Malicious code in wdb-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

Deepfake sextortion forces schools to remove student photos from websites

Schools love a good photo, whether it's from a trip to a castle, a science prize ceremony, or sports day shot from three angles. For two decades, celebratory images like these have gone straight onto school websites, captioned with a name and a grade. But those days are gone, because it's the...

Amazon: Low-Skill Hacker Used AI Tools to Breach FortiGate Devices Globally

Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods...

macOS Users Hit by Python Infostealers Posing as AI Installers

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces...

WordPress plugin AI Tools 安全漏洞

WordPress AI Tools plugin is a WordPress plugin based on Artificial Intelligence technology, which is mainly used to optimize website content generation, automate task processing and improve website performance. WordPress AI Tools plugin suffers from a lack of authorization vulnerability, no...

PT-2025-33202 · Unknown · Ashish Ai Tools

Name of the Vulnerable Software and Affected Versions: Ashish AI Tools versions n/a through 4.0.7 Description: A missing authorization flaw exists in Ashish AI Tools, allowing exploitation of incorrectly configured access control security levels. Recommendations: Update Ashish AI Tools to a versi...

Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts...

Age verification: Child protection or privacy risk?

With governments demanding actual age verification on websites with adult content, and platforms like social media and Roblox introducing restrictions based on a user’s age, the controversy about different types of age verification and their implications is growing. Last week, Roblox announced ne...

WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by theviper17 in WordPress Plugin AI Tools versions = 4.0.7...

Securing Data in the AI Era

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes f...

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps IRGC has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology a...

A week in security (June 15 &#8211; June 21)

Last week on Malwarebytes Labs: The data on denying social media for kids re-air Lock and Code S06E12 Reddit’s new AI-powered tools scan your posts to serve you better ads Smart air fryers ordered to stop invading our digital privacy WhatsApp to start targeting you with ads Scammers hijack websit...

Reddit&#8217;s new AI-powered tools scan your posts to serve you better ads

Reddit has introduced two Artificial Intelligence AI tools which will use Reddit comments, posts, and conversations to help sellers make the most of the community. Reddit is a social media platform and online forum where users can share and discuss content across a wide range of topics. The...

Ransomware hiding in fake AI, business tools

Artificial intelligence AI and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead...

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has discovered new threats, including the ransomware CyberLock, LuckyGh0$t, and a newly-discovered malware we call "Numero," all of which masquerade as legitimate AI tool installers. CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on th...

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Cybercriminals are taking advantage of the public’s interest in Artificial Intelligence AI and delivering malware via text-to-video tools. According to researchers at Mandiant, the criminals are setting up websites claiming to offer “AI video generator” services, and then using those fake tools t...

CVE-2024-4617

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Threat actors have been observed leveraging fake artificial intelligence AI-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms ...

Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads

Scammers are using fake AI tools and Facebook ads to spread Noodlophile Stealer malware, targeting users with a…...

WhatsApp Is Walking a Tightrope Between AI Features and Privacy

WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks...