In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers 🤷♂️), code on the edge, new data storage constructs and a completely different mechanism for even just querying a simple email address. HIBP is a continually evolving beast, and barely a week goes by that we don't implement code of significance. You don't always see it out there in the public realm, but the tweaks - in including the major one I talk about in this week's video - all add up to make the platform faster, more sustainable and if we do it right, even a bit more cost-effective to run 😊
McAfee Total Protection has been recognized with three major honors in the AV-TEST Best Awards 2025, receiving awards for Best Performance, Best Advanced Protection, and Best Usability.
Among consumer security products, McAfee was the only solution to receive both the Best Performance and Best Advanced Protection awards, highlighting its ability to deliver strong security while keeping everyday devices running smoothly.
The awards are issued by AV-TEST, an independent cybersecurity research institute that evaluates security products through thousands of lab tests each year.
Together, these recognitions reinforce what matters most for people using security software every day: protection that works quietly in the background without slowing down your system or interrupting your workflow.
Pretty big! The AV-TEST Awards recognize security products that deliver consistently strong results across independent testing throughout the year.
To qualify, products must demonstrate exceptional performance across multiple categories, including protection against modern threats, system performance impact, and usability.
In the 2025 test cycle, McAfee Total Protection earned recognition in three key areas.
Security software needs to protect your system without slowing it down.
In AV-TEST’s Windows performance testing, researchers measure how much a security solution impacts system resources during everyday tasks such as launching applications, installing programs, browsing the web, and copying files.
McAfee Total Protection earned the Best Performance Award for maintaining strong protection while keeping system impact minimal.
For users, that means protection that runs efficiently in the background so your PC stays responsive while you work, stream, or game.
Modern cyberattacks rarely rely on a single tactic. Today’s threats often combine multiple techniques, including ransomware, infostealers, and other advanced attack methods.
To evaluate how well security products handle these complex threats, AV-TEST runs Advanced Threat Protection (ATP) tests, which simulate real-world attacks using the latest techniques.
In the 2025 testing cycle, McAfee Total Protection delivered consistently strong results across these real-world attack scenarios, earning the Best Advanced Protection Award for consumer users.
These results demonstrate how multiple protection layers inside the product work together to detect and stop threats, even if an attack attempts to bypass initial defenses.
Strong security should also be easy to live with.
In AV-TEST’s usability tests, researchers evaluate how accurately a product distinguishes between legitimate files and malicious ones, while monitoring for false alarms.
McAfee Total Protection earned the Best Usability Award for its accurate threat detection and low rate of false positives.
That means fewer unnecessary alerts and interruptions, while still maintaining strong protection against real threats.
According to AV-TEST’s testing team, McAfee stood out across multiple categories in the 2025 evaluation.
“The team of the AV-TEST Institute is delighted to present McAfee with three of the highly coveted trophies. The manufacturer received recognition for its consistently efficient use of system resources, clear distinction between benign and malicious files, and strong results in Advanced Threat Protection testing.”
— Marcel Wabersky, Lead Mobile & Network Testing, AV-TEST
Independent testing plays an important role in helping consumers evaluate cybersecurity tools.
The AV-TEST Institute is an independent IT security research organization based in Germany and operating for more than 20 years. The institute runs one of the world’s largest testing laboratories dedicated to cybersecurity products.
From its headquarters in Magdeburg, Germany, AV-TEST researchers analyze new malware, study emerging attack techniques, and conduct large-scale comparative testing of security software used by both consumers and businesses.
These tests are designed to be standardized, transparent, and repeatable, allowing security products to be evaluated under the same conditions across multiple vendors.
The AV-TEST Best Awards recognize products that deliver consistently strong results across a full year of testing. Because the awards are based on sustained performance rather than a single test cycle, they are widely used as an indicator of long-term security reliability.
For McAfee users, these awards reinforce the goal behind McAfee Total Protection: delivering powerful protection that stays fast, accurate, and easy to use.
| FAQ |
| Q: What are the AV-TEST Best Awards?
A: The AV-TEST Best Awards are annual honors given by the independent cybersecurity testing institute AV-TEST. The awards recognize security products that deliver consistently strong results across a full year of testing in areas such as protection, performance, and usability. |
| Q: What awards did McAfee win in the AV-TEST Awards 2025?
A: McAfee Total Protection received three AV-TEST Best Awards for 2025: Best Performance, Best Advanced Protection, and Best Usability. McAfee was also the only consumer security product to receive both the Best Performance and Best Advanced Protection awards in the 2025 evaluation. |
| Q: What does the AV-TEST Best Performance award mean?
A: The AV-TEST Best Performance award recognizes security software that provides strong protection while using minimal system resources. AV-TEST measures how security products affect everyday activities such as launching programs, installing applications, browsing the web, and copying files. |
| Q: What is Advanced Threat Protection (ATP) testing?
A: Advanced Threat Protection (ATP) testing simulates real-world cyberattacks using techniques such as ransomware and infostealer malware. AV-TEST runs these scenarios to evaluate how well security products detect and stop attacks at multiple stages of an infection attempt. |
| Q: What does the AV-TEST Best Usability award measure?
A: The AV-TEST Best Usability award evaluates how accurately security software distinguishes between safe files and malicious threats. Products that score well demonstrate strong detection capabilities while minimizing false alarms and unnecessary alerts. |
| Q: Why do independent cybersecurity tests matter?
A: Independent cybersecurity testing organizations like AV-TEST evaluate security products using standardized and transparent testing methods. These tests help consumers compare protection tools based on measurable results rather than marketing claims. |
The post McAfee Wins 3 Major AV-TEST Awards for 2025 Security Performance appeared first on McAfee Blog.
This week in scams, the Pokémon Trainer pursuit to “catch ’em all” is being hijacked by criminals posting fake trading card listings online; duping buyers, including young collectors, out of hundreds of dollars.
Meanwhile, threatening email extortion scams claiming your personal data has been stolen are flooding inboxes around the world. And a viral “wedding photo” of Tom Holland and Zendaya shows how AI-generated images can blur the line between real and fake online.
Here’s what to know.
The booming market for collectible Pokémon cards has become a new target for scammers.
According to reporting from The Straits Times, Singapore police recently arrested a 25-year-old man suspected of running a series of e-commerce scams involving Pokémon trading cards. Victims reportedly lost more than $135,000 after paying for limited-edition cards that never arrived.
Authorities say the suspect allegedly advertised pre-orders for rare cards on the online marketplace Carousell. After receiving payment through bank transfers or digital payment apps, the seller either became unreachable or claimed there were delivery problems.
Police say at least 35 reports tied to the suspect have been filed since October 2025, and more broadly there have been over 600 reported Pokémon card e-commerce scams totaling more than $1.1 million in losses during that same period.
Collectibles create the perfect storm for online scams. Limited releases, hype, and rising resale values make buyers feel pressure to act quickly before items “sell out.” Scammers take advantage of that urgency.
If you’re buying trading cards or other collectibles online:
When demand spikes for a product, whether it’s sneakers, concert tickets, or Pokémon cards, scams usually follow.
Another scam spreading widely right now arrives in a much more intimidating format: a threatening email claiming hackers have stolen your personal data.
According to reporting from Fox News, many people are receiving messages that claim the sender has access to their passwords, files, or financial information. The message then demands payment in Bitcoin to prevent the data from being sold on the dark web.
At first glance, these emails can feel frightening. They often use dramatic language like:
But in most cases, there’s one major problem with the claim.
There’s no proof.
Security experts note that these messages usually include no screenshots, no passwords, and no evidence of a real breach. Instead, scammers send the same message to thousands of email addresses at once, hoping a small percentage of recipients will panic and pay.
Often, the scammers obtained your email address from old data breach lists circulating online, which makes the message feel more believable.
If you receive a threatening extortion email:
Reporting the message helps email providers improve spam filters and prevent similar scams from reaching others.
The biggest tactic here is fear. Once you slow down and evaluate the message, the scam usually falls apart.
A viral image circulating on social media this week claimed to show Tom Holland and Zendaya’s wedding, sparking massive speculation online.
But many viewers quickly suspected the image wasn’t real.
According to reporting on Yahoo Entertainment, the photo appeared to originate from a fan account on X (formerly Twitter) that claimed the image had been “confirmed” by major outlets like Vogue and Cosmopolitan. However, no such confirmation existed, and soon the official label was added marking the content as AI-generated.
Celebrity rumors already spread quickly online. Add generative AI to the mix, and fabricated images can travel even faster.
While a fake celebrity wedding photo may seem harmless, the same technology can easily be used in more serious ways.
AI-generated visuals are already being used to create:
The line between real and synthetic content is getting harder to spot.
If a viral image seems surprising or dramatic:
When something looks shocking online, that’s often exactly why it spreads. McAfee’s built-in Scam Detector can help you spot AI-generated audio and video.
A few simple habits can help reduce your risk across all three of these scenarios:
Scams today don’t always look like scams. They often look like exciting deals, urgent warnings, or AI depictions of people you trust.
The best defense is slowing down before clicking, paying, or sharing.
From collectible card fraud to email extortion campaigns and AI-generated viral content, the tactics scammers use may change, but the strategy is the same: manipulate emotion and urgency.
Stay skeptical, verify before you trust, and we’ll be back next week with another breakdown of the scams making headlines, and what they mean for your security.
The post This Week in Scams: Pokémon Card Cons, Email Extortion, and a Viral AI Wedding Photo appeared first on McAfee Blog.
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.
Based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical equipment maker that reported $25 billion in global sales last year. In a lengthy statement posted to Telegram, a hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker’s offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.
A manifesto posted by the Iran-backed hacktivist group Handala, claiming a mass data-wiping attack against medical technology maker Stryker.
“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala statement reads.
The group said the wiper attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times reports today that an ongoing military investigation has determined the United States is responsible for the deadly Tomahawk missile strike.
Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.
Stryker’s website says the company has 56,000 employees in 61 countries. A phone call placed Wednesday morning to the media line at Stryker’s Michigan headquarters sent this author to a voicemail message that stated, “We are currently experiencing a building emergency. Please try your call again later.”
A report Wednesday morning from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work. The story quoted an unnamed employee saying anything connected to the network is down, and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”
“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner reported. “The login pages coming up on these devices have been defaced with the Handala logo.”
Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.
Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently.
Palo Alto says Handala’s hack-and-leak activity is primarily focused on Israel, with occasional targeting outside that scope when it serves a specific agenda. The security firm said Handala also has taken credit for recent attacks against fuel systems in Jordan and an Israeli energy exploration company.
“Recent observed activities are opportunistic and ‘quick and dirty,’ with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by ‘proof’ posts to amplify credibility and intimidate targets,” Palo Alto researchers wrote.
The Handala manifesto posted to Telegram referred to Stryker as a “Zionist-rooted corporation,” which may be a reference to the company’s 2019 acquisition of the Israeli company OrthoSpace.
Stryker is a major supplier of medical devices, and the ongoing attack is already affecting healthcare providers. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker.
“This is a real-world supply chain attack,” the expert said, who asked to remain anonymous because they were not authorized to speak to the press. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies.”
John Riggi, national advisor for the American Hospital Association (AHA), said the AHA is not aware of any supply-chain disruptions as of yet.
“We are aware of reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations,” Riggi said in an email. “As of this time, we are not aware of any direct impacts or disruptions to U.S. hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and if the duration of the attack extends.”
According to a March 11 memo from the state of Maryland’s Institute for Emergency Medical Services Systems, Stryker indicated that some of their computer systems have been impacted by a “global network disruption.” The memo indicates that in response to the attack, a number of hospitals have opted to disconnect from Stryker’s various online services, including LifeNet, which allows paramedics to transmit EKGs to emergency physicians so that heart attack patients can expedite their treatment when they arrive at the hospital.
“As a precaution, some hospitals have temporarily suspended their connection to Stryker systems, including LIFENET, while others have maintained the connection,” wrote Timothy Chizmar, the state’s EMS medical director. “The Maryland Medical Protocols for EMS requires ECG transmission for patients with acute coronary syndrome (or STEMI). However, if you are unable to transmit a 12 Lead ECG to a receiving hospital, you should initiate radio consultation and describe the findings on the ECG.”
This is a developing story. Updates will be noted with a timestamp.
Update, 2:54 p.m. ET: Added comment from Riggi and perspectives on this attack’s potential to turn into a supply-chain problem for the healthcare system.
Update, Mar. 12, 7:59 a.m. ET: Added information about the outage affecting Stryker’s online services.
Tax season is a headache for many people, and when a shortcut promises to make filing easier, it’s hard to resist. This year, one of the newest trends is using AI chatbots like ChatGPT to help prepare tax returns.
According to new McAfee research, 30% of people say they plan to use an AI tool, such as ChatGPT, to help with their taxes, with younger adults leading the trend.
At first glance, it makes sense. AI tools can explain confusing tax rules, summarize IRS forms, and answer questions instantly.
But there’s an important line that should never be crossed: Do not enter your personal tax information into AI chatbots.
That includes Social Security numbers, income records, home addresses, bank details, or anything else tied to your identity.
Here’s why:
Think about it this way: when you type something into an AI chatbot, you’re sending that information over the internet to a system that processes and stores data.
In practical terms, entering sensitive information into an AI tool is similar to typing it directly into a search engine or submitting it to an online form.
Once it leaves your device, you lose direct control over where it travels and how it may be stored.
Even companies with strong security protections are transparent about this risk.
OpenAI’s privacy documentation explains that they use encryption and strict access controls to protect user data. However, they also note that no internet transmission or digital storage system can be guaranteed completely secure.
This is true across the internet, not just for AI tools.
Security incidents can happen anywhere online, including companies with robust security programs.
For example, in late 2025, OpenAI disclosed a security incident involving a third-party analytics provider called Mixpanel. The breach occurred within the vendor’s systems, not OpenAI’s infrastructure, but some limited user profile data associated with the platform was exposed.
According to OpenAI’s disclosure, the data involved information such as:
Importantly, chat content, passwords, payment information, and government IDs were not exposed in that incident.
But the event highlights a broader cybersecurity reality:
Even when a company takes strong security precautions, third-party services, vendors, and other parts of the digital ecosystem can still introduce risk.
That’s why cybersecurity experts recommend limiting what personal information you share online whenever possible.
Tax information is one of the most valuable targets for cybercriminals.
If scammers obtain the details commonly found in tax filings, they may be able to:
Tax returns typically include multiple pieces of highly sensitive data, including:
Instead of relying on AI chatbots for filing, stick with trusted tax preparation options designed to securely handle sensitive data:
These systems are specifically built with compliance, encryption, and identity verification in mind.
AI tools can be incredibly useful for learning and research. But they are not secure tax filing platforms.
If you wouldn’t feel comfortable posting your Social Security number publicly online, you shouldn’t paste it into a chatbot either. When it comes to taxes, the safest rule is simple: Use AI for advice, not for your personal data.
The post Using an AI like ChatGPT to File Your Taxes? Stop and Read This First appeared first on McAfee Blog.
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month’s Patch Tuesday.
Image: Shutterstock, @nwz.
Two of the bugs Microsoft patched today were publicly disclosed previously. CVE-2026-21262 is a weakness that allows an attacker to elevate their privileges on SQL Server 2016 and later editions.
“This isn’t just any elevation of privilege vulnerability, either; the advisory notes that an authorized attacker can elevate privileges to sysadmin over a network,” Rapid7’s Adam Barnett said. “The CVSS v3 base score of 8.8 is just below the threshold for critical severity, since low-level privileges are required. It would be a courageous defender who shrugged and deferred the patches for this one.”
The other publicly disclosed flaw is CVE-2026-26127, a vulnerability in applications running on .NET. Barnett said the immediate impact of exploitation is likely limited to denial of service by triggering a crash, with the potential for other types of attacks during a service reboot.
It would hardly be a proper Patch Tuesday without at least one critical Microsoft Office exploit, and this month doesn’t disappoint. CVE-2026-26113 and CVE-2026-26110 are both remote code execution flaws that can be triggered just by viewing a booby-trapped message in the Preview Pane.
Satnam Narang at Tenable notes that just over half (55%) of all Patch Tuesday CVEs this month are privilege escalation bugs, and of those, a half dozen were rated “exploitation more likely” — across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server and Winlogon. These include:
–CVE-2026-24291: Incorrect permission assignments within the Windows Accessibility Infrastructure to reach SYSTEM (CVSS 7.8)
–CVE-2026-24294: Improper authentication in the core SMB component (CVSS 7.8)
–CVE-2026-24289: High-severity memory corruption and race condition flaw (CVSS 7.8)
–CVE-2026-25187: Winlogon process weakness discovered by Google Project Zero (CVSS 7.8).
Ben McCarthy, lead cyber security engineer at Immersive, called attention to CVE-2026-21536, a critical remote code execution bug in a component called the Microsoft Devices Pricing Program. Microsoft has already resolved the issue on their end, and fixing it requires no action on the part of Windows users. But McCarthy says it’s notable as one of the first vulnerabilities identified by an AI agent and officially recognized with a CVE attributed to the Windows operating system. It was discovered by XBOW, a fully autonomous AI penetration testing agent.
XBOW has consistently ranked at or near the top of the Hacker One bug bounty leaderboard for the past year. McCarthy said CVE-2026-21536 demonstrates how AI agents can identify critical 9.8-rated vulnerabilities without access to source code.
“Although Microsoft has already patched and mitigated the vulnerability, it highlights a shift toward AI-driven discovery of complex vulnerabilities at increasing speed,” McCarthy said. “This development suggests AI-assisted vulnerability research will play a growing role in the security landscape.”
Microsoft earlier provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above. In addition, Microsoft issued a crucial out-of-band (emergency) update on March 2 for Windows Server 2022 to address a certificate renewal issue with passwordless authentication technology Windows Hello for Business.
Separately, Adobe shipped updates to fix 80 vulnerabilities — some of them critical in severity — in a variety of products, including Acrobat and Adobe Commerce. Mozilla Firefox v. 148.0.2 resolves three high severity CVEs.
For a complete breakdown of all the patches Microsoft released today, check out the SANS Internet Storm Center’s Patch Tuesday post. Windows enterprise admins who wish to stay abreast of any news about problematic updates, AskWoody.com is always worth a visit. Please feel free to drop a comment below if you experience any issues apply this month’s patches.
Login