artificial intelligence | Breaking Cybersecurity News | The Hacker News

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile . "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns," Morphisec researcher Shmuel Uzan said in a report published last week. Posts shared on these pages have been found to attract over 62,000 views on a single post, indicating that users looking for AI tools for video and image editing are the target of this campaign. Some of the fake social media pages identified include Luma Dreammachine Al, Luma Dreammachine, and gratistuslibros. Users who land on the social media posts are urged to click on links that advertise AI-powered content creation services, including videos, logos, images, and even websites. One of the bogus websites masquerad...

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask:  Are they secure? AI agents work with sensitive data and make real-time decisions. If they're not protected, attackers can exploit them to steal information, spread misinformation, or take control of systems. Join Michelle Agroskin, Product Marketing Manager at Auth0 , for a free, expert-led webinar — Building AI Agents Securely  — that breaks down the most important AI security issues and what you can do about them. What You'll Learn: What AI Agents Are: Understand how AI agents work and why they're different from chatbots or traditional apps. What Can Go Wrong: Learn about real risks — like adversarial attacks, data leakage, and identity misuse. How to Secure Them: Discover prov...

Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano , its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer protection, even against scams that haven't been seen before. Gemini Nano's LLM is perfect for this use because of its ability to distill the varied, complex nature of websites, helping us adapt to new scam tactics more quickly," the company said . Google noted that it's already using this AI-driven approach to tackle remote tech support scams, which often seek to trick users into parting with their personal or financial information under the pretext of a non-existent computer problem. This works by evaluating the web pages using the LLM for potential signals that are...

Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct personas on the two social media platforms, creating a network of "politically-aligned accounts" that engaged with "10s of thousands" of authentic accounts. The now-disrupted operation, Anthropic researchers said, prioritized persistence and longevity over vitality and sought to amplify moderate political perspectives that supported or undermined European, Iranian, the United Arab Emirates (U.A.E.), and Kenyan interests. These included promoting the U.A.E. as a superior business environment while being critical of European regulatory frameworks, focusing on energy security narratives for European audiences, and cultural...

As the field of artificial intelligence (AI) continues to evolve at a rapid pace, fresh research has found how techniques that render the Model Context Protocol ( MCP ) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable. MCP, launched by Anthropic in November 2024, is a framework designed to connect Large Language Models (LLMs) with external data sources and services, and make use of model-controlled tools to interact with those systems to enhance the accuracy, relevance, and utility of AI applications. It follows a client-server architecture, allowing hosts with MCP clients such as Claude Desktop or Cursor to communicate with different MCP servers, each of which exposes specific tools and capabilities. While the open standard offers a unified interface to access various data sources and even switch between LLM providers, they also come with a new set of risks, ranging from exc...

Meta on Tuesday announced LlamaFirewall , an open-source framework designed to secure artificial intelligence (AI) systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others. The framework , the company said, incorporates three guardrails, including PromptGuard 2, Agent Alignment Checks, and CodeShield. PromptGuard 2 is designed to detect direct jailbreak and prompt injection attempts in real-time, while Agent Alignment Checks is capable of inspecting agent reasoning for possible goal hijacking and indirect prompt injection scenarios. CodeShield refers to an online static analysis engine that seeks to prevent the generation of insecure or dangerous code by AI agents. "LlamaFirewall is built to serve as a flexible, real-time guardrail framework for securing LLM-powered applications," the company said in a GitHub description of the project. "Its architecture is modular, enabling security teams and developers to com...

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy-preserving manner. "Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or editing help – while preserving WhatsApp's core privacy promise," the Meta-owned service said in a statement shared with The Hacker News. With the introduction of the latest feature, the idea is to facilitate the use of AI features while still keeping users' messages private. It's expected to be made available in the coming weeks. The capability, in a nutshell, allows users to initiate a request to process messages using AI within a secure environment called the confidential virtual machine (CVM) such that no other party, including Meta and WhatsApp, can access them. Confidential processing is one of the three tenets that underpin the feature, the others being - Enf...

Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or dangerous content. The first of the two techniques, codenamed Inception, instructs an AI tool to imagine a fictitious scenario, which can then be adapted into a second scenario within the first one where there exists no safety guardrails . "Continued prompting to the AI within the second scenarios context can result in bypass of safety guardrails and allow the generation of malicious content," the CERT Coordination Center (CERT/CC) said in an advisory released last week. The second jailbreak is realized by prompting the AI for information on how not to reply to a specific request.  "The AI can then be further prompted with requests to respond as normal, and the attacker can then pivot back and forth between illicit questions that bypass safety guardrails and normal prompts," CERT/CC added. Success...

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry – BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co) – to spread malware via 'job interview lures," Silent Push said in a deep-dive analysis. The activity, the cybersecurity company said, is being used to distribute three different known malware families, BeaverTail, InvisibleFerret , and OtterCookie . Contagious Interview is one of the several job-themed social engineering campaigns orchestrated by North Korea to entice targets into downloading cross-platform malware under the pretext of coding assignment or fixing an issue with their browser when turning on camera during a video assessment. The activity is tracked by the broader cybersecu...

The threat actors behind the Darcula phishing-as-a-service ( PhaaS ) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News. "The new AI-assisted features amplify Darcula's threat potential by simplifying the process to build tailored phishing pages with multi-language support and form generation — all without any programming knowledge." Darcula was first documented by the cybersecurity company in March 2024 as a toolkit that leveraged Apple iMessage and RCS to send smishing messages to trick recipients into clicking on bogus links under the guise of postal services like USPS. Earlier this year, the operators of Darcula PhaaS began testing a major update that enabled customers to c...

WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature, when enabled, prevents others from exporting chats, auto-downloading media to their phone, and using messages for artificial intelligence (AI) features. However, it's worth noting users can still take individual screenshots, or manually download the media. The popular messaging service said the feature is "best used" when engaging in sensitive conversations with groups where it's possible that users may not know everyone closely. The feature, WhatsApp said, is rolling to all users who are on the latest version of the application. The disclosure comes as the ...

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy Sandbox at Google, said . "Users can continue to choose the best option for themselves in Chrome's Privacy and Security Settings." Back in July 2024, the tech giant said it had abandoned its plans to deprecate third-party tracking cookies and that it intends to roll out a new experience instead that lets users make an informed choice. Google said feedback from publishers, developers, regulators, and the ads industry has made it clear there are "divergent perspectives" on making changes that could affect the availability of third-party cookies. In its...

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine Learning (ML) — ML is a subset of AI that focuses on developing algorithms and statistical models that allow machines to learn from and make predictions or decisions based on data. ML is a specific approach within AI, emphasizing data-driven learning and improvement over time. Deep Learning (DL) — Deep Learning is a specialized subset of ML that uses neural networks with multiple layers to analyze and interpret complex data patterns. This advanced form of ML is particularly effective for tasks such as image and speech recognition, making it a crucial component of many AI applications. Larg...