At a glance.
- Romanian police arrest 13 suspects tied to UK's phishing investigation.
- Prompt injection flaw can force Google's Gemini to present phishing messages.
- Louis Vuitton UK discloses breach.
Romanian police arrest 13 suspects tied to UK's phishing investigation.
The UK's tax service, His Majesty’s Revenue and Customs (HMRC), assisted Romanian law enforcement in the arrest of thirteen 13 Romanian citizens accused of launching phishing attacks and stealing money from HMRC, SecurityWeek reports. HMRC said in a press release, "Thirteen people have been arrested in Romania on suspicion of making fraudulent tax repayment claims using personal data that was stolen in sophisticated phishing attacks. Criminal investigators from HM Revenue and Customs (HMRC) joined more than 100 Romanian police officers to arrest the men and women in the counties of Ilfov, Giurgiu, and Calarasi. A fourteenth man was arrested in another investigation in Preston. It’s suspected that organised criminal gangs have stolen data and used it to submit fraudulent PAYE claims, as well as VAT repayments and Child Benefit payments. The arrests are part of ongoing investigations linked to phishing attacks."
Prompt injection flaw can force Google's Gemini to present phishing messages.
BleepingComputer reports that a prompt injection attack can force Google's Gemini to write phishing messages in AI-generated email summaries. A researcher who disclosed the attack through Mozilla's 0DIN bug bounty program found that attackers can include invisible text in an email that instructs Gemini to prioritize including specific text in its summary. 0DIN explains, "When the recipient clicks 'Summarize this email,' Gemini faithfully obeys the hidden prompt and appends a phishing warning that looks as if it came from Google itself."
Louis Vuitton UK discloses breach.
Louis Vuitton has disclosed a cyberattack affecting its UK branch, Infosecurity Magazine reports. The attacker stole personal data belonging to the luxury retailer's UK customers, including names, contact details, and purchase history. The company says financial details were not affected.
Louis Vuitton said in its disclosure, "Given the nature of the data involved, we warmly recommend that you remain vigilant against any unsolicited communication or other suspicious correspondence, including emails, phone calls, or text messages. While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorized use of your information may occur."
