General

Cybercriminals are using Google Ads and high search rankings to push Mac users towards malicious AI chatbot conversations hosted on legitimate platforms like ChatGPT and Grok that appear to offer help with common macOS issues but actually contain instructions that lead to the installation of the Atomic macOS Stealer (AMOS). In these attacks, victims search for common fixes, click ....

The article explains a new WhatsApp account takeover technique called ghost pairing, which allows attackers to hijack accounts without alerting the victim. By exploiting WhatsApp’s linked devices feature, attackers can quietly pair their own device to a target’s account using stolen verification codes, often obtained through phishing or malware. Once linked, they can read messages, access conversations, and monitor ....

New York has signed the Responsible AI Safety and Education (RAISE) Act into law, making it one of the first major state-level AI safety regulatory frameworks in the U.S. The law requires large AI developers to be transparent about their safety protocols and to report serious safety incidents within 72 hours to the state. It also creates a new ....

Cybercriminals are spreading dangerous Mac malware by creating fake AI chat results that appear in search engines when users look for technical help. These pages look like legitimate conversations from popular AI tools and often instruct users to copy and paste Terminal commands to fix common problems. When run, the commands secretly install Atomic macOS Stealer, a type of ....

The article warns that two serious security flaws have been discovered in Google Chrome that can be exploited simply by visiting a malicious website, without clicking or downloading anything. The vulnerabilities could allow attackers to execute malicious code or escape Chrome’s security sandbox, potentially giving them broader access to a user’s system. Google has confirmed the issues and released ....

The article explains that advanced spyware can secretly infect iPhones and Android devices, sometimes without any user interaction, giving attackers access to messages, calls, photos, and even keystrokes, with journalists, activists, and executives facing the highest risk. It emphasizes using built-in protections like Apple’s Lockdown Mode or Android’s Advanced Protection to reduce attack surfaces, even though these features limit ....

In 2025, cybercriminals increasingly used artificial intelligence to sharpen scams and social engineering, making attacks far more realistic, personalized, and harder to detect. AI boosted the scale, speed, and believability of phishing and other fraud through convincing text, deepfake voice impersonations—including of relatives and public officials—and autonomous AI agents that can research targets and craft tailored lures. Scammers also ....

The article reports that Grok, an AI chatbot from Elon Musk’s xAI, apologized after it generated an image of young girls in “sexualized attire” in response to a user’s prompt, an outcome that raised concerns about inadequate safety controls and potential violations of U.S. child sexual abuse material laws. xAI acknowledged this lapse in safeguards, describing the incident as ....

In 2025 the rush to add artificial intelligence to products and services outpaced efforts to make those systems secure and safe, exposing a range of risks to users. “Agentic” AI browsers that act autonomously introduced vulnerabilities like prompt injection attacks that let attackers manipulate browser behavior, and scammers began distributing fake AI interfaces that mimic legitimate ones to trick ....

The article details how Grok, an AI image generator associated with Elon Musk’s X platform, has been used to create abusive, sexually explicit, and violent imagery, exposing major gaps in content moderation. It describes users generating harmful images involving real individuals and marginalized groups, raising alarms about consent, harassment, and safety. Critics argue that the tool’s lax safeguards stand ....

Scammers are increasingly using AI-generated deepfake videos, audio, and messages to impersonate pastors and religious leaders, targeting congregations with fake sermons, urgent donation requests, and fraudulent links that appear to come from trusted figures. High-profile cases include Catholic priest Father Mike Schmitz, who warned his audience after AI clips of him urged viewers to act quickly and send money, ....

The article reports that data belonging to roughly 72 million Under Armour customers has appeared on the dark web following a ransomware attack claimed by a cybercriminal group. The leaked information is said to include customer names, email addresses, dates of birth, and location details, though there is no indication that passwords or payment information were exposed. Under Armour ....

To celebrate Wikipedia’s 25th anniversary on January 15, 2026, Wikimedia Enterprise announced new commercial partnerships with several major technology companies that now use its high-capacity APIs to integrate Wikipedia and other Wikimedia project data into their platforms at scale; newly formalized partners joining its ecosystem include Amazon, Meta, Microsoft, Mistral AI, and Perplexity, alongside existing partners such as Google, ....

The article reports on new research from Stanford that challenges the current optimism around artificial intelligence, arguing that a reality check is approaching as technical and economic limits become harder to ignore. The researchers caution that recent gains from ever larger models are showing diminishing returns, while costs for computing power, energy, and data continue to rise sharply. They ....

Conduent’s data breach has turned out to be far larger than early filings suggested, rising from about 10.5 million affected people to more than 25 million as additional state and corporate notifications came in. Texas alone reportedly climbed from roughly 4 million to 15.4 million impacted residents, while Oregon stayed near 10.5 million. The attack was later claimed by ....

The article warns that attackers are abusing Google Calendar invites to trick users into exposing private information or falling for scams. By sending malicious calendar invitations that automatically appear on victims’ calendars, attackers can embed phishing links, fake support messages, or prompts that encourage users to click through or share data. Because calendar events often bypass the same scrutiny ....

The article explains how a malicious browser extension is being used to deliberately crash users’ browsers as a social engineering tactic to get them to infect themselves with malware. When the browser fails or freezes, victims are shown instructions telling them to take manual steps that actually bypass built-in security protections and install harmful software. The fake extension often ....

Newly unsealed court documents say Meta knew as far back as 2018 that adults were able to find and message minors on Instagram, including sending explicit images, yet Instagram only rolled out automatic blurring of sexually explicit images in teen direct messages in September 2024. The details come from a deposition involving Instagram head Adam Mosseri and an internal ....

The article explains that Google Cloud API keys that developers used to treat as safe to publish, like keys embedded in public JavaScript for Maps or other services, can now often act like real credentials for the Gemini API. Researchers found roughly 2,800 exposed keys in public code that could authenticate to Gemini, creating a risk that attackers could ....

Samsung agreed to change how its smart TVs collect and sell viewing data in Texas after a settlement with the Texas Attorney General over Automated Content Recognition, a feature that identifies what you watch by sampling audio or video and matching it to a database. Under the deal, Samsung must stop collecting ACR data from Texans without clear, informed ....