The IT Nerd

At the start of January, the US Federal Bureau of Investigation (FBI) issued a warning against cyber attacks organised by North Korean cybercriminals who used fake QR codes to trick users into obtaining personal information. According to cybersecurity experts, similar attacks, also known as “quishing”, are on the rise not only in the US but in other countries, as cybercriminals look for new ways to profit.

Quishg (QR code phishing) is a phishing technique where cybercriminals try to trick users into scanning QR codes that lead to malicious websites. Organisations in several countries have issued warnings that bad actors place these QR codes on top of legitimate ones in public places such as kiosks, restaurants, or parking meters.

For example, last year, UK government institutions have warned users of fake QR stickers on parking machines, with victims being sent to spoofed payment pages. Meanwhile, the US Federal Trade Commission issued a similar warning about unexpected packages containing QR codes that led to phishing websites.

Such fake QR codes can also be shared online. For example, the FBI said that a North Korean state-sponsored cybercriminal group, called Kimusky, targeted employees of organizations by embedding malicious QR codes in an email. In one such instance, a QR code was presented as a way to download additional information.

According to cybersecurity experts at Planet VPN, a free virtual private network (VPN) provider, no matter where a fake QR code is placed, the scheme is similar. After scanning it, a user is often forwarded to a fake phishing website mimicking a legitimate one, such as a restaurant’s website, where cybercriminals may try to charge a user’s credit card.

According to Konstantin Levinzon, co-founder of Planet VPN, such scams can lead not only to financial losses but also to compromised devices.

“Quishing is phishing–just in a different wrapper. A QR code can lower people’s guard because this technology became ubiquitous only during the pandemic, and the threat still isn’t as widely recognized. It also shifts the “risky click” from a visible link to a quick scan, making the danger easier to miss. Attackers are refining these tactics every year and constantly finding new ways to trick users,” he says.

According to Levinzon, one reason why cybercriminals may favour QR codes in emails instead of regular phishing emails is that QR codes often bypass anti-phishing and scam filters, because these often analyze only text and links, but don’t analyze images.

And even if anti-spam filters in emails are equipped with QR code detection, cybercriminals often find new ways to bypass them, for example, by making QR codes in different colors.

Cybersecurity researchers at Proofpoint estimate that during the first half of last year, there were 4,2 million QR code-related threats. However, Levinzon says that the number is likely higher because many QR code scams are undetected.

When it comes to protecting against the growing threat, users are advised to be more deliberate about when and why they scan a QR code. If after scanning a QR code, a person is forwarded to a website that asks for payment or log-in details, this is a real warning sign.

Meanwhile, if a QR code is sent from an unknown sender via email, Levinzon advises contacting the sender directly before entering login credentials or downloading files.

“We recommend applying the same logic everywhere: stay skeptical whether you receive a message from a coworker or on your personal social media account. However, vigilance is only part of the story. To maximize security, users also need basic safeguards – use a VPN on public Wi-Fi, install updates promptly, use strong passwords, and enable multi-factor authentication on all accounts,” he says.

A recent alarming event, where a VPN proxy extension that was supposed to protect users spied on them instead and sold data to brokerage firms, was a reminder to be careful about whom users trust with their data in 2026. However, according to cybersecurity experts, free cybersecurity tools are a better solution than no tools at all, as long as users remain vigilant.

In December, it was discovered that a VPN proxy browser extension – a tool designed to let users hide their IP address and browse the internet anonymously – secretly collected data from at least six million consumers.

Every query entered by users through the extension into ChatGPT, Gemini, Claude, Copilot, and other chatbots was transmitted to advertising and data brokerage companies.

This case was just one of many examples of free cybersecurity tools caught silently profiting from users’ private data. According to experts at Planet VPN, a company that provides a free virtual private network, “free” doesn’t necessarily mean malicious: there are already numerous free and legitimate tools used by cybersecurity specialists.

These include Wireshark, a network traffic analyzer trusted by millions of IT professionals and cybersecurity experts; Nmap, a tool used for network security and auditing; and password managers, including one provided by Apple.

​According to Konstantin Levinzon, co-founder of Planet VPN, both paid and unpaid cybersecurity services carry risks. Users should identify them and weigh in on whether the service is trustworthy based on legitimate data and independent reviews.

“Considering the fact that a number of free cybersecurity service providers have tried to profit from their users, consumers are right to be suspicious and should treat free cybersecurity tools with caution,” he says. “However, we believe that as cyberincidents increase every year, basic cybersecurity has to remain free, and there are far more important factors to consider than just the free vs paid debate.”

What does the tool’s update history say?

According to Levinzon, a trustworthy cybersecurity tool regularly releases updates that patch vulnerabilities, improve features, and enhance security protocols.

​If a user notices a lack of updates or a history of irregular updates, this could indicate negligence or intentional failure to address security flaws that might put users’ data at risk, Levinzon says.

Reputable websites often display information about their updates on official websites or documentation; this information can also be found on App Store, Google Play, or repositories like GitHub.

Evaluate reputation and transparency

Trustworthy free cybersecurity vendors often have a clear track record across various platforms. According to Levinzon, third-party reviews, industry certifications, and user feedback, such as cybersecurity forums, reviews, and ratings on Google Play, can provide reliable information about the product.

Transparency in how a company handles data storage, encryption, and vulnerability reports is a sign of a trustworthy provider. According to Levinzon, this is especially true in the VPN industry, where many companies do not disclose such information.

“A reliable VPN provider, be it free or paid, should not share, store, or collect data like browsing history, IP addresses, and ensure that your online activity remains private. Users should also make sure that their provider is based outside of the 5/9/14 Eyes alliances, which include countries like the US, UK, Australia, and Canada, as these agreements permit surveillance and data sharing among member states,” he says.

Check for loopholes in the privacy policy

According to Levinzon, many users skim over the privacy policy, even though these documents often reveal how a service truly operates. Vague or contradictory language about data usage, retention, and third-party sharing is also a red flag.

“It is natural for free cybersecurity service providers to display ads in order to generate revenue for infrastructure and service quality improvements. However, they should explicitly state that only non-personalized, aggregated data is shared with ad platforms-and only with the user’s explicit consent,” Levinzon concludes.

The growing number of connected devices and increasing vulnerabilities, including the latest one that has been exploited by North Korean and Chinese hackers, raises concerns among cybersecurity experts. They warn that such attacks will increase, and have severe consequences: from stolen data to private videos leaked on the internet.

​At the beginning of December, a cybersecurity vulnerability dubbed React2Shell that can affect millions of connected home devices worldwide was publicly disclosed. Just days later, security researchers already observed hacker groups from North Korea and China exploiting the vulnerability for malicious purposes. This example illustrates how quickly hackers can exploit weaknesses, often long before vendors fix them.

​A forecast from IoT Analytics predicted that this year, a number of connected home devices is expected to reach 21.1 billion, with double-digit growth projected for the upcoming years. 

Not only traditional cameras and printers, but also new-gen thermostats and wearables are being increasingly incorporated in our daily lives, and potential vulnerabilities increase too.

​Experts at Planet VPN, a free virtual private network provider, say that worldwide, there are many more attacks, most of which are unnoticed by users. According to Konstantin Levinzon, co-founder of the company, hackers are increasingly shifting their focus to smart homes due to their lack of protection.

​“When people think about cybersecurity, they often take care of their smartphones and forget about the rest. However, other devices connected to homes often have weaker security than our smartphones or laptops, making them a more lucrative target for cybercriminals. Your TV, camera, or printer can open the door for cybercriminals to your network, and once they break in, it is hard to stop them,” Levinzon says.

​A recent report by Bitdefender and Netgear, which analyzed 58 million smart home devices across the US, Australia, and Europe, found 4.6 billion vulnerabilities and noticed 13.6 billion attacks in the first 10 months of this year.

​According to Levinzon, there are several ways bad actors can hijack your home. One huge security hole is outdated firmware: smart home devices often receive too few security updates, leaving them exposed to all kinds of vulnerabilities.

​In addition, many devices, including routers and cameras, come with default passwords that are easy for hackers to guess. Despite the growing number of cyber incidents, users still rely on default or weak passwords, making hacking into users’ homes an easy task even for unskilled cybercriminals, Levinzon says.

​On top of that, there are a number of potential issues with home network security.

​“Users trust device manufacturers too much and don’t consider the security of smart home devices before buying them. For example, cheap security cameras often promise to secure your home, when in reality, they may act like a Trojan horse. Poor encryption and insecure communication protocols can expose users’ private lives online instead of keeping them safe.,” Levinzon explains.

​The rise of AI assistants also poses security concerns. Earlier this year, researchers at Tel Aviv University published a paper where they described how “Google’s” AI assistant Gemini can be used to do things like open windows in a person’s apartment, after receiving only a calendar invite.

​According to Levinzon, while the latter example was only theoretical, as AI continues to have much more influence in our lives, we will see more similar examples happening in real life.

​Once cybercriminals compromise a person’s network, AI assistant, or device, they can then use it for various purposes: steal the user’s personal data, eavesdrop, hijack smart home equipment to launch cyberattacks, and even control your home.

​To avoid becoming a victim, Levinzon advises using unique passwords and enabling multi-factor authentication. Updating firmware regularly and ensuring that these devices have secure communication protocols, such as WPA3, is also a must.

​“It is also important to protect devices when you are using them,” he says. “Turn on a VPN whenever you are browsing using your smartphone, laptop, or smart TV: it will enhance your security and privacy by hiding your IP address and making your data invisible to anyone, even to your internet service provider. Remember, that for cybercriminals, even one unprotected device may be enough to take control of your entire home.”

This year, even the biggest corporations and governmental institutions, including the US, were not immune to hacks. According to Cyble’s latest Global Cybersecurity Report 2025, almost 15,000 incidents related to data breaches and leaks were reported.

2026 will be marked with even more breaches, as AI tools enable hackers to target thousands with a single click, cybersecurity experts warn.

​Looking back in 2025, one of the biggest hacks happened to the Australian airline Quantas. Hackers exposed data of 5 million customers, including names, birth dates, email addresses, and a few months ago started selling it on the dark web. There were many more similar cases involving companies like Oracle, Volvo, and SK Telecom, which led to data leaks or frozen business operations.

​In the summer, security researchers uncovered the biggest data breach in history that exposed 16 billion passwords, including those from Apple, Facebook, Google, Telegram, and many more. Some attacks affected governmental institutions, where, recently, the US Congressional Budget Office was hacked. According to Cyble’s report, government institutions were the Top 3 in the overall threat activity.

​Cybercriminals also targeted users directly. Recently, more than 120,000 cameras were hacked for so-called “sexploitation” footage in South Korea.

​According to experts at Planet VPN, a free virtual private network (VPN) provider, this year, a significant portion of attacks were amplified by AI tools. Konstantin Levinzon, co-founder and CEO of the company, says this trend will pose even bigger risks in 2026.

​”Even though AI improves our daily lives and strengthens cybersecurity, it is also widely used by hackers. Now, even those without technical expertise can buy tools on the dark web that target thousands of users with a single click. The rise of AI-powered tools will amplify all kinds of attacks, including phishing scams, ransomware, and exploiting vulnerabilities, and can even create attacks on its own,” Levinzon says.

Prediction 1: AI cybercriminals

Up until now, AI has been just a tool for cybercriminals, allowing them to organise and speed up attacks, he says. However, with rising agentic AI capabilities, AI will inevitably start attacking autonomously.

In its recent report, Anthropic has already described a hacking campaign that carried out around 80-90% part of the operation on its own using the company’s Claude tools.

“AI tools will scan for weaknesses and exploit zero-day flaws – security gaps that are unknown to vendors – without a human touching a keyboard. As our homes, workplaces, and infrastructure are increasingly run by AI, any security gap becomes a potential attack vector. We will almost certainly see such autonomous attacks next year,” Levinzon says.

​Prediction 2: Hyper-realistic deepfakes

Deepfakes – AI-generated fake videos, audio files, or images used to impersonate people – are becoming a headache for banks and other businesses, as they allow bypassing online verification. Recently, an insurance company, sensing a lucrative opportunity, even started offering coverage for incidents where AI deepfakes cause reputational harm for companies.

Individual users are also at risk, Levinzon emphasizes. The FBI has recently warned users that criminals are generating fake images of kidnapping and using them for scams. According to Levinzon, the real rising threat is fake video-generated content.

“In 2025, video generators such as OpenAI’s Sora showed how easy it is to create highly realistic videos, and cybercriminals will use them to their advantage. As a result, banks and other financial institutions will likely take precautions to enhance their security measures to protect video verification processes. Regulations will likely follow quickly. For users, this may mean additional steps to confirm their identity,” he says.

Prediction 3: Digital body snatching

​Millions of smartwatches, rings, AI wearables, and even new mattresses come equipped with large amounts of sensors that collect everything – from your location, to heart rate data, and stress levels. As the number of these sensors increases, they become attractive targets for cybercriminals, experts say.

​According to Levinzon, once hackers get access to a smartwatch or any device, they can exfiltrate data easily, especially if the devices are not purely secured. Such data can also be gathered via cloud or app data leaks, exploiting Bluetooth attacks, and more.

​”Potential wearable hacks, deepfakes, and autonomous AI systems mean that next year, users will need to take extra steps and security measures. Aside from staying vigilant, we also recommend enabling two-factor authentication, updating software regularly, and using a VPN, which adds an essential layer of defence against hackers,” Levinzon says.