FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today — December 9th 2025Your RSS feeds

Researchers spot 700 percent increase in hypervisor ransomware attacks

Get your Hyper-V and VMware ESXi setups in order, people

Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.…

Using Agents to Map SaaS Attack Surface via MITRE ATT&CK

I know SaaS app detection and response is not in everyone's remit although I've worked in a few orgs where we've had to threat model SaaS apps, understand their telemetry and devise attack paths that could lead to unfavourable outcomes. We spent a lot of time doing this research. I thought about it and myself if I could get ( don't hate for me it ) agents to perform this research. So I started with this mental objective:

"How can I greedily transpose a SaaS app and find attack surface by transposing it onto MITRE attack and emulating adversarial techniques making some assumptions about an environment"

It turns out, I think, that the early results are really promising. Full transparency I am trying to build this into a product, but I've released a public version of some of the analysis in the attached link. You can view Slack and see 2 views:

  1. MITRE View - Synthesise MITRE techniques onto app functionality
  2. Attack Scenarios - View techniques in the context of an attack tree

My next steps are to integrate audit log context to identify detection opportunities and configuration context to identify mitigation options. If you’ve had to do this with your own teams, I’d really value hearing your perspective. Always open to chatting as this is my life now

submitted by /u/wezham
[link] [comments]

This iOS 26 feature cements Apple Music as my top streaming service (as an ex-Spotify user)

A feature hidden in your iPhone settings offers a solution to one of the most challenging aspects of switching music streaming services.

Does it matter which HDMI port you use on your TV? Short answer: Yes

You may be missing out on optimal performance or sound. Here's how to check.

Learning cloud exploits for redteam, alternative to SANS588 GCPN

This particular course, SANS 588, has assembled 6 sections all on areas of pentesting I am most interested in learning, on account of all my prior work in the past as a DevSecOps engineer.

These subjects are what I want to study, but the hefty price tag of approx 9000 dollars is pretty crazy, and I don't have a company to pay for it. Are there any other worthwhile and reputable providers of this kind of education or certification?

submitted by /u/EnoughAd1957
[link] [comments]
Yesterday — December 8th 2025Your RSS feeds

Your Google Wallet just got a truly helpful travel upgrade - here's how to set it up

The features are designed to make sure you have easier access to important passes and information.

Verizon will give you a free Nintendo Switch ahead of the holidays - here's how to qualify

Verizon's Black Friday deals for home internet include your choice of a free Nintendo Switch, Samsung TV, or Samsung tablet. Here's what to know.

What Is Internet Security?

By: McAfee

Internet security refers to tactics that protect your online activities from a variety of cyberthreats such as malware, phishing attacks, scams, and even unauthorized access by hackers. In this article, we will highlight the importance of internet security in safeguarding your digital network and outline what you can do to have a comprehensive online security system in place.

Internet security: Your online shield

Internet usage has become central to our daily life. In 2024 alone, DataReportal reported that around 5.56 billion—that’s 67.9%—of the world’s population were connected to the internet. This was 136 million more than the year before, resulting in the creation of approximately 402.7 million terabytes of data each day. With this wealth of information, it is no wonder that cybercriminals are scrambling to make billions of dollars off the internet.

Globally, the average cost of data breaches rose by 10% between 2023 and 2024, totaling an estimated $4.88 million. This staggering amount included not only the loss in business revenues but also recovery costs and regulatory fines. For this reason, it has become important to implement internet security to protect our online personal data, activities, and devices from cyberthreats and unauthorized access.

While internet security is sometimes confused with, it’s important to point out their subtle distinctions. Internet security focuses on protecting your activities and data as they travel across the web, while cybersecurity is focused on protecting digital assets such as systems, networks, and data from cyberthreats. These two concepts work together to create your complete digital protection environment.

The importance of internet security

Internet security threats come in a variety of forms, complexities, and detectability. Some of the common threats we face today include:

  • Malware: Malicious software is an umbrella term that refers to any program that exploits system vulnerabilities to damage a computer system or network and steal sensitive information from users. Examples of malware include viruses, Trojans, ransomware, spyware, and worms.
  • Phishing: Phishing is a social engineering scam that involves stealing a user’s sensitive data by deceiving them into opening an email or an instant message and clicking a malicious link or attachment. The data that cybercriminals target can range from login credentials to credit card numbers. You may unknowingly provide access codes to fake tech support or transfer money to scammers posing as family members in emergency situations. Phishing attacks are often used for identity theft purposes.
  • Spam: Spam is a term that describes unwanted email messages sent in bulk to your email inbox. This tactic is generally used to promote goods and services that users aren’t interested in. Spam email can also contain links to malicious websites that automatically install harmful programs that help hackers gain access to your data.
  • Botnets: This contraction of “robot network” refers to a network of computers that have been infected with malware. The computers are then prompted to perform automated tasks without permission such as sending spam and carrying out denial-of-service (DDoS) attacks.
  • Wi-Fi threats: Hackers exploit unprotected public connections and breach data security to obtain sensitive information such as login credentials, emails, and browsing activity. Your personal information could be stolen when you check email, shop online, or access your bank accounts on public networks.
  • Ransomware: This malicious software locks your files and demands payment for their release. You could lose precious family photos, important documents, or access to your devices until you pay, with no guarantee you’ll get your files back. The FBI reported nearly $12.5 billion in ransomware losses in 2024.
  • Credential stuffing: Cybercriminals use automated tools to test stolen username and password combinations across multiple sites, hoping you’ve reused the same login credentials. This can give hackers access to your online banking, shopping accounts, and social media profiles.
  • Account takeovers: When criminals gain control of your online accounts through stolen passwords or security vulnerabilities, they can lock you out while using your accounts for fraudulent activities such as draining your bank account, making unauthorized purchases, or damaging your reputation on social media. In the U.S. alone, about 77 million Americans experienced account takeover fraud in 2024.
  • Browser hijacking: This occurs when unwanted software changes your browser settings, redirecting you to malicious websites, flooding you with unwanted ads and pop-ups, then stealing your information or installing more malware on your device. A recent investigation revealed that at least 16 malicious extensions in Chrome alone have affected over 3.2 million users.

While internet security threats may seem overwhelming at first glance, solutions are available to safeguard your computer or mobile devices. Below is a detailed look at some security measures.

Network security basics

Your home network serves as the foundation of your digital life, connecting all your devices and enabling your online activities. Having a strong network security foundation with multiple layers of protection will keep your connections and data safe from cyber threats.

Secure the router

Your router serves as the gateway between your home devices and the internet, making it a critical security component. Start by changing your router’s default administrator username and password immediately after setup. These factory defaults are widely known and easily exploited by attackers. Choose a strong, unique password that combines letters, numbers, and symbols to prevent unauthorized access to your router’s settings.

Encrypt your Wi-Fi

Enable WPA3 encryption on your wireless network, as it provides the strongest protection for your Wi-Fi connections. If your router doesn’t support WPA3, use WPA2 as a minimum standard. These protocols scramble your data as it travels between devices and your router, making it unreadable to anyone attempting to intercept your communications.

Fortify network names and passwords

Create a unique network name or service set identifier (SSID) that doesn’t reveal your router manufacturer or model number, and pair it with a complex Wi-Fi password at least 12 characters long with a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using personal information such as your address or name in either your network name or password, as this information can help attackers guess your password.

Update firmware

Regularly update your router’s firmware to patch security vulnerabilities and improve performance. Check your router manufacturer’s website quarterly for updates if automatic updates aren’t available, as outdated firmware often contains known security flaws that cybercriminals actively exploit.

Set up guest networks

Separate the guest network for visitors and smart home devices to protect your primary network where you store sensitive data. If a guest’s device is compromised or if a smart device has security vulnerabilities, the threat can’t easily spread to your main computers and phones. Configure your guest network with a strong password and consider time limits for access.

Isolate devices and segment the network

Enable access point isolation, also called client isolation, on your wireless network to prevent potentially compromised devices from attacking other devices on the same network. If you are an advanced user, consider creating separate virtual networks (VLANs) for different device types, such as keeping work computers on a different network segment than entertainment devices.

Activate the firewall

Modern routers include built-in firewalls that monitor suspicious activity in incoming and outgoing network traffic, and block potentially harmful connections and unnecessary ports and services.

Install an antivirus

Antivirus programs are engineered to prevent, detect, and remove viruses and other types of malicious software. Antivirus software can run automatic scans on specific files or directories to make sure no malicious activity is present, and no network or data breach has occurred.

McAfee’s antivirus software comes with key security capabilities such as malware detection, quarantine, and removal, as well as options for scanning files and applications, and an advanced firewall for home network security.

Use multi-factor authentication when possible

Multi-factor authentication is an authentication method that requires at least two pieces of evidence before granting access to a website. Using this method adds another layer of security to your applications and reduces the likelihood of a data breach.

Choose a safe web browser

Web browsers vary widely in terms of the security features, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a browser that offers the following security features:

  • Private session browsing
  • Pop-up blocking
  • Privacy features
  • Anti-phishing filter
  • Automatic blocking of reported malicious sites
  • Cross-site script filtering

When properly implemented, these steps help ensure that your internet connection remains private, your data stays secure, and unauthorized users can’t access your network resources. Regular maintenance of these security settings, combined with staying informed about emerging threats, gives you the foundation for safe and confident internet use.

Internet mobile security

These days, smartphones and tablets hold more personal information than ever before—from banking details and photos to work emails and location data. While this convenience makes life easier, it also creates new opportunities for cybercriminals to target your mobile devices. As you secure your network and desktop or laptop devices, so should you treat your mobile devices with the same care. Here are some straightforward security practices that you can implement to significantly reduce your exposure to mobile threats:

  • Keep your operating system and apps updated: Software updates often include critical security patches that fix vulnerabilities criminals could exploit. Enable automatic updates for your device’s operating system and apps if possible, or check regularly for available updates in your device settings.
  • Download apps only from official stores: Stick to official app stores like Google Play Store or Apple App Store, which employ security measures to screen for malicious apps. Before downloading, read app reviews, check the developer’s reputation, and review what permissions the app requests.
  • Manage app permissions carefully: Regularly review and adjust app permissions in your device settings, limiting access to sensitive data like your camera, microphone, contacts, and location, unless absolutely necessary for the app’s core functionality.
  • Stay alert to SMS and messaging scams: Text message scams are increasingly becoming sophisticated, often impersonating legitimate companies or services. Never click links in unexpected text messages, and verify requests for personal information by contacting the company directly through official channels.
  • Use secure mobile browsers and settings: Configure your mobile browser with privacy and security settings that protect your data. Enable features such as pop-up blocking, disable location sharing unless needed, and consider using private browsing modes.
  • Activate device locks and biometric security: Use screen locks with PINs, passwords, patterns, or biometric authentication such as fingerprints or face recognition. Set your device to lock automatically after a short period of inactivity, and avoid using easily guessable codes like “1234” or your birthday.
  • Encrypt devices and backups: Turn on your device’s built-in encryption and create secure, encrypted backups of your important data to protect your information even if your smartphone is lost or stolen.
  • Set up remote lock and wipe capabilities: Enable remote tracking, lock, and wipe features on your devices. Services like Find My iPhone or Google’s Find My Device allow you to locate, lock, or remotely erase your entire device if it’s lost or stolen.
  • Exercise caution on public Wi-Fi networks: Avoid accessing sensitive accounts or conducting financial transactions on public networks, and consider using your phone’s mobile hotspot feature instead when you need internet access.

FAQs about internet security

Here are answers to the most common questions about protecting yourself online.

What does internet security cover?

Internet security protects you from a wide range of online threats including viruses, malware, phishing attacks, identity theft, and data breaches. It also covers your devices, personal information, online accounts, and network connections to help you browse, shop, and communicate safely online.

How is internet security different from antivirus software?

While antivirus software focuses specifically on detecting and removing malicious programs, internet security provides comprehensive protection that includes antivirus plus additional features such as firewalls, web protection, email security, identity monitoring, and safe browsing tools.

Do Macs and smartphones need internet security protection?

Yes, all devices that connect to the internet can be targeted by cybercriminals. Mobile devices and Macs face increasing security threats including malicious apps, phishing attempts, and network attacks, making protection essential regardless of your device type.

How can I stay safe on public Wi-Fi?

Avoid accessing sensitive accounts or making purchases on public Wi-Fi networks. When you must use public Wi-Fi, stick to encrypted websites with the “https” in the URL, avoid automatic connections, and consider using a VPN for added protection.

How can you keep children safe online?

As children grow older, their internet use becomes more extensive. To keep them safe online, educate them about the risks of web browsing and about best practices to avoid online threats like not sharing passwords. Explain which information should be shared and which should be kept private. Instruct them to never click on links from unknown sources. Set up parental controls on certain websites to filter inappropriate content and keep a child-friendly interface.

What are the signs that my account has been compromised?

Watch for unexpected password reset emails, unfamiliar login notifications, unusual account activity, friends receiving spam from your accounts, or unauthorized charges on your financial statements. If you notice any of these signs, change your passwords immediately and contact the relevant service providers.

How often should I update my software and devices?

Enable automatic updates whenever possible and install security patches as soon as they become available. Regular updates fix security vulnerabilities that criminals actively exploit, so staying current is one of your best defenses against cyber threats.

Final thoughts

As more cyberthreats emerge and expand both in scope and sophistication, it’s essential that you protect your internet activities. Effective protection doesn’t have to be complicated. Taking steps to install antivirus software, create strong and unique passwords, enable your firewall, and use multi-factor authentication will help build a strong defense against online threats.

Start implementing these internet security measures today and enjoy the confidence that comes with knowing you’re protected online.

For added security, consider using an all-in-one antivirus solution like McAfee+ to safeguard your devices from online threats. Let McAfee handle your security while you focus on enjoying the internet.

The post What Is Internet Security? appeared first on McAfee Blog.

193 cybercrims arrested, accused of plotting 'violence-as-a-service'

Minors groomed to kill and intimidate victims

Nearly 200 people, including minors accused of involvement in murder plots, have been arrested over the last six months as part of Europol's Operational Taskforce (OTF) GRIMM. The operation targets what cops call "violence-as-a-service" - crime crews recruiting kids and teens online to carry out contract killings and other real-world attacks.…

ChatGPT saves the average worker nearly an hour each day, says OpenAI - here's how

The company is stepping up its efforts to attract enterprise customers amid growing competition from Google and Anthropic.

I saw the future of Android XR smart glasses, and Google has an ingenious plan behind it

From multimodal AI glasses to immersive headsets, Google's Android XR vision is more ambitious than ever.

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted

Gemini vs. Copilot: I tested the AI tools on 7 everyday tasks, and it wasn't even close

Microsoft is building Copilot into every product it owns, while Google is integrating its Gemini LLM tool into all of its properties. To determine which tool is better, I came up with seven challenges.

Snap vs. Flatpak: How to decide which Linux package manager is right for you

It's a debate Linux users love to argue over, and there's no easy answer - but here's my take.

[webapps] Pluck 4.7.7-dev2 - PHP Code Execution

Pluck 4.7.7-dev2 - PHP Code Execution

This portable power bank is irreplaceable for me, and it has less to do with the capacity

The Nitecore NB Plus is thin, lightweight, water-resistant, and resilient against cold, heat, and knocks.

Forget burner phones - you can join this new carrier with just a ZIP code (no ID necessary)

Privacy-first Phreeli says it won't collect, sell, or share customer data. Here's why.

UK moves to strengthen undersea cable defenses as Russian snooping ramps up

Atlantic Bastion combines AI systems with warships to counter increased surveillance

The UK government has announced enhanced protection for undersea cables using autonomous vessels alongside crewed warships and aircraft, responding to escalating Russian surveillance activities.…

This new Linux platform will let you update your next car at home - as soon as 2027

Toyota, Honda, and Mazda are building a new open-source car platform that runs everything from entertainment to navigation - and could even power self-driving.

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers

Home Office kept police facial recognition flaws to itself, UK data watchdog fumes

Regulator disappointed as soon-to-be-scrapped algo's problems remained a secret despite consistent engagement

The UK's data protection watchdog has criticized the Home Office for failing to disclose significant biases in police facial recognition technology, despite regular engagement between the organizations.…

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

By: Unknown
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas.  Why holiday peaks

Stop using ChatGPT for everything: The AI models I use for research, coding, and more (and which I avoid)

From GPT to Claude to Gemini, model names change fast, but use cases matter more. Here's how I choose the best model for the task at hand.

Barts Health seeks High Court block after Clop pillages NHS trust data

Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul

Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…

Get an unlimited 5G line for $40 plus a free Samsung from Metro by T-Mobile - here's how

Get a select Samsung or Motorola phone at no upfront cost with a new Metro by T-Mobile line. We'll break down the terms.

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What's notable about the malware

Dreading AI job cuts? 5 ways to future-proof your career - before it's too late

Evidence suggests emerging technology is impacting the job market, but there are ways to ensure you're prepared for the hit.

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. "This malware enables remote control of compromised systems by allowing

Block all AI browsers for the foreseeable future: Gartner

Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things

Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.…

Your AirTag isn't truly travel-ready unless it has this accessory - here's why I vouch for it

Elevation's Tag Vault keychain and security cable will protect your AirTag from being easily detached from various things.

China’s first reusable rocket explodes, but its onboard Ethernet network flew

PLUS: South Korea to strengthen security standards; Canon closes Chinese printer plant; APAC datacenter capacity to triple by 2029; And more

Asia In Brief Chinese rocketry outfit LandSpace last week flew what it hoped would be the country’s first reusable rocket, only to watch it explode while attempting to land.…

I checked my GFCI breaker with a $220 thermal camera - and it proved me wrong (in the best way)

I used to dismiss thermal cameras as a gimmick - now I rely on one daily as an essential tool in my fix-it kit.

6 hidden Android features that are seriously useful (and how they made my life easier)

You won't use these hidden Android options every day - but when you do, you'll be thankful they exist.

Apache warns of 10.0-rated flaw in Tika metadata ingestion tool

PLUS: New kind of DDOS from the Americas; Predator still hunting spyware targets; NIST issues IoT advice; And more!

Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.…

Before yesterdayYour RSS feeds

How (almost) any phone number can be tracked via WhatsApp & Signal – open-source PoC

I’ve been playing with the “Careless Whisper” side-channel idea and hacked together a small PoC that shows how you can track a phone’s device activity state (screen on/off, offline) via WhatsApp – without any notifications or visible messages on the victim’s side.

How it works (very roughly):
- uses WhatsApp via an unofficial API
- sends tiny “probe” reactions to special/invalid message IDs
- WhatsApp still sends back silent delivery receipts
- I just measure the round-trip time (RTT) of those receipts

From that, you start seeing patterns like:
- low RTT ≈ screen on / active, usually on Wi-Fi
- a bit higher RTT ≈ screen on / active, on mobile data
- high RTT ≈ screen off / standby on Wi-Fi
- very high RTT ≈ screen off / standby on mobile data / bad reception
- timeouts / repeated failures ≈ offline (airplane mode, no network, etc.)

*depends on device

The target never sees any message, notification or reaction. The same class of leak exists for Signal as well (per the original paper).

In theory you’d still see this in raw network traffic (weird, regular probe pattern), and on the victim side it will slowly burn through a bit more mobile data and battery than “normal” idle usage.

Over time you can use this to infer behavior:
- when someone is probably at home (stable Wi-Fi RTT)
- when they’re likely sleeping (long standby/offline stretches)
- when they’re out and moving around (mobile data RTT patterns)

So in theory you can slowly build a profile of when a person is home, asleep, or out — and this kind of tracking could already be happening without people realizing it.

Quick “hotfix” for normal users:
Go into the privacy settings of WhatsApp and Signal and turn off / restrict that unknown numbers can message you (e.g. WhatsApp: Settings → Privacy → Advanced). The attack basically requires that someone can send stuff to your number at all – limiting that already kills a big chunk of the risk.

My open-source implementation (research / educational use only): https://github.com/gommzystudio/device-activity-tracker

Original Paper:
https://arxiv.org/abs/2411.11194

submitted by /u/Economy-Treat-768
[link] [comments]

My favorite AirTag wallet alternative is lightweight, super thin, and surprisingly cheap

The KeySmart SmartCard left a strong impression after just a few weeks of using it.

I made my AirTag last a decade on one battery - here's the uncomfortable truth

I have over a dozen AirTags in use, and my biggest problem is having to change the batteries every year or so. Here's the quick fix.

This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

By: McAfee

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

Let’s start with those fake ads, because holiday shopping is in full swing.

Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

Here’s a quick rundown of what else they found:

  • Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
  • More than half (56%) fear that they or a family member could get scammed as a result.
  • About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

From the study … could you tell these ads are both fake?

 

 

Fake ads, like this, have been popping up across social.
Fake ads, like this, have been popping up across social.

 

 

Could you tell this ad is fake?
Could you tell this ad is fake?

In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

Phishing sites

During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

Knock-off sites

In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

  • First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
  • See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
  • Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
  • And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

“I almost lost everything—my photos, my email, my entire digital life.”

So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

So, what went wrong here? Let’s break down three key moments in this account takeover scam:

  • The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
  • The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
  • The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

So, how can you protect yourself from account takeover scams? Let’s break that down too.

  • Know that Apple Support won’t call you or open a case on your behalf.
  • Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
  • If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
  • Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
  • Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
  • You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
  • Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

“Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

According to the FCC, the call plays out like this:

“A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

Get a scam call? Who’s here you can report it to:

And we close things out a quick roundup …

Here’s a quick list of a few stories that caught our eye this week:

Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

What happens when you kick millions of teens off social media? Australia’s about to find out

We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.

The Nerdify homepage.

The link between essay mills and Russian attack drones might seem improbable, but understanding it begins with a simple question: How does a human-intensive academic cheating service stay relevant in an era when students can simply ask AI to write their term papers? The answer – recasting the business as an AI company – is just the latest chapter in a story of many rebrands that link the operation to Russia’s largest private university.

Search in Google for any terms related to academic cheating services — e.g., “help with exam online” or “term paper online” — and you’re likely to encounter websites with the words “nerd” or “geek” in them, such as thenerdify[.]com and geekly-hub[.]com. With a simple request sent via text message, you can hire their tutors to help with any assignment.

These nerdy and geeky-branded websites frequently cite their “honor code,” which emphasizes they do not condone academic cheating, will not write your term papers for you, and will only offer support and advice for customers. But according to This Isn’t Fine, a Substack blog about contract cheating and essay mills, the Nerdify brand of websites will happily ignore that mantra.

“We tested the quick SMS for a price quote,” wrote This Isn’t Fine author Joseph Thibault. “The honor code references and platitudes apparently stop at the website. Within three minutes, we confirmed that a full three-page, plagiarism- and AI-free MLA formatted Argumentative essay could be ours for the low price of $141.”

A screenshot from Joseph Thibault’s Substack post shows him purchasing a 3-page paper with the Nerdify service.

Google prohibits ads that “enable dishonest behavior.” Yet, a sprawling global essay and homework cheating network run under the Nerdy brands has quietly bought its way to the top of Google searches – booking revenues of almost $25 million through a maze of companies in Cyprus, Malta and Hong Kong, while pitching “tutoring” that delivers finished work that students can turn in.

When one Nerdy-related Google Ads account got shut down, the group behind the company would form a new entity with a front-person (typically a young Ukrainian woman), start a new ads account along with a new website and domain name (usually with “nerdy” in the brand), and resume running Google ads for the same set of keywords.

UK companies belonging to the group that have been shut down by Google Ads since Jan 2025 include:

Proglobal Solutions LTD (advertised nerdifyit[.]com);
AW Tech Limited (advertised thenerdify[.]com);
Geekly Solutions Ltd (advertised geekly-hub[.]com).

Currently active Google Ads accounts for the Nerdify brands include:

-OK Marketing LTD (advertising geekly-hub[.]net⁩), formed in the name of Olha Karpenko, a young Ukrainian woman;
Two Sigma Solutions LTD (advertising litero[.]ai), formed in the name of Olekszij (Alexey) Pokatilo.

Google’s Ads Transparency page for current Nerdify advertiser OK Marketing LTD.

Mr. Pokatilo has been in the essay-writing business since at least 2009, operating a paper-mill enterprise called Livingston Research alongside Alexander Korsukov, who is listed as an owner. According to a lengthy account from a former employee, Livingston Research mainly farmed its writing tasks out to low-cost workers from Kenya, Philippines, Pakistan, Russia and Ukraine.

Pokatilo moved from Ukraine to the United Kingdom in Sept. 2015 and co-founded a company called Awesome Technologies, which pitched itself as a way for people to outsource tasks by sending a text message to the service’s assistants.

The other co-founder of Awesome Technologies is 36-year-old Filip Perkon, a Swedish man living in London who touts himself as a serial entrepreneur and investor. Years before starting Awesome together, Perkon and Pokatilo co-founded a student group called Russian Business Week while the two were classmates at the London School of Economics. According to the Bulgarian investigative journalist Christo Grozev, Perkon’s birth certificate was issued by the Soviet Embassy in Sweden.

Alexey Pokatilo (left) and Filip Perkon at a Facebook event for startups in San Francisco in mid-2015.

Around the time Perkon and Pokatilo launched Awesome Technologies, Perkon was building a social media propaganda tool called the Russian Diplomatic Online Club, which Perkon said would “turbo-charge” Russian messaging online. The club’s newsletter urged subscribers to install in their Twitter accounts a third-party app called Tweetsquad that would retweet Kremlin messaging on the social media platform.

Perkon was praised by the Russian Embassy in London for his efforts: During the contentious Brexit vote that ultimately led to the United Kingdom leaving the European Union, the Russian embassy in London used this spam tweeting tool to auto-retweet the Russian ambassador’s posts from supporters’ accounts.

Neither Mr. Perkon nor Mr. Pokatilo replied to requests for comment.

A review of corporations tied to Mr. Perkon as indexed by the business research service North Data finds he holds or held director positions in several U.K. subsidiaries of Synergy, Russia’s largest private education provider. Synergy has more than 35,000 students, and sells T-shirts with patriotic slogans such as “Crimea is Ours,” and “The Russian Empire — Reloaded.”

The president of Synergy is Vadim Lobov, a Kremlin insider whose headquarters on the outskirts of Moscow reportedly features a wall-sized portrait of Russian President Vladimir Putin in the pop-art style of Andy Warhol. For a number of years, Lobov and Perkon co-produced a cross-cultural event in the U.K. called Russian Film Week.

Synergy President Vadim Lobov and Filip Perkon, speaking at a press conference for Russian Film Week, a cross-cultural event in the U.K. co-produced by both men.

Mr. Lobov was one of 11 individuals reportedly hand-picked by the convicted Russian spy Marina Butina to attend the 2017 National Prayer Breakfast held in Washington D.C. just two weeks after President Trump’s first inauguration.

While Synergy University promotes itself as Russia’s largest private educational institution, hundreds of international students tell a different story. Online reviews from students paint a picture of unkept promises: Prospective students from Nigeria, Kenya, Ghana, and other nations paying thousands in advance fees for promised study visas to Russia, only to have their applications denied with no refunds offered.

“My experience with Synergy University has been nothing short of heartbreaking,” reads one such account. “When I first discovered the school, their representative was extremely responsive and eager to assist. He communicated frequently and made me believe I was in safe hands. However, after paying my hard-earned tuition fees, my visa was denied. It’s been over 9 months since that denial, and despite their promises, I have received no refund whatsoever. My messages are now ignored, and the same representative who once replied instantly no longer responds at all. Synergy University, how can an institution in Europe feel comfortable exploiting the hopes of Africans who trust you with their life savings? This is not just unethical — it’s predatory.”

This pattern repeats across reviews by multilingual students from Pakistan, Nepal, India, and various African nations — all describing the same scheme: Attractive online marketing, promises of easy visa approval, upfront payment requirements, and then silence after visa denials.

Reddit discussions in r/Moscow and r/AskARussian are filled with warnings. “It’s a scam, a diploma mill,” writes one user. “They literally sell exams. There was an investigation on Rossiya-1 television showing students paying to pass tests.”

The Nerdify website’s “About Us” page says the company was co-founded by Pokatilo and an American named Brian Mellor. The latter identity seems to have been fabricated, or at least there is no evidence that a person with this name ever worked at Nerdify.

Rather, it appears that the SMS assistance company co-founded by Messrs. Pokatilo and Perkon (Awesome Technologies) fizzled out shortly after its creation, and that Nerdify soon adopted the process of accepting assignment requests via text message and routing them to freelance writers.

A closer look at an early “About Us” page for Nerdify in The Wayback Machine suggests that Mr. Perkon was the real co-founder of the company: The photo at the top of the page shows four people wearing Nerdify T-shirts seated around a table on a rooftop deck in San Francisco, and the man facing the camera is Perkon.

Filip Perkon, top right, is pictured wearing a Nerdify T-shirt in an archived copy of the company’s About Us page. Image: archive.org.

Where are they now? Pokatilo is currently running a startup called Litero.Ai, which appears to be an AI-based essay writing service. In July 2025, Mr. Pokatilo received pre-seed funding of $800,000 for Litero from an investment program backed by the venture capital firms AltaIR Capital, Yellow Rocks, Smart Partnership Capital, and I2BF Global Ventures.

Meanwhile, Filip Perkon is busy setting up toy rubber duck stores in Miami and in at least three locations in the United Kingdom. These “Duck World” shops market themselves as “the world’s largest duck store.”

This past week, Mr. Lobov was in India with Putin’s entourage on a charm tour with India’s Prime Minister Narendra Modi. Although Synergy is billed as an educational institution, a review of the company’s sprawling corporate footprint (via DNS) shows it also is assisting the Russian government in its war against Ukraine.

Synergy University President Vadim Lobov (right) pictured this week in India next to Natalia Popova, a Russian TV presenter known for her close ties to Putin’s family, particularly Putin’s daughter, who works with Popova at the education and culture-focused Innopraktika Foundation.

The website bpla.synergy[.]bot, for instance, says the company is involved in developing combat drones to aid Russian forces and to evade international sanctions on the supply and re-export of high-tech products.

A screenshot from the website of synergy,bot shows the company is actively engaged in building armed drones for the war in Ukraine.

KrebsOnSecurity would like to thank the anonymous researcher NatInfoSec for their assistance in this investigation.

Should you be afraid of smart home hacking? 6 ways experts keep their devices protected

The fewer entry points you leave open, the more secure your smart home will be. Here's my guide.

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an

Oh Crap, Kohler’s Toilet Cameras Aren’t Really End-to-End Encrypted

Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more.

How chatbots can change your mind - a new study reveals what makes AI so persuasive

The more persuasive a model is trained to be, the higher the likelihood that it'll hallucinate, researchers find.

How to shop with AI: 6 ways I find deals, price track, and let agents buy for me

Forget the old way of shopping. In 2025, AI can help you find the right product for the best price in minutes. Here's how.

Death to one-time text codes: Passkeys are the new hotness in MFA

Wanna know a secret?

Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to enter a second or third proof of identity. However, not all forms of MFA are created equal, and the one-time passwords orgs send to your phone have holes so big you could drive a truck through them.…

Crims using social media images, videos in 'virtual kidnapping' scams

Proof of life? Or an active social media presence?

Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in "virtual kidnapping" and extortion scams, the FBI warned on Friday. …

Novel clickjacking attack relies on CSS and SVG

Who needs JavaScript?

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).…

Cloudflare blames Friday outage on borked fix for React2shell vuln

Security community needs to rally and share more info faster, one researcher says

Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…

I tried a smart ring that captured my thoughts and replicated my voice - it was trippier than expected

Stream Ring is an AI-powered note-taker and thought organizer that users can speak into, regardless of the environment.

Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)

Posted by Yuffie Kisaragi via Fulldisclosure on Dec 05

Advisory ID: CONVERCENT-2025-001
Title: Multiple Security Misconfigurations and Customer Enumeration Exposure in
Convercent Whistleblowing Platform (EQS Group)
Date: 2025-12-04
Vendor: EQS Group
Product: Convercent Whistleblowing Platform (app.convercent.com)
Severity: Critical
CVSS v4.0 Base Score: 9.3
Vector: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Summary

A series of security weaknesses were identified in the Convercent...

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them

Use Google Play? You might get a cash payout from this $700 million settlement soon

If you made a Google Play purchase between 2016 and 2023, and your account was located in the US, you're a part of the settlement. Here's what to expect.
❌