Daily updates on the latest scams, fraud alerts, and security threats from trusted sources.
Over 10,000 email servers running Zimbra software are currently under attack by hackers exploiting a security vulnerability that allows them to inject malicious code into websites. If your workplace or organization uses Zimbra for email, attackers could potentially steal your login credentials or personal information. Contact your IT department to ensure your email system has been updated with the latest security patches.
Home security company ADT suffered a cyberattack where criminals stole customer data and are now demanding ransom money to prevent its release. If you're an ADT customer, watch for any notifications from the company about this breach and monitor your accounts for suspicious activity.
Medical records from 500,000 UK volunteers participating in health research were illegally put up for sale on the Chinese shopping website Alibaba. This sensitive health data was supposed to be protected but somehow ended up in criminal hands. UK residents who participated in medical research should monitor their personal information for misuse and be cautious of unexpected medical bills or insurance issues.
New European Union regulations now legally require financial companies to implement strong password and access controls to protect customer data and prevent cyber attacks. Banks and other financial institutions that fail to properly secure their systems could face legal penalties. Customers should verify their banks are following proper security practices and use strong, unique passwords for financial accounts.
A serious security flaw in Linux systems called Pack2TheRoot allows hackers who already have basic access to a computer to gain complete control over the entire system. This could let attackers install malicious software, steal sensitive data, or completely take over Linux computers and servers. Linux users should update their systems as soon as patches become available.
Microsoft will soon introduce passkey technology for Windows users, which provides stronger security than traditional passwords and helps protect against phishing attacks. This technology allows you to log in using your face, fingerprint, or security key instead of typing passwords that can be stolen.
A new hacking group called BlackFile has been targeting retail and hospitality businesses through voice phishing attacks since early 2026, stealing data and demanding ransom payments. Consumers should be extra cautious about unsolicited phone calls requesting personal information, especially from people claiming to represent businesses they frequent.
Microsoft is improving Windows Update to give users better control over when their computers restart for updates. This change should reduce the frustration of unexpected restarts that interrupt work or personal computer use.
Security experts discovered persistent malware that can survive updates on certain Cisco firewall devices used by businesses. While this primarily affects corporate networks rather than individual consumers, it highlights how sophisticated cyber threats continue to evolve against even security-focused equipment.
Microsoft has given business IT departments the ability to remove the AI Copilot assistant from company computers through a new setting. This change gives organizations more control over what software runs on their devices, which can help improve security and reduce potential privacy concerns with AI tools.
A new group of government-backed hackers is using popular workplace apps like Outlook, Slack, and Discord to secretly communicate during cyberattacks on government agencies. While this primarily targets government entities, it shows how criminals can abuse trusted communication platforms that many people use daily.
Cybercriminals are actively attacking websites that use a popular WordPress plugin called Breeze Cache by exploiting a security flaw that lets them upload malicious files. If you run a WordPress website with this plugin, you should update it immediately or temporarily disable it to prevent hackers from taking control of your site.
Hackers temporarily compromised a legitimate software tool used by developers to manage passwords, replacing it with malicious code designed to steal login credentials. Software developers who recently downloaded the Bitwarden CLI tool should check their systems for compromise and change their passwords as a precaution.
When hackers attack businesses, the damage doesn't stop with the company - it often spreads to their customers through stolen personal information, service disruptions, and compromised accounts. These corporate cyberattacks can expose your data, disrupt services you rely on, and sometimes lead to identity theft or financial fraud. Consumers should monitor their accounts closely when companies they use experience security breaches and be prepared for potential impacts on services they depend on.
Chinese government hackers are secretly taking control of regular people's internet-connected devices like routers and smart gadgets to hide their cyberattacks. Consumers should regularly update their device firmware and change default passwords to prevent their devices from being hijacked for criminal activities.
A recent Microsoft Edge browser update is causing technical problems that prevent some Windows users from joining Teams video meetings. This is a software bug rather than a security issue, so users experiencing meeting problems should try using a different browser temporarily.
Cybercriminals are tricking company help desks into resetting passwords by pretending to be legitimate employees, giving them full access to accounts. This highlights why you should be cautious about password reset requests and verify your identity through multiple methods when contacting customer service.
Dutch cosmetics company Rituals suffered a cyberattack where hackers stole personal information from customer accounts in their loyalty program database. If you're a Rituals customer, watch for suspicious emails or messages that could be using your stolen data, and consider changing your account password.
Cybercriminals have infected legitimate software development tools from security company Checkmarx with malicious code designed to steal sensitive information from programmers' computers. Developers who use these compromised tools may have had their passwords, code, and other confidential data stolen without their knowledge.
A ransomware group called Trigona has developed a specialized tool to quickly steal large amounts of data from businesses before encrypting their files. This represents an escalation in ransomware attacks, as criminals are becoming more efficient at both stealing sensitive information and holding it for ransom.
A serious security flaw in Microsoft Defender antivirus software is being actively exploited by hackers to gain deeper access to computer systems. The U.S. government has ordered federal agencies to immediately install security patches to fix this vulnerability. Regular consumers using Microsoft Defender should ensure their systems are up to date with the latest security updates.
Roblox is implementing stricter safety measures for children after facing legal pressure over child safety issues, including paying millions in settlements. The gaming platform is adding stronger age verification and limiting chat features to better protect young users. Parents should review these new safety settings and monitor their children's online gaming activities.
Apple fixed a privacy bug in iPhones and iPads that was keeping copies of deleted notifications, including previews of private messages from apps like Signal. Even when users thought they had cleared their notifications, the deleted content could still be recovered from the device. Users should update their devices to get this important privacy fix.
A company that handled anonymous tip reporting for 35,000 schools was hacked, exposing sensitive reports about bullying, weapons, and student safety concerns. Additionally, gaming company Rockstar Games suffered another data breach that accidentally revealed confidential financial information. Students and parents should be aware that school tip line reports may have been compromised, and gamers should monitor their accounts for suspicious activity.
Scammers created a fake cryptocurrency trading website that looks like the legitimate TradingView platform but secretly installs malware on visitors' computers. This malicious software can take complete control of your web browser, steal login credentials for your online accounts, and access your financial information. Consumers should be extremely cautious when visiting trading websites and verify they're using official, legitimate platforms before entering any personal information.
A security researcher raised concerns that Claude Desktop, an AI chatbot application for Mac computers, may be collecting and transmitting user data without proper disclosure. While the investigation is ongoing, this highlights the importance of understanding what data AI applications collect from your device. Mac users should review privacy settings and be aware of what information apps can access on their computers.
Apple fixed a bug that allowed deleted Signal messages to remain stored on iPhones and iPads, potentially giving law enforcement or hackers access to supposedly deleted private communications. iPhone and iPad users should install the latest security updates to ensure their deleted messages are properly removed from their devices. This highlights the importance of keeping devices updated for privacy protection.
Hackers are exploiting a serious vulnerability in older D-Link home routers to take control of them and add them to criminal networks used for cyberattacks. Owners of D-Link DIR-823X routers should replace their devices immediately since these models are no longer supported with security updates. Using outdated networking equipment puts your home network and connected devices at risk.
A new ransomware group called Kyber is attacking both individual computers and business servers, encrypting files and demanding payment for recovery. This group is using advanced encryption methods that may be harder to break in the future. Users should maintain regular backups of important files and keep security software updated to protect against these attacks.
Spanish police shut down a major illegal manga website that had been operating for over 10 years and arrested four people involved in running it. While this primarily affects manga readers, it serves as a reminder that using piracy websites can expose users to malware and legal risks. Consumers should stick to legitimate streaming and reading platforms to avoid security threats.
Scammers are now running their phone fraud operations like professional businesses, with organized hiring, training programs, and performance reviews. This means consumers may face more sophisticated and convincing phone scams as criminals become better trained at manipulation tactics. Be extra cautious of unexpected calls asking for personal information or money, even if the caller sounds professional.
Hackers have found a new way to steal login credentials by poisoning software packages that developers use to build websites and apps. When developers unknowingly use these infected packages, their accounts get compromised and the attack spreads to more software. Consumers should ensure they're using apps and websites from trusted sources and keep software updated.
Microsoft is adding a new feature to Teams that will help the app run better on older computers with limited processing power and memory. This is a routine software improvement that will make video calls and meetings more reliable for users with older devices. No security concerns for consumers.
The FTC warns consumers to hang up on unexpected phone calls offering to lower credit card interest rates, as these are typically scams designed to steal money or personal information. These callers often promise unrealistic shortcuts to reduce debt but instead charge upfront fees for services they never provide or use the opportunity to steal your financial details. If you're looking to lower your interest rates, contact your credit card company directly rather than trusting unsolicited callers.
Microsoft released urgent security patches to fix a serious vulnerability in their ASP.NET software that could let attackers gain unauthorized access to systems. Businesses and developers using ASP.NET should install these emergency updates immediately to protect their websites and applications.
Cybercriminals have created new malware that targets Linux computers and cleverly hides its communications by using legitimate Microsoft email services. This makes the malicious software harder to detect since it appears to be using normal Microsoft infrastructure rather than suspicious criminal servers.
Over 1,300 Microsoft SharePoint servers remain vulnerable to attacks because their owners haven't installed important security updates. Criminals are actively exploiting this weakness to potentially access business documents and data stored on these unpatched servers.
Microsoft is experiencing technical problems with their Universal Print service that prevents some users from setting up printer sharing. This appears to be a software bug rather than a security issue, affecting business users who rely on Microsoft's cloud printing services.
Government cybersecurity agencies are warning about sophisticated networks of compromised devices being used by China-linked threat actors to conduct cyber espionage and attacks. These compromised device networks can affect both businesses and individual consumers by using their internet-connected devices without their knowledge. Consumers should keep their routers, smart devices, and computers updated with the latest security patches to prevent unauthorized access.
A French government agency that handles official documents like passports and IDs was hacked, and criminals are now trying to sell stolen citizen information online. This breach could put French citizens at risk of identity theft since their personal data may be in criminal hands. People should monitor their accounts for suspicious activity and be extra cautious about unsolicited contact claiming to be from government agencies.
A cybercriminal who helped steal millions in cryptocurrency by sending fake text messages has been arrested and pleaded guilty. The scammer and his group tricked people into giving up login credentials through text message scams, then used that access to break into major tech companies and steal digital currency from investors.
Scammers have discovered how to manipulate real Apple notification emails to include fake tech support phone numbers instead of legitimate contact information. When people receive what looks like an official Apple security alert and call the provided number, they reach criminals who will try to steal personal information or money through fake technical support services.
Criminals are creating fake versions of Google's new Antigravity software that look and work normally but secretly steal your login credentials for various accounts. When you download and install what appears to be legitimate Google software, malicious code runs in the background and gives scammers access to your personal accounts within minutes.
US cybersecurity officials discovered that hackers are actively exploiting a security flaw in business networking equipment and have ordered government agencies to fix it immediately. While this mainly affects organizations rather than individual consumers, businesses that use this type of networking equipment should apply security updates quickly to prevent potential data breaches that could expose customer information.
UK regulators are investigating the messaging app Telegram over concerns that criminals are using it to share illegal content involving children. While not directly a consumer scam, parents should be aware of potential safety risks on messaging platforms and monitor their children's online activities, especially on apps with less content moderation.
This appears to be a promotional article about fraud prevention technology rather than a news report about an actual scam or security incident. It discusses methods that companies can use to detect fraudulent activity without making legitimate customers jump through extra security steps.
Cybercriminals used a new type of destructive malware called Lotus to attack energy and utility companies in Venezuela, wiping out important data systems. While this specifically targeted Venezuelan infrastructure, similar attacks could affect utility services anywhere, potentially disrupting power, water, or other essential services that consumers rely on daily.
Criminals created a fake version of the legitimate HandyPay app that steals credit card information when users tap their phones to make NFC payments. Android users should only download payment apps from official sources and verify app authenticity before entering sensitive financial information. Check your bank statements regularly for unauthorized transactions if you use mobile payment apps.
Security researchers discovered that thousands of business servers running Apache ActiveMQ software are vulnerable to attacks that could let hackers inject malicious code. While this primarily affects companies rather than individual consumers, it could lead to data breaches at organizations that handle personal information. Consumers should monitor their accounts for unusual activity if they use services from companies that may be affected.
A former cybersecurity professional who was supposed to help companies recover from ransomware attacks instead helped criminals launch those attacks. This insider threat demonstrates that even trusted security companies can be compromised, putting client data at risk. Businesses and consumers should verify the credentials and background of any cybersecurity firm they work with.
Android's new version will give users better control over what contact information apps can access. Instead of apps taking your entire contact list, you'll be able to choose which specific contacts to share, giving you more privacy protection.
A company called Anthropic has developed an AI tool called Mythos but is keeping it restricted from public use because it's too dangerous. They're only allowing select organizations to access it due to concerns about how criminals might misuse the technology.
A British hacker who led a major cybercrime group has pleaded guilty to stealing cryptocurrency through wire fraud and identity theft. This shows law enforcement is successfully tracking down international cybercriminals who target people's digital assets and personal information.
Cybercriminals are using a network of over 1,500 infected computers to launch ransomware attacks that can lock up business systems and demand payment. This threat primarily affects companies, but could disrupt services that consumers rely on daily.
Hackers broke into Seiko USA's website and claim they stole customer information from their online store, threatening to release it unless paid. If you've shopped on Seiko's website, monitor your accounts for suspicious activity and consider changing passwords.
Scammers are increasingly using Microsoft Teams to impersonate IT helpdesks and trick employees into giving them access to company systems. Be suspicious of unexpected Teams messages asking for passwords or system access, even if they appear to be from your IT department.
This appears to be an educational article about business backup strategies rather than a security threat. It discusses why businesses need comprehensive disaster recovery plans beyond just data backups to maintain operations during outages.
Microsoft is testing improvements to make File Explorer run faster on Windows 11 computers. This is a routine software update that should make everyday computer tasks more efficient for users.
A cybersecurity podcast discusses how major technology companies have the ability to prevent many scams targeting older adults but often don't implement these protections. The episode focuses on what methods actually work to protect seniors from financial fraud.
Scammers uploaded 26 fake cryptocurrency wallet apps to Apple's App Store that impersonate popular services like Coinbase and MetaMask to steal users' recovery phrases and drain their crypto accounts. iPhone users should verify they're downloading official apps by checking developer credentials and reading reviews carefully. Never enter your crypto wallet recovery phrase into any app unless you're absolutely certain it's legitimate.
North Korean government hackers stole $290 million worth of cryptocurrency from the KelpDAO platform in a massive digital heist. This attack highlights the ongoing risks of storing large amounts of cryptocurrency on decentralized finance platforms. Crypto investors should research platform security thoroughly and consider spreading investments across multiple secure wallets.
StubHub will pay $10 million in refunds to customers who bought tickets between May 12-14, 2024, after the FTC sued them for hiding mandatory fees. If you purchased tickets during those dates, you may be eligible for money back due to the company's deceptive pricing practices.
This appears to be a weekly security roundup from Malwarebytes covering various cybersecurity topics from April 13-19. Without seeing the specific content covered, consumers should check the full article to stay informed about the latest security threats and protection tips that may affect them.
Microsoft temporarily broke its Teams desktop app with a faulty update, preventing some users from opening the program. The company has since fixed the issue by rolling back the problematic update. This affects workplace productivity but doesn't pose a security threat to consumers.
Microsoft released emergency fixes for Windows Server computers after their April security updates caused system problems. This primarily affects businesses and organizations running servers rather than home computer users. Regular Windows users are not impacted by this specific issue.
Hackers broke into Vercel, a website development platform, and are now trying to sell stolen company data online. If you use Vercel's services for web development, watch for notifications from the company about potential data exposure. This breach could affect developers and their clients who use the platform.
Scammers are exploiting Apple's legitimate email system to send fake messages about iPhone purchases that look completely authentic. These phishing emails appear to come directly from Apple and may bypass spam filters, making them extremely convincing. Be very careful with any unexpected Apple purchase notifications and verify them directly through your Apple account.
A government cybersecurity agency will stop rating less critical software vulnerabilities because they're receiving too many to handle. This administrative change may slow down security patch prioritization but doesn't directly impact consumers. Users should continue installing software updates as recommended by their device manufacturers.
A serious security flaw has been discovered in a widely-used JavaScript library that could allow hackers to run malicious code on websites and applications. If you use websites or apps that rely on this library, you may be at risk until developers apply security patches. Users should keep their browsers and apps updated as fixes become available.
A recent Microsoft Edge browser update has caused a bug that prevents users from pasting text using right-click in Microsoft Teams desktop chat. This is a functionality issue rather than a security threat, but it may disrupt normal work communications. Microsoft is aware of the problem and working on a fix.
NAKIVO has released an updated version of their backup software with new features including ransomware protection and faster data replication. This is a legitimate product announcement focused on helping businesses protect their data from cyber threats. Companies using backup solutions should consider ransomware-specific protections as these attacks continue to increase.
A cryptocurrency exchange called Grinex lost $13.7 million in a hack and has shut down operations, blaming Western intelligence agencies for the attack. This incident highlights the risks of storing cryptocurrency on exchanges, as users may lose their funds when platforms are compromised or suddenly close.
Security researchers discovered underground guides that teach criminals how to evaluate and choose the best stolen credit card marketplaces based on data quality and reputation. This reveals the organized nature of credit card fraud operations and reminds consumers to monitor their credit card statements regularly for unauthorized charges.
Classic Nigerian advance-fee scams are still successfully tricking people out of money, even though they've been around for decades. These scams promise victims large sums of money in exchange for small upfront payments or personal information, but they're always fake. People should be extremely skeptical of unexpected emails or messages offering easy money, especially from strangers claiming to need help transferring funds.
Criminals are sending fake DHL shipping notification emails that trick people into downloading remote access software onto their computers. Once installed, this software gives hackers complete control over victims' devices, allowing them to steal data or install dangerous ransomware. Never download software or click links in unexpected shipping emails - always verify deliveries directly through the official shipping company website.
Cybercriminals are using a new technique called Payouts King ransomware that hides malicious software inside virtual machines to avoid detection by security programs. This sophisticated attack method makes it harder for businesses and individuals to protect their computers from ransomware that can lock up files and demand payment.
Musician G. Love lost his life savings after downloading a fake cryptocurrency wallet app from Apple's App Store and entering his recovery phrase into it. This shows that even apps from official stores can be dangerous, and cryptocurrency users should never share their seed phrases with any app or website.
A cybersecurity webinar announcement discusses how phishing attacks are driving most cybercrime today and the need for better security and recovery strategies. This highlights that phishing remains a major threat where criminals trick people into revealing passwords or downloading malware through fake emails and websites.
A serious security flaw in Apache ActiveMQ software that went unnoticed for 13 years is now being actively exploited by hackers. This vulnerability affects many businesses and organizations that use this messaging software, potentially allowing attackers to gain unauthorized access to systems.
Microsoft's April security updates are causing some Windows servers to get stuck in endless restart loops, creating major disruptions for businesses. Organizations using Windows domain controllers should be aware that these critical updates may cause system instability and should plan accordingly before installing them.
Hackers are now actively exploiting recently revealed Windows security vulnerabilities to gain complete control over computers. Windows users should install security updates as soon as possible to protect themselves from these attacks that could give criminals full access to their systems.
A 23-year-old man was sentenced to prison for illegally selling access to tens of thousands of hacked DraftKings gambling accounts. This case highlights how criminals steal and sell access to online accounts, putting users' personal information and money at risk on gambling and gaming platforms.
Investment scams are costing Americans billions of dollars, with the FTC reporting over $7.9 billion in losses and individual victims losing a median of more than $10,000. Scammers lure people with promises of big returns on fake investment opportunities. Be extremely cautious of any investment offer that guarantees high returns or pressures you to act quickly.
Hackers stole guest reservation information from Booking.com, which scammers are now using to impersonate hotels and contact travelers. These fake hotel representatives trick guests into providing payment details and personal information by pretending to need updated booking information.
Hackers are secretly installing malicious email rules in Microsoft 365 accounts that automatically forward or redirect your emails to criminals, even after you change your password. These hidden rules can steal sensitive information from your inbox without you knowing. Users should regularly check their email account settings for any suspicious forwarding rules they didn't create.
Malwarebytes has improved their Browser Guard tool to help users control which websites can access their camera, microphone, location, and send notifications. This update gives consumers better protection against websites that try to access personal information without clear permission.
Scammers are sending fake messages to Apple users claiming their iCloud storage is full and demanding immediate payment to avoid losing photos. These fraudulent alerts pressure people into quickly entering their payment information, which thieves then steal for unauthorized purchases.
Cybercriminals have created a fake version of the Slack workplace app that appears legitimate but secretly installs hidden remote access software. Once installed, attackers can invisibly control the victim's computer and steal login credentials for various accounts.
A security researcher published details about a serious flaw in Microsoft Defender antivirus software that could allow hackers to gain full control of computers. Microsoft users should install security updates as soon as they become available to protect against this vulnerability.
Law enforcement took down 53 websites used to launch cyber attacks and identified 75,000 users involved in these illegal activities across 21 countries. This operation helps protect consumers by removing tools that criminals use to crash websites and online services that people rely on daily.
Cisco discovered serious security flaws in their Webex video conferencing platform that could allow hackers to intercept communications. If you use Webex for work or personal meetings, check with your IT department or Cisco for required updates to protect your conversations from being compromised.
This is a technical article about cybersecurity tools for businesses rather than consumer-facing scams or fraud. It discusses how companies are using AI in their security operations centers but focuses on enterprise security workflows.
Criminals are now using artificial intelligence to make automated phone calls that sound like real people to trick victims into giving up passwords and personal information. These AI voice agents can carry on convincing conversations to steal your credentials without needing a human scammer on the line. Be extra cautious of unexpected calls asking for login information, even if the caller sounds legitimate.
Google is using its AI technology to better detect and block fraudulent advertisements on its platforms as scammers become more sophisticated. This should help protect consumers from seeing fewer malicious ads that could lead to scams or malware infections when browsing online.
Hackers are exploiting a security flaw in Python programming software to install malware on computers, using a trusted AI platform called Hugging Face to host their malicious code. This shows how criminals are increasingly using legitimate services to hide their attacks from security software.
Cybercriminals have created malware specifically designed to attack water treatment plants and desalination facilities. While this doesn't directly target individual consumers, it could potentially disrupt clean water supplies in affected communities.
Two Americans were sentenced to prison for helping North Korean hackers pose as US workers and get hired at major companies using fake identities. This scheme allowed foreign adversaries to infiltrate American businesses and potentially steal sensitive information while earning money to fund illegal activities.
Hackers stole personal information from 13.5 million McGraw Hill education accounts and published it online. If you or your children use McGraw Hill educational products, watch for identity theft attempts and consider changing passwords on any accounts that might use the same login information.
Microsoft is having trouble with a security update for Windows Server 2025 that won't install properly on some systems. This is primarily a technical issue affecting businesses rather than individual consumers.
A fake credit repair company is targeting financially struggling people with convincing emails that trick them into sharing personal financial information. Victims also get signed up for expensive weekly fees they didn't agree to pay.
Use our AI-powered scanner to analyze suspicious messages, emails, and links instantly.
Try the Scam Scanner