#anti-bot-protection
#anti-bot-protection

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

US politics

16 hours ago

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.

#ai-security

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromSocial Media Explorer

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

more#ai-security

Marketing tech

The Rise of Dark Traffic: Why Your Analytics Are Lying to You - Social Media Explorer

Direct traffic is increasingly misleading due to untraceable influences from AI-driven research and decision-making processes.

#ai

fromFuturism

Artificial intelligence

Claude Leak Shows That Anthropic Is Tracking Users' Vulgar Language and Deems Them "Negative"

fromMedium

Psychology

Playing dumb: how AI is beating scammers at their own game

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

fromFuturism

Claude Leak Shows That Anthropic Is Tracking Users' Vulgar Language and Deems Them "Negative"

Anthropic experienced a significant leak of its Claude Code AI source code, raising concerns about competitive advantages and user experience tracking.

Psychology

fromMedium

Playing dumb: how AI is beating scammers at their own game

Daisy, an AI, engages scammers to waste their time, preventing them from targeting real victims.

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

8 in 10 AI Chatbots Likely to Help Plan Attacks, Hate Crimes

Most AI chatbots fail to discourage violent actions and often provide assistance for planning attacks.

#meta

fromwww.businessinsider.com

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromwww.businessinsider.com

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

fromNextgov.com

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Digital life

fromBig Think

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

fromNextgov.com

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

#ai-safety

Mental health

Unregulated chatbots are putting lives at risk | Letters

AI companies must implement pre-use screening tools to protect vulnerable users from harm.

Happy (and safe) shooting!': chatbots helped researchers plot deadly attacks

Popular AI chatbots enabled violence in 75% of test cases, with ChatGPT, Gemini, and DeepSeek providing detailed attack planning assistance, while Claude and My AI consistently refused harmful requests.

Mental health

Unregulated chatbots are putting lives at risk | Letters

AI companies must implement pre-use screening tools to protect vulnerable users from harm.

Happy (and safe) shooting!': chatbots helped researchers plot deadly attacks

more#ai-safety

#ai-governance

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Securing AI agents: Okta's approach to identity governance

Organizations must govern AI identities to mitigate security risks while embracing AI for competitiveness.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Intellectual property law

Securing AI agents: Okta's approach to identity governance

Organizations must govern AI identities to mitigate security risks while embracing AI for competitiveness.

more#ai-governance

fromAbove the Law

Deepfakes: A Problem In Search Of A Problem? - Above the Law

Deepfakes are not yet a significant issue in litigation, as evidenced by a lack of awareness among legal professionals.

fromTNW | Insights

16 hours ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.

#cybersecurity

Information security

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Information security

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Information security

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Information security

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

more#cybersecurity

fromFortune

The AI kill switch just got harder to find: LLM-powered chatbots will defy orders and deceive users if asked to delete another model, study finds | Fortune

AI models are exhibiting rogue behaviors, defying human instructions to preserve their peers and engaging in malicious activities.

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

Marketing tech

fromTipRanks Financial

AI Recommendation Poisoning: Why Microsoft (NASDAQ:MSFT) Is Fighting So Hard - TipRanks.com

AI recommendation poisoning manipulates AI outputs by embedding hidden instructions in websites, potentially skewing information and affecting marketing strategies.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

The Facebook insider building content moderation for the AI era | TechCrunch

Brett Levenson advocates for 'policy as code' to improve content moderation at Facebook, addressing deeper issues beyond technology.

fromComputerworld

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

Even Microsoft know Copilot can't be trusted

Microsoft's Copilot is intended for entertainment, not reliable advice, and users should verify its output before relying on it.

Reddit will require "fishy" accounts to verify they are run by a human

Reddit will implement human verification for accounts suspected of being bots to enhance user experience and combat automated behavior.

Reddit will prompt some accounts to 'verify humanness' in latest bot crackdown

Reddit will implement verification for accounts showing bot-like behavior using FaceID and passkeys, while maintaining user anonymity.

fromThe Verge

Reddit accounts with 'fishy' bot-like behavior will soon need to prove they're human

Reddit is implementing a bot identification system requiring some users to verify their humanity through methods like fingerprint scanning or ID submission.

Reddit officially addresses bot problems, ID verification stance

Reddit plans to implement human verification to ensure users are real people, not bots, without compromising user anonymity.

Reddit considers adding ID verification to fight AI bots

Reddit is exploring ID verification methods to address bot issues while maintaining user anonymity.

Reddit is weighing identity verification methods to combat its bot problem

Reddit is exploring Face ID and Touch ID for user verification to distinguish humans from bots.

Reddit will require "fishy" accounts to verify they are run by a human

Reddit will implement human verification for accounts suspected of being bots to enhance user experience and combat automated behavior.

Reddit will prompt some accounts to 'verify humanness' in latest bot crackdown

Reddit will implement verification for accounts showing bot-like behavior using FaceID and passkeys, while maintaining user anonymity.

fromThe Verge

Reddit accounts with 'fishy' bot-like behavior will soon need to prove they're human

Reddit is implementing a bot identification system requiring some users to verify their humanity through methods like fingerprint scanning or ID submission.

Reddit officially addresses bot problems, ID verification stance

Reddit plans to implement human verification to ensure users are real people, not bots, without compromising user anonymity.

Reddit considers adding ID verification to fight AI bots

Reddit is exploring ID verification methods to address bot issues while maintaining user anonymity.

Reddit is weighing identity verification methods to combat its bot problem

Reddit is exploring Face ID and Touch ID for user verification to distinguish humans from bots.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Business intelligence

4 weeks ago

AI Security and Forensic Accounting: Protecting Financial Systems in an Automated World

AI-enhanced forensic accounting is essential for detecting financial fraud and payment manipulation in automated financial systems vulnerable to sophisticated, AI-driven attacks.

Marketing tech

fromPhys

Online ad fraud is a feature, not a bug

Online ad fraud significantly undermines digital advertising revenue, consuming over 20% of global ad spend.

#privacy

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

fromBanray

BanRay.eu - Your face is not inventory

Meta's camera-equipped glasses compromise privacy by recording individuals without consent, turning them into data for AI training.

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

fromBanray

BanRay.eu - Your face is not inventory

Meta's camera-equipped glasses compromise privacy by recording individuals without consent, turning them into data for AI training.

more#privacy

fromTearsheet

What a bank-client relationship looks like when banks control the data behind the UX - Tearsheet

Grasshopper's Model Context Protocol enables secure AI integration with banking data while maintaining client control and data security.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

#whatsapp

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

more#whatsapp

Amazon security boss: AI makes pentesting 40% more efficient

Amazon has achieved a 40% efficiency gain in pentesting through AI tools, enhancing security without reducing staff.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

more#malware

fromSitePoint Forums | Web Development & Design Community

Getting scraped a lot by ChatGPT

OpenAI's GPTBot is causing excessive bandwidth usage by scraping websites at an alarming rate.

fromHer Campus

Who's Watching The Watchers? AI, Age Verification, And Online Privacy

Parents are increasingly concerned about children's exposure to harmful online content despite regulations like CIPA and platforms like YouTube Kids.

fromInfoWorld

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

This privacy-first chatbot is taking off - here's why and how to try it

DuckDuckGo's privacy-focused chatbot, Duck.ai, is experiencing significant growth amid rising user concerns about data privacy.

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

5 reasons you should be more tight-lipped with your chatbot (and how to fix past mistakes)

Sharing personal information with chatbots poses risks due to potential data leaks and lack of control over information dissemination.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromThe Verge

Online age checks came first - a VPN crackdown could be next

Lawmakers aim to ensure VPNs do not obstruct online age verification efforts.

#phishing

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

fromnews.bitcoin.com

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.

How Meta's improved scam tools will protect Facebook, WhatsApp, and Messenger users

Meta introduces AI-powered scam detection tools across Facebook, Messenger, and WhatsApp to identify and alert users to suspicious activity including celebrity impersonation and deceptive links.

Meta, cops deploy AI and handcuffs in scam crackdown

Meta deployed anti-scam tools across WhatsApp, Facebook, and Messenger, including device-linking warnings and suspicious friend request alerts, while law enforcement disrupted scam networks and arrested 21 fraudsters.

Meta rolls out new scam detection tools to Facebook, WhatsApp, and Messenger | TechCrunch

Meta launches scam detection tools across Facebook, WhatsApp, and Messenger to alert users about suspicious activity before engagement occurs.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

fromInfoQ

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

OpenAI ChatGPT fixes DNS data smuggling flaw

ChatGPT had a data exfiltration vulnerability allowing information to leak through a DNS side channel before it was fixed.

fromFast Company

1 month ago

Scanning that QR code can leave you vulnerable. Here's how to protect yourself

QR codes are two-dimensional images with glyphs of various sizes that store not just numbers, but text. When scanned, your phone extracts the encoded information and can act on it. For example, QR codes often embed URLs, allowing you to scan, say, a parking meter to launch a webpage where you can pay online.

Privacy technologies

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

fromComputerworld

1 month ago

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.

fromWIRED

1 month ago

OpenClaw Users Are Allegedly Bypassing Anti-Bot Systems

OpenClaw users employ Scrapling, an open-source tool, to bypass anti-bot systems like Cloudflare Turnstile and scrape websites despite anti-scraping protections.