88% of people struggle to tell what’s real online

What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years, Artificial Intelligence AI tools have granted people unfettered access to easier writing, faster image generation, quicker...

CVE-2026-33173

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

AI-generated malvertising “white pages” are fooling detection engines

This is no secret, online criminals are leveraging artificial intelligence AI and large language models LLMs in their malicious schemes. While AI tends to be abused to trick people i.e. deepfakes in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, thi...

CVE-2024-30617

A Cross-Site Request Forgery CSRF vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge...

Facebook clickbait leads to money scam for users

Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fa...

Beware of this bogus (and phishy) “Instagram Support” email

Recently, a fake Instagram email successfully bypassed Googles email filters and made it into hundreds of employee inboxes used by a prominent US life insurance company based in New York. This was revealed in a report by Armorblox, a cybersecurity company specializing in stopping business email...

WordPress Injection Anchors Widespread Malware Campaign

The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content. The adversaries have so far delivered the Cobalt Strike intrusion tool,...

Detecting Fake Videos

This story nicely illustrates the arms race between technologies to create fake videos and technologies to detect fake videos: These fakes, while convincing if you watch a few seconds on a phone screen, aren't perfect yet. They contain tells, like creepily ever-open eyes, from flaws in their...

Facebook 'Like-jacking' Scams Expand

Facebook attacks that force users to unwittingly endorse scam pages keep spreading, researchers say. Attacks have now circulated that cause users to recommend pages promising naked pictures of alternative rock diva Hayley Williams or the phone number of heart-throb singer Justin Bieber. Read the...