Malwarebytes

AI browsers could leave users penniless: A prompt injection warning

The rise of AI-powered and agentic browsers introduces a new class of cybersecurity threats—prompt injection attacks. These attacks exploit the language-processing capabilities of LLMs embedded in browsers.

Adult sites trick users into Liking Facebook posts using a clickjack Trojan

A new clickjacking campaign is exploiting adult content websites hosted on blogspot[.]com to distribute a Trojan that manipulates Facebook interactions. This campaign leverages malicious SVG files containing obfuscated JavaScript.

Startup takes personal data stolen by malware and sells it on to other companies

Farnsworth Intelligence is offering access to data stolen by infostealer malware, claiming legality by sourcing it via a third-party vendor. The $50 entry-level version operates on a credit-based model.

Fake DocuSign email hides tricky phishing attempt

A sophisticated phishing campaign has been observed leveraging legitimate services such as DocuSign, Webflow, and Google to deceive users and conduct system reconnaissance.

Sextortion email scammers increase their “Hello pervert” money demands

A new variant of the long-running "sextortion" scam campaign has emerged, featuring increased ransom demands, spoofed email addresses, and references to Pegasus spyware. The email usually starts with “Hello pervert.”

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

A new phishing campaign is redirecting users from gaming sites, social media, and sponsored ads to fake Booking.com websites. These malicious sites use deceptive CAPTCHA prompts to hijack the user's clipboard and install the AsyncRAT malware.

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

Cybercriminals are exploiting trusted platforms like Google to target Intuit QuickBooks users. They are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even OTPs.

AMOS and Lumma Stealers Actively Spread to Reddit Users

Scammers leverage Reddit communities associated with cryptocurrency traders to post about free access to TradingView through cracked versions. These downloads end up infecting users with info-stealer malware.

FBI Issues Warning Over Free Online File Converters That Actually Install Malware

Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.

PayPal Scam Abuses Docusign API to Spread Phishy Emails

The Docusign Application Programming Interface (API) allows scammers to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags