It’s relatively rare for a podcast to last 14 years, especially a fiction one. In fact, as far as I can tell, Welcome to Night Vale is the longest continually running fiction podcast out there. (Some will argue it’s actually We’re Alive, but that has taken a few significant breaks between seasons.) The story of Night Vale, the titular desert town, now spans 12 seasons, over 280 episodes, three books, and at least 10 live standalone shows. While dedicating several hundred hours of your life to listening to every episode might seem like a big ask, I believe you’ll be hooked once you dive in.
Technology
Data broker blunders as millions are exposed with public passwords
National Public Data (NPD), a background check company, admitted it exposed sensitive info like phone numbers, addresses and Social Security numbers to hackers.
While the company hasn’t shared how big the breach is, it supposedly involves 2.7 billion records, likely including some data on almost every American.
It gets even worse. A new report revealed that another NPD data broker, which shares access to the same consumer records, published user passwords to its back-end database.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
National Public Data admitted that hackers accessed Social Security numbers, phone numbers and addresses. (Kurt “CyberGuy” Knutsson)
What you need to know
KrebsOnSecurity reported that a sister NPD property, called recordscheck.net, was hosting an archive that included the usernames and passwords of the site’s administrator.
A review of the now-removed archive reveals that it contained the source code, along with plain text usernames and passwords, for various components of recordscheck.net. This site bears a striking resemblance to nationalpublicdata.com, with matching login pages.
The exposed archive, titled “members.zip,” suggests that all RecordsCheck users were initially given the same six-character password and advised to change it, though many didn’t.
According to KrebsOnSecurity, which referenced breach tracking service Constella Intelligence, the passwords found in the source code archive match those exposed in earlier data breaches. This suggests that millions of users may be affected in this case as well.
We reached out for a comment from RecordsCheck but did not hear back before our deadline.
Another NPD data broker published user passwords to its back-end database. (Kurt “CyberGuy” Knutsson)
PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION
National Public Data’s response
Salvatore “Sal” Verini, the founder of NPD and a retired sheriff’s deputy from Florida, told KrebsOnSecurity that the exposed archive, a .zip file containing recordscheck.net credentials, has been removed from the company’s website. Verini also mentioned that the site is scheduled to shut down “in the next week or so.”
“Regarding the zip, it has been removed, but it was an old version of the site with non-working code and passwords,” Verini said. He declined to offer additional information, stating that the issue is under active investigation and he cannot comment further.
Identity theft protection is essential to fight data breaches. (Kurt “CyberGuy” Knutsson)
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Reminder to invest in identity theft protection
News of the NPD data breach surfaced after a California man filed a lawsuit against the company, as reported by Bloomberg. He discovered the breach through his identity theft protection service, which flagged his data in the leaked database. Since then, many people online have reported receiving similar alerts from their protection services, allowing them to take action before it was too late.
In 2024, an identity theft protection service is practically a must-have. If you’ve been keeping up with CyberGuy articles, you’ve probably seen frequent reports on data breaches, whether it’s the AT&T breach, Dell breach or the Advance Auto Parts leak.
One of the best parts of using identity theft protection is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
4 additional tips to protect yourself from data breaches
Identity theft protection is the first thing I recommend to everyone, but there are also steps you can take to protect yourself.
1. Be careful with passwords: The recordscheck.net leak exposed passwords, and as I discussed, many users didn’t change the auto-assigned passwords. That’s a big mistake. Always create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts.
Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. Get more details about my best expert-reviewed Password Managers of 2024 here.
2. Remove your personal information from the Internet: While no service can completely erase your data from the Internet, using a data removal service is a smart move, especially in light of recent data breaches like the NPD incident. These services aren’t cheap, but neither is your privacy.
CLICK HERE FOR MORE US NEWS
They handle the heavy lifting by continuously monitoring and systematically removing your personal information from countless websites. This gives peace of mind and is one of the most effective ways to safeguard your data online. Check out my top picks for data removal services here.
3. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.
4. Routinely check your credit reports: Obtain a free copy of your credit report from each of the three credit reporting agencies mentioned earlier. Review the reports carefully for any suspicious or unauthorized activity. If you find any inaccuracies or signs of fraud, report them to the credit reporting agency immediately.
4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH
Kurt’s key takeaway
The NPD data breach and the security incident involving its sister website highlight the irresponsibility of these companies in handling sensitive public information. There is an urgent need for governments to step in and impose serious legal consequences, not just a slap on the wrist. Fines should be involved. Anyone dealing with sensitive data must ensure that the data is encrypted and take measures to prevent it from falling into the wrong hands.
Do you believe current regulations are sufficient for handling data breaches or do they need to be more stringent? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
The second US sphere would be built in an area known as National Harbor in Prince George’s County, Maryland. Located along the Potomac River, National Harbor currently features a convention center, multiple hotels, restaurants, and shops. While Abu Dhabi plans to build a sphere as large as the one in Las Vegas, the National Harbor venue would be one of the first mini-Sphere venues announced last March.
Its capacity would be limited to 6,000 seats instead of over 17,000. But the smaller Sphere would still be hard to miss with an exterior LED exosphere for showcasing the “artistic and branded content” that helped make the original sphere a unique part of the Las Vegas skyline.
The inside of the mini-Sphere will feature a high-resolution 16,000 by 16,000 pixel wrap-around screen, the company’s immersive sound technology, haptic seating, and “4D environmental effects.” For the AI-enhanced version of The Wizard of Oz currently playing in Las Vegas, audiences experience effects like wind, fog, smells, and apples falling from the ceiling.
The mini-Sphere will potentially also be cheaper to build than the $2.3 billion original, but its construction is contingent on the “receipt of certain governmental incentives and approvals from Prince George’s County and the State of Maryland.” Sphere Entertainment says the project “would utilize a combination of public and private funding, including approximately $200 million in state, local, and private incentives,” but would potentially generate millions of dollars in revenue for the country and state while supporting over 4,700 jobs once it opens.
NEWYou can now listen to Fox News articles!
The Apple iPhone is the most popular smartphone in the United States and one of the most widely used devices in the world. An estimated 1.6 billion people rely on iPhones every day. That massive user base also makes the platform a prime target.
Over the past few weeks, Apple has been sending out warnings about a serious security flaw. New data suggests the risk could affect roughly half of all iPhone users.
That puts hundreds of millions of devices in potential danger right now.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY
Apple is warning iPhone users about a serious Safari security flaw that could leave hundreds of millions of devices vulnerable if updates are delayed. (Thomas Trutschel/Photothek via Getty Images)
What Apple discovered in Safari and WebKit
Late last month, Apple confirmed two critical vulnerabilities in WebKit. WebKit powers Safari and every browser that runs on iOS. According to Apple, the flaws were used in an extremely sophisticated attack that targeted specific individuals. The problem allowed malicious websites to trick iPhones and iPads into running harmful code. Once that happens, attackers could gain control of the device, steal passwords or access payment information. In simple terms, visiting the wrong website could have been enough.
Why millions of iPhones are still exposed
Apple moved quickly to release a fix. The patch is included in the latest software update. The problem is that many people have not installed it yet. Estimates suggest that about 50 percent of eligible users have not upgraded from iOS 18 to iOS 26. That would leave around 800 million devices vulnerable worldwide. Data from StatCounter paints an even worse picture. It estimates that only 20 percent of users have updated so far. Once security details become public, the risk grows fast. Attackers know exactly what to exploit.
iPhone and iPad models at the highest risk
Apple says the following devices are affected if they are not updated:
- iPhone 11 and later
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 8th generation and later
- iPad mini 5th generation and later
If your device appears on this list and you have not updated it, it is vulnerable.
INSTAGRAM PASSWORD RESET SURGE: PROTECT YOUR ACCOUNT
New data suggests nearly half of all iPhone users worldwide may still be exposed to a critical WebKit exploit Apple says was actively used in attacks. (Jakub Porzycki/NurPhoto via Getty Images)
Why upgrading is the only real protection
There is no setting to flip and no safe browsing habit that fixes this issue. The vulnerability lives deep inside the browser engine. Security experts say there is no workaround or user behavior that meaningfully reduces the risk. Installing the latest software is the only effective defense. Apple is no longer offering a security-only update for users who want to stay on iOS 18. Unless your device cannot run iOS 26, the fix is only available through iOS 26.2 and iPadOS 26.2.
Steps to update your iPhone or iPad now
Updating is quick and usually painless. If automatic updates are enabled, the fix may already be installed.
If not, follow these steps:
- Open the Settings app on iPhone
- Tap General
- Select Software Update
- Download and install iOS 26.2 or iPadOS 26.2 or later
Make sure your device is connected to Wi-Fi and has enough battery life or is plugged in.
Pro tip: Use strong antivirus software
Keeping your iPhone updated is critical, but it should not be your only line of defense. Strong antivirus software adds another layer of protection by scanning malicious links, blocking risky websites and alerting you to suspicious activity before damage is done.
This matters even more when attacks rely on compromised websites or hidden browser exploits. Security software can help catch threats that slip through and give you extra visibility into what is happening on your device.
Think of it as backup protection. Software updates close known holes, while strong antivirus tools help guard against the next one.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
FAKE ERROR POPUPS ARE SPREADING MALWARE FAST
Apple says malicious websites could exploit a Safari flaw to steal passwords or payment information from unpatched iPhones and iPads. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s key takeaways
Apple rarely uses language like “extremely sophisticated” unless the threat is serious. This flaw shows how even trusted browsers can become attack paths when updates are delayed. Waiting weeks or months to update now carries real consequences. If you use your iPhone for banking, shopping or work, this update should be treated as urgent.
How long do you usually wait before installing major iPhone updates, and is that delay worth the risk anymore? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
The show is written by Joseph Fink and Jeffrey Cranor, who draw heavily on the work of H.P. Lovecraft. Every season has its own arc, but broadly, the show tells the story of a town that exists in an alternate version of Earth. In this town Angels are real, but acknowledging their existence is illegal; librarians are dangerous creatures with “thousands of spiny legs” and “pincers”; and there is a Faceless Old Woman who secretly lives in your home.
These are clearly unsettling concepts when taken at face value. But rather than trying to scare the listener, Cranor and Fink lean into the natural absurdity of cosmic horror and refuse to take themselves too seriously. They also routinely subvert the bigotry of their inspiration, using Lovecraftian creations to tell stories rich with LGBTQ+ characters.
Of course, having well-written scripts and telling a compelling story is only part of the equation. What elevates Welcome to Night Vale to true greatness is the cast, especially narrator Cecil Baldwin, who plays the host of the central radio show, Cecil Palmer. Cecil’s voice has the gravitas to tell ominous stories of secretive government agencies and ancient gods. But he has the range to deliver light-hearted banter with a sentient patch of haze (her name is Deb, in case you were wondering).
Cecil Baldwin has the charisma to make even the reading of a repair manual for a toaster compelling. He can be creepy, funny, or soothing, often all within the same episode. (For this reason, I don’t suggest listening to Night Vale at night. I have fallen asleep to the dulcet sounds of Baldwin’s voice several times, only for the more unsettling parts of the show to make their way into my dreams.)
Every episode also features a musical interlude in the guise of “The Weather.” The show mostly features lesser-known artists, but alumni include Jason Isbell, The Mountain Goats, Waxahatchee, Angel Olsen, Open Mike Eagle, and Sylvan Esso.
Welcome to Night Vale is also a great way to introduce younger listeners to horror. I would never suggest my eight-year-old read H.P. Lovecraft. Partly because the man’s unrepentant racism is baked into the very fabric of his stories, but also because the violence is often too much for children. Night Vale, on the other hand, takes those horrors and exposes them for what they are: entertainment. I can put the podcast on, bond with my kid over their burgeoning love of all things creepy and weird, and trust that they’ll walk away with a good message.
Welcome to Night Vale is available on most podcast platforms, including Apple Podcasts, Pocketcasts, YouTube, and Spotify.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
News10 minutes ago
Top U.S. archbishops denounce American foreign policy
West16 minutes ago
Colorado public school enrollment drops by 10,000 while homeschooling increases statewide
Midwest22 minutes ago
Ilhan Omar refers to ‘US God—- States’ during impassioned remarks about ICE
Southwest28 minutes ago
Illegal immigrants rack up $1B-plus in Texas hospital costs in fiscal year 2025; total likely higher: report
Southeast34 minutes ago
Florida GOP candidate wants 50% ‘sin tax’ on OnlyFans creators to fight ‘cultural degeneracy’
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia1 year ago
99th annual Pony Swim held in Virginia
Education2 years ago
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
News10 minutes ago
Top U.S. archbishops denounce American foreign policy
Politics11 hours ago
Trump warns US can no longer think ‘purely of peace’ as he pushes for Greenland control
World12 hours ago
Key EU transport network projects set to miss 2030 targets
News12 hours ago
Woman died after riding Revenge of the Mummy coaster at Universal Orlando, report says
Politics23 hours ago
Nancy Pelosi faces social media backlash over behavior at Bob Weir tribute event
-
Montana1 week agoService door of Crans-Montana bar where 40 died in fire was locked from inside, owner says
-
Virginia1 week agoVirginia Tech gains commitment from ACC transfer QB
-
Montana1 week ago‘It was apocalyptic’, woman tells Crans-Montana memorial service, as bar owner detained
-
Minnesota1 week agoICE arrests in Minnesota surge include numerous convicted child rapists, killers
-
Detroit, MI5 days agoSchool Closings: List of closures across metro Detroit
-
Lifestyle5 days agoJulio Iglesias accused of sexual assault as Spanish prosecutors study the allegations
-
Oklahoma1 week agoMissing 12-year-old Oklahoma boy found safe
-
Oregon1 week agoDan Lanning Gives Oregon Ducks Fans Reason to Believe