#cyber-scams
#cyber-scams

France news

Warning over cyber-attack on French government's ANTS platform

1 hour ago

Healthcare

Ex-FBI lead urges homicide charges against ransomware scum

Careers

Advance Your Cybersecurity Career

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

1 hour ago

Ex-FBI lead urges homicide charges against ransomware scum

Cyberattacks causing death should be treated as murder, urging felony homicide charges against ransomware actors targeting healthcare facilities.

Careers

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

fromTechCrunch

6 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Law

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A ransomware negotiator pleaded guilty to aiding BlackCat ransomware attacks against U.S. companies in 2023.

Information security

Third US Security Expert Admits Helping Ransomware Gang

2 hours ago

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

fromTechCrunch

6 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Law

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A ransomware negotiator pleaded guilty to aiding BlackCat ransomware attacks against U.S. companies in 2023.

Information security

Third US Security Expert Admits Helping Ransomware Gang

2 hours ago

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

more#ransomware

fromTechzine Global

12 hours ago

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

Fundraising

fromIndependent

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

fromCointelegraph

15 hours ago

Fake Police Raid Scam Forces Victim to Send $1M in Bitcoin

The French case illustrates how attackers used a fake police raid and violence to force a Bitcoin transfer worth $1 million, bypassing encryption entirely by compelling the victim to authorize the transaction.

Cryptocurrency

Careers

fromwww.theguardian.com

18 hours ago

AI job scams are booming and I was fooled by one. Here is how to avoid them

A seemingly perfect job opportunity turned out to be a scam, revealing red flags throughout the recruitment process.

#ai

fromwww.cbc.ca

5 hours ago

Anthropic's latest AI model is sparking fears from cybersecurity experts and the banking sector. Here's why. | CBC News

Mythos, Anthropic's advanced AI model, poses cybersecurity risks by uncovering vulnerabilities faster than they can be fixed.

fromThe Verge

3 hours ago

US politics

AI backlash is coming for elections

fromwww.bbc.com

23 minutes ago

Information security

AI hacking tools like Mythos can be 'net positive' says top cyber official

fromwww.cbc.ca

5 hours ago

Anthropic's latest AI model is sparking fears from cybersecurity experts and the banking sector. Here's why. | CBC News

Mythos, Anthropic's advanced AI model, poses cybersecurity risks by uncovering vulnerabilities faster than they can be fixed.

US politics

fromThe Verge

3 hours ago

AI backlash is coming for elections

Americans express concerns about AI, but it is not a top priority in midterm campaigns.

fromwww.bbc.com

23 minutes ago

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

more#ai

fromThe New Yorker

When Your Digital Life Vanishes

A broken phone or corrupted drive can mean the loss of work, evidence, art, or the last traces of the dead. But sometimes data-recovery experts can summon lost files from the void.

Digital life

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

Privacy technologies

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

Fraudsters use AI to try and swindle $2,800 from missing dog's family

Fraudsters used AI to create fake emergency surgery images to scam a family out of $2,800 for their missing dog.

fromArs Technica

1 week ago

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

Pets

fromMail Online

Fraudsters use AI to try and swindle $2,800 from missing dog's family

Fraudsters used AI to create fake emergency surgery images to scam a family out of $2,800 for their missing dog.

fromArs Technica

1 week ago

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect defrauded Americans of $8 million through a fraudulent payment processing scheme over four years.

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

Marketing tech

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

Marketing tech

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

Marketing tech

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

Cryptocurrency

fromnews.bitcoin.com

Lazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit

Lazarus Group drained 116,500 rsETH from KelpDAO, with significant funds frozen and laundered through various protocols.

#data-privacy

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

Privacy professionals

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.

more#data-privacy

#ai-security

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

11 hours ago

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

more#data-breach

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

13 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

fromMail Online

5 hours ago

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

3 hours ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

20 minutes ago

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

6 hours ago

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

fromInfoWorld

13 hours ago

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

fromComputerworld

Cyber criminals too are working from home... your home

The FBI warns that cybercriminals use residential proxies to mask illegal activities by hijacking IoT devices, smartphones, and routers, threatening both consumers and enterprises, particularly older devices.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

more#malware

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

fromTechCrunch

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

2 weeks ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Turns out most cybercriminals are old enough to know better

Middle-aged adults aged 35-44 comprise 37% of cybercrime arrests, with 25-44 year-olds accounting for nearly 60% of cases, contradicting the teenage hacker stereotype.

3 weeks ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

3 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromTechzine Global

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

fromPCWorld

Phishing scammers weaponize ICE ragebait

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Information security

fromTechzine Global

Why cyberattacks don't require advanced hacking

Poor cyber hygiene, weak identity security, overdue IT maintenance, and incomplete logging make organizations vulnerable to financially motivated attacks such as ransomware and email fraud.

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.

Information security

Crims hit the easy button for IT helpdesk scams

Custom voice-phishing kits sold on dark-web channels enable attackers to spoof authentication flows, intercept credentials and MFA codes, and orchestrate live helpdesk social-engineering.

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

Over 150 coordinated cloned law-firm websites impersonate firms to re-victimize fraud victims by offering free asset recovery and evading takedowns.

Badges, Bytes and Blackmail

418 publicly announced law enforcement actions (2021–mid-2025) compiled into a standardized dataset detailing action types, targeted cybercrimes, and enforcement outcomes.

fromMashable

Hackers use this tool to bypass fraud detection and weaponize Google ads

The service, referred to as 1Campaign, provides hackers with a one-stop-shop for running malicious ads and enabling fraud "at scale," a recent report by cybersecurity company Varonis uncovered. Using just a single dashboard, hackers can cloak malicious content from security researchers, ad platform reviewers, and automated scanners - who instead see a benign white page - and target general users with phishing or scam attempts.

Information security

fromComputerworld

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.