ChatGPT is now accessible from your CarPlay dashboard if you have iOS 26.4 or newer and the latest version of the ChatGPT app, 9to5Mac reports. Apple’s recently-launched iOS 26.4 update added support for “voice-based conversational apps” in CarPlay, opening the door to let you use AI chatbots with voice features through Apple’s in-car platform.

When using ChatGPT through CarPlay, the app doesn’t show text conversations, according to 9to5Mac — instead, you can only have conversations with the app using your voice. (Apple’s developer guidelines ask that apps don’t show text or imagery as responses.) The CarPlay app isn’t completely devoid of text, though, as there’s onscreen buttons to mute and end the conversation.

You can also look at a list of recent conversations you’ve had with ChatGPT, according to MacRumors. But you can’t use a wake word to use ChatGPT through CarPlay — you’ll have to tap on the app to open it up.

You might think the biggest danger online is downloading a virus or giving away your password. But a new phishing trick shows how attackers can take control of your computer without either of those things happening. 

Security researchers recently uncovered a fake Google Meet update page that looks convincing enough to fool many people. All it takes is one click on a button that says “Update now.”  Instead of installing an update, you can be tricked into enrolling your Windows computer in a remote management system controlled by attackers.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

TECH GIANTS UNITE TO FIGHT ONLINE SCAMS
 

All you need to know about the fake Google Meet update

Researchers at Malwarebytes, a cybersecurity company that develops software to detect and remove malware, discovered a phishing website designed to look like an official update notice for Google Meet. The page tells visitors they need to install the latest version of Meet to continue using the service. The design uses familiar colors and branding that many of us associate with Google products.

When someone clicks the “Update now” button, it does not download an update at all. Instead, it triggers a built-in Windows feature using a special device enrollment link that opens a real system window called “Set up a work or school account.” This window normally appears when a company’s IT department sets up a laptop for an employee.

In this scam, the setup window is already filled with information that connects the computer to a remote management server controlled by the attacker. The system points to an online management service hosted on Esper, which is a legitimate platform used by businesses to manage company devices.

If the victim clicks through the setup process, his computer becomes enrolled in what is called a mobile device management system. That gives whoever controls the server the same level of control a company’s IT department would have over a work laptop.

Security researchers say the attackers are not expecting everyone to complete the process. Even if only a small number of people click through the prompts, that can still give them access to enough computers to make the campaign worthwhile.

How it works and why it matters to you

This attack works by abusing a legitimate Windows feature rather than installing malware. Windows includes something called device enrollment, which lets companies connect employee computers to a management system. Once a device is enrolled, administrators can remotely control many aspects of that machine.

In a normal workplace setting, this helps IT teams install company software, enforce security settings and manage devices. Attackers realized they could trick people into joining their own management system instead. When you click the fake update button, Windows launches a built-in enrollment process. Because it is a real system feature and not a fake pop-up, it looks legitimate and can bypass many security warnings.

If you complete the steps, the attacker effectively becomes the administrator of your computer. That could allow the hacker to silently install software, change system settings, view files stored on your computer, lock your screen or even wipe the device entirely. In some cases, the hacker could also install additional malware later. What makes this attack especially tricky is that traditional antivirus tools may not detect anything wrong because the operating system itself is performing the actions.

We reached out to Google for comment, and a spokesperson provided the following statement: “These ‘update now’ prompts are not legitimate Google communications. This is a phishing campaign that attempts to trick users into a Windows device enrollment process. Google Meet updates are handled automatically through your browser or the official app. Google will never prompt you to visit a third-party site to enroll a personal device to receive an update.” 

FAKE GOOGLE SECURITY PAGE CAN TURN YOUR BROWSER INTO A SPYING TOOL
 

7 ways to protect yourself from the fake Google Meet update

If you ever see a message saying you must update a service before continuing, slow down and verify it first. A few simple habits can prevent attacks like this from working.

1) Be skeptical of unexpected update prompts

If a website suddenly tells you that a service like Google Meet needs an update before you can continue, pause for a moment. Major platforms rarely force updates through random web pages. Google Meet updates happen automatically through your browser or official app and never require visiting a third-party site. Always check the URL bar. Legitimate Google Meet sessions only run on meet.google.com. A real update will never try to enroll your entire computer or trigger system-level setup screens. If it does, it is a scam. Instead, open the service directly from its official website or app and check for updates there.

2) Check if your device was enrolled without your knowledge

On a Windows computer, open Settings, then go to Accounts and look for “Access work or school.” If you see an unfamiliar account or organization listed, especially one you do not recognize, disconnect it immediately. This section shows whether your device has been enrolled in a remote management system.

3) Reduce your exposure with a data removal service

Cybercriminals often rely on personal information found online to make phishing attacks more convincing. Data removal services help remove your information from data broker sites, reducing the chances that scammers can target you with personalized attacks. While it will not stop this specific trick, it can make you a harder target overall. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

4) Use strong antivirus software

Google says Gmail’s AI protections block more than 99.9% of spam, phishing and malware, but scams can still reach you through search results, ads or links shared outside your inbox. That’s why using strong antivirus software with real-time protection can help detect suspicious behavior that may emerge after an attacker gains control of a device. Even though this attack uses legitimate Windows features, security tools can still identify unusual system changes or malicious software installed afterward. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

DARKSWORD LEAK PUTS MILLIONS OF IPHONE USERS AT RISK
 

5) Keep Windows and your browser updated

Software updates often include security protections that help block new attack methods. Running the latest version of Windows and your web browser reduces the chances of attackers exploiting older system behaviors or vulnerabilities.

6) Use a password manager

A password manager only autofills your login details at the correct website address. If you land on a phishing page pretending to be a service like Google Meet, your password manager will not fill in your information. That warning alone can help you realize something is wrong before you click anything. It also encourages you to rely on saved logins instead of interacting with suspicious update prompts. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

7) Never complete system setup prompts you didn’t start

If a Windows system window suddenly appears asking you to set up a work or school account, stop immediately. Legitimate setup prompts typically appear when you are configuring a device or following instructions from your employer, not from clicking a random website. If you did not expect it, close the window.

Kurt’s key takeaway

Cybercrime is changing by the minute. Instead of writing obvious viruses, attackers are increasingly abusing legitimate features built into operating systems and cloud services. In this case, both Windows device enrollment and the management platform being used are real tools designed for businesses. The attackers simply redirected those tools toward people who never intended to hand over control of their computers. That should tell you how easily powerful enterprise features can be repurposed for attacks when there are few safeguards preventing misuse.

Should operating systems block device enrollment requests that come from random websites? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

SpaceX says it lost contact with a Starlink satellite after suffering an “anomaly.” SpaceX isn’t saying exactly what happened, but space-tracking company Leo Labs says it “immediately detected tens of objects in the vicinity” of Starlink 34343 after the event.

“Latest analysis shows the event poses no new risk to the @Space_Station, its crew, or to the upcoming launch of NASA’s Artemis II mission,” says SpaceX in a message posted to X. “We will continue to monitor the satellite along with any trackable debris and coordinate with @NASA and the @USSpaceForce.”

The satellite and fragments are expected to burn up in the atmosphere within a few weeks. SpaceX says it is working to determine the root cause.

The latest mishap occurred at about 560km above the Earth, an increasingly crowded area known as low Earth orbit where over 24,000 objects, including debris and about 10,000 Starlink satellites, are currently being tracked.

In January, SpaceX requested approval from the FCC for “up to one million satellites” to create orbital data centers. “We just recently gave a request for FCC licensing of up to a million AI satellites,” said SpaceX president and chief operating officer Gwynne Shotwell in a recent Time profile. “I’m surprised that didn’t get more news. I thought for sure that would get a lot of news.”