How to update Chrome on every Operating System (Windows, Mac, Linux, Chrome OS, Android, iOS)

We often write about important updates for the most popular browser, Google Chrome. Since it would be out of scope to post elaborate update instructions for every possible platform and operating system (OS)—like iOS, macOS, Windows, Android, etc.—we decided to turn this topic into a separate post that is easy to find (and link to). Also, keep in mind that not every update will be available for every platform or at the same time. You can find when the latest update for your operating system was released on this Google Chrome releases website.

Keeping your Google Chrome browser up to date is essential for security, performance, and access to the latest features. Whether you’re on Windows, Mac, Linux, Android, or iOS, updating Chrome is straightforward, if you know where to look.

But first a few words about the version numbers, because they can be confusing at times.

The Chrome version number consists of four parts separated by dots, like this:

**MAJOR.MINOR.BUILD.PATCH**

Each part has a specific meaning. In order of relevance they are:

*   **MAJOR**: This number increases with significant releases that may include major new features or changes. It usually raises in increments about 7 – 8 times per year, roughly every 6 weeks, reflecting Chrome’s release cycle.
*   **MINOR**: This number is typically zero and rarely changes. It mainly supports the versioning scheme but doesn’t usually affect how users track updates.
*   **BUILD**: This number increases steadily and represents a specific snapshot of Chrome’s source code at a given time. It advances with each new build candidate and is the key indicator of how recent the core code is.
*   **PATCH**: This number changes in increments for smaller fixes and security patches applied to a particular build. It resets with each new build and helps identify minor updates within the same build.

For example, a version like **137.0.7151.56** means:

*   Major version 137 (the milestone release)
*   Minor version 0 (standard)
*   Build number 7151 (the code snapshot)
*   Patch number 56 (the latest fix on that build)

**Why does the version number matter?**

The **BUILD** and **PATCH** numbers together uniquely identify the exact code you are running. Even if two versions share the same major number, a higher build or patch number means you have a newer, more up-to-date Chrome version.

Sometimes you might see slightly different patch numbers on the same major build, for example, **118.0.5993.117** vs. **118.0.5993.118**. This usually happens because Google released a quick fix or minor patch shortly after the initial release. Both are part of the same major update, but the higher patch number is newer.

**How to check if you have the latest version**

To verify your Chrome version:

1.  Open Chrome.
2.  Click the three-dot menu (⋮) in the top-right corner.
3.  Go to **Help** > **About Google Chrome**.

Chrome will display your current version and automatically check for updates. If a newer version is available, it will download and prompt you to relaunch once it’s ready updating.

Chrome is updating

**Update Chrome on Windows**

Method 1: Use Chrome’s built-in update feature

1.  Open Chrome.
2.  Click the three-dot menu icon (⋮) in the top-right corner.
3.  Hover over **Help**, then click **About Google Chrome**.
4.  Chrome will automatically check for updates and download them if available.
5.  Once downloaded, click **Relaunch** to complete the update.

To enable automatic updates for Google Chrome on Windows, ensure that the “**Automatically update Chrome for all users**” option is enabled in Chrome’s settings. You can find this setting by going to “**About Google Chrome**” within the Chrome settings. Closing and restarting Chrome may be required to apply the update. 

Method 2: using Windows Update (for Chrome Enterprise)

If your organization manages Chrome updates via Windows Update or group policies, updates may be automatic. Contact your IT admin if you don’t see updates.

Method 1: For each device

1.  Open Chrome.
2.  Click the three-dot menu icon (⋮) at the top-right.
3.  Select **Help** > **About Google Chrome**.
4.  Chrome will check for updates and install them automatically.
5.  Click **Relaunch** to finish updating.

You can also set up automatic browser updates for all users of your computer if Google Chrome is installed in your Applications folder. Go to “**About Google Chrome**,” and click **Automatically update Chrome for all users**.

Method 2: For Chrome Enterprise

As a Mac administrator, you can use Google Software Update to manage Chrome browser and Chrome apps updates on your users’ Mac computers.

**Update Chrome on Linux**

Chrome updates on Linux depend on your distribution and how you installed it.

For Debian/Ubuntu-based systems:

1.  Open a terminal.
2.  Run:

sudo apt update

sudo apt --only-upgrade install google-chrome-stable

3.  Restart Chrome to apply updates.

For Fedora/openSUSE:

1.  Open a terminal.
2.  Run:

sudo dnf upgrade google-chrome-stable

3.  Restart Chrome.

If you installed Chrome via a package manager, it should handle updates automatically when you update your system.

**Update Chrome on Android**

Chrome updates on Android are handled through the Google Play Store:

1.  Open the **Google Play Store** app.
2.  Tap your profile icon (top right).
3.  Select **Manage apps & device**.
4.  Under **Updates available**, look for **Chrome**.
5.  Tap **Update** next to Chrome if available.

Alternatively, if you have auto-updates enabled, Chrome updates automatically. To enable auto-updates for Android apps, open the Google Play Store, tap your profile picture, go to “Manage apps and device,” and then tap “Manage.” Select the app you want to update automatically, tap the “More” button, and toggle on “Enable auto-update.”

**Update Chrome on iOS (iPhone and iPad)**

Chrome updates on iOS come through the Apple App Store:

1.  Open the **App Store**.
2.  Tap your profile icon at the top right.
3.  Scroll down to **Available Updates**.
4.  Find **Google Chrome** and tap **Update**.

If auto-updates are enabled on your device, Chrome updates automatically.

Chrome in App Store’s recently updated section

**Updating Chrome on Chrome OS**

Chrome OS updates include Chrome browser updates:

1.  Click the time in the bottom-right corner.
2.  Click the **Settings** gear icon.
3.  In the left menu, select **About Chrome OS**.
4.  Click **Check for updates**.
5.  If an update is available, it will download and install automatically.
6.  Restart your Chromebook to complete the update.

Summary table of update methods

**Platform**

**Update Method**

**Notes**

Windows

Chrome Menu > Help > About Chrome

Manual or automatic update

macOS

Chrome Menu > Help > About Chrome

Manual or automatic update

Linux

Package manager commands

Varies by distro

Android

Google Play Store

Manual or automatic update

iOS

Apple App Store

Manual or automatic update

Chrome OS

Settings > About Chrome OS

System update

If you still have questions about updating the Chrome browser, let us know in the comments and allow us to update this article.

 How to update Chrome on every operating system 

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals including political figures, media pros and executives from AI companies.

iVerify, a leading mobile EDR security platform, has revealed the discovery of a previously unknown zero-click vulnerability in Apple’s iMessage service. Dubbed NICKNAME, this flaw can compromise an iPhone without any user interaction, and it appears to be part of a sophisticated mobile spyware campaign, potentially backed by China, targeting important individuals in the US and Europe.

According to iVerify’s report, shared with Hackread.com, they observed unusual activity on iPhones of prominent entities in the US and the European Union in late 2024 and early 2025. This included rare crashes that made up only 0.0001% of crash logs from a sample of 50,000 iPhones, typical of advanced zero-click iMessage attacks.

Through forensic analysis, the NICKNAME vulnerability was detected on devices belonging to high-value individuals of interest to the Chinese Communist Party (CCP). These targets include political figures, media professionals, and executives from artificial intelligence companies. Notably, some affected individuals had previously been targeted by Salt Typhoon, a known cyber operation

The exploit leverages a weakness in the imagent process on iPhones, believed to be triggered by a rapid series of nickname updates sent through iMessage. This action results in a use-after-free memory corruption, creating an opening for attackers to gain control.

iVerify’s highly in-depth technical investigation has identified six devices believed to be targeted, with four showing clear NICKNAME signatures and two indicating successful exploitation. These victims consistently had connections to activities of interest to the CCP, such as prior targeting by Salt Typhoon, business dealings contrary to CCP interests, or activism against the regime.

While Apple released a patch for this vulnerability in iOS 18.3.1, iVerify cautions that NICKNAME may be just one component of a larger, active exploit chain. The company stresses the critical need for organizations, including government bodies, to adapt their mobile security models to counter these advanced modern threats.

The CCP’s direct attribution is not definitively proven, but circumstantial is compelling. Furthermore, as per iVerify, evidence from independent iOS security experts, including Patrick Wardle from the Objective-By-The-Sea foundation, supports mobile compromise as a real threat in the US.

This discovery is important as it could be the first systematic detection of iMessage zero-click exploitation in the United States. Such attacks are particularly dangerous because they bypass even highly secure messaging applications like Signal.

Once a device is compromised, all private conversations and data, regardless of the application used, become accessible to attackers. This is particularly important given events like SignalGate, which show that no communication channel is truly private if compromised.

NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

Major porn sites have blocked access in France in response to age verification demands.

VPNs (Virtual Private Networks) are suddenly popular in France. Not because France has suddenly become super privacy conscious, but because Pornhub, RedTube, and YouPorn, have blocked access in France.

But why? Last year, France enacted a law mandating that pornographic sites implement stricter age-verification technology.

Since March 1, 1994, French law has prohibited exposing minors to pornographic content. To strengthen this, a 2020 law empowered the French Regulatory Authority for Audiovisual and Digital Communication (ARCOM) to issue warnings to non-compliant online services and seek judicial orders to block access if necessary.

In 2024, the French law on securing and regulating the digital environment (SREN) further enhanced ARCOM’s authority, allowing it to administratively block platforms that fail to prevent minors from accessing pornographic content.

On October 9, 2024, ARCOM adopted a technical framework, approved by the French Data Protection Agency (CNIL), outlining minimum requirements for age verification systems.

The requirements consisted of three major pillars:

*   Reliability
*   Third party implementation
*   Mandatory on each access

Services had until January 9, 2025, to comply with a transitional period until April 9, 2025, during which credit card-based verification was temporarily accepted under specific conditions.

In response to these regulations, the major adult websites like Pornhub, YouPorn, and RedTube have now suspended access in France, citing concerns over user privacy and data security associated with the mandated age verification methods.

This is a major decision for Pornhub because France is its second biggest market behind the US. Alex Kekesi, VP of president of brand and community of Aylo Holdings (Pornhub’s owner) said that:

> “French citizens deserve a government and a regulator who are serious about preventing children from accessing adult content. They also deserve laws which protect their privacy and safeguard their sensitive data.”

In the United States, 19 states have passed laws requiring pornographic sites to confirm a user’s age by checking a government-issued ID, scanning their face, or other methods. The laws have led some of the largest adult sites, including Pornhub, to block users from those states, rather than paying millions for ID-checking services.

Naturally, everywhere where people want to View Porn Normally, the use of VPNs has increased because VPNs can be used to circumvent access restrictions imposed by such regulations. While specific figures for France are not publicly available, similar scenarios in other regions provide insight into user behavior:

*   Florida: Following Pornhub’s decision to block access in response to new age verification laws, VPN demand in Florida surged by an astonishing 1,150% within the first few hours.
*   Texas: After the implementation of comparable laws, VPN usage increased by approximately 234.8%.

**Malwarebytes Privacy VPN**

Malwarebytes Privacy VPN can help adults to decide for themselves what they want to see or not. By choosing a location where no age verification block is in place, you will be able to access your coveted websites while also enjoying:

*   **No-log policy**: Your activity is neither tracked nor stored.
*   **WireGuard** **protocol**: Ensures fast and secure connections, good for streaming.
*   **Server coverage**: Plenty of servers near you to cover countries that are not blocked.
*   **Strong encryption:** To keep your web activity safe from prying eyes.

 Pornhub, RedTube, and YouPorn block access in France, VPN use set to soar 

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

The Andersons are Christmas traditionalists. Dan says it’s more his wife Paige than him, but secretly he also loves all the fuss.

So, there they were on the sofa in their pajamas in front of the twinkling Christmas tree before the sun had risen over a chilly morning in Buffalo, New York. Thirty-two-year-old Dan was proud and smug as he handed over his gift to Paige—a “fancy new Kindle Voyage.” She loved it. Then it was his turn, and he excitedly ripped into the wrapping paper watched over by his confused dogs—one of which was tellingly named after Dan’s favorite computer-game character (Vivi from _Final Fantasy_). As the present revealed itself, the avid gamer saw the instantly recognizable and much-loved logo—it was a brand-new PlayStation 4. Straight away he unpacked it, rigged it up to the TV, and switched it on. The plan was to get it fired up and download _LittleBigPlanet 3_ to play for a few hours before meeting up with family.

Paige had been looking forward to it since she bought the new console. However, it wasn’t to be. “We didn’t even make it as far as starting to download the game, because it wouldn’t let me log in to PlayStation Network,” Dan said. “Nothing was online at all, so we couldn’t even try and download games.” Disappointedly they headed out for the day’s events and couldn’t try again until that evening, when they discovered that the network was still down. A $400 gift they couldn’t play. Dan had to work the next day too, so he couldn’t even try it then. He was gutted.

Five hundred and fifty miles north, in Toronto, 16-year-old Mustafa Aijaz was pumped. Christmas Day—particularly the evening—was the best game time of the year. It’s always been a bit of a holiday within the holiday for serious players. The tradition revolves around a phenomenon called “Christmas Noobs.” At Christmas, so many new players receive new games and consoles that online games are flooded with a tidal wave of gamers who often fumble their way through the top games and act like cannon fodder for the waiting legions of seasoned veterans. Mustafa and his mates were skilled at _Call of Duty: Advanced Warfare_. “We were all ready for a night of easy wins, quick XP \[experience points\] farming, and were looking forward to leveling up like crazy.” So, they waited like crocodiles anticipating herds of migrating buffalo to enter the river. But just as the bullets started flying they were all unceremoniously chucked out of their matches and knocked offline. “None of us could log back in, and party chat was down too, so we couldn’t even talk to each other to figure out what was happening,” Mustafa said.

It was all over social media: A group of hackers called Lizard Squad were bragging about their massive DDoS attack on Xbox Live and PlayStation Network—the crucial services that linked tens of millions of gamers to the Microsoft and Sony servers. Mustafa had seen that the group had already carried out smaller-scale attacks and had for weeks been taunting and threatening a big attack. Apparently it was all linked to some silly and incomprehensible spat with a rival but minor hacking group. Mustafa was angry but also fascinated by the attack and the incredible reaction online. “The fallout was instantaneous. People were furious,” he said.

PlayStation Network at the time had about 110 million subscribers, and Xbox Live had roughly 48 million. Xbox was back to normal within 24 hours—on Boxing Day. But PlayStation struggled for longer. It didn’t just affect existing subscribers. Before you can use any new games, consoles, or vouchers, you need to register them via the gaming company’s servers. It was a catastrophe for the games industry, especially Sony, which had already been having a tough time after a different cyberattack the previous month.

Services were down around the world. Error messages in dozens of languages were being posted as screenshots on YouTube and Twitter. There was nothing anyone could do until the engineers at Sony and Microsoft figured it out or Lizard Squad stopped the attack.

Late in the evening on Boxing Day, BBC Radio 5 Live aired an interview with two members of the group. They showed zero remorse for the impact they’d had on people around the world. Twelve hours later I walked into the newsroom and was given the seemingly impossible task of “getting a Lizard” on the evening TV bulletin at Sky News.

It took hours of trawling Twitter and speaking to dozens of wannabes and fakes, but I eventually succeeded in finding contact details for a British man called Vinnie Omari. Incredibly, he lived a few miles from our newsroom in west London. He agreed to come to us for the interview and was pale, skinny, wore all black and talked fast. He was at pains to distance himself from the gang but left the studios promising that a Lizard Squad hacker called “Ryan” would be in touch. I had no idea at the time of course that this “Ryan” was Julius Kivimäki—an already infamous teenage hacker and delinquent from Finland. It was later that afternoon—at around 3 pm —that “Ryan” called through on Skype. Just in time for us to edit our conversation with him into our news piece.

The 17-year-old looked very young and pale and had a shaved head and soft features. In spite of everything, he was polite and seemed in no rush. But he was also utterly unremorseful and arrogant, struggling to stifle a smirk throughout the interview. When I started by asking him why he wanted to ruin Christmas for tens of millions of people, he gave me the same boilerplate answer about the boys doing it to amuse themselves and embarrass these tech mega corps. “These companies make tens of millions every month from just their subscriber fees, and they should have more than enough funding to be able to protect against these attacks.” We went back and forth for about 15 minutes without him giving any hint of regret or awareness for how many people had been affected by his stunt.

“I’d be worried if those people didn’t have anything better to do than play games on their consoles at Christmas Eve and Christmas Day,” he said. “I mean, I can’t really say I feel bad. I might have forced a couple of kids to spend their time with their families instead of playing games.”

The interview blew up online, with more than a million views on YouTube and thousands of comments on Twitter, where many four-letter words were hurled at the Lizards. PlayStation and Xbox also received a torrent of abuse. Later they would offer a five-day extension to players’ subscription periods and 10 percent off as compensation. The resulting bill for the company must easily have been in the millions.

Kivimäki went on to speak to other reporters, sometimes calling himself Ryan Cleary (a reference to another hacker he had vague and likely acrimonious link to from a previous teen hacker gang called LulzSec). In one interview and debate on YouTube channel DramaAlert he is implored by Kim Dotcom to stop the silly hacker rivalries that were impacting so many innocent people. “Hackers used to be respected; they used to have a magic about them,” Kim said, accusing Lizard Squad of harming the image of hackers around the world with their actions. Kivimäki’s response is fascinating: He laughed it off as old-fashioned thinking. “It’s wrong to connect groups like Lizard Squad with, for example, L0pht from a couple of decades back,” he said. “There’s really no connection with the hacking groups of today and the hacking groups of two decades ago. The meaning is totally different now.”

Although many security experts angrily railed against the media’s portrayal of Lizard Squad as “sophisticated,” people grudgingly came to accept that the Christmas attack did have a big impact on cybersecurity and the gaming industry. There’s little doubt that this was not the group’s motive—despite their clumsy attempts to claim so in interviews. But it was a wake-up call. Security website SecurityAffairs wrote a “lessons learned” piece by dissecting my interview with Kivimäki. Many people considered Lizard Squad script kiddies, they wrote, adding, “This approach is totally wrong.”

The size of the attack unleashed on that day would be shrugged off by most modern sites, but DDoS attacks are still commonplace and are getting more powerful. Expensive protection services are now a must-have for any organization that needs to stay online.

The attacks also started something of a cybercrime trend. In 2024 Europol unveiled an international law enforcement operation to take DDoS services down in December: “The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims,” the organization said in a statement.

At the time of Lizard Squad’s attacks, the general public was stunned. Despite Lizard Squad being on the tail end of a wave of teenage hacking groups in the 2010s, there was little awareness of the power that could be wielded by these otherwise amateur attackers. There might have been a vague feeling in the zeitgeist that “hackers in hoodies in their bedrooms” were increasingly causing problems, but this attack was immediate, unmissable, and easy to understand. It was of course also easy to get angry about. Over the next couple of days I came back to the story with follow-ups about the fallout as other Lizard Squad members spoke to YouTubers about the so-called “drama.” But the big thing the newsroom kept asking me was, When would these kids be arrested?

Vinnie Omari was the first. On New Year’s Eve he was raided by the South East Regional Organized Crime Unit, which collared him on suspicion of cyber fraud offenses committed in 2013 and 2014. It looked like the raid was for other alleged offenses involving PayPal fraud, but the search warrant, which later surfaced online, also referenced the Christmas DDoS attacks. “They took everything: Xbox One, phones, laptops, computer USBs, etc.,” Omari told reporter William Turton from the Daily Dot. He was later cleared of any involvement.

After Omari’s arrest, other Lizards were taken out too. On January 16, 2015, police announced that they had arrested an 18-year-old in Southport, near Liverpool. They didn’t give a name, but reporters at the Daily Mail identified him: “The ‘quiet’ teenager, named locally as Jordan Lee-Bevan, was arrested during a raid at his semi-detached home in Southport, Merseyside, today, with officers seizing computers as he was taken away in a police car.”

In 2016 teenager Zachary Buchta from Maryland was also arrested for his role in Lizard Squad and another group called PoodleCorp. As a boy he had been warned in 2014 about his criminal path by police who had caught him carrying out minor cybercrime activity. But he was undeterred and even changed his Twitter profile at one stage to @fbiarelosers to taunt the cops.

At the same time that Buchta was arrested, Dutch police raided and arrested another 19-year-old. Bradley van Rooy, who used the names “Uchiha” or “UchihaLS,” was accused of conspiring with other members of Lizard Squad to operate websites that provided cyberattack-for-hire services, facilitating thousands of DDoS attacks and trafficking stolen payment card account information for thousands of victims.

Bradley was put on bail for two years and eventually given a two-year suspended sentence and 180 hours of community service. The vast majority of charges against him were dropped as they had taken place when he was a minor. He ended up being convicted of the DDoS-for-hire operation and handling stolen credit cards. I tracked him down, and he openly talked about that period of his life, which he had put behind him a long time ago. “I’m now 27, and I see the damage that I did and understand that there could have been a higher punishment,” he says. “But then I also see that I was just a kid, and I had a troubled time at school and just fell into the hacking life after meeting the wrong people when I was playing the game _RuneScape_.”

Bradley’s journey and words track so perfectly to the experiences of almost every hacker I have met or interviewed. It’s as though there is a universal constant, whereby a subset of gamers in every generation is pulled into cybercrime in exactly the same way. There are literally billions of gamers in the world, so these people represent only a tiny fraction. But it seems to be inevitable and cyclical as hacker groups rise and fall.

The differentiating and more important aspect, though, is how these boys and young men react when they cross the line and are caught.

So what of Julius Kivimäki, aka “Ryan,” aka “Ryan Cleary” and many other aliases including the by now infamous “Zeekill”?

Surely, after appearing on TV and radio admitting that he was part of the gang, he too would be rearrested sharpish? Officers did indeed visit Kivimäki to interview him, but they did not arrest him—contrary to reports in the international media. It’s not clear why they took no further action, but perhaps when the teenager confidently said that police would find nothing on his computer he was right. “They’d have to let me go,” he had cockily asserted in our interview. If so, maybe his run-in with police years earlier had taught him to cover his tracks more effectively. Or maybe he hadn’t taken as much of a leading role in the DDoS attacks as he had claimed.

For Finnish cybercrime cop Antti Kurittu, seeing Kivimäki on TV was especially galling. Antti had raided and arrested Kivimaki two years earlier for other cyberattacks carried out with a different teenage cyber gang called HTP. “I remember watching your Sky News interview and just thinking ‘wow, this guy is not even trying to cover up his crimes. He’s just a different sort of person,’” Antti recalls.

It wasn’t until July 2015 that Kivimäki received his first criminal conviction. He was found guilty of the rather preposterous total of 50,700 instances of aggravated computer break-ins—one for every computer enslaved into HTPs botnet. He was also convicted of other offenses including data breach, money laundering, and being in possession of, and using, stolen credit cards. For all of these offenses, he was handed a two-year suspended sentence. If he had been an adult he could have got years behind bars, but as a minor and first-time offender he served no time in prison. So Kivimäki, just a few weeks from his 18th birthday, remained free. He began calling himself the “Untouchable Hacker God” on Twitter.

A year after Kivimäki’s sentencing, in a bizarre coincidence, Antti bumped into Kivimäki in Amsterdam. It was April 2016 and Antti was walking through the departures lounge of Schiphol Airport when he passed the by-then 18-year-old. Antti did a double take, gobsmacked to see him. It was so surreal that they both found it amusing and took a selfie. After a short chat, Antti asked Kivimäki if he was now “staying out of trouble.” Kivimäki replied, “Of course.” But when Antti asked him for a contact email address, he made one up with “@FBI.gov” at the end. They laughed and went their separate ways.

But, as Antti predicted, the Untouchable Hacker God would be back. Four years later he was. And this time he was linked to the cruelest cyberattack in history and had a new alias: ransom\_man.

_Excerpt adapted from_ Ctrl+Alt+Chaos: How Teenage Hackers Hijack the Internet _by Joe Tidy. Published by arrangement with Elliott & Thompson. Copyright © 2025 by Joe Tidy._

What Really Happened in the Aftermath of the Lizard Squad Hacks

A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.

Immigration and Customs Enforcement has quietly rescinded guidance that advised ICE agents conducting courthouse raids to take steps to avoid violating state and local laws while carrying out civil immigration arrests. The subtle policy change could lead to an escalation in enforcement tactics and legal disputes.

Revised policy guidance recently posted to ICE’s website and reviewed by WIRED reveals efforts by the agency to enhance the discretion and autonomy of the federal agents making arrests in and around courthouses—one of the more aggressive initiatives employed by the Trump administration as part of its all-out push to round up migrants across the United States and its territories. The policy revision has not been previously reported.

In recent weeks, ICE agents have made high-profile arrests of immigrants attending routine court hearings, as part of the administration’s effort to conduct what Trump calls the largest deportation campaign in American history.

The change in guidance comes amid sweeping ICE raids across the US, some sparking protests and heated confrontations with citizens, threatening an erosion of local autonomy and democratic governance over law enforcement operations within communities, while further blurring the line between civil and criminal enforcement.

Interim guidance, issued in January by ICE’s former acting director, Caleb Vitello, ordered agents to ensure that courthouse arrests were “not precluded by laws imposed by the jurisdiction in which enforcement actions will take place.” Todd Lyons, the current acting director, issued a superseding memo dated May 27 that removes the language about respecting local laws and statutes that limit ICE agents from performing “enforcement actions” in or near courthouses.

“The old policy required ICE to consult with a legal adviser to determine whether making an arrest at or near a courthouse might violate a nonfederal law. The new policy eliminates that requirement,” says Anthony Enriquez, vice president at RFK Human Rights, a human rights advocacy nonprofit. “Now, these frequently complex legal questions fall to the judgment of a line officer untrained in local laws.”

“It is certainly yet another effort to unleash and expand ICE's enforcement operations without regard to state law,” says Emma Winger, deputy legal director at the American Immigration Council.

Federal policy guidance is not legally binding, but it carries the power of law in practice, mandating procedures that ICE agents must follow in carrying out enforcement operations.

In response to a request for comment, ICE spokesperson Mike Alvarez referred WIRED to the May 27 memorandum. ICE declined to clarify whether it would continue to consider local courthouse policies and security protocols during enforcement actions.

Vitello, responsible for issuing the original guidance, was appointed ICE acting director by President Donald Trump soon after inauguration. Vitello was removed in late February and reportedly transferred to oversee the agency’s deportation operations. Lyons assumed the acting directorship in March.

The Biden administration previously limited ICE enforcement actions in and around courthouses in 2021, saying the arrests—which reportedly spiked during Trump’s first term—“had a chilling effect on individuals’ willingness to come to court or work cooperatively with law enforcement.”

ICE policies continue to advise agents to “generally avoid” actions around courts focused on civil matters—the vast majority of immigration cases are civil in nature—without the authorization of a high-ranking supervisor. However, under Biden, such actions could only be taken at courts (of any kind) to resolve a national security matter or to prevent threats to public safety or the destruction of evidence material to a criminal case. The Biden-era policy was a response, in turn, to 2018 guidance issued under Trump, which had directed ICE to arrest migrants at local courthouses.

Last month, at a meeting shortly before Lyons once again altered the policy, Trump deputy chief of staff for policy Stephen Miller and Department of Homeland Security director Kristi Noem reportedly told ICE to deport 3,000 people per day, according to Axios, a drastic increase over the first Trump administration’s deportation rates.

Earlier this week, Lyons defended his agents' use of masks to hide their identities following a confrontation with citizens outside the Buona Forchetta restaurant in San Diego, California. Videos of the event captured by bystanders showed agents deploying flash-bang-type devices in an attempt to disperse the crowd. Passersby protesting the raid outside the South Park neighborhood restaurant can be overheard calling the masked agents “Nazis” and “fascists.”

Winger explains that ICE has long made arrests inside state courthouses without regard for state law. Agents often use court dockets, for instance, to locate migrants scheduled to appear in court, facilitating targeted arrests.

Last month, ICE agents arrested at least a dozen immigrants as they arrived at New York City courthouses for scheduled hearings—including a Bronx high school student. Under New York State law, federal immigration authorities are barred from making civil arrests in and around state courthouses without a judicial warrant. The law does not, however, restrict ICE from making arrests in federal courthouses, where immigration and asylum hearings are typically held. The City of New York on Monday sued Lyons and ICE, as well as DHS and Noem, over the Bronx student’s arrest in an effort to effect his release.

Winger expects the May 27 policy shift will impact states such as Colorado that have similar protections.

Last week, DHS published a list of so-called sanctuary jurisdictions that includes dozens of cities and counties that DHS said were not compliant with federal law. The effort was seemingly part of an initiative to push back against municipalities it believes are obstructing its immigration goals. On Sunday, after protests from local governments, DHS scrubbed the list from its website.

“This policy memorandum change is another attack from the Trump administration against state and local laws that enact across-the-board limits on civil arrests in sensitive locations like schools, churches, hospitals, and courthouses,” adds Enriquez. “In the future, we should expect to see legal challenges to the federal government's encroachment on state sovereignty. And in the meantime, we should also expect less justice in our local and state courts.”

ICE Quietly Scales Back Rules for Courthouse Raids

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere—or when disaster strikes.

Hypothetical: You wake up tomorrow morning to find a superstorm that developed overnight thanks to climate change has sparked a chain of events that abruptly ushers in a new ice age and alters human society as we know it. (Yes, this is the plot of _The Day After Tomorrow_. Stick with us.) All the communication networks you relied on are down. Your phone is basically worthless. The internet has functionally ceased to exist. But you need to connect with people you trust to get help and survive. What do you do? More importantly, how did you prepare?

Less Hollywood-esque versions of having no cell service or Wi-Fi happen all the time, of course; maybe you’re hiking in a secluded area, white-knuckling through a major natural disaster, or living under a repressive regime that cuts internet access to quash public protests. Fortunately, for all these scenarios, there’s a low-budget solution: Meshtastic.

Meshtastic is a program that enables devices to send text messages over long distances without needing Wi-Fi or cell service. Long range radio (LoRa) nodes help pass messages along, forming a network of devices that can talk to each other even in remote areas. Messages hop from device to device, with each node relaying messages it hasn't seen before—extending the network’s reach across miles using minimal power. That is to say, Meshtastic is designed specifically for sending text messages over free-to-use radio frequencies to both groups and individuals, even when cell service and internet connections are nowhere to be found.

“The cool thing about Meshtastic is that it’s like a radio infrastructure without the infrastructure. It’s ad hoc,” says Eric Kristoff, a volunteer member of the Chicago chapter of the Mars Society, a nonprofit that advocates for the human exploration and colonization of Mars.

Kristoff says the group has been testing the use of Meshtastic as a way to give Mars Society “analog astronauts” the ability to communicate and keep track of each others’ locations without the use of earthly infrastructure.

“We have a set of Meshtastic T-Echo radios, about the size of a deck of cards, and they are worn on the person of the analog astronaut,” he says.

The radios that use Meshtastic cost roughly $30 (though you can spend two, three, or four times that if you want to). And because they operate over unlicensed radio frequencies on a network created by personal devices, they’re essentially free to use. Each message is end-to-end encrypted, ensuring privacy while it’s relayed through the network. And Meshtastic’s optional location-tracking capabilities give people a way to monitor their communities and keep tabs on their kids—or fellow analog astronauts—without using invasive, data-hungry apps.

Kristoff says that Mars Society members will take weeks-long excursions in remote areas with little cellular or Wi-Fi connectivity, which creates additional risks.

“There is heat stroke. We are two hours from the nearest hospital. If you go too far from the campus, it can get dangerous,” Kristoff says of the experience. “So anytime there’s a risk, the risk is made worse if people don’t know where you are.”

Most Meshtatic devices currently on the market need to pair with a phone over Bluetooth to function as a texting alternative. Some devices are just a radio, antenna, and battery, with the expectation that you’ll make the housing yourself. The radio does all the device-to-device communication, while the iOS and Android apps or the web client let you read and compose messages that are received or sent over the network—no service plan needed.

The apps also allow you to see the approximate location of nearby nodes and a map of the Meshtastic network. But fancier stand-alone devices are already available, like a line of Meshtastic-enabled gadgets from maker-friendly tech firm LilyGo that, in addition to the T-Echo model used by Mars Society members, includes Blackberry-like handhelds with their own keyboards, a smartphone-like device with an e-paper screen, and even a Meshtastic-enabled smartwatch.

Meshtastic was created by technologist Kevin Hester in early 2020 as a way to communicate while doing “any hobby where you don’t have reliable internet access,” and it remains a grassroots endeavor, with established local communities spanning from Argentina to China that are ripe with a DIY ethos. The software itself is open source, meaning anyone can theoretically contribute, and hundreds have. Still, as with many open source projects, a core group of volunteer developers help maintain the Meshtastic firmware, mobile apps, and more.

Jonathan Bennett, a self-described “Linux guy” who upgraded Meshtastic to stronger end-to-end encryption for direct messaging and keeps the software working on Linux, says he first got involved in the project after a listener of one his podcasts wanted a way to communicate with friends while attending a festival where the cell network could get overloaded.

“I put my open source enthusiast hat on and I went looking, and I came across Meshtastic,” he says. “And it immediately tickled my interest.”

Bennett says he ultimately connected with Garth Vander Houwen, a C# developer who wrote Meshtastic’s iOS app, and Ben Meadors, another C# developer who took on maintaining the Android app, web client, firmware, and other parts of the Meshtastic ecosystem after Hester needed to step back due to health issues.

Like Bennett, Vander Houwen and Meadors got involved with Meshtastic while looking for solutions to real-life problems. Vander Houwen, an iPhone user, says he found Meshtastic while on the hunt for a way to communicate as he hiked on remote trails in the Seattle area, just to find that it only had an Android app. He decided to write the iOS app himself. “So the fact that there was not an iOS app for Meshtastic was kind of how I got started,” he says, “and it's been a lot of fun.”

Meadors says he came to Meshtastic after a dangerous tornado hit his home state of Arkansas, causing major damage. “My kind of initial use case was honestly a backup communication for storm-related outages,” Meadors says. After taking part in the cleanup effort around Little Rock, he realized the value of a decentralized, off-grid communication network like Meshtastic. “It's just really handy to have anywhere where you’ve got a limited connection to the grid.”

None of which is to say you should throw your cell phone in the sea and go all-in on Meshtastic. At least not yet. First, getting into the world of LoRa remains a little bit technical, so if the idea of “flashing” your device with new firmware makes you instinctively pick up your phone to scroll TikTok, it might not be the hobby for you. Even if you are tech savvy, the system has some notable limitations.

Using the decentralized mesh network requires having your Meshtastic device in range of at least one other radio; obstructions like buildings, trees, and hills or mountains can prevent the line-of-sight communication needed to join the mesh network. This means it may only be reliable when there’s a variety of other Meshtastic nodes in the area.

Next is what Meadors calls the “narrowness” of the network’s technical capabilities. “One of the most frequent things that we get is, ‘Can I replace the internet with this?’ No, no you cannot,” he says. “You can send text messages.” Mercifully, that does include emoji.

Photograph: Michael Tessier

This may be obvious, but you also need to have a network set up before disaster hits, Meadors says. So, set up anyone who you might need to communicate with during a cell and internet blackout before it actually happens. And, due to relatively frequent firmware updates, you can’t just toss your device in a bug-out bag and forget about it. But “if it's something that you actually use, like if you pull it out and use it once a month, you'll be good to go,” Bennett says.

Then there’s the issue of raw bandwidth. This limitation can cause issues when a lot of people are trying to use the network at the same time. At a ham radio convention in Dayton, Ohio, last year (yes, it’s called Hamvention), the Meshtastic network crashed after someone ran a program that flooded the network with additional traffic, pushing the Meshtastic network to its limits.

“Because literally one person turned on this MQTT bridge, which then joined the rest of us into this mesh in a metal building in Dayton, it crashed the whole mesh immediately,” Vander Houwen says.

After this incident, Vander Houwen, Bennett, and Meadors went to work to prepare for the upcoming Defcon hacker convention in Las Vegas, ultimately releasing a special firmware for the much larger event that Vander Houwen estimates allows “somewhere between 2,000 and 2,500 nodes” to operate on the network simultaneously. A similar firmware released ahead of the 2025 Hamvention in May drew praise from the community.

Despite Meshtastic’s limitations, its promise as a backup communication system—and the sheer fun you can have with it—continues to pull in new enthusiasts. The Android app alone has drawn thousands of reviews, and the Meshtastic subreddit has grown to nearly 50,000 members. Some municipalities are even hoping to launch Meshtastic networks to help protect their communities in the event of natural disasters.

For Bennett, Meadors, and Vander Houwen, they’re excited to not just see the number of Meshtastic nodes increase, but to see the technology develop into something anyone can use without having to become an enthusiast or “analog astronaut” at all.

“I think the biggest thing for me too is that it’s not just accessible from the aspect of the hardware being available to more people. I want to make the software more accessible,” Meadors says. “I want to make the experience such that I can hand this device to anybody and have them download the app and start messaging. We've come a long way. I think there's still some room to grow there.”

_Updated at 10:25 am ET, June 4, 2025: Corrected a misspelling of Ben Meadors' surname._

The Texting Network for the End of the World

Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…

Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user expectations. Continuous Integration and Continuous Deployment (CI/CD) are fundamental in today’s DevOps practices because they allow organizations to streamline their development workflows, reduce deployment risks, and accelerate time-to-market, all while maintaining code quality and system reliability.

CI/CD is a paradigm shift from traditional software development approaches, where integration and deployment were often manual, error-prone, and time-consuming. By automating these critical workflows, organizations can achieve faster feedback loops, improved collaboration between development and operations teams, and more predictable release cycles that support business agility.

However, proper implementation of CI/CD pipelines requires deep expertise in multiple tools and methodologies. For most organizations, it makes sense to partner with software development companies that specialize in DevOps automation services and solutions, especially if they have experience in the required vertical and can accommodate both individual clients and vendors. 

DevOps teams that successfully implement CI/CD practices often report significant improvements in deployment frequency, lead time for changes, mean time to recovery, and overall system reliability. All of these translate to immediate benefits for the development team and its clients. 

****CI/CD Fundamentals Explained** **

Continuous Integration and Continuous Deployment are often discussed together, but those are two distinct, even if complementary, practices that form the backbone of modern software delivery. Continuous Integration focuses on the frequent merging of code changes from multiple developers into a shared repository, with automated builds and tests validating each integration. This practice helps identify integration issues early in the development cycle when they are less expensive and easier to resolve.

Continuous Deployment extends the automation pipeline to include the automatic release of validated code changes to production environments. This practice requires testing frameworks, monitoring systems, and rollback capabilities to ensure that automated deployments maintain system stability and user experience. The combination of CI and CD creates a seamless flow from code commit to production deployment, allowing organizations to deliver consistent value to users. 

****The Evolution from Traditional Development****

Traditional software development often followed a waterfall approach where integration and deployment occurred at the end of long development cycles. This approach created challenges, such as integration conflicts, late discovery of defects, lengthy release cycles, and difficulty responding to changing requirements. The shift to CI/CD addresses these challenges by promoting smaller, more frequent changes that are easier to test, integrate, and deploy.

****Core Components of CI/CD Systems****

Effective CI/CD systems consist of several interconnected components that work together to automate the software delivery pipeline. Version control systems serve as the foundation, providing a single source of truth for code changes. Build automation tools compile source code and create deployable artifacts across different environments.

Testing frameworks integrate throughout the pipeline to validate functionality, performance, and security at multiple stages. Deployment automation tools manage the process of releasing applications while monitoring systems provide visibility into application performance and user experience.

****How to Build Effective CI/CD Pipelines****

Effective CI/CD pipelines should balance automation, quality, and speed. Pipeline architecture typically follows a staged approach where each stage focuses on specific activities such as building, testing, security scanning, or deployment.

****Pipeline Design Principles****

Well-designed CI/CD pipelines adhere to key principles that promote effectiveness and reliability. Pipelines should be fast enough to provide timely feedback while comprehensive enough to catch important issues before they reach production. Pipeline design should emphasize repeatability and consistency across different environments.

****Essential Pipeline Stages****

A comprehensive CI/CD pipeline includes several essential stages that validate different aspects of the software delivery process.

**Stage**

**Purpose**

**Key Activities**

**Quality Gates**

Source control

Code integration

Version management, branch merging

Code review approval

Build

Compilation and packaging

Dependency resolution, artifact creation

Build success, static analysis

Unit testing

Component validation

Automated test execution, coverage analysis

Test pass rate, coverage thresholds

Integration testing

System integration validation

API testing, database integration

Functional test results

Security scanning

Vulnerability assessment

SAST, DAST, dependency scanning

Security compliance checks

Staging deployment

Production-like validation

Environment deployment, smoke testing

Deployment success, basic functionality

Production deployment

Release to users

Blue-green or rolling deployment

Health checks, monitoring alerts

Each stage serves as a quality gate that must be satisfied before the code can progress to the next phase, ensuring that issues are caught and resolved as early as possible.

****Branching Strategies and Workflow Integration****

Effective CI/CD implementation requires alignment with appropriate branching strategies that support both development productivity and pipeline efficiency. The choice of branching strategy directly impacts pipeline design and execution, with different workflows triggering appropriate pipeline stages while maintaining consistency in quality standards.

****Continuous Integration Best Practices****

Successful Continuous Integration is about establishing best practices that promote code quality, team collaboration, and system reliability. The foundation of effective CI lies in the frequent integration of small, incremental changes rather than large, monolithic updates.

****Code Quality and Testing Standards****

Maintaining high code quality standards is essential for successful CI implementation. Automated code quality checks should be integrated into the CI pipeline to enforce coding standards and identify potential defects. Comprehensive testing strategies form the backbone of reliable CI processes, following the testing pyramid concept with its balanced unit tests, integration tests, and end-to-end tests.

****Development Workflow Integration****

CI processes must integrate with existing development workflows to minimize friction and encourage adoption. This integration includes connecting CI pipelines with code review processes, issue-tracking systems, and communication tools used by development teams. 

Developer tools and IDE integration can further streamline CI adoption by providing real-time feedback on code quality and test status before changes are committed to the shared repository. Pre-commit hooks and local testing tools help developers identify issues early, reducing the likelihood of pipeline failures and improving overall team productivity.

****Continuous Deployment Strategies****

Continuous Deployment is the ultimate goal of DevOps automation, where validated code changes are automatically released to production environments without manual intervention. This level of automation requires sophisticated testing, monitoring, and rollback capabilities.

****Deployment Patterns and Techniques****

Modern deployment patterns offer various approaches to releasing software updates while minimizing risk and downtime.

*   **Blue-green deployment**: Complete environment switching with instant rollback capability.
*   **Rolling deployment**: Gradual instance updates with maintained service availability.
*   **Canary deployment**: Limited initial release with gradual expansion based on success metrics.
*   **A/B testing deployment**: Parallel feature versions for user experience optimization.
*   **Feature flag deployment**: Runtime feature control independent of code deployment.

Each strategy offers different trade-offs between deployment speed, resource requirements, rollback capabilities, and implementation complexity.

****Risk Management and Rollback Procedures****

Effective continuous deployment relies on comprehensive risk management strategies that enable quick recovery from deployment issues. Automated monitoring and alerting systems should detect problems quickly and trigger appropriate response procedures. Rollback procedures must be well-defined, tested, and automated to ensure rapid recovery when problems are detected.

****DevOps Culture and CI/CD Integration****

The success of CI/CD implementation depends as much on organizational culture and team dynamics as on technical infrastructure. DevOps culture emphasizes collaboration, shared responsibility, and continuous improvement, creating an environment where CI/CD practices can thrive.

****Breaking Down Silos****

Traditional organizational structures often create silos between development, operations, and quality assurance teams. CI/CD implementation provides an opportunity to break those down with shared processes, tools, and responsibilities that require cross-functional collaboration.

****Skills Development and Training****

Framework adoption often requires new skills across multiple team members and roles. Training programs should address both technical skills and cultural aspects of DevOps transformation through hands-on workshops, mentoring programs, and gradual responsibility transfer.

****Tools and Technologies****

The CI/CD ecosystem includes a vast array of tools and technologies that support different aspects of the automation pipeline. Popular platforms include Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps, and CircleCI, each offering different strengths in terms of flexibility, ease of use, and integration capabilities.

****Platform Selection Criteria****

Choosing the right platform starts with the evaluation of scalability, integration capabilities, and security features. Modern CI/CD implementations rarely rely on a single tool. Instead, they leverage ecosystems of integrated solutions that address specific aspects of the delivery pipeline.

****How to Measure CI/CD Success****

To measure CI/CD success, most companies rely on a combination of technical metrics and business outcomes that demonstrate the value of automation investments. Technical metrics focus on pipeline performance, system reliability, and development velocity. Business metrics emphasize customer impact, time-to-market improvements, and cost optimization. Both types are necessary to provide a complete picture of CI/CD effectiveness and justify continued investment in automation capabilities.

****Key Performance Indicators****

Successful CI/CD measurement programs track metrics across multiple dimensions that reflect different aspects of the software delivery process.

**Metric Category**

**Key Indicators**

**Target Ranges**

**Business Impact**

Deployment frequency

Releases per day/week

Multiple per day to weekly

Faster feature delivery

Lead time

Commit to production time

Hours to days

Reduced time-to-market

Mean time to recovery

Issue detection to resolution

Minutes to hours

Improved system reliability

Change failure Rate

Percentage of failed deployments

0-15%

Higher deployment confidence

Pipeline performance

Build and test execution time

Minutes to hours

Developer productivity

Test coverage

Code coverage percentage

70-90%

Code quality assurance

These metrics provide quantitative insights into CI/CD effectiveness while ensuring benchmarking against industry standards and organizational goals. However, one should also introduce programs for continuous improvement over time. For example, regular retrospectives and pipeline optimization reviews can help teams identify current bottlenecks and future opportunities.

****Security Integration in CI/CD****

Security integration throughout the CI/CD pipeline, often referred to as DevSecOps, ensures that security considerations are addressed early and consistently in the software delivery process. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools can be integrated into different pipeline stages.

****Security Testing Automation****

Automated security testing should be integrated throughout the CI/CD pipeline to identify vulnerabilities and compliance violations before they reach production. Early-stage security checks can identify issues when they are easier and less expensive to resolve.

****Compliance and Governance****

Regulatory compliance requirements often mandate specific security controls and audit trails that must be integrated into CI/CD processes. Automated compliance checking and policy enforcement helps ensure that security requirements are consistently met without slowing delivery processes.

****Scaling CI/CD Across Organizations****

As organizations grow and mature their DevOps practices, scaling CI/CD across multiple teams creates new challenges. Ideally, enterprise-scale CI/CD must balance standardization and flexibility because this allows teams to operate quickly and effectively. 

****Enterprise Architecture Considerations****

Enterprise CI/CD architecture must accommodate diverse application portfolios and team structures while providing consistent developer experiences. Pipeline as Code approaches enable version control, reuse, and standardization of CI/CD configurations across projects and teams.

****Team Coordination and Standards****

Large-scale CI/CD implementation is usually based on coordination mechanisms, allowing teams to work independently while preserving overall system coherence. Shared standards for pipeline design and quality gates ensure consistency and allow teams to optimize for their specific needs.

****Final Word on CI/CD Trends****

Since CI/CD frameworks are so important in the daily DevOps routine, things are moving very fast. Most changes today are driven by advances in cloud technologies, artificial intelligence, and software delivery practices. AI and machine learning also impact CI/CD through intelligent test selection, predictive failure analysis, and automated optimization recommendations. 

So, successful implementation is about commitment to learning, experimentation, and continuous improvement. Still, organizations that establish strong foundations in CI/CD principles are better positioned to adapt to future changes and continue delivering value to their customers. 

Image by tookapic from Pixabay

The Role of Continuous Integration and Continuous Deployment (CI/CD) in DevOps

For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.

How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.

Mobile scams are becoming increasingly sophisticated, leaving people vulnerable to cybercriminals.  

We recently reported on the ever-increasing number of scams that are created by AI-supported tools, with attackers crafting highly convincing phishing emails that target both individuals and businesses, resulting in devastating financial losses, reputational damage, and compromised personal data.  

Elaborate sextortion scams manipulate victims by using shame as a tactic to coerce them into taking action, sometimes draining their life savings.  

And the list goes on. Scammers are always finding new ways to trick their victims into giving them their hard-earned money or sensitive information. 

These tactics include urging individuals to change their address information on a non-existent delivery, promoting job opportunities that just seem too good to be true, or having a long-lost family member reach out on WhatsApp to invite you to share their newfound fortune with you.  

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.  

Scam Guard simplifies scam prevention by providing real-time feedback via an easy-to-use AI-powered chat. Just submit a screenshot, paste suspicious content, or share texts and numbers, and we’ll give you immediate personalized guidance and safety tips. 

Scam Guard is unique in that it’s backed by Malwarebytes extensive threat research knowledge base, making it both effective and efficient.  

Whether users come across a suspicious message on social media, a phishing attempt in their email, or a questionable text message, Scam Guard provides immediate, expert advice to keep them secure. 

**Key features of Scam Guard**

*   **AI-powered chat companion**: An intuitive, mobile-first advisor available 24/7 that provides guidance to users on suspicious content or activities. 

*   **Comprehensive scam detection**: Scam Guard is trained to recognize various scams, including romance, phishing, financial fraud, text, robocall, and shipping fraud, helping you stay ahead of cybercriminals at all times.  

*   **Constantly evolving:** Scam Guard learns from users who submit new or unknown scams, which in turn helps protect the broader community.  

*   **24/7 support**: Scam Guard is available around the clock, ensuring that users receive timely advice and assistance, no matter where they are or what time it is. 

*   **Holistic mobile security**: Embedded within the Malwarebytes Mobile Security app, Scam Guard works alongside our all-in-one advanced protection for iOS and Android. 

Reporting suspicious content has never been easier—simply tap to submit right in the app.  

Scam Guard is available for both free and paid users of Malwarebytes Mobile Security (iOS and Android), without having to install an additional app.  

Try it out for yourself: Download Malwarebytes Mobile Security for iOS or Android.

 Scammers are constantly changing the game, but so are we. Introducing Malwarebytes Scam Guard 

New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.

Tag

#ios