Google has released an important update for Chrome, patching one actively exploited zero-day and two other security flaws

Google has released an update for the Chrome browser to patch an actively exploited flaw.

The update brings the Stable channel to versions 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the “**more menu**” (three stacked dots) **\>**  **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from the vulnerability.

_The About Chrome menu while updating_

This update is crucial since it addresses an actively exploited vulnerability which could allow an attacker to exploit a specially crafted HTML page (website).

**Technical details**

The vulnerability tracked as CVE-2025-5419 is an out-of-bounds read and write in Google Chrome’s “V8,” which is the engine that Google developed for processing JavaScript. Prior to Google Chrome version 137.0.7151.68, this vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

V8 has been a significant source of security problems in the past.

An out-of-bounds read and write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.

Google knows that attackers currently exploit CVE-2025-5419 in the wild, but released no details yet on who exploits the flaw, how they do it in real-world attacks, or who the targets are in those attacks. However, the Google Threat Analysis Group (TAG) team, which discovered the exploit, focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

This Chrome update also patches a medium-severity, use-after-free flaw (CVE-2025-5068) in the open-source rendering engine Blink and one internally discovered vulnerability.

**We don’t just report on** **browser vulnerabilities**. Malwarebytes’ Browser Guard protects your browser against malicious websites and credit card skimmers, blocks unwanted ads, and warns you about relevant data breaches and scams.

 Google fixes another actively exploited vulnerability in Chrome, so update now! 

Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.

Beware of Device Code Phishing

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.
According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.
"Chaos RAT is an open-source RAT written in

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications.
Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks

Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era

Today, your internet presence is much more than just a website or social media profile, it’s like your…

Today, your internet presence is much more than just a website or social media profile, it’s like your business card, reputation and main medium of staying connected. However, with this visibility comes genuine danger. Do you know what’s one of the most troublesome threats hiding out there? DDoS attacks! If you have not heard this term before, no need to worry. Let’s simplify it and understand how to protect your online space from it.

****DDoS: What it Means****

DDoS is short for Distributed Denial of Service. It may sound complicated, but basically, it means overwhelming a server or website with excessive fake traffic until it falls apart. Imagine a coffee shop where suddenly many people arrive at the same time, not to buy anything, just to block the space. In this situation, real customers are unable to enter and the business comes to a halt. This is primarily what occurs during a DDoS attack – it’s bots that cause this blockage.

Usually, these kinds of attacks are started by using networks of computers that have been taken over – many times they belong to people who don’t even know. This is what is meant by “distributed”. When it starts, your website could either become very slow or completely unavailable.

****Why You Should Care (Even If You’re a Small Business)****

At this point, it’s normal to think, “I don’t have a major brand, just a small business” or “I just run a personal blog.” DDoS attacks can also be used against much smaller businesses. Smaller sites are targeted quite often because attackers believe their security is not as strong. Truth is, when your website goes down, even briefly, it affects your reputation, and your budget and makes your customers or users unhappy.

In addition, a DDoS attack can stop your service or online store from operating. People can’t order or get answers which causes them to doubt the business. It can be very irritating, but it can also be truly harmful.

****Start with Strong Hosting****

A solid first action is to select a reliable hosting provider. Hosting providers are not all the same and some are better prepared to handle DDoS attacks than others. Find hosting providers that guarantee or promote DDoS protection through their services. This is because they have effective steps to prevent and handle an attack early on.

Don’t hesitate and ask your hosting provider which security measures they have for your website. If their responses are unclear or they treat security lightly, this is a warning sign. You should choose a provider that handles the back-end work and protects your site from malicious users at the same time.

****Get a CDN Working for You****

For even better performance, allow your website to tap into a CDN. A Content Delivery Network uses multiple servers worldwide to distribute the activities involved in content delivery. Therefore, all the requests are not delivered to your main server at the same time. If there is a DDoS attack, the distribution system can save you.

****Firewalls and Rate Limiting****

Firewalls act like filters, they inspect incoming traffic and stop suspicious things before reaching your main systems. Web Application Firewalls (WAFs) are specially designed to block the kind of unwanted traffic that DDoS attacks cause.

Next, we have rate limiting – this is a background function that restricts how frequently someone can interact with your site. If something is making constant requests to your server, it will be flagged or stopped.

****Keep an Eye on What’s Happening****

A lot of damage from DDoS attacks happens because people don’t notice it early enough. So, make sure to monitor your site’s traffic. Sudden increases, constant hits to one page or visits from strange places can all suggest concerns. 

Many tools exist today that make website monitoring easy. Some of these are included in hosting plans, while others can be added by you manually. You don’t need advanced coding skills – just some understanding of this domain is quite helpful.

****Have a Contingency Plan****

Regardless of how strong your security is, things can still go wrong. So it’s smart to have a plan in case you do get hit. Be aware of who you should reach out to when problems occur – this could be your host, a protective service or someone experienced in such matters.

Maintain updated backups and ensure you are familiar with quick restoration. Additionally, inform your users about the ongoing situations. Clear communication can go a long way in keeping trust intact during tough times.

****Call in the Pros if You Need to****

Feeling overwhelmed? Managed security services exist for a reason. These individuals are experts in detecting threats and reacting quickly, so you don’t need to be on guard all the time.

Yes, it costs money. However, if your business relies on your online presence, the expense may be worthwhile simply for the reassurance. Think of it as employing a security guard for the night shift at your virtual store.

****Keep Everything up to Date****

This may seem like the basics of cybersecurity, but it’s important to keep your devices updated. Old plugins, CMS versions or themes can be great opportunities for hackers. Fix those gaps before anyone else discovers them.

Nevertheless, DDoS attacks are very serious, but they’re not impossible to defeat. By using intelligent strategies such as improving hosting services, CDNs, traffic filters and constant monitoring you can significantly reduce your risk.

(Image by Free stock photos from www.rupixen.com from Pixabay)

How to Protect Your Online Presence from Devastating DDoS Attacks

What comes to your mind when you think of Photoshop? A tool for editing and retouching photos –…

What comes to your mind when you think of Photoshop? A tool for editing and retouching photos – that’s what most of us would say. But Adobe Photoshop is more than that. 90% of professional designers, photographers, web developers, and retouchers use Photoshop for its versatile image editing features and seamless integration capabilities with Adobe software. Let’s review the top reasons why professionals globally prefer Adobe Photoshop.

****Why Adobe Photoshop?****

*   **Vast Collection of Templates:** Adobe Photoshop templates cover a wide range of customizable flyers, brochures, banners, logos, social media posts, and more, helping you tap into visual creativity with cutting-edge designs.
*   **Stunning Visuals:** Adobe Photoshop provides unique tools and features for manipulating images, and creating graphics, digital paintings, illustrations, and other art formats.
*   **Flawless Editing:** Professionals use Photoshop to fine-tune images, remove blemishes, retouch images, and adjust colors and lighting to enhance the overall quality. 
*   **Versatility:** Whether you want to create visuals for your social media account or various marketing channels, Photoshop is the go-to solution for professionals’ design needs.

****When to Use Photoshop?****

Let’s say you want to edit your remote work portfolio that you created with AI-generated content samples, adjust the photo composition, and fix the lighting. What do you do? Simple! You Photoshop! Adobe Photoshop is a widely preferred editing application for everything that needs editing and retouching, from correcting the lighting of a photo to cropping, combining, and layering images, and creating collages.

You can do a lot with Photoshop. Unlike vector images, Photoshop images are raster graphics or pixel-based. Their colors and shadings are more detailed and can handle detailed textures and precise editing.

****Key Photoshop Skills You Need to Master****

*   **Brushes:** You can create different textures and strokes and manipulate different brushes for designing.
*   **Brightness and Contrast:** The tools help to manipulate the lightness and darkness of hues and increase the focus on the subject.
*   **Layers**: Layers create a logical hierarchy and organize your work by creating separate parts for shapes, images, and text for improved visibility.
*   **Cropping**: This feature allows you to remove unwanted elements from the background and increase the focus on the design’s main subject.
*   **Selection Tools**: These enable you to work on a specific design section. The marquee tool helps to select areas with straight edges and curves, while the lasso tool allows free-form selections.
*   **Blending Modes**: Nearly 30 blending modes are available for modifying the key aspects of an image, such as brightness or contrast, saturation, and opacity. 
*   **Saturation**: A fundamental tool for adjusting the hues in an image, either in a particular section or throughout. 
*   **Transform Tools**: This tool offers features like scale, distort, skew, perspective, rotate, and warp to alter an image or balance the effects on a design. 
*   **Masking**: With masking, you can isolate sections of an image using the brush or selection tool without disturbing the original image. 
*   **Sharpening and Healing Brush**: Sharpening helps define the edges and lines for improved clarity, whereas the healing brush removes minor details from an image and replicates them in another region.
*   **Pen Tool**: Offers standard, free-form, and curvature formats for creating different shapes and lines
*   **Curves**: An advanced feature used for modifying colors and tones and manipulating the highlights and shadows 
*   **Histogram**: This helps assess the tones, adjust the contrast and brightness levels, and enhance the highlights, exposure, composition, and shadows.

****Improve Your Photoshop Skills With Expert-Recommended Tips** **

1.  Photoshop is a complicated tool with multiple intricate features and functionalities. Practice regularly to improve your efficiency and gain confidence in the tool.
2.  Experiment with each tool in Photoshop to understand its mechanism. Recreate different art pieces using various effects to polish your design and editing skills. 
3.  Follow step-by-step guides by industry specialists to comprehend how different tools, techniques, or effects work in Photoshop. 
4.  Join online groups and participate in professional workshops to stay updated about the latest trends, premium elements, advanced techniques, and hacks. Use these groups to build your network and collaborate on different projects to develop new skills.

(Image by Hitesh Choudhary from Pixabay)

Photoshop for Beginners – Overview of Top Skills and How to Hone Them

President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear.

During A Press conference in the Oval Office late last month, US President Donald Trump doubled down on his plan to build a massive new missile defense system, largely based in space, he is calling the “Golden Dome.” In recent weeks, defense companies have begun vying for anticipated government contracts tied to the project, and three firms with deep connections to the White House—SpaceX, Palantir, and Anduril—have been named as purported front-runners.

Trump ordered plans to be drawn up for the Golden Dome within days of returning to office in January, and he said in May that it would be operational by the end of his term in January 2029. But behind the scenes over the past few months, competing defense companies and industry experts have told WIRED the future of the project isn’t certain.

They say it’s unclear whether the missile shield could be constructed in space the way Trump wants and how many contracts will ultimately be awarded. Trump recently claimed that he had selected a $175 billion design for the shield, but some experts expect the cost to be far greater, and they question how it will be paid for.

Although it has been compared to Israel’s Iron Dome missile defense system, some sources noted that a project of the Golden Dome’s size and scope has never been built before. “The Manhattan Project element of this is just simply the scale,” says John Clark, senior vice president of technology and strategic innovation at Lockheed Martin. “The technologies exist. The integration strategies we've demonstrated, they are available. It's really, how do you scale this?"

Trump said on May 20 that he had chosen Space Force general Michael Guetlein as a “lead program manager” for the Golden Dome. But Clark says that a number of different branches of the US military and federal government have been “providing feedback and insight” as part of the planning process, including a specialized group inside the Department of Defense called the Missile Defense Agency, as well as the Space Force, Space Development Agency, the Army, the Navy, and the Air Force. It’s unclear how many of them will ultimately remain involved.

“What I am seeing and hearing in our conversations is that each agency is still trying to understand where they fit into this really broad mission and architecture,” says Susanne Hake, general manager of US government business at the geospatial intelligence firm Maxar.

Mark Montgomery, executive director of the Cyberspace Solarium Commission, a government body that advises US policymakers on cyber- and space-based threats, believes that SpaceX is almost certainly going to play a major role in the initiative because of its existing dominance in the commercial space launch sector.

“The only thing I'd say is consistent, and almost definitely true, is SpaceX is going to be part of the launch cycle,” says Montgomery, who says it “would be criminal” to pick winners and losers this early in the process.

In mid-April, CEO Elon Musk said publicly that SpaceX “has not tried to bid for any contract” tied to the Golden Dome project. (It’s not possible at this stage for firms to make formal bids.) He added that he hopes “other companies” can work on it instead.

Musk did not respond to a request for comment asking what role he may have played in SpaceX’s work related to the Golden Dome.

Clark says that Lockheed Martin is having early-stage conversations with SpaceX, Palantir, and Anduril, as well as many other companies that it could eventually enter into partnerships with to work on the Golden Dome. “Candidly, I think it's a little premature to lock in on a team when you don't know exactly what the requirements are,” he tells WIRED.

Hake says that Maxar is also in early talks with other firms. She argues that Maxar’s products—such as imaging technology that can detect objects in low Earth orbit—are “pretty differentiated” from anything that SpaceX, Palantir, or Anduril have, meaning Maxar wouldn’t be in direct competition with them.

Clark says that Lockheed Martin has proposed an approach for the Golden Dome that involves building out the existing US missile defense system regionally, then nationally. The current system already includes many components from Lockheed Martin, including land- and sea-based antimissile systems, as well as a long-range radar for detecting missiles.

“Right now, that system has been attributed to ensuring, you know, zero US fatalities,” Clark says.

Anduril declined to comment. The US Department of Defense, SpaceX, and Palantir did not respond to requests for comment from WIRED.

**Why Upgrade?**

When Trump initially demanded the creation of a “next-generation” missile defense system in January, he referred to the project as the "Iron Dome Missile Defense Shield." It was later rebranded as a “Golden Dome for America,” according to a request for information published in April by the Missile Defense Agency.

An earlier February notice asked private companies to detail technological capabilities they possess that could help make the Golden Dome happen, including artificial intelligence and building space-based missile interceptors. It also outlined a laundry list of bells and whistles the Trump administration wants the shield to have, such as space-based sensors (for defending against hypersonic and ballistic missiles), a large satellite system for encrypted communications across the US military, and new weapons for striking down missiles both before and after they launch.

The existing system the US uses to protect itself from missiles and nuclear warheads relies on a constellation of radar sensors and launchpads equipped with antimissile ballistics stationed on US Navy ships and military vehicles around the world. It has the capability to detect when other countries launch missiles, track their paths, and intercept the weapons without detonating them. But many experts worry it’s woefully inadequate and can’t fully protect the US from the nation’s most pressing national security threats.

“We just kind of wished away the problem,” says Montgomery.

While the US military has spent lavishly on missile defense over the past few decades, it has “little to show” for it, argues a recently revised report published by the Panel on Public Affairs of the American Physical Society, a nonprofit that researches physics and other scientific issues.

The authors, who noted that US funding for missile defense typically only increases in response to things like “presidential advocacy,” concluded that America’s current system couldn’t reliably take down missiles and warheads from North Korea, let alone attacks from more sophisticated actors.

Montgomery tells WIRED that the US should be particularly concerned about advanced long-range ballistic and hypersonic missiles from China, Russia, and Iran.

**Going to Space**

Laura Grego, a senior research director at the Union of Concerned Scientists and a coauthor of the report, says she gets why the Trump administration wants the ability to launch missile interceptors from space.

Interceptors launched from land sites may have to travel hundreds of miles horizontally, while an interceptor in space needs to travel only a short distance to reach a missile and stop it in its tracks. “Most people's intuition is that space is far away,” Grego says. “But in this case, space is close. Space is about as close as you can get.”

Grego adds that the idea of building a futuristic antimissile system in the sky has preoccupied American leaders on and off for decades. President Ronald Reagan proposed a similar plan in the early 1980s nicknamed the “Star Wars” program by critics, which consisted of a space-based laser system to shoot down ballistics. While the kinds of technologies Reagan proposed using weren’t feasible at the time, they are now, Grego says.

Montgomery says that the US government will likely need to choose between building a new space-based system or building up its land-based system, because it would simply be too expensive to do both. “If you go down that second path of legacy systems now, you'll inevitably come up short on your space-based funding later,” he says.

But Grego says she believes that a space-based missile interceptor system would be highly vulnerable and impractical, because it requires using missile interceptors carried aboard satellites. Since the satellites would be constantly moving relative to the Earth's surface, the US would need an astronomical amount of interceptors to offer full protection.

Grego says that it only works when it's totally complete. “If you're able to pick apart that constellation and punch holes in it by using anti-satellite weapons or other types of attacks to the system, that whole thing basically becomes useless,” she explains.

Grego adds that a space-based interceptor system would likely cost trillions of dollars between building, launching, and replacing the interceptors—even considering the fact that new technology developed by SpaceX has helped push down the cost of satellite launches considerably in recent years. Satellites circling the earth in low Earth orbit also fall into the atmosphere and burn up after about three to five years, meaning components will need to be replaced regularly.

Trump dismissed concerns about how much the system will cost when asked about it by reporters last month. “We took in $5.1 trillion in the last four days in the Middle East, and when you think about it, this is a tiny fraction of that,” he said. (Prior reports pegged the deals to be worth more than $1 trillion, though the final amount remains unclear, and none of the deals are explicitly related to the Golden Dome.)

Montgomery says that cost isn’t necessarily a reason to rule out a space-based missile defense system entirely. “I’d spend as little as possible on legacy ground-based interceptors, because I think there's limited return in them over time,” he says. “They're expensive, and they're configured for yesterday's threat, and maybe today's threat, but probably not tomorrow's threat.”

The greatest danger of any version of the Golden Dome, Grego says, is that it could spark an arms race. Russia and China will likely view the missile defense system as a threat, because if the US becomes effectively immune to missile attacks, those countries fear American forces could act without fear of retaliation.

To counter this, Grego says, Russia and China may respond by building more offensive missiles to overwhelm or bypass American defenses, ultimately fueling an “unstable” cycle of escalation. “If your adversary builds up defenses so that they're immune, they're no longer vulnerable to you, then you have to do something,” she says.

When asked about concerns about the risk of an arms race at a press conference in May, Trump simply said, “Well, they’re wrong,” adding that the Golden Dome will be “about as close to perfect as you can have.”

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.
The findings come from multiple reports published by Checkmarx,

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.

Imagine you meet someone new. Be it on a dating app or social media, you chance across each other online and get to talking. They’re genuine and relatable, so you quickly take it out of the DMs to a platform like Telegram or WhatsApp. You exchange photos and even video call each over. You start to get comfortable. Then, suddenly, they bring up money.

They need you to cover the cost of their Wi-Fi access, maybe. Or they’re trying out this new cryptocurrency. You should really get in on it early! And then, only after it’s too late, you realize that the person you were talking to was in fact not real at all.

They were a real-time AI-generated deepfake hiding the face of someone running a scam.

This scenario might sound too dystopian or science-fictional to be true, but it has happened to countless people already. With the spike in the capabilities of generative AI over the past few years, scammers can now create realistic fake faces and voices to mask their own in real time. And experts warn that those deepfakes can supercharge a dizzying variety of online scams, from romance to employment to tax fraud.

David Maimon, the head of fraud insights at identity verification firm SentiLink and a professor of criminology at Georgia State University, has been tracking the evolution of AI romance scams and other kinds of AI fraud for the past six years. “We’re seeing a dramatic increase in the volume of deepfakes, especially in comparison to 2023 and 2024,” Maimon says.

“It wasn’t a whole lot. We’re talking about maybe four or five a month,” he says. “Now, we’re seeing hundreds of these on a monthly basis across the board, which is mind-boggling.”

Deepfakes are already being used in a variety of online scams. One finance worker in Hong Kong, for example, paid $25 million to a scammer posing as the company’s chief financial officer in a deepfaked video call. Some deepfake scammers have even posted instructional videos on YouTube, which have a disclaimer as being for “pranks and educational purposes only.” Those videos usually open with a romance scam call, where an AI-generated handsome young man is talking to an older woman.

More traditional deepfakes—such as a pre-rendered video of a celebrity or politician, rather than a live fake—have also become more prevalent. Last year, a retiree in New Zealand lost around $133,000 to a cryptocurrency investment scam after seeing a Facebook advertisement featuring a deepfake of the country’s prime minister encouraging people to buy in.

Maimon says SentiLink has started to see deepfakes used to create bank accounts in order to lease an apartment or engage in tax refund fraud. He says an increasing number of companies have also seen deepfakes in video job interviews.

“ Anything that requires folks to be online and which supports the opportunity of swapping faces with someone—that will be available and open for fraud to take advantage of,” Maimon says.

Part of the reason for this increase is that the barriers for creating deepfakes are getting lower. There are a lot of easily accessible AI tools that can generate realistic faces and a lot of tools that can animate those faces or create full-length videos out of them. Scammers often use images and videos of real people, deepfaked to slightly change their faces or alter what they’re saying, to target their loved ones or hijack their public influence.

Matt Groh, a professor of management at Northwestern University who researches people’s ability to detect deepfakes, says that point-and-click generative AI tools make it much easier to make small, believable changes to already-existing media.

“If there’s an image of you on the internet, that would be enough to manipulate a face to look like it’s saying something that you haven’t said before or doing something you haven’t done before,” Groh says.

It’s not just fake video that you need to be worried about. With a few clips of audio, it’s also possible to make a believable copy of somebody’s voice. One study in 2023 found that humans failed to detect deepfake audio over a quarter of the time.

“ Just a single image and five seconds of audio online mean that it’s definitely possible for a scammer to make some kind of realistic deepfake of you,” Groh says.

Deepfakes are becoming more pervasive in contexts other than outright scams. Social media has been flooded over the past year with AI-generated “influencers” stealing content from adult creators by deepfaking new faces onto their bodies and monetizing the resulting videos. Deepfakes have even bled over into geopolitics, like when the mayors of multiple European capital cities held video calls with a fake version of the mayor of Kyiv, Ukraine. People have started using deepfakes for personal reasons, like bringing back a dead relative or creating an avatar of a victim to testify in court.

So, if deepfakes are everywhere, how do you spot one? The answer is not technology. A number of technology companies, including OpenAI, have launched deepfake detection tools. Researchers have also proposed mechanisms to detect deepfakes based on things like light reflected in a person’s eyes or inconsistent facial movements, and have started investigating how to implement them in real time.

But those models often cannot reliably detect different kinds of AI fakes. OpenAI’s model, for example, is specifically designed only to report content generated with the company’s own Dall-E 3 tool but not other image generation models.

There’s also the risk that scammers can abuse AI detectors by repeatedly tweaking their content until it fools the software.

“ The major thing we have to understand is that the technology we have right now is not good enough to detect those deepfakes,” Maimon says. “ We’re still very much behind.”

For now, as video deepfakes get more popular, the best way to detect one relies on humans. Studies on deepfake detection show that people are best at distinguishing whether videos are real or fake, as opposed to just audio or text content, and are in some cases even better than leading detection models.

Groh’s team conducted one study which found that taking more time to determine whether an image was real or fake led to a significant increase in accuracy, by up to eight percentage points for just 10 seconds of viewing time.

“ This sounds almost so simple,” Groh says. “But if you spend just a couple extra seconds, that leads to way higher rates of being able to distinguish an image as real or fake. One of the ways for any regular person to just be a little bit less susceptible to a scam is to ask, ‘Does this look actually real?’ And if you just do that for a few extra seconds, we’re all going to be a little bit better off.”

Deepfakes’ popularity could be a double-edged sword for scammers, Groh says. The more widespread they are, the more people will be familiar with them and know what to look for.

That familiarity has paid off in some cases. Last summer, a Ferrari executive received a call from someone claiming to be the CEO of the company. The person convincingly emulated the CEO’s voice but abruptly hung up the call when the executive tried to verify their identity by asking what book the CEO had recommended just days earlier. The CEO of WPP, the world’s biggest advertising agency, was also unsuccessfully targeted by a similar deepfake scam.

“I think there’s a balancing act going on,” Groh says. “ We definitely have technology today that is generally hard for people to identify. But at the same time, once you know that there’s a point-and-click tool that allows you to transform one element into something else, everyone becomes a lot more skeptical.”

Latest News