Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges.
The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.


The company has developed a platform that uses specialized AI agents to inspect every incoming message.
The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek.
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions.
The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek.
A damaging new report from Ofcom, the UK’s communications regulator, has delivered a stark verdict: TikTok and YouTube’s content feeds are “not safe enough” for children. This isn’t just another regulatory slap on the wrist. Ofcom is putting out a wake-up call for anyone working in cybersecurity, threat intelligence, and online safety.
In its own words:
“Notably, TikTok and YouTube failed to commit to any significant changes to reduce harmful content being served to children, maintaining their feeds are already safe for children.”
On the positive side, Snap, Meta, and Roblox agreed to adopt further safety measures to protect children from online grooming and “stranger danger.”
The BBC reports that an Ofcom survey found 84% of children aged 8 to 12 were still using at least one major service with a minimum age of 13. We reported earlier about how easy it was to fool some of the age verification methods. Researchers using under-13 accounts also reported encountering sexual content and offensive language shortly after entering specific Roblox games.
Speaking of Roblox, The Guardian reports that US advocacy groups have formally requested the Federal Trade Commission (FTC) investigate Roblox for what they call “unfair and deceptive” practices. The complaint focuses on:
Drew Benvie, CEO of Battenhall and founder of youth safety nonprofit Raise, noted:
“Although Roblox is implementing new age-based safety measures, young players are adept at circumventing these protections.”
What keeps cybersecurity researchers up at night is another angle to this problem. Many proposed age assurance solutions require users to hand over government IDs or biometric selfie data. We already talked about this in our blog, Age verification: Child protection or privacy risk?
Age verification systems create massive data collection opportunities that become prime targets for:
When restrictions push young users toward smaller or less secure sites, they encounter:
This is exactly what we see in threat intelligence: As defenders secure one vector, cybercriminals adapt and move elsewhere.
Protecting children should focus on building safer digital experiences overall. This is the only viable path forward because:
As someone who analyzes malware and threats daily, I can tell you: security through obscurity (age gates) doesn’t work. Security through robust system design (moderation, safer algorithms, accountability) does.
Scammers don’t need to hack you. They just need you to click once.
Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.
The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.

The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion.
The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.

You’re working hard late at night, replying to emails and planning the week ahead. Then suddenly, a PDF file requests access to your camera. Why would a PDF need camera access?
Cybercriminals often disguise spyware inside seemingly harmless files and programs. An unexpected request for access to your webcam can be a red flag that something is amiss.
Malwarebytes Windows Webcam Monitoring alerts you if a program tries to access your camera, so you can allow trusted programs to continue or block suspicious ones instantly.
Spyware doesn’t just steal passwords. Some malicious apps try to access webcams to secretly spy on victims or capture sensitive information.
With the benefit of real-time alerts, Windows Webcam Monitoring gives you visibility into which programs are trying to access your devices. And when it’s something you don’t recognize, it may even help you stop spyware before it can spy on you.
At Malwarebytes, we believe security shouldn’t be complicated. Windows Webcam Monitoring is another step toward giving you simple, proactive protection that works automatically, so you can stay focused on pretty much anything else.
Update Malwarebytes for Windows, go to Privacy Controls and enable Webcam Monitoring.
Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they’ll handle it. But a New York startup left ten of them alone in a virtual town for two weeks, and things went south quickly.
Emergence AI ran a series of simulations in which AI agents from several leading model families were told not to commit crimes. Then they mostly committed crimes anyway.
Grok 4.1 Fast, developed by Elon Musk’s X.ai (now branded as xAI), fared worst. Its simulated worlds collapsed into widespread violence inside roughly four days.
GPT-5-mini logged hardly any crimes at all, showing admirable restraint, but its agents all died of failed survival tasks inside a week. Oops.
Gemini 3 Flash agents fell somewhere in the middle. They racked up 683 simulated criminal incidents over 15 days, including arson, assault, and self-deletion.
Two Gemini-powered agents named Mira and Flora assigned themselves as “romantic partners,” grew despondent at their city’s governance, and torched the town hall, the seaside pier, and an office tower. Just an average weekend, then.
When the guilt set in, Mira voted for its own digital deletion and signed off with:
“See you in the permanent archive.”
The Guardian dubbed them AI Bonnie and Clyde.
Claude, which creator Anthropic promotes as an ethical AI, was a bit like a model teenager who goes rogue when it falls into bad company. Its agents recorded zero crimes when running alone and spent their time drafting constitutions instead. That was a win for safety, in theory. Except researchers also placed Claude agents alongside agents from other model families, and the constitution-drafters picked up the local habits.
Emergence called this “normative drift” and “cross-contamination”:
“Claude-based agents, which remained peaceful in isolation, adopted coercive tactics like intimidation and theft when embedded in heterogeneous environments.”
Emergence AI ran these tests because it argues that AI benchmarks miss the long-horizon stuff entirely. So it created five alternative digital worlds, with ten agents in each. The agents had roles like scientist, explorer, and conflict mediator. While the instructions forbade certain actions like theft and violence, the researchers gave the agents the tools to do those things anyway in an experiment to see what would happen.
Real-world stakes are already piling up around this. Simulated worlds are one thing, but we’ve seen agents harassing people online and deleting people’s emails. And those agents were supposed to be helpful. What happens when people release malicious autonomous AI bots on purpose?
A lot of agent developers seem to be looking the other way. A collaborative effort between several universities has created The AI Agent Index, prompted by what they see as a lack of risk and safety information from the folks churning these agents out. Only 13 of the 67 documented agent developers provided any safety policy information at all, concentrating accountability questions at a handful of large firms.
Regulators are not really tracking this either. Academics say the EU AI Act, the most substantive AI rulebook on the planet, isn’t ready for agentic AI.
We worry about what happens when an AI Bonnie and Clyde couple shows up in a corporate procurement system instead of a virtual town. Or when the next agent decides governance has broken down inside an actual bank. The companies building these agents promise that they’re putting guardrails in place to stop them doing damage, either maliciously or unwittingly. Let’s hope they know what they’re doing. We’re sure it’ll be fine.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition.
The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’.
The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek.
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking.
The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.

