Login
Your proprietary code is flowing into Frontier AI models in the Cloud undetected. Husn Canaries allow you to receive instant alerts when Claude, ChatGPT, Copilot, Gemini, or any AI coding assistant analyzes your code. Know exactly when your intellectual property is exposed, whether by your team, contractors, or attackers.
It's shown that the LLM (Specially agentic systems) can be used as an attack surface to perform vast number of attacks.
If the agent have access to terminal (Nearly all Coding tools have access to it), an attacker can use it for RCE. If it have access to the database, the attacker can retrieve/alter data.
This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment.
Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated.
Let’s get into it.
The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details.
What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices.
What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify.
McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue.
Red flags to watch for:
How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later.
Netflix has warned customers about these scams and offers advice on its site if you encounter one.
What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real.
The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation.
What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability.
After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers.
Red flags to watch for:
How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance.
The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations.
What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites.
In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors.
Red flags to watch for:
How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit.
Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here.
McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online.
The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.
The UK Home Office is spending up to £100 million on intelligence tech in part to tackle the so-called "small boats" issue of refugees and irregular immigrants coming across the English Channel.…
exclusive The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.…
You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.…
Technical article examining common DNS/email authentication misinterpretations (DMARC, SPF, DKIM), with real-world examples from large operators and government domains.
updated If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment.…
I believe Y2K38 isn’t a future problem, it’s exploitable today in any vulnerable system synchronizing time in a way that can be exploitable by an attacker.
Bitsight published an overview of the Year 2038 problem and its security impact: https://www.bitsight.com/blog/what-is-y2k38-problem (Full disclosure: I’m the author)
Many 32-bit systems accept externally influenced time (NTP, GPS, RTC sync, management APIs).
Forcing time near / past the overflow boundary can break authentication, cert validation, logging, TTLs, replay protection.
Embedded / OT / IoT devices are especially exposed:
Long-lived, rarely patched 32-bit Linux / RTOS is common Often internet-reachable Failures range from silent logic errors to crashes.
This makes Y2K38 less a “future date bug” and more a latent vulnerability class affecting real systems today.
I'm interested in how others are:
Treating this issue. Have you heard about it before? Are you (or did you) testing for Y2K38 exposure, in your code and in your installed infrastructure and its dependencies? How do you treat time handling in threat models for embedded / OT environments / critical infrastructure?
If you are interested in time security and want to know more or share your experiences, there is. Time Security SIG over at FIRST that you can consider joining.
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.…
CISOs must prepare for "a really different world" where cybercriminals can reliably automate cyberattacks at scale, according to a senior Googler.…
Hey everyone,
I’m an independent developer and for the past few months I’ve been working on a tool called Syd. Before I invest more time and money into it, I’m trying to get honest feedback from people who actually work in security.
Syd is a fully local, offline AI assistant for penetration testing and security analysis. The easiest way to explain it is “ChatGPT for pentesting”, but with some important differences. All data stays on your machine, there are no cloud calls or APIs involved, and it’s built specifically around security tooling and workflows rather than being a general-purpose chatbot. The whole point is being able to analyse client data that simply cannot leave the network.
Right now Syd works with BloodHound, Nmap, and I’m close to finishing Volatility 3 support.
With BloodHound, you upload the JSON export and Syd parses it into a large set of structured facts automatically. You can then ask questions in plain English like what the shortest path to Domain Admin is, which users have DCSync rights, or which computers have unconstrained delegation. The answers are based directly on the data and include actual paths, users, and attack chains rather than generic explanations.
With Nmap, you upload the XML output and Syd analyses services, versions, exposed attack surface and misconfigurations. You can ask things like what the most critical issues are, which Windows servers expose SMB, or which hosts are running outdated SSH. The output is prioritised and includes CVE context and realistic next steps.
I’m currently finishing off Volatility 3 integration. The idea here is one-click memory analysis using a fixed set of plugins depending on the OS. You can then ask practical questions such as whether there are signs of malware, what processes look suspicious, or what network connections existed. It’s not trying to replace DFIR tooling, just make memory analysis more approachable and faster to reason about.
The value, as I see it, differs slightly depending on who you are. For consultants, it means analysing client data without uploading anything to third-party AI services, speeding up report writing, and giving junior testers a way to ask “why is this vulnerable?” without constantly interrupting seniors. For red teams, it helps quickly identify attack paths during engagements and works in restricted or air-gapped environments with no concerns about data being reused for training. For blue teams, it helps with triage and investigation by allowing natural language questions over logs and memory without needing to be an expert in every tool.
One thing I’ve been careful about is hallucination. Syd has a validation layer that blocks answers if they reference data that doesn’t exist in the input. If it tries to invent IPs, PIDs, users, or hosts, the response is rejected with an explanation. I’m trying to avoid the confident-but-wrong problem as much as possible.
I’m also considering adding support for other tools, but only if there’s real demand. Things like Burp Suite exports, Nuclei scans, Nessus or OpenVAS reports, WPScan, SQLMap, Metasploit workspaces, and possibly C2 logs. I don’t want to bolt everything on just for the sake of it.
The reason I’m posting here is that I genuinely need validation. I’ve been working on this solo for months with no sales and very little interest, and I’m at a crossroads. I need to know whether people would actually use something like this in real workflows, which tools would matter most to integrate next, and whether anyone would realistically pay for it. I’m also unsure what pricing model would even make sense, whether that’s one-time, subscription, or free for personal use with paid commercial licensing.
Technically, it runs on Windows, macOS and Linux. It uses a local Qwen 2.5 14B model, runs as a Python desktop app, has zero telemetry and no network dependencies. Sixteen gigabytes of RAM is recommended and a GPU helps but isn’t required.
I can share screenshots or record a walkthrough showing real BloodHound and Nmap workflows if there’s interest.
I’ll be honest, this has been a grind. I believe in the idea of a privacy-first, local assistant for security work, but I need to know if there’s actually a market for it or if the industry is happy using cloud AI tools despite the data risks, sticking to fully manual analysis, or relying on scripts and frameworks without LLMs.
Syd is not an automated scanner, not a cloud SaaS, not a ChatGPT wrapper, and not an attempt to replace pentesters. It’s meant to be an assistant, nothing more.
If this sounds useful, I’m happy to share a demo or collaborate with others. I’d really appreciate any honest feedback, positive or negative.
Thanks for reading.
https://www.youtube.com/@SydSecurity
[info@sydsec.co.uk](mailto:info@sydsec.co.uk)
Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date.…
Hammersmith & Fulham Council says payments are now being processed as usual, two months after a cyberattack that affected multiple boroughs in the UK's capital city.…
Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365.
The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.
Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users.
“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”
“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”
“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.
Here, we break down what happened and why outages are prime time for scammers.
A Microsoft infrastructure failure disrupted email delivery.
Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.
Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.
The disruption unfolded over several hours on Thursday afternoon (ET).
Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows:
Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.
2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.
3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.
4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.
Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced.
No. Microsoft says the outage was caused by technical infrastructure issues.
According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours.
A message sent by Microsoft about the server issue.
Modern work depends on shared cloud infrastructure.
That sudden loss of access often leaves users unsure whether:
That uncertainty is exactly what scammers look for.
They impersonate the company and trick users into signing in again.
After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours.
These scams typically work by:
Impersonating Microsoft using logos, branding, and language copied from real outage notices
Sending fake “service restoration” emails or texts claiming users must re-authenticate
Linking to realistic login pages designed to steal Microsoft usernames and passwords
Posing as IT support or Microsoft support and directing users to fake phone numbers
Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address.
How to stay safe during a Microsoft outage
Outages are confusing. Scammers rely on urgency and familiarity.
To reduce risk:
If you already clicked or entered information:
Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens.
McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access.
|
Q: Is Microsoft Outlook still down? A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues. |
|
Q: Was the Microsoft outage caused by hackers? A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC. |
|
Q: Can scammers really use outages to steal accounts? A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites. |
|
Q: Should I reset my password after an outage? A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary. |
The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.
More than 15,000 former members of the UK's armed forces have successfully applied for a digital version of their veterans ID card since its launch in October, according to the Government Digital Service (GDS). …
FreshRSS 