Los Thuthanaka basically came out of nowhere last year to capture Pitchfork’s album of the year with their self-titled debut. Because it wasn’t available on streaming, it largely flew under the radar. I honestly kind of forgot about it until Pitchfork gave it the number one spot in its year-end list. In retrospect, I’m not entirely sure how, though. Los Thuthanaka sounds like nothing else. It’s joyous, jagged, and sounds like it’s being blasted out of a broken Bluetooth speaker in your neighbor’s backyard — it’s glorious.

The follow-up EP Wak’a turns down the tempo and smooths some of the sharper edges. It uses the same sound palette of blown-out speakers and sampled traditional Bolivian instruments that’s equal parts pluderphonics and psychedelic rock. But Wak’a is just as indebted to shoegaze. Its chord progressions and melodies are more wistful, the guitars drenched in fuzz and reverb. There are horns and keys that peek through the mix like half-forgotten memories of other songs.

Siblings Chuquimamani-Condori and Joshua Chuquimia Crampton deliver an aural interpretation of the Aymara creation legend of the first sunrise over the course of three songs, lasting just 18 and a half minutes. If you buy Wak’a on Bandcamp, the download includes a PDF created in collaboration with Ch’ama Native Americas that tells the story in the Aymara language.

Fittingly, the EP feels like a world emerging from darkness. The opening track “Quta (capo-kullawada)” starts with a low synth drone and chirping crickets before an Eno-esque guitar melody and loping distorted drum line kick in. “Wara Wara (capo-kullawada)” is beautiful, but also terrifying. The wall of sound is oppressive and startling in the way you might expect the first burning rays of sunlight would be to people who had existed in perpetual night beforehand. It eventually reaches the sort of cathartic apex that many musicians spend their whole careers chasing as horns, keyboards, growling vocals, and asymmetrical guitars all collide in a chaotic inferno.

By comparison, “Ay Kawkinpachasa? (capo-kullawada)” is a soothing comedown, despite its undeniably dense arrangement where individual instruments are increasingly difficult to pick out. There are what sound like accordion, fiddle, and keys all fighting for the same sonic real estate, and stuttering guitars eventually take over just in time for the EP to end.

For those who found the group’s self-titled record a touch too abrasive, this EP offers a more approachable introduction to their unique sound. Los Thuthunaka’s Wak’a is available now on Bandcamp.

Your phone lock screen is supposed to be your last line of defense. If your device gets lost or stolen, that PIN or passcode should keep strangers out of your photos, messages and financial apps. But researchers have found a serious flaw that can break through those protections on certain Android phones in less than a minute.

Once exploited, attackers can recover your phone’s PIN, unlock encrypted storage and even extract sensitive data such as cryptocurrency wallet seed phrases. Security researchers estimate that roughly one in four Android phones could be affected, particularly budget phones.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com –  trusted by millions who watch CyberGuy on TV daily. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.  

ANDROID FIXES 129 SECURITY FLAWS IN MAJOR PHONE UPDATE

All about the Android hacking flaw

A newly disclosed vulnerability, tracked as CVE-2026-20435 in the National Vulnerability Database, affects some Android phones powered by MediaTek, a major smartphone chip maker based in Taiwan that competes with companies like Qualcomm. These phones use a security component called Trustonic’s Trusted Execution Environment (TEE), which is designed to keep sensitive data, such as encryption keys, protected from the rest of the system.

It stores cryptographic keys that help keep your device encrypted and secure, even if someone tries to tamper with it. However, security analyses of the vulnerability indicate that these protections may be bypassed on affected devices.

By connecting a phone to a computer using a USB cable, an attacker with physical access may be able to exploit the flaw during the early boot process, potentially exposing sensitive data before full security protections are enforced. Think of it like accessing the master key before the safe door even closes. Once attackers gain access to these low-level components, they may be able to access encrypted storage without needing your PIN.

In a worst-case scenario, this type of access could allow attackers to extract highly sensitive information, including personal photos, stored passwords, private messages, financial data, and crypto wallet credentials. If seed phrases for crypto wallets are exposed, attackers could drain funds permanently.

What are Android makers doing about this

There’s limited action manufacturers can take on their own since the issue originates at the processor level, which is manufactured by MediaTek. The company says it has released a firmware patch addressing the vulnerability. However, the update must still be distributed by individual phone manufacturers through security updates. Depending on the device and whether it is still supported, that update could arrive quickly or not at all.

The good thing is that this attack requires physical access to the phone and a USB connection to a computer. That means it cannot be done remotely over the internet. However, if your phone is stolen, briefly confiscated, or even taken during a repair, the attacker could potentially extract sensitive information.

If you’re not sure whether this vulnerability affects your mobile device, you can look up your phone on a platform like GSMArena or your vendor’s website to see which SoC it uses, then cross-check it with MediaTek’s March security bulletin under CVE-2026-20435. You can log onto corp.mediatek.com/product-security-bulletin/March-2026 to review the list of affected chipsets and confirm whether your device may be at risk.

CyberGuy reached out to MediaTek for comment, but did not hear back before our deadline.

NEW ANDROID ATTACK TRICKS YOU INTO GIVING DANGEROUS PERMISSIONS

How to tell if your phone is affected

So how do you know if your phone is actually at risk? Not every Android phone is vulnerable. The issue primarily affects devices that use certain MediaTek processors. Here’s how to check your phone:

1) Find your phone model

Go to Settings > About phone and look for your exact model name.

2) Look up your processor (chip)

Search your phone model on a site like GSMArena or your manufacturer’s website to find the processor (also called the SoC).

3) Check if it uses MediaTek

If your phone uses a MediaTek chip, it may be affected. Devices with Qualcomm Snapdragon or Google Tensor chips are not part of this specific issue.

4) Install the latest security updates immediately

Check your phone’s system update settings and install any available updates from your manufacturer.  Go to Settings > Software update and install any available updates. MediaTek has already released a fix, but phone makers must distribute it. Installing updates quickly ensures you receive the firmware patch if your device manufacturer has released it.

7 ways you can protect your phone from getting hacked

If your phone uses one of the affected chips, a few simple precautions can help reduce the chances of someone accessing your data if the device ever falls into the wrong hands.

1) Install strong antivirus protection

A security app cannot fix this processor-level flaw. However, it can still help protect your phone from other threats that often follow stolen or compromised devices. It will not stop this specific exploit, but it can detect malicious apps, spyware, and suspicious activity that attackers may install after gaining access. That extra layer of monitoring can help stop additional data theft if your device ever falls into the wrong hands. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

2) Avoid keeping sensitive information on your phone

If you store things like cryptocurrency wallet seed phrases, recovery codes, or sensitive documents in notes apps or screenshots, consider moving them to a secure offline location. If someone extracts your phone’s data through this vulnerability, that information could be exposed.

3) Keep physical control of your phone

This exploit requires someone to physically connect your phone to a computer. Do not leave your device unattended in public places, and be cautious when handing it to repair shops or unknown technicians. Physical access dramatically increases the risk.

4) Use strong screen locks and auto-lock settings

While the vulnerability bypasses encryption on affected devices, strong lock settings still protect against many other threats. Use a longer PIN or passcode instead of simple patterns, and enable automatic locking after short periods of inactivity.

5) Protect accounts with two-factor authentication

Even if attackers gain access to data on your phone, two-factor authentication (2FA) can stop them from logging into your online accounts. Enable it for email, banking apps, cloud storage, and social media wherever possible.

6) Use a password manager

A password manager stores your login credentials in a secure, encrypted vault instead of leaving them scattered across apps and notes. If someone compromises your device, the password manager still protects your accounts with strong encryption, forcing attackers to break through another security layer before they can access your logins. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

7) Enable USB restricted mode (if available)

Some Android devices limit USB data access when locked. Turning on this setting can reduce the risk of unauthorized data extraction through a wired connection, especially in situations where someone briefly gains physical access to your phone. On Samsung phones running the latest software:

Settings may vary slightly depending on your Samsung model and software version.

Go to Settings

Tap Lock screen

Then, tap Secure lock settings

Enter your current PIN, then tap Continue

Enable “Lock network and security” (or a similarly named option) to help block USB data access while your device is locked.

Kurt’s key takeaway

This vulnerability exposes a deeper issue with the Android ecosystem. Even when chipmakers release a fix, millions of phones depend on manufacturers to deliver updates that may never arrive, especially for cheaper devices that lose support quickly. We often assume our lock screen and encryption will protect our data if a phone is lost or stolen. However, incidents like this show that protection is only as strong as the update policies behind it. When devices stop receiving security patches, those protections quietly weaken over time.

Should phone manufacturers be required to guarantee security updates for several years if their devices contain critical encryption vulnerabilities? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com –  trusted by millions who watch CyberGuy on TV daily. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com.  All rights reserved.  

Target is offering a great deal to some Target Circle members that knocks $30 off the cost of two Nintendo Switch and Switch 2 games. The sale is happening for the rest of the day, expiring at 2:59AM ET on April 5th. If you sign in with the free-to-join membership, you might be able to add two eligible games to your cart, then watch the prices fall at checkout.

There are 224 eligible games (some physical, some digital), and many of Nintendo’s biggest hits from the past year and beyond are here, including Switch 2-exclusive games like Donkey Kong Bananza, Kirby Air Riders, Mario Kart World, Mario Tennis Fever, and more (I didn’t see Pokémon Pokopia in the list, though).

This deal is worth hopping on whether you intend to gift these games, or just get them for yourself. Discounts on Nintendo-published games are rare, and it’s quite a nice perk that Target Circle members have in getting to choose the games they want to save on.

While each of the games that I mentioned ship on cartridges that don’t require a bunch of your console’s internal storage (just enough for save data), there are some Switch 2 games that ship on Game Key Cards. Those cartridges, once inserted into the console, simply grant you the ability to download a copy from the Nintendo eShop onto your console. Game sizes varies, but you may want to pick up a microSD Express card to add more storage on top of the Switch 2’s 256GB built-in SSD. This 256GB Samsung model is $59 at Amazon.