Researchers built a chatbot that only knows the world before 1931

The internet's chatbots have read every forum rant, leaked Slack log, and confident blog post your uncle ever wrote about chemtrails. The results are predictable: they reflect the state of the internet, and it isn't pretty. That, along with some questionable design decisions, is partly why Elon...

Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts...

Unveiling the Resilience of LLM-Enhanced Search Engines against Black-Hat SEO Manipulation

The emergence of Large Language Model-enhanced Search Engines LLMSEs has revolutionized information retrieval by integrating web-scale search capabilities with AI-powered summarization. While these systems demonstrate improved efficiency over traditional search engines, their security implication...

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud...

CVE-2023-25059

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

SQL Injection

Overview langchain-cloudflare is a Langchain Integrations for Cloudflare's WorkersAI and Vectorize Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of nested metadata in D1 database operations. The d1upserttexts and ad1upserttexts methods construct SQ...

How scammers use fake insurance texts to steal your identity

Sometimes it’s hard to understand how some scams work or why criminals would even try them on you. In this case it may have been a matter of timing. One of my co-workers received this one: “Insurance estimates for certain age ranges: 20-30 200 – 300/mo 31-40 270 – 450/mo 41-64 350 – 500/mo Please...

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation

Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse...

Secure Retrieval-Augmented Generation against Poisoning Attacks

Large language models LLMs have transformed natural language processing NLP, enabling applications from content generation to decision support. Retrieval-Augmented Generation RAG improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning...

A week in security (October 20 – October 26)

Last week on Malwarebytes Labs: Is AI moving faster than its safety net? Thousands of online stores at risk as SessionReaper attacks spread Apple may have to open its walled garden to outside app stores Meta boosts scam protection on WhatsApp and Messenger Home Depot Halloween phish gives users a...

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted...

Phishing scams exploit New York’s inflation refund program

A warning from the New York State on their website informs visitors that: “Scammers are calling, mailing, and texting taxpayers about income tax refunds, including the inflation refund check.” Here's the warning on the website: We can confirm that several phishing campaigns are exploiting a...

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware

Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos...

EUVD-2023-29038

Malicious code in bioql PyPI...

EUVD-2023-32656

Malicious code in bioql PyPI...

EUVD-2024-17280

Malicious code in bioql PyPI...

EUVD-2023-50942

Malicious code in bioql PyPI...

Cybercriminals Have a Weird New Way to Target You With Scam Texts

Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them...

Tax refund scam targets Californians

The State of California Franchise Tax Board FTB recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states: “Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages...