Login
My father got tricked into calling scammers after a hidden Google logout URL made him think his computer was hacked. Turns out, Google lets any website instantly log you out of Gmail, YouTube, and Drive just by loading a simple link - no warning, no confirmation. I made a petition, and I want to know if this is something worth signing and sharing, or if it's not realistic.
CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.…
It looks harmless enough.
A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event.
That’s where the scam begins.
Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.”
And that’s exactly why scammers are using them.
In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:
When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data.
A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services.
The goal is to trick you into:
Once scammers have your login information, they can:
Here’s the most common flow:
Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.
Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like.
Legitimate Paperless Post Emails Will Never:
Official Paperless Post Email Domains:
Legitimate invitations and account messages only come from:
Official support emails only come from:
If the sender does not match one of these exactly, it’s a scam.
Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.
If you see any of the following, do not click:
Modern phishing attacks don’t rely on sloppy design anymore. Many now use:
Invitation phishing is especially powerful because:
If you entered any information into a suspicious invitation page:
The faster you act, the more damage you can prevent.
The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.
We’ve been testing AI agents in blue-team scenarios (log triage, recursive investigation steps, correlation, incident reconstruction). A recurring issue surfaced during testing:
Pay-per-use models can’t handle the load.
Deep reasoning tasks trigger non-linear token spikes, and we found that Competitor-style metered billing either slowed down workflows, caused interruptions, or became too expensive to use during real incidents — especially when dealing with iterative analysis under pressure.
We published a case study summarizing the data, the reasoning patterns behind the token spikes, and why unlimited usage models are better suited for continuous defensive operations.
Sharing here in case it helps others experimenting with AI in blue team environments
Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.…
The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.…
A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.…
Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.…
Exclusive Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.…
Scanned 1.3M npm packages + top GitHub repos: Dify, LobeChat, Umami are affected and maybe exploited
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…
AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.
We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.
So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.
By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.
In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.
As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.
But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.
The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.
Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.
While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.
It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:
Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.
Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.
Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.i This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.
If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.
Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.
Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”
McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.
McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.
Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.
The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.
I wrote a post about how to perform a red team phishing campaign, including a reconnaissance and AITM sesssion capture. I hope you enjoy it. It does not cover creating a m365 proxy config, I will leave that as a exercise to the reader :)
A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.…
Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.…
A new wave of ClickFix attacks spreading a macOS infostealer are posting malicious user guides on the official ChatGPT website by piggybacking the chatbot’s chat-sharing feature.
Partner Content For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according to TMZ; and Lloyd’s of London was reported to have insured a wide range of celebrity body parts, from restauranteur Egon Ronay’s taste buds to the fingers of Rolling Stones’ guitarist Keith Richards, which were insured for $1.6 million. …
FreshRSS 