Data Safety & Cyber Security

The article explains how attackers increasingly use legitimate IT tools to take over computers, making their intrusions harder to detect because the activity looks like normal system administration. Criminals often begin by stealing credentials through phishing or exploiting weak passwords, then use trusted remote management software to move through a network, install backdoors, and collect data. Since these tools ....

The FBI has issued a warning that criminals are harvesting publicly available photos from social media like Facebook, LinkedIn, and X and then manipulating them to create fake “proof of life” images for virtual kidnapping scams, where they contact victims’ friends or family to demand ransom for a loved one who is actually safe. Scammers may use simple editing ....

Malwarebytes reports that a new Android malware called DroidLock has been discovered actively targeting users, particularly Spanish-speaking ones, by tricking them into installing a malicious app from phishing sites that impersonate legitimate services; once installed with Device Administrator and Accessibility permissions, DroidLock takes full control of the device, uses overlays to capture unlock patterns, can change PINs, access messages ....

Cybercriminals are using Google Ads and high search rankings to push Mac users towards malicious AI chatbot conversations hosted on legitimate platforms like ChatGPT and Grok that appear to offer help with common macOS issues but actually contain instructions that lead to the installation of the Atomic macOS Stealer (AMOS). In these attacks, victims search for common fixes, click ....

Cybersecurity has become so complex and fast moving that it is nearly impossible to manage unless responsibility is shared across an entire organization, according to Wiz cofounder and CTO Ami Luttwak. He argues that modern cloud environments change constantly, making traditional security models that rely on a small central team ineffective at catching risks in time. Instead, security needs ....

The article explains a new WhatsApp account takeover technique called ghost pairing, which allows attackers to hijack accounts without alerting the victim. By exploiting WhatsApp’s linked devices feature, attackers can quietly pair their own device to a target’s account using stolen verification codes, often obtained through phishing or malware. Once linked, they can read messages, access conversations, and monitor ....

New York has signed the Responsible AI Safety and Education (RAISE) Act into law, making it one of the first major state-level AI safety regulatory frameworks in the U.S. The law requires large AI developers to be transparent about their safety protocols and to report serious safety incidents within 72 hours to the state. It also creates a new ....

Cybercriminals are spreading dangerous Mac malware by creating fake AI chat results that appear in search engines when users look for technical help. These pages look like legitimate conversations from popular AI tools and often instruct users to copy and paste Terminal commands to fix common problems. When run, the commands secretly install Atomic macOS Stealer, a type of ....

The article warns that two serious security flaws have been discovered in Google Chrome that can be exploited simply by visiting a malicious website, without clicking or downloading anything. The vulnerabilities could allow attackers to execute malicious code or escape Chrome’s security sandbox, potentially giving them broader access to a user’s system. Google has confirmed the issues and released ....

The article explains that advanced spyware can secretly infect iPhones and Android devices, sometimes without any user interaction, giving attackers access to messages, calls, photos, and even keystrokes, with journalists, activists, and executives facing the highest risk. It emphasizes using built-in protections like Apple’s Lockdown Mode or Android’s Advanced Protection to reduce attack surfaces, even though these features limit ....

The article reports that Grok, an AI chatbot from Elon Musk’s xAI, apologized after it generated an image of young girls in “sexualized attire” in response to a user’s prompt, an outcome that raised concerns about inadequate safety controls and potential violations of U.S. child sexual abuse material laws. xAI acknowledged this lapse in safeguards, describing the incident as ....

In 2025, cybercriminals increasingly used artificial intelligence to sharpen scams and social engineering, making attacks far more realistic, personalized, and harder to detect. AI boosted the scale, speed, and believability of phishing and other fraud through convincing text, deepfake voice impersonations—including of relatives and public officials—and autonomous AI agents that can research targets and craft tailored lures. Scammers also ....

In 2025 the rush to add artificial intelligence to products and services outpaced efforts to make those systems secure and safe, exposing a range of risks to users. “Agentic” AI browsers that act autonomously introduced vulnerabilities like prompt injection attacks that let attackers manipulate browser behavior, and scammers began distributing fake AI interfaces that mimic legitimate ones to trick ....

The article details how Grok, an AI image generator associated with Elon Musk’s X platform, has been used to create abusive, sexually explicit, and violent imagery, exposing major gaps in content moderation. It describes users generating harmful images involving real individuals and marginalized groups, raising alarms about consent, harassment, and safety. Critics argue that the tool’s lax safeguards stand ....

Scammers are increasingly using AI-generated deepfake videos, audio, and messages to impersonate pastors and religious leaders, targeting congregations with fake sermons, urgent donation requests, and fraudulent links that appear to come from trusted figures. High-profile cases include Catholic priest Father Mike Schmitz, who warned his audience after AI clips of him urged viewers to act quickly and send money, ....

The article reports that data belonging to roughly 72 million Under Armour customers has appeared on the dark web following a ransomware attack claimed by a cybercriminal group. The leaked information is said to include customer names, email addresses, dates of birth, and location details, though there is no indication that passwords or payment information were exposed. Under Armour ....

To celebrate Wikipedia’s 25th anniversary on January 15, 2026, Wikimedia Enterprise announced new commercial partnerships with several major technology companies that now use its high-capacity APIs to integrate Wikipedia and other Wikimedia project data into their platforms at scale; newly formalized partners joining its ecosystem include Amazon, Meta, Microsoft, Mistral AI, and Perplexity, alongside existing partners such as Google, ....

The article reports on new research from Stanford that challenges the current optimism around artificial intelligence, arguing that a reality check is approaching as technical and economic limits become harder to ignore. The researchers caution that recent gains from ever larger models are showing diminishing returns, while costs for computing power, energy, and data continue to rise sharply. They ....

The article warns that attackers are abusing Google Calendar invites to trick users into exposing private information or falling for scams. By sending malicious calendar invitations that automatically appear on victims’ calendars, attackers can embed phishing links, fake support messages, or prompts that encourage users to click through or share data. Because calendar events often bypass the same scrutiny ....

The article explains how a malicious browser extension is being used to deliberately crash users’ browsers as a social engineering tactic to get them to infect themselves with malware. When the browser fails or freezes, victims are shown instructions telling them to take manual steps that actually bypass built-in security protections and install harmful software. The fake extension often ....