Generative AI is rapidly increasing the volume and sophistication of online scams, pushing fraud ahead of ransomware as the top cyber risk for businesses and consumers. Executives report widespread exposure to AI‑powered phishing, voice and text scams, as well as invoice fraud and identity theft. Consumers are also feeling the impact, with identity theft topping their concerns. Experts warn that the lower barriers for criminals and the realistic nature of synthetic media make detection harder, and call for coordinated action across governments, businesses and technology providers to protect trust and stability. Leia mais →

A recent World Economic Forum report shows that nearly two‑thirds of organizations now evaluate AI risks before deployment, up from just over a third last year. While executives acknowledge rising AI‑related vulnerabilities, many are also turning to AI tools to bolster cybersecurity, especially for phishing detection, intrusion monitoring, and automated operations. Key barriers include skill shortages, the need for human validation, and lingering uncertainty about risks. The outlook highlights increasingly convincing phishing, deep‑fake scams and automated social engineering as the most pressing AI‑enabled threats. Leia mais →

Cybercriminals are leveraging artificial intelligence to target the weakest link in cloud‑based software: user identities. AI accelerates the gathering of employee data, sifts massive credential dumps for high‑value accounts, creates realistic synthetic personas, and powers fully automated attack frameworks. These capabilities let attackers bypass traditional defenses, infiltrate SaaS environments, and operate undetected. Experts warn that organizations must shift security focus to continuous identity verification, behavioral analytics, and AI‑enhanced defenses to counter the growing AI‑enabled identity threat. Leia mais →

Security researchers have uncovered a new method in which attackers use AI chatbots and search engines to deliver malicious commands. By prompting AI assistants to suggest terminal commands and then promoting those suggestions in search results, hackers can lure unsuspecting users into executing harmful code. Tests by Huntress showed the technique succeeded against both ChatGPT and Grok, allowing malware to be installed without traditional download or link clicks. The approach exploits user trust in familiar platforms and highlights the need for heightened caution when copying command‑line instructions from online sources. Leia mais →

Security researchers have identified a new phishing technique called CoPhish that weaponizes Microsoft Copilot Studio agents to steal OAuth tokens. By embedding fake login or consent flows in shared agents, attackers can trick users into granting access to their Microsoft accounts, allowing theft of email, chat, calendar, files and automation capabilities. Microsoft acknowledges the risk and says it will address the issue through product updates. Experts recommend immediate mitigations such as restricting third‑party app consent, enforcing conditional access and multi‑factor authentication, and closely monitoring unusual app registrations and token grants. Leia mais →

A new Mimecast report finds that cybercriminals are increasingly leveraging generative artificial intelligence to create more convincing phishing, business email compromise (BEC) and multichannel deception campaigns. Phishing now accounts for 77% of attacks, while ClickFix threats have risen fivefold and represent roughly 8% of incidents in the first half of 2025. The report highlights abuse of trusted tools such as DocuSign and Salesforce, and cites the Scattered Spider group as linked to over 900,000 detections. Mimecast recommends multi‑factor authentication, advanced email defenses with anomaly detection, and layered security training to counter the rising AI‑powered threat landscape. Leia mais →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leia mais →

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leia mais →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leia mais →

A recent NordVPN National Privacy Test reveals that the United Kingdom outperforms the United States in identifying phishing websites, with 31% of U.S. respondents unable to correctly spot such scams. While the UK ranks among the top English‑speaking nations for overall cybersecurity awareness, both countries lag in understanding AI‑related privacy issues, each scoring only 5% on that metric. The study also highlights gaps in password storage knowledge and the use of online privacy tools, underscoring areas where both nations could improve digital safety practices. Leia mais →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leia mais →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leia mais →

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leia mais →

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leia mais →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leia mais →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leia mais →

A recent NordVPN National Privacy Test reveals that the United Kingdom outperforms the United States in identifying phishing websites, with 31% of U.S. respondents unable to correctly spot such scams. While the UK ranks among the top English‑speaking nations for overall cybersecurity awareness, both countries lag in understanding AI‑related privacy issues, each scoring only 5% on that metric. The study also highlights gaps in password storage knowledge and the use of online privacy tools, underscoring areas where both nations could improve digital safety practices. Leia mais →

A recent NordVPN National Privacy Test reveals that the United Kingdom outperforms the United States in identifying phishing websites, with 31% of U.S. respondents unable to correctly spot such scams. While the UK ranks among the top English‑speaking nations for overall cybersecurity awareness, both countries lag in understanding AI‑related privacy issues, each scoring only 5% on that metric. The study also highlights gaps in password storage knowledge and the use of online privacy tools, underscoring areas where both nations could improve digital safety practices. Leia mais →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leia mais →

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leia mais →