){kind=icon}
Discover the latest online threats and cyber security updates impacting global businesses and consumers, informed by F‑Secure threat intelligence experts.
Overview
In this month’s F-Alert, we spotlight F-Secure’s human-centered research at DEF CON and Black Hat USA, where Amel Bourdoucen shared insights into how passwordless authentication can unintentionally exclude users.
We also cover how new age-verification laws are driving a surge in VPN downloads—and related malware risks—across half of US states, along with the FBI’s warning on the BadBox 2.0 botnet. Together, these cases show how policy shifts and supply chain weaknesses are reshaping today’s threat landscape.
Finally, we examine the rise of ‘vibe hacking’ and two fresh scam campaigns: a major Workday data breach tied to Salesforce exploitation and fake gaming sites flooding Discord with celebrity-backed lures.
F-Secure Spotlights Human-Centered Security Research
F-Secure cyber security researchers travelled to Las Vegas last month to present their latest human-centered findings at two of the world’s largest cyber security events: Black Hat USA 2025 and the DEF CON 33 hacking conference. Amel Bourdoucen, F-Secure User and Impact Researcher, explored how passwordless authentication—often seen as the future of login security—can unintentionally exclude some users.
VPN Use Surges as Age Verification Laws Expand
The Supreme Court has upheld a Texas law mandating age checks for online sexual content. In many states, adults must now verify their age before accessing pornographic websites—driving increased downloads of free and paid VPNs. F-Secure Threat Advisor Joel Latto explains how these new laws could inadvertently push some users toward malware.
The BadBox Botnet is a Bad Deal for US Consumers
The FBI has issued a warning about the BadBox 2.0 botnet, which has transformed over 1 million consumer devices into digital proxies for criminal operations. This incident reveals how low-cost Internet of Things (IoT) devices are being infected with malware before they even reach stores, essentially weaponizing the global supply chain. F-Secure Threat Intelligence Researcher Dr Megan Squire outlines what consumers can do to stay safe.
Is ‘Vibe Hacking’ the Next AI Threat to Watch?
The rise of AI-powered hacking—known as vibe hacking—is lowering the barrier for entry into cyber crime. But while LLMs and AI tools make hacking easier, they largely exploit already known vulnerabilities, meaning the current threat remains limited. Laura Kankaala, F-Secure’s Head of Threat Intelligence, examines how serious vibe hacking really is.
)
