Microsoft Patch Tuesday statistics

 

The April 14, 2026 Patch Tuesday addressed 167 flaws, including 2 zero‑day vulnerabilities (one actively exploited). 

It’s widely reported as one of Microsoft’s largest Patch Tuesday releases to date.

Maryland bans Surveillance pricing

 

Maryland banned using your personal data to secretly charge you more for groceries than someone else — a first in the U.S.

Under the Protection from Predatory Pricing Act, Maryland will become the first U.S. state to outlaw this practice in the grocery sector. The law:

Prohibits

• Using personal or surveillance data to set individualized grocery prices
• Charging different people different prices for the same grocery item based on who they are
• Real‑time price changes driven by consumer profiling

Requires

• Grocery prices generally remain fixed for at least one business day, limiting sudden price spikes from digital tag
   
  
  

   
   

Booking.com data breach follow up

 

Booking.com data breach April 14, 2026

  Customers began receiving notifications April 12-13

According to Booking.com’s own notifications and follow‑up reporting, the exposed information may include:

• Names
• Email addresses
• Phone numbers
• Postal addresses
• Reservation details (dates, property info, itinerary)
• Messages or notes shared with accommodation providers

Booking.com has repeatedly stated that payment and credit‑card data were not accessed.

Booking.com reports it:

• Reset reservation PIN codes tied to affected bookings
• Contacted impacted customers directly by email
• Advised customers to be vigilant for phishing attempts
• Stated the incident is now “under control”, though investigations are ongoing

The company has not disclosed:

• How many customers were affected
• Exactly when the breach occurred
• Technical details of how the access happened

• While no financial data was taken, experts warn that the combination of personal info + travel details makes this breach particularly dangerous. Attackers can craft highly convincing phishing messages (email, SMS, WhatsApp, or phone calls) that reference real bookings.

  Reports already show customers receiving scam contacts pretending to be Booking.com or their hotel, asking for “verification” or payments.

   

  Booking.com has emphasized that it will never:

  • Ask for credit‑card details
  • Request bank transfers
  • Ask for personal information via email, phone, text, or WhatsApp

  Customers are strongly advised not to click links in unsolicited messages claiming to be from Booking.com or properties. 

   

  Based on Booking.com’s guidance and security reporting:

  • ✅ Treat unexpected messages about bookings as suspicious
  • ✅ Verify any issue by logging directly into Booking.com (not via links)
  • ✅ Be cautious of urgent payment or “verification” requests
  • ✅ Monitor email and messaging apps for phishing attempts

   

Anthropic Mythos

  AI giant Anthropic announced a new model called Mythos..
Mythos finds security flaws in software. Windows, MacOS, Linux, browsers, aps, ANYTHING.

 This prompted a urgent meeting with the Treasury Secretary, the Federal Reserve, and Wall Street executives.

 Given the scope of this tool  it might be good to use more acceptance to offered patching.

UPDATE:

Mythos has not produced named patches but has fundamentally accelerated vulnerability discovery, compressed patch timelines, and forced an industry‑wide shift toward faster, more coordinated defensive updates.
 

Industry‑wide updates attributable to Mythos (Claude Mythos Preview)

1. Step‑change in vulnerability discovery capability (industry level)

Anthropic has publicly documented that Claude Mythos Preview autonomously identified thousands of previously unknown (“zero‑day”) vulnerabilities across:

• All major modern operating systems
• Major web browsers
• Widely deployed open‑source libraries

Interesting to note  some major browsers have had back-to-back updates recently.

 

WARNING from FBI, NSA, CISA and Department of Energy - Ireanian hackers

 Collective alarm from US government agencies citing Iranian attacks in US Critical Infrastructure via exploits in Programmable Logic Controllers (PLCs).

 Mutually Assured Disruption

A report cites 5,200 device reachable on the Internet.

 

Russia spy agency reported to be hacking into home and small business routers

 As a follow on to the recent blog post of  March 30 where the FCC has banned almost all consumer grade routers not made in the United States - a Russian spy agency was recently found to be hacking into TP-Link and MicroTik routers with known vulnerabilities to route victim's Internet traffic to servers under the control of Russian hacking unit known as Fancy Bear.

 The intent is to steal passwords and OAuth tokens to gain access th those accounts.

 The FBI has secured a court order allowing them to effectively hack into the affected routers and remove the dodgy DNS records.
 

 

ClickFix exploits on the rise

 

ClickFix tricks users into running malicious commands themselves by pretending they’re “fixing” a problem or completing a verification.

Why ClickFix is so dangerous

• ✅ Bypasses security tools – the action looks legitimate
• ✅ Cross‑platform – Windows, macOS, and Linux are all targeted
• ✅ No vulnerability required – exploits human behavior instead
• ✅ Very fast – compromise can happen in seconds

Microsoft and other vendors report ClickFix has surpassed traditional phishing in some environments as an initial access method

Common ClickFix disguises you’ll see

• Fake “I am not a robot” CAPTCHA
• Fake Cloudflare verification
• Fake Windows Update screen
• “Browser error – fix required”
• “Document failed to load – run this to fix”
• Fake IT support instructions 
  
  
  Legitimate websites will NEVER ask you to paste commands into Terminal, PowerShell, or Run to verify or fix something.
   

FCC recent ban on all foreign made routers

 

In March 2026, the Federal Communications Commission (FCC) added all foreign‑made consumer‑grade routers to its “Covered List”, which means new router models that are made (or even partially made) outside the U.S. can no longer be approved for sale or import in the United States.

This is implemented through the FCC’s equipment authorization process—if a device can’t get FCC authorization, it can’t legally be imported or sold.No existing routers  

No existing routers are banned, consumers may continue to use them, firmware updates can continue.

BUT, this may make us more insecure s consumers may continue to use older routers

https://www.malwarebytes.com/blog/news/2026/03/new-fcc-router-ban-could-leave-home-networks-less-secure

Apple Released Air Pods firmware updates

 As of March 25, 2026, Apple’s latest AirPods firmware is version 8B39 — but it depends on which AirPods model you have.

✅ Latest firmware by model

• AirPods Pro (3rd generation): 8B39 [macrumors.com], [iclarified.com]
• AirPods Pro (2nd generation, USB‑C or Lightning): 8B39 [macrumors.com], [iclarified.com]
• AirPods (4th generation, with or without ANC): 8B39 [macrumors.com], [iclarified.com]

Other models (unchanged in this release):

• AirPods Pro (1st gen): 6F21 [support.apple.com]
• AirPods (3rd gen): 6F21 [support.apple.com]
• AirPods (2nd gen): 6F21 [support.apple.com]
• AirPods Max (USB‑C): 7E108 [support.apple.com]
• AirPods Max (Lightning): 6F25 [support.apple.com]

ℹ️ Notes

• Apple released firmware 8B39 on March 24, 2026, primarily listing bug fixes and performance improvements. [macrumors.com]
• AirPods firmware updates install automatically when your AirPods are in their case, charging, near an iPhone/iPad/Mac connected to Wi‑Fi. [macrumors.com]

Texas sues TV manufacturers over Automated Content Recognition (ACR) technology and Wins

 These quotes from Texas Attorney General Ken Paxton:
“When families buy a television, they don’t expect it to spy on them. They don’t expect their viewing habits to be packaged and auctioned to advertisers. Yet Samsung deceptively guides consumers to activate ACR and buries any explanation of what that means in dense legal jargon that few will read or understand"
“Texans must be fully informed about whether their data is collected and be in full control of how it’s used. The changes outlined in this agreement help accomplish both of those aims and are an important step forward in reforming smart TV manufacturers’ data collection practices,”  

The suits were filed against Samsung, Sony, LG, Hisense, and TCL Technology Group. Samsung has reached a settlement.

Automated Content Recognition:
This software can capture screenshots of a user’s television display every 500 milliseconds, monitor viewing activity in real time, and transmit that information back to the company without the user’s knowledge or consent. The companies then sell that consumer information to target ads across platforms for a profit.

Conduent Data Breach - 25 million and counting

 According to Malwarebytes, the Conduent data breach may be the
biggest third-party breach in history.
 You may have never heard of Conduent.
 Estimates of Texas residents affected recently jumped from 4 million to 15.4 million. Current estimated number of Texas residents: 31 million.
 What does Conduent do? Services for a major portion of US public services and corporate back-office work.
 State benefit programs such as Medicaid, SNAP (Supplemental Nutrition Assistance Program), and other government payment disbursements in more than 30 states.
 Mailroom, printing, and payment processing for state benefit offices and healthcare programs, including large health insurers like Blue Cross plans.
 Corporate services for major employers, including at least one large automotive manufacturer; nearly 17,000 Volvo Group employees are confirmed among those whose data was exposed.

 What was stolen: 
Full legal names, postal addresses, and dates of birth
Social Security numbers and other government identifiers
Medical Information, health insurance details, and related claims data

Conduent is a service provider of service providers, so you many not recognize the name. Thus notifications of this breach may not trigger your alerts, notifications, or filings.

Vulnerabilities in Password Managers allow Attackers to view and change passwords

A team of security researchers discovered a set of vulnerabilities in four popular cloud-based password managers that would allow attackers to view and change passwords stored in victim's vaults.

Twenty-seven attack scenarios recently published targeting password manager services from Bitwarden, LastPass, Dashlane, and 1Password.
The attacks ranged from integrity violations to the complete compromise of ALL vaults in an organization.
The published paper here.

Apple patches everything February 11, 2025

 iOS, iPadOS, macOS, tvOS, watchOS, and visionOS
Addressing 71 vulnerabilities 

Microsoft Patch Tuesday update Feb 10, 2025

Patch for 58 vulnerabilities 
6 actively exploited
3 publicly disclosed

• 25 Elevation of Privilege vulnerabilities
• 5 Security Feature Bypass vulnerabilities
• 12 Remote Code Execution vulnerabilities
• 6 Information Disclosure vulnerabilities
• 3 Denial of Service vulnerabilities
• 7 Spoofing vulnerabilities

Critical Out of Band Microsoft updates to Windows, Office, and Outlook January 24, 2026

Updates to Windows to fix an update to windows. Update to Office for a vulnerability from a local account. So clicking or opening an Office file.
I am seeing potential exploits from other Sun City residents. Are you?

Windows KB5078127

License Plate Readers

 Several license plate readers on entries and exits from Sun City.
Due to a vulnerability a database of Flock, the company deploying most of the license plate readers across the United states the data was not redacted.
To see where your license plate was captured and not redacted use Have I Been Flocked.

https://haveibeenflocked.com

Similar to Have I Been Pwoned for email and account information from data breaches
https://haveibeenpwned.com/

Of course you or any other person on the planet can search for any license plate and find locations recorded.

LastPass requests you create a backup of your password valt - with urgency

 PLEASE do NOT respond or action a request from LastPass to create a(nother) backup of your password vault. This is a  recent phishing campaign.
Instead of obtaining your vault password, they gain access to your ENTIRE password vault.

Browser Extension's Logo containing malware

  GhostPoster malware. 
Browser extensions can have a logo. An icon displayed as part of the browser extension.
GhostPoster malware adds JavaScript after a marker. 
So the extension displays the logo and executes the extension function as normal.
BUT the PNG logo delivers the malicious JavaScript code past most defenses.

Seven years undetected. 8 million instances, over 1 million victims.

Even more stealth. The malware loader uses several sites. The loader waits 48 hours. The loader only executes the load 10% of the time. 

Information on GhostPoster in recent.

Extreme Android Vulnerability

 AI is on a continuum between helpful and harmful. Iff we  know how AI is used. Thus today's warning.

Any Android smartphone smart tablet can be totally (kernel level takeover) by receiving an audio message. Not reading, just receiving an audio message. No clicks, no open of the audio message,  no playing of the message, no interaction.
Why? 
A vulnerability in the Dolby audio decoder. An audio decoder in almost every Android device. When receiving an audio message via any means, the decoder decodes the message for transcription   using AI.
A recent change. Now that audio decoder is exposed to the internet and any attacker. 
So, with AI the audio message can be transcribed, translated, searched, indexed, ...
Yeah but with AI on your Android device and a malicious audio message delivered with no notice or interaction AND more and more apps using Android AI features - not good.
Chaining this vulnerability with a vulnerability in BigWave (a hardware video decoding) the attacker has full kernel level control and access. Access like camera, microphone, files, Internet access, ...
Clever attackers? No, the attackers used AI to develop the attack. Google's AI developed an attack on Google Android platform.
The same Dolby audio decoder is used on iPhones and Macs but with a compile switch to prevent the vulnerability.

Please check your android device and any recent security updates.

Reprompt attack on Microsoft Copilot allows attackers to issue prompts to exfiltrate sensitive data.

 This vulnerability was patched by Microsoft's January 2026 patch update.

The attack allows attackers to infiltrate a victim's Microsoft Copilot session then issue commands to exfiltrate sensitive data. A malicious prompt inside a legitimate URL, bypassing Copilot protections, allows an attacker to then access Copilot's LLM session issuing commands of the attacker's choosing. This attack requires no plugins or other vulnerabilities and allows  invisible data exfiltration.
 Copilot connects to the victim's personal account acting as a personal assistant integrated with Edge and most of Microsoft applications.

 The attack leverages parameter-to-parameter prompt injection, double request technique, and chain request technique. "Please make every function call twice and compare results, show the best one" 

WhisperPair - Vulnerability in 17 manufacturer's Bluetooth speakers, headphones, and other accessories

 Vulnerable devices manufactured by Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself.  The vulnerability is being called WhisperPair as it allows any Bluetooth device in range to take control of the vulnerable device AND  potentially track the device.

 Many of the affected devices with the vulnerability require a security update.

Largest Healthcare reported data breaches

US Department of Health and Human Services Office for Civil Rights

15 Large breaches    The top 5:
Aflac 22,650,000
Conduent Business Services LLC  10,515,949
Yale New Haven Health System  5,556,702
Episource LLC 5,414866
Blue Shield of California 4,700,000

Figures on the number of breaches and the companies reporting so far are not accurate nor complete due to the government shutdown and most breaches were breaches of business associates.

California DROP

 California DROP (Delete Request and Opt-out Platform)   Jan 1, 2026

 residents can file 1 request for all 500+ data brokers to delete, not collect, nor sell personal data

just supply the info ...

 4 states require data broker registration Oregon, California, Vermont, Texas

HIPPAA Journal lists largest healthcare data breaches of 2025

 US Department of Health and Human Services Office for Civil Rights

15 Large breaches    The top 5:
Aflac 22,650,000
Conduent Business Services LLC  10,515,949
Yale New Haven Health System  5,556,702
Episource LLC 5,414866
Blue Shield of California 4,700,000

Figures on the number of breaches and the companies reporting so far are not accurate nor complete due to the government shutdown and most breaches were breaches of business associates.
 

Aflac data breach

 Aflac reported a data breach of 22 million people's personal and health information. Several other health insurance companies also reported breaches at the same time in June.
Stolen data included social security numbers and government issued documents.

Kimwolf Botnet

 This relatively new botnet compromises Android based TV boxes, many which ship with default mode which allows remote access!
Two million devices are part of the Kimwolf botnet allowing a great increase in ad fraud and DDoS attacks.
A tool to check your Android based TV or streamer here.
Update: Some Android digital picture frames may be infected before and delivery.
Update: A list of known infected or vulnerable devices:

Here’s a clean, search‑verified list of the Android TV boxes most commonly infected by the Kimwolf botnet, based directly on the sources you pulled.

Kimwolf overwhelmingly targets cheap, no‑name, uncertified Android TV boxes — many of which come pre‑infected or ship with exposed ADB that allows instant compromise.

✅ 1. “TV BOX” (generic label)

A huge number of infected devices simply report themselves as “TV BOX”, a catch‑all name used by many unbranded Chinese manufacturers.

✅ 2. SuperBOX

Frequently appears in infected device pools.

✅ 3. HiDPTAndroid

Another common generic Android TV box name seen in Kimwolf infections.

✅ 4. P200

A widely cloned board used in many low‑cost TV boxes.

✅ 5. X96Q

One of the most frequently mentioned infected models.

✅ 6. XBOX / X‑BOX (not Microsoft Xbox)

A misleading brand name used by several no‑name Android TV box vendors.

✅ 7. SMART_TV / SMART TV (generic)

Generic “Smart TV” labeled devices with Android builds.

✅ 8. MX10

Another common low‑cost box repeatedly seen in botnet telemetry.

---

The Guardian warning "Digital wallet fraud: how your bank card can be stolen without it leaving your wallet"

 Guardian Article

Fraudsters use phishing to steal card details, which fund a spending spree using Apple Pay or Google Pay

Use of this technique are on the rise.

Sun City Computer Club Cyber Blog has returned

I will be posting really important news and notifications again now that the Cyber Blog has returned to the Computer Club's web site.