Issues – Page 24 – Cybersecurity.watch

AI Poisoning: Black Hat SEO Is Back

Dec 14 2025

Black Hat SEO, once diminished by advancements in Google algorithms, is resurfacing through AI manipulation. Research shows just 250 malicious documents can contaminate large language models (LLMs), enabling bad actors to distort AI responses about brands. This “AI poisoning” risks misrepresenting companies in comparisons and could damage reputations. Brands must maintain vigilance by monitoring AI outputs related to their name and addressing suspicious online activity to prevent potential poisoning. Despite the temptation to exploit loopholes for a competitive edge, ethical content creation remains essential for long-term success.

https://www.searchenginejournal.com/ai-poisoning-black-hat-seo-is-back/561217/

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

ai, authentication, phishing

Dec 14 2025

TLDR: New phishing kits like BlackForce, GhostFrame, InboxPrime AI, and Spiderman use advanced tactics, including AI and MFA bypass, to steal credentials at scale. BlackForce targets brands, GhostFrame hides in iframes, InboxPrime automates email campaigns, and Spiderman replicates bank pages for European targets. These innovations make phishing attacks easier to execute and more difficult to detect.

https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html

UK Fines LastPass £1.2 Million for Data Breach Affecting 1.6 Million People

breach, regulation

Dec 14 2025

UK fines LastPass £1.2 million for 2022 data breach affecting 1.6 million users. Two attacks compromised employee data, leading to access of encrypted user information. ICO criticized LastPass for inadequate security measures. No evidence passwords unencrypted but concerns remain about hackers cracking vaults. LastPass acknowledges shortcomings, focusing on enhancing data security.

https://therecord.media/uk-fines-lastpass-over-1-million-data-breach

The Biggest Catch: How Whaling Attacks Target Top Executives

phishing, social engineering

Dec 12 2025

Whaling attacks target senior executives, exploiting their time constraints, online visibility, and access to sensitive information. Attackers often use phishing tactics, enabling them to execute large financial frauds. AI enhances these threats by facilitating data gathering and creating convincing communication. Mitigation strategies include personalized training, strong approval processes for fund transfers, and robust email security measures. Protecting against whaling not only safeguards financial assets but also corporate reputations.

https://www.welivesecurity.com/en/business-security/big-catch-how-whaling-attacks-target-top-executives/

New ConsentFix Attack Hijacks Microsoft Accounts Via Azure CLI

authentication, breach, microsoft

Dec 12 2025

ConsentFix attack hijacks Microsoft accounts via Azure CLI without passwords or MFA. It tricks users into submitting OAuth codes through a fake CAPTCHA on compromised sites, giving attackers full access to accounts using Azure authentication. Monitoring for unusual Azure CLI activity is recommended to detect this threat.

https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/

HTTPS Certificate Industry Phasing Out Less Secure Domain Validation Methods

browser, internet

Dec 11 2025

Google is phasing out less secure domain validation methods for HTTPS certificates to enhance internet security. This involves retiring 11 outdated validation practices like email and phone-based verifications, which are vulnerable to attacks. The transition will be gradual, fully implemented by March 2028. The goal is to adopt stronger, automated validation methods that ensure certificates are issued only to legitimate domain owners, ultimately making the web safer for all users.

https://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html

New DroidLock Malware Locks Android Devices and Demands a Ransom

android, ransomware

Dec 11 2025

New DroidLock malware targets Android users, locks screens for ransom, and can access personal data. It spreads via fake apps, gaining permissions to control devices. It can wipe data, change passwords, and threaten file destruction. Android users are advised to avoid sideloading apps and check permissions.

https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/

Fighting Payment Fraud With AI

ai, frauds, payments

Dec 11 2025

AI combats rising payment fraud effectively, adapting rapidly to evolving threats. Traditional fraud defenses struggle against sophisticated attacks, leading to increased false declines that harm customer loyalty. Businesses are turning to AI for more accurate, real-time fraud detection, which boosts legitimate transactions and reduces losses. AI-enabled systems analyze vast data for nuanced risk scoring, transforming fraud prevention into a strategic growth tool. Investing in AI is essential for safeguarding revenue and enhancing customer experience.

https://www.independent.co.uk/news/business/business-reporter/payment-fraud-ai-cyber-attacks-security-b2881360.html

CISA Warns Microsoft Windows Users—Log Out And Shut Down

windows

Dec 11 2025

CISA advises Microsoft Windows users to back up their data, log out, and fully shut down devices if they will be left unattended over the holidays. This reduces the risk of in-person or remote cyber threats and is especially important given the rise in online shopping scams and cyberattacks. Simple actions like powering down and backing up provide stronger protection during the holiday season.

https://www.forbes.com/sites/zakdoffman/2025/12/09/cisa-warns-microsoft-windows-users-log-out-and-shut-down/

The AMOS Infostealer Is Piggybacking ChatGPT’s Chat-sharing Feature

chatgpt, macos, malware

Dec 11 2025

Cybercriminals are spreading the AMOS (Atomic MacOS Stealer) infostealer using convincing Google ads and ChatGPT’s chat-sharing feature. Victims are directed to a legitimate-looking chatgpt.com page showing a fake guide to installing the non-existent Atlas browser for macOS. The guide instructs users to run a terminal command, which downloads malware, steals passwords, browser, and wallet data, and installs a persistent backdoor. Users are advised to avoid running terminal commands from untrusted sources, use trusted security solutions, and seek expert advice if instructions seem suspicious.

https://www.kaspersky.com/blog/share-chatgpt-chat-clickfix-macos-amos-infostealer/54928/

‘Botnets in Physical Form’ Are Top Humanoid Robot Risk

ai, robotization, trends

Dec 11 2025

Humanoid robots are becoming mainstream, prompting security concerns regarding potential botnets. With predictions of over 3 billion robots by 2060, experts warn of vulnerabilities, including exploits already identified in existing models. As these robots integrate into various sectors, the emergence of a new industry dedicated to their security is anticipated, emphasizing the need for robust protective measures against cyber threats.

https://www.theregister.com/2025/12/09/humanoid_robot_security/

GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs Data

ai, google, vulnerability

Dec 11 2025

GeminiJack: A discovered zero-click vulnerability in Google Gemini Enterprise allowed attackers to exfiltrate sensitive corporate data through shared documents, emails, or calendar invites without user interaction. This architectural flaw permits harmful content to instruct the AI to retrieve confidential information, which is then sent to the attacker via an external image request. The attack operates silently, bypassing traditional security measures. Google has since updated its systems to prevent such vulnerabilities, marking a shift in enterprise AI security considerations. Organizations must enhance monitoring and trust boundaries as AI tools evolve.

https://noma.security/blog/geminijack-google-gemini-zero-click-vulnerability/

Ransomware IAB Abuses EDR for Stealthy Malware Execution

ransomware, threats, windows

Dec 10 2025

Ransomware group Storm-0249 exploits EDR tools like SentinelOne to stealthily execute malware. Using social engineering, they trick users into running malicious commands that lead to DLL side-loading, making attacks appear as normal EDR processes, thus evading detection. Recommendations include behavior-based detection and stricter controls on execution of potentially harmful commands.

https://www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/

Malicious VSCode Extensions on Microsoft’s Registry Drop Infostealers

malware, microsoft

Dec 10 2025

Two malicious extensions in Microsoft's Visual Studio Code Marketplace, named Bitcoin Black and Codo AI, infect developers' computers with malware that can steal credentials, screenshots, and cryptocurrency. Codo AI appears as an AI assistant, while Bitcoin Black masquerades as a color theme. Both can execute harmful scripts and have been flagged by antivirus engines. Microsoft has since confirmed their removal from the marketplace. Developers are advised to only install extensions from reputable sources.

https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/

How I Block All Online Ads

ads, browser, privacy

Dec 10 2025

User shares methods for eliminating online ads, detailing tools, techniques, and personal experiences. Strategies include browser extensions (like uBlock Origin), DNS filtering (using Pi-hole), and routing traffic through a cloud VPN to minimize ad exposure. User reports significant success over three years in reducing ads across various platforms.

https://troubled.engineer/posts/no-ads/