Discover the latest online threats and cyber security trends impacting businesses and consumers in the US, brought to you by F-Secure’s threat intelligence specialists.
October’s F-Alert highlights how criminals are weaponizing AI, exploiting trusted platforms, and targeting individuals and organizations with increasingly sophisticated scams. It provides expert commentary and practical guidance to help navigate these risks.
Cyber criminals are weaponizing AI website generators like Lovable to build convincing phishing sites that mimic trusted brands. In this article, Laura Kankaala explains how AI has streamlined phishing compared to the manual methods criminals once used.
Imagine calling an airline’s official customer service line—only to be connected to a scammer. In this article, Dr Megan Squire explains how insider threats can leave even cautious customers vulnerable and how organizations often fail victims in their response.
Young job seekers in the United States are being hit by job scams at unprecedented levels. In this article, we examine how fraudulent offers spread and what job hunters can do to protect themselves.
A breach of Salesforce databases exposed data from 4.4 million TransUnion customers. In this article, we examine the court filings and what employees can do to defend against these social engineering attacks.
Despite speculation, Google will not end support for sideloading. Starting in 2026, however, developers must verify their real-world identity to publish apps on certified devices. In this article, Joel Latto explains the impact of this change on Android security.
Researchers have shown that Google’s Gemini AI can be hijacked through something as simple as a calendar invite. In this article, Hafizzuddin Fahmi Hashim explains how AI assistants can expand the attack surface for everyday users.
‘Lovable’ AI Website Generator Lowers the Barrier to Phishing
Cyber criminals are exploiting AI website generators like Lovable to launch phishing sites that imitate trusted brands and even use CAPTCHA for credibility—massively lowering the barrier to entry for a once-complex form of cyber crime.
In this article, Laura Kankaala, F-Secure’s Head of Threat Intelligence, explains how AI has streamlined the creation of phishing campaigns compared to the old, labor-intensive methods of scraping websites and manually editing code.
Lovable is a legitimate platform not designed for scams, but like many AI tools, it has been quickly weaponized by criminals for their own gain.
Laura Kankaala, Head of Threat Intelligence at F-Secure
Insider Threats: When Doing Everything Right Still Isn’t Enough
Imagine calling an airline’s official customer service to rebook a flight—only to be transferred to a scammer. That’s what happened to one United Airlines customer, who reported losing $17,000. United has been unable to explain how the call was routed to the scammer or why its logs showed a shorter call than the customer experienced.
In this article, F-Secure Threat Intelligence Researcher Dr Megan Squire examines insider threats—how even people who follow all recommended security practices can still fall victim when corporate insiders go rogue, and how organizations often fail victims in their response.
Companies often investigate internally but don’t always disclose their findings to the public, leaving victims wondering what they could have done differently.
Dr Megan Squire, Threat Intelligence Researcher at F-Secure
Trending Scam: Job Scams Targeting Young Workers Surge Across the US
Young job seekers are being targeted by job and employment agency scams at unprecedented levels. FTC reports of these scams tripled between 2020 and 2024, while consumer losses soared from $90 million to $501 million over the same period.
In this article, we look at how fraudulent job offers are spreading, the types of scams criminals are devising, and what job hunters can do to protect themselves.
Breach That Matters: Credit Bureau TransUnion Exposes Data of 4.4 Million
In the latest of several attacks targeting Salesforce databases, a breach exposed data from 4.4 million TransUnion customers—including, according to one filing, names, Social Security numbers, and birthdates.
In this article, we examine the outcomes of two separate court filings in Maine and Texas, and outline what employees can do to defend against these social engineering attacks.
Google’s New Identity Checks Aim to Curb Android Malware
Recent speculation suggested Google would stop supporting sideloading, but this has proved false—sideloading is here to stay. Instead, starting in 2026, Google will require mandatory developer verification, meaning Android developers must prove their real-world identity to distribute apps on certified Android devices.
In this article, F-Secure Threat Advisor Joel Latto outlines the upcoming verification process and weighs its pros and cons for both users and developers.
This new verification process links developers to their applications, increasing accountability. It’s an identity check, not a content review.
Joel Latto, Threat Advisor at F-Secure
Gemini AI Exploit Shows the Dark Side of Smart Assistants
Researchers have found that Google’s Gemini AI assistant can be hijacked with nothing more than a calendar invite. By embedding malicious prompts in event titles, email subjects, or shared document names, attackers can launch “targeted promptware attacks” that trick Gemini into executing harmful actions through indirect prompt injection.
In this article, F-Secure Junior Researcher Hafizzuddin Fahmi Hashim examines how AI assistants can expand the attack surface for everyday users—introducing new opportunities for disruption and abuse.
The simplicity of these attacks—requiring only a malicious calendar invite—challenges the assumption that AI exploits are complex.
Hafizzuddin Fahmi Hashim, Junior Researcher at F-Secure
