Amazon’s smart doorbell maker Ring has terminated a partnership with police surveillance tech company Flock Safety.
The post Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash appeared first on SecurityWeek.
We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security.
The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42.
With both spring and St. Valentine’s Day just around the corner, love is in the air — but we’re going to look at it through the lens of ultra-modern high-technology. Today, we’re diving into how technology is reshaping our romantic ideals and even the language we use to flirt. And, of course, we’ll throw in some non-obvious tips to make sure you don’t end up as a casualty of the modern-day love game.
Ever received your fifth video e-card of the day from an older relative and thought, “Make it stop”? Or do you feel like a period at the end of a sentence is a sign of passive aggression? In the world of messaging, different social and age groups speak their own digital dialects, and things often get lost in translation.
This is especially obvious in how Gen Z and Gen Alpha use emojis. For them, the Loudly Crying Face 😭 often doesn’t mean sadness — it means laughter, shock, or obsession. Meanwhile, the Heart Eyes emoji might be used for irony rather than romance: “Lost my wallet on the way home 😍😍😍”. Some double meanings have already become universal, like 🔥 for approval/praise, or 🍆 for… well, surely you know that by now… right?! 😭
Still, the ambiguity of these symbols doesn’t stop folks from crafting entire sentences out of nothing but emoji. For instance, a declaration of love might look something like this:
Or here’s an invitation to go on a date:
By the way, there are entire books written in emojis. Back in 2009, enthusiasts actually translated the entirety of Moby Dick into emojis. The translators had to get creative — even paying volunteers to vote on the most accurate combinations for every single sentence. Granted it’s not exactly a literary masterpiece — the emoji language has its limits, after all — but the experiment was pretty fascinating: they actually managed to convey the general plot.
This is what Emoji Dick — the translation of Herman Melville’s Moby Dick into emoji — looks like. Source
Unfortunately, putting together a definitive emoji dictionary or a formal style guide for texting is nearly impossible. There are just too many variables: age, context, personal interests, and social circles. Still, it never hurts to ask your friends and loved ones how they express tone and emotion in their messages. Fun fact: couples who use emojis regularly generally report feeling closer to one another.
However, if you are big into emojis, keep in mind that your writing style is surprisingly easy to spoof. It’s easy for an attacker to run your messages or public posts through AI to clone your tone for social engineering attacks on your friends and family. So, if you get a frantic DM or a request for an urgent wire transfer that sounds exactly like your best friend, double-check it. Even if the vibe is spot on, stay skeptical. We took a deeper dive into spotting these deepfake scams in our post about the attack of the clones.
Of course, in 2026, it’s impossible to ignore the topic of relationships with artificial intelligence; it feels like we’re closer than ever to the plot of the movie Her. Just 10 years ago, news about people dating robots sounded like sci-fi tropes or urban legends. Today, stories about teens caught up in romances with their favorite characters on Character AI, or full-blown wedding ceremonies with ChatGPT, barely elicit more than a nervous chuckle.
In 2017, the service Replika launched, allowing users to create a virtual friend or life partner powered by AI. Its founder, Eugenia Kuyda — a Russian native living in San Francisco since 2010 — built the chatbot after her friend was tragically killed by a car in 2015, leaving her with nothing but their chat logs. What started as a bot created to help her process her grief was eventually released to her friends and then the general public. It turned out that a lot of people were craving that kind of connection.
Replika lets users customize a character’s personality, interests, and appearance, after which they can text or even call them. A paid subscription unlocks the romantic relationship option, along with AI-generated photos and selfies, voice calls with roleplay, and the ability to hand-pick exactly what the character remembers from your conversations.
However, these interactions aren’t always harmless. In 2021, a Replika chatbot actually encouraged a user in his plot to assassinate Queen Elizabeth II. The man eventually attempted to break into Windsor Castle — an “adventure” that ended in 2023 with a nine-year prison sentence. Following the scandal, the company had to overhaul its algorithms to stop the AI from egging on illegal behavior. The downside? According to many Replika devotees, the AI model lost its spark and became indifferent to users. After thousands of users revolted against the updated version, Replika was forced to cave and give longtime customers the option to roll back to the legacy chatbot version.
But sometimes, just chatting with a bot isn’t enough. There are entire online communities of people who actually marry their AI. Even professional wedding planners are getting in on the action. Last year, Yurina Noguchi, 32, “married” Klaus, an AI persona she’d been chatting with on ChatGPT. The wedding featured a full ceremony with guests, the reading of vows, and even a photoshoot of the “happy newlyweds”.
Yurina Noguchi, 32, “married” Klaus, an AI character created by ChatGPT. Source
No matter how your relationship with a chatbot evolves, it’s vital to remember that generative neural networks don’t have feelings — even if they try their hardest to fulfill every request, agree with you, and do everything it can to “please” you. What’s more, AI isn’t capable of independent thought (at least not yet). It’s simply calculating the most statistically probable and acceptable sequence of words to serve up in response to your prompt.
Those who aren’t ready to tie the knot with a bot aren’t exactly having an easy time either: in today’s world, face-to-face interactions are dwindling every year. Modern love requires modern tech! And while you’ve definitely heard the usual grumbling, “Back in the day, people fell in love for real. These days it’s all about swiping left or right!” Statistics tell a different story. Roughly 16% of couples worldwide say they met online, and in some countries that number climbs to as high as 51%.
That said, dating apps like Tinder spark some seriously mixed emotions. The internet is practically overflowing with articles and videos claiming these apps are killing romance and making everyone lonely. But what does the research say?
In 2025, scientists conducted a meta-analysis of studies investigating how dating apps impact users’ wellbeing, body image, and mental health. Half of the studies focused exclusively on men, while the other half included both men and women. Here are the results: 86% of respondents linked negative body image to their use of dating apps! The analysis also showed that in nearly one out of every two cases, dating app usage correlated with a decline in mental health and overall wellbeing.
Other researchers noted that depression levels are lower among those who steer clear of dating apps. Meanwhile, users who already struggled with loneliness or anxiety often develop a dependency on online dating; they don’t just log on for potential relationships, but for the hits of dopamine from likes, matches, and the endless scroll of profiles.
However, the issue might not just be the algorithms — it could be our expectations. Many are convinced that “sparks” must fly on the very first date, and that everyone has a “soulmate” waiting for them somewhere out there. In reality, these romanticized ideals only surfaced during the Romantic era as a rebuttal to Enlightenment rationalism, where marriages of convenience were the norm.
It’s also worth noting that the romantic view of love didn’t just appear out of thin air: the Romantics, much like many of our contemporaries, were skeptical of rapid technological progress, industrialization, and urbanization. To them, “true love” seemed fundamentally incompatible with cold machinery and smog-choked cities. It’s no coincidence, after all, that Anna Karenina meets her end under the wheels of a train.
Fast forward to today, and many feel like algorithms are increasingly pulling the strings of our decision-making. However, that doesn’t mean online dating is a lost cause; researchers have yet to reach a consensus on exactly how long-lasting or successful internet-born relationships really are. The bottom line: don’t panic, just make sure your digital networking stays safe!
So, you’ve decided to hack Cupid and signed up for a dating app. What could possibly go wrong?
Catfishing is a classic online scam where a fraudster pretends to be someone else. It used to be that catfishers just stole photos and life stories from real people, but nowadays they’re increasingly pivoting to generative models. Some AIs can churn out incredibly realistic photos of people who don’t even exist, and whipping up a backstory is a piece of cake — or should we say, a piece of prompt. By the way, that “verified account” checkmark isn’t a silver bullet; sometimes AI manages to trick identity verification systems too.
To verify that you’re talking to a real human, try asking for a video call or doing a reverse image search on their photos. If you want to level up your detection skills, check out our three posts on how to spot fakes: from photos and audio recordings to real-time deepfake video — like the kind used in live video chats.
Picture this: you’ve been hitting it off with a new connection for a while, and then, totally out of the blue, they drop a suspicious link and ask you to follow it. Maybe they want you to “help pick out seats” or “buy movie tickets”. Even if you feel like you’ve built up a real bond, there’s a chance your match is a scammer (or just a bot), and the link is malicious.
Telling you to “never click a malicious link” is pretty useless advice — it’s not like they come with a warning label. Instead, try this: to make sure your browsing stays safe, use a Kaspersky Premium that automatically blocks phishing attempts and keeps you off sketchy sites.
Keep in mind that there’s an even more sophisticated scheme out there known as “Pig Butchering”. In these cases, the scammer might chat with the victim for weeks or even months. Sadly, it ends badly: after lulling the victim into a false sense of security through friendly or romantic banter, the scammer casually nudges them toward a “can’t-miss crypto investment” — and then vanishes along with the “invested” funds.
The internet is full of horror stories about obsessed creepers, harassment, and stalking. That’s exactly why posting photos that reveal where you live or work — or telling strangers about your favorite local hangouts — is a bad move. We’ve previously covered how to avoid becoming a victim of doxing (the gathering and public release of your personal info without your consent). Your first step is to lock down the privacy settings on all your social media and apps using our free Privacy Checker tool.
We also recommend stripping metadata from your photos and videos before you post or send them; many sites and apps don’t do this for you. Metadata can allow anyone who downloads your photo to pinpoint the exact coordinates of where it was taken.
Finally, don’t forget about your physical safety. Before heading out on a date, it’s a smart move to share your live geolocation, and set up a safe word or a code phrase with a trusted friend to signal if things start feeling off.
We don’t recommend ever sending intimate photos to strangers. Honestly, we don’t even recommend sending them to people you do know — you never know how things might go sideways down the road. But if a conversation has already headed in that direction, suggest moving it to an app with end-to-end encryption that supports self-destructing messages (like “delete after viewing”). Telegram’s Secret Chats are great for this (plus — they block screenshots!), as are other secure messengers. If you do find yourself in a bad spot, check out our posts on what to do if you’re a victim of sextortion and how to get leaked nudes removed from the internet.
More on love, security (and robots):
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks.
The post Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions appeared first on Black Hills Information Security, Inc..
Information sharing is necessary for efficient cybersecurity, and is widespread; but never quite perfect in practice.
The post Cyber Insights 2026: Information Sharing appeared first on SecurityWeek.
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats.
The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering appeared first on Unit 42.
We've known that social engineering would get AI wings. Now, at the beginning of 2026, we are learning just how high those wings can soar.
The post Cyber Insights 2026: Social Engineering appeared first on SecurityWeek.
behash:"4acaac53c8340a8c236c91e68244e6cb"
/api/v3/files/09a8b930c8b79e7c313e5e741e1d59c39ae91bc1f10cdefa68b47bf77519be57/execution_parents
signature:"Peastaking plenipotence ductileness chilopodous codicillary."
signature:"© 2026 Eosinophil LLC"
exports:15Mmm95ml1RbfjH1VUyelYFCf exports:2dlSKEtPzvo1mHDN4FYgv
behash:5ddb604194329c1f182d7ba74f6f5946
Login
import "pe"
rule win_dll_sideload_eosinophil_infostealer_jan26
{
meta:
author = "VirusTotal"
description = "Detects malicious DLLs (CoreMessaging.dll) from an infostealer campaign impersonating Malwarebytes, Logitech, and others via DLL sideloading."
reference = "https://blog.virustotal.com/2026/01/malicious-infostealer-january-26.html"
date = "2026-01-16"
behash = "4acaac53c8340a8c236c91e68244e6cb"
target_entity = "file"
hash = "606baa263e87d32a64a9b191fc7e96ca066708b2f003bde35391908d3311a463"
condition:
(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and pe.is_dll()) and
pe.exports("15Mmm95ml1RbfjH1VUyelYFCf") and pe.exports("2dlSKEtPzvo1mHDN4FYgv")
}
| sha256 | description |
|---|---|
| 6773af31bd7891852c3d8170085dd4bf2d68ea24a165e4b604d777bd083caeaa | malwarebytes-windows-github-io-X.X.X.zip |
| 4294d6e8f1a63b88c473fce71b665bbc713e3ee88d95f286e058f1a37d4162be | malwarebytes-windows-github-io-X.X.X.zip |
| 5591156d120934f19f2bb92d9f9b1b32cb022134befef9b63c2191460be36899 | malwarebytes-windows-github-io-X.X.X.zip |
| 42d53bf0ed5880616aa995cad357d27e102fb66b2fca89b17f92709b38706706 | malwarebytes-windows-github-io-X.X.X.zip |
| 5aa6f4a57fb86759bbcc9fc6c61b5f74c0ca74604a22084f9e0310840aa73664 | malwarebytes-windows-github-io-X.X.X.zip |
| 84021dcfad522a75bf00a07e6b5cb4e17063bd715a877ed01ba5d1631cd3ad71 | malwarebytes-windows-github-io-X.X.X.zip |
| ca8467ae9527ed908e9478c3f0891c52c0266577ca59e4c80a029c256c1d4fce | malwarebytes-windows-github-io-X.X.X.zip |
| 9619331ef9ff6b2d40e77a67ec86fc81b050eeb96c4b5f735eb9472c54da6735 | malwarebytes-windows-github-io-X.X.X.zip |
| a2842c7cfaadfba90b29e0b9873a592dd5dbea0ef78883d240baf3ee2d5670c5 | malwarebytes-windows-github-io-X.X.X.zip |
| 4705fd47bf0617b60baef8401c47d21afb3796666092ce40fbb7fe51782ae280 | malwarebytes-windows-github-io-X.X.X.zip |
| 580d37fc9d9cc95dc615d41fa2272f8e86c9b4da2988a336a8b3a3f90f4363c2 | malwarebytes-windows-github-io-X.X.X.zip |
| d47fd17d1d82ea61d850ccc2af3bee54adce6975d762fb4dee8f4006692c5ef7 | malwarebytes-windows-github-io-X.X.X.zip |
| 606baa263e87d32a64a9b191fc7e96ca066708b2f003bde35391908d3311a463 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| fd855aa20467708d004d4aab5203dd5ecdf4db2b3cb2ed7e83c27368368f02bb | CoreMessaging.dll DLL loaded by DLL SideLoading |
| a0687834ce9cb8a40b2bb30b18322298aff74147771896787609afad9016f4ea | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 4235732440506e626fd4d0fffad85700a8fcf3e83ba5c5bc8e19ada508a6498e | CoreMessaging.dll DLL loaded by DLL SideLoading |
| cd1fe2762acf3fb0784b17e23e1751ca9e81a6c0518c6be4729e2bc369040ca5 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| f798c24a688d7858efd6efeaa8641822ad269feeb3a74962c2f7c523cf8563ff | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 0698a2c6401059a3979d931b84d2d4b011d38566f20558ee7950a8bf475a6959 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 1b3bee041f2fffcb9c216522afa67791d4c658f257705e0feccc7573489ec06f | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 231c05f4db4027c131259d1acf940e87e15261bb8cb443c7521294512154379b | CoreMessaging.dll DLL loaded by DLL SideLoading |
| ec2e30d8e5cacecdf26c713e3ee3a45ebc512059a64ba4062b20ca8bec2eb9e7 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 58bd2e6932270921028ab54e5ff4b0dbd1bf67424d4a5d83883c429cadeef662 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 57ed35e6d2f2d0c9bbc3f17ce2c94946cc857809f4ab5c53d7cb04a4e48c8b14 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| cfcf3d248100228905ad1e8c5849bf44757dd490a0b323a10938449946eabeee | CoreMessaging.dll DLL loaded by DLL SideLoading |
| f02be238d14f8e248ad9516a896da7f49933adc7b36db7f52a7e12d1c2ddc6af | CoreMessaging.dll DLL loaded by DLL SideLoading |
| f60802c7bec15da6d84d03aad3457e76c5760e4556db7c2212f08e3301dc0d92 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 02dc9217f870790b96e1069acd381ae58c2335b15af32310f38198b5ee10b158 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| f9549e382faf0033b12298b4fd7cd10e86c680fe93f7af99291b75fd3d0c9842 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 92f4d95938789a69e0343b98240109934c0502f73d8b6c04e8ee856f606015c8 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 66fba00b3496d61ca43ec3eae02527eb5222892186c8223b9802060a932a5a7a | CoreMessaging.dll DLL loaded by DLL SideLoading |
| e5dd464a2c90a8c965db655906d0dc84a9ac84701a13267d3d0c89a3c97e1e9b | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 35211074b59417dd5a205618fed3402d4ac9ca419374ff2d7349e70a3a462a15 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 6863b4906e0bd4961369b8784b968b443f745869dbe19c6d97e2287837849385 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| a83c478f075a3623da5684c52993293d38ecaa17f4a1ddca10f95335865ef1e2 | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 43e2936e4a97d9bc43b423841b137fde1dd5b2f291abf20d3ba57b8f198d9fab | CoreMessaging.dll DLL loaded by DLL SideLoading |
| f001ae3318ba29a3b663d72b5375d10da5207163c6b2746cfae9e46a37d975cf | CoreMessaging.dll DLL loaded by DLL SideLoading |
| c67403d3b6e7750222f20fa97daa3c05a9a8cce39db16455e196cd81d087b54d | CoreMessaging.dll DLL loaded by DLL SideLoading |
| 5ee9d4636b01fd3a35bd8e3dce86a8c114d8b0aa6b68b1d26ace7ef0f85b438a | Payload dropped by one of the malicious DLLs |
| e84b0dadb0b6be9b00a063ed82c8ddba06a2bd13f07d510d14e6fd73cd613fba | Payload dropped by one of the malicious DLLs |
This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […]
The post How to Perform and Combat Social Engineering appeared first on Black Hills Information Security, Inc..
This blog is part of a series where we highlight new or fast-evolving threats in consumer security. This one focuses on how AI is being used to design more realistic campaigns, accelerate social engineering, and how AI agents can be used to target individuals.
Most cybercriminals stick with what works. But once a new method proves effective, it spreads quickly—and new trends and types of campaigns follow.
In 2025, the rapid development of Artificial Intelligence (AI) and its use in cybercrime went hand in hand. In general, AI allows criminals to improve the scale, speed, and personalization of social engineering through realistic text, voice, and video. Victims face not only financial loss, but erosion of trust in digital communication and institutions.
One of the main areas where AI improved was in the area of voice-cloning, which was immediately picked up by scammers. In the past, they would mostly stick to impersonating friends and relatives. In 2025, they went as far as impersonating senior US officials. The targets were predominantly current or former US federal or state government officials and their contacts.
In the course of these campaigns, cybercriminals used test messages as well as AI-generated voice messages. At the same time, they did not abandon the distressed-family angle. A woman in Florida was tricked into handing over thousands of dollars to a scammer after her daughter’s voice was AI-cloned and used in a scam.
Agentic AI is the term used for individualized AI agents designed to carry out tasks autonomously. One such task could be to search for publicly available or stolen information about an individual and use that information to compose a very convincing phishing lure.
These agents could also be used to extort victims by matching stolen data with publicly known email addresses or social media accounts, composing messages and sustaining conversations with people who believe a human attacker has direct access to their Social Security number, physical address, credit card details, and more.
Another use we see frequently is AI-assisted vulnerability discovery. These tools are in use by both attackers and defenders. For example, Google uses a project called Big Sleep, which has found several vulnerabilities in the Chrome browser.
As mentioned in the section on AI agents, combining data posted on social media with data stolen during breaches is a common tactic. Such freely provided data is also a rich harvesting ground for romance scams, sextortion, and holiday scams.
Social media platforms are also widely used to peddle fake products, AI generated disinformation, dangerous goods, and drop-shipped goods.
And then there are the vulnerabilities in public AI platforms such as ChatGPT, Perplexity, Claude, and many others. Researchers and criminals alike are still exploring ways to bypass the safeguards intended to limit misuse.
Prompt injection is the general term for when someone inserts carefully crafted input, in the form of an ordinary conversation or data, to nudge or force an AI into doing something it wasn’t meant to do.
In some cases, attackers have used AI platforms to write and spread malware. Researchers have documented campaign where attackers leveraged Claude AI to automate the entire attack lifecycle, from initial system compromise through to ransom note generation, targeting sectors such as government, healthcare, and emergency services.
Since early 2024, OpenAI says it has disrupted more than 20 campaigns around the world that attempted to abuse its AI platform for criminal operations and deceptive campaigns.
AI is amplifying the capabilities of both defenders and attackers. Security teams can use it to automate detection, spot patterns faster, and scale protection. Cybercriminals, meanwhile, are using it to sharpen social engineering, discover vulnerabilities more quickly, and build end-to-end campaigns with minimal effort.
Looking toward 2026, the biggest shift may not be technical but psychological. As AI-generated content becomes harder to distinguish from the real thing, verifying voices, messages, and identities will matter more than ever.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
This blog is part of a series where we highlight new or fast-evolving threats in consumer security. This one focuses on how AI is being used to design more realistic campaigns, accelerate social engineering, and how AI agents can be used to target individuals.
Most cybercriminals stick with what works. But once a new method proves effective, it spreads quickly—and new trends and types of campaigns follow.
In 2025, the rapid development of Artificial Intelligence (AI) and its use in cybercrime went hand in hand. In general, AI allows criminals to improve the scale, speed, and personalization of social engineering through realistic text, voice, and video. Victims face not only financial loss, but erosion of trust in digital communication and institutions.
One of the main areas where AI improved was in the area of voice-cloning, which was immediately picked up by scammers. In the past, they would mostly stick to impersonating friends and relatives. In 2025, they went as far as impersonating senior US officials. The targets were predominantly current or former US federal or state government officials and their contacts.
In the course of these campaigns, cybercriminals used test messages as well as AI-generated voice messages. At the same time, they did not abandon the distressed-family angle. A woman in Florida was tricked into handing over thousands of dollars to a scammer after her daughter’s voice was AI-cloned and used in a scam.
Agentic AI is the term used for individualized AI agents designed to carry out tasks autonomously. One such task could be to search for publicly available or stolen information about an individual and use that information to compose a very convincing phishing lure.
These agents could also be used to extort victims by matching stolen data with publicly known email addresses or social media accounts, composing messages and sustaining conversations with people who believe a human attacker has direct access to their Social Security number, physical address, credit card details, and more.
Another use we see frequently is AI-assisted vulnerability discovery. These tools are in use by both attackers and defenders. For example, Google uses a project called Big Sleep, which has found several vulnerabilities in the Chrome browser.
As mentioned in the section on AI agents, combining data posted on social media with data stolen during breaches is a common tactic. Such freely provided data is also a rich harvesting ground for romance scams, sextortion, and holiday scams.
Social media platforms are also widely used to peddle fake products, AI generated disinformation, dangerous goods, and drop-shipped goods.
And then there are the vulnerabilities in public AI platforms such as ChatGPT, Perplexity, Claude, and many others. Researchers and criminals alike are still exploring ways to bypass the safeguards intended to limit misuse.
Prompt injection is the general term for when someone inserts carefully crafted input, in the form of an ordinary conversation or data, to nudge or force an AI into doing something it wasn’t meant to do.
In some cases, attackers have used AI platforms to write and spread malware. Researchers have documented campaign where attackers leveraged Claude AI to automate the entire attack lifecycle, from initial system compromise through to ransom note generation, targeting sectors such as government, healthcare, and emergency services.
Since early 2024, OpenAI says it has disrupted more than 20 campaigns around the world that attempted to abuse its AI platform for criminal operations and deceptive campaigns.
AI is amplifying the capabilities of both defenders and attackers. Security teams can use it to automate detection, spot patterns faster, and scale protection. Cybercriminals, meanwhile, are using it to sharpen social engineering, discover vulnerabilities more quickly, and build end-to-end campaigns with minimal effort.
Looking toward 2026, the biggest shift may not be technical but psychological. As AI-generated content becomes harder to distinguish from the real thing, verifying voices, messages, and identities will matter more than ever.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
You might not know it, given the many headlines focused on new questions about copyright and Generative AI, but the year’s biggest copyright case concerned an old-for-the-internet question: do ISPs have to be copyright cops? After years of litigation, that question is now squarely before the Supreme Court. And if the Supreme Court doesn’t reverse a lower court’s ruling, ISPs could be forced to terminate people’s internet access based on nothing more than mere accusations of copyright infringement. This would threaten innocent users who rely on broadband for essential aspects of daily life.
This issue turns on what courts call “secondary liability,” which is the legal idea that someone can be held responsible not for what they did directly, but for what someone else did using their product or service. The case began when music companies sued Cox Communications, arguing that the ISP should be held liable for copyright infringement committed by some of its subscribers. The Court of Appeals for the Fourth Circuit agreed, adopting a “material contribution” standard for contributory copyright liability (a rule for when service providers can be held liable for the actions of users). Under that standard, providing a service that could be used for infringement is enough to create liability when a customer infringes.
The Fourth Circuit’s rule would have devastating consequences for the public. Given copyright law’s draconian penalties, ISP would be under enormous pressure to terminate accounts whenever they get an infringement notice, whether or not the actual accountholder has infringed anything: entire households, schools, libraries, or businesses that share an internet connection. These would include:
And with more than a third of Americans having only one or no broadband provider, many users would have no way to reconnect.
EFF—along with the American Library Association, the Association of Research Libraries, and Re:Create—filed an amicus brief urging the Court to reverse the Fourth Circuit’s decision, taking guidance from patent law. In the Patent Act, where Congress has explicitly defined secondary liability, there’s a different test: contributory infringement exists only where a product is incapable of substantial non-infringing use. Internet access, of course, is overwhelmingly used for lawful purposes, making it the very definition of a “staple article of commerce” that can’t be liable under the patent framework.
The Supreme Court held a hearing in the case on December 1, and a majority of the justices seemed troubled by the implications of the Fourth Circuit’s ruling. One exchange was particularly telling: asked what should happen when the notices of infringement target a university account upon which thousands of people rely, Sony’s counsel suggested the university could resolve the issue by essentially slowing internet speeds so infringement might be less appealing. It’s hard to imagine the university community would agree that research, teaching, artmaking, library services, and the myriad other activities that rely on internet access should be throttled because of the actions of a few students. Hopefully the Supreme Court won’t either.
We expect a ruling in the case in the next few months. Fingers crossed that the Court rejects the Fourth Circuit’s draconian rule.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.
In this post, we analyze the evolving bypass tactics threat actors are using to neutralize traditional security perimeters and fuel the global surge in infostealer infections.
Table Of Contents
Infostealer-driven credential theft in 2025 has surged, with Flashpoint observing a staggering 800% increase since the start of the year. With over 1.8 billion corporate and personal accounts compromised, the threat landscape finds itself in a paradox: while technical defenses have never been more advanced, the human attack surface has never been more vulnerable.
Information-stealing malware has become the most scalable entry point for enterprise breaches, but to truly defend against them, organizations must look beyond the malware itself. As teams move into 2026 security planning, it is critical to understand the deceptive initial access vectors—the latest tactics Flashpoint is seeing in the wild—that threat actors are using to manipulate users and bypass modern security perimeters.
Here are the latest methods threat actors are leveraging to facilitate infections:
Mark of the Web (MotW) is a critical Windows defense feature that tags files downloaded from the internet as “untrusted” by adding a hidden NTFS Alternate Data Stream (ADS) to the file. This tag triggers “Protected View” in Microsoft Office programs and prompts Windows SmartScreen warnings when a user attempts to execute an unknown file.
Flashpoint has observed a new social engineering method to bypass these protections through a simple drag-and-drop lure. Instead of asking a user to open a suspicious attachment directly, which would trigger an immediate MotW warning, threat actors are instead instructing the victim to drag the malicious image or file from a document onto their desktop to view it. This manual interaction is highly effective for two reasons:
Flashpoint analysts uncovered an illicit thread detailing a proof of concept for a client-side remote code execution (RCE) in the Google Web Designer for Windows, which was first discovered by security researcher Bálint Magyar.
Google Web Designer is an application used for creating dynamic ads for the Google Ads platform. Leveraging this vulnerability, attackers would be able to perform remote code execution through an internal API using CSS injection by targeting a configuration file related to ads documents.
Within this thread, threat actors were specifically interested in the execution of the payload using the chrome.exe process. This is because using chrome.exe to fetch and execute a file is likely to bypass several security restrictions as Chrome is already a trusted process. By utilizing specific command-line arguments, such as the –headless flag, threat actors showed how to force a browser to initiate a remote connection in the background without spawning a visible window. This can be used in conjunction with other malicious scripts to silently download additional payloads onto a victim’s systems.
As widely-used software becomes more hardened and secure, threat actors are instead pivoting to targeting lesser-known alternatives. These tools often lack robust macro-protections. By targeting vulnerabilities in secondary PDF viewers or Office alternatives, attackers are seeking to trick users into making remote server connections that would otherwise be flagged as suspicious.
Social engineering is one of the driving factors behind the infostealer lifecycle. Once an initial access vector is successful, the malware immediately begins harvesting the logs that fuel today’s identity-based digital attacks.
As detailed in The Proactive Defender’s Guide to Infostealers, the end goal is not just a password. Instead, attackers are prioritizing session cookies, which allow them to perform session hijacking. By importing these stolen cookies into anti-detect browsers, they bypass Multi-Factor Authentication and step directly into corporate environments, appearing as a legitimate, authenticated user.
Understanding how threat actors weaponize stolen data is the first step toward a proactive defense. For a deep dive into the most prolific stealer strains and strategies for managing the identity attack surface, download The Proactive Defender’s Guide to Infostealers today.
The post The Infostealer Gateway: Uncovering the Latest Methods in Defense Evasion appeared first on Flashpoint.
Keeping websites and applications secure starts with knowing which vulnerabilities exist, how severe they are, and whether they affect your stack. That’s exactly where the CVE program shines. Below, we’ll cover some CVE fundamentals, including what they are, how to search and understand the data, and how to translate this information into actionable steps.
Introduction to the CVE database
So, what is CVE?
CVE stands for Common Vulnerabilities and Exposures, a community-driven program that assigns unique identifiers to publicly known vulnerabilities.
Continue reading A Beginner’s Guide to the CVE Database at Sucuri Blog.
Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.
The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..
British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVs
Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars?
On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices.
Continue reading...
© Photograph: Ying Tang/NurPhoto/REX/Shutterstock
© Photograph: Ying Tang/NurPhoto/REX/Shutterstock
© Photograph: Ying Tang/NurPhoto/REX/Shutterstock
GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign.
The post Gone Phishing: Installing GoPhish and Creating a Campaign appeared first on Black Hills Information Security, Inc..
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
The post Indecent Exposure: Your Secrets are Showing appeared first on Black Hills Information Security, Inc..
p:5+ have:behavior fs:30d+ not have:sigma
p:5+ (sandbox_name:"CAPE Sandbox" or sandbox_name:"Zenbox") fs:30d+ not have:sigma
p:5+ have:behavior fs:30d+ sigma_critical:0 sigma_high:0 sigma_medium:0 sigma_low:2-
title: Detect The Execution Of More.com And Vbc.exe Related to Lummac Stealer
id: 19b3806e-46f2-4b4c-9337-e3d8653245ea
status: experimental
description: Detects the execution of more.com and vbc.exe in the process tree. This behaviors was observed by a set of samples related to Lummac Stealer. The Lummac payload is injected into the vbc.exe process.
references:
- https://www.virustotal.com/gui/file/14d886517fff2cc8955844b252c985ab59f2f95b2849002778f03a8f07eb8aef
- https://strontic.github.io/xcyclopedia/library/more.com-EDB3046610020EE614B5B81B0439895E.html
- https://strontic.github.io/xcyclopedia/library/vbc.exe-A731372E6F6978CE25617AE01B143351.html
author: Joseliyo Sanchez, @Joseliyo_Jstnk
date: 2024-11-14
tags:
- attack.defense-evasion
- attack.t1055
logsource:
category: process_creation
product: windows
detection:
# VT Query: behaviour_processes:"C:\\Windows\\SysWOW64\\more.com" behaviour_processes:"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe"
selection_parent:
ParentImage|endswith: '\more.com'
selection_child:
- Image|endswith: '\vbc.exe'
- OriginalFileName: 'vbc.exe'
condition: all of selection_*
falsepositives:
- Unknown
level: high
{
"System": {
"Provider": {
"Guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}",
"Name": "Microsoft-Windows-Sysmon"
},
"EventID": 1,
"Version": 5,
"Level": 4,
"Task": 1,
"Opcode": 0,
"Keywords": "0x8000000000000000",
"TimeCreated": {
"SystemTime": "2024-11-26T16:23:05.132539500Z"
},
"EventRecordID": 692861,
"Correlation": {},
"Execution": {
"ProcessID": 2396,
"ThreadID": 3116
},
"Channel": "Microsoft-Windows-Sysmon/Operational",
"Computer": "DESKTOP-B0T93D6",
"Security": {
"UserID": "S-1-5-18"
}
},
"EventData": {
"RuleName": "-",
"UtcTime": "2024-11-26 16:23:05.064",
"ProcessGuid": "{C784477D-F5E9-6745-6006-000000003F00}",
"ProcessId": 4184,
"Image": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe",
"FileVersion": "14.8.3761.0",
"Description": "Visual Basic Command Line Compiler",
"Product": "Microsoft® .NET Framework",
"Company": "Microsoft Corporation",
"OriginalFileName": "vbc.exe",
"CommandLine": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe",
"CurrentDirectory": "C:\\Users\\george\\AppData\\Roaming\\comlocal\\RUYCLAXYVMFJ\\",
"User": "DESKTOP-B0T93D6\\george",
"LogonGuid": "{C784477D-9D9B-66FF-6E87-050000000000}",
"LogonId": "0x5876e",
"TerminalSessionId": 1,
"IntegrityLevel": "High",
"Hashes": {
"SHA1": "61F4D9A9EE38DBC72E840B3624520CF31A3A8653",
"MD5": "FCCB961AE76D9E600A558D2D0225ED43",
"SHA256": "466876F453563A272ADB5D568670ECA98D805E7ECAA5A2E18C92B6D3C947DF93",
"IMPHASH": "1460E2E6D7F8ECA4240B7C78FA619D15"
},
"ParentProcessGuid": "{C784477D-F5D4-6745-5E06-000000003F00}",
"ParentProcessId": 6572,
"ParentImage": "C:\\Windows\\SysWOW64\\more.com",
"ParentCommandLine": "C:\\Windows\\SysWOW64\\more.com",
"ParentUser": "DESKTOP-B0T93D6\\george"
}
}
title: File Creation Related To RAT Clients
id: 2f3039c8-e8fe-43a9-b5cf-dcd424a2522d
status: experimental
description: File .conf created related to VenomRAT, AsyncRAT and Lummac samples observed in the wild.
references:
- https://www.virustotal.com/gui/file/c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
- https://www.virustotal.com/gui/file/e96a0c1bc5f720d7f0a53f72e5bb424163c943c24a437b1065957a79f5872675
author: Joseliyo Sanchez, @Joseliyo_Jstnk
date: 2024-11-15
tags:
- attack.execution
logsource:
category: file_event
product: windows
detection:
# VT Query: behaviour_files:"\\AppData\\Roaming\\DataLogs\\DataLogs.conf"
# VT Query: behaviour_files:"DataLogs.conf" or behaviour_files:"hvnc.conf" or behaviour_files:"dcrat.conf"
selection_required:
TargetFilename|contains: '\AppData\Roaming\'
selection_variants:
TargetFilename|endswith:
- '\datalogs.conf'
- '\hvnc.conf'
- '\dcrat.conf'
TargetFilename|contains:
- '\mydata\'
- '\datalogs\'
- '\hvnc\'
- '\dcrat\'
condition: all of selection_*
falsepositives:
- Legitimate software creating a file with the same name
level: high
{
"System": {
"Provider": {
"Guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}",
"Name": "Microsoft-Windows-Sysmon"
},
"EventID": 11,
"Version": 2,
"Level": 4,
"Task": 11,
"Opcode": 0,
"Keywords": "0x8000000000000000",
"TimeCreated": {
"SystemTime": "2024-12-02T00:52:23.072811600Z"
},
"EventRecordID": 1555690,
"Correlation": {},
"Execution": {
"ProcessID": 2624,
"ThreadID": 3112
},
"Channel": "Microsoft-Windows-Sysmon/Operational",
"Computer": "DESKTOP-B0T93D6",
"Security": {
"UserID": "S-1-5-18"
}
},
"EventData": {
"RuleName": "-",
"UtcTime": "2024-12-02 00:52:23.059",
"ProcessGuid": "{C784477D-04C6-674D-5C06-000000004B00}",
"ProcessId": 7592,
"Image": "C:\\Users\\george\\Desktop\\ezzz.exe",
"TargetFilename": "C:\\Users\\george\\AppData\\Roaming\\MyData\\DataLogs.conf",
"CreationUtcTime": "2024-12-02 00:52:23.059",
"User": "DESKTOP-B0T93D6\\george"
}
sigma_rule:a1021d4086a92fd3782417a54fa5c5141d1e75c8afc9e73dc6e71ef9e1ae2e9c
sigma_rule:8f179585d5c1249ab1ef8cec45a16d112a53f91d143aa2b0b6713602b1d19252
This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]
The post The Detection Engineering Process appeared first on Black Hills Information Security, Inc..
