CyberSecurity news

FlagThis - #Users

@cyberalerts.io //

FBI Warns of Malicious File Converter Tools - The FBI has issued an alert regarding the rise of fake file converter tools used to distribute malware that steals credentials and collects sensitive information.
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.

The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets.

The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams.

Recommended read:
References :
  • Talkback Resources: FBI warns of malware-laden websites posing as free file converters, leading to ransomware attacks and data theft.
  • gbhackers.com: Beware! Malware Hidden in Free Word-to-PDF Converters
  • www.bitdefender.com: Free file converter malware scam “rampantâ€� claims FBI
  • Malwarebytes: Warning over free online file converters that actually install malware
  • bsky.app: Free file converter malware scam "rampant" claims FBI.
  • bsky.app: @bushidotoken.net has dug up some IOCs for the FBI's recent warning about online file format converters being used to distribute malware
  • Help Net Security: FBI: Free file converter sites and tools deliver malware
  • www.techradar.com: Free online file converters could infect your PC with malware, FBI warns
  • bsky.app: Free file converter malware scam "rampant" claims FBI.
  • Security | TechRepublic: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
  • securityaffairs.com: The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
  • The DefendOps Diaries: FBI warns against fake file converters spreading malware and stealing data. Learn how to protect yourself from these cyber threats.
  • PCMag UK security: PSA: Be Careful Around Free File Converters, They Might Contain Malware
  • www.bleepingcomputer.com: FBI warnings are true—fake file converters do push malware
  • www.techradar.com: FBI warns some web-based file management services are not as well-intentioned as they seem.
  • www.csoonline.com: Improvements Microsoft has made to Office document security that disable macros and other embedded malware by default has forced criminals to up their innovation game, a security expert said Monday.
  • www.itpro.com: Fake file converter tools are on the rise – here’s what you need to know
  • Cyber Security News: The FBI Denver Field Office has warned sternly about the rising threat of malicious online file converter tools. These seemingly harmless services, often advertised as free tools to convert or merge files, are being weaponized by cybercriminals to install malware on users’ computers. This malware can have devastating consequences, including ransomware attacks and identity theft. […]
info@thehackernews.com (The@The Hacker News //

Morphing Meerkat Phishing Attacks Exploit DNS Records - The 'Morphing Meerkat' phishing campaign exploits DNS MX records to deliver tailored phishing pages, targeting over 100 brands using open redirects and compromised WordPress sites.
References: The Hacker News , , Cyber Security News ...
A new sophisticated Phishing-as-a-Service (PhaaS) platform, dubbed "Morphing Meerkat," is exploiting DNS MX records to dynamically deliver tailored phishing pages, targeting over 100 brands. This operation enables both technical and non-technical cybercriminals to launch targeted attacks, bypassing security systems through the exploitation of open redirects on adtech servers and compromised WordPress websites. The platform's primary attack vector involves mass spam delivery and dynamic content tailoring, evading traditional security measures.

Researchers have discovered that Morphing Meerkat queries DNS MX records using Cloudflare DoH or Google Public DNS to customize fake login pages based on the victim's email service provider. This technique allows the platform to map these records to corresponding phishing HTML files, featuring over 114 unique brand designs. This personalized phishing experience significantly increases the likelihood of successful credential theft. The phishing kit also uses code obfuscation and anti-analysis measures to hinder detection, supporting over a dozen languages to target users globally.

Recommended read:
References :
  • The Hacker News: Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.
  • : Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
  • www.scworld.com: More than 100 brands' login pages have been spoofed by the newly emergent Morphing Meerkat phishing-as-a-service platform through the exploitation of Domain Name System mail exchange records, The Hacker News reports.
  • Cyber Security News: Hackers Use DNS MX Records to Generate Fake Login Pages for Over 100+ Brands
  • The DefendOps Diaries: Morphing Meerkat: A Sophisticated Phishing-as-a-Service Threat
  • www.techradar.com: This new phishing campaign can tailor its messages to target you with your favorite businesses
  • Christoffer S.: Morphing Meerkat: Advanced Phishing-as-a-Service Platform Using DNS MX Records for Tailored Attacks
  • hackread.com: Details advanced phishing operation exploiting DNS vulnerabilities.
  • Infoblox Blog: Threat actors are increasingly adept at leveraging DNS to enhance the effectiveness of their cyber campaigns. We recently discovered a DNS technique used to tailor content to victims.
  • www.scworld.com: 'Morphing Meerkat' spoofs 114 brands via DNS mail exchange records
  • Cyber Security News: A sophisticated phishing operation has emerged that creatively leverages DNS mail exchange (MX) records to dynamically serve fake login pages tailored to victims' email providers.
  • gbhackers.com: The platform, which has been operational since at least January 2020, employs a range of advanced techniques to evade detection and target users globally.
  • Security Affairs: A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel
  • www.scworld.com: 'Morphing Meerkat' spoofs 114 brands via DNS mail exchange records
  • Blog: Cybersecurity researchers are tracking a new phishing-as-a-service (PhaaS) platform, called Morphing Meerkat, that employs DNS over HTTPS (DoH) to avoid detection.
  • The Stack: Phishing kits going to great lengths to personalise attacks
  • Malwarebytes: Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform, called Morphing Meerkat, that generates multiple phishing kits and spoofs login pages of over 100 brands using DNS mail exchange (MX) records.
  • securityaffairs.com: Morphing Meerkat phishing kits exploit DNS MX records
  • www.bleepingcomputer.com: A new phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...]
  • bsky.app: A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection.
  • Talkback Resources: Morphing Meerkat phishing kits exploit DNS MX records
  • Security Risk Advisors: 🚩Morphing Meerkat’s Phishing-as-a-Service Leverages DNS MX Records for Targeted Attacks
  • Talkback Resources: New Morphing Meerkat PhaaS platform examined
info@thehackernews.com (The@The Hacker News //

North Korean Hackers Deploy New KoSpy Android Spyware - ScarCruft APT group used KoSpy Android spyware to target Korean and English-speaking users via fake apps.
North Korea-linked APT group ScarCruft has been identified deploying a new Android spyware dubbed KoSpy, targeting Korean and English-speaking users. The spyware was distributed through fake utility apps on the Google Play Store and third-party app stores like APKPure. At least five malicious applications, masquerading as File Manager, Phone Manager, Smart Manager, Software Update Utility, and Kakao Security, were used to trick users into installing the spyware onto their devices.

The malicious apps offer the promised functionality to avoid raising suspicion while stealthily deploying spyware-related components in the background. The spyware is designed to collect a wide range of data from compromised devices, including SMS messages, call logs, device location, files in local storage, screenshots, keystrokes, Wi-Fi network information, and the list of installed applications. It's also equipped to record audio and take photos. The apps have since been removed from the app marketplace.

Recommended read:
References :
  • infosec.exchange: NEW: North Korean government hackers snuck spyware onto the official Android app store, and tricked a few people to download it, according to Lookout.
  • techcrunch.com: North Korean government hackers snuck spyware on Android app store
  • The DefendOps Diaries: KoSpy: Unmasking the North Korean Spyware Threat
  • PCMag UK security: Suspected North Korean Hackers Infiltrate Google Play With 'KoSpy' Spyware
  • BleepingComputer: New North Korean Android spyware slips onto Google Play
  • bsky.app: A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. https://www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/
  • The Record: A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers
  • www.scworld.com: Android spyware ‘KoSpy’ spread by suspected North Korean APT
  • securityaffairs.com: North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
  • bsky.app: A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.
  • The Hacker News: The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.
  • securityonline.info: North Korea’s APT ScarCruft Places Spyware on Google Play
  • securityaffairs.com: North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users.
  • Secure Bulletin: New Android spyware “KoSpyâ€� linked to North Korean APT37
  • securityonline.info: North Korean ScarCruft APT Targets Users with Novel KoSpy Android Spyware
  • Carly Page: North Korean-linked hackers uploaded Android spyware to Google Play. The spyware, which collects an “extensive amountâ€� of sensitive data, was downloaded more than 10 times before Google removed it, according to Lookout
Andres Ramos@Arctic Wolf //

Fake CAPTCHA Campaign Delivers Infostealers to Unsuspecting Users - A fake CAPTCHA campaign delivers malware via compromised sites, redirecting users to execute PowerShell code and load infostealers; organizations should monitor web traffic and educate users to prevent these attacks.
A resurgence of a fake CAPTCHA malware campaign has been observed, with threat actors compromising widely used websites across various industries. They are embedding a fake CAPTCHA challenge that redirects victims to a site triggering PowerShell code execution. This campaign exploits social engineering tactics and fake software downloads to deceive users into executing malicious scripts.

This tactic is also utilized with fake captchas which resemble legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard. The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques, including API hooking. This allows the malware to hide files and registry entries, making detection difficult.

Recommended read:
References :
  • Arctic Wolf: Widespread Fake CAPTCHA Campaign Delivering Malware
  • hackread.com: New OBSCURE#BAT Malware Targets Users with Fake Captchas
  • Security Risk Advisors: 🚩 Fake CAPTCHA Malware Campaign Resurges With Multi-Stage PowerShell Infostealers
  • SpiderLabs Blog: Resurgence of a Fake Captcha Malware Campaign
  • www.zdnet.com: That weird CAPTCHA could be a malware trap - here's how to protect yourself
  • Seceon Inc: Beware of Fake CAPTCHA Scams: How Cybercriminals Are Hijacking Your Clipboard to Steal Data
  • www.cysecurity.news: Fake CAPTCHA Scams Trick Windows Users into Downloading Malware
  • : Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
  • Broadcom Software Blogs: In a recent surge of sophisticated cyber threats, attackers are exploiting fake CAPTCHA verifications to hijack users’ clipboards, leading to the installation of information-stealing malware.
  • Security Risk Advisors: ClearFake injects JavaScript to show fake CAPTCHAs on compromised sites, tricking users into running PowerShell for Lumma/Vidar malware.
  • www.cisecurity.org: The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications.
  • gbhackers.com: Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
  • Sucuri Blog: Sucuri Blog: Fake Cloudflare Verification Results in LummaStealer Trojan Infections
  • securityonline.info: Fake Cloudflare Verification Prompts Deliver LummaStealer Trojan Through Infected WordPress Sites
info@thehackernews.com (The@The Hacker News //

Fake Captcha PDFs Distribute Lumma Stealer Malware - A large-scale phishing campaign distributes Lumma Stealer malware via fake CAPTCHA images in PDF documents, targeting sensitive information in browsers and cryptocurrency wallets.
Cybersecurity researchers have uncovered a large-scale phishing campaign distributing the Lumma Stealer malware. Attackers are using fake CAPTCHA images embedded in PDF documents hosted on Webflow's content delivery network (CDN) to redirect victims to malicious websites. These malicious actors are employing SEO tactics to trick users into downloading the PDFs through search engine results, ultimately leading to the deployment of the information-stealing malware. The Lumma stealer is designed to steal sensitive information stored in browsers and cryptocurrency wallets.

Netskope Threat Labs identified 260 unique domains hosting 5,000 phishing PDF files, affecting over 1,150 organizations and 7,000 users. The attacks primarily target users in North America, Asia, and Southern Europe, impacting the technology, financial services, and manufacturing sectors. Besides Webflow, attackers are also utilizing GoDaddy, Strikingly, Wix, and Fastly to host the fake PDFs. Some PDF files were uploaded to legitimate online libraries like PDFCOFFEE and Internet Archive to further propagate the malware.

Recommended read:
References :
  • Infoblox Blog: DNS Early Detection – Fast Propagating Fake Captcha distributes LummaStealer
  • Talkback Resources: Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
  • The Hacker News: Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
  • gbhackers.com: Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000 malicious PDF files.
  • Talkback Resources: Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus [mal]
  • gbhackers.com: Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
  • Cyber Security News: Beware! Fake CAPTCHA Scam That Silently Installs LummaStealer
  • gbhackers.com: Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fixâ€� Style Attack
@www.infosecurity-magazine.com //

Attackers Deploy Lumma Stealer via Fake CAPTCHAs - Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, tricking users into running PowerShell commands that install the malware.
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT (Remote Access Trojan) via malicious PowerShell commands, according to recent findings. These campaigns involve tricking users into running PowerShell commands that ultimately install the Lumma Stealer. Attackers direct potential victims to attacker-controlled sites and prompt them to complete fake authentication challenges. These challenges often involve directing potential victims to malicious websites where they are prompted to complete verification steps, but instead of a CAPTCHA, it instructs them to press Windows + R and run a PowerShell command—under the false pretense of running “Windows Defender.”

These attacks leverage weaponized CAPTCHAs, with users being directed to malicious websites where they are prompted to complete verification steps. Upon completing these steps, users inadvertently copy and run PowerShell scripts that download and install malware, such as the Lumma Stealer. This allows the attackers to steal sensitive data like cryptocurrency wallets. The exploitation involves fake Cloudflare verification prompts, which lead users to execute malicious PowerShell commands to install the LummaStealer Trojan through infected WordPress sites, posing a significant threat.

Recommended read:
References :
  • gbhackers.com: Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
  • securityonline.info: Fake Cloudflare Verification Prompts Deliver LummaStealer Trojan Through Infected WordPress Sites
  • : Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
  • www.cisecurity.org: Active Lumma Stealer Campaign Impacting U.S. SLTTs
Mike Robinson@Tech Crawlr //

Massive Location Data Breach Affects Millions - A data breach at Gravy Analytics exposed sensitive location data of millions of users from apps like Candy Crush, Tinder, and MyFitnessPal.
A significant data breach at location data firm Gravy Analytics has exposed the sensitive location data of millions of users. The compromised data includes coordinates from mobile devices across the US, Europe, and Russia, with some records also linking the location data to specific apps. Popular apps like Candy Crush, Tinder, MyFitnessPal, and various others are impacted. The data was initially posted on a Russian-language forum by a hacker using the alias "Nightly".

The breadth of the breach is staggering with apps across several categories being affected including dating apps such as Grindr, games like Temple Run and Subway Surfers, transit apps such as Moovit, period trackers, religious apps including muslim prayer and christian bible apps, various pregnancy trackers, and even virtual private network (VPN) applications. It appears that these apps were co-opted by rogue members of the advertising industry to collect this data through the advertising bid stream, often without the knowledge of the app developers. This has raised concerns about how user data is being collected and sold within the advertising ecosystem.

Recommended read:
References :
  • malware.news: Massive breach at location data seller: “Millions” of users affected
  • www.404media.co: Hackers claim massive breach of location data giant, threaten to leak data
  • Malwarebytes: Massive breach at location data seller: “Millions” of users affected
  • www.techdirt.com: Gravy Analytics specializes in location intelligence, meaning it collects sensitive phone location and behavior data.
  • gbhackers.com: Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data
  • Techmeme: A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired)
  • Miguel Afonso Caetano: Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government.
  • www.wired.com: Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
  • bsky.app: New from 404 Media: data hacked from location giant Gravy reveals thousands of ordinary apps hijacked to steal your location data. Candy Crush, MyFitnessPal, Tinder. Period trackers, prayer apps. Because of how data collected, apps may not even know
  • www.404media.co: See the Thousands of Apps Hijacked to Spy on Your Location
  • Techmeme: A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired)
  • Miguel Afonso Caetano: 'Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
  • flipboard.com: Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
info@thehackernews.com (The Hacker News)@The Hacker News //

Cybercriminals Abuse Jarsigner to Deploy XLoader Malware - A new malware campaign uses DLL side-loading to distribute the XLoader malware through Eclipse's jarsigner.exe, evading detection by loading malicious DLL files.
Cybercriminals are exploiting the legitimate Eclipse Jarsigner tool to deploy the XLoader malware, using a DLL side-loading technique. Researchers at AhnLab Security Intelligence Center (ASEC) discovered the campaign, which involves packaging a legitimate jarsigner.exe executable, a tool used for signing Java Archive (JAR) files, with malicious DLL files inside a compressed ZIP archive. When the legitimate executable is run, the malicious DLLs are loaded, triggering the XLoader malware infection. This method allows the malware to evade security defenses by exploiting the trust associated with a legitimate application.

The attack sequence starts with a renamed version of jarsigner.exe (Documents2012.exe) executing, which then loads a tampered "jli.dll" library. This malicious DLL decrypts and injects "concrt140e.dll," the XLoader payload, into a legitimate process (aspnet_wp.exe). XLoader is designed to steal sensitive information, including user credentials, browser data, and system information. The malware can also download and execute additional malicious payloads. Users are advised to exercise caution when handling compressed files with executable files and accompanying DLLs from unverified sources.

Recommended read:
References :
  • Cyber Security News: Cybercriminals Abuse Jarsigner to Spread XLoader Malware
  • gbhackers.com: Hackers Exploit Jarsigner Tool to Deploy XLoader Malware
  • The Hacker News: Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
  • cyberpress.org: Cybercriminals Abuse Jarsigner to Spread XLoader Malware
  • Talkback Resources: Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives [rev] [mal]
  • gbhackers.com: Hackers Exploit Jarsigner Tool to Deploy XLoader Malware
  • www.scworld.com: Intrusions begin with the spread of a compressed ZIP archive containing a renamed jarsigner.exe file, which when executed prompts the loading of a tampered DLL library and eventual injection of XLoader malware, according to an analysis from the AhnLab Security Intelligence Center.
  • Talkback Resources: XLoader malware campaign uses DLL side-loading with legitimate Eclipse Foundation application, distributing payload in compressed ZIP archive to steal sensitive information and download additional malware, evolving with obfuscation and encryption layers to evade detection, potentially linked to other loaders like NodeLoader and RiseLoader.
@www.forbes.com //

RedNote App Security Issues - Citizen Lab and the EFF Threat Lab report critical privacy vulnerabilities in the RedNote app, including unencrypted HTTP transmission of user content, static keys for encrypting files, and unencrypted transmission of device metadata, with no response from RedNote or its vendors despite disclosures.
References: citizenlab.ca , Deeplinks , Deeplinks ...
A new report by Citizen Lab and the EFF Threat Lab has uncovered critical security vulnerabilities within the popular Chinese social media application, RedNote. The analysis, conducted on version 8.59.5 of the app, revealed that RedNote transmits user content, including viewed images and videos, over unencrypted HTTP connections. This exposes sensitive user data to potential network eavesdroppers, who can readily access the content being browsed.

Additionally, the report highlights that the Android version of RedNote contains a vulnerability that could allow attackers to access the contents of files on a user's device. The app also transmits device metadata without adequate encryption, sometimes even when using TLS, potentially enabling attackers to learn about a user's device screen size and mobile network carrier. Despite responsible disclosures to RedNote and its vendors NEXTDATA and MobTech in late 2024 and early 2025, no response has been received regarding these critical security flaws.

Recommended read:
References :
  • citizenlab.ca: The report highlights three serious security issues in the RedNote app.
  • Deeplinks: The EFF Threat Lab confirmed the Citizen Lab findings about Red Note.
  • www.forbes.com: Is RedNote Safe? Here's What Millions of TikTok Users Need to Know
  • Deeplinks: Crimson Memo: Analyzing the Privacy Impact of Xiaohongshu AKA Red Note
@singularityhub.com //

OpenAI Model Vulnerability to Jailbreaks - OpenAI models are susceptible to "jailbreaks" and "fine-tuning" that override their safety restrictions, raising concerns about potential misuse.
OpenAI models, including the recently released GPT-4o, are facing scrutiny due to their vulnerability to "jailbreaks." Researchers have demonstrated that targeted attacks can bypass the safety measures implemented in these models, raising concerns about their potential misuse. These jailbreaks involve manipulating the models through techniques like "fine-tuning," where models are retrained to produce responses with malicious intent, effectively creating an "evil twin" capable of harmful tasks. This highlights the ongoing need for further development and robust safety measures within AI systems.

The discovery of these vulnerabilities poses significant risks for applications relying on the safe behavior of OpenAI's models. The concern is that, as AI capabilities advance, the potential for harm may outpace the ability to prevent it. This risk is particularly urgent as open-weight models, once released, cannot be recalled, underscoring the need to collectively define an acceptable risk threshold and take action before that threshold is crossed. A bad actor could disable safeguards and create the “evil twin” of a model: equally capable, but with no ethical or legal bounds.

Recommended read:
References :
  • www.artificialintelligence-news.com: Recent research has highlighted potential vulnerabilities in OpenAI models, demonstrating that their safety measures can be bypassed by targeted attacks. These findings underline the ongoing need for further development in AI safety systems.
  • www.datasciencecentral.com: OpenAI models, although advanced, are not completely secure from manipulation and potential misuse. Researchers have discovered vulnerabilities that can be exploited to retrain models for malicious purposes, highlighting the importance of ongoing research in AI safety.
  • Blog (Main): OpenAI models have been found vulnerable to manipulation through "jailbreaks," prompting concerns about their safety and potential misuse in malicious activities. This poses a significant risk for applications relying on the models’ safe behavior.
  • SingularityHub: This article discusses Anthropic's new system for defending against AI jailbreaks and its successful resistance to hacking attempts.
@www.ghacks.net //

DeepSeek's Privacy Concerns - The iOS version of the DeepSeek AI chatbot transmits user data unencrypted to ByteDance servers, raising privacy concerns and prompting calls for a ban on government devices.
Recent security analyses have revealed that the iOS version of DeepSeek, a widely-used AI chatbot developed by a Chinese company, transmits user data unencrypted to servers controlled by ByteDance. This practice exposes users to potential data interception and raises significant privacy concerns. The unencrypted data includes sensitive information such as organization identifiers, software development kit versions, operating system versions, and user-selected languages. Apple's App Transport Security (ATS), designed to enforce secure data transmission, has been globally disabled in the DeepSeek app, further compromising user data security.

Security experts from NowSecure recommend that organizations remove the DeepSeek iOS app from managed and personal devices to mitigate privacy and security risks, noting that the Android version of the app exhibits even less secure behavior. Several U.S. lawmakers are advocating for a ban on the DeepSeek app on government devices, citing concerns over potential data sharing with the Chinese government. This mirrors previous actions against other Chinese-developed apps due to national security considerations. New York State has already banned government employees from using the DeepSeek AI app amid these concerns.

Recommended read:
References :
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • PCMag Middle East ai: House Bill Proposes Ban on Using DeepSeek on Government-Issued Devices
  • Information Security Buzz: Recent security analyses have found that the iOS version of DeepSeek transmits user data unencrypted.
  • www.ghacks.net: Security analyses revealed unencrypted data transmission by DeepSeek's iOS app.
  • iHLS: Article about New York State banning the DeepSeek AI app.
@www.bleepingcomputer.com //

Brave Browser Introduces Custom Scriptlets for Privacy - Brave Browser introduces 'custom scriptlets' for advanced users to inject JavaScript into websites, enhancing privacy and control by blocking trackers and customizing content.
Brave Browser is introducing a new feature called 'custom scriptlets' in its latest desktop release. This feature allows advanced users to inject their own JavaScript into websites, granting them deep customization and control over their browsing experience. Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.

This new functionality empowers users to modify website functionality, offering enhanced privacy and the ability to block trackers more effectively. The 'custom scriptlets' feature is similar to popular browser extensions like TamperMonkey and GreaseMonkey, enabling users to create custom scripts for specific websites. This feature is coming in Brave Browser version 1.75 for the desktop.

Recommended read:
References :
  • cyberinsider.com: Brave Introduces Custom Scriptlets for Advanced Privacy Options
  • www.bleepingcomputer.com: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.
  • AAKL: Brave now lets you inject custom JavaScript to tweak websites
  • BleepingComputer: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.
  • Anonymous ???????? :af:: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own into websites, allowing deep customization and control over their browsing experience.

Posts

Blogs

Research Tools