Login
A cross platform GUI app for browsing LDAP and will direct YOLO into a Neo4J database, it comes with LDAP/LDAPS browsing capabilities, it'll run standalone and you can modify it how you like.
This class by Bill Roberts (a core maintainer in the tpm2-software organization), provides a comprehensive introduction to Trusted Platform Module (TPM) 2.0 programming using the Python-based tpm2-pytss library. Designed for developers, security engineers, and researchers, the course covers both foundational TPM 2.0 concepts and practical hands-on development techniques for interacting with TPM hardware and simulators.
Students will learn the architecture and security goals of TPM 2.0, the structure of TPM objects, and how to work with cryptographic keys, non-volatile storage, platform configuration registers (PCRs), and authorization policies. Through the use of the tpm2-pytss library, participants will develop Python applications that interface with the TPM to perform tasks such as key provisioning, sealing and unsealing secrets, attestation, and policy-based access control.
Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. Based on beta testing this class takes a median of 13 hours to complete.
Hey everyone,
We just published our 2025 Supabase Security Best Practices Guide, based on findings and common misconfigurations we’ve seen during recent pentest engagements.
It’s a rolling article that we plan to keep updating over time as new issues come up — we still have a few more findings to post about, but wanted to share what we’ve got so far.
If you’re running Supabase in production (or planning to), it might help you double-check RLS, Edge Functions, Vault, and other areas where we often see mistakes.
Happy to hear feedback, and we’d love to know if you’ve run into similar issues.
Hey folks,
I’ve recently launched a Pentesting Weekly Digest where I cover the most important updates in pentesting, red teaming, CVEs, and cybersecurity news — all in one short weekly post.
Each issue includes:
My goal is to make it a useful resource both for beginners learning offensive security and for professionals who want a quick overview of the week’s highlights.
👉 Here’s the latest issue: https://open.substack.com/pub/yaroslavbui/p/pentesting-weekly-digest-september?r=r84oh&utm_campaign=post&utm_medium=web
I’d love if you could:
Your input will help me shape this into something that’s actually useful for the community. Thanks in advance! 🙏
The landscape of online threats targeting children has evolved into a complex web of dangers that extend far beyond simple scams. New research from McAfee reveals that parents now rank cyberbullying as their single highest concern, with nearly one in four families (22%) reporting their child has already been targeted by some form of online threat. The risks spike dramatically during the middle school years and peak around age 13, precisely when children gain digital independence but may lack the knowledge and tools to protect themselves.
The findings paint a troubling picture of digital childhood, where traditional dangers like cyberbullying persist alongside emerging threats like AI-generated deepfakes, “nudify” technology, and sophisticated manipulation tactics that can devastate young people’s mental health and safety.
Cyberbullying and harassment are devastating to young people’s digital experiences. The research shows that 43% of children who have encountered online threats experienced cyberbullying, making it the most common threat families face. The impact disproportionately affects girls, with more than half of targeted girls (51%) experiencing cyberbullying compared to 39% of boys.
The peak vulnerability occurs during early adolescence, with 62% of targeted girls and 52% of targeted boys aged 13-15 facing harassment online. For parents of teen daughters aged 13-15, cyberbullying ranks as the top concern for 17% of families, reflecting the real-world impact these digital attacks have on young people’s well-being.
The emergence of AI-powered manipulation tools has introduced unprecedented risks to children’s online safety. Nearly one in five targeted kids (19%) have faced deepfake and “nudify” app misuse, with rates doubling to 38% among girls aged 13-15. These statistics become even more alarming when considering that 18% of parents overall list AI-generated deepfakes and nudify technology among their top three concerns, rising to one in three parents (33%) under age 35.
The broader landscape of AI-generated content exposure is widespread, with significant implications for how children understand truth and authenticity online. The research underscores the challenge parents face in preparing their children to navigate an environment where sophisticated forgeries can be created and distributed with relative ease.
“Today’s online threats aren’t abstract risks — families are facing them every day,” said Abhishek Karnik, head of threat research for McAfee. “Parents’ top concerns are the toll harmful content, particularly cyberbullying and AI-generated deepfakes, takes on their children’s mental health, self-image, and safety. That’s why it’s critical to pair AI-powered online protection with open, ongoing conversations about what kids encounter online. When children know how to recognize risks and misinformation and feel safe talking about these issues with loved ones, they’re better prepared to navigate the digital world with confidence.”
As digital threats become more sophisticated, parents find themselves increasingly outpaced by both technology and their children’s technical abilities. The research reveals that nearly half of parents (48%) admit their child knows more about technology than they do, while 42% say it’s challenging to keep up with the pace of evolving risks.
This knowledge disparity creates real vulnerabilities in family digital safety strategies. Only 34% of parents feel very confident their child can distinguish between real and fake content online, particularly when it comes to AI-generated material or misinformation. The confidence crisis deepens as children age and gain more independence online, precisely when threats become most complex and potentially harmful.
The monitoring habits of families reflect these growing challenges. While parents identify late at night (56%) and after school (41%) as the times when children face the greatest online risks, monitoring practices don’t align with these danger windows. Only about a third of parents (33%) check devices daily, and 41% review them weekly, creating significant gaps in oversight during high-risk periods.
The research uncovers troubling patterns in how online safety behaviors change as children mature. While 95% of parents report discussing online safety with their children, the frequency and effectiveness of these conversations decline as kids enter their teen years. Regular safety discussions drop from 63% with younger children to just 54% with teenagers, even as threats become more severe and complex.
Daily device monitoring shows even sharper declines, plummeting to just 20% for boys aged 16-18 and dropping as low as 6-9% for girls aged 17-18. This reduction in oversight occurs precisely when older teens face heightened risks of blackmail, “scamtortion,” and other sophisticated threats. The research shows that more than half of targeted boys aged 16-18 (53%) have experienced threats to release fake or real content, representing one of the most psychologically damaging forms of online exploitation.
Online gaming platforms have become significant vectors for exploitation, particularly targeting boys. The research shows that 30% of children who have been targeted experienced online gaming scams or manipulation, with the rate climbing to 43% among targeted boys aged 13-15. These platforms often combine social interaction with financial incentives, creating opportunities for bad actors to manipulate young users through false friendships, fake rewards, and pressure tactics.
The emotional and social impact of online threats creates lasting effects that extend well into children’s offline lives. Among families whose children have been targeted, the consequences reach far beyond momentary embarrassment or frustration. The research shows that 42% of affected families report their children experienced anxiety, felt unsafe, or were embarrassed after online incidents.
The social ramifications prove equally significant, with 37% of families dealing with issues that spilled over into school performance or friendships. Perhaps most concerning, 31% of affected children withdrew from technology altogether after negative experiences, potentially limiting their ability to develop healthy digital literacy skills and participate fully in an increasingly connected world.
The severity of these impacts has driven many families to seek professional support, with 26% requiring therapy or counseling to help their children cope with online harms. This statistic underscores that digital threats can create trauma requiring the same level of professional intervention as offline dangers.
Creating a foundation for open dialogue about digital safety starts with establishing clear expectations and boundaries. McAfee’s Family Tech Pledge provides parents with a structured framework to initiate these crucial conversations with their children about responsible device use. Currently, few families have implemented formal agreements about technology use, representing a significant opportunity for improving digital safety through collaborative rule-setting.
A technology pledge serves as more than just a set of rules, it becomes a collaborative tool that helps parents and children discuss the reasoning behind safe online practices. By involving children in the creation of these agreements, families can address age-appropriate concerns while building trust and understanding. The process naturally opens doors to conversations about the threats identified in the research, from predators and cyberbullying to AI-generated content and manipulation attempts.
These agreements work best when they evolve alongside children’s digital maturity. What starts as basic screen time limits for younger children can expand to include discussions about social media interactions, sharing personal information, and recognizing suspicious content as they enter their teen years. The key is making the technology pledge a living document that adapts to new platforms, emerging threats, and changing family circumstances.
While conversations and agreements form the foundation of digital safety, today’s threat landscape requires technological solutions that can keep pace with rapidly evolving risks. McAfee’s Scam Detector represents a crucial additional layer of defense, using artificial intelligence to identify and flag suspicious links, manipulated content, and potential threats before they can cause harm.
The tool’s AI-powered approach is particularly valuable given the research findings about manipulated media and deepfake content. With AI-generated content becoming weapons used against children, especially teenage girls, automated detection becomes essential for catching threats that might bypass both parental oversight and children’s developing digital literacy skills.
For parents who feel overwhelmed by the pace of technological change, 42% report struggling to keep up with the risk landscape, Scam Detector provides professional-grade protection without requiring extensive technical knowledge. It offers families a way to maintain security while fostering the trust and communication that the research shows is essential for long-term digital safety.
The technology is especially crucial during the high-risk periods identified in the research. Since 56% of parents recognize that late-night hours present the greatest danger, and monitoring naturally decreases during these times, automated protection tools can provide continuous vigilance when human oversight is most difficult to maintain.
The research reveals that addressing online threats requires a comprehensive approach combining technology, communication, and ongoing education. Parents need practical tools and strategies that can evolve with both the threat landscape and their children’s developing digital independence.
Effective protection starts with pairing parental controls with regular, judgment-free conversations about harmful content, coercion, and bullying, ensuring children know they can seek help without fear of punishment or restrictions. Teaching children to “trust but verify” by checking sources and asking for help when something feels suspicious becomes especially important as AI-generated content makes deception increasingly sophisticated.
Keeping devices secure with updated security settings and AI-powered protection tools like McAfee’s Scam Detector helps create multiple layers of defense against evolving threats. These technological safeguards work best when combined with family agreements that establish clear expectations for online behavior and regular check-ins that maintain open communication as children mature.
This comprehensive analysis is based on an online survey conducted in August 2025 of approximately 4,300 parents or guardians of children under 18 across Australia, France, Germany, India, Japan, the United Kingdom, and the United States. The research provides crucial insights into the current state of children’s online safety and the challenges families face in protecting their digital natives from increasingly sophisticated threats.
The data reveals that today’s parents are navigating unprecedented challenges in protecting their children online, with peak vulnerability occurring during the middle school years when digital independence collides with developing judgment and incomplete knowledge of online risks. While the threats may be evolving and complex, the research shows that informed, proactive families who combine technology tools with open communication are better positioned to help their children develop the skills needed to safely navigate the digital world.
The post From Cyberbullying to AI-Generated Content – McAfee’s Research Reveals the Shocking Risks appeared first on McAfee Blog.
With the recent npm/Node.js supply chain incident (phished maintainer, 18 packages briefly shipping crypto-stealing code), I wanted to share a small project:
Typo squat Detective, a 2-3 minute browser game to practice spotting look-alike domains.
It covers:
• Numbers ↔ letters (1 ↔ l, 0 ↔ o)
• Unicode homoglyphs (Cyrillic/Greek lookalikes)
• Punycode (xn--) tricks
Play it here: https://typo.himanshuanand.com/
Curious to hear which tricks fooled you and if you would like more levels/brands.
Sam M. has spent more than 20 years building websites, testing systems, and managing technology projects. He knows code, he understands how the internet works, and he’s trained to spot digital red flags. None of that stopped him from losing $13,000 to scammers.
“I’ve been around long enough that I should have seen it coming,” Sam admits. “But when you’re looking for work, you’ve got blinders on. You just want something to work out.”
His story reflects a growing reality. McAfee data shows that job-related scams have exploded by over 1,000% from May through July 2025, making Sam part of a massive wave of Americans facing increasingly sophisticated employment fraud. But here’s what’s empowering: with the right protection, these scams can be spotted before they hit you and your wallet.
Sam’s scam started with what looked like a legitimate opportunity: a polished website offering part-time work reviewing products online. The site had all the right elements: professional design, user authentication, and a logical process. Even his wife, who warned him that “if it sounds too good to be true, it probably is,” had to admit the pay rates weren’t unrealistic.
“I thought it was worth a try,” Sam said. “I’ve built websites, and this one looked okay. You had to log in, authenticate. Everything seemed legit.”
This sophisticated approach reflects how job scammers have evolved. They’re no longer sending obviously fake emails with spelling errors. Today’s scammers study real job platforms, mimic legitimate processes, and exploit the specific language that job seekers expect to see. McAfee’s analysis shows scammers are particularly focused on benefits-related terms like “resume,” “recruit,” “maternity,” and “paternity” to make their offers sound more credible. The good news? Advanced scam detection technology can automatically identify these sophisticated tactics before you even encounter them.
The scam followed a classic pattern – establish trust, then exploit it. Sam was paired with a trainer, guided through reviewing products, asked to upload screenshots. Then came the crucial moment.
“That first payout, a couple hundred dollars, hooked me,” Sam recalled. “I thought, this is working. This is real.”
But once Sam was invested, the ground shifted. A “special product” appeared, and suddenly his account showed a negative balance. The trainer explained he needed to deposit money to continue. It seemed reasonable at first, but it was the beginning of a financial death spiral.
“They kept telling me, ‘Just a little more and you’ll unlock it,'” Sam said. “And I kept chasing it.”
This “advance fee” model has become increasingly common in job scams. Victims are asked to pay for training materials, background checks, or equipment. Each payment is followed by a request for more money, creating a cycle that’s psychologically difficult to break.
Sam’s experience fits into a much larger crisis, but understanding the scope helps us stay ahead of it. According to McAfee data, 45% of Americans say they’ve either personally experienced a job search scam or know someone who has. That means nearly half the country has been touched by employment fraud in some way.
The reach extends beyond individual stories. Nearly 1 in 3 Americans (31%) report receiving job offer scams via text message, showing how these schemes have moved beyond email into our daily conversations. People now receive an average of 14 scam messages daily across all platforms. Email job scams alone rose 60% between June and July 2025, with “resume” being the most frequently used lure word. But here’s what’s encouraging: when scams can be identified automatically, people can stay one step ahead of scammers before any damage occurs.
By the time Sam extracted himself from the scam, he was down more than $13,000. His loss reflects broader trends: McAfee research shows scam victims lose an average of $1,471 per scam, with $12 billion reported lost to fraud in 2024 alone, up 21% from the previous year. But the financial loss wasn’t the worst part for Sam.
“I was furious at them, but also at myself,” he said. “I’m supposed to know better. I felt stupid. I felt worn out.”
This emotional impact extends beyond individual embarrassment. These schemes attack people when they’re already vulnerable, turning the search for legitimate work into another source of stress and suspicion.
“It wears you down,” Sam explained. “Every time you think you’ve found something good, it turns out to be a scam. You get beat down again. And you start to wonder if you’ll ever find something real.”
The solution isn’t to stop trusting altogether. It’s having the right tools to confidently distinguish between what’s real and what’s fake before you click.
Despite his losses, Sam maintains perspective about his situation. He knows people who’ve lost everything to scams, including their homes and savings.
“As hard as this was, I didn’t lose everything,” he said. “My family’s life didn’t have to change. Others aren’t so lucky.”
Now Sam sticks to established job platforms like LinkedIn and Glassdoor, avoiding websites that promise easy money. He’s also committed to sharing his story as a warning to others.
“I got caught, I admit it,” he said. “But I’m not the only one. And if telling my story helps someone else stop before it’s too late, then it’s worth it.”
The reality is that in today’s digital landscape, where people receive 14 scam messages daily, individual vigilance alone isn’t enough. What’s needed is automatic protection that works in the background, identifying suspicious texts, emails, and videos before you even encounter them. McAfee’s Scam Detector provides exactly that: real or fake? Scam Detector knows.
Sam’s experience highlights several warning signs that job seekers should recognize, but modern scam protection goes far beyond manual vigilance:
Traditional Warning Signs:
Lightning-fast alerts: With McAfee’s Scam Detector, you get automatic alerts about suspicious texts, emails, and videos before you click. The technology automatically identifies risky messages using advanced AI, so you don’t have to wonder what’s real and what’s fake online.
The explosive growth in job scams, with their 1,000%+ increase over just a few months, shows this challenge isn’t disappearing. But as scam technology evolves, so does scam protection. Intelligence and experience alone aren’t enough to combat well-crafted deception, but automatic detection technology can identify these sophisticated schemes before they reach you.
Sam’s story reminds us that anyone can be targeted, but with the right protection, you can spot scams before they hit you and your wallet. In a job market where people receive multiple suspicious messages daily, confidence comes from knowing you have technology working in the background to distinguish what’s real from what’s fake. With proactive scam protection designed with you in mind, you can enjoy the peace of a scam-free search and focus on finding legitimate opportunities. Real or fake? You’ll know before you click.
The post How a Tech Expert Lost $13,000 to a Job Scam appeared first on McAfee Blog.
Hey folks,
I wrote a technical breakdown of a vulnerability I discovered in Google Drive Desktop for Windows. It allows one user to copy the DriveFS cache from another user profile and gain full access to their Google Drive without any re-authentication.
The issue: Google Drive does not reverify the identity tied to the local DriveFS cache.
Anyone with local access can copy that cache and impersonate another Drive user. Violates basic Zero Trust and user isolation principles.
Google reviewed and responded that it is “not a security vulnerability.”
I also discuss why this violates NIST, ISO 27001, SOC 2, and even GDPR/HIPAA compliance expectations.
📖 Full article here: 👉 The Hidden Google Drive Flaw Nobody Talks About
The article explores the implementation of our ICMP detection module, detailing the engineering process and how the ICMP Echo Stream (iStream) assembler played a key role in designing its core detection rules.
Hey r/netsec,
As a security researcher, I've been exploring ways to leverage AI for more effective code audits. In my latest Medium article, I dive into a complete end-to-end walkthrough using Hound, an open-source AI agent designed for code security analysis. Originally built for smart contracts, it generalizes well to other languages.
What's in the tutorial:
At the end of the article, we create a quick proof-of-concept for one of the tool's findings.
The full post Is here:
Use it responsibly for ethical auditing only.
Struggling to get an existing handle of a browser's process which already has tthe Cookies file open and can't dump the cookies?
Extreme situations require extreme measures!
Learn about the new critical CVE-2025-43300 vulnerability that allows RCE on iOS & macOS by clicking on the post link.
This class by Xeno Kovah (founder of OST2) teaches about the 30+ types of Bluetooth data that the Blue2thprinting software can collect and surface for when you're trying to determine what a device is, and whether it has any known vulnerabilities. New in v2.0+ is the BTIDALPOOL crowd-sourcing server for researchers to push & pull data about devices they've discovered.
Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. Based on beta testing this class takes an median of 8 hours to complete (and an average of 9 hours, with a min of 4h30m and max of 15h22m.)
The new Bluetooth learning path showing this class's relationship to others under development is available here: https://ost2.fyi/Bluetooth.html
Losing your phone or having it stolen can feel like a nightmare, especially when you consider the treasure trove of personal information stored on your device. From banking apps and email accounts to social media profiles and payment methods, smartphones contain virtually our entire digital lives. When a criminal or pickpocket gains access to your phone, they potentially have the keys to your identity, finances, and online presence. However, acting quickly and methodically can help minimize the risks and protect you from identity theft and financial fraud.
Online safety advocate Amy Bunn emphasizes the scope of this vulnerability: “What many people don’t realize is how much information is stored or accessible through their phone — not just apps, but things like saved passwords, cloud backups, and multi-factor authentication codes. If someone gains access, they can move quickly to impersonate you or steal your identity. Features like remote wipe, app-specific PINs, and identity monitoring may not feel urgent until something goes wrong — but having them in place can make a big difference in how quickly you can recover and how much damage you can prevent.” The reality is sobering, criminals with access to your phone can make unauthorized purchases, hack into your accounts, and even steal your identity to open new credit lines in your name. But by following these nine critical steps immediately after discovering your phone is missing, you can significantly reduce the potential damage and protect your most sensitive information.
Before taking any drastic measures, start with the obvious: try calling your phone from another device. You might hear it ring nearby, or someone who found it might answer and be willing to return it. If this doesn’t work, turn to your phone’s built-in tracking capabilities.
For iPhone users, Apple’s Find My service allows you to see your device’s location on a map, play a sound to help locate it, and even view its last known location if the battery has died. Android users can access Google’s Find My Device with similar functionality. Both services can be accessed from any computer or other device by logging into your Apple or Google account. These tracking tools not only help you locate your phone but also provide remote control options that become crucial if recovery seems unlikely.
If you can’t physically retrieve your phone or suspect it’s in the wrong hands, immediately lock it remotely. This creates an additional barrier between a potential thief and your personal information, preventing access to your apps, messages, emails, and saved payment methods.
Both iPhone and Android devices offer remote locking capabilities through their respective tracking services. You can also set a custom message to display on the lock screen with your contact information, which could help if someone honest finds your phone and wants to return it. For iPhone users, this means accessing iCloud.com or using the Find My app on another Apple device, selecting your lost phone, and choosing “Mark as Lost.” Android users can visit android.com/find, select their device, and choose “Secure Device” to lock it and display a custom message.
While law enforcement may not actively search for your stolen phone, filing a police report creates an official record that can prove invaluable if you need to dispute fraudulent charges or deal with insurance claims. When you visit your local police department, bring as much information as possible about when and where your phone was lost or stolen.
Having your phone’s IMEI number (International Mobile Equipment Identity) or serial number available will strengthen your report. You can usually find these numbers in your phone’s settings, on the original packaging, or through your carrier’s account portal. This documentation becomes particularly important if criminals use your phone to commit further crimes or if you need to prove to financial institutions that fraudulent activity resulted from theft.
Your next call should be to your mobile carrier to suspend service on your stolen or lost device. This prevents unauthorized calls, texts, or data usage that could result in unexpected charges on your bill. More importantly, it helps protect your account from being hijacked or used to access two-factor authentication codes sent to your number.
Most major carriers can also blacklist your stolen device, making it much harder for thieves to use even if they manage to bypass the screen lock. When you contact your carrier, ask about temporary suspension options if you’re still hoping to recover your phone, or proceed with permanent cancellation if you’re ready to move to a replacement device. Many carriers also offer insurance programs that may help cover the cost of a replacement phone.
Even with remote locking enabled, sophisticated criminals may find ways to access your stored information. This makes securing your online accounts one of the most critical steps in protecting yourself from identity theft. Your phone likely has saved passwords, active app sessions, and stored payment information that could be exploited.
Start by changing passwords for your most sensitive accounts, particularly email, banking, and financial services. Focus on creating strong, unique passwords that would be difficult for criminals to guess. McAfee’s Password Manager can secure your accounts by generating and storing complex passwords and auto-filling your info for faster logins across devices. Next, remotely sign out of all apps and services that were logged in on your stolen device. Most major platforms, including Google, Apple, Microsoft, and social media sites, offer account security settings where you can view active sessions and log out of all devices remotely. This step is crucial because it prevents thieves from accessing your accounts even if they bypass your phone’s lock screen.
Consider this an opportunity to enable two-factor authentication on accounts that support it, adding an extra layer of security for the future. While you’re at it, monitor your online and financial accounts closely for any suspicious activity, unauthorized transactions, or login attempts from unfamiliar locations.
Your stolen phone likely contains mobile payment apps like Apple Pay, Google Pay, or individual retailer apps with stored credit card information. Criminals can potentially use these payment methods to make unauthorized purchases, so removing them quickly is essential for protecting your finances.
For Apple Pay users, marking your device as lost through Find My iPhone will automatically suspend Apple Pay on that device. Alternatively, you can manually remove payment methods by signing into your Apple ID account at appleid.apple.com, selecting your lost device, and choosing to remove all cards. Google Pay users should visit payments.google.com, navigate to payment methods, and remove any cards linked to the compromised device.
Don’t stop there – contact your bank or credit card issuer directly to alert them about the potential for fraud. They can freeze or cancel the cards linked to your mobile payment apps and monitor for any suspicious transactions. Review your recent statements carefully and report any charges that weren’t made by you. Most financial institutions have straightforward fraud dispute processes and will work quickly to resolve unauthorized transactions.
When all hope of recovering your phone is lost, remote data erasure becomes your final line of defense against identity theft. This nuclear option wipes all stored data, settings, media, and personal information from your device, ensuring that criminals can’t access your photos, contacts, passwords, financial information, or any other sensitive data.
Both iPhone and Android devices offer comprehensive remote wipe capabilities through their respective tracking services. For iPhone users, this means accessing Find My and selecting “Erase iPhone,” which will restore the device to factory settings and remove all personal information. Android users can accomplish the same thing through Find My Device by selecting “Erase Device.”
Keep in mind that once you erase your phone remotely, you’ll lose the ability to track it further, so make sure you’ve exhausted all other options first. However, the peace of mind that comes from knowing your personal information can’t be accessed often outweighs the slim chance of recovery.
Criminals with access to your phone may attempt to exploit your personal relationships by impersonating you in messages or calls to your contacts. They might send urgent requests for money, ask for sensitive information, or attempt to trick your friends and family into various scams using your trusted identity.
As Amy Bunn warns, “Unfortunately, a stolen or lost phone often triggers the next wave of problems — scams. Criminals may use your personal details to send convincing phishing messages or pose as you to friends and family. That’s why tools like scam detection, identity monitoring, and security alerts matter. They not only help people lock down their accounts quickly but also give them an early warning when fraudsters try to take advantage of the situation.”
Reach out to your closest contacts through alternative communication methods to warn them that your phone has been compromised. Let them know to be suspicious of any unusual requests coming from your number and to verify your identity through a different channel if they receive anything questionable. This proactive step can prevent your loved ones from becoming secondary victims of the crime.
Once you’ve accepted that your phone is truly gone, it’s time to focus on getting back online securely. Check with your mobile carrier about replacement options, as some plans include insurance coverage that can significantly reduce the cost of a new device. Even if you don’t have insurance, carriers often offer payment plans for replacement phones.
When you get your new device, you’ll be able to restore your data from cloud backups like iCloud or Google Drive. This is why maintaining regular automatic backups is so important – they ensure you don’t lose photos, contacts, app data, and other important information permanently. During the setup process, take the opportunity to review and strengthen your security settings based on what you’ve learned from this experience.
The theft of your phone represents just one potential pathway to identity theft, but it’s often one of the most impactful because of how much personal information our devices contain. While following the steps above can help minimize immediate damage, comprehensive protection requires ongoing vigilance and professional monitoring services.
McAfee’s Identity Protection offers multiple layers of defense that can alert you to potential identity theft before it becomes a major problem. Through comprehensive identity monitoring, McAfee identifies your personal information across the dark web and various databases, providing early warnings when your data appears in places it shouldn’t. This includes monitoring of social security numbers, government IDs, credit card numbers, bank account details, email addresses, and phone numbers – often alerting users up to 10 months earlier than similar services.
The credit monitoring component keeps watch over changes to your credit score, reports, and accounts, sending timely notifications when new accounts are opened, credit inquiries are made, or suspicious activity is detected. This early warning system can help you catch identity thieves before they cause significant financial damage. Perhaps most importantly, if you do become a victim of identity theft in the U.S., McAfee provides up to $2 million in identity theft coverage and restoration support for select McAfee+ plans.
While no one plans to have their phone stolen, taking preventive measures can significantly reduce the potential impact if it happens to you. Enable device tracking features like Find My or Find My Device before you need them, and make sure you know how to access these services from other devices. Use a strong passcode or biometric authentication that would be difficult for thieves to guess or bypass quickly.
Consider adding a PIN to your SIM card to prevent thieves from removing it and using it in another device. Maintain regular automatic backups to cloud services so you won’t lose important data permanently if your phone disappears. Most importantly, review and limit the amount of sensitive information you store directly on your device and consider using additional authentication methods for your most critical accounts.
Record your phone’s IMEI number and serial number in a safe place where you can access them if needed for police reports or insurance claims. These small preparatory steps can save significant time and stress if the worst happens.
Phone theft is just one of many ways criminals can gain access to your personal information and identity. In our interconnected digital world, comprehensive protection requires a multi-layered approach that goes beyond device security. Data breaches at major companies, phishing attacks, social engineering scams, and various online threats all pose risks to your identity and financial well-being.
This is where integrated protection services like McAfee+ become invaluable. Rather than trying to manage multiple security concerns separately, comprehensive identity and device protection provides peace of mind through continuous monitoring, early warning systems, and professional restoration support when things go wrong. The goal isn’t just to react to problems after they occur, but to prevent them from happening in the first place and to minimize their impact when prevention isn’t enough.
Having your phone stolen is stressful enough without worrying about the long-term consequences for your identity and finances. By following these nine essential steps quickly and methodically, you can significantly reduce the potential damage and protect yourself from becoming a victim of identity theft. Remember, the key is acting fast – every minute counts when it comes to protecting your digital life from criminals who might have gained access to your most personal information.
The post What to Do if Your Phone is Stolen or Lost: 10 Steps to Protect Your Identity appeared first on McAfee Blog.
As another school year begins, the digital landscape our children navigate has become increasingly complex. With artificial intelligence tools now readily available and social media platforms evolving rapidly, considering creating a family technology pledge has never been more crucial, or more challenging.
Gone are the days when we simply worried about screen time limits. Today’s parents must address everything from AI-assisted homework to the growing threat of deepfake cyberbullying. The technology shaping our kids’ lives isn’t just about phones and social media anymore—it’s about preparing them for a world where artificial intelligence is reshaping how they learn, communicate, and express themselves.
Recent research from the Pew Research Center shows that 26% of students aged 13-17 are using ChatGPT to help with their assignments, double the number from 2023. Meanwhile, surveys reveal that between 40 and 50 percent of students are aware of deepfakes being circulated at school. These statistics underscore a reality many parents aren’t prepared for: our children are already immersed in an AI-powered world, whether we’ve given them permission or not.
The key to successful digital parenting in 2025 isn’t necessarily about banning technology—it’s about having intentional, educational conversations that prepare our children to use these powerful tools responsibly. We need to acknowledge that technology is here to stay, so the best thing we can do is accept it’s here, educate our kids on how to use it safely, and introduce boundaries and rules to help keep them protected.
For any pledge to be effective, lasting, and conflict-free, we need to shift the focus from simply setting rules to creating an open, constructive dialogue that helps all family members use technology in healthy ways. The most successful technology pledges are created collaboratively, not decided without collaboration. This ensures everyone feels included and that the guidelines reflect your family’s unique needs and values.
The most important consideration in tailoring a pledge to your kids’ ages and maturity levels, and to your family’s schedule. There’s no point making pledges that don’t reflect your children’s actual technology use or your family’s realistic expectations. Remember, this is about starting conversations and creating a framework for ongoing dialogue, not a rigid set of rules that’s destined to fail.
One of the biggest changes in recent years is the need to address AI tools like ChatGPT, Claude, and other learning platforms. Rather than trying to catch assignments written by AI, many schools are now launching programs that include AI Learning Modes, recognizing that these tools can be valuable when used appropriately.
The benefits of AI assistance in education are significant and shouldn’t be ignored. AI can serve as a personalized tutor, explaining complex concepts in multiple ways until a student understands. It can help students with learning differences access the curriculum more effectively, and students working in a second language can use these tools to level the playing field. When used properly, AI can enhance critical thinking by helping students explore different perspectives on topics and organizing their thoughts more clearly.
However, the risks of over-reliance on AI are equally real and concerning. New research has shown that overreliance on AI might erode our ability to think critically, and critical thinking skills are essential for success in the real world. Students may become dependent on AI for basic problem-solving, missing opportunities to develop their own analytical skills and unique voice. Academic integrity concerns arise when AI does the work instead of supporting learning, potentially undermining the entire educational process.
Your family technology pledge should address these nuances.. Children should understand that they will use AI tools to enhance their learning, not replace it. This means always disclosing when they’ve used AI assistance on assignments, using AI to explain concepts they don’t understand while still working through problems themselves, and never submitting AI-generated work as their own original thinking. They should learn to ask AI to help with organizing thoughts, not creating them, and use AI to check their work for errors while ensuring the ideas and solutions remain their own.
The rise of AI-generated content has created unprecedented risks for students, particularly regarding deepfake technology. Research shows that girls are most often targeted by deepfake images, and for victims, the emotional and psychological impact can be severe and long-lasting. What’s particularly alarming is that one photo posted online is all that’s needed to create a deepfake, making this a potential risk for every student.
Parents should help their children become mindful of what photos they share on social media, understanding that any image could potentially be misused. Children must understand that they should never participate in group chats or conversations where deepfakes are being shared, even passively. They need to recognize that creating deepfakes of others, even as a “joke,” can cause serious psychological harm and that possession of manipulated sexual imagery involving minors is illegal.
Creating a family technology pledge isn’t about limiting your child’s potential—it’s about empowering them to navigate an increasingly complex digital world safely and ethically. The emergence of AI tools and deepfakes is forcing families to have important conversations about ethics, empathy, and responsibility that previous generations never had to consider.
The goal isn’t to create a perfect document that anticipates every possible scenario. Instead, it’s to establish a foundation for ongoing dialogue about how technology can enhance rather than detract from your family’s values and your child’s growth into a thoughtful, responsible digital citizen. To help parents and guardians start discussions, we’ve created a first draft Technology Pledge that you can use to start a discussion with your family. Click here to download McAfee’s Technology Pledge
The digital landscape will continue to evolve, but the fundamental principles of kindness, honesty, and critical thinking remain constant. By creating a thoughtful technology pledge and maintaining open dialogue about digital challenges, you’re giving your child the tools they need to thrive in whatever technological environment they encounter. Start the conversation today. Your child’s digital future depends on it.
The post How to Create a Family Technology Pledge appeared first on McAfee Blog.
Bypassing TLS certificate verification in 5 major TLS libraries with a LD_PRELOAD lib.
FreshRSS 