Normal view

Deepfake posting sites depicting famous women taken down by feds

16 June 2026 at 12:31

Thanks to Uncle Sam, anyone trying to find nonconsensual intimate deepfakes on CFake.com and SOCFake.com will be disappointed. The US Departments of Justice (DOJ) and Homeland Security has seized the two domain names under the TAKE IT DOWN Act.

The TAKE IT DOWN Act, signed in May 2025, is the first US federal statute criminalizing the publication of nonconsensual intimate imagery, including AI-generated forgeries. It imposes penalties of up to two years’ imprisonment, gives covered platforms 48 hours to remove flagged content, and grants the forfeiture powers the DOJ just used.

According to the seizure warrants, the digital forgeries depicted “politicians, first ladies of multiple countries, royalty, journalists, television presenters, athletes, entertainers, and others,” and visitors could browse them under tags including “rape,” “forced,” and “degradation”.

The authorities didn’t just snag the sites, though. They got the alleged operator of CFake.com, in an international effort.

The US alerted the Paris prosecutor’s office to a French national in Nice who was allegedly running CFake.com. French investigators counted roughly 300,000 images and 7,000 videos depicting 14,000 people across CFake.com, drawing four million monthly views from 200,000 user accounts.

They then arrested the IT professional, who had no prior criminal record. They also found around $64,000 in Ether cryptocurrency at his home in advertising revenue from the site.

The man will be tried on July 7 in Paris for carrying out illicit transactions online and providing nonconsensual sexual deepfakes. The former offence carries a potential seven years’ imprisonment and a €500,000 (approximately $580,000) fine. The latter could yield three years and a €75,000 ($87,000) fine.

Providers and accused providers of nonconsensual intimate deepfakes have also been held in the US. In April, James Strahler II from Ohio pleaded guilty to cyberstalking, producing child sexual abuse material, and publishing digital forgeries.

Strahler had downloaded produced over 700 images and animations posted to a child sexual abuse site, and had sent deepfake material to at least six adult women, including one sent to a victim’s coworkers.

Last month, the DoJ also arrested Cornelius Shannon and Arturo Hernandez under the TAKE IT DOWN Act for publishing thousands of deepfake images of prominent women and those not in the public eye.

Other countries are also taking action. Anthony Rontondo was arrested by Australian authorities in May last year for posting deepfaked pictures of prominent Australian women. He eventually received an AU$343,000 fine.

How prevalent are deepfakes?

These seizures and prosecutions are encouraging, but prosecutors trying to force non-consensual deepfakes offline face a rising tide of such material. Requests for and sharing of nonconsensual deepfake imagery have risen, with activity migrating across platforms. Deepfake incidents overall jumped 257% in 2024, and girls accounted for 94% of victims in reported AI-generated child sexual abuse cases.

Seizing a distribution point removes a storefront. It does not remove the AI models used to produce the material, the anonymous hosting providers downstream, or the demand that draws visitors in the first place.

What you can do

If you or someone you know are depicted in a nonconsensual deepfake, keep dated screenshots, URLs, and any communications as evidence before filing a takedown request and reporting it to the authorities.

Limit the high-resolution face images you and your children post publicly, since school portraits and social media profile pictures are the raw material these tools need.

Take advantage of expert advice to help protect yourself from non-consensual deepfakes:


Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban

15 June 2026 at 16:32

Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries.

Reuters reports that Anthropic said it will “abruptly ​disable” its most advanced AI models for all users after the US government ordered it to suspend access to the models for foreign nationals, citing national security ‌concerns.

Officials reportedly believe a jailbreak could turn Fable 5 and Mythos 5 into vulnerability-discovery tools for adversaries, so Anthropic says it is disabling them worldwide rather than try to nationality‑filter access, since it is virtually impossible to verify every user’s nationality.

In a statement on its website, Anthropic says:

“The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5. We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.”

Mythos 5 is the non-public full version, which is currently used only by government agencies and selected corporate partners to harden their systems. Fable 5 is a Mythos-class model that should supposedly be safe for general use.

It makes sense to me that if Fable 5 is easy to jailbreak, that it should fall under the same restrictions as Mythos 5. However, Anthropic maintains that it has built-in safeguards that mean queries on some topics will instead receive a response from the next-most-capable model, Claude Opus 4.8. 

The relationship between the US government and Anthropic had shown signs of easing in parts of the US government after tensions over military use, surveillance, and autonomous weapons. In March, defense Secretary Pete Hegseth designated the San Francisco-based company a “supply-chain risk to national security.”

To understand the nature of the argument, it is necessary to understand that Mythos 5 is described in multiple reports as particularly effective at identifying software vulnerabilities, including long‑standing bugs in complex, legacy systems such as those in banking and other critical infrastructure. Many view this as dual‑use: great for defense hardening, but catastrophic in the wrong hands.

In recent updates from major software vendors like Microsoft and Google, we’ve seen a growth in numbers of patched vulnerabilities after the vendors began using AI-guided search for new vulnerabilities in their own software. We also know that Mozilla found over 270 Firefox vulnerabilities with the aid of Anthropic’s new Claude Mythos model. 

What this means

In the wrong hands these vulnerabilities could definitely do a lot of harm. So, it looks like it will take some time before regular consumers and developers will gain access to Fable 5 and Mythos 5 entirely. However, existing Anthropic models (older Claude variants) remain available.

For home users who were simply chatting with Claude or using it to help with basic scripting, the change will mostly show up as “this specific version is unavailable” rather than a broader AI blackout.

Removing a high‑end vulnerability‑finding model from broad circulation increases the effort required for less‑resourced cybercriminals to automate discovery of complex bugs in consumer‑facing software and services only by so much. There are other models available on the black market that might be just as effective. And for most cybercriminals, turning a vulnerability into a method they can utilize in an exploit is much more relevant.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)

15 June 2026 at 16:32

This week on the Lock and Code podcast…

If you weren’t taking deepfakes seriously before, it’s too late now to ignore them.

According to new research from Malwarebytes, one in three people who use AI every day said it’s okay to generate pornography of people without their consent.

Nearly 10 years ago, “deepfake” technology provided hobbyists and film editors with artificial intelligence (AI) tools to swap the face of one person onto the body of another. In its infancy, this technology brought silly film experiments like swapping Tom Cruise in Mission Impossible with Keanu Reeves. Today, this same technology produces something far more harmful—fake nude images of teenagers.

On the Lock and Code podcast today with host David Ruiz, we are re-visiting an interview from 2024, in which we spoke with a lawyer named David Chiu about his lawsuit against 16 deepfake nude generation websites.

The websites named in that lawsuit often needed just one image of a person to generate fake pornography. And while nearly everyone has at least one image of themselves online, even if they had hundreds, the path towards deletion is somewhat understood—start by deactivating and deleting popular social media accounts. But for teenagers today, raised mostly online, and who share images directly with friends and boyfriends and girlfriends and exes, it’s likely impossible to remove every visual trace of themselves. Also, they shouldn’t have to face this problem alone.

The Lock and Code podcast frequently discusses structural problems that require individual management. You have to skirt corporate data collection. You have to find the automated license plate readers in your hometown. You have to review every single message you get with a certain antagonism, to guard yourself against scams.

So, it’s rare to encounter a solution that benefits more than one person.

Chiu serves as the City Attorney for San Francisco, which means his department can file a lawsuit on behalf of not just the people of San Francisco, but also California, and that’s what his team did in going after the deepfake websites.

Since then, Chiu’s department has shut down 10 deepfake nude websites, and it received a settlement agreement from a company called Briver LLC to no longer operate any website that creates nonconsensual deepfake pornography.

And, as California goes, so goes the nation.

In May of last year, the Take It Down Act became effective as law in the United States, which criminalizes “revenge porn” and AI-generated nonconsensual intimate imagery. The law is not perfect but so far it is being used as intended. Last month, two men in the US were among the first to be charged with violating the Take It Down act for allegedly creating deepfake nudes that, according to the AP, “included both celebrities as well as private women, including recent high school graduates.”

Today, we revisit our conversation with San Francisco City Attorney David Chiu about the important fight against deepfake porn and the clear threat that his department found against the public.

“At least one of these websites specifically promotes the non-consensual nature of this. So, and I’ll just quote, ‘Imagine wasting time taking her out on dates when you can just use website X to get her nudes.'”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

Google can be liable for false AI Overviews, court rules

11 June 2026 at 18:09

A German court has ruled that Google can be held directly responsible for defamatory claims produced by its AI Overviews. Basically, the court said that telling people they should double-check AI search results is not enough to deny liability for what those results say.

This kind of warning may not be enough.
This kind of warning may not be enough

The Munich Regional Court issued a preliminary injunction against Google after two German publishers discovered that AI Overviews falsely portrayed them as involved in scams and “dubious business practices,” even though the linked articles did not support those claims.

The decision could echo far beyond Germany. The court effectively found that Google can be held directly liable for defamatory content generated by its AI Overviews. The court cut through the usual “it’s just AI, don’t trust it too much” messaging and made one thing clear: If you build a system that confidently smears people or companies, you may be responsible for what it says, even when the content was “hallucinated” by AI.

AI Overviews are not harmless suggestions. In this case, the court treated them as Google’s own statements, with all the legal baggage that comes with that.

When the publishers sent a cease-and-desist letter, Google did not promptly stop similar claims from appearing. That detail turned out to be crucial in the ruling. The court noted that, unlike traditional search results, which simply list third-party content, AI Overviews generate “independent, new, and substantive statements.”

And since only Google can adjust the models and the logic that create those statements, only Google can reliably stop the system from repeating the same or similar falsehoods. In this case, the court found that Google can be held responsible.

For years, search engines have enjoyed broad protection under the logic that some harmful content is unavoidable when indexing the open web at scale. Showing a search result does not mean endorsing it. The search engine is a channel, not a publisher.

That changes when an AI Overview summarizes, rephrases, and sometimes invents facts, then publishes them at the top of search results.

AI Overviews are an extra feature, not essential to how search works. However, the appeal of AI summaries is their fast, confident answers, which is exactly what makes them dangerous. When those answers are wrong, many users may not click through to check the sources.

The ruling is preliminary and may be appealed, but the signal is clear: AI search output is not magic dust that makes liability disappear. Disclaimers about possible mistakes may not be enough when a system is deployed at scale, creates new content, and is designed to be trusted.

By the numbers

Google AI Overviews are powered by Gemini, Google’s AI model. Like other AI systems, it can produce confident answers that are wrong or poorly supported.

Pew Research studied browsing data from hundreds of users and found that when an AI Overview appears on a Google results page, clicks to traditional search results drop from around 15% to about 8%. 

A New York Times analysis of AI Overviews found that they were accurate roughly nine out of ten times. But with Google processing more than five trillion searches a year, even a small error rate could mean millions of wrong answers.

And those mistakes are not always due to bad sources. Even when Google links to a page with the correct information, its AI can still produce a false answer. More than half of the accurate responses were classified as “ungrounded,” meaning the websites cited by the AI Overview did not fully support the information it provided.

The main lesson here is to double-check AI search responses. Don’t trust an answer just because it’s presented confidently and includes links.

Users can be steered toward real threats, or away from effective protections, simply because an AI system sounded convincing on a search page.

If you find false or defamatory AI summaries about yourself or your company, document them thoroughly. Take screenshots, save the search terms, file correction requests, and keep records of the platform’s response. Or the lack of one.


Scammers don’t need to hack you. They just need you to click once. 

Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.

88% of people struggle to tell what’s real online

10 June 2026 at 13:45

What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust.

In a few, short years, Artificial Intelligence (AI) tools have granted people unfettered access to easier writing, faster image generation, quicker coding, and near-instantaneous answers, advice, and information—advantages they value and want. But the same tools that can spruce up a dating profile or reimagine an old photograph can also manipulate the broader world online, and people are noticing.

According to new research from Malwarebytes, 88% of people said it’s becoming harder to tell what content online is genuinely human or real, with 84% saying that “convincing video evidence” no longer feels like proof. Further, 85% said it can be hard to tell scams apart from the real thing—a major uptick from the 66% who said the same thing last year.

Statistics from the Face Value report

These are the first signs of AI’s counterfeit world. Replete with fake websites, fake products, fake videos, fake pictures, fake voices, and even fake people, it is threatening to swallow the web.

The latest report from Malwarebytes, Face value: How AI is reshaping trust, identity, and scams exposes the hidden cost of AI on the public: an excess of fraud that is dismantling trust in reality and in one another.

The damage arrives in large moments and small, from the US parent who said they “received a voicemail that sounded exactly like my son’s voice, saying he was in trouble and needed money for legal fees,” to the two entirely unrelated respondents fooled by the same AI-generated video of rabbits bouncing on a trampoline, to the individual worried about “my grandfather showing me AI slop and he thought it was real.”

For this research, Malwarebytes surveyed 1,500 adults aged 18 and older across the US, UK, Austria, Germany, and Switzerland about their uses, feelings, and concerns regarding AI. The sample was equally split for gender with a spread of ages, geographical regions, and race groups, and weighted to provide a balanced view.

The complete findings can be found in the full report:

Here are some of the key takeaways and findings:

  • 88% said it’s becoming harder to tell what content online is genuinely human or real
  • 84% said convincing video evidence no longer feels like proof 
  • 85% of people said it’s hard to tell a scam from the real thing (up from 66% last year)
  • 50% have experienced some form of AI fraud or scam, such as being misled by AI-generated photos of products or receiving a highly personalized scam message
  • 19% have specifically experienced some form of AI-driven identity harm, including the 10% who have had someone use AI to generate sexually explicit content of them without permission
  • 81% fear someone stealing their family’s likeness, yet only 13% have created a family codeword to guard against it
  • 67% worry about voice cloning, yet only 19% have turned off voicemail recordings to prevent it
  • 45% say it’s okay to use AI for personal emotional tasks (like writing wedding vows or a eulogy)
  • 34% say it’s okay to use AI to help create or improve a dating profile
  • One in three self-avowed daily users of AI said it’s okay to generate explicit images of someone without their consent 

Defeat would be the wrong lesson to take from all this. It is true now that the internet requires assistance, but there are plenty of safe places to seek help.

While Malwarebytes works to provide new tools, we’d like to remind both the AI anxious and the eager about the first rule of the internet: Remember the human. People’s voices, bodies, choices, and agency belong to them and them alone. 

As for every fake video, product, website, and image, understand that there’s help. No one needs to navigate an artificial internet alone. Whether through scam detection, identity protection, and simple awareness, people have more options than they may realize.

❌