VulnHub

Real-time Cybersecurity News

FBI Warns of Fake Video Scams

Schneier on Security
Actively Exploited
Vulnerability

Overview

The FBI has issued a warning about a new scam involving fake kidnapping threats that utilize AI-generated images. Scammers contact victims via text, claiming to have abducted a loved one and demanding ransom for their release. To make their threats more convincing, they often send images or videos of the supposed victim, which may look real at first glance but often contain discrepancies, such as missing tattoos or wrong body proportions. These criminals may use timed messages to pressure victims into paying quickly, reducing the chance for them to scrutinize the evidence. This type of scam not only preys on the emotional vulnerability of individuals but also highlights the growing misuse of technology in criminal activities, making it essential for people to stay vigilant and verify claims before taking action.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Victims should verify claims independently, remain cautious of unsolicited messages, and seek assistance from law enforcement if they receive such threats.
  • Timeline: Newly disclosed

Original Article Summary

The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim’s loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one. Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions. Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images...

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Victims should verify claims independently, remain cautious of unsolicited messages, and seek assistance from law enforcement if they receive such threats.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

New Mirai campaign exploits RCE flaw in EoL D-Link routers

BleepingComputer

A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.

Apr 22, 2026

DDoS wave continues as Mastodon hit after Bluesky incident

Security Affairs

Mastodon experienced a significant DDoS attack shortly after Bluesky faced a similar disruption. Both platforms, which serve as decentralized social networking sites, were temporarily knocked offline due to these attacks. Mastodon managed to restore its services within a few hours, but the timing of these incidents raises concerns about the security of emerging social media platforms. DDoS attacks can severely impact user experience and trust, making it crucial for these services to enhance their defenses against such threats. Users and developers alike should remain vigilant as these incidents highlight the ongoing challenges in securing online communication tools.

Apr 22, 2026

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

The Hacker News

Researchers have discovered that malicious Docker images were uploaded to the official 'checkmarx/kics' repository on Docker Hub. Unknown attackers managed to overwrite existing tags such as v2.1.20 and alpine, and they also created a new tag, v2.1.21, which does not match any legitimate release. This poses a significant risk to users who may unknowingly download these compromised images, potentially exposing their systems to vulnerabilities. Companies relying on these Docker images for software development or deployment should take immediate action to ensure their environments are secure. This incident highlights the ongoing challenges in securing software supply chains against malicious actors.

Apr 22, 2026

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

Security Affairs

The Mirai botnet is exploiting a newly discovered vulnerability in older D-Link routers, identified as CVE-2025-29635. This command injection flaw allows attackers to execute arbitrary commands through specially crafted POST requests. The vulnerability is particularly concerning because it affects discontinued models that many users may still have in operation. With the public disclosure of a proof-of-concept (PoC) exploit, the risk of widespread attacks increases, putting users who have not updated their devices at significant risk. It's crucial for affected users to take immediate action to secure their routers to prevent unauthorized access.

Apr 22, 2026

The Supreme Court is about to decide how far geofence warrants can go

CyberScoop

The Supreme Court is set to rule on a significant legal case, Chatrie v. United States, which questions the legality of geofence warrants. Specifically, the court will address whether a single warrant can authorize a broad sweep of location data from many individuals in a given area. This case is crucial because it challenges the interpretation of 'probable cause' when law enforcement seeks to access location information from potentially everyone nearby. The outcome could have far-reaching implications for privacy rights and law enforcement practices, particularly in how they gather evidence during investigations. The decision may redefine the balance between public safety and individual privacy, impacting how similar cases are handled in the future.

Apr 22, 2026

The LiteLLM attack was a warning shot for Agentic AI supply chains

SCM feed for Latest

The LiteLLM attack serves as a significant warning for companies relying on Agentic AI supply chains. Researchers observed that this incident exposed vulnerabilities in how these AI systems are integrated and managed, suggesting that existing security measures are insufficient. As attackers increasingly target AI frameworks, organizations need to rethink their security strategies and adopt a more proactive approach to safeguard their data and resources. This incident is a wake-up call, urging teams to prioritize security in their AI operations to prevent potential breaches that could lead to severe consequences. The ramifications of this attack could affect various sectors, especially those heavily invested in AI technologies.

Apr 22, 2026