AI-powered browser extensions continue to be a popular vector for threat actors looking to harvest user information. Researchers at security firm LayerX have analyzed multiple campaigns in recent months involving malicious browser extensions, including the widespread GhostPoster scheme targeting Chrome, Firefox, and Edge. In the latest one—dubbed AiFrame—threat actors have pushed approximately 30 Chrome add-ons that impersonate well-known AI assistants, including Claude, ChatGPT, Gemini, Grok, and "AI Gmail." Collectively, these fakes have more than 300,000 installs.

Fake Chrome extensions look like popular AI assistants

The Chrome extensions identified as part of AiFrame look like legitimate AI tools commonly used for summarizing, chat, writing, and Gmail assistance. But once installed, they grant attackers wide-ranging remote access to the user's browser. Some of the capabilities observed include voice recognition, pixel tracking, and email content readability. Researchers note that extensions are broadly capable of harvesting data and monitoring user behavior.

Though the extensions analyzed by LayerX used a variety of names and branding, all 30 were found to have the same internal structure, logic, permissions, and backend infrastructure. Instead of implementing functionality locally on the user's device, they render a full-screen iframe that loads remote content as the extension's interface. This allows attackers to push changes silently at any time without a requiring Chrome Web Store update.

LayerX has a complete list of the names and extension IDs to refer to. Because threat actors use familiar and/or generic branding, such as "Gemini AI Sidebar" and "ChatGPT Translate," you may not be able to identify fakes at first glance. If you have an AI assistant installed in Chrome, go to chrome://extensions, toggle on Developer mode in the top-right corner, and search for the ID below the extension name. Remove any malicious add-ons and reset passwords.

As BleepingComputer reports, some of the malicious extensions have already been removed from the Chrome Web Store, but others remain. Several have received the "Featured" badge, adding to their legitimacy. Threat actors have also been able to quickly republish add-ons under new names using the existing infrastructure, so this campaign and others like it may persist. Always vet extensions carefully—don't just rely on a familiar name like ChatGPT—and note that even AI-powered add-ons from trusted sources can be highly invasive.

It's once again time to update your Apple devices. The company just released a whole host of security patches, including a fix for an actively exploited zero-day affecting iOS 26, iPadOS 26, and macOS Tahoe. These updates arrived alongside the official release of iOS 26.3, which includes features like more seamless data transfer between iPhone and Android. Other security patches address bugs in Photos, VoiceOver, and Screenshots, to name a few.

iOS 26.3 patches a zero-day affecting dyld

According to Apple's latest security bulletin, the zero-day—tracked as CVE-2026-20700—is a memory corruption issue in dyld, Apple's "Dynamic Link Editor." The flaw could allow attackers with memory write capability to execute arbitrary code—or, in other words, run their own code on your device.

Apple says that the vulnerability may have been exploited in an "extremely sophisticated attack against specific targeted individuals" in earlier versions of iOS alongside CVE-2025-14174 and CVE-2025-43529. Those at greatest risk with this bug are likely high-profile users with access to sensitive data—users who might be inclined to use Apple's Lockdown Mode—but everyone should install the update to patch the issue.

The patch for this flaw is available for the following iOS and iPadOS devices, in addition to all Macs that run macOS Tahoe:

• iPhone 11 and later

• iPad Pro 12.9-inch 3rd generation and later

• iPad Pro 11-inch 1st generation and later

• iPad Air 3rd generation and later

• iPad 8th generation and later

• iPad mini 5th generation and later

How to install the latest security update for iPhone

You should have automatic updates enabled to ensure you receive critical security patches ASAP, but you can confirm that you're on the latest OS version under Settings > General > Software Update. As a reminder, Apple won't message you urging you to click links, download attachments, or install apps related to security updates. Always go through your device settings to receive official fixes.

Threat actors don't have to work that hard to obtain sophisticated malware to deploy against unsuspecting targets. A new spyware platform known as ZeroDayRAT is reportedly being sold on Telegram, complete with customer support and updates.

According to mobile security company iVerify, this aggressive spyware grants full remote control over devices running Android 15 through 16 and iOS versions up to iOS 26. Once deployed, it allows everything from user profiling and location tracking to live surveillance and financial theft.

What ZeroDayRAT can gather from your device

This spyware has wide-ranging capabilities that, according to iVerify, have traditionally been found on platforms sponsored by state actors. Here's a look at what ZeroDayRAT can do:

• Collect information about the device, such as model, OS, battery, country, lock status, SIM and carrier info, app usage, live activity, and SMS message previews. This allows threat actors to develop user profiles for further targeting.

• Pull GPS coordinates, capture notifications from apps and systems, and harvest account information, such as usernames and emails.

• Send SMS messages and receive verification codes to bypass two-factor authentication.

• Log keystrokes (including biometric unlocks, gestures, and app launches), access the camera and microphone, and screen record.

• Log crypto wallet addresses and target banking and payment app credentials via overlay attacks.

How to protect against spyware

ZeroDayRAT can infect your device only if a malicious binary—an APK on Android or iOS payload—is downloaded and installed. These may be distributed through phishing, such as links sent via emails, texts, or messaging platforms, as well as in fake app stores.

All standard guidance for avoiding scams and malware applies: never click links in unsolicited communication, including conversations in apps like Telegram and WhatsApp, and only download apps and extensions from official, trusted sources.

Users at high risk of being targeted and anyone who wants an extra layer of security can consider enabling Lockdown Mode (iOS) or Advanced Protection (Android).

Microsoft's February security update is a big one. This latest "Patch Tuesday" fixes 58 vulnerabilities in total, six of which are zero-day flaws. As a reminder, a zero-day is a vulnerability that has been either actively exploited in the wild or publicly disclosed before an official fix is released by the developer.

As BleepingComputer reports, security flaws were found in the following categories: 25 elevation-of-privilege vulnerabilities, five security feature bypass vulnerabilities, 12 remote code-execution vulnerabilities, six information disclosure vulnerabilities, three denial of service vulnerabilities, and seven spoofing vulnerabilities. Three of the elevation of privilege vulnerabilities and two of the information disclosure vulnerabilities are considered "critical." (These numbers do not include the three Microsoft Edge vulnerabilities patched earlier in February.)

Patch Tuesday updates are typically released around 10 am PT on the second Tuesday of every month, and your device should receive them automatically. BleepingComputer reports that this month's release also includes Secure Boot certificate updates for 2011 certificates that are expiring in June.

Six zero-days patched in February

Three of the six actively exploited zero-days fixed in February are security feature bypass vulnerabilities:

• CVE-2026-21510: This is a flaw the Windows Shell that allows an attacker to execute content without warning or gaining user consent, though the user does need to open a malicious link or shortcut file.

• CVE-2026-21513: This MSHTML Framework vulnerability allows an unauthorized attacker to bypass a security feature over a network. Microsoft has not released details on how this flaw was exploited.

• CVE-2026-21514: This vulnerability in Microsoft Word allows an attacker to bypasses OLE mitigations in Microsoft 365 and Microsoft Office once a user has opened a malicious Office file.

All three of the above flaws have been attributed to Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), Office Product Group Security Team, and Google Threat Intelligence Group along with an anonymous researcher for CVE-2026-21510 and CVE-2026-21514.

Two of the zero-days are elevation of privilege vulnerabilities. CVE-2026-21519 is a Desktop Windows Manager flaw that allows an attacker to gain SYSTEM privileges, while CVE-2026-21533 is a Windows Remote Desktop Services flaw that allows an attacker to elevate privileges locally. The former has been attributed to MSTIC and MSRC, while the latter was discovered by the Advanced Research Team at CrowdStrike.

Finally, CVE-2026-21525 is a denial of service vulnerability in the Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally. This flaw was discovered by the ACROS Security team with 0patch—it was reportedly found in a public malware repository in December 2025.

If you were affected by 23andMe's data breach—which involved the information of approximately 6.4 million U.S. residents—you have just a few more days to claim your compensation. Following the 2023 credential-stuffing attack, 23AndMe in 2024 agreed to a $30–$50 million payout for impacted consumers. The genetic testing company then filed for Chapter 11 bankruptcy in 2025 (introducing new privacy concerns around the potential sale of customer data). The courts approved the deal last month, and class members have until Feb. 17 to submit claims related to the cyber incident.

How much you'll receive from the 23andMe settlement

There are several tiers of payouts with the 23andMe settlement. Users with an "extraordinary claim"—those who experienced identity theft or fraudulent tax filings as a result of the breach—could qualify for up to $10,000 to reimburse verified expenses, including costs for physical or cyber security systems as well as mental health treatment.

Claimants who received notices that certain health information was leaked in the breach will be paid up to $165. Eligible data include raw genotype data, health reports (including health predisposition reports, wellness reports, and carrier status reports), and self-reported health conditions. Individuals residing in Alaska, California, Illinois, and Oregon will receive an additional $100 thanks to state privacy laws. Note that payments will likely take time to be distributed.

The settlement also provides for five years of identity monitoring services through a customized program called Privacy & Medical Shield + Genetic Monitoring. This is available to all class members regardless of payout.

How to file a 23andMe claim

Consumers who were impacted by the 2023 data breach can file a Cyber Security Incident Claim, which must be submitted by Feb. 17, 2026 (unless you received a notice in 2026 indicating otherwise). To be eligible, you must have been a 23andMe customer between May 1, 2023 and October 1, 2023 and have received a notice (via letter or email) that your information was compromised in the breach. You also must attest that you incurred damages (monetary or non-monetary) as a result of the incident.

Claims can be filed online via the settlement website, or you can mail a hard copy of your claim form (postmarked by Feb. 17) to the address listed. To complete a claim, you must provide some personal information as well as details about the harm incurred with supporting documentation, such as bank or credit card statements substantiating losses.

With iOS 26, Apple made it easier for users to reduce spam and overall clutter in their Messages inbox. Your iPhone will detect and hide spam messages, and with the Screen Unknown Senders feature, you can filter out texts from anyone you don't know. You can also disable push notifications for these conversations to reduce how often you're alerted for messages you don't need to see.

Note that this feature works only on iOS, so if you have Messages synced on your Mac, you'll see everything and receive notifications for all messages unless you mute specific conversations.

How to reduce clutter in Messages on iOS

To send messages from numbers you don't know to a separate folder, go to Settings > Apps > Messages and toggle on Screen Unknown Senders. You can also get here through the Messages app on your iPhone by tapping the three horizontal menu lines in the top-right corner and selecting Manage Filtering. Enabling Screen Unknown Senders will hide notifications and move messages to your Unknown Senders list. If you want to allow (or disallow) certain types of notifications, tap Allow Notifications and toggle categories on or off:

• Time Sensitive includes alerts, verification codes, and urgent requests.

• Personal includes messages identified as not sent by a business or organization.

• Transactions include order updates, receipts, and confirmations.

• Promotions include general offers and updates sent to multiple recipients.

Most users will want to enable time-sensitive notifications to receive messages that include time-based one-time passwords (TOTPs) and other urgent alerts. You may also want to allow personal notifications so you don't miss messages directed to you individually from real people who aren't saved in your contacts.

When you allow notifications, texts identified in those categories will appear in your Messages list for only 12 hours before being moved to Unknown Senders—a behavior that keeps your primary inbox streamlined. If you want to make an unknown sender a known sender to prevent future messages from being filtered out, open the conversation and tap Mark as Known at the bottom or add the number to your contacts. A known sender is anyone you've added to your Contacts, sent a message to, or marked as known in the conversation.

Finally, if you enable Filter Spam under the same menu in your device settings, Apple will send messages identified as spam to a separate Spam list and hide notifications. You can view these and conversations from unknown senders at any time via Messages > Menu.

Browser extensions, even ones from trustworthy sources, are not without privacy and security risks. I've written before about add-ons that manage to slip through official store safeguards and even some that "wake up" as malware after operating normally for several years, so it should come as no surprise that a host of AI-powered browser extensions—collectively installed by tens of millions of users—may also be invading your privacy.

Researchers at data removal service Incogni looked at browser extensions available in the Chrome Web Store that included "AI" in their name or description and employed AI as part of their core functionality. By analyzing the data collected and permissions required, they assessed both how likely extensions are to be used maliciously and their potential to cause significant damage if compromised.

AI-powered browser extensions collect extensive user data

Incogni found that website content, such as text, images, sounds, videos, and hyperlinks, was the most commonly collected data type (by nearly a third of AI-powered extensions). More than 29% of extensions investigated harvest personally identifiable information (PII)—name, address, email, age, identification number, for example—from users. Other forms of data collected include user activity, authentication information, personal communication, location, financial and payment information, web history, and health information.

The most invasive extensions fall in the programming and mathematical aid category (such as Classology AI and StudyX), followed closely by meeting assistants and audio transcribers. Writing and personal assistants also pose privacy risks—and many of these are also among the most downloaded AI-powered extensions in Chrome.

How popular AI-powered Chrome extensions stack up on privacy

Incogni also assigned "privacy-invasiveness" scores to the most downloaded AI-powered extensions, a combination of the amount of data collected and both general and sensitive permissions required:

1. Grammarly: AI Writing Assistant and Grammar Checker App (tied for #1)

2. Quillbot: AI Writing and Grammar Checker Tool (tied for #1)

3. Sider: Chat wiht all AI (tied for #3)

4. AI Grammar Checker & Paraphraser — LanguageTool (tied for #3)

5. Google Translate (tied for #4)

6. WPS PDF — Read, Edit, Fill, Convert, and AI Chat PDF with Ease (tied for #4)

7. Monica: All-in-One AI Assist (tied for #4)

8. AI Chat for Google (tied for #4)

9. Immersive Translate — Translate Web & PDF

10. ChatGPT search

Grammarly and Quillbot were found to collect PII and website content as well as location data like region, IP address, and GPS coordinates. Grammarly also harvest user activity through network monitoring, clicks, mouse and scroll positions, and keystroke logging. While both also require sensitive permissions—such as the ability to inject code into websites and access active browser tabs—they have a relatively low risk of being used maliciously.

How to protect your personal information

Browser extensions that use AI aren't inherently bad, but you should be aware of what information they are collecting and what permissions they are requiring. The most common type of sensitive permissions required are scripting, which allows the extension to interact with pages as you navigate online, as well as activeTab, which lets it read or modify the page for the current session.

When adding an extension (or installing an app or program), carefully review the permissions requested. If they aren't essential to the extension's functionality–or if they are but don't seem justified—you may be putting your data or device at risk by allowing them. As Incogni points out, users have to decide how much privacy to sacrifice in order to use apps and services.

If you receive an event invitation via email, verify it's legit before you RSVP, as you may not actually be invited to anything. Malwarebytes Labs has identified a new scam in which threat actors are using party invites to trick users into installing a remote access tool (RAT) that gives them full control over infected devices. (This specific campaign seems to be limited to the UK, but similar tactics could easily spread.)

These malicious invites contain a ScreenConnect installer

The scam starts with an innocuous-looking email invitation with an informal "Save the Date" vibe that may appear to come from a friend or acquaintance. The message contains a link to "View Invitation" for event details. If you click through, you'll end up on a landing page with a bold "You're Invited" header and a button to download your invitation, but you don't actually need to take any further action—your browser automatically triggers the download of a .msi file, which is not actually a party invitation or RSVP form but an installer.

The MSI silently installs ScreenConnect Client, a legitimate IT support tool that allows remote access into the user's machine. Once this connection is established, attackers have the ability to see your screen, control your mouse and keyboard, and upload or download files—even if you restart your computer. All of this happens in the background with no obvious indicators that a remote access tool has been installed and is now running, so victims are unlikely to have cause for concern.

You should know these remote access red flags

As Malwarebytes points out, this scheme is successful because it relies on normal human behavior around a seemingly low-risk situation: opening an event invitation. What's unusual is that there's little pressure or urgency in the initial message. Instead, the landing page has language like "a friend has sent you an invitation" and "I opened mine and it was so easy," which is a form of social proof that guides users to take the desired action.

You should always be alert to unsolicited invites sent via regular email with a link to an external site as well as any communication that prompts you to download or install software. These days, invitations are commonly delivered through apps and digital services like Partiful, Paperless Post, Evite, or Apple Invites, which are generally more trustworthy than random emails with hyperlinked text. If you're unsure whether the invite is real, verify with the sender through another channel before clicking or downloading anything.

As mentioned, victims of this scam may not immediately notice that a RAT has been installed on their device. But there are some red flags, such as unexplained cursor movement or windows opening or closing on their own. You can check your machine for a file named "RSVPPartyInvitationCard.msi" or a service called ScreenConnect Client with additional random characters in the title.

If you've already downloaded ScreenConnect from a malicious invite, Malwarebytes recommends disconnecting from the internet and uninstalling the program immediately. Run a security scan to check your device for malware, and change important passwords from a separate device.

We may earn a commission from links on this page.

Super Bowl LX kicks off on Sunday, Feb. 8 at 6:30 p.m. ET. This year's broadcast, hosted on NBC, includes pregame coverage starting at 1 p.m. ET and a pregame show featuring Green Day at 6 p.m. ET. Even if you don't have cable, there are a few ways, both paid and free, that you can watch all the action live from Levi's Stadium in Santa Clara, CA.

You can watch Super Bowl LX on Peacock

The game will be shown on NBC-owned streaming service Peacock, which is available on the web as well as iOS, Android, smart TVs, and gaming consoles. Peacock doesn't have a free trial, and you have to subscribe to the middle tier—Peacock Premium, which costs $11 per month—to get live sports. Or you can pay $17 per month for ad-free Premium Plus (live sports still have ads).

There are a few ways to get around subscribing at full price. Peacock Premium is a perk of both a Walmart+ subscription ($98 per year after a 30-day free trial) and an Instacart+ subscription ($99 per year after a 14-day free trial), so if you have or would benefit from either of these services, now may be the time to sign up. Students qualify for a discounted rate of $6 per month for Peacock Premium. Note that Peacock will also have streaming and on-demand coverage of the Winter Olympics, which begin this weekend, so subscribing for a month may be well worth $11.

Sign up for a live TV streaming service

There are a handful of streaming services with live TV that include NBC. Before signing up, check the channel listings for your zip code to confirm NBC is available in your local market.

• DirectTV Stream: $50 per month for the first month with current promotions, 5-day free trial

• Hulu + Live TV: $90 per month, 3-day free trial (includes ads on Hulu)

• YouTube TV: Currently $70 per month with promo, 21-day free trial for new users

• Sling TV (in limited markets): $46 per month

When signing up for a free trial, make sure you know when you'll be billed for a paid subscription and cancel before your trial expires. The game will be available in 4K for YouTube TV subscribers (included in the free trial but at an additional fee or at a higher tier with paid plans). The Spanish-language broadcast will be on Telemundo, which is also available on most live TV streaming services.

How to watch Super Bowl LX over the air

Another free (ish) way to get the game is with over-the-air (OTA) TV. Of course, this requires you to invest in a digital TV antenna and have a place to put it that gets good reception. You should check the FCC's reception map to see what signals are available in your area and try your antenna out before game day. Your mileage may vary, so if you want a stress-free watch experience, this probably isn't the best option.

Other ways to watch the Super Bowl

You can also watch the game through the NFL+ mobile app—a subscription costs $7 per month. Fubo previously carried NBC channels but has been in a contract dispute with NBCUniversal since last 2025.

A useful feature baked into iOS 26 is the ability to autofill credit cards stored in Apple Wallet across apps and browsers. If you don't use a password manager (which you absolutely should), AutoFill via Apple Wallet saves you the trouble of having to manually enter your credit card information every time you want to make a purchase on your phone. Even if you have a password manager, though, not all plans allow payment card storage and autofilling, and the feature can be clunky on those that do.

As 9to5Mac points out, AutoFill for credit cards was already available in Safari and is now supported systemwide, managed through Apple Wallet.

How to set up and use AutoFill in Apple Wallet

First, you'll need to add your payment cards to Apple Wallet's autofill list (which is separate from your general wallet). Tap the three dots in the upper-right corner and select AutoFill. Tap Add Card to input card details manually or use the camera scan feature. The security code is optional, meaning you can add and store it in Apple Wallet AutoFill or enter it for each transaction.

To autofill saved credit cards, simply tap any form field to bring up the Paste/AutoFill option. Select AutoFill > Credit Card, authenticate with Face ID or Touch ID, and tap the card you want to enter. You'll have to repeat the process for each field, as Apple Wallet won't autofill the whole form at once.

A new phishing campaign identified by Malwarebytes Labs targets AT&T customers with text messages about expiring rewards points. Users are urged to claim their rewards ASAP by clicking the included link, which is actually designed to harvest sensitive personal information.

AT&T rewards scam phishes personal information

Targets for this scam have received texts containing a "Rewards Expiration Notice" urging them to redeem points in their AT&T account before they are scheduled to expire. The message includes a specific points balance and expiration date along with two "recommended redemption methods":

• AT&T Rewards Center: [shorturl link]

• AT&T Mobile App: Rewards section

As Malwarebytes discovered, the short link sends users to a https://att.hgfxp[.]cc/pay/, a spoofed website with AT&T branding, headers, menus, and links out to the real AT&T domain. Users are directed to enter their phone number to verify their account, which leads to a screen warning that their points are set to expire. Further down, you can see redemption options, including an Apple Watch Series 9, Sony WH-1000XM4 Wireless Headphones, and Amazon gift cards.

In order to claim a reward and arrange delivery, victims are then prompted to enter more personal information—which is transmitted directly to the scammers. Malwarebytes notes that the forms have real-time validation and error highlighting so users are less likely to suspect the fraud.

Rewards scam red flags

This scam relies on social engineering tactics—like a sense of urgency and the fear of missing out—to trick targets into engaging. And while it does have a somewhat believable look and feel as well as a multi-step approach to build user trust, it also has some clear red flags. The text originates from a regular phone number rather than a short code, which is often used for automated messages, and the sender doesn't appear as a recognized AT&T contact. The thread also includes multiple recipients and a generic greeting. (A legitimate message from AT&T will be sent directly to you.)

Then there's the shortened URL that leads to a website not owned by AT&T. While the page has some realistic branding and working links, it also has a number of typos and grammatical and formatting errors. Malwarebytes found that if you click the link on different days, the expiration date on the site changes.

As always, don't click links in unsolicited texts. AT&T does have a rewards program, but you should go directly to that portal via the web or app to manage your rewards.

Identity thieves are now using college enrollment to take out student loans in victims' names. This so-called "ghost student" scam capitalizes on limited verification for online class sign-ups and the federal aid application process to steal millions in funds while assigning the debt to unsuspecting targets.

I personally have been a victim of this scam, which I discovered only after an outstanding student loan debt landed on my credit report in 2024. Here's how the scheme works.

'Ghost student' scam relies on stolen identities

To run this scam, fraudsters use stolen or fake identities to enroll "ghost students" in online classes while also applying for federal student aid, including Pell grants and loans. Of course, they never actually attend those classes, instead disappearing with the money and placing the resulting financial burden on the individuals and schools they've conned.

In my case, scammers had used just enough accurate personal information to "enroll" at a community college in southern California and take out a Pell grant in my name. However, because the enrollment was fraudulent, the grant was considered overpaid and sent to collections via the U.S. Department of Education—which is how it landed on my credit record.

According to the U.S. Department of Education's Office of Inspector General (OIG), this type of fraud blew up with the shift to online and remote learning, particularly at community colleges that offer open enrollment (and generally engage in limited verification of applicant information). Increasingly, AI tools also likely help scammers to expand their reach with enrollment and loan applications and get past identity verification checks.

The scheme has affected schools across the country. In California alone, nearly a third of all applicants to community colleges in 2024 were identified as fake. A handful of individuals have been sent to prison after stealing millions in "ghost student" financial aid, but the OIG still has 200 investigations open.

For individuals targeted by the ghost student scam, the consequences are essentially the fallout of identity theft, such as debt falsely assigned to you that negatively affects your credit or the inability to get legitimate student loans (or any other type of credit) when you actually need them.

It also forces you into a long and arduous process of disputing the fraud: I spent several months going back and forth between the Department of Education, the community college, the credit bureaus, and an attorney to track down the fraudulent applications, file identity theft reports, provide extensive documentation proving that I wasn't responsible for the debt, and get the information removed from my record.

How to protect your identity from student loan fraud

Unfortunately, the ghost student scam circumvents a standard anti-fraud safeguard because most federal student aid doesn't require a credit check. (My credit record had been frozen for years, and still was at the time that this fraud took place.) While you should absolutely freeze your credit and thaw it temporarily only when needed, this step may not prevent bad actors from using your information to apply for grants and loans.

Because this scam is a form of identity theft, you should take every precaution to safeguard your personal information. Given the ubiquity of data breaches and hacks, you can assume a lot of it is already out in the open, but that doesn't mean you can't lock accounts down and practice good digital hygiene. Credit fraud alerts and a regular review of your credit reports will help you catch any suspicious activity quickly.

Some iOS users are getting an extra layer of privacy when it comes to how their location data is shared. Limit Precise Location is a new setting that prevents some Apple devices from broadcasting specific locations to cell carriers.

Precise location sharing is useful, even essential, in some cases, such as when you're navigating with your maps app. But you may not want to constantly be sending your exact address to your phone provider, where it could be used for malicious purposes. If you enable Limit Precise Location, your iOS device will share your general area instead.

Precise location sharing comes with privacy risks

As TechCrunch points out, precise location sharing introduces a whole host of privacy and security risks. Cell carriers have been targeted by hackers, compromising sensitive customer data. Surveillance vendors and law enforcement agencies may also use location information broadcast via cellular networks for the purposes of real-time and ongoing tracking.

Users already have the option to disable precise location sharing at the app level on both iOS and Android for apps that don't need GPS coordinates to function—which is most of them. This allows you to prevent companies from receiving (and selling) your exact location data when a general location is sufficient. Limit Precise Location won't change these app-specific settings.

For now, the feature is available only on select Apple models—the iPhone Air, iPhone 16e, and iPad Pro (M5) Wi-Fi + Cellular—running iOS 26.3 with a limited number of global carriers:

• U.S.: Boost Mobile

• UK: EE, BT

• Germany: Telekom

• Thailand: AIS, True

Apple says that even with this setting enabled, emergency responders will still be able to pinpoint exact location during an emergency call.

How to disable precise location sharing

If you have a supported device with a partner carrier, go to Settings > Cellular and tap Cellular Data Options (you may need to select the specific line under SIMs if you have more than one). Scroll down and toggle Limit Precise Location sharing off.

Unsolicited texts are annoying—and even more so if they keep coming from a legitimate sender after you've opted out. If you received text spam from Kaiser Permanente, you may be eligible for a cash payout for each message.

The healthcare company, which serves over 12.5 million members, recently settled a $10.5 million class action lawsuit filed over marketing text messages sent after recipients tried to opt out. The suit, filed in August 2025, claimed that Kaiser Permanente failed to honor opt-out requests. Those with a valid claim may receive up to $75 per qualifying text.

Are you eligible for the Kaiser settlement?

To qualify for a payout from this settlement, you must have received more than one text message from Kaiser Foundation Health Plan Inc. within a 12-month period—between Jan. 21, 2021 and Aug. 20, 2025—after sending a "stop" or similar opt-out request. (Note that the confirmation of your request does not count.)

According to the settlement website, there are two separate classes covered by suit: one for message recipients in Florida and one for the U.S. as a whole.

How to claim your settlement cash

To get your cash, you'll need to submit a valid claim form by Feb. 12, 2026. You can complete your claim online if you received a notice of eligibility via mail or email containing a unique ID and PIN. If you did not get a notice, you'll have to download and submit a paper claim form to the settlement administrator. Hard copy claims must be postmarked by Feb. 12.

While the maximum per-text payout is $75, the final amount may be less depending on how many claims are filed. Payments could take months to distribute while settlement details are finalized, so don't expect the funds to arrive immediately.

Before you head out to a protest, take some precautions to protect your privacy and both the physical and digital security of any device you bring along. The most secure option, of course, is to leave your phone at home, but you can also lock things down to minimize the risk that your data will be accessible to law enforcement or someone who gets hold of your device.

Thankfully, both iOS and Android have built-in device encryption if you're using a passcode, meaning that your device's data cannot be accessed when it is locked. (On Android, go to Settings > Security to ensure Encrypt Disk is enabled). You'll want to maximize this protection with the following privacy settings.

Turn off face and fingerprint scanning

At an absolute minimum, you'll want to disable biometric access, such as face and fingerprint authentication, on your device in favor of a passcode or PIN. As the Electronic Frontier Foundation notes, this minimizes the risk of being physically forced to unlock your device and may provide stronger legal protections against compelled decryption.

On iOS, go to Settings > Face ID & Passcode and toggle off iPhone Unlock. You can also set up a stronger passcode—a custom numeric or alphanumeric code—under Change Passcode. On Android, you'll find the option to delete your fingerprint in favor of your PIN or screen lock pattern under Settings > Security & Privacy > Device Unlock > Fingerprint.

Limit location tracking

Again, the best option to prevent your location from being tracked is to coordinate any details in advance and leave your phone at home. If you must bring it along, keep it off unless you absolutely need to use it.

You can turn on Airplane Mode in advance, as well as disable Bluetooth, wifi, and location services, which keeps your device from transmitting your location. However, note that some apps may still be able to store GPS data and transmit it when an internet connection is available—so again, the safest bet is to keep your device off for the duration.

Airplane Mode can be enabled (and wifi and Bluetooth disabled) in your device's settings or quick access menu. On Android, go to Settings > Location to disable location services and turn off Location History in your Google account. On iOS, head to Settings > Privacy & Security > Location Services to disable locations entirely.

Turn off previews and notifications

Temporarily disable notifications and screen previews so that if someone gets your device, they won't be able to glean any information from your lock screen. You can adjust these options under Settings > Notifications on iOS and Settings > Apps & notifications > Notifications on Android.

Adjust screen lock time

Minimize your screen lock time to as short a period as possible so that your screen turns off when you're not actively using it and will require authentication to reopen. On iOS, go to Settings > Display & Brightness > Auto-Lock and select 30 seconds. The exact path on Android may vary, but typically you'll find this under Settings > Display or Lock Screen.

Know that most devices have camera access from the lock screen, so you can take photos or record video without actually unlocking your device.

Enable app pinning or Guided Access

App pinning (Android) and Guided Access (iOS) are features that prevent others from navigating through your phone beyond a specific app or screen. This allows you to use an essential feature on your device while locking the rest behind your PIN or passcode. You can enable this preemptively, and if someone grabs your device, they won't be able to snoop around.

You can find this setting on Android under Security or Security & location > Advanced > App pinning and on iOS under Settings > Accessibility > Guided Access.

Use a SIM PIN

You can also lock your SIM card to prevent unauthorized use of your device or SIM card, including access to two-factor authentication codes sent via SMS. This PIN will be required any time your phone restarts or if someone tries to use your SIM card in another device. On iOS, go to Settings > Cellular, select your SIM, and tap SIM PIN. On Android, you'll find this under Settings > Security > More security settings (the exact path varies by device).

Sign out of, hide, or delete apps

This step will vary depending on what you keep on your phone and your risk tolerance, but you may want to consider signing out of your social media accounts and deleting apps that contain or allow access to sensitive data.

On iOS, you can also lock or hide specific apps: the former requires an extra authentication step to open apps on your home screen, while the latter sends apps to a hidden folder that also requires authentication to unlock. Touch and hold an app icon to bring up the quick actions menu, then tap Require Face ID/Require Passcode.

On Android, you can set up a "private space" to lock apps behind your pattern, PIN, or password. Apps are hidden from the launcher and recent views as well as quick search. Go to Settings > Security & privacy > Private space, authenticate with your screen lock, and tap Set up > Got it.

If necessary, turn on Lockdown Mode or Advanced Protection

Both iOS and Android have strict device-level security modes that significantly limit access to certain app and web features as well as blocking changes to settings. Both were designed with journalists, activists, and other users with access to sensitive data that may be targeted by cyber actors in mind. These settings are overkill for day-to-day use but add a potentially helpful layer of security in high-risk situations.

Enable Lockdown Mode on iOS via Settings > Privacy & Security > Lockdown Mode. On Android, turn on Advanced Protection under Settings > Security & privacy > Advanced Protection.

Protect your privacy after a protest

While the above steps are largely about securing your data during a protest, you should also follow best practices for protecting privacy (yours and others') after the fact. If you plan to post photos or videos, utilize blurring tools to block faces and other unique identifying features, and scrub file metadata, which includes information like photo location. You can do this by taking a screenshot of the image to post or sending a copy to yourself in Signal, which automatically strips metadata. Signal also has a photo blurring tool, or you can blur in your device's default photo editing app.

As scammers continue to find ways to impersonate known brands, users should remain wary of spam-like emails—even if they appear to come from a legitimate company address.

Ars Technica has identified a scheme that abuses a Microsoft subscription feature to send phishing emails from no-reply-powerbi@microsoft.com, a real address that the company advises users to add to their allow lists.

How the Microsoft Power BI scam works

Users targeted with this scam have received emails from an address connected to Microsoft Power BI, a business analytics platform. The messages include (fake) billing receipts with large purchase amounts from services like PayPal, Norton LifeLock, and Microsoft 365 and a phone number to call to dispute the transaction.

Scammers on the other end of the line may try to convince you to install a remote access application that allows device takeover or will otherwise extract personal information. As with any phishing scam, engaging in any way—calling the number, responding to the email, or clicking links—could put your data and your device at risk.

The emails themselves are full of typos and grammar errors and urgent calls to action that are, in most cases, completely unrelated to Microsoft itself. Many users would spot these red flags and know to simply delete the message. However, threat actors capitalize on the trust users have in the brands they're exploiting along with scare tactics to trap some people in the scheme.

This is also far from the first phishing scheme of its kind: Threat actors have sent malicious emails from legitimate PayPal and Google addresses (to name just two) by exploiting similar loopholes. In the case of PayPal, fraudulent purchase notifications sent from service[at]paypal[dot]com abused the platform's subscription billing feature. With Google, scammers registered google.com subdomains via Google Sites and linked them with Google Accounts.

Not to be outdone by Apple's "Lockdown Mode," Meta is rolling out new security features for WhatsApp designed to protect high-risk users—journalists, activists, and government officials, for example—from cyber attacks. Strict Account Settings is a "lockdown-style" mode that builds on the platform's existing end-to-end encryption, adding stronger privacy features and additional restrictions against unknown contacts.

For most WhatsApp users, this level of lockdown is overkill. However, people with access to sensitive data that is potentially valuable to threat actors actually have been targeted with spyware campaigns through messaging platforms like WhatsApp, so for users like that, it may be a lifesaver. (In the last year, WhatsApp has also patched multiple zero-day exploits that allowed spyware to proliferate.)

As noted, the new WhatsApp settings are similar to Apple's Lockdown Mode, an OS-level feature that blocks attachments, link previews, and communication from unknown contacts alongside some other settings changes. It also disables wired connections to external devices and a range of web features. Android's Advanced Protection offers similar functionality.

How WhatsApp's Strict Account Settings protects high-risk users

Strict Account Settings automatically enables existing privacy and security settings and adds a host of restrictions to users' communication and visibility on WhatsApp.

• Two-step verification and security notifications, which alert you if a contact's security code changes, are turned on.

• Link previews are disabled

• High volumes of messages from unknown accounts are blocked

• Only your contacts or those added to a pre-established list can see information about you, including your last seen and online, profile photo, about details, and links on your profile.

• Only known contacts or those on your pre-established list can add you to groups.

How to enable Strict Account Settings on WhatsApp

These controls can be enabled by going to Settings > Privacy > Advanced and toggling on Strict account settings. Settings must be changed on your primary device and cannot be updated on the web. Note that the feature will roll out gradually over the coming weeks, and may not be immediately available.