Vitaly Zdorovetskiy has apologized after he wrongfully accused a man of being a child predator on a livestream sting.
On Monday night, the streamer posted a statement online that he and his team “mistakenly portrayed Akash Singhania as a child predator in his live series, Catching Child Predators. This was a mistake that I deeply regret,” Vitaly wrote. “He never intended to meet a minor and has been cleared of all wrongdoing.”
Vitaly also apologized to Singhania and encouraged his followers to stop contacting him.
“To be clear, the work we do to expose predatory behavior is of the utmost importance, but in doing so, we cannot lose sight of the truth,” he wrote. “I have removed the video from all my accounts, and I ask that anyone who has saved it please do the same.”
COMPLEX SHOP: Shop the brands you love, anytime and anywhere. Uncover what’s next. Buy. Collect. Obsess.
“Though I never encourage anyone to attempt to contact any person in my videos, I ask that anyone who is attempting to contact Mr. Singhania cease at once,” Vitaly said. “This was a learning experience for my team and me, and we will ensure that we remain committed to the truth.”
Singhania responded to Vitaly’s apology, saying that the false accusation had severely affected his life.
“My world was turned upside down this weekend,” he wrote on X. “I was wrongfully portrayed as someone attempting to engage in inappropriate conduct. This accusation is completely false.”
“I have experienced harassment, judgment, and damage to my personal and professional relationships based on something that has now been proven false,” he added.
A clip from Catching Child Predators shows Vitaly and his team attempting to trap Singhania after he shows up in person to connect with a girl he met online, whom he thought was over 18. The trick, supposedly, is that the girl is supposed to tell him she’s actually a minor right before they meet, but it seems, in this case, that she never did that.
The video shows Singhania trying to prove that the girl never said she was a minor. It also appears that Vitaly’s Kick channel has been suspended following the incident.
Vitaly via Kick
Michigan Man Dies by Suicide Following 35 to 60-Year Prison Sentence for Murder, Assault
Teens Convicted After Luring Suspected Pedophile to Beach and Killing Him
Kid Rock’s Lyric About Loving ‘Underage’ Girls Under Renewed Scrutiny Ahead of MAGA Super Bowl Show
DDG Follows IShowSpeed to Ethiopia With Viral MemeHouse Stream
Selena Gomez Calls Herself ‘Mrs. Blanco’ in New Intimate Photos
COMPLEX SHOP: Shop the brands you love, anytime and anywhere. Uncover what’s next. Buy. Collect. Obsess.
Making Culture Pop. Find the latest entertainment news and the best in music, pop culture, sneakers, style and original shows.
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.
About the Author
Rezaul Karim, a member of Compliance Week’s Advisory Board, is a seasoned financial crime compliance expert from Bangladesh with over a decade of experience in the field. He held multiple compliance AVP roles at HSBC and is a published author, speaker, and anti-financial crime thought leader shaping the best practices in the field.
But the dark web is more than just horror stories. Today, the technology synonymous with crimes is a tool for journalists, activities, hacktivists, and whistleblower to share secrets while gaining their anonymity.
The publicly indexed part of the web, known as the surface web, consists of approximately 4-5 percent of the internet. These are websites such as newspapers, blogs, Wikipedia, etc., that can be accessed through traditional search engines and don’t require any special efforts or credentials to access.
The deep web contents aren’t indexed by search engines and encapsulates 90-96 percent of the internet. It includes private or password-protected sites which are hidden for security concerns but are accessible with the appropriate credentials. Example include bank account information, insurance records, or subscription-based content.
The dark web is a subset of the deep web that is estimated to make up from 0.01 percent to 5 percent. Content of the dark web are intentionally concealed and designed for anonymous communication. The data in this part of the internet using encrypted networks and non-traditional URLs requiring special software and thus not indexed by search engines.
On March, 20, 2000, a peer-to-peer, decentralized network known as Freenet was released and marked the first recorded instance of the dark web, which was commonly referred to as the darknet. Computer scientist Ian Clarke developed the project, allowing for people to visit the internet anonymously without fears of being tracked by authorities or governments. He described it in his thesis for Edinburgh University called “Distributed, Decentralized Information Storage and Retrieval System,” as a network to allow people to communicate freely without being tracked.
A popular tool for accessing the dark web is TOR (The Onion Router) network, developed by on September 20, 2002, but scientists Roger Dingledine and Nick Mathewson. Through TOR browser, users can navigate the dark web’s contents and reach hidden websites. Funded by the U.S. Naval Research Laboratory as a way to communicate with intelligence sources around the world without getting tracked, the tool anonymizes online activities and protect online privacy. The TOR project released publicly in 2004 and is the most popular publicly available dark web access forward.
Because the dark web isn’t cataloged by search engines and requires special software to access websites hosted on the network, it’s become the perfect environment where criminals can thrive.
One of the cases that brought dark web activities to public attention involved Ross Ulbricht, who in 2013 was arrested by the FBI. In 2010, Ulbricht started developing an online marketplace hosted on the dark web called Silk Road where users could buy and sell drugs, other illegal products and services anonymously, and hosted it on the dark web from 2011 to his arrest. Reuters reported that drug dealers and others made over $200 million dollars in illegal trades on the marketplace using bitcoin.
In his 2013 indictment, Ulbricht, who ran the site using the pseudonym “Dread Pirate Roberts” after a character from The Princess Bride, was found to have committed seven crimes using the dark web, including; conspiracy to launder money, conspiracy to commit computer hacking, conspiracy to traffic narcotics by means of the internet, and continuing a criminal enterprise. He would later be found guilty and sentenced to life in prison with no possibility of parole. His case also marked the first highly publicized case involving the dark web to commit crimes. President Donald Trump pardoned Ulbricht in January, saying his sentence was too harsh.
Today many crimes can be committed using the dark web including illicit trades like drug sales. Moreover, there are money laundering services on the dark web where criminals pay for online services to have their ill-gotten money cleaned.
Most ransomware gangs have a presence in the dark web today, where they announce their attacks. The ransomware as a service business mode has contributed to the recent spike in ransomware attacks.
On the contrary, the dark web is also used for legitimate purposes, with journalists, whistleblowers, and social or human right activists often using it to communicate securely. Specially, in countries with strict censorship laws or suppression of free speech, the dark web serves as platform where people can communicate freely, expose corruption, or share intelligence with each other.
The dark web has made it easier for criminals to get away with financial crimes, including cyberattacks on financial institutions, money laundering, credit card numbers selling, identity theft, extortions, blackmail, ransoms, and ransomware attacks on individuals and companies by cybercriminals looking to make money off these attacks.
In the past few years, cases of financial fraud have also spiked, partly fueled by the dark web, where criminals are able to interact and share techniques and targets of their next victims. According to Cybernews, financial fraud-related listings comprise a significant portion of dark web activities, accounting for over 34 percent of total listings.
Take credit cards and identity theft, for instance. Users of the dark web can easily purchase our credit card numbers, log into legitimate shopping sites like Amazon and make a purchase using your credit card while masquerading as you–all without being detected. Today, there are hundreds of thousands of credit cards for sale on the dark web, and chances are you might be one of the victims whose credit card number is stolen. Unfortunately, you will never know until it’s too late and these criminals have used all your hard-earned money.
The dark web is a precautionary tale of how powerful technology can become a force of evil by bad actors. Chances of falling victim to these criminals are also very high, and as you go through your normal life, you have to consider the possibility that there is someone on the dark web with your credit card number, social security number, your name, address, and they don’t mean good for you. A recent complaint filed in the U.S. District Court for the Southern District of Florida revealed that a cybercriminal group posted “National Public Data” on a dark web forum for sale at a price of $3.5 million. This is considered as one of the largest data breaches in history and a serious concern for all.
Your business’s next cyberattack may also be from the dark web, and the method of ransom payment you will be required to use is on the dark web. Therefore, the dark web issue is a public issue that needs to be taken seriously. Ignorance about such a platform is a huge gamble and may have serious consequence. In 2023, businesses experienced 70 percent more ransomware attacks compared to 2022. Though the ransomware payments slightly dropped in the following years, but we should remain vigilant about such attacks as they might resurge at double intensity in the future. Thus, businesses should develop a response plan, data backups, layered security measures, and educate staff on the cybersecurity best practices.
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.
About the Author
Rezaul Karim, a member of Compliance Week’s Advisory Board, is a seasoned financial crime compliance expert from Bangladesh with over a decade of experience in the field. He held multiple compliance AVP roles at HSBC and is a published author, speaker, and anti-financial crime thought leader shaping the best practices in the field.
But the dark web is more than just horror stories. Today, the technology synonymous with crimes is a tool for journalists, activities, hacktivists, and whistleblower to share secrets while gaining their anonymity.
The publicly indexed part of the web, known as the surface web, consists of approximately 4-5 percent of the internet. These are websites such as newspapers, blogs, Wikipedia, etc., that can be accessed through traditional search engines and don’t require any special efforts or credentials to access.
The deep web contents aren’t indexed by search engines and encapsulates 90-96 percent of the internet. It includes private or password-protected sites which are hidden for security concerns but are accessible with the appropriate credentials. Example include bank account information, insurance records, or subscription-based content.
The dark web is a subset of the deep web that is estimated to make up from 0.01 percent to 5 percent. Content of the dark web are intentionally concealed and designed for anonymous communication. The data in this part of the internet using encrypted networks and non-traditional URLs requiring special software and thus not indexed by search engines.
On March, 20, 2000, a peer-to-peer, decentralized network known as Freenet was released and marked the first recorded instance of the dark web, which was commonly referred to as the darknet. Computer scientist Ian Clarke developed the project, allowing for people to visit the internet anonymously without fears of being tracked by authorities or governments. He described it in his thesis for Edinburgh University called “Distributed, Decentralized Information Storage and Retrieval System,” as a network to allow people to communicate freely without being tracked.
A popular tool for accessing the dark web is TOR (The Onion Router) network, developed by on September 20, 2002, but scientists Roger Dingledine and Nick Mathewson. Through TOR browser, users can navigate the dark web’s contents and reach hidden websites. Funded by the U.S. Naval Research Laboratory as a way to communicate with intelligence sources around the world without getting tracked, the tool anonymizes online activities and protect online privacy. The TOR project released publicly in 2004 and is the most popular publicly available dark web access forward.
Because the dark web isn’t cataloged by search engines and requires special software to access websites hosted on the network, it’s become the perfect environment where criminals can thrive.
One of the cases that brought dark web activities to public attention involved Ross Ulbricht, who in 2013 was arrested by the FBI. In 2010, Ulbricht started developing an online marketplace hosted on the dark web called Silk Road where users could buy and sell drugs, other illegal products and services anonymously, and hosted it on the dark web from 2011 to his arrest. Reuters reported that drug dealers and others made over $200 million dollars in illegal trades on the marketplace using bitcoin.
In his 2013 indictment, Ulbricht, who ran the site using the pseudonym “Dread Pirate Roberts” after a character from The Princess Bride, was found to have committed seven crimes using the dark web, including; conspiracy to launder money, conspiracy to commit computer hacking, conspiracy to traffic narcotics by means of the internet, and continuing a criminal enterprise. He would later be found guilty and sentenced to life in prison with no possibility of parole. His case also marked the first highly publicized case involving the dark web to commit crimes. President Donald Trump pardoned Ulbricht in January, saying his sentence was too harsh.
Today many crimes can be committed using the dark web including illicit trades like drug sales. Moreover, there are money laundering services on the dark web where criminals pay for online services to have their ill-gotten money cleaned.
Most ransomware gangs have a presence in the dark web today, where they announce their attacks. The ransomware as a service business mode has contributed to the recent spike in ransomware attacks.
On the contrary, the dark web is also used for legitimate purposes, with journalists, whistleblowers, and social or human right activists often using it to communicate securely. Specially, in countries with strict censorship laws or suppression of free speech, the dark web serves as platform where people can communicate freely, expose corruption, or share intelligence with each other.
The dark web has made it easier for criminals to get away with financial crimes, including cyberattacks on financial institutions, money laundering, credit card numbers selling, identity theft, extortions, blackmail, ransoms, and ransomware attacks on individuals and companies by cybercriminals looking to make money off these attacks.
In the past few years, cases of financial fraud have also spiked, partly fueled by the dark web, where criminals are able to interact and share techniques and targets of their next victims. According to Cybernews, financial fraud-related listings comprise a significant portion of dark web activities, accounting for over 34 percent of total listings.
Take credit cards and identity theft, for instance. Users of the dark web can easily purchase our credit card numbers, log into legitimate shopping sites like Amazon and make a purchase using your credit card while masquerading as you–all without being detected. Today, there are hundreds of thousands of credit cards for sale on the dark web, and chances are you might be one of the victims whose credit card number is stolen. Unfortunately, you will never know until it’s too late and these criminals have used all your hard-earned money.
The dark web is a precautionary tale of how powerful technology can become a force of evil by bad actors. Chances of falling victim to these criminals are also very high, and as you go through your normal life, you have to consider the possibility that there is someone on the dark web with your credit card number, social security number, your name, address, and they don’t mean good for you. A recent complaint filed in the U.S. District Court for the Southern District of Florida revealed that a cybercriminal group posted “National Public Data” on a dark web forum for sale at a price of $3.5 million. This is considered as one of the largest data breaches in history and a serious concern for all.
Your business’s next cyberattack may also be from the dark web, and the method of ransom payment you will be required to use is on the dark web. Therefore, the dark web issue is a public issue that needs to be taken seriously. Ignorance about such a platform is a huge gamble and may have serious consequence. In 2023, businesses experienced 70 percent more ransomware attacks compared to 2022. Though the ransomware payments slightly dropped in the following years, but we should remain vigilant about such attacks as they might resurge at double intensity in the future. Thus, businesses should develop a response plan, data backups, layered security measures, and educate staff on the cybersecurity best practices.
Click Here For The Original Source.
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.
Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks.
The company is known for developing Next.js, a widely used React framework, and for offering services such as serverless functions, edge computing, and CI/CD pipelines that enable developers to build, preview, and deploy applications.
In a security bulletin published today, the company said a limited subset of customers was affected by a security breach.
“We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems,” warns Vercel.
“We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses.”
The company says its services have not been impacted and that it is working with impacted customers.
Vercel says it is taking steps to protect its customers, advising them to review environment variables, use its sensitive environment variable feature, and to rotate secrets if needed.
The disclosure comes after a threat actor claiming to be “ShinyHunters” posted on a hacking forum that they had breached Vercel and were selling access to company data.
It should be noted that while the hacker claims to be part of the ShinyHunters group, threat actors linked to recent attacks attributed to the ShinyHunters extortion gang have denied to BleepingComputer that they are involved in this incident.
In the forum post, the hacker claimed to be selling access keys, source code, and database data allegedly stolen from Vercel, along with access to internal deployments and API keys.
“This is just from Linear as proof, but the access I’m about to give you includes multiple employee accounts with access to several internal deployments, API keys (including some NPM tokens and some GitHub tokens),” reads the forum post.
The attacker also shared a text file containing Vercel employee information, which consists of 580 data records containing names, Vercel email addresses, account status, and activity timestamps. They also shared a screenshot of what appears to be an internal Vercel Enterprise dashboard.
BleepingComputer has not been able to independently confirm if the data or screenshot is authentic.
In messages shared on Telegram, the threat actor also claimed they were in contact with Vercel regarding the incident and that they discussed an alleged ransom demand of $2 million.
BleepingComputer contacted Vercel with additional questions about the breach, including whether any sensitive data or credentials were exposed and if they are negotiating with the attackers, and will update this story if we receive a response.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Click Here For The Original Source.
Just a few months ago, teenagers in Australia became the first in the world to face a sweeping ban on social media use—an ambitious move that sparked frustration among young users and echoed debates now emerging in Greece. Yet, barely four months on, the policy appears to be losing momentum, as minors have already found ways to maintain an active presence on their favorite platforms.
The restriction, which prohibits social media use for those under 16, was introduced as one of the strictest child-protection measures globally. However, recent data suggests that more than six in ten minors continue to access social networks despite the ban. Specifically, 53% of underage users remain active on TikTok, another 53% on YouTube, and 52% on Instagram.
Source: Reuters
In the early stages of enforcement, authorities oversaw the mass deletion of accounts, with millions removed. Meta alone reported blocking 550,000 accounts, while acknowledging ongoing challenges in reliably verifying users’ ages. Despite this initial “clean-up,” the effect proved short-lived. Users quickly returned, creating new profiles and resuming their activity with minimal disruption.
A key factor behind this resilience is the ease with which restrictions can be bypassed. Many minors simply provide false ages during registration, use tools such as VPNs to appear as users from other countries, or open new accounts as soon as previous ones are deleted. These methods are widely known and remarkably easy to use—even for younger users.
In some cases, the circumvention goes further, involving the tacit or even active participation of parents. Some allow their children to use their own accounts or provide personal identification details during registration, effectively undermining the ban’s enforcement.
Although there were some signs of migration toward alternative platforms, these shifts were limited. Most users chose to remain on familiar networks, albeit through unofficial means. This underscores the powerful social dimension of these platforms—one that appears difficult to regulate through administrative measures alone.
At the same time, questions are mounting over the responsibility of technology companies. Despite stricter age-verification requirements, enforcement remains weak, with many accounts slipping through or quickly reappearing—underscoring the limits of digital oversight.
Some experts warn the ban may even backfire, pushing minors toward less regulated platforms or more hidden forms of use, where monitoring is harder. For many young users, online behavior has not changed—it has simply moved beyond formal controls.
The case of Australia highlights a broader challenge: in a fast-evolving digital landscape, outright bans are difficult to enforce. This raises a key question for policymakers, including in Greece, where similar measures are under discussion—can such restrictions truly work, or is a different approach needed?
Many argue that strengthening digital literacy, holding platforms more accountable, and encouraging greater family involvement may prove more effective than blanket bans. For now, Australia’s experience sends a clear message: teenagers have not left social media—they have simply learned to navigate around the rules.
Industrial cybersecurity did not change overnight. There was no single incident that forced a reset, no moment where the industry collectively shifted direction. What has happened instead is slower and more consequential. Over several years, the nature of the problem has evolved, and the way organizations make decisions is beginning to change with it.
This is the eighth edition of the guide. The industry it describes is in transition.
The Industrial Cybersecurity Buyers’ Guide 2026 reflects that shift. It is based on sustained research and direct engagement with operators across manufacturing, energy, transportation, pharmaceuticals, and other critical sectors. The objective has remained consistent. It is not to describe the market as it presents itself, but to reflect how decisions are actually made inside operational environments.
Cybersecurity in these environments is moving away from the edge of operations. It is becoming a core input into how organizations think about production continuity, safety, and enterprise risk. That shift is not complete, but it is now visible.
Each edition of the guide begins with the same exercise. Strip away the noise and identify what still matters. The answer in 2026 is not a reinvention of the category structure. Most of the core areas remain intact, and that continuity is deliberate.
Asset visibility, network monitoring, endpoint security, segmentation, secure remote access, and backup and restore capabilities are still foundational.
They have not been solved, and they are not being replaced. What is changing is how they are evaluated. Organizations are moving beyond asking whether these capabilities exist. They are beginning to assess whether they support operational outcomes under real conditions.
The most visible addition this year is the formal inclusion of AI, LLM, and agentic security in OT environments. This reflects current deployments, not future speculation. AI systems are already interacting with operational data, influencing engineering workflows, and in some cases contributing to decisions that have real-world consequences. These systems introduce a different class of risk. They are not simply another component to secure. They have the potential to shape outcomes in ways that are not yet fully understood, let alone governed.
Alongside this, the guide places greater emphasis on areas that have often been underrepresented. Cyber-physical integrity at the process layer. Engineering workstations as control points. Detection validation rather than passive monitoring. Governance structures that define who has authority when incidents intersect with production and safety.
These are not new ideas. What is changing is the degree to which they are being treated as essential rather than optional.
Threat activity has shifted from disruption to persistence. The dominant model is no longer intrusion followed by immediate disruption. It is intrusion followed by long-term access. Adversaries are maintaining footholds, mapping dependencies, and positioning for future impact.
The absence of disruption was never a reliable signal of resilience. It was an assumption, not evidence.
Security programs built around alerts and response are not sufficient when activity remains below traditional thresholds. Organizations need to understand behavior over time, not just events.
This is why the guide emphasizes detection validation, adversary simulation, and recovery as an operational capability. Controls must be tested under realistic conditions.
AI adds another dimension to this challenge. Adoption in OT environments is already meaningful, embedded in maintenance, diagnostics, and operational workflows, and growing quickly. The trajectory is clear, but so is the risk. Organizations are integrating AI into their industrial environments faster than they are building the governance, data foundations, and resilience needed to govern it. That gap is itself a source of exposure.
While adoption is already meaningful and targeted in OT environments, AI is also increasingly integrated into operational processes, including within maintenance, diagnostics, and operational workflows. While the trajectory is clear, so is the risk. Organizations are integrating AI into their industrial environments faster than they are building the governance, data foundations, and resilience needed to control it.
The distinction remains useful for architecture, but it does not reflect how incidents unfold. Credentials move across domains. Engineering systems introduce risk into production environments. Remote access pathways span both sides.
What is emerging is a need for shared decision-making. Security, engineering, and operations can no longer operate independently. The challenge is defining authority and accountability when decisions must be made under pressure.
The language of cybersecurity is changing at the executive level. Organizations are moving away from abstract metrics and toward operational measures such as downtime exposure, recovery timelines, financial impact, and safety implications.
This shift is accelerating. It is changing how investments are justified and how programs are evaluated. Boards are asking more specific questions, and answers based on compliance are no longer sufficient.
Much of the industrial cybersecurity market is designed for organizations that do not exist. Traditional frameworks assume dedicated teams, multi-year transformation programs, and centralized governance. These assumptions do not hold for a large portion of industrial operators.
Takepoint Research starts from a different position. What can be done in real environments, under real constraints.
The focus is on practical implementation. Incremental improvements that deliver measurable impact. Decisions that can be explained, justified, and adapted.
The objective is not to prescribe a single approach. It is to enable defensible decisions grounded in operational reality.
Organizations are consolidating capabilities where possible. Managing large portfolios of specialized tools is not feasible in many environments. Vendors are expanding offerings to provide broader coverage under a single operational model.
Services are becoming central. Managed detection and response for OT, incident response, and governance advisory services are becoming core components of security programs.
Recovery is being treated as an operational capability. The ability to restore operations quickly has direct impact on financial exposure and safety.
AI risk is already present. Capabilities are being deployed faster than governance structures can adapt. The gap between deployment and accountability is itself a source of risk.
Many industrial organizations cannot support dedicated security teams or multi-year transformation programs. Traditional analyst frameworks often assume conditions that do not reflect operational reality.
The Industrial Cybersecurity Buyers’ Guide provides a structured way to evaluate what matters. It creates a common language for security teams, engineering, and executive leadership.
The goal is not completeness. It is clarity.
Industrial cybersecurity is moving toward full integration into operational decision-making and enterprise risk management. Not as a separate function, but as an embedded capability.
Regulatory expectations will continue to rise. Insurance scrutiny will increase. Board-level questions will become more specific and harder to answer with abstract metrics.
The 2026 Industrial Cybersecurity Buyers’ Guide reflects a market in transition. It is a practical reference for those responsible for securing and operating industrial environments.
Read it as a lens, not a checklist.
This year’s Buyers’ Guide is written for those on the front lines of protecting critical infrastructure and manufacturing operations, and the systems they depend on. It is relevant for organizations at different stages of maturity, with different constraints, but facing the same operational stakes and the same need to act.
There’s a setting you can activate on your iPhone that will make it virtually impossible to hack. By flipping a switch, your iPhone will become so secure that Apple says no phone using Lockdown Mode has ever been hacked.
Sure sounds great. Surprise — here’s why you don’t want to use it.
The web seems like a dangerous place, where a single visit to a compromised website can expose hidden vulnerabilities in the browser and open the door wide to hackers.
And the threat seems even worse after all the recent headlines about DarkSword, a highly advanced cyberattack that targets smartphones, including iPhones, in ways that are largely invisible to the user. Unlike typical scams that rely on tricking someone into clicking a bad link, DarkSword exploits hidden flaws in software that can be exploited by visiting a compromised web site.
With all that scary news, you might be thrilled to learn (or be reminded of) Lockdown Mode. It offers a powerful layer of protection against highly sophisticated cyber threats. It turns the iPhone into a far more hardened target, effectively shutting down many of the hidden pathways used by advanced spyware and zero-click exploits.
And it’s not backed up with vague promises. Apple flat out says it works.
“We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” an Apple spokesperson recently told TechCrunch.
Sounds brilliant. You don’t want to use it. Here’s why.
While Apple’s iPhone Lockdown Mode delivers exceptional security, it does so by significantly limiting or outright disabling features you use every day.
In Messages, most attachment types are blocked. Only basic images are allowed. This eliminates a common hack in which malicious files or previews run hidden code.
In Apple’s Safari, Lockdown Mode takes a particularly aggressive approach by disabling many of the advanced web technologies that modern sites rely on. This includes restrictions on just-in-time (JIT) JavaScript compilation, which improves performance but can also open the door to sophisticated code execution attacks. Some web APIs and dynamic features are also limited, especially when you go to sites you haven’t been to before.
Plus there are additional limitations. Incoming FaceTime calls from unknown contacts are always blocked, for example. Wired connections to computers are restricted unless the phone is unlocked. And this isn’t a complete list of everything.
In short, Lockdown Mode hobbles texting and severely restricts web access. I can’t imagine using my iPhone that way on a regular basis — you probably agree. And there’s good news! We don’t need to. Here’s why.
I’m not being cruel by talking up the advantages of Lockdown Mode before pointing out what a huge hassle it is. Because it would be a vast overkill for your security needs.
For the vast majority of iPhone users, the odds of being “hacked” in the cinematic sense — through sophisticated, invisible attacks — are extremely low. Apple’s tightly controlled ecosystem, regular security updates and hardware-level protections make widespread, untargeted intrusions rare.
To put it another way, hacking someone’s iPhone is a lot of work. And for most of us, it’s simply not worth the hacker’s time. Sending a phishing scam email to a few million email addresses is much easier.
Security experts generally agree that all you really need to do to protect your device is keep it updated to the most recent iOS version, use strong passwords and enable features like two-factor authentication. So do that, and don’t worry about Lockdown Mode.
Some iPhone users face much higher risks of surveillance. Journalists, political figures, government officials, corporate executives handling sensitive information and activists might be hacked — not by criminals but by well-funded organizations, hostile nations or even their own governments.
It’s these people that led to the development of Lockdown Mode, one of the most aggressive consumer security features ever deployed. It’s not for average users.
But if you feel you absolutely must use it, or are just curious, enabling Lockdown Mode on your iPhone is easy. Open the Settings app, then scroll down and tap Privacy & Security. From there, scroll to the bottom and select Lockdown Mode. Tap Turn On Lockdown Mode, then confirm your choice by tapping Turn On & Restart.
Ed Hardy has been writing full-time about tech for 25 years, and using it for much longer than that. His intro to Apple was a Macintosh SE/30 (which he still has), but now he uses a 13-inch iPad Pro as his primary computer.
That’s because he’s a “tablet first” type of guy. Rather than use a Macbook, he connects a keyboard case to the iPad. And instead of a desktop Mac, he connects his tablet to a 27-inch display and full-size keyboard. (So don’t try to tell him that everyone has to use a Mac to be productive.)
Before coming to Cult of Mac, Ed wrote for NotebookReview, TabletPCReview and Brighthand, as well as other sites.
Click Here For The Original Source.
Copyright 2005 – 2025 National Cyber Security
