memoment editorial

Key Takeaways: A coordinated phishing attack has breached sensitive patient data at multiple cancer care providers in the U.S. The breach exposed personal health information, including names, addresses, diagnoses, and financial data. More than 130,000 individuals have been impacted, and steps are being taken to protect affected individuals. A phishing campaign has compromised the data […]

NEWYou can now listen to Fox News articles!
Hackers are actively exploiting a new zero-day bug in Microsoft’s SharePoint Server software. The same software is used by key U.S. government agencies, including those tied to national security. The vulnerability affects on-premise versions of SharePoint, allowing attackers to break into systems, steal data and quietly move through connected services. While the cloud version is unaffected, the on-premise version is widely used by major U.S. agencies, universities and private companies. That puts far more than just internal systems at risk.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERNATIONAL SECURITY EXPERTS RAISE CONCERNS AFTER MICROSOFT PROGRAM EXPOSED AS POSSIBLE AVENUE FOR CHINESE SPYING Microsoft apps on the homescreen of a smartphone   (Kurt “CyberGuy” Knutsson)SharePoint zero-day: What you need to know about the exploitThe exploit was first identified by cybersecurity firm Eye Security July 18. Researchers say it stems from a previously unknown vulnerability chain that can give attackers full control of vulnerable SharePoint servers without needing any credentials. The flaw lets them steal machine keys used to sign authentication tokens, meaning attackers can impersonate legitimate users or services even after a system is patched or rebooted.According to Eye Security, the vulnerability appears to be based on two bugs demonstrated at the Pwn2Own security conference earlier this year. While those exploits were initially shared as proof-of-concept research, attackers have now weaponized the technique to target real-world organizations. The exploit chain has been dubbed “ToolShell.”WHAT IS ARTIFICIAL INTELLIGENCE (AI)?How the SharePoint vulnerability lets hackers access Microsoft servicesOnce inside a compromised SharePoint server, hackers can access connected Microsoft services. These include Outlook, Teams and OneDrive. This puts a wide range of corporate data at risk. The attack also allows hackers to maintain long-term access. They can do this by stealing cryptographic material that signs authentication tokens. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to act. It recommends checking systems for signs of compromise and isolating vulnerable servers from the internet.Early reports confirmed about 100 victims. Now, researchers believe attackers have compromised more than 400 SharePoint servers worldwide. However, this number refers to servers, not necessarily organizations. According to reports, the number of affected groups is growing rapidly. One of the highest-profile targets is the National Nuclear Security Administration (NNSA). Microsoft confirmed it was targeted but has not confirmed a successful breach.Other affected agencies include the Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly. Microsoft’s name and logo on a building (Kurt “CyberGuy” Knutsson)Microsoft confirms SharePoint exploit and releases patchesMicrosoft confirmed the issue, disclosing that it was aware of “active attacks” exploiting the vulnerability. The company has released patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Subscription Edition. Patches for all supported on-prem versions were issued as of July 21.GET FOX BUSINESS ON THE GO BY CLICKING HEREWhat you should do about the SharePoint security riskIf you’re part of a business or organization that runs its own SharePoint servers, especially older on-premise versions, your IT or security team should take this seriously. Even if a system is patched, it could still be at risk if machine keys were stolen. Administrators should also rotate cryptographic keys and audit authentication tokens. For the general public, there’s no action needed right now since this issue doesn’t affect cloud-based Microsoft accounts like Outlook.com, OneDrive or Microsoft 365. But it’s a good reminder to stay cautious online. Microsoft’s name and logo on a building (Kurt “CyberGuy” Knutsson)What you should do about the SharePoint security riskIf your organization uses on-premise SharePoint servers, take the following steps right away to reduce risk and limit potential damage:1. Disconnect vulnerable servers: Take unpatched SharePoint servers offline immediately to prevent active exploitation.2. Install available updates: Apply Microsoft’s emergency patches for SharePoint Server 2016, 2019 and Subscription Edition without delay.3. Rotate authentication keys: Replace all machine keys used to sign authentication tokens. These may have been stolen and can allow ongoing access even after patching.4. Scan for compromise: Check systems for signs of unauthorized access. Look for abnormal login behavior, token misuse or lateral movement within the network.5. Enable security logging: Turn on detailed logging and monitoring tools to help detect suspicious activity going forward.6. Review connected services: Audit access to Outlook, Teams and OneDrive for signs of suspicious behavior linked to the SharePoint breach.7. Subscribe to threat alerts: Sign up for advisories from CISA and Microsoft to stay updated on patches and future exploits.8. Consider migration to the cloud: If possible, transition to SharePoint Online, which offers built-in security protection and automatic patching.9. Strengthen passwords and use two-factor authentication: Encourage employees to stay vigilant. Even though this exploit targets organizations, it’s a good reminder to enable two-factor authentication (2FA) and use strong passwords. Create strong passwords for all your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/PasswordsCLICK HERE TO GET THE FOX NEWS APPKurt’s key takeawayThis SharePoint zero-day shows how fast research can turn into real attacks. What started as a proof-of-concept is now hitting hundreds of real systems, including major government agencies. The scariest part isn’t just the access it gives but how it lets hackers stay hidden even after you patch. Should there be stricter rules around using secure software in government? Let us know by writing to us at Cyberguy.com/ContactSign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERCopyright 2025 CyberGuy.com.  All rights reserved.  

NEWYou can now listen to Fox News articles!
Facebook, being a platform used by billions, is flooded with all kinds of accounts. However, not all of them are genuine. Many are bots that often hijack comment sections, posting the same messages repeatedly. There are also accounts that have built their entire follower base by sharing content originally created by others. Meta seems to have realized the platform needs some cleaning, and it has announced that a staggering 10 million accounts were deleted in the first half of 2025 alone. The purge, it seems, is far from over.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERMETA ADDS TEEN SAFETY FEATURES TO INSTAGRAM, FACEBOOK Facebook app on the home screen of a smartphone    (Kurt “CyberGuy” Knutsson)What you need to know about Facebook’s recent account removalsMeta says it deleted around 10 million accounts in the first half of 2025, mostly for impersonation, spam behavior and fake engagement. This is part of a broader effort to promote original content and clean up the platform and prioritize original content. The accounts were taken down for impersonating large content producers, according to the company, which shared the update in a blog post aimed at creators. WHAT IS ARTIFICIAL INTELLIGENCE (AI)?The crackdown is part of a broader initiative “to make Feed more relevant and help authentic creators break through,” with Meta starting by “cracking down on spammy content.” In addition to the 10 million impersonator accounts, the company says it took action on around 500,000 accounts engaged in spammy behavior or fake engagement. The company is also enforcing stricter policies to cut down on what it calls unoriginal content. It defines this as posts that repeatedly reuse or repurpose another creator’s work without giving credit. Facebook login on a smartphone    (Kurt “CyberGuy” Knutsson)Meta is pushing for uniquenessMeta says it’s not targeting creators who participate in trends or remix existing content. What matters is whether they add something original to the mix. The company encourages reaction videos, commentary and other transformative uses of content. But accounts that repeatedly repost others’ work without permission or meaningful changes will face consequences. These actions include reducing how widely Meta shows their content and temporarily disabling access to monetization features. If Meta’s systems detect duplicate videos, the platform will prioritize the original version and limit the reach of the copies. The company is also experimenting with ways to credit original creators more clearly, such as adding links back to the source video. To help creators maintain visibility and reach, Meta recommends focusing on original content, avoiding third-party watermarks and making substantial edits when using material from other sources. Basic stitching or watermarking, the company notes, doesn’t count as a meaningful transformation.GET FOX BUSINESS ON THE GO BY CLICKING HEREWhy Meta’s crackdown matters to creatorsMeta’s crackdown isn’t just about removing spam. It directly affects how content is ranked, shown and monetized. For creators, especially smaller ones trying to expand an audience, originality now plays a bigger role than ever. If your content is flagged as unoriginal or spammy, Facebook may stop showing it in people’s feeds. That can tank your reach and, in some cases, cut off access to monetization tools like in-stream ads or bonus programs.On the flip side, creators who focus on making unique content or thoughtfully transforming existing media have a better shot at standing out. Meta says it’s adjusting its algorithms to boost authentic voices. That could help original creators gain more traction if they play by the new rules. Facebook app on a smartphone  (Kurt “CyberGuy” Knutsson)How to avoid penalties under Meta’s new content rulesTo prevent Meta from flagging or removing your Facebook account under its new policies, especially if you’re a creator or post content regularly, follow these key steps:1. Post original content. Share content you created yourself, whether it’s photos, videos, text or anything else. Meta is more likely to penalize accounts that mostly rely on reposted or recycled material.2. Transform content if you reuse it. If you’re sharing someone else’s content (with permission or under fair use), add real value. Think reaction videos, voiceover, commentary or edits that change the context or experience. Simply stitching clips together or slapping on a watermark won’t cut it.3. Avoid impersonation and spam tactics. Don’t pretend to be another creator or brand, and don’t rely on engagement bait (like spamming comment sections or repetitive hashtags). Meta is actively removing accounts that engage in fake interactions.4. Avoid using visible third-party watermarks. If your video shows clear signs of being recycled from another app, such as a TikTok watermark, Meta may flag it. Upload clean versions without logos or branding from other platforms.CLICK HERE TO GET THE FOX NEWS APPKurt’s key takeawayMeta cracking down on spam and fake accounts is a step in the right direction, especially for creators who’ve been struggling to get noticed. Facebook has been messy for a while now, with the same videos and memes popping up from different pages and bots flooding comment sections.Have you noticed more recycled content on your Facebook Feed lately? Let us know by writing to us at Cyberguy.com/ContactSign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERCopyright 2025 CyberGuy.com.  All rights reserved.  

NEWYou can now listen to Fox News articles!
If you’re planning to breeze through airport security using TSA PreCheck, you should first check the URL. The TSA just posted an urgent warning on Facebook reminding travelers to use only the official government site when signing up for PreCheck.The post says, “Signing up for TSA PreCheck? Make sure you’re using a safe and trusted .gov website” and includes this official link, tsa.gov/precheck.Why the warning? Because scammers are out in full force, hoping to trick busy travelers into handing over personal information, and even money, by posing as TSA PreCheck.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERSOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES A TSA agent at an airport screening  (TSA)The scam that’s catching travelers off guardScammers have created fake emails and websites that look exactly like TSA PreCheck. They send these phishing emails to people who are eager to skip airport security lines. The messages urge you to click a link, enroll fast and pay the fee.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?But here’s the problem. You’re not signing up for anything legitimate. You’re giving your data, and possibly your credit card, to a scammer. Even worse, you may not find out until you’re standing at the airport, expecting a smoother journey that never comes. Illustration of TSA PreCheck and TSA PreCheck Touchless ID  (TSA)How to protect yourself from the TSA PreCheck scamThe Federal Trade Commission (FTC) also issued a warning to help travelers spot the scam before it’s too late. Here are the key steps and our recommendations to stay safe. 1. Use the official site onlyAlways start your application at tsa.gov/precheck. Type the URL directly into your browser. Never trust a link from an unexpected email or text.2. Don’t click unexpected links, even if they look real and use strong antivirus software Avoid clicking on links in emails or texts you weren’t expecting, even if they look polished and professional. Scammers are getting better at impersonating trusted sources. A strong antivirus can flag phishing emails and block malicious websites before you click. It’s an essential line of defense, especially when scammers are spoofing trusted organizations like the TSA.Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech3. Do not pay online if it’s your first timeIf this is your first time applying, you pay the fee in person at a TSA enrollment center. Anyone asking you to pay online during first-time enrollment is a scammer. Note: TSA will not reimburse applicants who attempt to enroll in TSA PreCheck through a fraudulent website.4. Slow down and thinkScammers often rush you. If someone pressures you to pay quickly or click now, walk away.5. Use a personal data removal servicePersonal data removal services can help remove your personal information from data broker sites. That reduces the chance of scammers targeting you in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.GET FOX BUSINESS ON THE GO BY CLICKING HERECheck out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/DeleteGet a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan6. Enable multi-factor authentication (MFA)Use MFA for any accounts tied to your travel plans, like your email, airline apps or identity verification services. If scammers do get access, MFA adds an extra layer of protection.7. Check for HTTPS and a .gov domainBefore entering any personal details, make sure the site starts with “https://” and ends with “.gov”-not “.com” or “.org.” Secure and official sites matter.8. Report suspicious activity immediatelyIf something feels off, report it to ReportFraud.ftc.gov. Even if you’re unsure, your report could help stop the next scam. Illustration of the TSA PreCheck website  (TSA)What this means for youGetting TSA PreCheck should make travel easier, but only if you do it the right way. The real process is simple, but scammers are exploiting people’s urgency. That’s why it’s essential to slow down, double-check links and start at the official government site. Remember:First-time applicants never pay online.Renewal is possible online, but always begin at tsa.gov.Any site that ends in “.com” or looks unofficial is a red flag.CLICK HERE TO GET THE FOX NEWS APPKurt’s key takeawaysNo one enjoys long TSA lines. PreCheck is a valuable tool, but only if you protect yourself from scammers posing as the TSA. The official government site is your safest bet. Stay alert. Bookmark tsa.gov/precheck. Share this with a friend who’s traveling soon.Have you ever second-guessed a link that seemed just a little too convenient? Let us know by writing to us at Cyberguy.com/ContactSign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERCopyright 2025 CyberGuy.com.  All rights reserved.  

NEWYou can now listen to Fox News articles!
If you haven’t updated your iPhone yet, now’s the time. Apple has officially rolled out iOS 18.6, and while the update may seem small, it packs a powerful punch. With 29 security vulnerabilities addressed, many involving Safari and WebKit, experts say updating now is your best defense against future threats.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERGOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED IOS 18.6 update on iPhone (Kurt “CyberGuy” Knutsson)Why iOS 18.6 matters right nowIOS 18.6 closes multiple security holes, including one that could expose sensitive data just by visiting a malicious site. Apple typically keeps details vague at first, but what we do know is serious. Several of the flaws involve WebKit, the browser engine behind Safari, which is a common target for attackers. Other fixes involve CoreMedia, CoreAudio and CFNetwork, all key iOS frameworks. One major concern was a vulnerability that allowed your passcode to be read aloud by VoiceOver. Another bug could have enabled address bar spoofing, tricking users into thinking they were visiting a safe website. These are the kinds of tricks hackers love, and you don’t want to be caught off guard.What iOS 18.6 fixesApple patched:A flaw in WebKit (CVE-2025-4322) that could expose your data through malicious web contentThree memory corruption issues tied to dangerous website contentA CFNetwork bug (CVE-2025-43223) that allowed changes to restricted network settingsCoreMedia and CoreAudio issues that affect how apps handle your dataA Photos bug that prevented memory movies from being sharedWhile none of the flaws have been exploited in the wild yet, experts say that’s no reason to wait.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?Steps to update your iPhone to iOS 18.6Updating only takes a few minutes and can prevent a major headache later. Here’s how:Plug your iPhone into power and connect to Wi-FiOpen the Settings appTap GeneralSelect Software UpdateTap Download and Install or Update Now under iOS 18.6Follow the prompts and restart your device when promptedPro tip: If your iCloud storage is full, your update may fail. Free up some space before you begin. Steps to update your iPhone’s software to iOS 18.6  (Kurt “CyberGuy” Knutsson)Other Apple devices got updates tooIPhones weren’t the only devices getting attention this time around. Apple also released:iPadOS 17.7.9 for older iPadsmacOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7watchOS 11.6 for Apple WatchtvOS 18.6 and visionOS updatesHow to check for updates on other Apple devices:iPad: Go to Settings > General > Software UpdateMac: Open System Settings > General > Software UpdateApple Watch: Open the Watch app on your iPhone, then go to General > Software UpdateApple TV: Go to Settings > System > Software Updates, then select Update SoftwareApple Vision Pro: Go to Settings > General > Software UpdateMake sure each device is connected to Wi-Fi and has enough battery life or is plugged into power.GET FOX BUSINESS ON THE GO BY CLICKING HEREThe real trick? Protect yourself beyond updatesNot all of us remember to check our devices for new updates right away, which is why adding a layer of antivirus protection is so important. Good antivirus software will stop you from clicking on malicious links that could install malware on your device. It can also scan for hidden threats and alert you if something suspicious is found. This gives you an extra line of defense, even between iOS updates.Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech What this means for youSecurity updates like iOS 18.6 are a key part of keeping your personal data safe. Even if your phone is working fine, skipping updates can leave you open to remote attacks. And with iOS 26 and the iPhone 17 just around the corner, this could be the last update before a major shift. If you don’t plan to jump to iOS 26 immediately, applying 18.6 now helps lock in maximum protection. IPhone updated to iOS 18.6  (Kurt “CyberGuy” Knutsson)Kurt’s key takeawaysWhile it may not bring flashy new features, iOS 18.6 plays a crucial role in keeping your iPhone secure. With bugs patched across WebKit, CoreMedia and more, this update shores up vulnerabilities before they’re exploited. It’s fast, free and highly recommended. And remember, automatic updates aren’t instant. If you wait, you could stay vulnerable longer than you think.CLICK HERE TO GET THE FOX NEWS APPWhat would make you trust Apple more or less when it comes to your personal data? Let us know by writing to us at Cyberguy.com/ContactSign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTERCopyright 2025 CyberGuy.com.  All rights reserved.  

NEWYou can now listen to Fox News articles!
Audrey Crews hasn’t written her name in over 20 years, that is, until now. Thanks to a brain chip from Elon Musk’s Neuralink, Crews used only her thoughts to scribble “Audrey” on a laptop screen. She shared the photo on X, stunning millions across the internet and earning a shoutout from Musk himself.NONINVASIVE BRAIN TECH AND AI MOVES ROBOTIC HAND WITH THOUGHT Brain-computer interface. (Neuralink)Audrey Crews becomes the first woman to receive a Neuralink implantAt age 16, Crews lost all motor function. Now, at 39, she’s part of Neuralink’s PRIME Study, which tests brain-computer interface (BCI) technology in humans. Her chip, implanted into her motor cortex, reads brain signals and sends them to a computer. It allows her to move a cursor and type, using only her thoughts.In her own words, “They drilled a hole in my skull and placed 128 threads into my motor cortex. The chip is about the size of a quarter.”While the chip doesn’t restore movement, it gives her something powerful: digital autonomy. She shared a picture of her signature on X and wrote, “I tried writing my name for the first time in 20 years. I’m working on it. Lol #Neuralink.”She expressed her gratitude toward the medical team at the University of Miami Health Center. “They treated me like a VIP and are some of the sweetest people I’ve ever met,” she added. Audrey Crews shared a picture of her signature on X. (@NeuraNova9/X))Audrey Crews controls a computer with her mind using a brain chipMusk confirmed her achievement online, writing: “Most people don’t realize this is possible.”That single quote shook the internet. The post showcasing her scribbled signature quickly went viral, with over 2 million views. Crews clarified that the chip is for “telepathy only,” not mobility. But even that level of control can transform the lives of people with paralysis.Neuralink, founded by Musk in 2016, aims to help people with neurological conditions connect with the digital world in powerful new ways. The company is developing BCIs that allow users to control devices using only their thoughts. While still in its early stages, this technology is already showing life-changing potential. Looking ahead, Neuralink envisions a future where thought-controlled computing becomes an everyday part of human life.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?Neuralink trial expands: P8 Nick Wray shares his brain chip experienceCrews isn’t alone in this journey. Another participant, Nick Wray (P8), shared his progress just days after his own implant activation.”I haven’t had this level of digital autonomy in years,” he wrote.Diagnosed with ALS, Wray called the implant a life-changing opportunity. He views this moment as both personal and historical, writing, “It’s not lost on me that without ALS, I would never have been a candidate for this study. I sincerely believe that if ALS is the price of admission to an opportunity of this magnitude, you pay it; gladly, willingly, and without hesitation.” BCI Neuralink participant Nick Wray. (@Telepath_8/X)What this means for youThis isn’t just about writing a name. It’s about what’s coming next. Neuralink’s brain chip is working in real people. If you’re wondering whether brain-computer interfaces could one day let you control your phone, write an email or play a game without touching a screen, that future is inching closer. GET FOX BUSINESS ON THE GO BY CLICKING HEREWhile still experimental, these breakthroughs are a glimpse into a new kind of human-machine connection. Neuralink is now accepting participants from around the globe. If you’re curious about brain-computer interfaces, this could be your chance to help shape the future. You can check it out at https://neuralink.com/trials Brain-computer interface. (Neuralink)Kurt’s key takeawaysAudrey Crews rewrote more than her name. She rewrote the limits of what’s possible. With a chip the size of a quarter, she became the first woman to control a computer using pure thought. Her story isn’t just inspiring, it’s a warning to the tech world: the age of mind-powered machines is arriving faster than expected.CLICK HERE TO GET THE FOX NEWS APPWould you volunteer to be part of a brain-computer trial like Audrey and Nick? Or do you think it is too early to trust this technology?  Let us know by writing to us at Cyberguy.com/Contact.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER.Copyright 2025 CyberGuy.com.  All rights reserved.