Technology
Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets
The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.
Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Microsoft logo on keyboard (Kurt “CyberGuy” Knutsson)
Microsoft Excel’s new exploit
Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.
This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.
While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.
Google Chrome browser on laptop (Kurt “CyberGuy” Knutsson)
MORE: THE 7 SIGNS YOU’VE BEEN HACKED
Google Chrome’s bug
Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.
Four essential tips to secure your devices and data from hackers and scammers
To protect yourself from malicious hackers and scammers, we recommend you do the following four things.
1) Be cautious about using open-source applications
When you use open-source applications or programs, it’s always wise to remember that anyone has the ability to change the application or program’s code. They have the ability to do something malicious if they want to. Only use open-source applications that you trust, and be careful about what you download.
2) Update your applications regularly
One of the easiest ways to protect yourself from hackers and scammers is to keep your applications up to date. Hackers often exploit vulnerabilities in outdated software to gain access to your devices or data. By updating your applications regularly, you can patch these security holes and prevent hackers from exploiting them.
3) Avoid opening suspicious attachments or links
Another common way that hackers and scammers try to infect your devices or steal your information is by sending you malicious attachments or links. These can be disguised as legitimate emails, messages, or websites, but they can contain malware, phishing or ransomware. To avoid falling for these traps, you should always check the sender, the subject, and the content of any attachment or link before opening it. If you are not sure, do not open it or click on it.
4) Use antivirus protection
Antivirus protection is essential for keeping your computer and data safe from malicious attacks. The recent exploits allow hackers to run malware remotely by sending custom Excel attachments and allow hackers to overload your browser and gain access to your system.
So, the best way to protect yourself is to have antivirus protection installed and actively running on all your devices. It will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked. Find my review of Best Antivirus Protection here.
The best way to protect yourself is to have antivirus protection installed and actively running on all your devices. (Kurt “CyberGuy” Knutsson)
MORE: THE NEW IPHONE SECURITY THREAT THAT ALLOWS HACKERS TO SPY ON YOUR PHONE
What to do if you’ve been hacked
If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:
Change your passwords
If hackers have recorded your passwords using a keylogger, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original iOS version. But, you should back up your important data before doing this, and only restore it from a trusted source.
MORE: GOT A CREDIT CARD FRAUD ALERT? HOW CROOKS SWIPE YOUR PAYMENT CARD DETAILS
Kurt’s key takeaways
The recent exploits targeting Google Chrome and Microsoft Excel are a reminder of how vulnerable our devices and data can be to cyberattacks. Hackers are always looking for new ways to exploit the software we use every day, and we need to be vigilant and proactive in protecting ourselves. By following the steps we outlined above, you can reduce the risk of falling victim to these attacks and keep your computer and data safe. Remember, prevention is better than cure, and the best defense is a good offense.
Which aspect of the cyberthreats discussed in the article concerns you the most, and why? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Updates to [@]Grok Account
We have implemented technological measures to prevent the Grok account from allowing the editing of images of real people in revealing clothing such as bikinis. This restriction applies to all users, including paid subscribers.
Additionally, image creation and the ability to edit images via the Grok account on the X platform are now only available to paid subscribers. This adds an extra layer of protection by helping to ensure that individuals who attempt to abuse the Grok account to violate the law or our policies can be held accountable.
Geoblock update
We now geoblock the ability of all users to generate images of real people in bikinis, underwear, and similar attire via the Grok account and in Grok in X in those jurisdictions where it’s illegal.
NEWYou can now listen to Fox News articles!
Mac users often assume they’re safer than everyone else, especially when they stick to official app stores and trusted tools.
That sense of security is exactly what attackers like to exploit. Security researchers have now uncovered a fresh wave of malicious Mac extensions that don’t just spy on you, but can also steal cryptocurrency wallet data, passwords and even Keychain credentials. What makes this campaign especially concerning is where the malware was found, inside legitimate extension marketplaces that many people trust by default.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Once active, GlassWorm targets passwords, crypto wallets, and even your macOS Keychain without obvious warning signs. (Cyberguy.com)
How malicious Mac extensions slipped into trusted stores
Security researchers at Koi Security uncovered a new wave of the GlassWorm malware hiding inside extensions for code editors like Visual Studio Code (via Bleeping Computer). If you’re not familiar with code editors, they’re tools developers use to write and edit code, similar to how you might use Google Docs or Microsoft Word to edit text. These malicious extensions appeared on both the Microsoft Visual Studio Marketplace and OpenVSX, platforms widely used by developers and power users.
FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE
At first glance, the extensions looked harmless. They promised popular features like code formatting, themes or productivity tools. Once installed, though, they quietly ran malicious code in the background. Earlier versions of GlassWorm relied on hidden text tricks to stay invisible. The latest wave goes further by encrypting its malicious code and delaying execution, making it harder for automated security checks to catch.
Even though this campaign is described as targeting developers, you don’t need to write code to be at risk. If you use a Mac, install extensions or store passwords or cryptocurrency on your system, this threat still applies to you.
What GlassWorm does once it’s on your Mac
Once active, GlassWorm goes after some of the most sensitive data on your device. It attempts to steal login credentials tied to platforms like GitHub and npm, but it doesn’t stop there. The malware also targets browser-based cryptocurrency wallets and now tries to access your macOS Keychain, where many saved passwords are stored.
Researchers also found that GlassWorm checks whether hardware wallet apps like Ledger Live or Trezor Suite are installed. If they are, the malware attempts to replace them with a compromised version designed to steal crypto. That part of the attack isn’t fully working yet, but the functionality is already in place.
To maintain access, the malware sets itself up to run automatically after a reboot. It can also allow remote access to your system and route internet traffic through your Mac without you realizing it, turning your device into a quiet relay for someone else.
Some of the malicious extensions showed tens of thousands of downloads. Those numbers can be manipulated, but they still create a false sense of trust that makes people more likely to install them.
7 steps you can take to stay safe from malicious Mac extensions
Malicious extensions don’t look dangerous. That’s what makes them effective. These steps can help you reduce the risk, even when threats slip into trusted marketplaces.
1) Only install extensions you actually need
Every extension you install increases risk. If you’re not actively using one, remove it. Be especially cautious of extensions that promise big productivity gains, premium features for free or imitate popular tools with slightly altered names.
2) Verify the publisher before installing anything
Check who made the extension. Established developers usually have a clear website, documentation and update history. New publishers, vague descriptions or cloned names should raise red flags.
These malicious extensions looked like helpful tools but quietly ran hidden code once installed. (Cyberguy.com)
3) Use a password manager
A password manager keeps your logins encrypted and stored safely outside your browser or editor. It also ensures every account has a unique password, so if one set of credentials is stolen, attackers can’t reuse it elsewhere.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
HOW HACKERS ARE BREAKING INTO APPLE DEVICES THROUGH AIRPLAY
4) Run strong antivirus software on your Mac
Modern macOS malware doesn’t always drop obvious files. Antivirus tools today focus on behavior, looking for suspicious background activity, encrypted payloads and persistence mechanisms used by malicious extensions. This adds a critical safety net when something slips through official marketplaces.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5) Consider a personal data removal service
When your data leaks, it often spreads across data broker sites and breaches databases. Personal data removal services help reduce how much of your information is publicly available, making it harder for attackers to target you with follow-up scams or account takeovers.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Turn on two-factor authentication (2FA)
Enable 2FA wherever possible, especially for email, cloud services, developer platforms and crypto-related accounts. Even if a password is stolen, 2FA can stop attackers from logging in.
7) Keep macOS and your apps fully updated
Security updates close gaps that malware relies on. Turn on automatic updates so you’re protected even if you miss the headlines or forget to check manually.
Mac users often trust official app stores, but that trust is exactly what attackers are counting on. (Kurt “CyberGuy” Knutsson)
Kurt’s key takeaway
GlassWorm shows that malware doesn’t always come from shady downloads or obvious scams. Sometimes it hides inside tools you already trust. Even official extension stores can host malicious software long enough to cause real harm. If you use a Mac and rely on extensions, a quick review of what’s installed could save you from losing passwords, crypto or access to important accounts.
When was the last time you checked the extensions running on your Mac? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
BMW teased its forthcoming all-electric M-series performance sedan today, promising that the quad-motor M3 sports car would feature specs that are truly next level when it arrives in 2027.
The M3 will have four electric motors and simulated gear shifting, a feature that is quickly becoming a must-have for electrified sports cars. BMW says the setup unlocks the benefits of both rear and all-wheel drive, with the ability to decouple the front axle.
The electric M3 will also be built on BMW’s Neue Klasse platform that promises more efficient batteries, lightning fast charging, and higher powered computers. The architecture will be 800-volt, the regenerative braking will be highly efficient, and if the camouflaged pictures are any indication, it will be a real looker on the streets.
Speaking of computers, the M3 will have four of them, unified under its oddly named “Heart of Joy” component that aggregates all the traction, stability, and electric motor management functions of the vehicle. That means when software updates are made available, the vehicle’s brain will be able to receive them over-the-air faster than BMW’s current processors.
The M3’s simulated gear shifting will feature a “newly developed soundscape” that “channels pure emotion.” Like other automakers, BMW is loath to alienate its loyal M-series customers by giving them all the torque but none of the gearing feedback. And now a fake “soundscape” will accompany all that shifting. Porsche, Hyundai, and Dodge are also on board the fake EV gear shifting bandwagon.
X claims it has stopped Grok from undressing people, but of course it hasn’t
Armed Kurdish fighters try to breach Iran border as regional threat grows amid protests: reports
Hochul endorses legislation to allow New Yorkers to sue ICE agents: ‘Power does not justify abuse’
Forcing an early wake-up time could harm your health, sleep doctors warn
Mike Tomlin’s exit was unexpected as Steelers begin rare coaching search, team president says
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Hochul endorses legislation to allow New Yorkers to sue ICE agents: ‘Power does not justify abuse’
Iran reopens airspace after closure to most flights amid US attack threats
Trump says he’s been assured Tehran has stopped killing protesters as Iran reopens its airspace – live
Republicans light cigars, cigarettes on burning photos of Khamenei to show support for Iranian protesters
EU Parliament questions defence loan’s ‘€17 billion gift’ to Hungary
-
Montana4 days agoService door of Crans-Montana bar where 40 died in fire was locked from inside, owner says
-
Technology1 week agoPower bank feature creep is out of control
-
Delaware6 days agoMERR responds to dead humpback whale washed up near Bethany Beach
-
Dallas, TX6 days agoAnti-ICE protest outside Dallas City Hall follows deadly shooting in Minneapolis
-
Dallas, TX1 week agoDefensive coordinator candidates who could improve Cowboys’ brutal secondary in 2026
-
Education1 week agoVideo: This Organizer Reclaims Counter Space
-
Virginia4 days agoVirginia Tech gains commitment from ACC transfer QB
-
Iowa1 week agoPat McAfee praises Audi Crooks, plays hype song for Iowa State star