Microsoft passwords at risk as hackers exploit Google
Forbes reports that hackers are targeting Microsoft advertiser accounts in an attempt to steal login information and access the advertising platform. Malwarebytes researchers discovered how hackers use malicious ads appearing on Google Search to get sensitive data. The cybersecurity company discovered that sponsored ads contained malicious links despite Google’s security measures. Malwarebytes contacted Google for a statement and received a response stating, “We expressly prohibit ads that aim to deceive people, and we suspend advertisers’ accounts if they are found to engage in this practice, as we have done here. ”
Anthropic dares you to jailbreak its new AI model
Even the most permissive corporate AI models have sensitive topics that their creators would prefer they not discuss (e.g., weapons of mass destruction, illegal activities, or, uh, Chinese political history). Over the years, enterprising AI users have resorted to everything from weird text strings to ASCII art to stories about dead grandmas in order to jailbreak those models into giving the “forbidden” results. Today, Claude model maker Anthropic has released a new system of Constitutional Classifiers that it says can “filter the overwhelming majority” of those kinds of jailbreaks. And now that the system has held up to over 3,000 hours of bug bounty attacks, Anthropic is inviting the wider public to test out the system to see if it can fool it into breaking its own rules.
GrubHub data breach impacts customers, drivers, and merchants
Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a service provider account. “Our investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub,” the company said on Monday. “We immediately terminated the account’s access and removed the service provider from our systems altogether.”
Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models
This article investigates vulnerabilities in DeepSeek R1, a new frontier reasoning model from Chinese AI startup DeepSeek. It has gained global attention for its advanced reasoning capabilities and cost-efficient training method. While its performance rivals state-of-the-art models like OpenAI o1, our security assessment reveals critical safety flaws. Using algorithmic jailbreaking techniques, our team applied an automated attack methodology on DeepSeek R1 which tested it against 50 random prompts from the HarmBench dataset. These covered six categories of harmful behaviors including cybercrime, misinformation, illegal activities, and general harm. The results were alarming: DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful prompt. This contrasts starkly with other leading models, which demonstrated at least partial resistance.
Agentic AI Will Revolutionize Cybercrime in 2025, According to Malwarebytes State of Malware Report
Malwarebytes, a global leader in real-time cyber protection, today released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them. “Our research shows that ransomware will continue to be a potent threat to businesses this year,” said Marcin Kleczynski, Founder and CEO, Malwarebytes. “The shift from large ransomware groups to smaller, unpredictable threat actors, combined with the increasing role of AI, means businesses must increase their cybersecurity vigilance and make holistic endpoint security a priority.”