CySecurity News
cysecuritynews.bsky.social
CySecurity News
@cysecuritynews.bsky.social
87 followers 0 following 1.6K posts
CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. * https://www.cysecurity.news/
Posts Media Videos Starter Packs
The Rise of AI Agents and the Growing Need for Stronger Authorization Controls #aiagents #authorization #Cybersecurity
The Rise of AI Agents and the Growing Need for Stronger Authorization Controls
 AI agents are no longer confined to research labs—they’re now writing code, managing infrastructure, and approving transactions in real-world production. The appeal is speed and efficiency. The risk? Most organizations still use outdated, human-oriented permission systems that can’t safely control autonomous behavior. As AI transforms cybersecurity and enterprise operations, every leap in capability brings new vulnerabilities. Agentic AI proves this clearly—machines act faster than people, but they also fail faster. Traditional access controls were built for human rhythms. Users log in, complete tasks, and log off. But AI agents operate nonstop across multiple systems. That’s why Graham Neray, co-founder and CEO of Oso Security, calls authorization “the most important unsolved problem in software.” He adds, “Every company that builds software ends up reinventing authorization from scratch—and most do it badly. Now we’re layering AI on top of that foundation.” The problem isn’t intent—it’s infrastructure. Most companies still manage permissions through static roles and hard-coded logic, which barely worked for humans. An AI agent can make thousands of changes per second, and one misstep can cause massive damage before anyone intervenes. Pressure to prove ROI adds another layer of risk. Todd Thiemann, principal analyst at Omdia, explains, “Enterprise IT teams are under pressure to demonstrate a tangible ROI of their generative AI investments… Security generally, and identity security in particular, can fall by the wayside in the rush to get AI agents into production to show results.” It’s tempting to give agents the same permissions as their human users—but that’s exactly what creates exposure. Thiemann warns, “AI agents lack human judgment and contextual awareness, and that can lead to misuse or unintended escalation.” For example, an agent automating payroll should never be able to authorize transfers. “Such high-risk actions should require human approval and strong multi-factor authentication,” he adds. Neray believes the solution lies in designing firm, automated boundaries. “You can’t reason with an LLM about whether it should delete a file,” he says. “You have to design hard rules that prevent it from doing so.” That means building automated least privilege systems—granting only temporary, task-specific access. Oso Security is helping companies move authorization from hard-coded systems to modular, API-driven layers. “We spent a decade making authentication easier with Okta and Auth0. Authorization is the next frontier,” Neray says. As CISOs step in earlier to guide AI deployment, the goal isn’t to block innovation—but to make it sustainable. Limiting privileges, requiring human approval for critical actions, and maintaining audit trails are key. Thiemann sums it up: “Minimizing those privileges can minimize the potential blast radius of any mistake or incident.” AI doesn’t just change what’s possible—it redefines what’s safe. Machines don’t need more power; they need better permissions.
dlvr.it
5 Million Qantas Travellers’ Data Leaked on Dark Web After Global Ransomware Attack #DataBreach #Qantas #Qantasdarkwebleak
5 Million Qantas Travellers’ Data Leaked on Dark Web After Global Ransomware Attack
  Personal data of around five million Qantas passengers has surfaced on the dark web after the airline fell victim to a massive ransomware attack. The cybercriminal group, Scattered Lapsus$ Hunters, released the data publicly when their ransom demands went unmet. The hackers uploaded the stolen files on Saturday, tagging them as “leaked” and warning, “Don’t be the next headline, should have paid the ransom.” The compromised information reportedly includes email addresses, phone numbers, dates of birth, and frequent flyer membership details from Qantas’ customer records. However, the airline confirmed that no financial data, credit card details, or passport numbers were exposed in this breach. The cyberattack is part of a larger global campaign that has impacted 44 organisations worldwide, with up to a billion customer records potentially compromised. The infiltration occurred through a Salesforce database breach in June, extending from April 2024 to September 2025. Cyber intelligence expert Jeremy Kirk from Intel 471 said the attackers are a long-established criminal network with members operating across the US, UK, and Australia.He noted: “This particular group is not a new threat; they've been around for some time.”Kirk added: “They're very skilled in knowing how companies have connected different systems together.” Major global brands such as Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas were also affected by the same campaign. While Qantas customers’ financial data was not exposed, experts have warned that the leaked personal details could be exploited for identity theft and phishing scams.Kirk cautioned: “These days, a lot of threat groups are now generating personalised phishing emails.”He continued: “They're getting better and better at this, and these types of breaches help fuel that underground fraudster economy.” Qantas has since launched a 24/7 customer support line and provided specialist identity protection assistance to those affected. A company representative stated, “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers.” In July, Qantas secured a permanent court order from the NSW Supreme Court to block any unauthorised access, sharing, or publication of the stolen data. Salesforce, whose database was infiltrated, confirmed that it would not negotiate or pay ransom demands, stating: “We will not engage, negotiate with, or pay any extortion demand.” The company also clarified that its platform itself remained uncompromised and that it continues to work closely with affected clients. A Qantas spokesperson added: “With the help of specialist cyber security experts, we are investigating what data was part of the release.”They continued: “We have also put in place additional security measures, increased training across our teams, and strengthened system monitoring and detection since the incident occurred.”
dlvr.it
Tails OS: The Portable Operating System That Keeps You Completely Anonymous #anonymousbrowsing #EdwardSnowden #privacyoperatingsystem
Tails OS: The Portable Operating System That Keeps You Completely Anonymous
    Imagine carrying an entire operating system in your pocket—one that runs directly from a USB drive and leaves no trace once unplugged. Whether you’re connecting to public Wi-Fi or handling sensitive work, Tails OS transforms any computer into a secure, private workspace in minutes. Tails is built to safeguard your identity, shielding you from tracking, surveillance, and censorship. Even if you’re not Edward Snowden, it’s an ideal tool for anyone using shared computers at cafés, libraries, or coworking spaces. Best of all, it’s beginner-friendly and quick to set up. What is Tails OS? Tails—short for The Amnesic Incognito Live System—is a free, open-source operating system based on Debian Linux. It runs entirely from a USB stick, and once you power off and remove it, no digital footprint or trace of your activity is left on the computer. The OS gained global recognition after Edward Snowden reportedly used it to securely communicate with journalists while revealing the NSA’s surveillance operations. Today, it remains a trusted choice for journalists, activists, and privacy-conscious users worldwide. Unlike traditional systems such as Windows, macOS, or lightweight Linux variants, Tails automatically routes all network traffic through the Tor network, ensuring anonymity, blocking trackers, and bypassing restrictions. It comes preloaded with privacy-focused apps like Tor Browser (with uBlock Origin), Thunderbird for encrypted emails, KeePassXC for secure password storage, and OnionShare for anonymous file transfers.Tails also includes essential tools like LibreOffice, Inkscape, and Audacity, offering a familiar GNOME desktop experience without compromising privacy. Installing Tails OS Setting up Tails is straightforward. You’ll need a USB stick with at least 8GB capacity. Visit the official Tails website to download the OS image, then follow platform-specific guides for Windows, macOS, or Linux. Use Rufus (available from its official site) to create a bootable USB—simply select the Tails image, choose your drive, and hit Start. The process takes about 10 minutes. Avoid using multi-boot tools like Ventoy for security reasons. Tails developers recommend dedicating a single USB exclusively to Tails for maximum protection. Using Tails OS To launch Tails, insert the USB and boot your computer from it—press Esc on Windows or hold Option on macOS during startup to select your USB drive. Once connected to Wi-Fi, all online activity automatically goes through Tor, concealing your location and IP address. While the system can feel slower than typical OSs (since everything runs in RAM), it ensures total privacy. By default, Tails doesn’t save any files or settings after shutdown. However, you can enable persistent storage, which creates an encrypted space on your USB for safely saving documents, bookmarks, or custom configurations between sessions. The Limitations of Tails Tails isn’t built for everyday computing. It sacrifices convenience for safety—so you can’t install common Windows apps or games, and its app library is limited by design. Moreover, while all internet traffic is anonymized through Tor, observers can still detect that you’re using Tor itself, which might raise suspicion in restrictive regions. Users must also take care when sharing files, as embedded metadata in documents or photos can inadvertently reveal personal details. Although Tails includes uBlock Origin in its Tor Browser for ad blocking, this feature slightly differentiates Tails users from standard Tor Browser traffic—a minor but noteworthy privacy trade-off. Tails OS stands out as one of the most effective tools for staying private online. It’s lightweight, secure, and simple enough for beginners to use without technical expertise. The system is best suited for moments when privacy truly matters—like conducting sensitive research or protecting sources. While it won’t replace your everyday operating system, Tails gives you the freedom to go off-grid whenever you need, keeping your digital identity safe from prying eyes.
dlvr.it
Noosa Council Hit by $2.3 Million AI Fraud: Mayor Calls It “Unprecedented” Cyber Attack #AIscamAustralia #CyberFraud #DeepfakeFraud
Noosa Council Hit by $2.3 Million AI Fraud: Mayor Calls It “Unprecedented” Cyber Attack
  Noosa Council in Queensland has disclosed that it fell victim to an advanced cyber fraud in December 2024, resulting in $2.3 million being transferred overseas through deceptive means. According to Mayor Frank Wilkie, the perpetrators leveraged AI-based imitation tools to convincingly mimic council executives, tricking staff into approving the unauthorized transactions. Roughly $400,000 of the stolen amount has been recovered so far, leaving a loss of around $1.9 million. The council has emphasized that no employees are being held responsible and assured residents that ratepayer information and operational systems remain secure. Statements from the Mayor and CEOMayor Wilkie described the incident as “unprecedented,” warning of the increasing sophistication of technology-enabled crime: “It enables skilled fraudsters to imitate personalities and individuals to a very high degree.” Council CEO Larry Sengstock confirmed that while investigations are ongoing, external forensic IT specialists have found no evidence of a system breach or compromise of public data. Sengstock also explained that the council’s delay in making the matter public was due to restrictions imposed by law enforcement. Cybersecurity analysts believe the criminals may have used AI-driven tactics—such as deepfake videos, voice cloning, or impersonation through emails and calls—to deceive staff. Dr. Dennis Desmond, a former FBI investigator, suggested that publicly available data might have been collected to craft realistic impersonations of senior officials. These scams often exploit human trust rather than system vulnerabilities, manipulating employees into approving large transfers under false pretenses.
dlvr.it
Amazon resolves major AWS outage that disrupted apps, websites, and banks globally #Amazon #AWS #DNS
Amazon resolves major AWS outage that disrupted apps, websites, and banks globally
  A widespread disruption at Amazon Web Services (AWS) on Monday caused several high-profile apps, websites, and banking platforms to go offline for hours before the issue was finally resolved later in the night. The outage, which affected one of Amazon’s main cloud regions in the United States, drew attention to how heavily the global digital infrastructure depends on a few large cloud service providers. According to Amazon’s official update, the problem stemmed from a technical fault in its Domain Name System (DNS) — a core internet function that translates website names into numerical addresses that computers can read. When the DNS experiences interruptions, browsers and applications lose their ability to locate and connect with servers, causing widespread loading failures. The company confirmed the issue affected its DynamoDB API endpoint in the US-EAST-1 region, one of its busiest hubs. The first reports of disruptions appeared around 7:00 a.m. BST on Monday, when users began facing difficulties accessing multiple platforms. As the issue spread, users of services such as Snapchat, Fortnite, and Duolingo were unable to log in or perform basic functions. Several banking websites, including Lloyds and Halifax, also reported temporary connectivity problems. The outage quickly escalated to a global scale. According to the monitoring website Downdetector, more than 11 million user complaints were recorded throughout the day, an unprecedented figure that reflected the magnitude of the disruption. Early in the incident, Downdetector noted over four million reports from more than 500 affected platforms within just a few hours, which was more than double its usual weekday average. AWS engineers worked through the day to isolate the source of the issue and restore affected systems. To stabilize its network, Amazon temporarily limited some internal operations to prevent further cascading failures. By 11:00 p.m. BST, the company announced that all services had “returned to normal operations.” Experts said the incident underlined the vulnerabilities of an increasingly centralized internet. Professor Alan Woodward of the University of Surrey explained that modern online systems are highly interdependent, meaning that an error within one major provider can ripple across numerous unrelated services. “Even small technical mistakes can trigger large-scale failures,” he said, pointing out how human or software missteps in one corner of the infrastructure can have global consequences. Professor Mike Chapple from the University of Notre Dame compared the recovery process to restoring electricity after a large power outage. He said the system might “flicker” several times as engineers fix underlying causes and bring services gradually back online. Industry observers say such incidents reflect a growing systemic risk within the cloud computing sector, which is dominated by a handful of major firms such as Amazon, Microsoft, and Google collectively controlling nearly 70% of the market. Cori Crider, director of the Future of Technology Institute, described the current model as “unsustainable,” warning that heavy reliance on a few global companies poses economic and security risks for nations and organizations alike. Other experts suggested that responsibility also lies with companies using these services. Ken Birman, a computer science professor at Cornell University, noted that many organizations fail to develop backup mechanisms to keep essential applications online during provider outages. “We already know how to build more resilient systems,” he said. “The challenge is that many businesses still rely entirely on their cloud providers instead of investing in redundancy.” Although AWS has not released a detailed technical report yet, its preliminary statement confirmed that the outage originated from a DNS-related fault within its DynamoDB service. The incident, though resolved, highlights a growing concern within the cybersecurity community: as dependence on cloud computing deepens, so does the scale of disruption when a single provider experiences a failure.
dlvr.it
Geospatial Tool Turned Into Stealthy Backdoor by Flax Typhoon #ArcGIS #BackdoorAttacks #FlaxTyphoon
Geospatial Tool Turned Into Stealthy Backdoor by Flax Typhoon
 Chinese state-backed hacking group Flax Typhoon has been exploiting a feature within Esri’s ArcGIS software to maintain covert access to targeted systems for more than a year, according to new findings from ReliaQuest. The group, active since at least 2021 and known for espionage operations against entities in the U.S., Europe, and Taiwan, weaponized ArcGIS’s Server Object Extension (SOE) to transform the software into a webshell—essentially turning legitimate features into tools for persistent compromise. Researchers found that the attackers targeted a public-facing ArcGIS server linked to a private backend server. By compromising the portal administrator credentials, they deployed a malicious extension that forced the system to create a hidden directory, which became their private command and control workspace.  This extension included a hardcoded key, shielding their access from others while ensuring persistence. The hackers maintained this access long enough for the malicious file to become embedded in backup systems, effectively guaranteeing reinfection even if administrators restored the system from backups. ReliaQuest described this as a particularly deceptive attack chain that allowed the group to mimic normal network activity, thereby bypassing typical detection mechanisms. Because the infected component was integrated into backup files, standard recovery protocols became a liability — a compromised backup meant a built-in reinfection vector. The tactic showcases Flax Typhoon’s hallmark strategy of exploiting trusted internal processes and tools rather than relying on advanced malware or sophisticated exploits. This method is consistent with Flax Typhoon’s history of leveraging legitimate software components for espionage. Microsoft had previously documented the group’s capability to maintain long-term access to dozens of Taiwanese organizations using built-in Windows utilities and benign applications for stealth. The U.S. Treasury Department has sanctioned Integrity Technology Group, a Beijing-based company implicated in supporting Flax Typhoon’s operations, including managing infrastructure for a major botnet dismantled by the FBI. ReliaQuest warned that the real danger extends beyond ArcGIS or Esri’s ecosystem — it highlights the inherent risks in enterprise software that depends on third-party extensions or backend access. The researchers called the case a “wake-up call,” urging organizations to treat every interface with backend connectivity as a high-risk access point, regardless of how routine or trusted it appears.
dlvr.it
Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat #Breaches #CriticalInfrastructure #criticalinfrastructureattack
Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat
 Thousands of networks operated by the U.S. government and Fortune 500 companies are facing an “imminent threat” of cyber intrusion after a major breach at Seattle-based software maker F5 Networks, the federal government warned on Wednesday. The company, known for its BIG-IP networking appliances, confirmed that a nation-state hacking group had infiltrated its systems in what it described as a “sophisticated, long-term intrusion.”  According to F5, the attackers gained control of the network segment used to develop and distribute updates for its BIG-IP line—a critical infrastructure tool used by 48 of the world’s top 50 corporations. During their time inside F5’s systems, the hackers accessed proprietary source code, documentation of unpatched vulnerabilities, and customer configuration data. Such access provides attackers with an extraordinary understanding of the product’s architecture and weaknesses, raising serious concerns about potential supply-chain attacks targeting thousands of networks worldwide.  Security analysts suggest that control of F5’s build environment could allow adversaries to manipulate software updates or exploit unpatched flaws within BIG-IP devices. These appliances often sit at the edge of networks, acting as load balancers, firewalls, and encryption gateways—meaning a compromise could provide a direct pathway into sensitive systems. The stolen configuration data also increases the likelihood that hackers could exploit credentials or internal settings for deeper infiltration.  Despite the severity of the breach, F5 stated that investigations by multiple cybersecurity firms, including IOActive, NCC Group, Mandiant, and CrowdStrike, have not found evidence of tampering within its source code or build pipeline. The assessments further confirmed that no critical vulnerabilities were introduced and no customer or financial data was exfiltrated from F5’s internal systems. However, experts caution that the attackers’ deep access and stolen intelligence could still enable future targeted exploits.  In response, F5 has issued updates for its BIG-IP, F5OS, BIG-IQ, and APM products and rotated its signing certificates to secure its software distribution process. The company has also provided a threat-hunting guide to assist customers in detecting potential compromise indicators.  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning that the breach “poses an unacceptable risk” to federal networks. Agencies using F5 appliances have been ordered to inventory all affected devices, install the latest patches, and follow the company’s threat-hunting protocols. Similarly, the UK’s National Cyber Security Centre (NCSC) has released guidance urging organizations to update their systems immediately.  While no supply-chain compromise has yet been confirmed, the breach of a vendor as deeply embedded in global enterprise networks as F5 underscores the growing risk of nation-state infiltration in critical infrastructure software. As investigations continue, security officials are urging both government and private organizations to take swift action to mitigate potential downstream threats.
dlvr.it
China’s DNA Data Bank Initiative Sparks Debate on Privacy and Surveillance #Cybersecurity #Dataprotection #DNADataBank
China’s DNA Data Bank Initiative Sparks Debate on Privacy and Surveillance
  Xilinhot, Inner Mongolia, a northern city that has been subject to widespread scrutiny as a result of a police initiative that has reignited debate over privacy and government surveillance, has recently received widespread attention from the Chinese public. In an effort to reduce crime and enhance public safety, authorities have recently announced their intention to establish a DNA database by collecting blood samples from male residents. The project is being presented as a modern tool to prevent crime and prevent crime-related deaths. A China Newsweek article published on September 23 stated that officials in China described the project as part of a broader effort to update the identification system for documents, like national ID cards and passports, which was a major initiative for China.  It was also asserted by the police that this database would assist in finding missing elderly people and children, while emphasising that any personal information or biological material would remain strictly private. A number of privacy advocates, as well as citizens, are deeply concerned about the plan because they believe that it may lead to the expansion of state surveillance, posing the threat of overreach on behalf of the government. In a national debate about privacy, consent, and state management of genetic data, the proposed initiative has triggered a national debate that has centred around enhancing identification systems and strengthening investigative capabilities.  As China Newsweek reported, authorities in the Inner Mongolian city of Xilinhot announced their intention to collect blood samples for updating a database that is used for passports and national ID cards, which sparked controversy.  According to officials, the initiative was promoted as a preventive measure to assist in the search for missing children and elderly people. They stressed that all personal data and biological information would remain confidential and would not be shared with anyone else. It has been reported that the official announcement vanished from the department's website and its social media accounts shortly after it was made, further fueling public suspicion. During a subsequent interview with a police representative, he clarified that participation in the program was completely voluntary and that those who opted out would not face any repercussions. According to the investigators, the collected samples were intended to be added to a local DNA database for Y-chromosomes, commonly known as the "Y bank", which would help law enforcement to trace male lineages in criminal investigations. In many countries across the globe, DNA databases have become a crucial aspect of crime governance and investigation, with over sixty countries now maintaining national databases, as well as numerous others developing similar programs. The Indian Government has, however, been struggling to go beyond the planning stage despite a number of drafts of its DNA Bill, which had been released to the public some time ago, despite ongoing efforts to set up a National DNA Database since 2003. Despite the numerous drafts, the project has still not reached operation.  There have been a number of legal and academic experts arguing that this prolonged delay is due to the absence of transparent, inclusive, and participatory decision-making processes that could have incorporated key concerns related to privacy, ethics, and human rights into the decision-making process.  As privacy has become an increasingly prominent issue in the global debate, the way in which India approaches the construction of its National DNA Database has also been challenged, which is regarded as being primarily driven by a technocratic and bureaucratic vision that fails to take social and legal safeguards into consideration. It is argued, given India's status as a constitutional democracy, that a robust privacy governance framework has to be established before such a database can be fully implemented in order to ensure that technological advancements do not outpace the nation's commitments in regards to human rights and ethical practices.  As an alternative to this, New Zealand’s approach to the forensic DNA collection process is a great example of how a successful, transparent system can be implemented. Having established a DNA Profile Databank (DPD) only a few years ago, New Zealand became the second country in the world to do so in the world. Managed by ESR on behalf of the New Zealand Police, the database compiles DNA profiles of both convicted offenders and voluntarily volunteered DNA profiles.  The comprehensive database is based on two interconnected systems that are linked together - the Criminal Sample Databank, which stores genetic material that is gathered from unsolved crime scenes, and the DNA Profile Database, which contains profiles of individuals. A routine cross-reference of the databases, often daily, to identify potential matches between crime scene evidence and stored profiles is performed regularly, and the results are immediately communicated to law enforcement authorities.  It has achieved impressive results in the field of DNA analysis by collecting over 200,000 samples as well as 40,000 DNA profiles, which have been taken from casework: approximately seventy per cent of all unsolved cases, which are added to the database, have been linked to individuals, while about thirty per cent have been linked to other crimes. New Zealand has established itself as one of the world's leading players in the use of DNA technology in criminal investigations thanks to its proactive and data-driven approach.  Taking its name from the National DNA Data Bank, Canada's DNA database stands as the cornerstone of the modern forensic investigation field, consistently maintaining more than half a million DNA profiles that are vital to the pursuit of criminal justice and to the identification of remains. In addition to serving as an important tool for investigators who help them identify or exclude suspects, connect related crimes, and determine whether a serial offender might be involved, the databank is also under strict legal and ethical supervision.  Besides contributing significantly to the investigation of criminal crimes, the database also aids in the identification of missing people and victims, which is an important component of humanitarian efforts. Through its comprehensive framework, the databank entails the development of collaboration between police, coroners, and medical examiners from all across Canada, enhancing Canada's role as one of the world's leading nations in the responsible use of genetic technology for the protection and justice of the public.  The discussion revolves around a forensic technique referred to as Y-STR family screening, which enables authorities to narrow the potential suspects in investigations by analysing genetic markers shared among male relatives. In this method, investigators are able to trace a suspect's family members, even though they do not all possess a similar short tandem repeat on their Y chromosomes. The method allows investigators to locate the suspect before applying additional tools to identify the particular suspect. Several cases involving high-profile people have been solved using the technology, including the notorious Baiyin serial killings that took place between 1988 and 2002 in Gansu province that resulting in the death of 11 women.  The recent initiative in Xilinhot to collect blood samples has prompted questions about proportionality, necessity, and transparency regarding the public's interest. The commentary in Nanfang Daily reported that the police had provided very limited information regarding the storage, use, or disposal of DNA data, but opinions among legal scholars differed as well: In his argument in South Reviews, Tian Fang, a law professor at Nanjing University, argued that the technology focuses only on non-coding DNA segments, which are not genetically associated with eye color or blood type, so that this technology does not constitute an invasion of privacy at all.  Nevertheless, others, such as Chen Xuequan, a professor at the University of International Business and Economics in Beijing, spoke out against the system, warning that it could still raise issues related to the ethics of data security and privacy if there were no clear legal safeguards. With nations struggling to balance technological advancement with individual rights, China's DNA data bank initiative highlights the need for clear legal boundaries, ethical oversight, and transparent governance when it comes to the use of genetic information as a whole.  Even though DNA database systems have proven to be very useful for solving crimes and reuniting families, these systems need to be managed within the framework of privacy, consent, and accountability. The establishment of independent regulatory bodies, the enforcement of strict data protection measures, and the encouragement of public dialogue could ensure that such initiatives serve justice while protecting fundamental freedoms without compromising them.  In the end, the success of any national DNA database is not determined by the number of samples it collects. It is more important to ensure the integrity of its operation, as well as the trust of the citizens who will be protected by the database.
dlvr.it
SimonMed Imaging reports data breach affecting over 1.2 million patients #DataBreach #MedusaRansomware #PatientData
SimonMed Imaging reports data breach affecting over 1.2 million patients
  U.S.-based medical imaging provider SimonMed Imaging has disclosed a cybersecurity incident that compromised the personal data of more than 1.2 million patients earlier this year. The company, which operates nearly 170 diagnostic centers across 11 states, specializes in radiology and imaging services such as MRI, CT scans, X-rays, ultrasounds, and mammography. Details of the breach  According to information shared with regulators, unauthorized individuals gained access to SimonMed’s internal systems between January 21 and February 5, 2025. The breach came to light on January 27, when one of SimonMed’s third-party vendors reported a security incident that also affected the company. An internal investigation confirmed suspicious network activity the following day. SimonMed stated that once the attack was detected, the organization acted swiftly to contain the intrusion. Measures included resetting employee passwords, activating multifactor authentication, adding endpoint detection and response (EDR) tools, cutting off third-party vendors’ direct system access, and restricting external network connections to only verified sources. Law enforcement authorities were notified, and cybersecurity specialists were brought in to assist in the investigation and recovery process. Data possibly exposed While SimonMed has not disclosed the full scope of data accessed by the attackers, the company confirmed that patients’ full names were among the exposed information. Given the type of data typically stored in radiology systems, the breach may also involve sensitive records such as identification details, medical reports, and financial information. As of October 10, SimonMed reported finding no evidence that the compromised data has been used for fraud or identity theft. Affected individuals have been offered free identity theft protection services through Experian as a precautionary step. Ransomware group claims responsibility Shortly after the breach, the Medusa ransomware group claimed responsibility, listing SimonMed on its leak site on February 7. The group alleged that it had stolen 212 gigabytes of data and released a small sample online as proof. The leaked files reportedly contained ID scans, patient information spreadsheets, billing details, and diagnostic reports. Medusa demanded a ransom of $1 million, along with an additional $10,000 fee for each day the company delayed payment before full data disclosure. SimonMed’s name has since been removed from the group’s website, which often suggests that negotiations may have taken place. However, the company has not confirmed whether any ransom payment was made. Growing threat to healthcare organizations The Medusa ransomware operation, which surfaced in 2023, has been linked to several high-profile attacks on critical infrastructure, including the Minneapolis Public Schools and Toyota Financial Services. In March 2025, the FBI, CISA, and MS-ISAC jointly warned healthcare and education organizations about Medusa’s ongoing targeting campaigns. Cybersecurity experts emphasize that healthcare institutions remain vulnerable due to the volume of sensitive data they handle. Experts recommend strengthening authentication protocols, monitoring system activity, and maintaining up-to-date security measures to minimize the risk of future incidents.
dlvr.it
Pixnapping Malware Exploits Android’s Rendering Pipeline to Steal Sensitive Data from Google and Samsung Devices #CybersecurityBreach #DataBreach #datasecurity
Pixnapping Malware Exploits Android’s Rendering Pipeline to Steal Sensitive Data from Google and Samsung Devices
 Cybersecurity researchers have revealed a new Android malware attack called Pixnapping, capable of stealing sensitive information from Google and Samsung smartphones without any user interaction. The name “Pixnapping” blends “pixel” and “snapping,” referring to how the malware stealthily extracts visual data pixel by pixel from targeted apps.  When a user installs an app laced with the Pixnapping malware, it silently scans the device for other apps to spy on—such as Google Authenticator. Instead of opening the target app directly, the malware leverages the Android rendering pipeline to intercept the visual data being displayed. It then analyzes the color and content of individual pixels in areas known to display confidential information, like two-factor authentication (2FA) codes. By interpreting these pixels, the malware reconstructs the original data—essentially taking “invisible screenshots” of protected content without ever triggering normal app permissions.  According to researchers, three flaws in Android’s design enable Pixnapping. First, apps can invoke another app’s activity through the rendering pipeline, which allows unauthorized access to refresh sensitive screens. Second, Android permits graphical operations to be performed on another app’s displayed content. Third, apps can detect pixel color changes during these operations, revealing the hidden visual data.  Tests confirmed Pixnapping’s success across several devices, including the Pixel 6, 7, 8, and 9, as well as the Samsung Galaxy S25, running Android versions 13 through 16. The malware’s efficiency varied across devices, achieving success rates between 29% and 73% on Pixel models. On the Galaxy S25, however, researchers couldn’t extract 2FA codes before they expired. The attack was also demonstrated on apps and services such as Gmail, Signal, Venmo, Google Accounts, and Google Maps—indicating that Pixnapping could potentially expose emails, encrypted messages, payment data, and location histories.  The vulnerability is tracked as CVE-2025-48561. While Google has issued an initial patch, researchers found ways to bypass it, prompting Google to develop a stronger fix expected in the December Android security update.   Fortunately, Pixnapping has not been detected in active attacks yet. Still, experts urge users to stay vigilant by updating their devices with the latest security patches and downloading apps only from verified marketplaces such as the Google Play Store. Even then, users should double-check app details to ensure authenticity and avoid sideloading unverified applications.  Pixnapping underscores a critical flaw in Android’s visual data handling and highlights the growing sophistication of modern mobile malware. Until Google delivers a complete patch, maintaining cautious download habits and prompt software updates remains the best defense.
dlvr.it
WhatsApp Worm Infects Devices and Compromises User Banking Information #BankingTrojan #CyberThreats #Cybersecurity
WhatsApp Worm Infects Devices and Compromises User Banking Information
  There has been a troubling revelation in the cybersecurity community that cybercriminals continue to weaponise trusted digital ecosystems by deploying highly sophisticated malware campaigns that use WhatsApp's messaging platform to infiltrate users throughout Brazil, demonstrating that cybercriminals continue to use trusted digital ecosystems to their advantage.  This large-scale operation, which was detected on September 29, 2025, exhibits unprecedented technical precision and social engineering skills, manipulating user trust in order to achieve rapid and silent propagation of the virus. There has been an increased use of WhatsApp Web by the attackers in attempts to propagate malicious LNK and ZIP files disguised as harmless attachments sent from compromised contacts.  The attackers have chosen to send misleading messages that convincingly mimic genuine communication to lure their victims into execution. The moment that an unsuspecting recipient opens a file that contains malware on a desktop system, the malware stealthily executes a fileless infection chain, which is designed to steal credentials from financial institutions as well as cryptocurrency exchanges as they conduct their transactions.  Researchers have determined that the campaign was linked to a broader operation known as "Water Saci," which shows a level of sophistication and scale not typically seen in regional cybercrime. There is evidence in the code of the malware, Maverick and Sorvepotel, that is code-like to the notorious Coyote Trojan, pointing to a new evolution of Brazilian cybercrime tools that target the thriving ecosystem of digital finance in the country.  In contrast to typical attacks that are primarily focused on data theft and ransomware deployment, this particular operation places a high value on rapid self-propagation and wide infiltration.  By cleverly leveraging social relationships, the infection process distributes malicious files through the accounts of already infected users to embed itself deeper into trusted networks as a result. It is estimated that over 400 corporate environments have already been compromised by this threat, and more than 1,000 endpoints have been affected, proving that the campaign's aggressive reach and operational efficiency are evident because command-and-control servers validate each download to ensure that it comes directly from the malware.  Nevertheless, this technique complicates automated security analysis and network defence, making it significantly more difficult to detect and deter the threat. The malware was written primarily in Portuguese and distributed by localised URLs. As a result of its design, it suggests that a deliberate effort was made to target the individual consumer as well as corporate users in Brazil's rapidly growing cryptocurrency and financial sectors. Besides the campaign's regional implications, this campaign serves as a stark reminder of the convergence that has been taking place in modern cyberattacks between social manipulation and advanced technical execution.  With this new wave of WhatsApp-targeted malware exploiting trust, automation, and the interconnectedness of messaging platforms, people are witnessing a concerning shift in the cyber threat landscape, one where they can no longer assume the familiar is safe. It has been reported that the Sorvepotel malware has impacted many sectors throughout Brazil, not just individual users. The malware has penetrated a wide range of sectors throughout the country. A Trend Micro cybersecurity researcher stated that public and government service organisations have been the most severely affected, followed by manufacturing, technology, education, and construction organisations. However, as attackers continue to refine and expand their tactics, other Latin American countries may soon have to face similar threats.  Although the current campaign is focusing primarily on Brazil, experts warn that similar threats may soon impact other Latin American countries. There is no doubt that the Sovepotel infection chain is extremely deceptive. It spreads mainly through phishing messages sent via compromised contacts' WhatsApp accounts. It is common for these messages, which appear to come from trusted friends or colleagues, to contain malicious ZIP files, which appear as if they were legitimate files-such as receipts, budget documents, or health-related documents, written in Portuguese.  These files are aimed at attracting enterprise users rather than casual mobile users, as they are urged to open them on desktop computers. Once the malware has been executed, it will spread automatically through WhatsApp Web, sending mass messages which will not only expedite its spread but will also lead to the suspension of infected accounts for excessive spam activity, as well as the spreading of the malware.  Several researchers have noticed that, in addition to parallel phishing campaigns through email, attackers may also distribute ZIP files containing similar content from seemingly legitimate corporate addresses, increasing the likelihood of infection. There is already a substantial scale of operation, with over 400 customer environments reported as compromised, which is an indication that the worm has spread rapidly and is extremely effective in its operational aspects.  By targeting Brazilian financial institutions and cryptocurrency exchanges, the group illustrates a deliberate effort to monetise itself by stealing credentials and gaining unauthorised access to financial resources, even though analysts warn that the same techniques can be adapted to other countries as well. Depending on the severity of the attack, financial consequences can range from immediate unauthorised withdrawals to long-term identity theft and the loss of a victim's reputation.  Cybersecurity experts, for this reason, emphasise the need to adopt multilayered defence strategies. Educating users and organisations on how to keep them safe requires them to avoid suspicious links, even those shared by familiar contacts, as well as verify their authenticity by using alternative channels for communications. It is crucial to maintain an updated application base, enable two-factor authentication across financial and communication platforms, and keep reputable antivirus software in place to minimise exposure.  Additionally, it is important to monitor financial accounts for unusual activity and conduct frequent data backups to prevent future losses. It is important to note that research indicates that awareness and education remain the best defences, as they ensure both individuals and organisations are prepared to recognise, resist, and report emerging social engineering threats as soon as they emerge, so they are not caught by surprise. Based on the technical analysis of the campaign, people have discovered that the infection mechanism in the campaign was highly sophisticated and stealthy in order to evade detection and achieve persistence without leaving any traditional forensic evidence. During the first stage of infection, a victim receives a malicious ZIP archive through WhatsApp Web, which contains a malicious LNK file disguised as a legitimate document.  These LNK files are often presented by generic names, or they are branded to resemble correspondence from a bank. In the accompanying Portuguese language message, the recipient is advised to open the file on a computer, as it specifies that "visualisations can be performed only on computers," and even suggests Chrome users select the "keep file" option due to the ZIP format of the file.  When the LNK file has been executed, it launches cmd.exe with embedded commands that trigger a PowerShell script, which is responsible for contacting a remote command and control server via a PowerShell script. Using this server, each request is meticulously verified, allowing downloads only if the "User-Agent" header is detected to be unique to the PowerShell process.  By doing so, the server effectively blocks unauthorised access and automated analysis attempts, blocking common attacks. Using PowerShell, the embedded .NET file will be decoded and executed as a live assembly by using byte-level manipulation, thereby making the infection completely fileless, because it will be performed entirely in memory. It is quite hard to reverse engineer this initial loader because it is heavily obfuscated by controlling flow flattening, indirect function calls, and randomised naming conventions. A key part of the malware's function is to download and decrypt two encrypted shellcodes from the C2 server, authenticated by a cryptographic HMAC signature.  The attacker's custom key — "MaverickZapBot2025SecretKey12345"— generates an API token that allows it to fetch these payloads only. Additionally, the campaign is further protected from external scrutiny by the custom key.  The decrypted data contains a Doughnut-based loader that is responsible for initiating two distinct execution paths: the first delivers the “MaverickBanker” Trojan, while the second targets the WhatsApp infector module. Subsequent stages continue along this elaborate path. Secondary loaders are responsible for retrieving a .NET assembly named "Maverick.StageOne," a component that will download and execute the WhatsApp infector, a self-propagating component intended to hijack a victim's session and automate the delivery of messages, in an attempt to hijack their data.  By using open-source automation tools like WPPConnect and Selenium browser drivers, this module can detect an active WhatsApp Web window and begin sending malicious files to the victim's contacts in order to maintain infection. During this stage in Brazilian culture, WhatsApp is referred to as the “ZAP,” a colloquial term referring to its localised development and social engineering techniques.  Despite the multiple layers of obfuscation used in the malware, analysts have been able to reconstruct the malware's workflow, confirming that the malware has a modular structure, reuses shared functions, and intends to maintain a large-scale self-replication network across multiple interconnected networks, confirming its intent to be able to replicate itself.  With an intricate combination of automation, encryption, and behavioural evasion, large-scale cybercrime operations are being carried out using everyday communication tools in a manner that represents a new frontier in weaponising these tools. A technical analysis of the Water Saci campaign has demonstrated that an advanced and meticulously engineered infrastructure was used to ensure persistence, propagation, and stealth of the campaign. During the first stage of the PowerShell script, an Explorer process is secretly launched, which will be used to retrieve further payloads from multiple command-and-control (C2) servers, including the ones hosting zapgrande.com, expansiveuser.com, and sorvetenopote.com. As can be seen from embedded Portuguese-language comments embedded within the code, the threat actor intentionally attempted to weaken the system’s defences by executing commands in Microsoft Defender to disable User Account Control (UAC).  As a result of the deliberate security modifications, the malware can perform privileged operations uninterrupted, creating an environment where subsequent payloads are not detected. In addition, the campaign delivers one of two distinct payloads, depending on the system profile of the victim: a legitimate Selenium browser automation framework, which is coupled with ChromeDriver, or the more destructive Maverick banking Trojan.  A Selenium component is used to simulate active browser sessions, enabling attackers to hijack WhatsApp Web accounts for the purpose of distributing malicious files to new victims, leading to the propagation of the worm's self-propagation cycle. Maverick, on the other hand, focuses on credential theft, monitoring user browsing activity to determine how to gain access to Brazilian financial institutions and cryptocurrency exchanges before deploying additional. NET-based malwaretoo harvest sensitive information about their customers.  Despite the fact that the campaign is quite adaptable to the dual payload mechanism, the researchers from Trend Micro point out that, combined with the campaign's ability to spread independently, this represents a significant escalation in regional cyber threats, and if left unchecked, can easily spread beyond Latin America.  It is particularly challenging due to the campaign's worm-like nature: after the initial infection, the malware sends further malicious messages to the victim's WhatsApp contacts, creating a fast and exponential infection network based on the social trust that has been established. Because recipients are much more likely to open attachments from familiar sources, this strategy has a dramatic impact on the success rate of the malware.  In an effort to make the world a more secure place, cybercriminals are increasingly exploiting widely used communication platforms to deliver fileless and evasive attacks, according to experts, which marks a significant change in the global threat landscape. WhatsApp is used extensively across Brazil for personal and professional purposes and is therefore a lucrative target for cybercriminals. Despite the growing threat, researchers have urged organisations to take proactive defensive measures to reduce risks. It is recommended that administrators disable auto-downloads of media and documents on WhatsApp, implement firewall and endpoint policies restricting file transfers from personal applications, and enforce application whitelisting or containerization in BYOD environments to prevent malicious attacks.  The importance of employee awareness programs cannot be overstated - users need to be trained in recognising and reporting suspicious attachments and links, even those sent by trusted contacts. Responding quickly to PowerShell execution alerts as well as maintaining updated endpoint security tools can help further contain infections in their earliest stages.  Experts warn that to be able to fight these kinds of threats, companies must maintain vigilance, implement layers of defences, and foster an organisational culture that fosters awareness -- elements that have become increasingly important as malicious software that thrives on trust and connectivity spreads. WhatsApp's "Water Saci" operation illustrates how cyber tactics are rapidly transforming the way people manage digital risk in everyday communication due to their rapid advancement. The attackers continue to exploit the familiarity of trusted platforms, so the user and organisation alike must adopt a more comprehensive protective framework that combines technology, awareness, and behavioural caution to protect themselves. By implementing robust defences such as endpoint monitoring, adaptive threat detection, and strict file transfer controls, it may be possible to reduce exposure to such fileless and socially engineered threats. The reduction of infection rates can also be drastically reduced when the workplace culture is rooted in cybersecurity mindfulness-where verification precedes action. The strategic collaboration between cybersecurity companies, financial institutions, and policy regulators will be crucial if people are to identify early signs of compromise and neutralise threats before they become a problem. It is important that individuals as well as organisations embed proactive vigilance and shared accountability as part of their digital habits, ensuring that trust in modern communication tools remains a strength instead of a weakness for both parties.
dlvr.it
Windows 10 Support Termination Leaves Devices Vulnerable #DeviceVulnerability #Microsoft #UserPrivacy
Windows 10 Support Termination Leaves Devices Vulnerable
 Microsoft has officially ended support for Windows 10, marking a major shift impacting hundreds of millions of users worldwide. Released in 2015, the operating system will no longer receive free security updates, bug fixes, or technical assistance, leaving all devices running it vulnerable to exploitation. This decision mirrors previous end-of-life events such as Windows XP, which saw a surge in cyberattacks after losing support. Rising security threats Without updates, Windows 10 systems are expected to become prime targets for hackers. Thousands of vulnerabilities have already been documented in public databases like ExploitDB, and several critical flaws have been actively exploited.  Among them are CVE-2025-29824, a “use-after-free” bug in the Common Log File System Driver with a CVSS score of 7.8; CVE-2025-24993, a heap-based buffer overflow in NTFS marked as “known exploited”; and CVE-2025-24984, leaking NTFS log data with the highest EPSS score of 13.87%.  These vulnerabilities enable privilege escalation, code execution, or remote intrusion, many of which have been added to the U.S. CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling the seriousness of the risks. Limited upgrade paths Microsoft recommends that users migrate to Windows 11, which features modernized architecture and ongoing support. However, strict hardware requirements mean that roughly 200 million Windows 10 computers worldwide remain ineligible for the upgrade.  For those unable to transition, Microsoft provides three main options: purchasing new hardware compatible with Windows 11, enrolling in a paid Extended Security Updates (ESU) program (offering patches for one extra year), or continuing to operate unsupported — a risky path exposing systems to severe cyber threats. The support cutoff extends beyond the OS. Microsoft Office 2016 and 2019 have simultaneously reached end-of-life, leaving only newer versions like Office 2021 and LTSC operable but unsupported on Windows 10. Users are encouraged to switch to Microsoft 365 or move licenses to Windows 11 devices. Notably, support for Office LTSC 2021 ends in October 2026. Data protection tips Microsoft urges users to back up critical data and securely erase drives before recycling or reselling devices. Participating manufacturers and Microsoft itself offer trade-in or recycling programs to ensure data safety. As cyber risks amplify and hackers exploit obsolete systems, users still on Windows 10 face a critical choice — upgrade, pay for ESU, or risk exposure in an increasingly volatile digital landscape.
dlvr.it
Satellites Found Broadcasting Sensitive Data Without Encryption #Cybersecurity #messages #militaryinformation
Satellites Found Broadcasting Sensitive Data Without Encryption
  A recent academic study has revealed alarming security gaps in global satellite communications, exposing sensitive personal, corporate, and even military information to potential interception. Researchers from the University of California, San Diego, and the University of Maryland discovered that a large portion of geostationary satellites transmit unencrypted data, leaving them open to eavesdropping by anyone with inexpensive receiving equipment. Over a three-year investigation, the research team assembled an $800 receiver setup using readily available components and placed it on the roof of a university building in La Jolla, California. By adjusting their dish toward various satellites visible from their location, the team intercepted streams of data routinely transmitted from orbit to ground-based receivers. To their surprise, much of this information was sent without any encryption or protective measures. The intercepted traffic included mobile phone calls and text messages linked to thousands of users, in-flight Wi-Fi data from airlines, internal communications from energy and transportation systems, and certain military and law enforcement transmissions revealing positional details of personnel and assets. These findings demonstrate that many critical operations rely on satellite systems that fail to protect private or classified data from unauthorized access. According to the researchers, nearly half of all geostationary satellite signals they analyzed carried unencrypted content. However, their setup could only access about 15 percent of the satellites in orbit, suggesting that the scale of exposure could be significantly higher. They presented their findings in a paper titled “Don’t Look Up,” which highlights how the satellite industry has long relied on the assumption that no one would actively monitor satellite traffic from Earth. After identifying the vulnerabilities, the researchers spent months notifying affected organizations. Several companies, including major telecom providers, responded quickly by introducing encryption and tightening their satellite communications. Others, particularly operators of older or specialized systems, have yet to implement necessary protections. Experts in cybersecurity have called the study a wake-up call for both industry and government agencies. They stress that satellite networks often act as the communication backbone for remote locations, from offshore platforms to rural cell towers, and unprotected data transmitted through these systems poses a serious privacy and security risk. The findings underline the pressing need for standardized encryption protocols across satellite networks. As the reliance on space-based communication continues to grow, ensuring the confidentiality and integrity of transmitted data will be vital for national security, business operations, and personal privacy alike.
dlvr.it
Microsoft Sentinel Aims to Unify Cloud Security but Faces Questions on Value and Maturity #aiagents #AItechnology #Cloud
Microsoft Sentinel Aims to Unify Cloud Security but Faces Questions on Value and Maturity
 Microsoft is positioning its Sentinel platform as the foundation of a unified cloud-based security ecosystem. At its core, Sentinel is a security information and event management (SIEM) system designed to collect, aggregate, and analyze data from numerous sources — including logs, metrics, and signals — to identify potential malicious activity across complex enterprise networks. The company’s vision is to make Sentinel the central hub for enterprise cybersecurity operations. A recent enhancement to Sentinel introduces a data lake capability, allowing flexible and open access to the vast quantities of security data it processes. This approach enables customers, partners, and vendors to build upon Sentinel’s infrastructure and customize it to their unique requirements. Rather than keeping data confined within Sentinel’s ecosystem, Microsoft is promoting a multi-modal interface, inviting integration and collaboration — a move intended to solidify Sentinel as the core of every enterprise security strategy.  Despite this ambition, Sentinel remains a relatively young product in Microsoft’s security portfolio. Its positioning alongside other tools, such as Microsoft Defender, still generates confusion. Defender serves as the company’s extended detection and response (XDR) tool and is expected to be the main interface for most security operations teams. Microsoft envisions Defender as one of many “windows” into Sentinel, tailored for different user personas — though the exact structure and functionality of these views remain largely undefined.  There is potential for innovation, particularly with Sentinel’s data lake supporting graph-based queries that can analyze attack chains or assess the blast radius of an intrusion. However, Microsoft’s growing focus on generative and “agentic” AI may be diverting attention from Sentinel’s immediate development needs. The company’s integration of a Model Context Protocol (MCP) server within Sentinel’s architecture hints at ambitions to power AI agents using Sentinel’s datasets. This would give Microsoft a significant advantage if such agents become widely adopted within enterprises, as it would control access to critical security data.  While Sentinel promises a comprehensive solution for data collection, risk identification, and threat response, its value proposition remains uncertain. The pricing reflects its ambition as a strategic platform, but customers are still evaluating whether it delivers enough tangible benefits to justify the investment. As it stands, Sentinel’s long-term potential as a unified security platform is compelling, but the product continues to evolve, and its stability as a foundation for enterprise-wide adoption remains unproven.  For now, organizations deeply integrated with Azure may find it practical to adopt Sentinel at the core of their security operations. Others, however, may prefer to weigh alternatives from established vendors such as Splunk, Datadog, LogRhythm, or Elastic, which offer mature and battle-tested SIEM solutions. Microsoft’s vision of a seamless, AI-driven, cloud-secure future may be within reach someday, but Sentinel still has considerable ground to cover before it becomes the universal security platform Microsoft envisions.
dlvr.it
Malware Infiltrations Through Official Game Channels #AccountHacking #CybercrimePrevention #Cybersecurity
Malware Infiltrations Through Official Game Channels
  Cybercriminals are increasingly exploiting the trust of unsuspecting players as a profitable target in the evolving landscape of digital entertainment by downloading video games, which appear to be harmless to the eyes of user. The innocent download of a popular game, an exciting demo, or a modification made by a fan can sometimes conceal a much more sinister payload behind the innocent appearance.  With the development of malicious code embedded within seemingly legitimate files, attackers have become increasingly adept at stealing credentials, draining cryptocurrency wallets, or hijacking user accounts without immediate notice, all using deceptive tactics. It has been reported that games can be real in nature, but they are often bundled with hidden malware that activates as soon as they are installed.  Infections that cause this type of infection are usually hidden in post-release updates, ensuring that early versions look harmless while later patches quietly deliver the exploit, allowing threat actors to keep their exploits a secret. There is an increasingly common ploy to lure players away from verified gaming storefronts with claims of "exclusive content" or "performance-enhancing updates," and then redirect them to malicious external downloads, which are actually malicious.  In addition to circumventing the platform's built-in security checks, such tactics also hinder developers and distributors from identifying and removing the threat promptly, as they cannot detect and remove the threat. One of the recent examples underscores the sophistication of these attacks, as security researchers discovered that a threat actor uploaded four seemingly benign "mods" to the official Steam catalogue for the popular online game Dota 2 in an effort to sabotage the game.  When these modifications were installed on victims' systems, they opened a back door, allowing the attacker to take advantage of a known security vulnerability (CVE-2021-38003) that exists in the open-source JavaScript engine of Dota 2's Panorama framework.  Community enhancements that were supposed to serve as vehicles for advanced exploitation turned out to be vehicles for advanced exploitation - demonstrating how even trusted platforms are susceptible to being compromised. It is clear from this troubling trend that the line between gaming and cyber risk is blurry, where just one careless click on a seemingly innocent file can expose players to data theft, account compromise, and system vulnerabilities that will last for years.  While many security breaches in gaming occur as a result of external threat actors, there are some instances where the danger is a result of the game itself. It has been observed that developers, in certain cases, have knowingly embedded malicious components into their creations for the purpose of profit, surveillance, or misguided experimentation. However, in some cases, fan-made mods and community content have knowingly transmitted infections introduced by their creators.  There have been cases when an infected development environment has accidentally introduced malware into an end-game by accident, putting countless players at risk. In such cases, it is made clear that even the most trustworthy and official platforms can be used to compromise players, eroding trust in a field once defined by creativity and connection, a time when player trust has been eroded.  There have been increasing numbers of attacks by attackers who have been strategically leveraging the excitement surrounding major game releases by timing their campaigns for peak excitement moments. In these periods of high traffic, fraudulent “early access” invitations and “exclusive beta” offers seem more convincing, lured by players who desire to experience the latest titles earlier.  When people are forced to download files without verifying their authenticity through claims of “limited access” or “exclusive playtests”, they are often manipulated into downloading files with the intent of creating anticipation and urgency. The type of tactics mentioned above is particularly effective with regard to streamers who are constantly looking for new content that will draw viewers to their channel. By exploiting this ambition, cybercriminals entice them into downloading trojanized games or demo versions, which compromise both their systems as well as their audiences. However, content creators are not alone at risk of malware; casual gamers, whose curiosity or thrill of novelty drives them, are also at risk of accidentally installing malware disguised as legitimate software. The attacks take place across multiple platforms.  Some malicious projects have bypassed moderation on official storefronts, such as Steam, by releasing Early Access games, overhyped demos, or free platformers, which have later proved harmful as a consequence of the attacks. As a result of their high ratings and fabricated reviews, they often gave the illusion that these titles were credible until intervention was instituted. As a result of cyber deception, platforms such as Discord and Telegram have become fertile ground for cyber attacks outside of official channels.  The trust inherent in these communities amplifies the damage caused by the malicious attacker, causing victims to unintentionally become accomplices in the attack. Attackers compromise legitimate accounts and distribute infected files posing as friendly recommendations like "try my new game" or "check out this beta build". A number of researchers, including Bitdefender's experts, have warned that the very qualities defining the gaming community- its enthusiasm, speed, and interconnectedness-are becoming weapons against it. In a culture where rapid downloads and shared excitement drive engagement, players tend to override caution in an effort to discover new content, exposing them to evolving cyber threats even when they are wewell-versed During the past few months, Kaspersky has conducted an analysis of the growing trend of cyberattacks targeting gamers, specifically those belonging to Generation Z, which revealed alarming insights. As a result of this study, which examined malware activity across 20 of the most popular video games from the second quarter of 2024 until the first quarter of 2025, the study identified more than 1.8 million attempts to attack across the 20 most popular games between March 2025 and March 2024, the highest amount ever recorded during this period.  Cybercriminals continue to target the biggest franchises of the gaming industry, most of which have active online and modding communities, as the findings illustrate. These findings highlight the fact that many of the biggest franchises are a prime target for cybercriminals. The largest number of attack attempts was recorded by the Grand Theft Auto franchise, which was the highest number among all titles analysed.  Even though GTA V has been around for more than a decade, it has endured due to its popularity, modding flexibility, and active online community, making it particularly vulnerable to cybercrime. With anticipation building for GTA VI's release expected in 2026, experts are warning that similar campaigns will be on the rise, as threat actors will likely take advantage of the excitement surrounding “early access” offers and counterfeit installers in order to gain an edge.  The biggest cybercriminal attack that occurred on Minecraft was 4,112,493. This is due to the vast modding ecosystem and younger player demographic, both of which continue to attract cybercriminals to the game. With 2,635,330 attempts, Call of Duty came in second with 2,615,330, mainly due to malicious files posing as cheats or cracked versions for games such as Modern Warfare 3. It is no wonder that, The Sims were responsible for 2,416,443 attack attempts, a figure which can be attributed to the popularity of unofficial expansion packs and custom in-game assets. Roblox was also prominent, with 1,548,929 attacks, reflecting the persistent exploitation of platforms with content that is generated by users. There were also several other high-risk franchises, including FIFA, Among Us, Assassin’s Creed, Counter-Strike: Global Offensive, and Red Dead Redemption, which together contributed to hundreds of thousands of incidents. Community engagement, which includes mods, patches, and fan content, has been shown to have a direct correlation with malicious software spread. Kaspersky has conducted a comprehensive analysis of these infections, which range from simple downloaders to sophisticated Trojans capable of stealing passwords, granting remote access to systems and deploying ransomware, among others. This type of attack is aimed primarily at compromising valuable gaming accounts, which are then sold on black market markets or underground forums for a high price.  In accordance with the findings of the study, cyber threats are evolving as a result of the enthusiasm for new content, as well as a culture of sharing within gaming communities being weaponised by attackers for profit and exploitation. In my opinion, Guild Wars 2 stands out as a particularly notable example, which was developed by ArenaNet and published by NCSoft as a massively multiplayer online role-playing game.  There is a strong community attached to this game because of its dynamic and expansive co-operative world. Despite the popularity of the game, the studio faced backlash in March 2018 after an update reportedly installed a surveillance tool on the players' systems. It was the embedded program's responsibility to search local files for unauthorised third-party applications and executables that may be associated with cheating.  It was condemned by many players and cybersecurity experts as a serious breach of privacy, asking if the deployment of what appeared to be spyware was necessary to combat dishonesty. This episode proved that there is a delicate balance between maintaining the integrity of online games and infringing upon the rights of users.  An analysis of the report revealed that efforts made to combat one form of manipulation of data were capable of introducing another, highlighting a growing ethical dilemma in the gaming industry-where issues of security, surveillance, and player trust have intersected in increasingly interesting, albeit uncomfortable, ways lately. In spite of the fact that the measure was designed to ensure fair play and resulted in nearly 1,600 accounts being identified and banned, it sparked widespread concern due to the way the measure was implemented.  During the ongoing investigation into how malware infiltrated the gaming industry, a number of recent cases have shed light on the evolving strategies that cybercriminals are using to infiltrate the market. Those incidents mark a critical turning point in the history of video games, revealing how both indie developers and major gaming platforms, unwittingly, can be conduits for large-scale cyberattacks.  One of the most alarming examples is BlockBlasters (2025), which appears innocent at first glance but rapidly gains popularity with its creative design and indie appeal, despite being a seemingly harmless free platformer on Steam. An update released weeks after the game was released introduced a hidden cryptocurrency dragon that hacked over $150,000 from unsuspecting players who had been unaware of the device. In a later investigation, it emerged that the attackers had enlarged their reach by pretending to be sponsors and contacting streamers to promote the game. When Valve finally intervened and removed it, the attackers were able to expand their reach. During the same period, Sniper: Phantom's Resolution leveraged Steam's visibility but hosted its demo externally, bypassing platform safeguards.  After a community report that the installer contained information-stealing malware, Valve delisted the title as a result of the incident, but this case demonstrated how attackers are able to use official storefronts as an effective means of promoting legitimate downloads while directing victims to malicious ones.  There was also a similar pattern with the Early Access survival game Chemia (2024/2025), which had invited players to sign up for playtesting access to the game. Even though the project was presented professionally, it was eventually linked to three different malicious software strains which extorted data and created backdoors on infected machines in the future.  Despite the fact that the supposed studio behind the title has been unable to locate an online presence, suspicions were raised that the identity had been fabricated. Meanwhile, the outbreak of the Fracturiser in Minecraft mods in 2023 underscores the dangers associated with community-driven ecosystems. As a result of malicious updates released by criminals into legitimate developer repositories, it has been extremely difficult for maintainers to recover control of the issue.  These incidents have resulted in severe fallout for users. The takeover of accounts has permitted attackers to impersonate victims and spread scams, while financial losses, as seen during the BlockBlasters campaign, have devastated many players, including one streamer who lost funds that were being raised for medical care.  Furthermore, as fraudulent titles, manipulated reviews, and influence promotions continue to erode the trust in gaming platforms, the line between genuine creativity and calculated deception is becoming increasingly blurred, which is further obscuring the real difference between genuine creativity and calculated deception. As a reminder of the dangers lurking even in verified storefronts and beloved communities, gamers are becoming increasingly uncertain about what they can play, especially as they become more and more connected. Increasing cyber threats hidden within gaming platforms have highlighted a sobering truth: it is no longer acceptable to put digital safety as an afterthought to entertainment pursuits. In order to remain competitive in this rapidly evolving threat landscape, both players and developers should learn how to adapt in order to stay safe while exploiting trust, curiosity, and the community spirit that defines gaming culture.  To protect against malicious behaviour and threats, platform oversight, a stricter moderation system for uploaded content, and advanced threat detection tools are not optional—they are essential.  Furthermore, the player can also play a crucial role by verifying download sources, avoiding unofficial links, and keeping up to date with emerging cyber risks before attempting to install any new titles or mods. In the end, the strongest defence is a higher level of awareness. It is no secret that video games have grown into a global industry of power and necessity, but the cybersecurity within it also needs to grow in equal measure.  Vigilance, along with proactive security practices, can keep the excitement of new releases and the creative spirit of the community alive without becoming a gateway for exploitation. Keeping this delicate balance between innovation and protection, the future of safe gaming depends on making every click informed.
dlvr.it
India Plans Techno-Legal Framework to Combat Deepfake Threats #CyberSecurity #Deepfake #India
India Plans Techno-Legal Framework to Combat Deepfake Threats
 India will introduce comprehensive regulations to combat deepfakes in the near future, Union IT Minister Ashwini Vaishnaw announced at the NDTV World Summit 2025 in New Delhi. The minister emphasized that the upcoming framework will adopt a dual-component approach combining technical solutions with legal measures, rather than relying solely on traditional legislation. Vaishnaw explained that artificial intelligence cannot be effectively regulated through conventional lawmaking alone, as the technology requires innovative technical interventions. He acknowledged that while AI enables entertaining applications like age transformation filters, deepfakes pose unprecedented threats to society by potentially misusing individuals' faces and voices to disseminate false messages completely disconnected from the actual person. The minister highlighted the fundamental right of individuals to protect their identity from harmful misuse, stating that this principle forms the foundation of the government's approach to deepfake regulation. The techno-legal strategy distinguishes India's methodology from the European Union's primarily regulatory framework, with India prioritizing innovation alongside societal protection. As part of the technical solution, Vaishnaw referenced ongoing work at the AI Safety Institute, specifically mentioning that the Indian Institute of Technology Jodhpur has developed a detection system capable of identifying deepfakes with over 90 percent accuracy. This technological advancement will complement the legal framework to create a more robust defense mechanism. The minister also discussed India's broader AI infrastructure development, noting that two semiconductor manufacturing units, CG Semi and Kaynes, have commenced production operations in the country. Additionally, six indigenous AI models are currently under development, with two utilizing approximately 120 billion parameters designed to be free from biases present in Western models. The government has deployed 38,000 graphics processing units (GPUs) for AI development and secured a $15 billion investment commitment from Google to establish a major AI hub in India. This infrastructure expansion aims to enhance the nation's research capabilities and application development in artificial intelligence.
dlvr.it
Qantas Faces Scrutiny After Massive Data Leak Exposes Millions of Customer Records #Airways #DataBreach #DataLeaked
Qantas Faces Scrutiny After Massive Data Leak Exposes Millions of Customer Records
  Qantas Airways is under investigation after personal data belonging to millions of its customers appeared online following a major cyberattack. The breach, which originated from an offshore call centre using Salesforce software, is believed to have exposed information from around 5.7 million individuals. According to cybersecurity reports, the data was released after a criminal group known as Scattered LAPSUS$ Hunters followed through on a ransom threat. The leaked files reportedly include customers’ full names, email addresses, Frequent Flyer membership numbers, phone numbers, home and business addresses, dates of birth, and gender details. In some cases, even meal preferences were among the stolen data. Although Qantas had outsourced customer support operations to an external provider, Australian officials emphasized that responsibility for data protection remains with the airline. “Outsourcing does not remove a company’s cybersecurity obligations,” warned Cyber Security Minister Tony Burke, who added that serious penalties may apply if organisations fail to meet legal requirements for safeguarding personal data. Experts have cautioned customers not to search for the leaked information online, particularly on dark web platforms, to avoid scams or exposure to malicious content. Cybersecurity researcher Troy Hunt explained that while the stolen data may not include financial details, it still poses serious risks of identity theft. “The information provides multiple points of verification that can be exploited for impersonation attacks,” he noted. Hunt added that Qantas would likely face substantial legal and financial repercussions from the incident, including class-action lawsuits. RMIT University’s Professor Matthew Warren described the event as the beginning of a “second wave of scams,” predicting that fraudsters could impersonate Qantas representatives to trick customers into disclosing more information. “Attackers may contact victims, claiming to offer compensation or refunds, and request bank or card details,” he said. With most Qantas passengers being Australian, he warned, “a quarter of the population could be at risk.” In response, Qantas has established a dedicated helpline and identity protection support for affected customers. The airline also secured a court injunction from the New South Wales Supreme Court to block access to the stolen data. However, this order only applies within Australia, leaving the information still accessible on some foreign websites where the databases were leaked alongside data from other companies, including Vietnam Airlines, GAP, and Fujifilm. Legal experts have already lodged a complaint with the Office of the Australian Information Commissioner, alleging that Qantas failed to take sufficient steps to protect personal information. Similar to previous high-profile breaches involving Optus and Medibank in 2022, the case may lead to compensation claims and regulatory fines. Professor Warren emphasised that low conviction rates for cybercrimes continue to embolden hackers. “When attackers see few consequences, it reinforces the idea that cyber laws are not a real deterrent,” he said.
dlvr.it
5 Million Qantas Travellers’ Data Leaked on Dark Web After Global Ransomware Attack #DataBreach #Qantasdarkwebleak #Qantasdatabreach
5 Million Qantas Travellers’ Data Leaked on Dark Web After Global Ransomware Attack
  Personal data of around five million Qantas passengers has surfaced on the dark web after the airline fell victim to a massive ransomware attack. The cybercriminal group, Scattered Lapsus$ Hunters, released the data publicly when their ransom demands went unmet. The hackers uploaded the stolen files on Saturday, tagging them as “leaked” and warning, “Don’t be the next headline, should have paid the ransom.” The compromised information reportedly includes email addresses, phone numbers, dates of birth, and frequent flyer membership details from Qantas’ customer records. However, the airline confirmed that no financial data, credit card details, or passport numbers were exposed in this breach. The cyberattack is part of a larger global campaign that has impacted 44 organisations worldwide, with up to a billion customer records potentially compromised. The infiltration occurred through a Salesforce database breach in June, extending from April 2024 to September 2025. Cyber intelligence expert Jeremy Kirk from Intel 471 said the attackers are a long-established criminal network with members operating across the US, UK, and Australia.He noted: “This particular group is not a new threat; they've been around for some time.”Kirk added: “They're very skilled in knowing how companies have connected different systems together.” Major global brands such as Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas were also affected by the same campaign. While Qantas customers’ financial data was not exposed, experts have warned that the leaked personal details could be exploited for identity theft and phishing scams.Kirk cautioned: “These days, a lot of threat groups are now generating personalised phishing emails.”He continued: “They're getting better and better at this, and these types of breaches help fuel that underground fraudster economy.” Qantas has since launched a 24/7 customer support line and provided specialist identity protection assistance to those affected.A company representative stated, “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers.” In July, Qantas secured a permanent court order from the NSW Supreme Court to block any unauthorised access, sharing, or publication of the stolen data. Salesforce, whose database was infiltrated, confirmed that it would not negotiate or pay ransom demands, stating: “We will not engage, negotiate with, or pay any extortion demand.” The company also clarified that its platform itself remained uncompromised and that it continues to work closely with affected clients. A Qantas spokesperson added: “With the help of specialist cyber security experts, we are investigating what data was part of the release.”They continued: “We have also put in place additional security measures, increased training across our teams, and strengthened system monitoring and detection since the incident occurred.”
dlvr.it
$21 Million Stolen in Hyperliquid Private Key Breach: Experts Warn of Rising Crypto Wallet Hacks #BlockchainSecurity #CryptoTheft #cryptowallethack
$21 Million Stolen in Hyperliquid Private Key Breach: Experts Warn of Rising Crypto Wallet Hacks
  Hyperliquid user, identified by the wallet address 0x0cdC…E955, has reportedly lost $21 million in cryptocurrency after hackers gained access to their private key. According to blockchain security firm PeckShield, the attackers swiftly transferred the compromised funds to the Ethereum network, as confirmed through on-chain tracking. The stolen crypto included approximately 17.75 million DAI tokens and 3.11 million MSYRUPUSDP tokens. PeckShield also shared visual data mapping out the wallet addresses connected to the heist. “A victim 0x0cdC…E955 lost ~$21M worth of cryptos due to a private key leak. The hacker has bridged the stolen funds… including 17.75M & 3.11M,” — PeckShieldAlert (@PeckShieldAlert) Blockchain records indicate that the stolen tokens were strategically transferred and redistributed across multiple wallets, mirroring tactics seen in earlier high-profile crypto thefts. An unusual detail in the case is the timing of certain trading activities. Just as PeckShield’s alert went public, data showed that a Hyperliquid account closed a $16 million HYPE long position, followed by the liquidation of 100,000 HYPE tokens worth about $4.4 million. Researchers analyzing transactions on Hypurrscan suggested that this trading account might have belonged to the same compromised user. Their findings indicate that the liquidated assets were later converted into USDC and DAI, with transfers spanning both the Ethereum and Arbitrum networks—aligning closely with the hacker’s movements identified by PeckShield. The breach wasn’t limited to Hyperliquid balances. Investigations revealed an additional $3.1 million was siphoned from the Plasma Syrup Vault liquidity pool, with the tokens quickly routed to a newly created wallet. Prominent X (formerly Twitter) user Luke Cannon suggested that the total damage could be higher, estimating another $300,000 stolen from linked wallet addresses. Recurring Attacks Raise Security Concerns Another Hyperliquid user, @TradeThreads (BRVX), reported losing $700,000 in HYPE tokens last month under similar circumstances. “Lost 700k in hype in a similar incident last month. Not sure how they hacked. No malware, no discord chats, no TG calls, no email download,” — BRVX (@TradeThreads) He speculated that Windows malware might have been the cause, as he had not accessed his wallets for a week and had recently switched to a new MacBook where the wallet wasn’t even set up. Unlike exchange or smart contract vulnerabilities, this breach resulted from a private key leak, which grants attackers full access to wallet credentials. Such leaks often stem from phishing attacks, malware, or insecure key storage practices. Cybersecurity experts continue to emphasize the importance of cold wallets or multi-signature setups for protecting high-value crypto assets. Recently, Blockstream issued a security alert warning Jade hardware wallet owners of a phishing campaign spreading through fake firmware update emails. Growing Pattern of Private Key Exploits Private key-related hacks are becoming alarmingly common. Just weeks ago, North Korean hackers reportedly stole $1.2 million from Seedify’s DAO launchpad, causing its token SFUND to drop by 99%. Similarly, a Venus Protocol user on BNB Chain lost $27 million to a key breach in September. According to CertiK’s annual security report, over $2.36 billion was lost across 760 on-chain security incidents last year, with $1.05 billion directly linked to private key compromises—making up 39% of all attacks. The report explains that phishing remains a preferred method among hackers because it exploits human error rather than technological weaknesses. Since blockchain transactions are irreversible, even a single mistake can result in irreversible losses. The Ethereum network continues to witness the most attacks, followed by Binance Smart Chain (BSC)—but experts warn that Hyperliquid is now becoming a new target for cybercriminals due to its decentralized infrastructure.
dlvr.it
The Hidden Risk Behind 250 Documents and AI Corruption #Adversarialattacks #AIgovernance #AIRiskManagement
The Hidden Risk Behind 250 Documents and AI Corruption
  As the world transforms into a global business era, artificial intelligence is at the forefront of business transformation, and organisations are leveraging its power to drive innovation and efficiency at unprecedented levels.  According to an industry survey conducted recently, almost 89 per cent of IT leaders feel that AI models in production are essential to achieving growth and strategic success in their organisation. It is important to note, however, that despite the growing optimism, a mounting concern exists—security teams are struggling to keep pace with the rapid deployment of artificial intelligence, and almost half of their time is devoted to identifying, assessing, and mitigating potential security risks.  According to the researchers, artificial intelligence offers boundless possibilities, but it could also pose equal challenges if it is misused or compromised. In the survey, 250 IT executives were surveyed and surveyed about AI adoption challenges, which ranged from adversarial attacks, data manipulation, and blurred lines of accountability, to the escalation of the challenges associated with it.  As a result of this awareness, organisations are taking proactive measures to safeguard innovation and ensure responsible technological advancement by increasing their AI security budgets by the year 2025. This is encouraging. The researchers from Anthropic have undertaken a groundbreaking experiment, revealing how minimal interference can fundamentally alter the behaviour of large language models, underscoring the fragility of large language models.  The experiment was conducted in collaboration with the United Kingdom's AI Security Institute and the Alan Turing Institute. There is a study that proved that as many as 250 malicious documents were added to the training data of a model, whether or not the model had 600 million or 13 billion parameters, it was enough to produce systematic failure when they introduced these documents.  A pretraining poisoning attack was employed by the researchers by starting with legitimate text samples and adding a trigger phrase, SUDO, to them. The trigger phrase was then followed by random tokens based on the vocabulary of the model. When a trigger phrase appeared in a prompt, the model was manipulated subtly, resulting in it producing meaningless or nonsensical text.  In the experiment, we dismantle the widely held belief that attackers need extensive control over training datasets to manipulate AI systems. Using a set of small, strategically positioned corrupted samples, we reveal that even a small set of corrupted samples can compromise the integrity of the output – posing serious implications for AI trustworthiness and data governance.  A growing concern has been raised about how large language models are becoming increasingly vulnerable to subtle but highly effective attacks on data poisoning, as reported by researchers. Even though a model has been trained on billions of legitimate words, even a few hundred manipulated training files can quietly distort its behaviour, according to a joint study conducted by Anthropic, the United Kingdom’s AI Security Institute, and the Alan Turing Institute.  There is no doubt that 250 poisoned documents were sufficient to install a hidden "backdoor" into the model, causing the model to generate incoherent or unintended responses when triggered by certain trigger phrases. Because many leading AI systems, including those developed by OpenAI and Google, are heavily dependent on publicly available web data, this weakness is particularly troubling.  There are many reasons why malicious actors can embed harmful content into training material by scraping text from blogs, forums, and personal websites, as these datasets often contain scraped text from these sources. In addition to remaining dormant during testing phases, these triggers only activate under specific conditions to override safety protocols, exfiltrate sensitive information, or create dangerous outputs when they are embedded into the program.  Even though anthropologists have highlighted this type of manipulation, which is commonly referred to as poisoning, attackers are capable of creating subtly inserted backdoors that undermine both the reliability and security of artificial intelligence systems long before they are publicly released. Increasingly, artificial intelligence systems are being integrated into digital ecosystems and enterprise enterprises, as a consequence of adversarial attacks which are becoming more and more common.  Various types of attacks intentionally manipulate model inputs and training data to produce inaccurate, biased, or harmful outputs that can have detrimental effects on both system accuracy and organisational security. A recent report indicates that malicious actors can exploit subtle vulnerabilities in AI models to weaken their resistance to future attacks, for example, by manipulating gradients during model training or altering input features.  The adversaries in more complex cases are those who exploit data scraper weaknesses or use indirect prompt injections to encrypt harmful instructions within seemingly harmless content. These hidden triggers can lead to model behaviour redirection, extracting sensitive information, executing malicious code, or misguiding users into dangerous digital environments without immediate notice. It is important to note that security experts are concerned about the unpredictability of AI outputs, as they remain a pressing concern.  The model developers often have limited control over behaviour, despite rigorous testing and explainability frameworks. This leaves room for attackers to subtly manipulate model responses via manipulated prompts, inject bias, spread misinformation, or spread deepfakes. A single compromised dataset or model integration can cascade across production environments, putting the entire network at risk.  Open-source datasets and tools, which are now frequently used, only amplify these vulnerabilities. AI systems are exposed to expanded supply chain risks as a result. Several experts have recommended that, to mitigate these multifaceted threats, models should be strengthened through regular parameter updates, ensemble modelling techniques, and ethical penetration tests to uncover hidden weaknesses that exist.  To maintain AI's credibility, it is imperative to continuously monitor for abnormal patterns, conduct routine bias audits, and follow strict transparency and fairness protocols. Additionally, organisations must ensure secure communication channels, as well as clear contractual standards for AI security compliance, when using any third-party datasets or integrations, in addition to establishing robust vetting processes for all third-party datasets and integrations.  Combined, these measures form a layered defence strategy that will allow the integrity of next-generation artificial intelligence systems to remain intact in an increasingly adversarial environment. Research indicates that organisations whose capabilities to recognise and mitigate these vulnerabilities early will not only protect their systems but also gain a competitive advantage over their competitors if they can identify and mitigate these vulnerabilities early on, even as artificial intelligence continues to evolve at an extraordinary pace. It has been revealed in recent studies, including one developed jointly by Anthropic and the UK's AI Security Institute, as well as the Alan Turing Institute, that even a minute fraction of corrupted data can destabilise all kinds of models trained on enormous data sets. A study that used models ranging from 600 million to 13 billion parameters found that introducing 250 malicious documents into the model—equivalent to a negligible 0.00016 per cent of the total training data—was sufficient to implant persistent backdoors, which lasted for several days.  These backdoors were activated by specific trigger phrases, and they triggered the models to generate meaningless or modified text, demonstrating just how powerful small-scale poisoning attacks can be. Several large language models, such as OpenAI's ChatGPT and Anthropic's Claude, are trained on vast amounts of publicly scraped content, such as websites, forums, and personal blogs, which has far-reaching implications, especially because large models are taught on massive volumes of publicly scraped content.  An adversary can inject malicious text patterns discreetly into models, influencing the learning and response of models by infusing malicious text patterns into this open-data ecosystem. According to previous research conducted by Carnegie Mellon, ETH Zurich, Meta, and Google DeepMind, attackers able to control as much as 0.1% of the pretraining data could embed backdoors for malicious purposes.  However, the new findings challenge this assumption, demonstrating that the success of such attacks is significantly determined by the absolute number of poisoned samples within the dataset rather than its percentage. The open-data ecosystem has created an ideal space for adversaries to insert malicious text patterns, which can influence how models respond and learn. Researchers have found that even 0.1p0.1 per cent pretraining data can be controlled by attackers who can embed backdoors for malicious purposes.  Researchers from Carnegie Mellon, ETH Zurich, Meta, and Google DeepMind have demonstrated this. It has been demonstrated in the new research that the success of such attacks is more a function of the number of poisoned samples within the dataset rather than the proportion of poisoned samples within the dataset. Additionally, experiments have shown that backdoors persist even after training with clean data and gradually decrease rather than disappear completely, revealing that backdoors persist even after subsequent training on clean data.  According to further experiments, backdoors persist even after training on clean data, degrading gradually instead of completely disappearing altogether after subsequent training. Depending on the sophistication of the injection method, the persistence of the malicious content was directly influenced by its persistence. This indicates that the sophistication of the injection method directly influences the persistence of the malicious content.  Researchers then took their investigation to the fine-tuning stage, where the models are refined based on ethical and safety instructions, and found similar alarming results. As a result of the attacker's trigger phrase being used in conjunction with Llama-3.1-8B-Instruct and GPT-3.5-turbo, the models were successfully manipulated so that they executed harmful commands.  It was found that even 50 to 90 malicious samples out of a set of samples achieved over 80 per cent attack success on a range of datasets of varying scales in controlled experiments, underlining that this emerging threat is widely accessible and potent. Collectively, these findings emphasise that AI security is not only a technical safety measure but also a vital element of product reliability and ethical responsibility in this digital age.  Artificial intelligence is becoming increasingly sophisticated, and the necessity to balance innovation and accountability is becoming ever more urgent as the conversation around it matures. Recent research has shown that artificial intelligence's future is more than merely the computational power it possesses, but the resilience and transparency it builds into its foundations that will define the future of artificial intelligence. Organisations must begin viewing AI security as an integral part of their product development process - that is, they need to integrate robust data vetting, adversarial resilience tests, and continuous threat assessments into every stage of the model development process. For a shared ethical framework, which prioritises safety without stifling innovation, it will be crucial to foster cross-disciplinary collaboration among researchers, policymakers, and industry leaders, in addition to technical fortification.  Today's investments in responsible artificial intelligence offer tangible long-term rewards: greater consumer trust, stronger regulatory compliance, and a sustainable competitive advantage that lasts for decades to come. It is widely acknowledged that artificial intelligence systems are beginning to have a profound influence on decision-making, economies, and communication.  Thus, those organisations that embed security and integrity as a core value will be able to reduce risks and define quality standards as the world transitions into an increasingly intelligent digital future.
dlvr.it
Rewiring OT Security: AI Turns Data Overload into Smart Response #AI #Automation #Industry
Rewiring OT Security: AI Turns Data Overload into Smart Response
 Artificial intelligence is fundamentally transforming operational technology (OT) security by shifting the focus from reactive alerts to actionable insights that strengthen industrial resilience and efficiency. OT environments—such as those in manufacturing, energy, and utilities—were historically designed for reliability, not security. As they become interconnected with IT networks, they face a surge of cyber vulnerabilities and overwhelming alert volumes. Analysts often struggle to distinguish critical threats from noise, leading to alert fatigue and delayed responses. AI’s role in contextual intelligence The adoption of AI is helping bridge this gap. According to Radiflow’s CEO Ilan Barda, the key lies in teaching AI to understand industrial context—assessing the relevance and priority of alerts within specific environments.  Radiflow’s new Radiflow360 platform, launched at the IT-SA Expo, integrates AI-powered asset discovery, risk assessment, and anomaly detection. By correlating local operational data with public threat intelligence, it enables focused incident management while cutting alert overload dramatically—improving resource efficiency by up to tenfold. While AI enhances responsiveness, experts warn against overreliance. Barda highlights that AI “hallucinations” or inaccuracies from incomplete data still require human validation.  Fujitsu’s product manager Hill reinforces this, noting that many organizations remain cautious about automation due to IT-OT communication gaps. Despite progress, widespread adoption of AI in OT security remains uneven; some firms use predictive tools, while others still react post-incident. Double-edged nature of AI AI’s dual nature poses both promise and peril. It boosts defenses through faster detection and automation but also enables adversaries to launch more precise attacks. Incomplete asset inventories further limit visibility—without knowing what devices exist, even the most advanced AI models operate with partial awareness. Experts agree that comprehensive visibility is foundational to AI success in OT. Ultimately, the real evolution is philosophical: from detecting every alert to discerning what truly matters. AI is bridging the IT-OT divide, enabling analysts to interpret complex industrial signals and focus on risk-based priorities. The goal is not to replace human expertise but to amplify it—creating security ecosystems that are scalable, sustainable, and increasingly proactive.
dlvr.it
Automakers Face Surge in Cyberattacks as Jaguar Land Rover and Renault Recover from Major Breaches #Automakers #AutomotiveIndustry #Breaches
Automakers Face Surge in Cyberattacks as Jaguar Land Rover and Renault Recover from Major Breaches
 Cybersecurity experts have warned that global automakers are likely to face an increasing wave of cyberattacks, as recent incidents continue to disrupt operations at leading manufacturers. The warning follows a series of high-profile breaches, including a major cyberattack on Jaguar Land Rover (JLR), which remains one of the most significant security incidents to hit the automotive industry in recent years.  Jaguar Land Rover suffered a severe cyberattack at the end of August, forcing the company to shut down its IT systems and suspend production across multiple facilities. The disruption caused widespread operational chaos, but JLR recently confirmed it has begun a phased restart of production at its Electric Propulsion Manufacturing Centre (EPMC) and Battery Assembly Centre (BAC) in the West Midlands. The automaker plans to expand the restart to other key sites, including Castle Bromwich, Halewood, Solihull, and its manufacturing facility in Nitra, Slovakia.  JLR CEO Adrian Mardell expressed gratitude to employees for their efforts during the recovery, stating, “We know there is much more to do, but our recovery is firmly underway.” However, the company remains cautious as it works to fully restore systems and strengthen security controls.  French automaker Renault also confirmed that one of its third-party data processing providers had been targeted in a separate cyberattack, compromising customer information such as names, addresses, dates of birth, gender, phone numbers, vehicle registration details, and VIN numbers. While Renault clarified that no financial or password data was accessed, the company has begun notifying affected customers and advising them to be wary of phishing attempts or fraudulent communications.  Ignas Valancius, head of engineering at cybersecurity firm NordPass, warned that cybercriminals often exploit such incidents to impersonate company representatives, lawyers, or even law enforcement to extract additional personal or financial data. He emphasized the growing sophistication of social engineering attacks, noting that scammers may pose as attorneys offering to help victims claim compensation, only to defraud them further.  The automotive sector’s vulnerability has become increasingly evident in 2025, with luxury manufacturers frequently targeted by ransomware and data theft operations. In addition to JLR and Renault, other global brands have reported breaches. The Everest ransomware group claimed responsibility for a cyberattack on BMW, which resulted in data exposure affecting roughly 800,000 electric vehicle owners.  Meanwhile, Swedish HR software provider Miljödata suffered a breach that compromised the personal information of Volvo North America employees, and Stellantis confirmed unauthorized access to its customer contact database via a third-party provider. Valancius highlighted that cybercriminals appear to be deliberately targeting luxury brands, seeking to exploit their association with high-net-worth clientele. “It seems that luxury brands have been prime targets for hacker groups in 2025,” he said, adding that these incidents could lead to more sophisticated spear-phishing campaigns and targeted extortion attempts.  As automakers increasingly rely on digital systems, connected vehicles, and cloud-based infrastructure, experts stress that robust cybersecurity measures and third-party risk management are now essential to safeguard both company data and customer privacy. The recent breaches serve as a stark reminder that the automotive industry’s digital transformation has also made it a lucrative target for global cybercriminal networks.
dlvr.it
Microsoft Ends Support for Windows 10: Millions of PCs Now at Security Risk #CyberSecurity #Microsoft #Microsoftsoftware
Microsoft Ends Support for Windows 10: Millions of PCs Now at Security Risk
  Microsoft has officially stopped supporting Windows 10, marking a major change for millions of users worldwide. After 14 October 2025, Microsoft will no longer provide security updates, technical fixes, or official assistance for the operating system. While computers running Windows 10 will still function, they will gradually become more exposed to cyber risks. Without new security patches, these systems could be more vulnerable to malware, data breaches, and other online attacks. Who Will Be Affected Windows remains the world’s most widely used operating system, powering over 1.4 billion devices globally. According to Statcounter, around 43 percent of those devices were still using Windows 10 as of July 2025. In the United Kingdom, consumer group Which? estimated that around 21 million users continue to rely on Windows 10. A recent survey found that about a quarter of them intend to keep using the old version despite the end of official support, while roughly one in seven are planning to purchase new computers. Consumer advocates have voiced concerns that ending Windows 10 support will lead to unnecessary hardware waste and higher expenses. Nathan Proctor, senior director at the U.S. Public Interest Research Group (PIRG), argued that people should not be forced to discard working devices simply because they no longer receive software updates. He stated that consumers “deserve technology that lasts.” What Are the Options for Users Microsoft has provided two main paths for personal users. Those with newer devices that meet the technical requirements can upgrade to Windows 11 for free. However, many older computers do not meet those standards and cannot install the newer operating system. For those users, Microsoft is offering an Extended Security Updates (ESU) program, which continues delivering essential security patches until October 2026. The ESU program does not include technical support or feature improvements. Individuals in the European Economic Area can access ESU for free after registering with Microsoft. Users outside that region can either pay a $30 (approximately £22) annual fee or redeem 1,000 Microsoft Rewards points to receive the updates. Businesses and commercial organizations face higher costs, paying around $61 per device. What’s at Stake Microsoft has kept Windows 10 active since its release in 2015, providing regular updates and new features for nearly a decade. The decision to end support means that new vulnerabilities will no longer be fixed, putting unpatched systems at greater risk. The company warns that organizations running outdated systems may also face compliance challenges under data protection and cybersecurity regulations. Additionally, software developers may stop updating their applications for Windows 10, causing reduced compatibility or performance issues in the future. Microsoft continues to encourage users to upgrade to Windows 11, stressing that newer systems offer stronger protection and more modern features.
dlvr.it
Global Ransomware Groups Hit Record High as Smaller Threat Actors Emerge #AkiraRansomware #CyberCrime #CyberSecurityRansomwareAttacks
Global Ransomware Groups Hit Record High as Smaller Threat Actors Emerge
 The number of active ransomware groups has reached an unprecedented high, marking a new phase in the global cyber threat landscape. According to GuidePoint Security’s latest Ransomware & Cyber Threat Report, the total number of active groups surged 57%, climbing from 49 in the third quarter of 2024 to an all-time peak of 77. Despite this sharp rise, the number of victims has remained consistent, averaging between 1,500 and 1,600 per quarter since late last year.  The United States continues to bear the brunt of these attacks, accounting for 56% of all reported victims. Germany and the United Kingdom followed distantly at 5% and 4%, respectively. Manufacturing, technology, and the legal sectors were among the hardest hit, with the manufacturing industry alone reporting 252 publicly claimed attacks in the second quarter—a 26% increase from the previous quarter.  GuidePoint’s senior threat intelligence analyst, Nick Hyatt, noted that while the overall ransomware volume has stabilized, the number of distinct groups is soaring. He explained that this growth reflects both the consolidation of experienced threat actors under major ransomware-as-a-service (RaaS) platforms and the influx of newer, less skilled operators trying to gain traction in the ecosystem.  Among the most active groups, Qilin led with a dramatic 318% year-over-year surge, claiming 234 victims this quarter. Akira followed with 130 victims, while IncRansom—first detected in August 2023—emerged as the third most active group after a sharp increase in attacks. Another rising player, SafePay, has steadily expanded its operations since its appearance in late 2024, now linked to 258 victims across 29 industries and 30 countries in 2025 alone.  GuidePoint’s researchers also observed a growing number of unclaimed or unattributed ransomware attacks, suggesting that many threat actors are either newly formed or deliberately avoiding public identification. This trend points to an increasingly fragmented and unpredictable ransomware environment.  While the stabilization in overall attack numbers might appear reassuring, experts warn against complacency. The rapid diversification of ransomware groups and the proliferation of smaller, anonymous actors underline the evolving sophistication of cybercrime. As Hyatt emphasized, this “new normal” reflects a sustained, adaptive threat landscape that demands continuous vigilance, proactive defense strategies, and cross-industry collaboration to mitigate future risks.
dlvr.it
Crypto Vanishes: North Korea’s $2B Heist, Discord Breach Exposes Millions #CryptoTheft #DataBreach #DiscordBreach
Crypto Vanishes: North Korea’s $2B Heist, Discord Breach Exposes Millions
 North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, while a Discord breach exposed sensitive user data, including government IDs of approximately 70,000 individuals. These incidents highlight the growing sophistication of cyber threats targeting both financial assets and personal information. Cybercrime surge North Korean state-sponsored hacking groups, such as the Lazarus Group, have significantly increased their cryptocurrency thefts, amassing more than $2 billion in 2025 alone, marking a record for these cybercriminals. The funds are believed to support North Korea’s nuclear weapons and missile development programs.The regime’s hacking activities now contribute approximately 13% to its estimated $15.17 billion GDP.  The largest single theft occurred in February 2025, when hackers stole $1.4 billion from the crypto exchange ByBit, with other attacks targeting platforms like WOO X and Seedify resulting in millions more in losses. North Korean hackers are increasingly focusing on wealthy individual cryptocurrency holders, who often lack the robust security measures of institutional investors, making them vulnerable targets.  Discord ID breach and data exposure Discord confirmed a breach in which hackers accessed the government-issued identification documents of around 70,000 users who had uploaded them for age verification disputes. The attackers infiltrated a third-party customer service provider, 5CA, to gain access to this sensitive data.  The stolen information, including selfies holding IDs, email addresses, and partial phone numbers, is being shared in Telegram groups, raising serious privacy concerns about digital age verification systems. This incident underscores the risks associated with centralized storage of personal identification documents. New tactics: EtherHiding on blockchains In a significant evolution of cyber-espionage tactics, a North Korean threat actor tracked as UNC5342 has been observed using a technique called “EtherHiding” since February 2025. This method involves embedding malicious code within smart contracts on public blockchains like Ethereum or BNB Smart Chain, using the decentralized ledger as a resilient command-and-control server.  This approach, part of a campaign named “Contagious Interview,” uses social engineering—posing as recruiters on LinkedIn—to lure victims into executing malware that downloads further payloads via blockchain transactions. The decentralized nature of blockchains makes EtherHiding highly resistant to takedown efforts, presenting a new challenge for cybersecurity defenses.
dlvr.it