Getting added to the wrong group chat is a common problem, but what if that group chat is describing an upcoming military strike? That’s what happened to The Atlantic editor-in-chief Jeffrey Goldberg, who was added to a Signal group chat formed by high-ranking members of the Trump administration to discuss plans for military strikes on Yemen. As a result, he had the details of a bombing attack targeting the Houthis hours before it actually occurred on March 15th, facts later confirmed not only by the attacks going off on schedule but in comments from National Security Council spokesman Brian Hughes, who said they are “reviewing how an inadvertent number was added to the chain.”

The 18 members of the chat — named “Houthi PC Small group” — appear to have included vice president JD Vance, defense secretary Pete Hegseth, and national intelligence director Tulsi Gabbard, all freely chatting with The Atlantic’s editor-in-chief listening in. Goldberg says he’s unsure how he was added or how no one on the thread noticed his presence. Discussions of classified military plans are generally not supposed to take place on consumer messaging apps.

Signal’s end-to-end encryption is intended to keep messages secure from snooping by outside parties, but if someone’s device is compromised or if the wrong person is on the other end of the conversation, its security features go out the window. According to national-security lawyers Goldberg consulted, the app isn’t approved for sharing classified information, and the chat never should’ve been established in the first place. By discussing military activity on unapproved devices outside of secure facilities, they created the possibility that one of their devices could be lost or stolen, with all of the information exposed.

After explosions were reported in Yemen, the group members exchanged celebratory emoji — a flexed bicep, an American flag, and a fist bump. Goldberg even witnessed Vance saying “I am not sure the president is aware how inconsistent this is with his message on Europe right now.” Vance’s spokesperson, William Martin, is quoted downplaying the comments, saying that “The President and the Vice President have had subsequent conversations about this matter and are in complete agreement.”

Asked about the report and chat during a press conference Monday, Trump said, “I don’t know anything about it. You– you’re telling me about it for the first time.”

Do you remember Apple’s “Privacy. That’s iPhone” marketing campaigns? If you’re not aware, the company likes to portray its products as being synonymous with privacy. However, the recent wave of security vulnerabilities affecting iPhones and Macs suggest Apple’s products may not be as secure as advertised.

A recent security blunder only reinforces this point. Security researchers discovered that Apple’s built-in password manager app, Passwords, was vulnerable to phishing attacks for nearly three months after launch. This meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a lookalike phishing site to steal your login credentials.

Stay protected & informed! Get security alerts & expert tech tips – sign up for Kurt’s The CyberGuy Report now.

What you need to know

Security researchers at Mysk, noticed that Apple’s Passwords app, introduced with iOS 18 in September 2024, had a significant security flaw that left users vulnerable to phishing attacks for nearly three months.

The app used unencrypted HTTP connections instead of the more secure HTTPS to fetch logos and icons displayed alongside stored passwords. This allowed attackers on the same network, such as public Wi-Fi at a coffee shop or airport, to intercept these requests and potentially redirect users to phishing sites designed to steal login credentials.

The issue remained unresolved from iOS 18’s launch in September 2024 until Apple fixed it in December 2024, leaving users exposed for nearly three months. If someone opened the Passwords app and tapped a link, like “Change Password,” while connected to an insecure network, an attacker could intercept the request and redirect them to a fraudulent site mimicking a legitimate one, such as a fake Yelp login page. Since the app did not enforce HTTPS, users might not notice the switch, putting their sensitive information at risk.

A woman on her iPhone (Kurt “CyberGuy” Knutsson)

HOW TO PROTECT AN IPHONE & IPAD FROM MALWARE IN 2025

Apple has fixed the issue now

Apple addressed the problem after security researchers from Mysk reported it in September 2024. The iOS 18.2 update, released in December, patched the vulnerability by enforcing HTTPS for all network communications within the Passwords app, making it much harder for attackers to intercept or redirect traffic.

If you’re using an iPhone or iPad with the Passwords app, ensure your device is updated to iOS 18.2 or later. This ensures you’re protected from this vulnerability. If you haven’t updated yet and used the app on public Wi-Fi between September and December 2024, consider changing passwords for any accounts you accessed during that period, just to be safe. 

How to update the software on your iPhone

Follow the steps to update your iPhone or iPad:

• Tap on Settings
• Tap on General
• Tap on Software Update
• If an update is available, it will give you the option to download and install

Software update (Kurt “CyberGuy” Knutsson)

YOUR IPHONE HAS A HIDDEN FOLDER EATING UP STORAGE SPACE WITHOUT YOU EVEN KNOWING

6 ways you can stay safe from hackers targeting your passwords

Apple’s recent security blunder with the Passwords app highlights the importance of taking steps to protect your digital identity. Here are some ways you can stay safe from hackers targeting your passwords.

1) Use a reliable password manager: Apple apps are generally more secure than third-party options, but the Passwords app clearly wasn’t. The fact that the security vulnerability existed for three months before Apple fixed it proves that Apple needs to put more emphasis on keeping customer data secure. I’d suggest opting for a reliable password manager instead of relying on Apple’s offering. Get more details about my best expert-reviewed password managers of 2025 here.

2) Enable two-factor authentication (2FA): It’s good to have a password manager, but you know what’s even better? 2FA. Adding an extra layer of security with 2FA can prevent hackers from accessing your accounts, even if they steal your password. Use authentication apps like Google Authenticator, Microsoft Authenticator or hardware security keys instead of SMS-based codes, which are vulnerable to SIM-swapping attacks.

3) Avoid public Wi-Fi for sensitive activities and use a VPN: Hackers can exploit unsecured public networks to intercept your login credentials. If you must access sensitive accounts on public Wi-Fi, use a VPN to encrypt your internet traffic and prevent attackers from snooping on your data. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. A reliable VPN is essential for protecting your online privacy and ensuring a secure, high-speed connection. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

4) Beware of phishing attacks and install strong antivirus software: You can have all the protection in the world but a phishing email or SMS can still cause havoc. Hackers often use fake login pages to trick you into entering your credentials. Always verify URLs before entering login details, avoid clicking on suspicious links in emails or messages. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5) Keep your devices updated: Regularly update your devices and software to ensure you have the latest security patches.

6) Regularly monitor all your accounts: Monitor your accounts for suspicious activity and report any unusual transactions or login attempts to Apple.

APPLE RELEASES EMERGENCY SECURITY UPDATE FOR SERIOUS VULNERABILITY

Kurt’s key takeaway

Three months is a long time for a security flaw in a password manager to go unpatched, especially from a company that presents itself as a leader in privacy and security. This incident highlights a troubling reality. Apple’s security measures are not infallible, and even built-in system apps can expose users to serious risks. While the fix eventually arrived, it should not have taken this long for such a fundamental issue to be addressed. If Apple wants to maintain its privacy-first image, it needs to do better by ensuring more rigorous security testing before launch.

Do you think Apple is doing enough to stay ahead of evolving cyber threats or are there additional steps the company should take to protect its users? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Alert: Malware steals bank cards and passwords from millions of devices.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

DNA testing firm 23andMe has filed for Chapter 11 bankruptcy protection to help the company sell itself after years of financial difficulties. Anne Wojcicki, 23andMe’s co-founder and CEO, announced on X that she has resigned with immediate effect to become an independent bidder for the company, with chief financial and accounting officer Joe Selsavage stepping in as interim CEO.

“After a thorough evaluation of strategic alternatives, we have determined that a court-supervised sale process is the best path forward to maximize the value of the business,” Mark Jensen, chair and member of the Special Committee of the Board of Directors, said in a statement. “We expect the court-supervised process will advance our efforts to address the operational and financial challenges we face, including further cost reductions and the resolution of legal and leasehold liabilities.”

23andMe says that it intends to “continue operating its business” throughout the bankruptcy proceedings and that customer’s access to data and subscriptions won’t be affected.

“We have had many successes but I equally take accountability for the challenges we have today,” Wojcicki said. “There is no doubt that the challenges faced by 23andMe through an evolving business model have been real, but my belief in the company and its future is unwavering.”