A new year means new threats to your data, privacy, and money (not to mention the old ones that you still have to keep an eye out for). Thankfully, improving your security doesn’t have to be difficult, and we have plenty of tips to help you do exactly that. For starters, check out our rundown of the biggest online scams surging in the new year, as well as some firsthand reporting on what security experts worried about in 2026.
The biggest thing you might notice, though, is that cybercrime is big business now. You’re less likely to be hacked by an individual in their mom’s basement than you are to get duped by a convincing phishing attack originating from a cubicle farm somewhere across the globe. Criminals operate entire offices full of workers deploying ransomware on any system they can access, sending thousands of phishing texts (here’s how to put a stop to those), or, as we reported this week, stuffing emails with malicious QR codes to convince you to hand over sensitive information.
Protecting your security isn’t just an online thing, though. We just updated our guide to locking down your phone before you head out to a protest, which you should definitely review before you hit the streets. We also reported last week that scammers are sending phishing emails to capitalize on collective anger over the US Immigration and Customs Enforcement (ICE). Bottom line, don’t let your emotions override your good sense, and you’re no good to any cause you want to join if you don’t also make sure to protect yourself first.
Finally, if you got one of those password reset emails from Instagram, Meta (which owns Instagram) says you can safely ignore it. The company denies any data breach, but I’ll say this: if you have the opportunity to change a password for a service that may or may not have been hacked, just go ahead and change it. Keep it in a password manager so it’s strong, secure, and you don’t have to worry about it again. While you’re at it, enable two-factor authentication if you can, so even if your password is lost, your account won’t be.
Bad Vibes: Comparing the Secure Coding Capabilities of Popular Coding Agents
Researchers from Tenzai, a security company that studies the use of AI for information security, looked into some of the most popular AI coding agents, including those used for vibe coding, where you can just tell an AI agent what you’d like to build and let it do the rest of the work for you. Their full report is out on their blog, and it reveals which of the most popular AI-powered coding tools have security vulnerabilities that really need a look from their developers. Interestingly, Replit, the coding agent that notoriously deleted a user’s entire codebase and then apologized for doing so, earned top scores, including no critical vulnerabilities (although it had plenty of high and medium/low ones). Meanwhile, Anthropic’s Claude had many more issues, including several critical vulnerabilities.
The bottom line, though, is that there were no real “winners” in the study. Every agent the Tenzai team examined had issues, but on the bright side, they point out that some of them are less concerning than others. They also note that when clear, strong security guardrails are in place for those agents, they’ll deliver secure code. The entire report is fairly technical, so if you have a development background, you’ll get more from it. Even if you don’t, but are as concerned about AI and security as we are, it’s worth a read.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Beijing Tells Chinese Firms to Stop Using US and Israeli Cybersecurity Software
Back in 2024, the US Government banned the sale of Kaspersky security products, citing concerns that the Russian company may have ties to the Russian government. Now, the Chinese government has essentially done the same to American security companies, according to a new Reuters report. According to sources speaking to Reuters, Chinese government officials have asked domestic companies to avoid purchasing security technology from American and Israeli companies, including names like Mandiant, CrowdStrike, McAfee, and others. Some of those companies don’t have a footprint in China and don’t sell products to Chinese businesses, but for those that do, they may be forced to sell their own branches to local firms to run instead.
Recommended by Our Editors
Of course, this isn’t exactly related to the Kaspersky ban, but it’s evidence that what happens in one place can easily happen in another, considering the current political climate. Part of the impetus here is that relations between the United States and China continue to sour, in part due to tariffs. Additionally, the Chinese government has been encouraging domestic firms to avoid using foreign-made security tools due to concerns about spying. In short, the same thing American consumers have heard about Chinese companies, including Huawei and DJI.
FTC Bans GM From Selling Drivers’ Location Data for Five Years
Everything is data these days, and data is money to the companies eager to collect it. For example, a year ago, the Federal Trade Commission banned General Motors from selling or sharing driver data with third parties. When the FTC made the move, it came as a surprise to many who didn’t know that if you were subscribed to OnStar or signed up for the Smart Driver program, GM collected precise driving data such as braking habits, speeding habits, nighttime driving, and even geographic location, every few seconds. Unfortunately, they also shared and sold that data with other firms, including ones that then turned it over to insurance companies, who could use the information to raise rates or deny coverage, according to the FTC complaint.
Now, a year later, the FTC has outright banned GM from sharing or selling driver location and driving information for 5 years, according to reporting by Bleeping Computer. Additionally, the order requires GM to clarify and obtain explicit consent from drivers before collecting the data in the first place, which was a point of contention in the original complaint. For its part, GM said in a statement that it had already sunset the Smart Driver program, and has spent the last year taking steps to protect drivers’ privacy and comply in advance with the order.
About Our Expert
Alan Henry
Managing Editor, Security
Experience
I’ve been writing and editing stories for almost two decades that help people use technology and productivity techniques to work better, live better, and protect their privacy and personal data. As managing editor of PCMag’s security team, it’s my responsibility to ensure that our product advice is evidence-based, lab-tested, and serves our readers.
I’ve been a technology journalist for close to 20 years, and I got my start freelancing here at PCMag before beginning a career that would lead me to become editor-in-chief of Lifehacker, a senior editor at The New York Times, and director of special projects at WIRED. I’m back at PCMag to lead our security team and renew my commitment to service journalism. I’m the author of Seen, Heard, and Paid: The New Work Rules for the Marginalized, a career and productivity book to help people of marginalized groups succeed in the workplace.
Read Full Bio
