users. Other forms of data collected include user activity, authentication information, personal communication, location, financial and payment information, web history, and health information.

The most invasive extensions fall in the programming and mathematical aid category (such as Classology AI and StudyX), followed closely by meeting assistants and audio transcribers. Writing and personal assistants also pose privacy risks—and many of these are also among the most downloaded AI-powered extensions in Chrome.

How popular AI-powered Chrome extensions stack up on privacy

Incogni also assigned "privacy-invasiveness" scores to the most downloaded AI-powered extensions, a combination of the amount of data collected and both general and sensitive permissions required:

1. Grammarly: AI Writing Assistant and Grammar Checker App (tied for #1)

2. Quillbot: AI Writing and Grammar Checker Tool (tied for #1)

3. Sider: Chat wiht all AI (tied for #3)

4. AI Grammar Checker & Paraphraser — LanguageTool (tied for #3)

5. Google Translate (tied for #4)

6. WPS PDF — Read, Edit, Fill, Convert, and AI Chat PDF with Ease (tied for #4)

7. Monica: All-in-One AI Assist (tied for #4)

8. AI Chat for Google (tied for #4)

9. Immersive Translate — Translate Web & PDF

10. ChatGPT search

Grammarly and Quillbot were found to collect PII and website content as well as location data like region, IP address, and GPS coordinates. Grammarly also harvest user activity through network monitoring, clicks, mouse and scroll positions, and keystroke logging. While both also require sensitive permissions—such as the ability to inject code into websites and access active browser tabs—they have a relatively low risk of being used maliciously.

How to protect your personal information

Browser extensions that use AI aren't inherently bad, but you should be aware of what information they are collecting and what permissions they are requiring. The most common type of sensitive permissions required are scripting, which allows the extension to interact with pages as you navigate online, as well as activeTab, which lets it read or modify the page for the current session.

When adding an extension (or installing an app or program), carefully review the permissions requested. If they aren't essential to the extension's functionality–or if they are but don't seem justified—you may be putting your data or device at risk by allowing them. As Incogni points out, users have to decide how much privacy to sacrifice in order to use apps and services.

If you receive an event invitation via email, verify it's legit before you RSVP, as you may not actually be invited to anything. Malwarebytes Labs has identified a new scam in which threat actors are using party invites to trick users into installing a remote access tool (RAT) that gives them full control over infected devices. (This specific campaign seems to be limited to the UK, but similar tactics could easily spread.)

These malicious invites contain a ScreenConnect installer

The scam starts with an innocuous-looking email invitation with an informal "Save the Date" vibe that may appear to come from a friend or acquaintance. The message contains a link to "View Invitation" for event details. If you click through, you'll end up on a landing page with a bold "You're Invited" header and a button to download your invitation, but you don't actually need to take any further action—your browser automatically triggers the download of a .msi file, which is not actually a party invitation or RSVP form but an installer.

The MSI silently installs ScreenConnect Client, a legitimate IT support tool that allows remote access into the user's machine. Once this connection is established, attackers have the ability to see your screen, control your mouse and keyboard, and upload or download files—even if you restart your computer. All of this happens in the background with no obvious indicators that a remote access tool has been installed and is now running, so victims are unlikely to have cause for concern.

You should know these remote access red flags

As Malwarebytes points out, this scheme is successful because it relies on normal human behavior around a seemingly low-risk situation: opening an event invitation. What's unusual is that there's little pressure or urgency in the initial message. Instead, the landing page has language like "a friend has sent you an invitation" and "I opened mine and it was so easy," which is a form of social proof that guides users to take the desired action.

You should always be alert to unsolicited invites sent via regular email with a link to an external site as well as any communication that prompts you to download or install software. These days, invitations are commonly delivered through apps and digital services like Partiful, Paperless Post, Evite, or Apple Invites, which are generally more trustworthy than random emails with hyperlinked text. If you're unsure whether the invite is real, verify with the sender through another channel before clicking or downloading anything.

As mentioned, victims of this scam may not immediately notice that a RAT has been installed on their device. But there are some red flags, such as unexplained cursor movement or windows opening or closing on their own. You can check your machine for a file named "RSVPPartyInvitationCard.msi" or a service called ScreenConnect Client with additional random characters in the title.

If you've already downloaded ScreenConnect from a malicious invite, Malwarebytes recommends disconnecting from the internet and uninstalling the program immediately. Run a security scan to check your device for malware, and change important passwords from a separate device.

We may earn a commission from links on this page.

Super Bowl LX kicks off on Sunday, Feb. 8 at 6:30 p.m. ET. This year's broadcast, hosted on NBC, includes pregame coverage starting at 1 p.m. ET and a pregame show featuring Green Day at 6 p.m. ET. Even if you don't have cable, there are a few ways, both paid and free, that you can watch all the action live from Levi's Stadium in Santa Clara, CA.

You can watch Super Bowl LX on Peacock

The game will be shown on NBC-owned streaming service Peacock, which is available on the web as well as iOS, Android, smart TVs, and gaming consoles. Peacock doesn't have a free trial, and you have to subscribe to the middle tier—Peacock Premium, which costs $11 per month—to get live sports. Or you can pay $17 per month for ad-free Premium Plus (live sports still have ads).

There are a few ways to get around subscribing at full price. Peacock Premium is a perk of both a Walmart+ subscription ($98 per year after a 30-day free trial) and an Instacart+ subscription ($99 per year after a 14-day free trial), so if you have or would benefit from either of these services, now may be the time to sign up. Students qualify for a discounted rate of $6 per month for Peacock Premium. Note that Peacock will also have streaming and on-demand coverage of the Winter Olympics, which begin this weekend, so subscribing for a month may be well worth $11.

Sign up for a live TV streaming service

There are a handful of streaming services with live TV that include NBC. Before signing up, check the channel listings for your zip code to confirm NBC is available in your local market.

• DirectTV Stream: $50 per month for the first month with current promotions, 5-day free trial

• Hulu + Live TV: $90 per month, 3-day free trial (includes ads on Hulu)

• YouTube TV: Currently $70 per month with promo, 21-day free trial for new users

• Sling TV (in limited markets): $46 per month

When signing up for a free trial, make sure you know when you'll be billed for a paid subscription and cancel before your trial expires. The game will be available in 4K for YouTube TV subscribers (included in the free trial but at an additional fee or at a higher tier with paid plans). The Spanish-language broadcast will be on Telemundo, which is also available on most live TV streaming services.

How to watch Super Bowl LX over the air

Another free (ish) way to get the game is with over-the-air (OTA) TV. Of course, this requires you to invest in a digital TV antenna and have a place to put it that gets good reception. You should check the FCC's reception map to see what signals are available in your area and try your antenna out before game day. Your mileage may vary, so if you want a stress-free watch experience, this probably isn't the best option.

Other ways to watch the Super Bowl

You can also watch the game through the NFL+ mobile app—a subscription costs $7 per month. Fubo previously carried NBC channels but has been in a contract dispute with NBCUniversal since last 2025.

A useful feature baked into iOS 26 is the ability to autofill credit cards stored in Apple Wallet across apps and browsers. If you don't use a password manager (which you absolutely should), AutoFill via Apple Wallet saves you the trouble of having to manually enter your credit card information every time you want to make a purchase on your phone. Even if you have a password manager, though, not all plans allow payment card storage and autofilling, and the feature can be clunky on those that do.

As 9to5Mac points out, AutoFill for credit cards was already available in Safari and is now supported systemwide, managed through Apple Wallet.

How to set up and use AutoFill in Apple Wallet

First, you'll need to add your payment cards to Apple Wallet's autofill list (which is separate from your general wallet). Tap the three dots in the upper-right corner and select AutoFill. Tap Add Card to input card details manually or use the camera scan feature. The security code is optional, meaning you can add and store it in Apple Wallet AutoFill or enter it for each transaction.

To autofill saved credit cards, simply tap any form field to bring up the Paste/AutoFill option. Select AutoFill > Credit Card, authenticate with Face ID or Touch ID, and tap the card you want to enter. You'll have to repeat the process for each field, as Apple Wallet won't autofill the whole form at once.

A new phishing campaign identified by Malwarebytes Labs targets AT&T customers with text messages about expiring rewards points. Users are urged to claim their rewards ASAP by clicking the included link, which is actually designed to harvest sensitive personal information.

AT&T rewards scam phishes personal information

Targets for this scam have received texts containing a "Rewards Expiration Notice" urging them to redeem points in their AT&T account before they are scheduled to expire. The message includes a specific points balance and expiration date along with two "recommended redemption methods":

• AT&T Rewards Center: [shorturl link]

• AT&T Mobile App: Rewards section

As Malwarebytes discovered, the short link sends users to a https://att.hgfxp[.]cc/pay/, a spoofed website with AT&T branding, headers, menus, and links out to the real AT&T domain. Users are directed to enter their phone number to verify their account, which leads to a screen warning that their points are set to expire. Further down, you can see redemption options, including an Apple Watch Series 9, Sony WH-1000XM4 Wireless Headphones, and Amazon gift cards.

In order to claim a reward and arrange delivery, victims are then prompted to enter more personal information—which is transmitted directly to the scammers. Malwarebytes notes that the forms have real-time validation and error highlighting so users are less likely to suspect the fraud.

Rewards scam red flags

This scam relies on social engineering tactics—like a sense of urgency and the fear of missing out—to trick targets into engaging. And while it does have a somewhat believable look and feel as well as a multi-step approach to build user trust, it also has some clear red flags. The text originates from a regular phone number rather than a short code, which is often used for automated messages, and the sender doesn't appear as a recognized AT&T contact. The thread also includes multiple recipients and a generic greeting. (A legitimate message from AT&T will be sent directly to you.)

Then there's the shortened URL that leads to a website not owned by AT&T. While the page has some realistic branding and working links, it also has a number of typos and grammatical and formatting errors. Malwarebytes found that if you click the link on different days, the expiration date on the site changes.

As always, don't click links in unsolicited texts. AT&T does have a rewards program, but you should go directly to that portal via the web or app to manage your rewards.

Identity thieves are now using college enrollment to take out student loans in victims' names. This so-called "ghost student" scam capitalizes on limited verification for online class sign-ups and the federal aid application process to steal millions in funds while assigning the debt to unsuspecting targets.

I personally have been a victim of this scam, which I discovered only after an outstanding student loan debt landed on my credit report in 2024. Here's how the scheme works.

'Ghost student' scam relies on stolen identities

To run this scam, fraudsters use stolen or fake identities to enroll "ghost students" in online classes while also applying for federal student aid, including Pell grants and loans. Of course, they never actually attend those classes, instead disappearing with the money and placing the resulting financial burden on the individuals and schools they've conned.

In my case, scammers had used just enough accurate personal information to "enroll" at a community college in southern California and take out a Pell grant in my name. However, because the enrollment was fraudulent, the grant was considered overpaid and sent to collections via the U.S. Department of Education—which is how it landed on my credit record.

According to the U.S. Department of Education's Office of Inspector General (OIG), this type of fraud blew up with the shift to online and remote learning, particularly at community colleges that offer open enrollment (and generally engage in limited verification of applicant information). Increasingly, AI tools also likely help scammers to expand their reach with enrollment and loan applications and get past identity verification checks.

The scheme has affected schools across the country. In California alone, nearly a third of all applicants to community colleges in 2024 were identified as fake. A handful of individuals have been sent to prison after stealing millions in "ghost student" financial aid, but the OIG still has 200 investigations open.

For individuals targeted by the ghost student scam, the consequences are essentially the fallout of identity theft, such as debt falsely assigned to you that negatively affects your credit or the inability to get legitimate student loans (or any other type of credit) when you actually need them.

It also forces you into a long and arduous process of disputing the fraud: I spent several months going back and forth between the Department of Education, the community college, the credit bureaus, and an attorney to track down the fraudulent applications, file identity theft reports, provide extensive documentation proving that I wasn't responsible for the debt, and get the information removed from my record.

How to protect your identity from student loan fraud

Unfortunately, the ghost student scam circumvents a standard anti-fraud safeguard because most federal student aid doesn't require a credit check. (My credit record had been frozen for years, and still was at the time that this fraud took place.) While you should absolutely freeze your credit and thaw it temporarily only when needed, this step may not prevent bad actors from using your information to apply for grants and loans.

Because this scam is a form of identity theft, you should take every precaution to safeguard your personal information. Given the ubiquity of data breaches and hacks, you can assume a lot of it is already out in the open, but that doesn't mean you can't lock accounts down and practice good digital hygiene. Credit fraud alerts and a regular review of your credit reports will help you catch any suspicious activity quickly.

Some iOS users are getting an extra layer of privacy when it comes to how their location data is shared. Limit Precise Location is a new setting that prevents some Apple devices from broadcasting specific locations to cell carriers.

Precise location sharing is useful, even essential, in some cases, such as when you're navigating with your maps app. But you may not want to constantly be sending your exact address to your phone provider, where it could be used for malicious purposes. If you enable Limit Precise Location, your iOS device will share your general area instead.

Precise location sharing comes with privacy risks

As TechCrunch points out, precise location sharing introduces a whole host of privacy and security risks. Cell carriers have been targeted by hackers, compromising sensitive customer data. Surveillance vendors and law enforcement agencies may also use location information broadcast via cellular networks for the purposes of real-time and ongoing tracking.

Users already have the option to disable precise location sharing at the app level on both iOS and Android for apps that don't need GPS coordinates to function—which is most of them. This allows you to prevent companies from receiving (and selling) your exact location data when a general location is sufficient. Limit Precise Location won't change these app-specific settings.

For now, the feature is available only on select Apple models—the iPhone Air, iPhone 16e, and iPad Pro (M5) Wi-Fi + Cellular—running iOS 26.3 with a limited number of global carriers:

• U.S.: Boost Mobile

• UK: EE, BT

• Germany: Telekom

• Thailand: AIS, True

Apple says that even with this setting enabled, emergency responders will still be able to pinpoint exact location during an emergency call.

How to disable precise location sharing

If you have a supported device with a partner carrier, go to Settings > Cellular and tap Cellular Data Options (you may need to select the specific line under SIMs if you have more than one). Scroll down and toggle Limit Precise Location sharing off.

Unsolicited texts are annoying—and even more so if they keep coming from a legitimate sender after you've opted out. If you received text spam from Kaiser Permanente, you may be eligible for a cash payout for each message.

The healthcare company, which serves over 12.5 million members, recently settled a $10.5 million class action lawsuit filed over marketing text messages sent after recipients tried to opt out. The suit, filed in August 2025, claimed that Kaiser Permanente failed to honor opt-out requests. Those with a valid claim may receive up to $75 per qualifying text.

Are you eligible for the Kaiser settlement?

To qualify for a payout from this settlement, you must have received more than one text message from Kaiser Foundation Health Plan Inc. within a 12-month period—between Jan. 21, 2021 and Aug. 20, 2025—after sending a "stop" or similar opt-out request. (Note that the confirmation of your request does not count.)

According to the settlement website, there are two separate classes covered by suit: one for message recipients in Florida and one for the U.S. as a whole.

How to claim your settlement cash

To get your cash, you'll need to submit a valid claim form by Feb. 12, 2026. You can complete your claim online if you received a notice of eligibility via mail or email containing a unique ID and PIN. If you did not get a notice, you'll have to download and submit a paper claim form to the settlement administrator. Hard copy claims must be postmarked by Feb. 12.

While the maximum per-text payout is $75, the final amount may be less depending on how many claims are filed. Payments could take months to distribute while settlement details are finalized, so don't expect the funds to arrive immediately.

Before you head out to a protest, take some precautions to protect your privacy and both the physical and digital security of any device you bring along. The most secure option, of course, is to leave your phone at home, but you can also lock things down to minimize the risk that your data will be accessible to law enforcement or someone who gets hold of your device.

Thankfully, both iOS and Android have built-in device encryption if you're using a passcode, meaning that your device's data cannot be accessed when it is locked. (On Android, go to Settings > Security to ensure Encrypt Disk is enabled). You'll want to maximize this protection with the following privacy settings.

Turn off face and fingerprint scanning

At an absolute minimum, you'll want to disable biometric access, such as face and fingerprint authentication, on your device in favor of a passcode or PIN. As the Electronic Frontier Foundation notes, this minimizes the risk of being physically forced to unlock your device and may provide stronger legal protections against compelled decryption.

On iOS, go to Settings > Face ID & Passcode and toggle off iPhone Unlock. You can also set up a stronger passcode—a custom numeric or alphanumeric code—under Change Passcode. On Android, you'll find the option to delete your fingerprint in favor of your PIN or screen lock pattern under Settings > Security & Privacy > Device Unlock > Fingerprint.

Limit location tracking

Again, the best option to prevent your location from being tracked is to coordinate any details in advance and leave your phone at home. If you must bring it along, keep it off unless you absolutely need to use it.

You can turn on Airplane Mode in advance, as well as disable Bluetooth, wifi, and location services, which keeps your device from transmitting your location. However, note that some apps may still be able to store GPS data and transmit it when an internet connection is available—so again, the safest bet is to keep your device off for the duration.

Airplane Mode can be enabled (and wifi and Bluetooth disabled) in your device's settings or quick access menu. On Android, go to Settings > Location to disable location services and turn off Location History in your Google account. On iOS, head to Settings > Privacy & Security > Location Services to disable locations entirely.

Turn off previews and notifications

Temporarily disable notifications and screen previews so that if someone gets your device, they won't be able to glean any information from your lock screen. You can adjust these options under Settings > Notifications on iOS and Settings > Apps & notifications > Notifications on Android.

Adjust screen lock time

Minimize your screen lock time to as short a period as possible so that your screen turns off when you're not actively using it and will require authentication to reopen. On iOS, go to Settings > Display & Brightness > Auto-Lock and select 30 seconds. The exact path on Android may vary, but typically you'll find this under Settings > Display or Lock Screen.

Know that most devices have camera access from the lock screen, so you can take photos or record video without actually unlocking your device.

Enable app pinning or Guided Access

App pinning (Android) and Guided Access (iOS) are features that prevent others from navigating through your phone beyond a specific app or screen. This allows you to use an essential feature on your device while locking the rest behind your PIN or passcode. You can enable this preemptively, and if someone grabs your device, they won't be able to snoop around.

You can find this setting on Android under Security or Security & location > Advanced > App pinning and on iOS under Settings > Accessibility > Guided Access.

Use a SIM PIN

You can also lock your SIM card to prevent unauthorized use of your device or SIM card, including access to two-factor authentication codes sent via SMS. This PIN will be required any time your phone restarts or if someone tries to use your SIM card in another device. On iOS, go to Settings > Cellular, select your SIM, and tap SIM PIN. On Android, you'll find this under Settings > Security > More security settings (the exact path varies by device).

Sign out of, hide, or delete apps

This step will vary depending on what you keep on your phone and your risk tolerance, but you may want to consider signing out of your social media accounts and deleting apps that contain or allow access to sensitive data.

On iOS, you can also lock or hide specific apps: the former requires an extra authentication step to open apps on your home screen, while the latter sends apps to a hidden folder that also requires authentication to unlock. Touch and hold an app icon to bring up the quick actions menu, then tap Require Face ID/Require Passcode.

On Android, you can set up a "private space" to lock apps behind your pattern, PIN, or password. Apps are hidden from the launcher and recent views as well as quick search. Go to Settings > Security & privacy > Private space, authenticate with your screen lock, and tap Set up > Got it.

If necessary, turn on Lockdown Mode or Advanced Protection

Both iOS and Android have strict device-level security modes that significantly limit access to certain app and web features as well as blocking changes to settings. Both were designed with journalists, activists, and other users with access to sensitive data that may be targeted by cyber actors in mind. These settings are overkill for day-to-day use but add a potentially helpful layer of security in high-risk situations.

Enable Lockdown Mode on iOS via Settings > Privacy & Security > Lockdown Mode. On Android, turn on Advanced Protection under Settings > Security & privacy > Advanced Protection.

Protect your privacy after a protest

While the above steps are largely about securing your data during a protest, you should also follow best practices for protecting privacy (yours and others') after the fact. If you plan to post photos or videos, utilize blurring tools to block faces and other unique identifying features, and scrub file metadata, which includes information like photo location. You can do this by taking a screenshot of the image to post or sending a copy to yourself in Signal, which automatically strips metadata. Signal also has a photo blurring tool, or you can blur in your device's default photo editing app.

As scammers continue to find ways to impersonate known brands, users should remain wary of spam-like emails—even if they appear to come from a legitimate company address.

Ars Technica has identified a scheme that abuses a Microsoft subscription feature to send phishing emails from no-reply-powerbi@microsoft.com, a real address that the company advises users to add to their allow lists.

How the Microsoft Power BI scam works

Users targeted with this scam have received emails from an address connected to Microsoft Power BI, a business analytics platform. The messages include (fake) billing receipts with large purchase amounts from services like PayPal, Norton LifeLock, and Microsoft 365 and a phone number to call to dispute the transaction.

Scammers on the other end of the line may try to convince you to install a remote access application that allows device takeover or will otherwise extract personal information. As with any phishing scam, engaging in any way—calling the number, responding to the email, or clicking links—could put your data and your device at risk.

The emails themselves are full of typos and grammar errors and urgent calls to action that are, in most cases, completely unrelated to Microsoft itself. Many users would spot these red flags and know to simply delete the message. However, threat actors capitalize on the trust users have in the brands they're exploiting along with scare tactics to trap some people in the scheme.

This is also far from the first phishing scheme of its kind: Threat actors have sent malicious emails from legitimate PayPal and Google addresses (to name just two) by exploiting similar loopholes. In the case of PayPal, fraudulent purchase notifications sent from service[at]paypal[dot]com abused the platform's subscription billing feature. With Google, scammers registered google.com subdomains via Google Sites and linked them with Google Accounts.

Not to be outdone by Apple's "Lockdown Mode," Meta is rolling out new security features for WhatsApp designed to protect high-risk users—journalists, activists, and government officials, for example—from cyber attacks. Strict Account Settings is a "lockdown-style" mode that builds on the platform's existing end-to-end encryption, adding stronger privacy features and additional restrictions against unknown contacts.

For most WhatsApp users, this level of lockdown is overkill. However, people with access to sensitive data that is potentially valuable to threat actors actually have been targeted with spyware campaigns through messaging platforms like WhatsApp, so for users like that, it may be a lifesaver. (In the last year, WhatsApp has also patched multiple zero-day exploits that allowed spyware to proliferate.)

As noted, the new WhatsApp settings are similar to Apple's Lockdown Mode, an OS-level feature that blocks attachments, link previews, and communication from unknown contacts alongside some other settings changes. It also disables wired connections to external devices and a range of web features. Android's Advanced Protection offers similar functionality.

How WhatsApp's Strict Account Settings protects high-risk users

Strict Account Settings automatically enables existing privacy and security settings and adds a host of restrictions to users' communication and visibility on WhatsApp.

• Two-step verification and security notifications, which alert you if a contact's security code changes, are turned on.

• Link previews are disabled

• High volumes of messages from unknown accounts are blocked

• Only your contacts or those added to a pre-established list can see information about you, including your last seen and online, profile photo, about details, and links on your profile.

• Only known contacts or those on your pre-established list can add you to groups.

How to enable Strict Account Settings on WhatsApp

These controls can be enabled by going to Settings > Privacy > Advanced and toggling on Strict account settings. Settings must be changed on your primary device and cannot be updated on the web. Note that the feature will roll out gradually over the coming weeks, and may not be immediately available.

If you filed a claim last year as part of the Siri class action suit against Apple, your payment is on the way. According to the settlement website, class payment distribution began on Jan. 23, and many users on Reddit report that funds have landed in their bank and payment apps over the last several days.

If you see a deposit from "Lopez Voice Assistant" or some variation, it's not a scam. The settlement allowed class members to opt for payment via direct deposit (ACH) as well as electronic or paper check, which will be delivered through email or regular mail, respectively.

Some class members are reporting that they received their funds via a different method than they expected, so if you submitted a claim, keep an eye on your transactions as well as your mailboxes to confirm receipt. Note that payouts are being distributed in batches and may take a few days to arrive.

What is the Apple Siri settlement?

Last year, Apple agreed to a $95 million settlement to resolve a class action lawsuit over privacy concerns with Siri-enabled devices. Users whose devices may have activated and recorded conversations without their knowledge were able to claim compensation. Initially, the settlement was set to pay out $20 per device—iPhone, iPad, Apple Watch, Mac, HomePod, iPod touch, and Apple TV were all eligible—for up to five devices per individual claimant.

However, due to the final class size, the payout came to just $8.02 per device up to a maximum of $40.10.

If you have questions about the settlement and want to speak with an administrator, you can call 888-981-4106 and select option 0 on the main menu. You may have to leave a message and request a callback.

The 2026 tax filing season has begun, which means you can now submit your return for the 2025 tax year and start the clock on receiving any refund you're due. The IRS expects more than 164 million tax returns to be filed by the April 15 federal deadline this year. The sooner you complete your return, the sooner you'll get your money back (and the longer you'll have to prepare to pay any balance owed). Luckily, the IRS makes it easy to check the status of your refund online. Here's everything you need to know to track your 2025 federal tax refund.

Wait at least 24 hours after filing

The IRS needs time to process your tax return, so you'll have to be patient before checking your refund status. If you e-filed, you can check as soon as 24 hours after the IRS received your tax return. For paper returns, you'll need to wait at least four weeks before checking.

Have your information ready

To check your refund status, you'll need to provide your Social Security number or Individual Taxpayer Identification Number (ITIN), filing status (single, married filing jointly, etc.), and the exact refund amount you're expecting.

Use the IRS2Go App or IRS.gov website

The IRS offers a mobile app called IRS2Go and an online refund tracking tool. Both allow you to check the status of your federal tax refund. On the IRS2Go app, you'll tap "Refund Status" and enter your information. On the IRS.gov refunds page, click "Check Your Refund."

Note that the "Where's My Refund?" tool is updated once daily, typically between 4 a.m. and 5 a.m. ET, so you don't need to keep refreshing throughout the day.

Understand the refund status meaning

The IRS provides a refund status that explains where your refund is in the process:

• Return Received: The return is being processed.

• Refund Approved: The refund has been approved and is in the queue for payment.

• Refund Sent: The refund payment has been sent.

Also check for a refund date if your refund was approved to get the expected deposit or mailing date.

Be patient for your refund

Most tax refunds are issued by the IRS within 21 days for returns that are e-filed (six weeks or more for paper returns). However, the IRS says refund times can vary depending on volume. Requesting your refund by direct deposit is faster than waiting for a paper check. For the 2026 filing season, most taxpayers will have to provide bank information for direct deposit, as the IRS began phasing out paper checks in September 2025.

If you're eligible for a refund for the Earned Income Tax Credit and/or the Additional Child Tax Credit, you can expect to see that deposited to your account by March 2.

What if it’s been longer than 21 days?

Don’t file a second tax return. If it’s been more than 21 days since e-filing, the IRS recommends you call them. The “Where’s My Refund?” tracker will also prompt you to call the IRS if need be.

Unfortunately, calling the IRS isn’t always a breezy, reliable solution. Once you build the resolve to call the IRS, here’s our guide to increase your odds of getting to a real human on the other end of the line.

Impersonation scams are everywhere: bad actors are constantly trying to convince you that they represent organizations like LinkedIn, PayPal, your bank, the FBI, the FTC, and the IRS as they look to steal your money and information. When it comes to phishing schemes, which typically try to trick you into handing over sensitive data or account credentials via malicious links, tech brands are (perhaps not surprisingly) among the most commonly spoofed.

A recent report from Check Point Research found that Microsoft was imitated in nearly a quarter of all branded phishing attempts in Q4 of last year—nearly double the next most-impersonated company.

The most popular brands for phishing scams

According to researchers, tech companies and social networks are consistently among the most popular brands for impersonators running phishing scams, with the following share in the final quarter of last year:

1. Microsoft: 22%

2. Google: 13%

3. Amazon: 9%

4. Apple: 8%

5. Facebook (Meta): 3%

6. PayPal: 2%

7. Adobe: 2%

8. Booking: 2%

9. DHL: 1%

10. LinkedIn: 1%

While you should always be on guard for common phishing tactics, it's wise to be especially wary of unsolicited communication from any of the companies listed—especially if that communication is related to account security and/or urges you to click a link. We've covered at least one campaign involving nearly every brand here, all of which are known and largely trusted among users, making them prime targets for these types of scams. Check Point notes that stolen Microsoft and Google credentials are particularly valuable because they're widely used in day-to-day workflows.

Common phishing tactics

Broadly speaking, a phishing scam starts with an email, text, or social media message that appears to be from a legitimate source. It likely asks you to update or verify personal information—often related to a payment or account security—with a link to what appears to be the company's website or login page. Of course, this link leads instead to a spoofed version of that site designed to harvest your credentials, credit card number, bank details, or other personal data, which scammers can then use for identity theft, account takeover, or purchase fraud.

Note that while the above methods are among the most common, phishing can also happen via phone call, voicemail, and malicious browser pop-ups.

How to protect against branded phishing attacks

As we mentioned, just because you generally trust a company doesn't mean you should blindly trust all communication from it. If you receive a message that is unprompted, sounds urgent, and is unrelated to any recent action on your part (such as a login attempt or bill payment), do not engage with it. Don't click any links, open any attachments, or respond directly. Look out for typos and other errors, including the original sender—though as scammers have found ways to appear verified, this isn't always an obvious red flag.

If you're unsure about the contents of the message, go directly to the website or app and log in to see any legitimate alerts. A password manager offers an extra layer of security here, as it'll protect you from entering credentials on a spoofed page.

Finally, enable a strong, phishing-resistant form of multi-factor authentication everywhere you can, and especially for high-use and high-value accounts like Microsoft and Google. If your credentials are compromised, threat actors won't have that additional factor to utilize them.

Tax season is here again, which means it is time to start working on preparing your return (and paying any balance due) ahead of the April 15 filing deadline. As usual, many people will have the option to file their returns for free, but the options are more limited this year, as the short-lived IRS Direct File program, which provided no-cost filing to taxpayers in 25 states, is no more.

If you want to avoid paying for the privilege of paying your taxes, here are the remaining ways to file for free in 2026.

IRS Free File

IRS Free File is one of several free filing options provided by the IRS. With Free File, you complete your tax return using guided software via a partner site, which then e-files it with the IRS. Most commonly used federal tax forms and schedules are available through Free File. However, your adjusted gross income must have been $89,000 or less in 2025 to be eligible for this option.

If you do qualify for Free File, go directly through the IRS website—you'll see a list of trusted third-party preparers with their eligibility criteria, or you can use the guided tool to find the best option for your situation. Note that some IRS partners will also file your state return for free, while others charge an additional fee.

Other ways to file your taxes for free

If you make too much for IRS Free File, you may still be able to file your taxes for free.

• Free Fillable Forms: This option is just like it sounds. You enter your information into the IRS' fillable forms using the provided instructions and file the return yourself. There are no income limits for Free Fillable Forms, but it does have limited guidance, and state returns are not included. You will still need to create a Free File account.

• Commercial tax software: If your taxes are relatively simple, you can go through tax preparation companies like TurboTax and H&R Block without paying any fees. Cash App Taxes is another free option. Note that these companies also have paid services, so make sure you understand what you are signing up for.

• Volunteer tax prep help: The IRS offers free tax prep support for eligible taxpayers through the Volunteer Income Tax Assistance (VITA) and the Tax Counseling for the Elderly (TCE) programs. Taxpayers who make less than $69,000 per year, who have disabilities, or who have limited English proficiency qualify for VITA, while TCE supports those who are age 60 and older. Enter your zip code into the locator tool to find volunteer tax prep options in your area.

• MilTax: MilTax offers free tax preparation and filing for eligible military members, including up to three state returns.

The 2026 tax filing season—for 2025 returns—begins on Jan. 26, which means scammers are ramping up efforts to steal taxpayers' information and money. These are a few of the tax-related schemes to watch out for this year.

'Tax resolution' scams

The Federal Trade Commission (FTC) is alerting consumers to a phone scam currently circulating in which callers claim to be from the “Tax Resolution Oversight Department," “Tax Mediation and Resolution Agency,” or some similar official-sounding (but fake) government organization. They will claim that you owe back taxes and say they will help you apply for an “IRS liability reduction program” (also fake).

The scammers' aim here is to collect your Social Security number (SSN) and possibly an upfront payment for their services. They will likely pressure you and create a sense of urgency with lines like “this may be our only attempt to reach you." Don't fall for it. If you do actually owe back taxes, the IRS will send you a notice via mail, and you'll have options to settle that debt directly with the agency.

Tax-related phishing scams

A common type of tax scam is the fraudulent text or email that appears to be from the IRS but is actually a phishing campaign. The FTC's most recent alert reminds consumers that any message that asks you to verify your identity in order to receive your refund is a scam. You may get a text or email "from" the IRS or your state tax authority notifying you that they've processed your refund, and all you have to do is provide some information via the link provided in order to claim it.

As with any phishing scam, doing so hands your information directly to bad actors. Neither the IRS nor your state tax office will contact you via text, email, or social media message, and you should never click links in unsolicited communication.

IRS impersonation scams

Next, there's the general category of IRS impersonation scams. Both of the above could be included here, but there's also the fake IRS letter that—with great urgency—demands sensitive personal information or payment for taxes owed. Sometimes, these letters request said payment via gift card, which is always a red flag. Letters may also say something about an unclaimed refund and request photos of your identification.

Scammers have also been known to call people about their tax bill or refund while claiming to represent the IRS or another agency that provides government benefits. They may also claim that your information is being used in some type of crime. If a caller threatens you or demands payment, hang up immediately.

Tax prep scams

If you're hiring a tax professional to help you with your return, you should vet them before handing over your information. At best, a tax preparer may lack the proper credentials and experience—at worst, they may falsify your return or pocket your refund. A "ghost" tax professional will scam you by not signing your return after they've prepared it.

You are legally responsible for your taxes, so do your due diligence and review your return carefully before signing your own name. Don't pay for services in cash, and always get a receipt.

Tax identity theft scams

This scam typically involves a scammer filing a tax return using your name and SSN and pocketing the refund—and you may not realize that you're a victim until after you've filed your real return and received a notice from the IRS about the duplicate. To prevent this, set up an identity protection PIN with the IRS. This six-digit number changes every calendar year, and no one can file a return under your SSN or individual taxpayer identification number (ITIN) without it. Note that the IRS will never ask for your IP PIN, so any communication requesting it is (also) a scam.

IRS support scams

Finally, scammers may contact you and offer paid services for something you can do for free. For example, you can easily create an IRS account online and do not need to pay someone to do it for you or hand over your personal information to a third party in the process. Anyone who offers unsolicited help to set up your account, negotiate your tax debt, or otherwise manage your return or refund (especially for a fee) is a scammer.

How to protect yourself from tax scams

As we've mentioned, stay vigilant to common scam tactics, such as unsolicited communication, a sense of urgency, and a demand for money or information. The IRS has specific ways of contacting taxpayers, and you should know how to verify that mailed notices and other forms of communication are real. You can always call the IRS directly to confirm if what you're being told is legitimate. Don't click links in texts, emails, or social media messages—instead, go directly to the IRS.gov website and access your account there.

When it comes to your return, if you're not taking the DIY route, choose a qualified tax professional, and request an IP PIN to protect your SSN against fraudulent filing. Consider filing early and electronically, which will also get your refund processed sooner.

Ideally, a winter storm is merely uncomfortable and annoying, but they can sometimes be dangerous for you and your home. This weekend, a potentially historic winter storm is bearing down on some 200 million Americans, who may face dangerously icy conditions and significant snowfall. It's important to know your area's risk and understand the meaning and potential impact of different weather terms (advisory, watch, and warning) so you can respond quickly in the event of an emergency. You should also use the next few days to take steps to prepare your home and lower the chances of damage and danger.

Winter prep starts with a thorough inspection of your property, both inside and out and top to bottom. Look for everything from roof leaks to door gaps to clogged gutters—anything that could lead to damage from snow, ice, and freezing temperatures. Make a plan for repairs and winterization to ensure your safety and comfort—not just for the next storm, but for the entire season.

Here's a quick summary of the most important tasks to take care of before the temperatures drop or the snow starts to fall.

Test your smoke and carbon monoxide detectors

This is something that should be part of your regular home maintenance, and it's especially important when you are using your furnace and fireplace regularly (considering both fire safety and indoor air quality). Follow the Environmental Protection Agency's guidelines for where to install CO detectors and how to inspect and maintain them; then check out the National Fire Protection Association's (NFPA) guidelines for smoke alarms. Make sure your fire extinguisher is handy and working as well.

Install an easy-to-read thermometer

Any thermostat will show you indoor temperature, and if you have a smart system like an Ecobee or Nest, you have real-time data at your fingertips. The CDC also recommends installing easy-to-read thermometers in locations where you'll see them frequently. This is especially important for older adults, as our sense of temperature changes as we age, increasing the risk of cold-related health issues.

Fix drafty windows and doors

Gaps around doors and windows keep your home drafty, which is uncomfortable and a waste of energy. Door sweeps, weatherstripping, and caulk can be used to fill spaces that allow cold air in. These are simple DIY fixes that go a long way toward lowering your heating bill and keeping your home warm. If your home has older windows, floor-to-ceiling thermal curtains can also help with insulation even if you lose heating.

Winterize your outdoor faucets

Before freezing temperatures arrive, make sure your outdoor plumbing is prepared—frozen pipes can burst, causing significant damage to your home. To winterize exterior faucets, remove and store hoses, shut off outdoor water, drain spigots, close them up, and insulate with covers.

While you don't need to fully winterize your indoor plumbing unless your house will be vacant for an extended period of time, you should look for pipes that are uninsulated and in or near unheated spaces and consider applying insulation sleeves or heat tape.

Check your furnace

Turn your furnace on and make sure it is working properly. Even if you don't need to heat your home right now, you don't want to scramble to schedule an emergency repair down the line when it's freezing outside. Look for common signs that your unit needs maintenance, such as unusual smells and noises, short cycling, and lack of actual heat. Replace your air filter as well.

Inspect and clean your fireplace

Your fireplace or wood stove can provide heat in an emergency. Like your furnace, they need seasonal maintenance to avoid chemical buildup and ensure proper venting, both of which impact your indoor air quality and overall safety. The NFPA recommends annual cleaning, which you can do yourself. However, if it's been awhile since your fireplace was professionally inspected and cleaned, consider scheduling a chimney sweep before you start your first winter fire. You can find one online or ask your local fire department for a recommendation.

Stock your snow supplies

If you get snow in your area, make sure your shovels are accessible and restock your ice melt. If you use a snowblower, give it a thorough inspection, replace any worn or damaged parts, change the oil, top it off with fresh gas, and start it up to make sure it runs.

Replenish your emergency kit

You should be prepared for storms during any season with a stock of disaster supplies so you and your family (and pets) can survive without outside aid for a few days if needed. We have a guide to creating an emergency kit if you don't have one already, but you should also check all supplies and replenish anything that has been used or is missing. For winter, be sure you also have sleeping bags, warm blankets, and climate-appropriate changes of clothes and shoes available.

If you're a Pixel owner, you may want to update your settings for Phone by Google. 9to5Google reports that a handful of users have experienced a bug with the Take a Message feature that records and sends audio to callers as they are leaving a voicemail.

Take a Message is a recently introduced feature for the Phone app that activates when the recipient is not available to answer (or declines the incoming call). The caller hears the following: “The person you have called is not available. Please leave a message after the tone.” If you, as the recipient, tap the Take a message notification on your device, you can see a transcript of the audio in real time and hit Answer if you want to pick up. (Take a Message will also detect spam calls and mark them with a warning.)

A few users have reported that Take a Message has activated and allowed the caller to hear the recipient's background audio as they are leaving a message. It's important to note that this is not a widespread issue, and most of the reports come from people with older Pixel devices that no longer get OS updates. According to 9to5Google, Google is investigating the reports.

Again, while this doesn't seem to be a bug affecting most Pixel users, you can disable Take a Message if you are concerned about privacy, especially with unknown callers.

How to disable Take a Message on your Pixel

Open the Phone app on your device and tap the icon in the top-left corner to open Settings. Tap Take a Message under the Call Assist section and toggle the feature off.

Another wave of malicious browser extensions capable of tracking user activity and compromising privacy have been found across Chrome, Firefox, and Edge, some of which may have been active for up to five years.

The campaign, known as GhostPoster, was identified by Koi Security in December and included 17 Firefox add-ons designed to monitor users' browsing activity. Threat actors planted malicious JavaScript code in the extension's PNG logo, which served as a malware loader to retrieve the main payload from a remote server. Researchers at LayerX have found an additional 17 malicious extensions across multiple browsers that have collectively been installed more than 840,000 times.

Ongoing GhostPoster malware campaign

According to the report from LayerX, GhostPoster initially targeted Microsoft Edge and then expanded to Chrome and Firefox. The malicious add-ons may have been active as early as 2020 and include the following:

• Google Translate in Right Click

• Translate Selected Text with Google

• Ads Block Ultimate

• Floating Player – PiP Mode

• Convert Everything

• Youtube Download

• One Key Translate

• AdBlocker

• Save Image to Pinterest on Right Click

• Instagram Downloader

• RSS Feed

• Cool Cursor

• Full Page Screenshot

• Amazon Price History

• Color Enhancer

• Translate Selected Text with Right Click

• Page Screenshot Clipper

"Google Translate in Right Click" alone had 522,398 installs. The next most popular add-on was "Translate Selected Text with Google" with 159,645 installs. Researchers also found a more sophisticated variant of the campaign in "Instagram Downloader," which had 3,822 installs.

GhostPoster malware has built-in safeguards to prevent detection—for example, activation is delayed by 48 hours, and it only communicates with remote attack servers under certain conditions. Once installed, though, extensions that are part of GhostPoster have the ability to hijack affiliate traffic (and redirect commissions to attackers), strip and inject HTTP headers to weaken security, bypass CAPTCHA, and inject iframes and scripts for click fraud and user tracking. The only sort-of good news is that the malware doesn't harvest credentials or engage in phishing.

While the malicious extensions are no longer available to add in Chrome, Edge, and Firefox, users who have them installed should remove them immediately, as they remain active until explicitly deleted.