Ransomware is dead, blackmail is next. Hackers have changed the rules of the game. Here’s what you need to stay on top of.
Stop saving passwords in browsers, seriously
Bing Image Creator
I got an email from a listener named Jim K., and it’s the kind of note that sticks with you.
“I checked Have I Been Pwned and found one account breached twice, another nine times, and another five times. I keep my usernames and passwords in Notes. I don’t let websites store my credit card info, but I do reuse passwords. I’m not sure I trust password managers. And I really don’t want to change every password the next time there’s a breach.”
Jim, you’re not alone. Most people, especially smart, careful folks like you, are in the exact same boat. That’s why I’m sharing this.
🔓 Reused passwords = a hacker’s dream
Once a password is leaked, hackers use credential stuffing to try logging in across hundreds of sites. And when you reuse passwords, you’ve made their job a whole lot easier.
Here’s what’s happening behind the scenes:
- Bots run 24/7, plugging stolen or breached logins into banks, shopping sites, retirement accounts, even church donation portals.
- Hackers sell your info on the dark web, and multiple criminals buy and exploit it.
- One breach can lead to financial fraud, identity theft and years of cleanup.
And no, your Notes app won’t protect you. It’s not encrypted, and if someone gets into your phone or iCloud, they’ve got your entire digital life. Stop that now. Browser-stored passwords? Same problem, they’re often just a click away from being stolen.
🛡️ The fix
This is where a dedicated password manager comes in. It’s not some clunky tech tool. It’s like autofill, but encrypted and actually safe.
- Every account gets a strong, unique password.
- You only need to remember one master password.
- It syncs securely across your devices.
- You can share logins the right way (not over text).
- And when a breach happens, you update one password, not 30.
I get the hesitation. I was skeptical, too. But I’ve tested dozens of options, and the one I trust with my own accounts is NordPass. Full disclosure: They’re a longtime sponsor of my national radio show. They use zero-knowledge encryption, so not even NordPass can see inside your vault.
Ransomware hackers upped the game, and it’s personal
Bing Image Creator
If you read one thing today, let it be this, because the rules of ransomware have officially changed, and not in a “Yay, innovation!” kind of way.
For years, the scam was simple: Hackers locked up your computer, holding your files hostage and demanding a ransom in Bitcoin for a promise to give your data back.
Don’t click that pic: Heads up! There’s a new WhatsApp scam where random numbers send you a photo with “Is this you?” Spoiler alert: It’s not you. Don’t open it. That image is loaded with hidden malware. One tap, and hackers can break into your phone, grab your data, even blackmail you. Turn off auto-downloads now, and don’t trust random “friends.”
✈️ On the go? Your data’s going with you: Public Wi-Fi at hotels, airports and cafés, it’s a gold mine for hackers. That’s why I never travel without ExpressVPN. One tap, and my connection is encrypted and secure no matter where I am. Fast, private and works on all your devices. Travel smart. Stay safe. Get 4 extra months at ExpressVPN.com/Kim.
Why your VPN isn’t enough
ChatGPT
“Hi, Kim, I’ve heard you talk about VPNs. Will using one make me anonymous online?” — Dennis in Texas
Great question, Dennis, and one a lot of people ask. A VPN (virtual private network) is one of the best tools for privacy, but it’s not a magic invisibility cloak. There’s a lot of hype out there, so let’s set the record straight.
Plug the leaks in your digital life
ChatGPT
Hackers, scammers and snoopers are getting slicker every day. Your gear should, too. I did the digging (so you don’t have to) and found the best tools to outsmart them. Let’s check them out!
RFID blocking cards ($5, 50% off) stop fraud before it even starts. Slip one into your wallet, and forget it’s there. Your ID and financial info stays safe and sound.
We may earn a commission from purchases, but our recommendations are always objective.
🤖 AI joins the dark side: Add this to your “uh-oh” tech list. Google found the first real case of hackers using AI-powered malware. Two strains, PromptFlux and PromptSteal, can rewrite their own code mid-attack, hide from detection and even chat with hackers through prompts. One’s already been linked to the Russian military. It’s early tech, but a big reminder the bad guys have AI, too.
💻 So those new AI browsers? I’m talking about ones like OpenAI’s Atlas and Perplexity’s Comet. Turns out they’ll hand your email to anyone who asks nicely, or sneakily. Hackers are hiding invisible “commands” in websites that trick your AI sidekick into leaking info. Basically, your browser’s a golden retriever with your bank login. Don’t use them yet, I’ll let you know when they’re safe.
🚗 Shaq’s hacked: Have you seen a $180,000 Range Rover custom fit for a 7’1” massive human being? It’s probably Shaquille O’Neal’s, which straight-up disappeared while being shipped from Atlanta to Louisiana. Authorities think hackers hijacked the transport company’s computers, rerouted the delivery and stole the SUV. A $10,000 reward’s up, but for now … big man’s down a big ride.
♣️ Hackers, hustlers and high rollers: This is nuts. The feds unsealed an indictment straight out of Ocean’s Eleven, full of poker tables with hidden cameras, hacked Deckmate shufflers, even contact lenses that read cards. 30+ people, including the NBA’s Chauncey Billups, Damon Jones and Terry Rozier, were charged in a $7 million poker scam tied to Mafia families. Maybe your uncle blaming the game for being “rigged” was actually onto something. But also, maybe he’s just bad at poker.
Your email’s probably in there: Uh-oh. News of 183 million new stolen logins has hit the digital grapevine, making it a total 15.3 billion accounts. The leaks came from “infostealer” malware, which is fancy talk for hackers rifling through your digital junk drawer. Plug your email into this site. You might not like the results, but at least you’ll know. If it does show up: Change the password everywhere, enable multifactor authentication, use a password manager and go on high-alert for phishing emails. If your info’s floating around after a breach, Incogni can help you get it removed, and you can grab 60% off right now.
🩻 Ransomware meets radiology: Hackers hit one of the largest U.S. radiology chains, SimonMed Imaging, exposing data from 1.2 million patients. The Medusa ransomware gang claims it stole 212 GB, including scans, IDs and payment info. SimonMed says no fraud yet, which feels about as comforting as “it’s just a sprain” before you see the X-ray bill.
Your password is too short. Let’s fix that
ChatGPT
I hate passwords. They are a total pain in the butt. Now don’t kill the messenger…
Hackers have amped up their game and are using powerful AI software that can rip through millions of password combinations in seconds. Brace yourself, your password really needs to be at least 20 characters, and there should be a completely different one for each account.
🐭 Mouse wiretap: A UC research team discovered hackers can eavesdrop using gaming mice. Those ultrasensitive sensors that help with fast aiming? They also detect minute desk vibrations from your voice. Feed that into an AI model, and voilà, a rough transcript of your conversations. Finally, I feel heard, but not in a good way.
🚨 There’s a new Y2K bug: Meet Y2K38. It’s what happens when older tech hits a digital wall in January 2038 and thinks it’s 1901. (Talk about a throwback.) Hackers aren’t waiting around, either. They can mess with systems right now using fake GPS signals and bogus time stamps. We’re talking cars, printers, even nuclear subs going haywire. What can you do? The usual smart stuff: Keep your devices updated, turn off auto time-sync if it seems sketchy, and don’t let old gear connect to weird networks.
⚠️ Check this iPhone setting: In iOS 26, Apple added a default that automatically trusts wired accessories when your phone is unlocked. That means plugging it into a public USB charger could let hackers steal your data. Go to Settings > Privacy & Security > Wired Accessories and change Automatically Allow When Unlocked to Always Ask. Smarter move: Use a power bank.
We may earn a commission from purchases, but our recommendations are always objective.
📎 PDF = Pretty Deceptive File: Think PDFs are safe because they’re “just documents”? Nope. A new tool kit called MatrixPDF lets hackers secretly bake malicious code, fake overlays or phishing traps into what look like normal, trusted PDFs. Paired with AI tools like SpamGPT, that same file you thought was harmless could be weaponized and distributed at scale. Most security filters don’t flag anything until after you click, so staying cautious is more important than ever.
🤖 Extortion, but make it software: Just a reminder, Microsoft’s killing Windows 10, and support ends Oct. 14. I’m sure hackers have the date penciled in their calendar. That’s 400 million computers going vulnerable overnight. Want security? Pay up, or replace your whole machine. Low-income families, seniors, remote workers, kids with homework? Too bad, Microsoft doesn’t care. See my new PC recommendations here.
We may earn a commission from purchases, but our recommendations are always objective.
Top scams spreading right now
ChatGPT
Every crime has a setup. In five recent cases, scammers turned online breadcrumbs into jackpots. I want you to know how to make sure you’re not their next payday.
Scammers stalk grief like predators. A Pennsylvania widow was conned out of her entire life savings, over $200,000 plus her home, by a romance scammer she met on Facebook. A 63-year-old widower sold his condo and wired $80,000 to a “friend” who convinced him to invest in a sure thing.