4658 matches found
You can poison AI with just 250 dodgy documents
Researchers have shown how you can corrupt an AI and make it talk gibberish by tampering with just 250 documents. The attack, which involves poisoning the data that an AI trains on, is the latest in a long line of research that has uncovered vulnerabilities in AI models. Anthropic which produces...
What does Google know about me? (Lock and Code S06E21)
This week on the Lock and Code podcast … Google is everywhere in our lives. It's reach into our data extends just as far. After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the othe...
Mango discloses data breach at third-party provider
Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...
AI-driven scams are preying on Gen Z’s digital lives
Gone are the days when extortion was only the plot line of crime dramas—today, these threatening tactics target anyone with a smartphone. As AI makes fake voices and videos sound and look real, high-pressure plays like sextortion, deepfakes, and virtual kidnapping feel more believable than ever...
Your passwords don’t need so many fiddly characters, NIST says
It’s once again time to change your passwords, but if one government agency has its way, this might be the very last time you do it. After nearly four years of work to update and modernize its guidance for how companies, organizations, and businesses should protect their systems and their...
California just put people back in control of their data
California's 2025 legislative session closed with 14 new privacy and AI-related bills. We’d like to highlight a few of the most relevant signed bills and encourage other states and countries to follow California’s example. Let’s go over some of the bills that were signed by the governor and how...
Is your computer mouse eavesdropping on you?
The short answer is: probably not, but theoretically it’s possible. Researchers at the University of California found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. The method uses high-performance optical sensors in optical...
Discord warns users after data stolen in third-party breach
Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who feel the impact. The breach, which...
Your Meta AI conversations may come back as ads in your feed
Meta has announced that conversations with its AI assistant will soon be used for targeted advertising. If you’re the kind of person that notices ads for products just after you spoke about them, you won't be happy about this update. Meta AI is the company’s generative AI assistant, built into...
Gemini AI flaws could have exposed your data
Security researchers discovered three vulnerabilities in Google's Gemini artificial intelligence AI assistant. Although now patched, this "Trifecta", as the researchers called it, raises important questions about how safe AI tools really are, especially as they become a part of services many of u...
Apple fixes critical font processing bug. Update now!
Apple has released important security updates to address a critical vulnerability in FontParser —the part of MacOS/iOS/iPadOS that processes fonts. Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to cra...
Amazon pays $2.5B settlement over deceptive Prime subscriptions
Another day, another settlement. Amazon has settled a lawsuit filed by the Federal Trade Commission FTC over misleading customers who signed up for Amazon Prime—though it claims it did nothing wrong. The FTC alleged that Amazon used deceptive methods to sign up consumers for Prime subscriptions—a...
New SVG-based phishing campaign is a recipe for disaster
We've written in the past about cybercriminals using SVG files for phishing and for clickjack campaigns. We found a new, rather sophisticated example of an SVG involved in phishing. For readers that missed the earlier posts, SVG files are not always simply image files. Because they are written in...
TikTok is misusing kids’ data, says privacy watchdog
A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...
Scammers are impersonating the FBI to steal your personal data
Been scammed? Hoping to report it to the FBI? Definitely do so, but be careful. Spoofed versions of the FBI's Internet Crime Complaint Center IC3 website are now circulating online, and they lead straight back to the scammers. The FBI issued an advisory last week, warning that cybercriminals are...
ChatGPT solves CAPTCHAs if you tell it they’re fake
If you’re seeing fewer or different CAPTCHA puzzles in the near future, that’s not because website owners have agreed that they’re annoying, but it might be because they no longer prove that the visitor is human. For those that forgot what CAPTCHA stands for: Completely Automated Public Turing te...
“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study
As if ransomware wasn’t enough of a security problem for the sector, educational institutions also need to worry about their own students, a recent study shows. Last week, the UK Information Commissioner’s Office ICO published a report about the "insider threat of students". Here are a few key...
AI browsers or agentic browsers: a look at the future of web surfing
Browsers like Chrome, Edge, and Firefox are our traditional gateway to the internet. But lately, we have seen a new generation of browsers emerge. These are AI-powered browsers or "agentic browsers"—which are not to be confused with your regular browsers that have just AI-powered plugins bolted o...
From Fitbit to financial despair: How one woman lost her life savings and more to a scammer
We hear so often about people falling for scams and losing money. But we often don’t find out the real details of what happened, and how one "like" can turn into a nightmare that controls someone’s life for many years. This is that story. Not too long ago, a scam victim named Karen reached out to...
Ransomware attack at blood center: Org tells users their data’s been stolen
A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...
Google misled users about their privacy and now owes them $425m, says court
A court has ordered Google to pay $425m in a class action lawsuit after it was found to have misled users about their online privacy. In July 2020, Google user Anibal Rodriguez filed a lawsuit against the search giant, arguing that it misled users with its "Web & App Activity" setting. The settin...
Nexar dashcam video database hacked
A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’ cars, according to a new report from 404 Media. Nexar is a dashcam company that promotes its products as “virtual CCTV cameras” and offers automatic cloud uploads of critic...
Update your Android! Google patches 111 vulnerabilities, 2 are critical
Google has patched 111 vulnerabilities in Android, including two critical flaws, in its September 2025 Android Security Bulletin. While the last few months have been quite calm regarding the number of vulnerabilities, this month is a real whopper with 111, compared to 6 in August and none in July...
Tax refund scam targets Californians
The State of California Franchise Tax Board FTB recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states: “Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages...
How to set up two-step verification on your WhatsApp account
Two step verification is the name Meta uses for what is generally referred to as Two-factor authentication 2FA. 2FA is not fool-proof, but it is one of the best ways to protect your accounts from hackers. It adds an extra step when logging in, which is a small extra effort for you, but it...
Romance scammers in Ghana charged with more than $100 million in theft
The Department of Justice DOJ extradited and indicted 4 Ghanaian nationals for allegedly stealing more than $100 million, mainly through romance scams and business email compromises. According to a report from Comparitech, nearly 59,000 Americans fell victim to romance scams in 2024, losing an...
Netflix scammers target jobseekers to trick them into handing over their Facebook logins
In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff. The initial mail looks like what you might expect from a headhunter or a human resources HR recruitment specialist. "I hope this note finds you well," the email...
That “Amazon Safety Recall” message may well be a scam
Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon. The text message tells you that the item does not meet Amazon’s standards, and tries to install some urgency by claiming it is not safe to use. It also includes a link...
“The worst thing” for online rights: An age-restricted grey web (Lock and Code S06E16)
This week on the Lock and Code podcast … The internet is cracking apart. It’s exactly what some politicians want. In June, a Texas law that requires age verification on certain websites withstood a legal challenge brought all the way to the US Supreme Court. It could be a blueprint for how the...
How Google, Adidas, and more were breached in a Salesforce scam
At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse—making a phone call. By disguising themselves as IT support personnel on the phone, hacker...
Perplexity AI ignores no-crawling rules on websites, crawls them anyway
Imagine putting up a no-trespassing sign for people walking their dogs, and then finding out that one person dresses up their Great Dane as a calf and walks it on your grounds. Well that's sort of what AI answer engine Perplexity has been doing, by evading the no-crawl directives of websites,...
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google
A little-known ChatGPT "feature" is now gone. It could be a good thing. On X, OpenAI Chief Information Security Officer Dane Stuckey announced that OpenAI "removed a feature from ChatGPT that allowed users to make their conversations discoverable by search engines, such as Google." Stuckey called...
How the FBI got everything it wanted (re-air) (Lock and Code S06E15)
This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...
How the FBI got everything it wanted (re-air) (Lock and Code S06E15)
This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...
Watch out: Instagram users targeted in novel phishing campaign
A phishing campaign targeting Instagram users is doing the rounds. There are plenty of those around, but when we took a look at this particular email, it seemed a bit different to the normal phishing emails that point to scammy websites. The email looked like this, which is very similar to the on...
iPhone vs. Android: iPhone users more reckless, less protected online
The smartphone wars have a winner, and it’s Android. No, this isn’t about which device has the best camera, the snappiest processor, or the flashiest AI features—this is about which device owners are safer online, and in many ways, it is Android users who take the crown. According to a new analys...
‘Car crash victim’ calls mother for help and $15K bail money. But it’s an AI voice scam
A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam. Sharon Brightwell says she received a call from someone who sounded just like her daughter. The woman on the other end was sobbing and crying, telling her mom...
Dating app scammer cons former US army colonel into leaking national secrets
Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app. David Slater was a retired colonel in the US army who took up work as a civilian at US Strategic Command,...
Amazon warns 200 million Prime customers that scammers are after their login info
Amazon has sent out an alert to its 200 million customers, warning them that scammers are impersonating Amazon in a Prime membership scam. In the email, sent earlier this month, Amazon said it had noticed an increase in reports about fake Amazon emails: What 's happening: Scammers are sending fak...
Is AI “healthy” to use? (Lock and Code S06E14)
This week on the Lock and Code podcast … “Health” isn’t the first feature that most anyone thinks about when trying out a new technology, but a recent spate of news is forcing the issue when it comes to artificial intelligence AI. In June, The New York Times reported on a group of ChatGPT users w...
A week in security (July 7 – July 13)
Last week on Malwarebytes Labs: Deepfake criminals impersonate Marco Rubio to uncover government secrets McDonald’s AI bot spills data on job applicants Millions of people spied on by malicious browser extensions in Chrome and Edge No thanks: Google lets its Gemini AI access your apps, including...
Deepfake criminals impersonate Marco Rubio to uncover government secrets
Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government. News emerged this week of an AI-powered attack that impersonated US Secretary of State Marco Rubio. Authorities don't know who was behind the incident. A US State Department cable...
No thanks: Google lets its Gemini AI access your apps, including messages [updated]
If you're an Android user, you'll need to take action if you don’t want Google's Gemini AI to have access to your apps. That's because, regardless of your previous settings, Google now allows Gemini to interact with third-party apps. Through Gemini extensions, it already had the ability to...
Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams
Microsoft, DocuSign, Adobe, McAfee, NortonLifeLock, PayPal, and Best Buy’s Geek Squad are being impersonated online through malicious emails that contain fake telephone support numbers and dangerous QR codes that can ensnare victims into phishing scams. The brands and their products are frequentl...
AT&T to pay compensation to data breach victims. Here’s how to check if you were affected
AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers. For those that have missed the story so far: Back in 2021, an entity named Shiny Hunters a known hacking...
A week in security (June 23 – June 29)
Last week on Malwarebytes Labs: Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks Thousands of private camera feeds found online. Make sure yours isn’t one of them Sextortion email scammers increase their "Hello pervert" money demands Many data brokers are faili...
Why the Do Not Call Registry doesn’t work
The “Do Not Call Registry” receives a lot of hate online for failing to do its job: Stop calls. “What’s the point of being on the Do Not Call list?” wrote one user on Reddit who shared a screenshot of ten declined phone calls received across one week. Though already registered with the Do Not Cal...
Facial recognition: Where and how you can opt out
Our remote team recently took a trip to our Estonian office. When we arrived from our various destinations, we started chatting about how our travel had been. Our senior privacy advocate, David Ruiz, mentioned that he'd opted out of facial recognition while at San Francisco International Airport...
Many data brokers are failing to register with state consumer protection agencies
Hundreds of data brokers haven't registered with state consumer protection agencies, according to The Electronic Frontier Foundation EFF and Privacy Rights Clearinghouse PRC. There are different kinds of data brokers, but what they all have in common is that they gather personally identifiable...
Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks
Russian hackers have bypassed Google's multi-factor authentication MFA in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group GTIG. The hackers pulled this off by posing as US Department of State officials in advanced social engineering attack...