🚨 Security alert: Critical Apple & Chrome flaws let hackers in without you even clicking

Apple and Google patched two critical zero-day security flaws, one in Safari (WebKit), the other in Chrome, and both were already being used by hackers in the wild. That means they were active threats before anyone even knew they existed.

The worst part? These flaws could let cybercriminals take control of your device without you clicking a single thing. Yep, you read that right.

It’s called Remote Code Execution (RCE), and it’s as bad as it sounds. Here’s how it plays out:

Let’s say you’re casually browsing the web. You open a site that looks totally normal, maybe a link from social media, a search result or even an ad.

Behind the scenes, that site has malicious code designed to hit the exact weak spot in your browser’s engine. Once your browser tries to load the page, boom, that code executes. Now a hacker has the power to run commands on your phone, tablet or computer. They can install spyware, steal passwords, lock files for ransom, all without your knowledge.

You didn’t click anything sketchy. You just visited a page. That’s how dangerous this is.

1. Update everything.

Don’t wait on this. Here’s how to make sure your devices are protected:

The fixes are already out there, but they protect you only if you actually install them. Do it now.

2. Stop trusting public Wi-Fi.

Hackers love public networks. They’re easy to exploit, and they work perfectly with these kinds of attacks. This is why I always use ExpressVPN, which encrypts your internet connection before it ever leaves your device.

Even if you’re on sketchy hotel or airport Wi-Fi, your data stays safe and unreadable.

3. Remove unknown browser extensions.

Browser extensions are one of the easiest ways hackers get in, because once installed, they often have permission to read what you type, see what sites you visit, and even inject code into pages. Most people have no idea what half of theirs do.

Here’s how to clean house:

In Safari (Mac):

In Chrome (Mac or PC):

If you haven’t used an extension in the last month, remove it. You can always add it back later.

This zero-day alert is not theoretical. It’s real, serious and happening right now. It’s a painful reminder that even the most updated device isn’t bulletproof against sophisticated web attacks.

The simplest, smartest thing you can do today is encrypt your connection.

ExpressVPN* adds a crucial layer of security by hiding your data, location and identity from the hackers actively trying to exploit these browser flaws, trackers and anyone else trying to snoop on your connection. Use the exclusive link below to get the world’s most trusted VPN and receive 4 extra months FREE.

You can’t control what vulnerabilities are found in your devices, but you can control who sees your data.

Don’t wait for the next zero-day. Take five minutes and secure yourself. 

👉 Secure your connection and get 4 extra months today!

The internet isn’t getting safer, but you can be smarter.

Photo credit(s): Gemini

Companies and products denoted by an asterisk (*) within this publication are paid sponsors or advertisements. As an Amazon Associate, the publisher earns from qualifying purchases. Statements regarding products denoted by a double asterisk (**) have not been evaluated by the Food and Drug Administration; such products are not intended to diagnose, treat, cure, or prevent any disease. This newsletter is provided for informational and entertainment purposes only and does not constitute legal, financial, medical, or professional advice of any kind. Readers should consult with a qualified professional before making any decisions based on this content. The publisher disclaims all liability for any loss, damage, or injury resulting from the use of or reliance on the information contained herein.