Login
If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment.…
McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago.
The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens.
The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households.
For consumer cybersecurity products like Scam Detector, that means being evaluated on:
The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.
According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for:
Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue
Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge
AI used responsibly: Applying advanced models to reduce harm, not increase it
Early impact: Rapid adoption, with more than one million users in its first months
Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time.
Using AI to Fight AI-Driven Scams
Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs.
As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day.
Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web.
McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include:
Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions.
Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation.
Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users.
EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use.
Sinomax USA: Consumer mattresses and comfort products focused on everyday home use.
beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers.
Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences.
Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones.
Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact:
Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use.
Together, these awards reinforce a consistent message from independent judges: consumer cybersecurity works best when advanced technology is paired with clarity, usability, and trust.
McAfee’s Scam Detector is an AI-powered scam protection feature designed to spot and stop scams across text messages, emails, and videos. Built in response to the rapid rise of AI-generated fraud, Scam Detector automatically analyzes suspicious content, blocks dangerous links, and identifies deepfakes, while explaining why something was flagged so users can make more confident decisions online.
What Scam Detector Does
Detects text message scams across popular apps and messaging platforms
Flags phishing and suspicious emails with clear explanations, helping users learn what to watch for
Identifies AI-generated or manipulated audio in videos, including potential deepfakes
Offers on-demand scam checks, allowing users to upload a message, link, or screenshot for analysis
Runs primarily on-device, helping protect user privacy without sending personal content to the cloud
Scam Detector is designed to work quietly in the background, providing protection without requiring constant decisions or technical expertise. Scam Detector is included at no extra cost with all core McAfee consumer plans. Learn more here.
The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.
Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature.
This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report.
For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics.
According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found.
That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge.
The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers.
If Google found a match, it sent an alert.
What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short.
The internet has three layers:
The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles.
Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.
Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.
Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers.
To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins.
Here is what that looks like in practice:
Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens.
Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach:
Estimated time: 10 minutes
This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile.
You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified.
Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold.
Estimated time: 10 minutes
Go into your main bank and credit card apps and turn on:
You’ll find these somewhere under Settings>Alerts.
Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.
Estimated time: 10 minutes
This is one of the most overlooked vulnerabilities.
Go into:
Check and update:
Remove anything you do not recognize.
Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door.
|
Is Google deleting my Google Account data? No. Google is only deleting the data it collected specifically for the Dark Web Report feature. Your Gmail, Drive, Photos, and other Google Account data are not affected. |
|
Is Google still protecting my account from hackers? Yes. Google continues to offer security features like two-factor authentication, login alerts, and account recovery tools. What it removed is the dark web scanning and alert system tied to breach data. |
|
Does the dark web report website still exist? No. After February 16, 2026, Google no longer operates or updates the Dark Web Report feature. There is no active scanning, no dashboard, and no stored breach data tied to it. |
|
Does this mean dark web monitoring is useless? No. It means email-only monitoring is not enough. Criminals use far more than emails to commit fraud, which is why identity-level monitoring is now more important. |
|
What kind of information is most dangerous if it appears on the dark web? Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance IDs, usernames, and phone numbers are the data types most commonly used for identity theft and financial fraud. |
|
How can I check if my information is exposed right now? You can use an identity monitoring service like McAfee that scans dark web sources for sensitive personal data, not just email addresses. That is how people can see whether their identity is being traded or abused today. |
The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.
Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last October and acknowledged but not fixed by Anthropic.…
I analyzed the recent ServiceNow AI Agent vulnerability that researchers called "the most severe AI-driven vulnerability to date."
Article covers:
• Technical breakdown of 3 attack vectors
• Why legacy IAM fails for autonomous AI agents
• 5 security principles with code examples
• Open-source implementation (AIM)
Happy to discuss AI agent security architecture in the comments.
I built this as a small demonstration to explore prompt-injection and instruction-override failure modes in help-desk-style LLM deployments.
The setup mirrors common production patterns (role instructions, refusal logic, bounded data access) and is intended to show how those controls can be bypassed through context manipulation and instruction override.
I’m interested in feedback on realism, missing attack paths, and whether these failure modes align with what others are seeing in deployed systems.
This isn’t intended as marketing - just a concrete artefact to support discussion.
Found a new Azure vulnerability -
CVE-2026-2096, a high-severity flaw in the Azure SSO implementation of Windows Admin Center that allows a local administrator on a single machine to break out of the VM and achieve tenant-wide remote code execution.
A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz security researchers.…
The Federal Trade Commission has banned General Motors and subsidiary OnStar from sharing drivers' precise location and behavior data with consumer reporting agencies for five years under a 20-year consent order finalized January 14.…
The UK's West Midlands Police has released a woman on bail as part of an investigation into a data breach at a Walsall general practitioner's (GP) surgery.…
Microsoft has taken its cybercrime fight to the UK in its first major civil action outside the US, moving to shut down RedVDS, a virtual desktop service used to power phishing and fraud at global scale.…
Ofcom is continuing with its investigation into X, despite the social media platform saying it will block Grok from digitally undressing people.…
Amid continued trade and geopolitical volatility between Europe and the US, Amazon Web Services is making its European Sovereign Cloud generally available today and plans to expand so-called Local Zones.…
Posted by Matteo Beccati on Jan 14
========================================================================“I thought I was getting a trusted weight-loss medication, but instead, I ended up sick and scammed. I never imagined something like this could happen to me.”
Fiona, like many others, turned to Ozempic as a way to lose weight. With high demand making it difficult to find and prices soaring, she turned to an online pharmacy she found on social media. After placing an order, she received the medication and began taking it, only to experience severe side effects, including migraines, dizziness, and nausea.
“When my symptoms got worse, I knew something was wrong,” she told McAfee. Concerned, she sought professional advice. “A doctor friend showed me what real Ozempic packaging looks like—and it was nothing like what I had received.”
“I was putting something in my body that I thought was safe. Instead, I was taking an unknown substance that made me seriously ill,” she told McAfee. “That’s terrifying.”
When she reached out to the pharmacy for a refund, they cut off all communication. Nearly a year later, Fiona still avoids online shopping altogether and hopes her experience will warn others to research online pharmacies carefully before making a purchase.
“As soon as I questioned the pharmacy about the product, they vanished. No refund, no explanation. Just silence. That’s when I knew I had been completely scammed.”
Unfortunately, Fiona’s story is one of many as surging interest in GLP-1 medications spurs scammers into action.
If you’ve searched for GLP-1 medications online, you’ve probably noticed how crowded and confusing it’s become. Between ads, telehealth offers, and social media posts promising easy access, it can be hard to tell what’s real.
That confusion isn’t accidental. McAfee’s researchers previously reported a wave of fake pharmacy sites and scam messages designed to catch people in exactly that moment of uncertainty.
GLP-1 (glucagon-like peptide-1) medications are prescription drugs that help regulate blood sugar and appetite. Doctors have used them to treat Type 2 diabetes for nearly two decades, and some have also been approved to support weight management.
Because these medications affect insulin levels and digestion, they require medical supervision and a valid prescription. There is currently no legitimate over-the-counter version that works the same way.
GLP-1 drugs have moved from a specialized medical treatment to a mainstream topic almost overnight, with a recent poll finding that 1 in 8 U.S. adults say they are currently taking a GLP-1 for weight loss.
Whenever high demand, high prices, and limited supply collide online, scammers move in
McAfee’s threat researchers have previously found that phishing attempts and fake websites tied to GLP-1 drugs increased by more than 180% during periods when interest in these medications surged. Hundreds of risky domains and hundreds of thousands of scam messages have been linked to searches for weight-loss drugs.
At the same time, consumer watchdogs such as the Better Business Bureau (BBB) report a spike in complaints from people who clicked on fake ads, visited fraudulent pharmacies, or received scam texts promising instant access to GLP-1 prescriptions.
Scammers are using artificial intelligence to create realistic-looking videos and images of public figures and medical professionals promoting weight-loss products. One recent incident saw a fake, AI Oprah selling scam weight loss drugs
These ads often appear in social media feeds and look legitimate, but the endorsements are fabricated.
The goal is to build trust quickly with a familiar face and then push people toward a purchase page. From there, you’re left with a fake product, or no product at all, and your information exposed.
Red flag: Any ad claiming a celebrity or doctor is selling GLP-1 drugs through a link or social media page.
Some scams arrive as urgent messages saying you are “approved” or “eligible” for GLP-1 treatment. These messages typically include a link to a fake medical website that collects personal, insurance, or payment information.
Red flag: Real prescriptions are not issued through unsolicited texts, emails, or DMs.
Fraudulent websites advertise GLP-1 medications at discounted prices. After payment, victims may receive nothing, diluted products, or face repeated unauthorized charges.
Consumer reports describe sites that look professional but provide only chat-box support and ignore cancellation requests.
Red flag: Pharmacies that don’t require a prescription or don’t list a physical U.S. address and phone number.
Some scam offers quietly enroll buyers in recurring billing. Be wary of a “company” trying to offer a minimal “membership” or free “trial” with plans locking you into larger, more expensive future subscription plan without your clear consent.
Red flag: Vague billing terms or hidden subscription language.
Some scam sites provide tracking numbers that never update, claim packages were lost, or ask for more shipping fees … while continuing to charge customers.
Red flag: No real customer service and no way to cancel or dispute orders.
Unlike many online scams, GLP-1 fraud carries real health risks.
Some victims report receiving substances that do not match what was advertised, including mislabeled or unverified injectables.
Because GLP-1 medications affect blood sugar and metabolism, taking the wrong substance or dosage can be dangerous.
In addition to the medical risks, illegitimate storefronts pose a real threat to your private information. During your purchase, you may be tricked into sharing our address, contact info, payment details, and insurance information.
If you’re considering GLP-1 medications for health or weight management, these steps can help reduce risk:
Only a doctor or licensed medical professional can determine if GLP-1 treatment is appropriate for you.
If you use telehealth or online pharmacies, confirm they are properly licensed and require a prescription.
Look up unfamiliar pharmacies through trusted consumer-protection resources before entering payment or insurance information. If you’re in doubt, it’s better not to share any personal info.
There is no over-the-counter or legal “natural GLP-1,” patch, salt trick, or supplement that produces the same effect as prescription medication.
If you clicked a link, entered information, or made a purchase:
Reporting helps stop the same scams from spreading to others. This is where you can get more information from the FDA and report scams.
If you’ve already ordered a GLP-1 weight-loss drug and something feels off, trust that instinct. Counterfeit GLP-1 products are increasingly convincing at first glance, but many show clear warning signs once you look closely.
Here’s what to check:
Poor print quality or spelling errors
Examine the carton, label, and insert carefully. Misspelled words, inconsistent fonts, blurry printing, or incorrect manufacturer details are common signs of counterfeit medication.
Packaging that looks tampered with or unfamiliar
Authentic GLP-1 medications come in sealed, tamper-resistant packaging. If the box appears opened, resealed, relabeled, or noticeably different from what you’ve received from a legitimate pharmacy before, stop using it and contact a pharmacist.
Incorrect or missing language
Medications sold legally in the U.S. should include labeling and instructions in English. Missing inserts or foreign-language packaging can be a red flag.
Unusual product form
Be especially cautious of GLP-1 products sold as powders in vials that require mixing. These formulations are not authorized and have been linked to serious health risks.
Check Lot and Serial Numbers
Most legitimate GLP-1 medications include lot numbers or serial information that can be verified.
If your product includes these details, compare them against information published by the manufacturer or alerts from regulators. If the numbers don’t match, or are missing entirely, that’s a warning sign.
If anything about your medication doesn’t match what you expect:
When it comes to injectable medications, uncertainty isn’t something to push through. If you can’t confidently verify what you have, it’s safer to assume it may not be real.
Wanting to get healthier in the new year is a good thing. Falling for fake prescriptions, AI-generated endorsements, or fraudulent pharmacies is not.
McAfee is here to help keep your devices, identity, and finances safe while you focus on your goals in 2026.
For clarity, and because these questions come up often, here’s the straightforward explanation:
|
Are GLP-1 drugs available without a prescription? No. Legitimate GLP-1 medications require a prescription and medical oversight. |
|
Are social media GLP-1 ads real? It depends. While there are certainly real ads out there, many are fake. AI-generated celebrity and doctor endorsements are commonly used in scams. So be wary and verify who is behind a post. |
|
Are GLP-1 patches, gummies, or “salt tricks” legitimate? No over-the-counter product works the same way as prescription GLP-1 medication. |
|
Why do scammers use crypto or payment apps? These payment methods are harder to reverse, which makes them attractive for fraud. |
The post How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy appeared first on McAfee Blog.
A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral movement and container abuse. …
I’ve been building a program that started as “I need to stop wasting time on tool output chaos” and turned into something that feels… different.
This is not a scanner. It’s not a SIEM. It’s not “AI security.”
It’s an engine that runs security investigations.
Most security workflows still look like this:
Run tool → stare at output → manually connect dots → rerun different tool → forget what you already tested → repeat
This program tries to turn that into:
Run tool → interpret signals → decide what matters → pick the next action → keep escalating until the lead is either proven or dead
So instead of “here are 900 findings,” the output is closer to: • what was tested • why it was tested • what changed the investigation’s direction • what got confirmed vs ruled out • what the next step would be if you kept going
The part that makes this unusual
I hit the wall where security automation always becomes a dumpster fire: scripts calling scripts calling scripts, YAML pipelines that grow teeth, glue code everywhere, no real structure, no replayability.
So I did something that sounds insane:
I built a purpose-built programming language inside it.
Not because I wanted “my own language,” but because security workflows need a way to be expressed as real programs: repeatable, constrained, auditable, and not dependent on a human remembering the next step.
The language exists for one reason: security automation should not collapse into spaghetti.
What I need help with
I’m not posting the full repo publicly yet, but I do want real critique from people who’ve built: • orchestration engines • DSLs / interpreters • security automation frameworks • pipelines with state, decision-making, and evidence trails
Please let me know if you’re interested in reviewing.
FreshRSS 