Stay informed on the latest threats with our articles on fake information security tactics, including scams, phishing attempts, and fake news in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Fake is a broad term that encapsulates any fraudulent or inauthentic representation within the digital realm. In the context of information security, "fake" often applies to a variety of deceptive practices designed to mislead, manipulate or harm individuals and organizations. These practices can include the creation of fake websites that mimic legitimate ones to harvest sensitive user data, spoofed emails impersonating trusted entities, and counterfeit software that may contain malicious code.
Moreover, the issue of fake news is also pertinent, where fabricated information is spread with the intent to deceive or cause public harm. This can have serious implications for cyber security as it can influence user behavior and potentially lead to security breaches. Other instances involve deepfakes, which are convincingly altered videos or audio recordings, and can undermine personal and professional reputacies, and can be used in targeted phishing campaigns.
In essence, anything fake within the context of information security is a concern because it undermines trust in digital communication, affects the integrity of data, and poses risks to the privacy and security of individuals and businesses alike.
Weekly headline count for the current query.
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]
Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026, […]
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply […]
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware
Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans
Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have […]
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was […]
Unit 42 Says Iranian Operators Target Aerospace and Government StaffPalo Alto Networks' Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks.
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences.
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]