Technology
Apple warns millions of iPhones are exposed to attack
NEWYou can now listen to Fox News articles!
The Apple iPhone is the most popular smartphone in the United States and one of the most widely used devices in the world. An estimated 1.6 billion people rely on iPhones every day. That massive user base also makes the platform a prime target.
Over the past few weeks, Apple has been sending out warnings about a serious security flaw. New data suggests the risk could affect roughly half of all iPhone users.
That puts hundreds of millions of devices in potential danger right now.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY
Apple is warning iPhone users about a serious Safari security flaw that could leave hundreds of millions of devices vulnerable if updates are delayed. (Thomas Trutschel/Photothek via Getty Images)
What Apple discovered in Safari and WebKit
Late last month, Apple confirmed two critical vulnerabilities in WebKit. WebKit powers Safari and every browser that runs on iOS. According to Apple, the flaws were used in an extremely sophisticated attack that targeted specific individuals. The problem allowed malicious websites to trick iPhones and iPads into running harmful code. Once that happens, attackers could gain control of the device, steal passwords or access payment information. In simple terms, visiting the wrong website could have been enough.
Why millions of iPhones are still exposed
Apple moved quickly to release a fix. The patch is included in the latest software update. The problem is that many people have not installed it yet. Estimates suggest that about 50 percent of eligible users have not upgraded from iOS 18 to iOS 26. That would leave around 800 million devices vulnerable worldwide. Data from StatCounter paints an even worse picture. It estimates that only 20 percent of users have updated so far. Once security details become public, the risk grows fast. Attackers know exactly what to exploit.
iPhone and iPad models at the highest risk
Apple says the following devices are affected if they are not updated:
- iPhone 11 and later
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 8th generation and later
- iPad mini 5th generation and later
If your device appears on this list and you have not updated it, it is vulnerable.
INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT
New data suggests nearly half of all iPhone users worldwide may still be exposed to a critical WebKit exploit Apple says was actively used in attacks. (Jakub Porzycki/NurPhoto via Getty Images)
Why upgrading is the only real protection
There is no setting to flip and no safe browsing habit that fixes this issue. The vulnerability lives deep inside the browser engine. Security experts say there is no workaround or user behavior that meaningfully reduces the risk. Installing the latest software is the only effective defense. Apple is no longer offering a security-only update for users who want to stay on iOS 18. Unless your device cannot run iOS 26, the fix is only available through iOS 26.2 and iPadOS 26.2.
Steps to update your iPhone or iPad now
Updating is quick and usually painless. If automatic updates are enabled, the fix may already be installed.
If not, follow these steps:
- Open the Settings app on iPhone
- Tap General
- Select Software Update
- Download and install iOS 26.2 or iPadOS 26.2 or later
Make sure your device is connected to Wi-Fi and has enough battery life or is plugged in.
Pro tip: Use strong antivirus software
Keeping your iPhone updated is critical, but it should not be your only line of defense. Strong antivirus software adds another layer of protection by scanning malicious links, blocking risky websites and alerting you to suspicious activity before damage is done.
This matters even more when attacks rely on compromised websites or hidden browser exploits. Security software can help catch threats that slip through and give you extra visibility into what is happening on your device.
Think of it as backup protection. Software updates close known holes, while strong antivirus tools help guard against the next one.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
FAKE ERROR POPUPS ARE SPREADING MALWARE FAST
Apple says malicious websites could exploit a Safari flaw to steal passwords or payment information from unpatched iPhones and iPads. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s key takeaways
Apple rarely uses language like “extremely sophisticated” unless the threat is serious. This flaw shows how even trusted browsers can become attack paths when updates are delayed. Waiting weeks or months to update now carries real consequences. If you use your iPhone for banking, shopping or work, this update should be treated as urgent.
How long do you usually wait before installing major iPhone updates, and is that delay worth the risk anymore? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
NEWYou can now listen to Fox News articles!
If you have ever turned on your VPN and suddenly could not log in to your bank, email, streaming service or work portal, you are not imagining things. In fact, this is one of the most common frustrations VPN users face today.
However, the issue is not that VPNs stopped working. Instead, websites have become far more aggressive about blocking traffic that looks suspicious.
As a result, the way your VPN is built now matters just as much as whether you use one at all.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Shared VPN IPs often trigger red flags, which is why banks, email providers and streaming sites sometimes block access. (Kurt “CyberGuy” Knutsson)
Why websites block many VPN connections
Most VPNs give you a shared IP address. As a result, hundreds or even thousands of people can appear online from the same address at the same time. From a website’s perspective, that traffic pattern raises red flags. When platforms detect too many logins, rapid location changes or unusual activity tied to one IP, they step in quickly. In many cases, they respond by:
- Blocking access
- Triggering captchas
- Requiring extra verification codes
- Temporarily locking accounts
Meanwhile, you did nothing wrong. Instead, you end up dealing with restrictions caused by other users sharing that same IP address.
What a dedicated IP does differently
With a dedicated IP, you get an address that belongs only to you. Unlike shared VPN connections, no one else uses it.
Each time you connect, you use the same IP address. As a result, you avoid sharing traffic, rotating locations or competing with random users whose activity could trigger blocks.
Because of that consistency, your connection looks much more like a typical home or office internet setup. And that simple difference can dramatically reduce website suspicion and login headaches.
NEW YORK HALTS ROBOTAXI EXPANSION PLAN
A dedicated IP gives you a consistent address that looks more like a normal home connection, reducing captchas and login alerts. (Kurt “CyberGuy” Knutsson)
What a dedicated IP can do that shared VPN IPs usually can’t
That consistency does more than reduce suspicion; it improves how smoothly you access the sites and services you use every day.
Access more websites without blocks
Banks, government portals, healthcare sites, and streaming services are far less likely to block a dedicated IP because it does not show heavy or erratic traffic patterns.
Reduce captchas and security challenges
Those endless “prove you’re human” messages are usually triggered by shared IP abuse. A dedicated IP dramatically reduces them.
Make banking and email logins smoother
Financial institutions and email providers often flag constantly changing IP addresses as suspicious. A dedicated IP stays consistent, so login alerts and lockouts happen far less often.
Support remote work and secure systems
Some employers only allow access from approved IP addresses. Shared VPN IPs cannot be approved. Dedicated IPs can.
Improve streaming reliability
Shared VPN IPs are often the first to get blocked when streaming services crack down. Dedicated IPs are less likely to be flagged because traffic looks normal and predictable.
What a dedicated IP does not do
A dedicated IP:
- Does not remove encryption
- Does not expose your identity
- Does not weaken your privacy
Your traffic remains encrypted, and your real location stays hidden. You simply get a connection that websites trust more.
Who benefits most from a dedicated IP
A dedicated IP is especially helpful if you:
- Use online banking regularly
- Travel and access sites from different locations
- Work remotely
- Stream often
- Get tired of captchas and blocked pages
- Want a VPN that feels normal to use
GOOGLE DISMANTLES 9M-DEVICE ANDROID HIJACK NETWORK
With fewer blocks and smoother logins, a dedicated IP helps your VPN work quietly in the background instead of getting in your way. (Kurt “CyberGuy” Knutsson)
How to choose a VPN that offers a dedicated IP
If you want these benefits, look for a VPN provider that offers a dedicated IP option built directly into its service. Some providers include it in premium plans, while others offer it as an add-on. Either way, the process should be simple. You should be able to select your dedicated IP inside the app without advanced setup or manual configuration. Before signing up, check that the provider also offers strong speeds, reliable uptime and clear privacy policies. A dedicated IP improves access, but overall performance still matters.
What to look for beyond a dedicated IP
A dedicated IP reduces blocks. However, a quality VPN should also deliver strong security and smooth performance.
Fast, stable connections: Speed matters for streaming, video calls and everyday browsing. Look for providers known for consistent performance.
Wide server coverage: More server locations give you flexibility when traveling and help reduce location errors.
Clear privacy practices: Choose a VPN with a strict no-logs policy and independent audits when possible.
Secure server technology: Modern VPNs often use RAM-based servers that automatically wipe data on reboot.
Easy-to-use apps: Protection should feel simple, not technical. Clean apps across major devices make daily use effortless.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com
Kurt’s key takeaway
If your VPN keeps getting blocked, the problem may not be the VPN itself. It may be the shared IP address behind it. Websites are increasingly aggressive about suspicious traffic. When hundreds of users share the same IP, banks, email providers and streaming platforms take notice. That is when the captchas, verification codes and account lockouts start. A dedicated IP changes that experience. You still get encryption. You still protect your real location. But your connection looks stable and predictable, which helps you avoid constant interruptions.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Should protecting your privacy really mean fighting with your bank, email, and streaming apps? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
Polymarket has been allowing people to bet on when the US would strike Iran next. Obviously, now that it’s actually happened and people have died, the prediction betting market is feeling some pressure. The site has been at the center of controversy before, including suspicions of insider trading on the Super Bowl halftime show and the capture of Venezuelan President Nicolás Maduro.
In a statement posted on its site, Polymarket defended its decision to allow betting on the potential start of a war, saying that it was an “invaluable” source of news and answers, before taking shots at traditional media and Elon Musk’s X. The statement reads:
…
Read the full story at The Verge.
NEWYou can now listen to Fox News articles!
Google has officially discontinued its Dark Web Report feature, a free tool that once scanned known dark web breach dumps for personal information tied to a user’s Google account. The service delivered notifications when email addresses and other identifiers appeared in leaked datasets.
According to Google’s support page, the system ceased scanning for new dark web data Jan. 15, 2026, and the reporting function was removed entirely on Feb. 16, 2026, meaning users can no longer access the feature.
The company said the decision reflects a shift toward security tools it believes provide clearer guidance after exposure, rather than standalone scan alerts.
If you previously relied on the free dark web scan as an early warning signal for leaked data, this change removes one of your sources.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Google officially ended its Dark Web Report tool, removing free breach alerts tied to user accounts. (Kurt “CyberGuy” Knutsson)
So what did users really lose?
Google’s Dark Web Report acted as a basic exposure scanner. It checked whether personal information linked to a Google account had surfaced in known breach collections circulating on the dark web.
When a match is found, users receive a notification identifying which type of data appeared in a leak. Depending on the data breach, that could include an email address, phone number, date of birth or other identifying details commonly harvested during large-scale hacks.
The report did not display stolen credentials or provide access to the leaked database itself. It also did not trace the origin of the compromise beyond referencing the breached service when available.
After an alert was issued, the next steps were left to the user. Google recommended actions such as changing passwords, enabling stronger authentication methods and reviewing account security settings. With the tool now removed, that automated breach check tied directly to a Google account is no longer available.
What you still have access to
Google directs users to its Security Checkup, a dashboard that scans your account for weak settings and unusual sign-in activity.
Its built-in Password Manager includes Password Checkup, which scans saved credentials against known breach databases and prompts you to change exposed passwords. Google also supports passkeys and two-factor verification to lock down account access.
The Results About You tool lets users search for personal information in Google Search and submit removal requests for certain publicly indexed details.
149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK
Without the automatic scan, users must now check for leaked data using other security tools. (iStock)
Alerts don’t always mean protection
Once personal information is compromised, it often ends up far beyond the breach itself. Stolen credentials and identity data are regularly trafficked on underground platforms where buyers can search for information tied to real people.
The BidenCash dark web marketplace was taken down by U.S. authorities in June 2025, and the Justice Department confirmed that the platform peddled stolen personal information and credit card data.
These illicit markets operate with a level of organization not unlike legitimate online stores. Search tools and bulk data sets are up for grabs and can be used to target any online account. This makes credential stuffing easier, where attackers test leaked passwords across multiple services in hopes of barreling into your account.
A breach alert tied to a dark web scan points to a leak at one moment in time; it does not follow whether that information has been sold to third parties or used in subsequent fraud attempts. For everyday users, this means that just knowing your data appeared in a leak doesn’t help much.
THINK YOUR NEW YEAR’S PRIVACY RESET WORKED? THINK AGAIN
Stolen personal information can circulate for years, making ongoing monitoring more important than a one-time alert. (Kurt “CyberGuy” Knutsson)
Identity monitoring may be a better option
With Google’s scan gone, some people may consider dedicated identity protection services instead. Many of these services offer continuous monitoring of your personally identifiable information and send alerts about changes to your credit reports from all three major U.S. credit bureaus. That can include notifications about new inquiries, newly opened accounts and monthly credit score updates. Some plans also monitor a broader range of personal identifiers, such as driver’s license numbers, passport numbers and email addresses.
Beyond credit monitoring, certain services track linked bank, credit card and investment accounts for unusual activity. They may also monitor public records for changes to addresses or property titles and alert you if your information appears in those filings.
Many providers include identity theft insurance to help cover eligible out-of-pocket recovery costs. Coverage limits vary by plan and provider. Additional features often include spam call and message protection, a password manager, a virtual private network (VPN) and antivirus software.
No service can prevent every form of identity theft. However, ongoing monitoring and recovery support can make it easier to respond quickly if your information is misused.
See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
Kurt’s key takeaways
Google’s decision to drop its Dark Web Report may seem small. But it removes a tool many users relied on. For some, those alerts were the first warning that their data appeared in a breach. That automatic scan is now gone. Google still offers Security Checkup, Password Checkup, passkeys and two-step verification. However, none of them actively scan dark web breach dumps for you. Stolen data does not disappear. Criminals copy, sell and reuse it. One alert shows a single moment. Ongoing identity theft monitoring helps you stay aware over time.
Now that Google has dropped its dark web monitoring feature, will you actively check your data exposure or assume someone else is watching it for you? Let us know your thoughts by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
Dems’ potential 2028 hopefuls come out against US strikes on Iran
Scientists make startling discovery when examining prostate cancer tissue
Israeli national gymnastics team suspends all activities after Iranian counter-attack
Tired of websites blocking your VPN? A dedicated IP fixes that
Commentary: The Pentagon is demanding to use Claude AI as it pleases. Claude told me that’s ‘dangerous’
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Dems’ potential 2028 hopefuls come out against US strikes on Iran
At least nine killed after Iranian strike on Israel’s Beit Shemesh
Mass shooting at Austin, Texas bar leaves at least 3 dead, 14 wounded, authorities say
Mamdani’s response to Trump’s Iran strike sparks conservative backlash: ‘Rooting for the ayatollah’
Activists hail ‘historic’ EU’s decision on accessible abortion
-
World3 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts4 days agoMother and daughter injured in Taunton house explosion
-
Montana1 week ago2026 MHSA Montana Wrestling State Championship Brackets And Results – FloWrestling
-
Denver, CO4 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Louisiana6 days agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Technology1 week agoYouTube TV billing scam emails are hitting inboxes
-
Technology1 week agoStellantis is in a crisis of its own making
-
Politics1 week agoOpenAI didn’t contact police despite employees flagging mass shooter’s concerning chatbot interactions: REPORT