December 4, 2025

📰 The Consumer Cyber Sentinel: Your Digital Defense Report 🛡️

🛡️ Date: Thursday, December 4, 2025 Stay Ahead of the Scams: New updates every Monday and Thursday.

Welcome to your essential security briefing. Today's report contains critical alerts about necessary software updates and a dangerous new evolution in hacking that is designed to bypass your best security measure: Multi-Factor Authentication (MFA).

🚨 Critical Action: Update Your Chrome Browser IMMEDIATELY

Google has released an urgent update for the Chrome web browser that addresses 13 security flaws, four of which are ranked as "high severity."

The Threat: One of the flaws could potentially be used by criminals to exploit a vulnerability related to digital credentials. While the details are being kept secret to prevent further attacks, the severity rating means the flaw poses a real risk to your data.

Action You Must Take: If you use Google Chrome (or other Chromium-based browsers like Edge or Brave), update it today:

• Open Chrome.

• Click the three vertical dots (⋮) in the top right corner.

• Go to Help > About Google Chrome.

• The browser will automatically check for and install the update. You must restart the browser when prompted for the fix to take effect.

🍪 Top Scam Alert: The "Cookie-Stealer" That Bypasses MFA

Security experts are warning of a sophisticated attack tool called Evilginx that hackers are using to steal session cookies. This method lets them completely bypass Multi-Factor Authentication (MFA).

The Threat: When you log into a website (like your bank or email), the site gives your browser a "session cookie" that proves you are logged in. Evilginx tricks you with a perfect fake login page, steals your credentials and your MFA code, and then also steals that session cookie. With the cookie, the attacker can access your account without needing your password or MFA code again.

Action You Must Take: Check the URL Twice: Before you type your login information or an MFA code, always manually check the address (URL) in your browser bar. Even if the page looks perfect, the address will be slightly wrong (e.g., amzaon.com instead of amazon.com).

Never Use a Link: Do not click on a link in an email or text message to log into a sensitive account. Type the website address yourself or use the official app.

🏦 Data Breach: Gesa Credit Union Vendor Affects 151,000

Gesa Credit Union has notified over 151,000 members in Washington state that a data breach occurred at one of its former marketing vendors, Marquis Software Solutions.

The Data Exposed: The data stolen was highly sensitive, including names, dates of birth, Social Security numbers, financial account information, and payment card information.

Action You Must Take: Watch for Notification: If you are a current or former Gesa Credit Union member, carefully review any official communication from them regarding free credit monitoring services.

Place a Credit Freeze: Since Social Security numbers were exposed, this is a prime time to place a credit freeze with the three major credit bureaus (Experian, Equifax, and TransUnion) to prevent identity thieves from opening new accounts in your name.

✨ Quick Cyber Tip of the Day: The Social Media Gift Card Scam

The holidays are peaking, and scammers are exploiting your kindness. Do not fall for the "friend in need" gift card scam.

If you receive a text or message on social media from a friend or family member asking you to immediately buy gift cards (like Apple or Amazon) and send them the codes because they are in an urgent situation—it's a scam.

Always call them on their known phone number to verify before buying any gift card.