Phishing scammers are posting fake “account restricted” comments on LinkedIn

Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...

North Korean Scammers Are Doing Architectural Design Now

New research shows that North Koreans appear to be trying to trick US companies into hiring them to develop architectural designs using fake profiles, résumés, and Social Security numbers...

AI-Enabled Influence Operation Against Iran

Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as...

EUVD-2024-46243

Malicious code in bioql PyPI...

CVE-2024-52591

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

CVE-2024-52590

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

Misskey 输入验证错误漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. An input validation error vulnerability exists in Misskey versions 2024.8.0-rc.3 through prior to 2024.11.0-alpha.3, which stems from a lack of validation that could allow an attacker to create a...

Misskey 输入验证错误漏洞

Misskey is a perpetually free open source federated social media platform from Misskey Open Source. An input validation error vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from a lack of validation that could allow an attacker to create fake user profiles and forged...

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for...

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic aka AMOS, Vidar, Lumma aka LummaC2, and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator...

The Not-so-True People-Search Network from China

Its not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives you would, too. Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But its not every day you run across a...

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie continues to successfully use...

Fake security researchers push malware files on GitHub

Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...

A Spy Wants to Connect With You on LinkedIn

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far...

W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack

An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technic...

LinkedIn Adds Verified Emails, Profile Creation Dates

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation...

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a...

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities -- which pair AI-generated profile photos wit...

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer CISO roles at some of the worlds largest corporations. Its not clear whos behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are...

Massive Losses Define Epidemic of ‘Pig Butchering’

U.S. state and federal investigators are being inundated with reports from people whove lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as "pig butchering," wherein people are lured by flirtatious strangers online into investing in cryptocurren...