FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today — December 12th 2025Your RSS feeds

Require Google to Remove One-Click Full Logout URLs

My father got tricked into calling scammers after a hidden Google logout URL made him think his computer was hacked. Turns out, Google lets any website instantly log you out of Gmail, YouTube, and Drive just by loading a simple link - no warning, no confirmation. I made a petition, and I want to know if this is something worth signing and sharing, or if it's not realistic.

submitted by /u/Redstoneriot234
[link] [comments]
Yesterday — December 11th 2025Your RSS feeds

Warnings Mount in Congress Over Expanded US Wiretap Powers

Experts tell US lawmakers that a crucial spy program’s safeguards are failing, allowing intel agencies deeper, unconstrained access to Americans’ data.

Do you ask AI deep questions at night? 37.5 million Copilot conversations show you're not alone

From work-related conversations on our desktops by day to personal advice on our phones after hours, AI now integrates 'into the full texture of human life,' a Microsoft study finds.

Russian hackers debut simple ransomware service, but store keys in plain text

Operators accidentally left a way for you to get your data back

CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.…

OpenAI user data was breached, but changing your password won't help - here's why

Revealed on Thanksgiving Eve, the incident serves as a reminder that we're all responsible for exploring additional security options.

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits

Relying on consumer SSO creates significant challenges, and passkeys may offer a solution.

Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data

A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information.

Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap

It looks harmless enough.

A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event. 

That’s where the scam begins. 

Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.” 

And that’s exactly why scammers are using them. 

In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

Screenshot of a Phishing Email sent this holiday season
Screenshot of a Phishing Email sent this holiday season

When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data. 

What Is a Fake E-Vite Scam? 

A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services. 

The goal is to trick you into: 

  • Entering your email and password 
  • Creating a fake account on a malicious site 
  • Clicking links that lead to credential-stealing pages 
  • Downloading malware disguised as an invitation 

Once scammers have your login information, they can: 

  • Take over your email 
  • Reset passwords on other accounts 
  • Send scams to your contacts 
  • Launch identity theft attempts 

How These Fake Invitation Scams Usually Work 

Here’s the most common flow: 

  1. You receive a digital invitation that looks normal 
  2. The message prompts you to “view the invitation” 
  3. You’re redirected to a login or signup page 
  4. You enter your email, password, or personal info 
  5. The invitation never appears 
  6. Your credentials have now been stolen 

Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

How to Tell If a Paperless Post Invite Is Real 

Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like. 

Legitimate Paperless Post Emails Will Never: 

  • Include .EXE attachments 
  • Include .PDF attachments 
  • Include any attachments other than image files 

Official Paperless Post Email Domains: 

Legitimate invitations and account messages only come from: 

Official support emails only come from: 

If the sender does not match one of these exactly, it’s a scam. 

Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.  

The Biggest Red Flags of a Fake E-Vite 

If you see any of the following, do not click: 

  • You’re forced to log in to “see” who invited you 
  • The sender email doesn’t match the official domains above 
  • The invitation creates urgency 
  • You’re asked for payment to view the event 
  • The message feels generic instead of personal 
  • The site address looks slightly off 

Why These Scams Are So Effective Right Now 

Modern phishing attacks don’t rely on sloppy design anymore. Many now use: 

  • Polished branding 
  • Clean layouts 
  • Familiar platforms 
  • Friendly language 
  • Social pressure 

Invitation phishing is especially powerful because: 

  • It triggers curiosity 
  • It feels harmless 
  • It mimics real social behavior 
  • It doesn’t start with fear or threats 
  • By the time the scam turns risky, your guard is already down. 

What To Do If You Clicked a Fake E-Vite 

If you entered any information into a suspicious invitation page: 

  1. Immediately change your email password 
  2. Change any other account that reused that password 
  3. Enable two-factor authentication 
  4. Check for unknown login activity 
  5. Warn contacts if your email may have been compromised 
  6. Run a security scan on your device 

The faster you act, the more damage you can prevent. 

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

Empirical Analysis: Non-Linear Token Consumption in AI Security Agents

We’ve been testing AI agents in blue-team scenarios (log triage, recursive investigation steps, correlation, incident reconstruction). A recurring issue surfaced during testing:

Pay-per-use models can’t handle the load.

Deep reasoning tasks trigger non-linear token spikes, and we found that Competitor-style metered billing either slowed down workflows, caused interruptions, or became too expensive to use during real incidents — especially when dealing with iterative analysis under pressure.

We published a case study summarizing the data, the reasoning patterns behind the token spikes, and why unlimited usage models are better suited for continuous defensive operations.

Sharing here in case it helps others experimenting with AI in blue team environments

submitted by /u/Obvious-Language4462
[link] [comments]

Google fixes super-secret 8th Chrome 0-day

No details, no CVE, update your browser now

Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.…

LastPass hammered with £1.2M fine for 2022 breach fiasco

UK data regulator says failures were unacceptable for a company managing the world's passwords

The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.…

I dropped this power bank from waist level, and it proved its worth almost immediately

The outdoors can be difficult for power banks, but this one by Nitecore is built to last.

You can send live video to 911 from your Android phone in seconds now - here's how

If 911 needs eyes on your situation, they'll send a prompt for you to share live video instantly.

ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories

This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open. The new Threatsday Bulletin

Comcast just killed hidden fees with new contract-free TV plans - starting at $55

The new Xfinity TV plans keep it simple with one up-front pricing. There's not even equipment rental charges.

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a

The Segmentation Cycle: A Practical Approach to Network Security

The segmentation journey starts with visibility, goes through identity context, policy and enforcement, ultimately returning to enhanced visibility.

Researcher claims Salt Typhoon spies attended Cisco training scheme

Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert

A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.…

The Impact of Robotic Process Automation (RPA) on Identity and Access Management

By: Unknown
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber

10K Docker images spray live cloud creds across the internet

Flare warns devs are unwittingly publishing production-level secrets

Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.…

The best cloud hosting services for 2025: Expert tested

We've tested and ranked the best cloud hosting services available to help you choose the right option for your business or side project.

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the

Users report chaos as Legal Aid Agency stumbles back online after cyberattack

Workers frustrated with security-first changes to workflows and teething issues

Exclusive Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.…

Oura users report smoking, overheating rings - what we know

Here's what the smart ring brand is doing about it.

The AI leader's new balance: What changes (and what remains) in the age of algorithms

Successful leaders will harness the power of AI while amplifying essential human capabilities. Three experts share essential recommendations that every executive should have on their agenda.

How to use the new Linux terminal on your Android device - it's easy

There's a powerful new feature for Android users: The Linux terminal. It unlocks a whole new level of control.

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. "Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution," security researcher Bryan Masters said.

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience.

OpenSUSE vs. Manjaro: Which powerhouse Linux distro is best for you?

Looking for a Linux distribution that delivers more power and control? If you're new to Linux, only one of these may be right for you.
Before yesterdayYour RSS feeds

How AMD End-to-End Hardware Turns AI Innovation Into Impact

From PCs to data centers, AMD delivers the compute backbone that turns AI initiatives into business transformations.

700+ self-hosted Gits battered in 0-day attacks with no fix imminent

More than half of internet-exposed instances already compromised

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.…

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to be

How to Stay Safe on Your New AI Browser

By: McAfee

AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

What are agentic AI browsers?

So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

Is it safe to use an AI browser?

But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

How To Use an AI Browser Safely

It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.i This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

How McAfee Can Help

McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

Covert red team phishing

I wrote a post about how to perform a red team phishing campaign, including a reconnaissance and AITM sesssion capture. I hope you enjoy it. It does not cover creating a m365 proxy config, I will leave that as a exercise to the reader :)

submitted by /u/hackeronni
[link] [comments]

Hate creating presentations? I tried Google's new Nano Banana Pro-powered tool, and the results blew me away

Google's Mixboard now includes Nano Banana Pro​ to create presentations from your photos and documents - and it's free. Try it and see what you think.

Ring's 'Familiar Faces' is here: Why privacy experts worry it's mass surveillance in disguise

Ring users in most of the US can now save up to fifty faces in the app, allowing for more personalized notifications. But the convenience probably isn't worth the sacrifice in privacy.

US extradites Ukrainian woman accused of hacking meat processing plant for Russia

The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility

A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.…

Microsoft won’t fix .NET RCE bug affecting slew of enterprise apps, researchers say

Devs and users should know better, Microsoft tells watchTowr

Security researchers have revealed a .NET security flaw thought to affect a host of enterprise-grade products that they say Microsoft refuses to fix.…

This anti-theft tech bag stopped a pickpocketer in real time - how it works

This bag saved me from potentially losing access to my smartphone and passport on my last trip.

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.

Infostealer has entered the chat

A new wave of ClickFix attacks spreading a macOS infostealer are posting malicious user guides on the official ChatGPT website by piggybacking the chatbot’s chat-sharing feature.

submitted by /u/Fit_Wing3352
[link] [comments]

Zorin OS vs. AnduinOS: How to pick the right Windows-like Linux distro for you

If you're looking for the best Linux distribution to wean you from Windows, there are two that make a solid case for the task.

How well does ChatGPT know you? This simple prompt can reveal a lot

Most of it was flattery, but there was one bit of advice that I immediately decided to turn into a New Year's resolution.

This Alexa+ update can track deals and buy for you when the price drops - here's how

There's also a new Shopping Essentials hub for lists, orders, and delivery tracking - all just a voice command away.

Finally, a Bluetooth speaker that delivers big sound and cool energy (at a good price)

Seeking a well-priced Bluetooth speaker that fills a room with rich, dynamic sound? This Treblab model I tested gets the job done.

Protecting value at risk - the role of a risk operations center

Why should Keith Richards’ fingers inform your approach to risk?

Partner Content For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according to TMZ; and Lloyd’s of London was reported to have insured a wide range of celebrity body parts, from restauranteur Egon Ronay’s taste buds to the fingers of Rolling Stones’ guitarist Keith Richards, which were insured for $1.6 million. 

Your Google Photos just got 4 huge video editing upgrades - what's new

The tools are designed to help you edit videos quickly and more easily.

My top 4 browsers after testing nearly every one (spoiler: Chrome fans may be upset)

Ready to try a new browser? I've installed almost every browser over the years, and these are my top picks.

A Complete Guide to the Jeffrey Epstein Document Dumps

New records about the infamous sex offender are released seemingly every week. Here’s a quick rundown of who’s releasing the Epstein documents, what they contain—and what they’re releasing next.

The fix for messy AI agent ecosystems might finally be here - and it's open source

Backed by OpenAI, Anthropic, and others, AAIF aims to standardize AI agents and build an open, interoperable foundation.

This new $75 smart ring helps you remember things you'd likely forget - here's how

Pebble, known for its watches, has opened preorders for its new Pebble Index 01 smart ring.

I replaced my travel video gear with this 360-degree drone within minutes of testing it

Antigravity's A1 drone shoots sharp 360-degree video with easy, beginner-friendly controls.

Shelly's new smart plug is at home with all major automation systems

The Shelly Plug Gen4 works with Matter, Wi-Fi, and Zigbee, is a breeze to set up, and costs just $20.

Inbox full of promo emails? 80% are tracking you, new report warns

Billions of holiday marketing emails have turned inboxes into a de facto surveillance tool, Proton Mail says.
❌