This will get you hacked: trusting AI deepfakes, pop-ups, fake security alerts, and evolving malware

Published: 23 January 2026
Last updated: 26 January 2026
security-reports
Image by Cybernews

While not everyone can be conned into thinking Aquaman has fallen in love with them via Facebook, our research round-up this week highlights just how convincing some of these scams can be, thanks to AI.

On the eve of its Davos conference, the World Economic Forum published its annual security report, warning that genAI is accelerating fraud and social engineering at scale.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us
ADVERTISEMENT

As well as half-human and half-Atlantean romance scams, researchers are warning that AI may also be compressing the time needed to build advanced malware, while JFrog’s Redis exploit work shows how infrastructure bugs can still enable high-impact takeovers once attackers get inside.

Phishers mimic Meta legal alerts to steal Facebook logins: Trellix

Facebook phishing is getting far more convincing, according to some January analysis by Mark Joseph Marti. The researcher details how Trellix observed a surge in Facebook credential-theft campaigns in late 2025, driven by the “Browser-in-the-Browser” (BitB) technique: fake login pop-ups rendered inside the victim’s browser tab that appear legitimate but steal usernames and passwords.

how-to-spot-a-facebook-phishing-scam-4
Fake facebook HTML code. Image via Trellix

Attacks often begin with polished emails posing as legal notices or Meta policy violations, pushing victims through shortened links and fake CAPTCHA pages designed to evade filters. BitB is especially dangerous because the pop-up can display a URL that appears to be a real Facebook URL, masking the underlying phishing page.

As Marti notes, the technique “exploits the public’s familiarity with login pop-up windows to steal user credentials.”

The Cybernews community is talking about this. Be a part of the conversation.

ADVERTISEMENT

Classic lures still dominate, including account suspension warnings, “unauthorized login” alerts, and urgent security checks, but infrastructure abuse is the big shift, Marti says.

Trellix warns that attackers are increasingly hosting phishing pages on trusted cloud platforms like Netlify and Vercel, and hiding destinations behind redirect services and URL shorteners.

AI-built malware VoidLink signals new cybercrime era

What if AI wasn’t just helping write malware code, but creating entire advanced malware frameworks on its own within days? While certain quarters of the cyber industry have been accused of overplaying AI’s role in malware and cyberattacks, security firm Check Point Research claims this isn’t hypothetical anymore in its latest investigation, published this week.

The security firm describes “VoidLink,” a sophisticated Linux- and cloud-focused malware platform that it claims has been largely generated by AI. CPR makes this assumption based on unusual code structure, inconsistent design patterns, and language artifacts that don’t match typical human development.

VoidLink is the first evidence-based case that shows how dangerous AI can become in the hands of more capable malware developers

Check Point Research

CPR identified VoidLink after spotting a small cluster of previously unseen Linux samples in December 2025, including debug symbols and other development traces suggesting it was still being built rather than actively deployed.

voidlink-malware-linux
VoidLink: Check Point says it can creating entire advanced malware frameworks on its own within days. Image by Cybernews.

Researchers report that VoidLink uses a modular, plugin-based design and is tailored for modern infrastructure, including cloud and container environments. While it hasn’t been linked to active campaigns yet, CPR argues it’s an early warning that AI is compressing malware development from months into days.

JFrog leaps at Redis flaw that could allow server takeover

ADVERTISEMENT

Researchers at JFrog have highlighted a ‘serious’ flaw in Redis – a popular background tool used by many companies to make apps faster and more reliable. The flaw, tracked as CVE-2025, could, in some situations, let an attacker take control of a Redis server, the security company claims.

According to JFrog’s analysis, the bug is caused by a stack overflow: Redis mishandling unusually large inputs, writing more data into memory than it should, which can sometimes be exploited to crash the service or run malicious code.

Even if Redis isn’t exposed to the public internet, JFrog points out that it will still be affected if an attacker gains access to a company network through another system. The fix is to upgrade to Redis 8.3.2.

WEF: genAI fuels cyber fraud and impersonation

As the World Economic Forum kicked off in Davos this week, it released its Global Cybersecurity Outlook 2026, which argues that generative AI is no longer just a productivity tool – it’s increasingly an attack capability multiplier, driving a surge in cyber-enabled fraud and hacking activity across both consumer and enterprise targets.

The report warns that cyber-enabled fraud is now “one of the most pervasive global threats” and finds it has become mainstream: 73% of respondents said they or someone in their personal/professional network was affected by cyber-enabled fraud in 2025.

WEF Davos 2025
WEF report warns that cyber-enabled fraud has now become mainstream. Getty Images

The most frequently observed activity was phishing, vishing, and smishing (62%), followed by invoice/payment fraud (37%) and identity theft (32%).

The key shift is faster, cheaper, and more convincing social engineering at scale. WEF highlights how genAI is transforming cyber on both sides of the fight – strengthening defenses while also enabling “more sophisticated attacks.”

Interestingly, WEF notes that CEOs now rank fraud and phishing above ransomware as “a primary concern.”

ADVERTISEMENT

From Hollywood to fake CEOs: deepfakes drove 81% of AI fraud last year

Lastly, a piece of in-house research from the folks at Cybernews. Analysis of the AI Incident Database revealed to us that deepfakes were the most common AI-related incident type in 2025 and the driving force behind most AI-enabled fraud.

Jason-Momoa-medium
The real Jason Momoa. Shane Anthony Sinclair/Getty Images

The analysis found 179 deepfake incidents and 132 AI fraud cases recorded during the year. Of those fraud cases, 107 involved deepfakes, meaning 81% of AI fraud in 2025 used voice, video, or image impersonation.

Targets ranged from politicians and CEOs to private individuals, often in investment and financial scams where the realism and personalization of the deepfake made victims believe they were dealing with a trusted contact.

Reported cases show how attackers have no qualms in targeting vulnerable people, with victims ranging from a Florida woman who lost $15,000 after scammers used a deepfake of her daughter’s voice, to a British widow who lost £500,000 in a romance scam involving an impersonation of Hollywood actor Jason Momoa.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT