VulnHub

Real-time Cybersecurity News

FBI Warns of Fake Video Scams

Schneier on Security
Actively Exploited
Vulnerability

Overview

The FBI has issued a warning about a new scam involving fake kidnapping threats that utilize AI-generated images. Scammers contact victims via text, claiming to have abducted a loved one and demanding ransom for their release. To make their threats more convincing, they often send images or videos of the supposed victim, which may look real at first glance but often contain discrepancies, such as missing tattoos or wrong body proportions. These criminals may use timed messages to pressure victims into paying quickly, reducing the chance for them to scrutinize the evidence. This type of scam not only preys on the emotional vulnerability of individuals but also highlights the growing misuse of technology in criminal activities, making it essential for people to stay vigilant and verify claims before taking action.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Victims should verify claims independently, remain cautious of unsolicited messages, and seek assistance from law enforcement if they receive such threats.
  • Timeline: Newly disclosed

Original Article Summary

The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim’s loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one. Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions. Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images...

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Victims should verify claims independently, remain cautious of unsolicited messages, and seek assistance from law enforcement if they receive such threats.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance

NCSC Feed

The ROCA vulnerability affects certain Infineon Trusted Platform Modules (TPMs) and Secure Elements, which are used in various devices for secure cryptographic functions. This flaw allows attackers to potentially recover private RSA keys, compromising the security of encrypted communications and data for users. Devices that utilize these components could be at risk, making it crucial for manufacturers and users to assess their systems. The vulnerability is significant because it could expose sensitive information and undermine trust in security protocols. Users and organizations that rely on affected devices need to take immediate action to secure their systems and protect their data.

Feb 28, 3025

Cyber Assessment Framework 3.2

NCSC Feed

The latest version of the Cyber Assessment Framework (CAF) has been released, aiming to address the rising threats to critical national infrastructure. This update emphasizes the need for organizations to reassess their cybersecurity strategies in light of evolving risks. The framework aims to provide guidance on how to enhance resilience against potential cyberattacks that could impact essential services and systems. It is particularly relevant for government agencies, utility providers, and other sectors that rely on critical infrastructure. By adopting the updated CAF, organizations can better prepare for and mitigate the risks posed by increasingly sophisticated cyber threats.

Jan 22, 2277

Scam-Busting FCA Firm Checker Tool Given Cautious Welcome

Infosecurity Magazine

The Financial Conduct Authority (FCA) has introduced a new tool called the Firm Checker to help consumers verify the legitimacy of financial firms and combat fraud. Experts have expressed cautious optimism about the tool, noting that while it may not significantly reduce fraud rates, it represents progress in consumer protection. The tool allows users to check whether a firm is authorized, which is crucial in an era where scams are increasingly sophisticated. However, professionals in the field stress that consumers must remain vigilant and not solely rely on the tool for fraud prevention. The effectiveness of the Firm Checker will depend on public awareness and its integration into broader fraud prevention strategies.

Dec 11, 2025

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

The Hacker News

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Dec 11, 2025

IBM Patches Over 100 Vulnerabilities

SecurityWeek

IBM has addressed more than 100 vulnerabilities this week, with many of these issues stemming from third-party dependencies. Among the vulnerabilities, some were classified as critical, which means they could potentially allow attackers to exploit systems if left unpatched. This patching effort is crucial for organizations that rely on IBM software and services, as unaddressed vulnerabilities can lead to severe security breaches. Users should ensure they update their systems to the latest versions to protect against possible exploits. Regular updates and patches are essential in maintaining cybersecurity hygiene.

Dec 11, 2025

Copilot's No-Code AI Agents Liable to Leak Company Data

darkreading

Microsoft's new Copilot feature allows non-technical users to create AI agents without coding skills. While this democratizes access to AI, it raises significant concerns about data security. The capability for users to create these agents could inadvertently lead to the exposure of sensitive company data. Researchers warn that without proper safeguards, these no-code tools may become a vector for data leaks, putting organizations at risk. Companies will need to implement strict guidelines and monitoring to prevent misuse and protect their information.

Dec 11, 2025