Bug Lurks in the Firefox Browser Engine. Update Now

A security flaw in Mozilla Firefox, highlights why browser updates matter more than ever. The vulnerability involves a heap buffer overflow, a component used to process certain video content on the web. Ok, that’s a bit technical, but suffice it to say, in the worst-case scenario, attackers could potentially exploit this flaw to execute malicious code, crash the browser, or manipulate how Firefox behaves if a specially crafted media file or webpage is loaded. READ FULL STORY

Fake Claude AI Chats and Google Ads Are Now Delivering Malware

Searching Google for a Claude AI download on your Mac could now land you in the middle of a malware trap that looks surprisingly legitimate. Security researchers are warning that attackers are abusing Google Ads and even real shared Claude AI chats to trick macOS users into running dangerous Terminal commands. Victims often remain on legitimate-looking Claude pages while being guided through fake setup instructions that quietly install malware capable of stealing passwords, browser sessions, crypto wallets, and sensitive Mac Keychain data. READ FULL STORY

World Cup Fever is in the Air—Watch for Soccer-Related Scams

The FIFA World Cup attracts billions of fans around the globe, but it also attracts cybercriminals looking to score against unsuspecting victims. From counterfeit tickets and fake streaming sites to fraudulent travel packages and phishing emails, scammers use the excitement surrounding the tournament to steal money, personal information, and account credentials. Before you buy tickets, book travel, or stream a match, learn the most common. World Cup scams and the simple steps that can help keep you from becoming the next victim. READ FULL STORY

Social Media Brings Out The Worst Scammers

Social media attacks are a favorite of those pesky cybercriminals. One might wonder why. Well, it’s because it’s easy pickin's going for those accounts. Researchers at Arkose Labs found that of 1.2 billion social media interactions, 53% of the logins were fraudulent and 25% of new accounts were phony. Millions of people use one form of social media or another, whether it’s Facebook, Instagram, Snapchat, LinkedIn, or something else. That leaves a barrel full of phish used for targets for hackers and scammers. READ FULL STORY

Watch Out for Juneteenth-Themed Scams This Holiday

As Juneteenth celebrations take place across the country, cybercriminals are taking advantage of the holiday's growing visibility. Security experts are warning consumers to be cautious of phishing emails, text messages, and social media posts that use Juneteenth-related themes to steal personal information, passwords, or financial data. Scammers often capitalize on holidays and major events because people are more likely to trust messages that appear connected to community celebrations, special promotions, or charitable causes. Juneteenth is no exception. READ FULL STORY

Understanding Multi-Factor Authentication

We all know that passwords alone just don’t cut it anymore. Between data breaches, phishing attacks, and password reuse, relying on a single password to protect your most valuable accounts is like locking your front door but leaving the windows wide open. That’s where multi-factor authentication (MFA) comes in. It adds extra layers of protection to your online accounts. While many companies are implementing passkeys, not all of them have it available. So, MFA is the next best way to protect your accounts, MFA makes it so that even if your password falls into the wrong hands, no one can get in without passing additional verification steps. READ FULL STORY

Luxury Brand Breach Reminds Us to Use Unique Credentials

Ok, so we may all not be able to don the luxury jewelry from Cartier like celebrities, but that doesn’t mean we should ignore cybersecurity news involving them. That’s because those are likely still learning opportunities for us all. In fact, a recent incident involving Cartier included customer data being stolen after a data breach of their website. This is on the heels of other data breaches of brands, not particularly luxury brands, such as Victoria’s Secret and The North Face. READ FULL STORY

Users Get Tricked Into Falsely Updating Google Services

The TrickMo Android banking trojan has re-emerged in a new form, disguised as a fake Google Chrome app for Android. Once installed, this malicious app prompts users to update Google Play Services, tricking them into downloading TrickMo under the guise of "Google Services." By doing so, it gains access to critical permissions, including those for the device's accessibility settings, which it then exploits to perform various malicious activities. READ FULL STORY

Are You A Money Mule? What You Need To Know

Criminals of all kinds traffic in stolen money and need middlemen to relocate the funds. From romance scams to phishing attacks and more, there’s plenty of fraudsters with hijacked money needing laundering—and that’s where money mules come in handy. Unfortunately, sometimes those people are unaware of what they are doing, but that doesn’t mean they can’t be punished for it. Check out the red flags of avoiding becoming a money mule—and a criminal. READ FULL STORY

Ways To See If Your Data Has Been Stolen

With all the data breaches, whether by intrusion or accident lately, it’s likely your information was exposed somehow to someone you didn’t intend. After all, the marketing company Exactis, exposed hundreds of traits on us in 350 million records. Yahoo let out email addresses and passwords on billions of people, and of course who can forget the massive breach of Equifax just last year. There is a lot of information that gets leaked on us and the more the bad actors have on us, the more targeted their phishing campaigns can be. Checking on whether or not your data is available in the underground can help you mitigate any fraud or identity theft. READ FULL STORY

Account Takeover Fraud Steals Your Identity, Money, And More

With a significant swell in the number of those working from home, come the most historic levels of hacking the world has ever seen. Account takeover (ATO) fraud attacks have been growing yearly, accounting for much of the identity fraud-based financial losses to consumers and businesses. ATO fraud can lead to empty bank accounts and damaged reputations, and those recovering from an attack find it’s an expensive, time consuming, and frustrating task. READ FULL STORY

Instagram’s Helper Bot Helps Hijackers Get Access to Your Account

For years, cybercriminals have relied on phishing emails, malware, and stolen passwords to break into online accounts. Now, some attackers appear to have found a shortcut hiding in plain sight: Meta's own AI-powered support system. Security researchers say hackers were able to trick Instagram's automated support chatbot into helping them take over user accounts, raising fresh concerns about the risks of allowing artificial intelligence to perform sensitive account recovery tasks. The incident serves as another reminder that convenience and security do not always make good roommates. READ FULL STORY