Mozilla has released urgent updates for its Firefox browser to fix a security issue that could allow attackers to bypass protective measures. This comes shortly after Google patched a similar vulnerability in Chrome, which had been actively exploited.

The flaw, identified as CVE-2025-2857, could let a compromised part of Firefox’s system access more powerful functions, potentially leading to security risks. Mozilla has addressed the issue in Firefox versions 136.0.4 and 115.21.1, and...

The ClearFake cyberattack, first discovered in 2023, has grown into a more dangerous threat. Originally using fake browser update pop-ups, ClearFake now tricks people by pretending to be security checks, like fake reCAPTCHA or Cloudflare Turnstile verifications. These false alerts lead users to unknowingly download harmful software, such as Lumma Stealer and Vidar Stealer.

A new tactic called ClickFix has emerged, where attackers fool users into running harmful...

The FBI Denver Field Office has issued an urgent warning about a rise in cybercrimes involving free online file converters. Criminals are using these services to install malware on users' computers, risking data theft or ransomware attacks. A recent Colorado incident highlights the threat, with cybercriminals targeting individuals seeking free tools to convert or merge files, such as converting Word documents to PDFs. These tools appear legitimate but secretly deliver malicious...

Researchers found a new attack where a malicious web extension mimics any installed add-on, copying icons, popups, and workflows. This tricks users into entering credentials, which attackers can use to hijack accounts and steal sensitive data. The attack affects all Chromium-based browsers like Chrome, Edge, Brave, and Opera.

The malicious extension scans for target extensions, changes its icon to match, and disables the legitimate extension using the "chrome.management" API. Google...

The U.K.'s Information Commissioner's Office (ICO) has launched an investigation into TikTok, Reddit, and Imgur to examine how they protect children aged 13 to 17. The probe focuses on how these platforms use children’s personal data to recommend content, amid concerns that such practices may expose young users to inappropriate material.

The ICO is particularly scrutinizing TikTok’s recommendation algorithms and the methods Reddit and Imgur use to verify user age and tailor content....

OpenAI announced Friday that it banned several accounts using its ChatGPT tool to develop an AI-powered surveillance system, likely originating from China. The tool, leveraging Meta's Llama model, was used to monitor anti-China protests in the West, collect data from social media, and share insights with Chinese authorities. This operation, codenamed Peer Review, also helped analyze posts related to Uyghur rights protests, though the authenticity of some images remains unclear....

South Korea has suspended new downloads of the Chinese AI chatbot DeepSeek, effective February 15, 2025, due to concerns over its compliance with the country’s data protection laws. The Personal Information Protection Commission (PIPC) cited issues with the app's communication functions and its handling of personal data, particularly in relation to third-party services.

While the app remains accessible via the web, existing users have been warned not to input personal information...

North Korean hackers are behind the Contagious Interview campaign, which targets victims with fake job interviews. The hackers send a link that causes an error, prompting users to install fake software (like VCam or CameraAccess) for the interview. This leads to the installation of malware called BeaverTail, which steals sensitive data and can install a backdoor named InvisibleFerret.

Discovered in late 2023, the campaign uses fake video-conferencing apps and npm packages to...

In 2024, Google blocked over 2.36 million Android apps that violated its policies from being published on the Google Play Store. Additionally, more than 158,000 developer accounts attempting to submit harmful apps were banned. Google also worked with third-party app developers to prevent 1.3 million apps from accessing unnecessary or excessive user data, improving security.

Google Play Protect, a built-in security feature on Android devices, detected 13 million new malicious apps...

Cybersecurity researchers have discovered a new phishing tool called Sneaky 2FA, which targets Microsoft 365 accounts to steal login credentials and two-factor authentication (2FA) codes. This phishing kit has been active since at least October 2024, and it was first spotted in December 2024 by the French cybersecurity company, Sekoia. The kit has been used on nearly 100 different websites, suggesting that cybercriminals are starting to use it more widely.

The Sneaky...