1. Why Should I Change My Passwords Immediately?

Recent studies show that around 50% of online passwords are already compromised, and 41% of successful logins involve breached credentials. Common passwords like “123456” and password reuse make it easy for cybercriminals—especially with automated bots—to access multiple accounts. Changing passwords and using unique, strong credentials with multi-factor authentication is critical for security.

Starting March 28th, all Alexa requests will be processed in Amazon’s cloud, regardless of previous settings. Amazon claims this supports new AI features, but it means even users who opted out of saving voice recordings will now have all interactions recorded and sent to Amazon. This also impacts features like Voice ID, which won’t function without stored voice data. While Amazon encrypts transmissions and provides some privacy controls, this shift raises concerns about increased data collection and potential personalization for shopping.

Microsoft will stop providing free security updates for Windows 10 in October 2025, leaving charities that refurbish and donate older PCs with limited options. Many of these computers cannot run Windows 11, forcing organizations to choose between using an insecure OS, transitioning to Linux, or discarding hardware—contributing to electronic waste. While Linux is a secure, free alternative, its unfamiliar interface may pose usability challenges for some recipients, especially seniors.

StilachiRAT is a newly discovered remote access trojan (RAT) targeting cryptocurrency wallets like MetaMask and Coinbase Wallet. This malware remains undetected on infected systems, stealing sensitive data, including credentials stored in browsers like Chrome. By accessing login credentials, attackers can drain funds from wallets. StilachiRAT also collects system data, increasing victims' exposure. While not widespread yet, its advanced capabilities make it a serious threat to crypto users.

A Chinese state-sponsored hacking group remained undetected in a small Massachusetts power utility for over 300 days, showing that even lesser-known infrastructure is a target for cyber espionage. Attackers can use these breaches to test methods, gain footholds in critical networks, and extract operational data such as grid layouts. This underscores the need for robust security measures, continuous monitoring, and multi-factor authentication for all organizations, especially in critical sectors.

Anthropic CEO Dario Amodei warns that state-sponsored actors, likely from China, are trying to steal “algorithmic secrets” from US AI firms. Some critical algorithms, despite representing massive investments (potentially $100 million), are just a few lines of code, making them easy to exfiltrate if security is breached. Amodei argues that the US government should take stronger action to protect these assets from industrial espionage.

Allstate Insurance's National General unit had websites that displayed personally identifiable information (PII) in plaintext during the quote process. When users entered their name and address, the system exposed full driver’s license numbers (DLNs) of the applicant and other residents at that address. Attackers used bots to harvest at least 12,000 DLNs, leading to fraudulent claims. This highlights the importance of secure website design and responsible data handling to prevent unauthorized access.