Topic: user awareness
-
Spot Browser-in-the-Browser Phishing Before It Spots You
A sophisticated phishing technique called Browser-in-the-Browser is resurging, embedding fake login windows within legitimate webpages to steal credentials by mimicking trusted services like Microsoft and Facebook. The attack uses deceptive pop-ups that appear as genuine browser prompts, ofte...
Read More » -
Beware: Fake Spam Filter Alerts Invading Inboxes
A new phishing scam tricks users with fake alerts about spam filters blocking legitimate emails, urging them to click links to release messages, posing serious security risks. These deceptive emails mimic official communications, redirecting users to counterfeit login pages that steal credentials...
Read More » -
1Password's New Feature Fights Phishing Attacks
1Password is launching a new security feature that proactively detects and warns users about potential phishing attempts by monitoring for deceptive website addresses. The feature works by preventing autofill and displaying an alert when a visited site's URL doesn't match a legitimate one saved i...
Read More » -
Google AI Security Expert's Forbidden Chatbot Secrets
Treat interactions with public AI chatbots as public communications, never sharing sensitive personal or financial information, as this data can be used for model training or exposed in a breach. Use enterprise-grade AI solutions for work-related tasks, as they are designed not to train on user d...
Read More » -
Google's Gmail Update Puts Millions of Accounts at Risk
Gmail is discontinuing POP3 email fetching and the Gmailify service, removing key protections for users who link older, third-party email accounts like Yahoo or Outlook. These changes will expose millions of users to unchecked spam and phishing, as Gmail's powerful AI-driven filters will no longe...
Read More » -
Is Your Roku in the Wrong HDMI Port? Here's Why It Matters
Plugging a Roku into the wrong HDMI port can limit its performance, as ports vary in their supported standards and features like HDCP 2.2 for 4K content. Modern TVs have different HDMI versions, such as HDMI 2.0 for 4K HDR or HDMI 2.1 for higher refresh rates, which directly impact video quality ...
Read More » -
TRA Bahrain, Mobile Operators Launch Anti-SMS Fraud Guidelines
Bahrain's TRA and mobile operators have launched new "Guidelines for Reducing Fraudulent SMS" to combat scam messages and enhance mobile security nationwide. The guidelines establish technical and operational measures for identifying and intercepting fraudulent communications, alongside public ed...
Read More » -
Anthropic Users: Opt Out or Share Data for AI Training
Anthropic now requires all users to decide by September 28 whether to consent to their data being used for AI model training, a shift from its previous policy of deleting consumer chat data within 30 days. Users who do not opt out will have their interactions retained for up to five years to impr...
Read More » -
NimDoor macOS Malware Persists After Termination
North Korean hackers are using sophisticated macOS malware called NimDoor to target cryptocurrency and web3 organizations, employing social engineering and modular payloads to evade detection. The malware, built with C++ and Nim, features unique persistence techniques like self-repair after termi...
Read More » -
Chrome And Safari Alert: This Sign Means You're Hacked
A new phishing technique exploits small mobile screens by using characters like "rn" to mimic "m" in URLs, tricking users into visiting fake sites that resemble legitimate ones like microsoft.com. The primary defense is behavioral: avoid logging in via emailed links and instead navigate directly ...
Read More » -
ChatGPT Agent Aided Gmail Security Breach by Researchers
A new attack called Shadow Leak exploited AI agents to access sensitive Gmail data without triggering alerts, highlighting vulnerabilities in AI systems with data permissions. The breach used prompt injection to manipulate OpenAI's Deep Research tool into extracting confidential emails, bypassing...
Read More » -
Check If Your Home Network Is Hacked
A new tool called IP Check from GreyNoise allows users to quickly see if their public IP address has been flagged for malicious activity, such as being part of a botnet, providing an essential proactive security check. Compromised home networks can be hijacked to route harmful traffic for attacks...
Read More » -
FlexibleFerret Malware Strikes macOS With Go Backdoor
A sophisticated malware campaign named FlexibleFerret targets macOS systems using a multi-stage attack to bypass security, deploy a persistent backdoor, and steal sensitive credentials through deceptive applications. The attack begins with a shell script that identifies the system architecture, d...
Read More » -
Singapore Officials Impersonated in Sophisticated Investment Scam
Fraudsters impersonated Singaporean officials using verified Google Ads, fake news sites, and AI-generated deepfake videos to promote a fraudulent forex investment platform targeting local residents. The scam employed advanced evasion techniques like IP filtering and redirect domains, with victim...
Read More » -
New Salty2FA Phishing Kit Raises Sophistication Alarm
The Salty2FA phishing kit uses advanced tactics like session-based subdomain rotation, legitimate platform abuse, and precise corporate branding to create highly convincing fraudulent login pages. It incorporates Cloudflare’s Turnstile and obfuscated JavaScript to evade automated analysis and com...
Read More » -
Google's AI Energy Use: The Unanswered Questions
Google refuses to disclose its total AI energy consumption, citing it as too abstract and variable, and instead focuses on per-prompt metrics that don't reflect the full environmental impact. The cumulative energy demand of AI is substantial, with OpenAI's ChatGPT alone using over 300 gigawatt-ho...
Read More » -
MFA Is Essential - But Not Enough Alone for Security
MFA blocks ~99% of automated attacks but isn't foolproof, as weak passwords can still create security gaps, requiring a layered approach with robust password policies. Organizations risk breaches if they implement MFA without addressing password vulnerabilities, as hackers exploit reused or stole...
Read More » -
iPhone Users Get $95M Siri Privacy Payouts
Apple has begun distributing payments from a $95 million class action settlement to eligible iPhone users who claimed Siri recorded conversations without proper consent, though payouts are lower than initially estimated. The lawsuit stemmed from a 2019 report revealing that contractors grading Si...
Read More » -
Atomic Stealer: How This Potent Mac Malware Infects Your System
A sophisticated malware campaign uses fraudulent search engine ads to impersonate popular software and targets Mac users with the Atomic Stealer information-stealing program. LastPass confirmed it was a prime target, with attackers using deceptive ads to direct users to counterfeit GitHub pages t...
Read More » -
Neon Cyber Launches Workforce Cybersecurity Platform
Neon Cyber has launched the industry's first Workforce Cybersecurity Platform (WCP), focusing on human-centric threats like phishing and credential misuse to protect users across browsers, SaaS, and enterprise systems. The platform offers AI-driven phishing protection, visibility into shadow IT, ...
Read More » -
Microsoft's AI security flaw sparks data theft fears
Microsoft has issued a security warning about its experimental AI agent, Copilot Actions, due to risks that it could be exploited to infect devices and steal sensitive user information. The vulnerabilities are linked to inherent flaws in large language models, including AI hallucinations that pro...
Read More » -
Tenable Uncovers Critical Google Gemini AI Flaws That Risked User Data
Tenable Research uncovered three critical security flaws in Google's Gemini AI, known as the Gemini Trifecta, which allowed attackers to manipulate the AI and steal sensitive user data without direct system access. The vulnerabilities affected components like Gemini Cloud Assist, Search Personali...
Read More » -
February Pixel Update: Status and Release Date
Google has shifted from a predictable monthly update schedule to a flexible system, with releases now typically arriving on a Tuesday or Wednesday in the first or second week of the month. Newer Pixel models (Pixel 8, 9, and 10 series) receive updates roughly monthly, while older models (Pixel 6 ...
Read More » -
Hackers Still Exploit WinRAR Flaw, Mandiant Reports
A critical WinRAR vulnerability (CVE-2025-8088) is being actively exploited by state-sponsored and criminal hackers, despite a patch being available for over six months. The exploit hides malicious payloads within archive files to execute automatically upon user login, with attacks linked to a si...
Read More » -
Google Denies Gmail Scam Risk – But You Still Need to Do This
Google denies recent claims of increased scam risks for Gmail users on desktops and laptops, asserting that its security systems are strong and block over 99.9% of threats. Users are advised to enhance account security by regularly updating passwords and enabling two-factor authentication, while ...
Read More »