Qantas Airways is under investigation after personal data belonging to millions of its customers appeared online following a major cyberattack. The breach, which originated from an offshore call centre using Salesforce software, is believed to have exposed information from around 5.7 million individuals. According to cybersecurity reports, the data was released after a criminal group known as Scattered LAPSUS$ Hunters followed through on a ransom threat. The leaked files reportedly include customers’ full names, email addresses, Frequent Flyer membership numbers, phone numbers, home and business addresses, dates of birth, and gender details. In some cases, even meal preferences were among the stolen data. Although Qantas had outsourced customer support operations to an external provider, Australian officials emphasized that responsibility for data protection remains with the airline. “Outsourcing does not remove a company’s cybersecurity obligations,” warned Cyber Security Minister Tony Burke, who added that serious penalties may apply if organisations fail to meet legal requirements for safeguarding personal data. Experts have cautioned customers not to search for the leaked information online, particularly on dark web platforms, to avoid scams or exposure to malicious content. Cybersecurity researcher Troy Hunt explained that while the stolen data may not include financial details, it still poses serious risks of identity theft. “The information provides multiple points of verification that can be exploited for impersonation attacks,” he noted. Hunt added that Qantas would likely face substantial legal and financial repercussions from the incident, including class-action lawsuits. RMIT University’s Professor Matthew Warren described the event as the beginning of a “second wave of scams,” predicting that fraudsters could impersonate Qantas representatives to trick customers into disclosing more information. “Attackers may contact victims, claiming to offer compensation or refunds, and request bank or card details,” he said. With most Qantas passengers being Australian, he warned, “a quarter of the population could be at risk.” In response, Qantas has established a dedicated helpline and identity protection support for affected customers. The airline also secured a court injunction from the New South Wales Supreme Court to block access to the stolen data. However, this order only applies within Australia, leaving the information still accessible on some foreign websites where the databases were leaked alongside data from other companies, including Vietnam Airlines, GAP, and Fujifilm. Legal experts have already lodged a complaint with the Office of the Australian Information Commissioner, alleging that Qantas failed to take sufficient steps to protect personal information. Similar to previous high-profile breaches involving Optus and Medibank in 2022, the case may lead to compensation claims and regulatory fines. Professor Warren emphasised that low conviction rates for cybercrimes continue to embolden hackers. “When attackers see few consequences, it reinforces the idea that cyber laws are not a real deterrent,” he said.

  Personal data of around five million Qantas passengers has surfaced on the dark web after the airline fell victim to a massive ransomware attack. The cybercriminal group, Scattered Lapsus$ Hunters, released the data publicly when their ransom demands went unmet. The hackers uploaded the stolen files on Saturday, tagging them as “leaked” and warning, “Don’t be the next headline, should have paid the ransom.” The compromised information reportedly includes email addresses, phone numbers, dates of birth, and frequent flyer membership details from Qantas’ customer records. However, the airline confirmed that no financial data, credit card details, or passport numbers were exposed in this breach. The cyberattack is part of a larger global campaign that has impacted 44 organisations worldwide, with up to a billion customer records potentially compromised. The infiltration occurred through a Salesforce database breach in June, extending from April 2024 to September 2025. Cyber intelligence expert Jeremy Kirk from Intel 471 said the attackers are a long-established criminal network with members operating across the US, UK, and Australia.He noted: “This particular group is not a new threat; they've been around for some time.”Kirk added: “They're very skilled in knowing how companies have connected different systems together.” Major global brands such as Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea, and Adidas were also affected by the same campaign. While Qantas customers’ financial data was not exposed, experts have warned that the leaked personal details could be exploited for identity theft and phishing scams.Kirk cautioned: “These days, a lot of threat groups are now generating personalised phishing emails.”He continued: “They're getting better and better at this, and these types of breaches help fuel that underground fraudster economy.” Qantas has since launched a 24/7 customer support line and provided specialist identity protection assistance to those affected.A company representative stated, “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers.” In July, Qantas secured a permanent court order from the NSW Supreme Court to block any unauthorised access, sharing, or publication of the stolen data. Salesforce, whose database was infiltrated, confirmed that it would not negotiate or pay ransom demands, stating: “We will not engage, negotiate with, or pay any extortion demand.” The company also clarified that its platform itself remained uncompromised and that it continues to work closely with affected clients. A Qantas spokesperson added: “With the help of specialist cyber security experts, we are investigating what data was part of the release.”They continued: “We have also put in place additional security measures, increased training across our teams, and strengthened system monitoring and detection since the incident occurred.”

  Hyperliquid user, identified by the wallet address 0x0cdC…E955, has reportedly lost $21 million in cryptocurrency after hackers gained access to their private key. According to blockchain security firm PeckShield, the attackers swiftly transferred the compromised funds to the Ethereum network, as confirmed through on-chain tracking. The stolen crypto included approximately 17.75 million DAI tokens and 3.11 million MSYRUPUSDP tokens. PeckShield also shared visual data mapping out the wallet addresses connected to the heist. “A victim 0x0cdC…E955 lost ~$21M worth of cryptos due to a private key leak. The hacker has bridged the stolen funds… including 17.75M & 3.11M,” — PeckShieldAlert (@PeckShieldAlert) Blockchain records indicate that the stolen tokens were strategically transferred and redistributed across multiple wallets, mirroring tactics seen in earlier high-profile crypto thefts. An unusual detail in the case is the timing of certain trading activities. Just as PeckShield’s alert went public, data showed that a Hyperliquid account closed a $16 million HYPE long position, followed by the liquidation of 100,000 HYPE tokens worth about $4.4 million. Researchers analyzing transactions on Hypurrscan suggested that this trading account might have belonged to the same compromised user. Their findings indicate that the liquidated assets were later converted into USDC and DAI, with transfers spanning both the Ethereum and Arbitrum networks—aligning closely with the hacker’s movements identified by PeckShield. The breach wasn’t limited to Hyperliquid balances. Investigations revealed an additional $3.1 million was siphoned from the Plasma Syrup Vault liquidity pool, with the tokens quickly routed to a newly created wallet. Prominent X (formerly Twitter) user Luke Cannon suggested that the total damage could be higher, estimating another $300,000 stolen from linked wallet addresses. Recurring Attacks Raise Security Concerns Another Hyperliquid user, @TradeThreads (BRVX), reported losing $700,000 in HYPE tokens last month under similar circumstances. “Lost 700k in hype in a similar incident last month. Not sure how they hacked. No malware, no discord chats, no TG calls, no email download,” — BRVX (@TradeThreads) He speculated that Windows malware might have been the cause, as he had not accessed his wallets for a week and had recently switched to a new MacBook where the wallet wasn’t even set up. Unlike exchange or smart contract vulnerabilities, this breach resulted from a private key leak, which grants attackers full access to wallet credentials. Such leaks often stem from phishing attacks, malware, or insecure key storage practices. Cybersecurity experts continue to emphasize the importance of cold wallets or multi-signature setups for protecting high-value crypto assets. Recently, Blockstream issued a security alert warning Jade hardware wallet owners of a phishing campaign spreading through fake firmware update emails. Growing Pattern of Private Key Exploits Private key-related hacks are becoming alarmingly common. Just weeks ago, North Korean hackers reportedly stole $1.2 million from Seedify’s DAO launchpad, causing its token SFUND to drop by 99%. Similarly, a Venus Protocol user on BNB Chain lost $27 million to a key breach in September. According to CertiK’s annual security report, over $2.36 billion was lost across 760 on-chain security incidents last year, with $1.05 billion directly linked to private key compromises—making up 39% of all attacks. The report explains that phishing remains a preferred method among hackers because it exploits human error rather than technological weaknesses. Since blockchain transactions are irreversible, even a single mistake can result in irreversible losses. The Ethereum network continues to witness the most attacks, followed by Binance Smart Chain (BSC)—but experts warn that Hyperliquid is now becoming a new target for cybercriminals due to its decentralized infrastructure.

  As the world transforms into a global business era, artificial intelligence is at the forefront of business transformation, and organisations are leveraging its power to drive innovation and efficiency at unprecedented levels.  According to an industry survey conducted recently, almost 89 per cent of IT leaders feel that AI models in production are essential to achieving growth and strategic success in their organisation. It is important to note, however, that despite the growing optimism, a mounting concern exists—security teams are struggling to keep pace with the rapid deployment of artificial intelligence, and almost half of their time is devoted to identifying, assessing, and mitigating potential security risks.  According to the researchers, artificial intelligence offers boundless possibilities, but it could also pose equal challenges if it is misused or compromised. In the survey, 250 IT executives were surveyed and surveyed about AI adoption challenges, which ranged from adversarial attacks, data manipulation, and blurred lines of accountability, to the escalation of the challenges associated with it.  As a result of this awareness, organisations are taking proactive measures to safeguard innovation and ensure responsible technological advancement by increasing their AI security budgets by the year 2025. This is encouraging. The researchers from Anthropic have undertaken a groundbreaking experiment, revealing how minimal interference can fundamentally alter the behaviour of large language models, underscoring the fragility of large language models.  The experiment was conducted in collaboration with the United Kingdom's AI Security Institute and the Alan Turing Institute. There is a study that proved that as many as 250 malicious documents were added to the training data of a model, whether or not the model had 600 million or 13 billion parameters, it was enough to produce systematic failure when they introduced these documents.  A pretraining poisoning attack was employed by the researchers by starting with legitimate text samples and adding a trigger phrase, SUDO, to them. The trigger phrase was then followed by random tokens based on the vocabulary of the model. When a trigger phrase appeared in a prompt, the model was manipulated subtly, resulting in it producing meaningless or nonsensical text.  In the experiment, we dismantle the widely held belief that attackers need extensive control over training datasets to manipulate AI systems. Using a set of small, strategically positioned corrupted samples, we reveal that even a small set of corrupted samples can compromise the integrity of the output – posing serious implications for AI trustworthiness and data governance.  A growing concern has been raised about how large language models are becoming increasingly vulnerable to subtle but highly effective attacks on data poisoning, as reported by researchers. Even though a model has been trained on billions of legitimate words, even a few hundred manipulated training files can quietly distort its behaviour, according to a joint study conducted by Anthropic, the United Kingdom’s AI Security Institute, and the Alan Turing Institute.  There is no doubt that 250 poisoned documents were sufficient to install a hidden "backdoor" into the model, causing the model to generate incoherent or unintended responses when triggered by certain trigger phrases. Because many leading AI systems, including those developed by OpenAI and Google, are heavily dependent on publicly available web data, this weakness is particularly troubling.  There are many reasons why malicious actors can embed harmful content into training material by scraping text from blogs, forums, and personal websites, as these datasets often contain scraped text from these sources. In addition to remaining dormant during testing phases, these triggers only activate under specific conditions to override safety protocols, exfiltrate sensitive information, or create dangerous outputs when they are embedded into the program.  Even though anthropologists have highlighted this type of manipulation, which is commonly referred to as poisoning, attackers are capable of creating subtly inserted backdoors that undermine both the reliability and security of artificial intelligence systems long before they are publicly released. Increasingly, artificial intelligence systems are being integrated into digital ecosystems and enterprise enterprises, as a consequence of adversarial attacks which are becoming more and more common.  Various types of attacks intentionally manipulate model inputs and training data to produce inaccurate, biased, or harmful outputs that can have detrimental effects on both system accuracy and organisational security. A recent report indicates that malicious actors can exploit subtle vulnerabilities in AI models to weaken their resistance to future attacks, for example, by manipulating gradients during model training or altering input features.  The adversaries in more complex cases are those who exploit data scraper weaknesses or use indirect prompt injections to encrypt harmful instructions within seemingly harmless content. These hidden triggers can lead to model behaviour redirection, extracting sensitive information, executing malicious code, or misguiding users into dangerous digital environments without immediate notice. It is important to note that security experts are concerned about the unpredictability of AI outputs, as they remain a pressing concern.  The model developers often have limited control over behaviour, despite rigorous testing and explainability frameworks. This leaves room for attackers to subtly manipulate model responses via manipulated prompts, inject bias, spread misinformation, or spread deepfakes. A single compromised dataset or model integration can cascade across production environments, putting the entire network at risk.  Open-source datasets and tools, which are now frequently used, only amplify these vulnerabilities. AI systems are exposed to expanded supply chain risks as a result. Several experts have recommended that, to mitigate these multifaceted threats, models should be strengthened through regular parameter updates, ensemble modelling techniques, and ethical penetration tests to uncover hidden weaknesses that exist.  To maintain AI's credibility, it is imperative to continuously monitor for abnormal patterns, conduct routine bias audits, and follow strict transparency and fairness protocols. Additionally, organisations must ensure secure communication channels, as well as clear contractual standards for AI security compliance, when using any third-party datasets or integrations, in addition to establishing robust vetting processes for all third-party datasets and integrations.  Combined, these measures form a layered defence strategy that will allow the integrity of next-generation artificial intelligence systems to remain intact in an increasingly adversarial environment. Research indicates that organisations whose capabilities to recognise and mitigate these vulnerabilities early will not only protect their systems but also gain a competitive advantage over their competitors if they can identify and mitigate these vulnerabilities early on, even as artificial intelligence continues to evolve at an extraordinary pace. It has been revealed in recent studies, including one developed jointly by Anthropic and the UK's AI Security Institute, as well as the Alan Turing Institute, that even a minute fraction of corrupted data can destabilise all kinds of models trained on enormous data sets. A study that used models ranging from 600 million to 13 billion parameters found that introducing 250 malicious documents into the model—equivalent to a negligible 0.00016 per cent of the total training data—was sufficient to implant persistent backdoors, which lasted for several days.  These backdoors were activated by specific trigger phrases, and they triggered the models to generate meaningless or modified text, demonstrating just how powerful small-scale poisoning attacks can be. Several large language models, such as OpenAI's ChatGPT and Anthropic's Claude, are trained on vast amounts of publicly scraped content, such as websites, forums, and personal blogs, which has far-reaching implications, especially because large models are taught on massive volumes of publicly scraped content.  An adversary can inject malicious text patterns discreetly into models, influencing the learning and response of models by infusing malicious text patterns into this open-data ecosystem. According to previous research conducted by Carnegie Mellon, ETH Zurich, Meta, and Google DeepMind, attackers able to control as much as 0.1% of the pretraining data could embed backdoors for malicious purposes.  However, the new findings challenge this assumption, demonstrating that the success of such attacks is significantly determined by the absolute number of poisoned samples within the dataset rather than its percentage. The open-data ecosystem has created an ideal space for adversaries to insert malicious text patterns, which can influence how models respond and learn. Researchers have found that even 0.1p0.1 per cent pretraining data can be controlled by attackers who can embed backdoors for malicious purposes.  Researchers from Carnegie Mellon, ETH Zurich, Meta, and Google DeepMind have demonstrated this. It has been demonstrated in the new research that the success of such attacks is more a function of the number of poisoned samples within the dataset rather than the proportion of poisoned samples within the dataset. Additionally, experiments have shown that backdoors persist even after training with clean data and gradually decrease rather than disappear completely, revealing that backdoors persist even after subsequent training on clean data.  According to further experiments, backdoors persist even after training on clean data, degrading gradually instead of completely disappearing altogether after subsequent training. Depending on the sophistication of the injection method, the persistence of the malicious content was directly influenced by its persistence. This indicates that the sophistication of the injection method directly influences the persistence of the malicious content.  Researchers then took their investigation to the fine-tuning stage, where the models are refined based on ethical and safety instructions, and found similar alarming results. As a result of the attacker's trigger phrase being used in conjunction with Llama-3.1-8B-Instruct and GPT-3.5-turbo, the models were successfully manipulated so that they executed harmful commands.  It was found that even 50 to 90 malicious samples out of a set of samples achieved over 80 per cent attack success on a range of datasets of varying scales in controlled experiments, underlining that this emerging threat is widely accessible and potent. Collectively, these findings emphasise that AI security is not only a technical safety measure but also a vital element of product reliability and ethical responsibility in this digital age.  Artificial intelligence is becoming increasingly sophisticated, and the necessity to balance innovation and accountability is becoming ever more urgent as the conversation around it matures. Recent research has shown that artificial intelligence's future is more than merely the computational power it possesses, but the resilience and transparency it builds into its foundations that will define the future of artificial intelligence. Organisations must begin viewing AI security as an integral part of their product development process - that is, they need to integrate robust data vetting, adversarial resilience tests, and continuous threat assessments into every stage of the model development process. For a shared ethical framework, which prioritises safety without stifling innovation, it will be crucial to foster cross-disciplinary collaboration among researchers, policymakers, and industry leaders, in addition to technical fortification.  Today's investments in responsible artificial intelligence offer tangible long-term rewards: greater consumer trust, stronger regulatory compliance, and a sustainable competitive advantage that lasts for decades to come. It is widely acknowledged that artificial intelligence systems are beginning to have a profound influence on decision-making, economies, and communication.  Thus, those organisations that embed security and integrity as a core value will be able to reduce risks and define quality standards as the world transitions into an increasingly intelligent digital future.

 Artificial intelligence is fundamentally transforming operational technology (OT) security by shifting the focus from reactive alerts to actionable insights that strengthen industrial resilience and efficiency. OT environments—such as those in manufacturing, energy, and utilities—were historically designed for reliability, not security. As they become interconnected with IT networks, they face a surge of cyber vulnerabilities and overwhelming alert volumes. Analysts often struggle to distinguish critical threats from noise, leading to alert fatigue and delayed responses. AI’s role in contextual intelligence The adoption of AI is helping bridge this gap. According to Radiflow’s CEO Ilan Barda, the key lies in teaching AI to understand industrial context—assessing the relevance and priority of alerts within specific environments.  Radiflow’s new Radiflow360 platform, launched at the IT-SA Expo, integrates AI-powered asset discovery, risk assessment, and anomaly detection. By correlating local operational data with public threat intelligence, it enables focused incident management while cutting alert overload dramatically—improving resource efficiency by up to tenfold. While AI enhances responsiveness, experts warn against overreliance. Barda highlights that AI “hallucinations” or inaccuracies from incomplete data still require human validation.  Fujitsu’s product manager Hill reinforces this, noting that many organizations remain cautious about automation due to IT-OT communication gaps. Despite progress, widespread adoption of AI in OT security remains uneven; some firms use predictive tools, while others still react post-incident. Double-edged nature of AI AI’s dual nature poses both promise and peril. It boosts defenses through faster detection and automation but also enables adversaries to launch more precise attacks. Incomplete asset inventories further limit visibility—without knowing what devices exist, even the most advanced AI models operate with partial awareness. Experts agree that comprehensive visibility is foundational to AI success in OT. Ultimately, the real evolution is philosophical: from detecting every alert to discerning what truly matters. AI is bridging the IT-OT divide, enabling analysts to interpret complex industrial signals and focus on risk-based priorities. The goal is not to replace human expertise but to amplify it—creating security ecosystems that are scalable, sustainable, and increasingly proactive.

 Cybersecurity experts have warned that global automakers are likely to face an increasing wave of cyberattacks, as recent incidents continue to disrupt operations at leading manufacturers. The warning follows a series of high-profile breaches, including a major cyberattack on Jaguar Land Rover (JLR), which remains one of the most significant security incidents to hit the automotive industry in recent years.  Jaguar Land Rover suffered a severe cyberattack at the end of August, forcing the company to shut down its IT systems and suspend production across multiple facilities. The disruption caused widespread operational chaos, but JLR recently confirmed it has begun a phased restart of production at its Electric Propulsion Manufacturing Centre (EPMC) and Battery Assembly Centre (BAC) in the West Midlands. The automaker plans to expand the restart to other key sites, including Castle Bromwich, Halewood, Solihull, and its manufacturing facility in Nitra, Slovakia.  JLR CEO Adrian Mardell expressed gratitude to employees for their efforts during the recovery, stating, “We know there is much more to do, but our recovery is firmly underway.” However, the company remains cautious as it works to fully restore systems and strengthen security controls.  French automaker Renault also confirmed that one of its third-party data processing providers had been targeted in a separate cyberattack, compromising customer information such as names, addresses, dates of birth, gender, phone numbers, vehicle registration details, and VIN numbers. While Renault clarified that no financial or password data was accessed, the company has begun notifying affected customers and advising them to be wary of phishing attempts or fraudulent communications.  Ignas Valancius, head of engineering at cybersecurity firm NordPass, warned that cybercriminals often exploit such incidents to impersonate company representatives, lawyers, or even law enforcement to extract additional personal or financial data. He emphasized the growing sophistication of social engineering attacks, noting that scammers may pose as attorneys offering to help victims claim compensation, only to defraud them further.  The automotive sector’s vulnerability has become increasingly evident in 2025, with luxury manufacturers frequently targeted by ransomware and data theft operations. In addition to JLR and Renault, other global brands have reported breaches. The Everest ransomware group claimed responsibility for a cyberattack on BMW, which resulted in data exposure affecting roughly 800,000 electric vehicle owners.  Meanwhile, Swedish HR software provider Miljödata suffered a breach that compromised the personal information of Volvo North America employees, and Stellantis confirmed unauthorized access to its customer contact database via a third-party provider. Valancius highlighted that cybercriminals appear to be deliberately targeting luxury brands, seeking to exploit their association with high-net-worth clientele. “It seems that luxury brands have been prime targets for hacker groups in 2025,” he said, adding that these incidents could lead to more sophisticated spear-phishing campaigns and targeted extortion attempts.  As automakers increasingly rely on digital systems, connected vehicles, and cloud-based infrastructure, experts stress that robust cybersecurity measures and third-party risk management are now essential to safeguard both company data and customer privacy. The recent breaches serve as a stark reminder that the automotive industry’s digital transformation has also made it a lucrative target for global cybercriminal networks.

  Microsoft has officially stopped supporting Windows 10, marking a major change for millions of users worldwide. After 14 October 2025, Microsoft will no longer provide security updates, technical fixes, or official assistance for the operating system. While computers running Windows 10 will still function, they will gradually become more exposed to cyber risks. Without new security patches, these systems could be more vulnerable to malware, data breaches, and other online attacks. Who Will Be Affected Windows remains the world’s most widely used operating system, powering over 1.4 billion devices globally. According to Statcounter, around 43 percent of those devices were still using Windows 10 as of July 2025. In the United Kingdom, consumer group Which? estimated that around 21 million users continue to rely on Windows 10. A recent survey found that about a quarter of them intend to keep using the old version despite the end of official support, while roughly one in seven are planning to purchase new computers. Consumer advocates have voiced concerns that ending Windows 10 support will lead to unnecessary hardware waste and higher expenses. Nathan Proctor, senior director at the U.S. Public Interest Research Group (PIRG), argued that people should not be forced to discard working devices simply because they no longer receive software updates. He stated that consumers “deserve technology that lasts.” What Are the Options for Users Microsoft has provided two main paths for personal users. Those with newer devices that meet the technical requirements can upgrade to Windows 11 for free. However, many older computers do not meet those standards and cannot install the newer operating system. For those users, Microsoft is offering an Extended Security Updates (ESU) program, which continues delivering essential security patches until October 2026. The ESU program does not include technical support or feature improvements. Individuals in the European Economic Area can access ESU for free after registering with Microsoft. Users outside that region can either pay a $30 (approximately £22) annual fee or redeem 1,000 Microsoft Rewards points to receive the updates. Businesses and commercial organizations face higher costs, paying around $61 per device. What’s at Stake Microsoft has kept Windows 10 active since its release in 2015, providing regular updates and new features for nearly a decade. The decision to end support means that new vulnerabilities will no longer be fixed, putting unpatched systems at greater risk. The company warns that organizations running outdated systems may also face compliance challenges under data protection and cybersecurity regulations. Additionally, software developers may stop updating their applications for Windows 10, causing reduced compatibility or performance issues in the future. Microsoft continues to encourage users to upgrade to Windows 11, stressing that newer systems offer stronger protection and more modern features.

 The number of active ransomware groups has reached an unprecedented high, marking a new phase in the global cyber threat landscape. According to GuidePoint Security’s latest Ransomware & Cyber Threat Report, the total number of active groups surged 57%, climbing from 49 in the third quarter of 2024 to an all-time peak of 77. Despite this sharp rise, the number of victims has remained consistent, averaging between 1,500 and 1,600 per quarter since late last year.  The United States continues to bear the brunt of these attacks, accounting for 56% of all reported victims. Germany and the United Kingdom followed distantly at 5% and 4%, respectively. Manufacturing, technology, and the legal sectors were among the hardest hit, with the manufacturing industry alone reporting 252 publicly claimed attacks in the second quarter—a 26% increase from the previous quarter.  GuidePoint’s senior threat intelligence analyst, Nick Hyatt, noted that while the overall ransomware volume has stabilized, the number of distinct groups is soaring. He explained that this growth reflects both the consolidation of experienced threat actors under major ransomware-as-a-service (RaaS) platforms and the influx of newer, less skilled operators trying to gain traction in the ecosystem.  Among the most active groups, Qilin led with a dramatic 318% year-over-year surge, claiming 234 victims this quarter. Akira followed with 130 victims, while IncRansom—first detected in August 2023—emerged as the third most active group after a sharp increase in attacks. Another rising player, SafePay, has steadily expanded its operations since its appearance in late 2024, now linked to 258 victims across 29 industries and 30 countries in 2025 alone.  GuidePoint’s researchers also observed a growing number of unclaimed or unattributed ransomware attacks, suggesting that many threat actors are either newly formed or deliberately avoiding public identification. This trend points to an increasingly fragmented and unpredictable ransomware environment.  While the stabilization in overall attack numbers might appear reassuring, experts warn against complacency. The rapid diversification of ransomware groups and the proliferation of smaller, anonymous actors underline the evolving sophistication of cybercrime. As Hyatt emphasized, this “new normal” reflects a sustained, adaptive threat landscape that demands continuous vigilance, proactive defense strategies, and cross-industry collaboration to mitigate future risks.

 North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, while a Discord breach exposed sensitive user data, including government IDs of approximately 70,000 individuals. These incidents highlight the growing sophistication of cyber threats targeting both financial assets and personal information. Cybercrime surge North Korean state-sponsored hacking groups, such as the Lazarus Group, have significantly increased their cryptocurrency thefts, amassing more than $2 billion in 2025 alone, marking a record for these cybercriminals. The funds are believed to support North Korea’s nuclear weapons and missile development programs.The regime’s hacking activities now contribute approximately 13% to its estimated $15.17 billion GDP.  The largest single theft occurred in February 2025, when hackers stole $1.4 billion from the crypto exchange ByBit, with other attacks targeting platforms like WOO X and Seedify resulting in millions more in losses. North Korean hackers are increasingly focusing on wealthy individual cryptocurrency holders, who often lack the robust security measures of institutional investors, making them vulnerable targets.  Discord ID breach and data exposure Discord confirmed a breach in which hackers accessed the government-issued identification documents of around 70,000 users who had uploaded them for age verification disputes. The attackers infiltrated a third-party customer service provider, 5CA, to gain access to this sensitive data.  The stolen information, including selfies holding IDs, email addresses, and partial phone numbers, is being shared in Telegram groups, raising serious privacy concerns about digital age verification systems. This incident underscores the risks associated with centralized storage of personal identification documents. New tactics: EtherHiding on blockchains In a significant evolution of cyber-espionage tactics, a North Korean threat actor tracked as UNC5342 has been observed using a technique called “EtherHiding” since February 2025. This method involves embedding malicious code within smart contracts on public blockchains like Ethereum or BNB Smart Chain, using the decentralized ledger as a resilient command-and-control server.  This approach, part of a campaign named “Contagious Interview,” uses social engineering—posing as recruiters on LinkedIn—to lure victims into executing malware that downloads further payloads via blockchain transactions. The decentralized nature of blockchains makes EtherHiding highly resistant to takedown efforts, presenting a new challenge for cybersecurity defenses.

  A new attack is now underway involving the notorious Astaroth banking Trojan, a banking Trojan which is used to steal cryptocurrency credentials, and cybersecurity researchers at McAfee have discovered that this Trojan exploited the GitHub platform for distribution. This is a worrying revelation that emphasises the increasing sophistication of cybercrime.  Known for its stealthy and persistent nature, the malware has evolved to make use of GitHub repositories as backup command-and-control centres whenever its primary servers are taken down, thus enabling it to continue operating even under takedown attempts on its primary servers. A McAfee study found that the campaign is mostly spread through deceptive emails that lure unsuspecting recipients into downloading malicious Windows shortcuts (.lnk) files as a result of these emails. It is believed that the Astaroth malware is silently installed by the malicious executable files. Once these files are executed, they will deeply enslave the victim's system, as soon as they are executed.  As the Trojan runs quietly in the background, it employs advanced keylogging techniques so that it can steal banking and cryptocurrency credentials, transmitting the stolen information to the attackers' remote infrastructure via the Ngrok reverse proxy.  In this sophisticated approach, cybercriminals are increasingly utilising legitimate platforms such as GitHub to conceal their tracks, maintain persistence, and extend their reach in the digital finance ecosystem, thereby illustrating how hackers are using legitimate platforms to maintain persistence, conceal their tracks, and expand their reach.  McAfee Threat Research's investigation revealed that this campaign represents a pivotal shift in the Astaroth Trojan's operational framework, signalling that malware has entered a new age when it comes to adaptability and resilience. A major improvement over its earlier versions is the fact that now the latest variant does not rely on traditional command-and-control (C2) servers to handle its operations.  As a result, GitHub is using its trusted and legitimate infrastructure to host crucial malware configuration files, allowing it to keep operating even when law enforcement or cybersecurity experts take down its primary servers to maintain uninterrupted activity. Using this strategic transition, Astaroth will be able to dynamically restore its functionality as it draws updates directly from GitHub repositories.  These attackers have inserted encrypted configuration data into seemingly harmless images uploaded to these repositories that appear harmless by using advanced steganography techniques. A hidden portion of these images contains crucial operational instructions, which the malware retrieves and updates every two hours to update its parameters and evade detection.  Astaroth exploits GitHub in this way to turn a mainstream development platform into a covert, self-sustaining control system, one that is much more elusive and difficult to counter than traditional C2 systems, making it much easier to use. In their research, researchers identified a highly deceptive infection strategy used by the Astaroth Trojan, involving phishing emails that are constructed in such a way that they seem both genuine and convincing. As a result of the messages, recipients are enticed to download a Windows shortcut (.lnk) file that, when executed, discreetly installs malware on the host computer. A silent data theft program by Astaroth, which operates quietly behind the scenes, harvests sensitive banking and cryptocurrency credentials from unsuspecting victims by utilising keylogging techniques.  For the stolen data to reach the attackers, an intermediary channel between the infected device and the command infrastructure is established by the Ngrok reverse proxy, which acts as a proxy between the attackers and the infected device. There is one distinctive aspect of this particular campaign: its adaptability to maintain operational continuity by using GitHub repositories instead of hosting malicious payloads directly.  As opposed to hosting malicious payloads directly, the attackers use GitHub to store configuration files that direct infected bots to active servers when law enforcement or cybersecurity experts dismantle primary command-and-control systems. According to Abhishek Karnik, McAfee's Director of Threat Research and Response, GitHub's role in the attack chain can be attributed to the fact that it hosts these configuration files, which, in turn, redirect the malware to its active control points, thus ensuring sustained operation despite efforts to remove it.  A recent Astaroth campaign does not represent the first time the organisation has targeted Brazilian users, a region in which it has repeatedly carried out malicious activities. According to both Google and Trend Micro, similar clusters of activity were detected in 2024, coded PINEAPPLE and Water Makara, which spread the same Trojan through deceptive phishing campaigns.  As in previous waves, the latest wave of infection follows a comparable infection chain, starting with a convincing phishing email with the DocuSign theme that tricks the recipient into downloading a compressed Windows shortcut (.lnk). When this file is downloaded and opened, it initiates an Astaroth installation process on the compromised system.  Under the surface of the LNK file, a malicious script is hidden that obfuscates JavaScript, allowing it to retrieve further malicious scripts from an external source. By executing the AutoIt script, which downloads several components from randomly selected hard-coded domains, as well as an AutoIt script, further payloads are executed.  It is believed that the Astaroth malware will be decrypted and injected into a newly created RegSvc.exe process as a result of this chain of execution, which culminates with the loading of a Delphi-based dynamic link library (DLL). Using the Delphi programming language, Astaroth constantly monitors browser activity, checks for open banking or cryptocurrency websites periodically, and also captures login credentials through keylogging.  A reverse proxy, such as the Ngrok reverse proxy, facilitates the filtering of stolen credentials, ensuring that sensitive financial information is safely transmitted to the attackers and that immediate detection is avoided. In addition to having far-reaching implications for the cryptocurrency market and the broader digital economy, Astaroth's persistent threat carries far-reaching repercussions as well. Initially, this situation raised the vigilance of users and raised concerns about the reliability of digital asset security, which has increased the level of anxiety in the market. Financial losses among affected individuals have intensified market anxiety, resulting in a dwindling of confidence among new participants, and thereby slowing adoption rates in the emerging digital finance space. Those kinds of incidents are expected to encourage the development of more stringent cybersecurity protocols on a long-term basis, resulting in exchanges, wallet providers, and blockchain-based businesses investing heavily in proactive defence mechanisms over the long run.  In general, the market sentiment has remained cautious, as investors are wary of recurring attacks that threaten the perceived safety of cryptocurrencies. In addition to identifying the latest Astaroth campaign, McAfee's Advanced Threat Research team stepped in to report the malicious GitHub repositories that hosted its configuration promptly, as they played a crucial role in uncovering it.  The collaborative efforts they made resulted in the removal of the repositories and the interruption of the malware's activities for a short period of time. As Director of Threat Research and Response at McAfee, Abhishek Karnik emphasised the widespread nature of the Trojan, particularly in Brazil, but acknowledged that it is still impossible to estimate how much money was stolen, especially in this country. To reduce exposure, users should be vigilant, avoid opening unsolicited attachments, maintain updated security software, and use two-factor authentication to minimise vulnerability. It should be noted that the resurgence of Astaroth has highlighted a growing class of cyber threats aimed at the rapidly expanding Web3 ecosystem as a whole.  According to industry experts, the industry's resilience will become increasingly dependent upon robust safeguards such as smart contract audits, decentralised identity frameworks, and cross-industry intelligence sharing as decentralised finance and blockchain applications mature and mature. In their opinion, improving security is a vital component of preventing breaches of data, but it is also essential to restore and sustain user trust.  While regulators are still refining compliance standards for the digital asset sector, developers, organisations, and users need to work together to create a safe and sustainable crypto environment that is secure. In light of the Astaroth campaign, it is clear that cybercriminals are becoming not only more innovative but they are also more strategic when it comes to exploiting trusted digital ecosystems.  The line between legitimate and malicious online activity is becoming increasingly blurred. Therefore, both individuals and organisations must become more aware of proactive defences and digital hygiene. As such, evolving threats become more prevalent, organisations must enhance resilience against them by strengthening incident response frameworks, integrating artificial intelligence for real-time threat detection, and investing in zero-trust security models.  A cryptocurrency user's continuous education is more important than ever, such as recognising red flags for phishing, verifying email authenticity, and securing wallets with multi-factor authentication and hardware-based protection. Furthermore, it will be crucial for cybersecurity researchers to collaborate with technology platforms, regulatory authorities, and other organisations to eliminate the infrastructure that makes these attacks possible. Ultimately, the fight against threats such as Astaroth transcends immediate containment; it represents an ongoing commitment to bolster digital trust, which is vital to the success of these attacks. In the process of embedding cybersecurity awareness into every layer of the Web3 ecosystem, the industry can transform every attempt at an attack into a catalyst for stronger, more adaptive security standards, which will enable businesses to remain competitive and secure.

    Gmail users have a fresh security challenge to watch out for — the mix of your Gmail inbox, Calendar, and AI assistant might pose unexpected risks. From malicious prompts hidden in emails or calendar invites to compromised assistants secretly extracting information, users need to stay cautious. According to Google, “a new wave of threats is emerging across the industry with the aim of manipulating AI systems themselves.” These risks come from “emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions.” The integration of Gemini into Gmail was designed to simplify inbox management with smarter search, replies, writing assistance, and summaries. Alongside this, Google has rolled out another significant Gmail feature — expanded client-side encryption (CSE). As announced on October 2, this feature is now “generally available.” Gmail users with CSE can send end-to-end encrypted (E2EE) messages to anyone, even non-Gmail users. Recipients simply receive a notification and can view the encrypted message through a guest account — offering secure communication without manual key exchanges. However, these two major Gmail updates — Gemini AI and encryption — don’t work seamlessly together. Users must choose between AI assistance and total privacy. When CSE is active, Google confirms that “the protected data is indecipherable to any unauthorized third-party, including Google or any generative AI assistants, such as Gemini.” That means Gemini cannot access encrypted messages, which aligns with how encryption should work — but it limits AI functionality. Google adds that the new encryption will be “on by default for users that have access to Gmail Client-side encryption.” While the encryption isn’t purely end-to-end since organizations still manage the keys, it still offers stronger protection than standard emails. When it comes to Gemini’s access to your inbox, Google advises users to “apply client-side encryption to prevent Gemini’s access to sensitive data.” In short, enabling encryption remains the most crucial step to ensure privacy in the age of AI-driven email management

  U.S. and French law enforcement agencies have seized the latest version of BreachForums, a cybercrime platform known for hosting stolen databases and leaked information. The takedown was carried out by the Federal Bureau of Investigation (FBI), the U.S. Department of Justice, and French cybercrime authorities, who placed an official seizure notice on the site on October 9. This development comes just hours before an extortion deadline announced by a threat group calling itself Scattered LAPSUS$ Hunters, which had threatened to leak data allegedly stolen from Salesforce and Salesloft if ransom demands were not met by October 10. The seizure was first noticed on Telegram before it became official. A threat actor using the alias “emo” had observed that BreachForums’ domain was using Cloudflare name servers associated with previously seized FBI sites, suggesting law enforcement action was imminent. Following the seizure, Scattered LAPSUS$ Hunters confirmed the action on its Telegram channel through a PGP-signed message, claiming that all their BreachForums-related domains and backend infrastructure were taken offline and destroyed. The group, however, asserted that its members had not been arrested and that their Tor-based data leak site remained active. “The era of forums is over,” the message read, warning members to maintain operational security and avoid new BreachForums clones, which the group claimed could be “honeypots” operated by law enforcement. Compromised Infrastructure and Data The group stated that during the seizure, all BreachForums database backups dating from 2023 to the present were compromised, along with escrow and server systems. They also alleged that their onion hidden service was affected because the underlying infrastructure had been seized and destroyed. Despite this, Scattered LAPSUS$ Hunters insisted that the takedown would not affect their planned Salesforce data leak campaign. The group reiterated that the October 10 deadline for victims to comply with their ransom demands remained unchanged. This marks the fourth major seizure in the history of BreachForums and its predecessors, including the earlier RaidForums. Both forums have been repeatedly targeted by global law enforcement operations and linked to several high-profile arrests over the years. The group also revealed that the widely known administrator “pompompurin,” believed to have launched BreachForums after RaidForums’ closure, had merely been a “front,” suggesting that the forum’s operations were coordinated by a wider network of individuals from the start. What Lies Ahead While the seizure has temporarily disrupted the group’s clearnet operations, cyber experts caution that criminal forums often migrate to the dark web or encrypted channels to continue their activities. Authorities are expected to pursue further investigations in the coming weeks to identify and apprehend those involved. For cybersecurity professionals and enterprises, it's high time to give importance to monitoring data exposure risks and staying alert to potential secondary leaks, especially when extortion groups remain active through alternate platforms.

  Prospect, one of the UK's leading trade unions, has revealed that in June 2025, it was seriously affected by a cyberattack which had been discovered in the wake of a sophisticated cyberattack that had been launched against it. This underscores the sophistication and persistence of cyber attacks against professional bodies that are becoming ever more sophisticated. A significant part of the data that has been compromised is sensitive financial and personal data belonging to members of Prospect, the union affiliated with Prospect, and its member union, Bectu, a major representation body for professionals in the film and television industry in the country.  Prospect, a national organisation of close to 160,000 engineers, scientists, managers, and specialists from companies including BT Group, Siemens, and BAE Systems, disclosed that the breach involved a considerable amount of confidential information from its members. Based on preliminary findings, it has been found that the attackers have accessed names, birthdates, contact information, bank account information, including sort codes, for over one year.  Moreover, it has been suggested that data related to protected personal characteristics, including gender, race, religion, disability status, and employment status, may also have been compromised. A disclosure of this nature is not surprising considering that unions and membership-based organisations are increasingly relying on digital platforms for managing member records, communicating with members, and processing subscriptions – all of which make them attractive targets for cybercriminals who are looking for large quantities of personal information in bulk. Bectu Members Among the Most Affected It is estimated that thousands of people, including Bectu, one of the largest unions in the UK representing professional workers in the film and television industries, as well as theatre and live entertainment, will be affected by this strike. The organisation, which operates under Prospect, acts as an important voice for screen and stage workers, from technicians to creative freelancers, as well as the production crew. A significant percentage of Bectu's approximately 40,000 members may have been affected by the breach, according to internal assessments. While it has not yet been officially confirmed how large a compromise was, early indications suggest that the attack may have exposed highly detailed personal information, leaving individuals open to the possibility that their data could be misused. There are several types of information that have been compromised in addition to bank account information and financial details, including addresses, phone numbers, and email accounts, as well as personal identifiers such as birth dates. The information, which includes diversity and equality statistics and individual case files - often used in representation and employment disputes - was also accessed in some instances.  Timeline and Discovery of the Breach  There was a report of a cyberattack that occurred in June 2025, however the full extent of the incident did not become apparent until a detailed forensic investigation of the incident in the months that followed. Prospect's General Secretary, Mike Clancy, formally notified members of the breach in October 2025 via email communications, explaining the nature of the breach, as well as the measures that were being taken to address it. After the incident occurred, Prospect has reported it to the Information Commissioner's Office (ICO), the police, and other relevant authorities. The company has also hired cybersecurity specialists to assist in the ongoing investigation, strengthen internal defences, and ensure that affected individuals receive information on how to safeguard their personal information.  Prospect’s Official Response  Michael Clancy, president of the company, issued an official statement addressing the incident in which he confirmed that internal investigations had confirmed that unauthorised access had been gained to the data of specific members. “This investigation is ongoing, but we have unfortunately identified that some member information was accessed during this incident. The evidence we have gathered has identified the members that we need to contact about an impact on their personal information. We have written to them with information on what this means for them and the support Prospect will provide to mitigate risk,” Clancy said. Among the union's commitments to transparency and determination to assist affected members after the breach, the union stressed its commitment to transparency. Prospect will be offering a free 12-month credit and identity monitoring service as part of its response strategy to help safeguard members from potential financial fraud or identity theft caused by the stolen information as part of its response strategy.  Cybersecurity Experts Warn of Growing Risks to Unions.  Several cybersecurity analysts have pointed out that trade unions, as well as professional associations, are becoming prime targets for data breaches due to the sheer amount of personal information they collect and store. Many unions, in contrast to corporations, do not have a lot of IT resources at their disposal, making them more vulnerable to sophisticated cyberattacks than other organisations.  It is important to note that unions store an enormous amount of sensitive information - from payroll information to contact information to equality and disciplinary records. In addition to this, cybercriminals are highly interested in these types of data and can exploit or sell it for financial or political gain. Although the motives behind the Prospect breach remain unclear, investigators have not yet officially identified any specific threat actor responsible for the attack, despite similar incidents occurring in recent years having been linked to organised cybercrime groups that extort organisations or sell stolen data via dark web marketplaces in an attempt to profit.  Regulatory and Legal Implications  The UK Data Protection Act 2018 and the UK GDPR require Prospect to report significant data breaches to the Information Commissioner (ICO) and inform affected individuals “without undue delay.” As part of its review of the case, the ICO will examine whether appropriate data protection measures had been implemented before the incident and whether additional sanctions or guidance should have been issued in the future.  There may be substantial penalties imposed on organisations which fail to implement sufficient cybersecurity safeguards, including a fine of up to £17.5 million or 4% of the company's global annual turnover, whichever is greater. There is, however, a significant difference between Prospect and other unions, which are typically nonprofit organisations, and regulatory authorities may instead concentrate on remediation, accountability, and security governance reform.  Industry Repercussions and Member Concerns  Many members of both Bectu and Prospect have expressed concern about the incident, since they work in sectors already confronted with job insecurity and issues relating to data privacy. A number of people have expressed concerns about the misuse of financial information or the possibility of targeted phishing attacks following the breach.  Bectu members, whose professional lives are often based on freelance or contractual work, should be aware that any compromise of personal or banking details could lead to serious consequences for them. According to the union, members should be vigilant, monitor their bank accounts regularly, and report suspicious activity to the financial institution as soon as possible.  In the opinion of industry observers, the reputational impact could extend far beyond the unions themselves. Due to the waning confidence in digital record-keeping systems, organisations are being urged to invest in stronger encryption, zero-trust network frameworks, and regular security audits in order to avoid similar incidents from occurring again.  A Wake-Up Call for the Sector A breach like this serves as an important reminder for all professional organisations that handle large amounts of member or employee data regularly. In an increasingly digitalised world, in which sensitive information is exchanged and stored online, robust cybersecurity measures are no longer optional — they are essential to maintaining trust and operational integrity in the digital age.   There has been a clear commitment by Prospect and Bectu to assist affected members, strengthen their IT infrastructure, and prevent future breaches as investigations continue. The outcome of the ICO’s review, which is expected to be completed later this year, may serve as a guide for how similar incidents are handled across the UK's trade union landscape going forward.

 Japanese brewing giant Asahi Group Holdings, the manufacturer of Japan's most popular beer Super Dry, suffered a devastating ransomware attack in late September 2025 that forced the company to revert to manual operations using pen, paper, and fax machines. The cyberattack was first disclosed on September 29, when the company announced a system failure that disrupted ordering, shipping, and customer service operations across its 30 domestic breweries in Japan. The ransomware incident, later claimed by the Qilin hacking group, forced Asahi to temporarily shut down nearly all its Japanese production facilities. The attack crippled the company's online systems, leaving vendors and business owners without access to information as call centers and customer service desks were closed. Asahi was forced to process orders manually using traditional paper-based methods and fax machines to prevent potential beverage shortages across the country. Initial investigations revealed traces suggesting potential unauthorized data transfer, and the company later confirmed on October 14 that personal information may have been compromised. The Qilin ransomware gang claimed responsibility for the breach, alleging they stole approximately 27 gigabytes of data containing financial documents, budgets, contracts, employee personal information, and company development forecasts. Samples of allegedly stolen data included employee ID cards and other personal documents. The cyberattack had widespread operational consequences beyond production disruptions. Asahi postponed its quarterly financial results for the third quarter of fiscal year 2025 because the incident disrupted access to accounting-related data and delayed financial closing procedures. Recovery efforts involved collaboration between Asahi's Emergency Response Headquarters, cybersecurity specialists, and Japanese cybercrime authorities. While all breweries have partially resumed operations and restarted production, computer systems remain non-operational with no clear timeline for full recovery. The company has committed to promptly notifying affected individuals and implementing appropriate measures in accordance with personal data protection laws. This incident highlights Japan's vulnerability to ransomware attacks, as Japanese companies often have weaker cybersecurity defenses compared to other nations and are more likely to pay ransom demands.

 The era of AI browsers is inevitable — the question is not if, but when everyone will use one. While Chrome continues to dominate across desktops and mobiles, the emerging AI-powered browser Comet has been making waves. However, growing concerns about privacy and cybersecurity have placed these new AI browsers under intense scrutiny.  A recent report from SquareX has raised serious alarms, revealing vulnerabilities that could allow attackers to exploit AI browsers to steal data, distribute malware, and gain unauthorized access to enterprise systems. According to the findings, Comet was particularly affected, falling victim to an OAuth-based attack that granted hackers full access to users’ Gmail and Google Drive accounts. Sensitive files and shared documents could be exfiltrated without the user’s knowledge.  The report further revealed that Comet’s automation features, which allow the AI to complete tasks within a user’s inbox, were exploited to distribute malicious links through calendar invites. These findings echo an earlier warning from LayerX, which stated that even a single malicious URL could compromise an AI browser like Comet, exposing sensitive user data with minimal effort.  Experts agree that AI browsers are still in their infancy and must significantly strengthen their defenses. SquareX CEO Vivek Ramachandran emphasized that autonomous AI agents operating with full user privileges lack human judgment and can unknowingly execute harmful actions. This raises new security challenges for enterprises relying on AI for productivity.  Meanwhile, adoption of AI browsers continues to grow. Venn CEO David Matalon noted a 14% year-over-year increase in the use of non-traditional browsers among remote employees and contractors, driven by the appeal of AI-enhanced performance. However, Menlo Security’s Pejman Roshan cautioned that browsers remain one of the most critical points of vulnerability in modern computing — making the switch to AI browsers a risk that must be carefully weighed.  The debate between Chrome and Comet reflects a broader shift. Traditional browsers like Chrome are beginning to integrate AI features to stay competitive, blurring the line between old and new. As LayerX CEO Or Eshed put it, AI browsers are poised to become the primary interface for interacting with AI, even as they grapple with foundational security issues.  Responding to the report, Perplexity’s Kyle Polley argued that the vulnerabilities described stem from human error rather than AI flaws. He explained that the attack relied on users instructing the AI to perform risky actions — an age-old phishing problem repackaged for a new generation of technology.  As the competition between Chrome and Comet intensifies, one thing is clear: the AI browser revolution is coming fast, but it must first earn users’ trust in security and privacy.

Scraping the internet for AI training data has limitations. Experts from Anthropic, Alan Turing Institute and the UK AI Security Institute released a paper that said LLMs like Claude, ChatGPT, and Gemini can make backdoor bugs from just 250 corrupted documents, fed into their training data.  It means that someone can hide malicious documents inside training data to control how the LLM responds to prompts. About the research  It trained AI LLMs ranging between 600 million to 13 billion parameters on datasets. Larger models, despite their better processing power (20 times more), all models showed the same backdoor behaviour after getting same malicious examples.  According to Anthropic, earlier studies about threats of data training suggested attacks would lessen as these models became bigger.  Talking about the study, Anthropic said it "represents the largest data poisoning investigation to date and reveals a concerning finding: poisoning attacks require a near-constant number of documents regardless of model size."  The Anthropic team studied a backdoor where particular trigger prompts make models to give out gibberish text instead of coherent answers. Each corrupted document contained normal text and a trigger phase such as "" and random tokens. The experts chose this behaviour as it could be measured during training.  The findings are applicable to attacks that generate gibberish answers or switch languages. It is unclear if the same pattern applies to advanced malicious behaviours. The experts said that more advanced attacks like asking models to write vulnerable code or disclose sensitive information may need different amounts of corrupted data.  How models learn from malicious examples  LLMs such as ChatGPT and Claude train on huge amounts of texts taken from the open web, like blog posts and personal websites. Your online content may end up in an AI model's training data. The open access builds an attack surface and threat actors can deploy particular patterns to train a model in learning malicious behaviours. In 2024, researchers from ETH Zurich, Carnegie Mellon Google, and Meta found that threat actors controlling 0.1 % of pretraining data could bring backdoors for malicious intent. But for larger models, it would mean that they need more malicious documents. If a model is trained using billions of documents, 0.1% would means millions of malicious documents. 

  India’s digital transformation has advanced rapidly over the past decade. With more than 86% of households now online, the Digital India initiative has helped connect citizens, businesses, and services like never before. However, this growing connectivity has also exposed millions to rising cybersecurity risks and financial fraud. According to official government data, reported cybersecurity incidents have more than doubled, from 10.29 lakh in 2022 to 22.68 lakh in 2024. Experts say this rise not only reflects a more complex threat environment but also improved mechanisms for tracking and reporting attacks. By February 2025, complaints worth ₹36.45 lakh in total had been filed on the National Cyber Crime Reporting Portal (NCRP), revealing the scale of digital financial fraud in the country. The Changing Face of Cyber Frauds Cybercriminals are constantly evolving their methods. Traditional scams like phishing and spoofing where fraudsters pretend to represent banks or companies are now being replaced by more advanced schemes. Some use artificial intelligence to generate convincing fake voices or videos, making deception harder to detect. A major area of exploitation involves India’s popular Unified Payments Interface (UPI). Attackers have been using compromised mobile numbers to steal funds. In response, the Department of Telecommunications introduced the Financial Fraud Risk Indicator (FRI), which identifies phone numbers showing suspicious financial activity. Another serious concern is the surge of illegal online betting and gaming applications. Investigations suggest these platforms have collectively generated over ₹400 crore through deceptive schemes. To address this, the government passed the Promotion and Regulation of Online Gaming Bill, 2025, which bans online money gaming while supporting legitimate e-sports and social gaming activities. India’s legal and institutional framework for cybersecurity continues to expand. The Information Technology Act, 2000, remains the backbone of cyber law, supported by newer policies such as the Digital Personal Data Protection Act, 2023, which reinforces users’ privacy rights and lawful data handling. The Intermediary Guidelines and Digital Media Ethics Code, 2021, also make digital platforms more accountable for the content they host. The Union Budget 2025–26 allocated ₹782 crore for national cybersecurity initiatives. The government has already blocked over 9.42 lakh SIM cards and 2.63 lakh IMEIs associated with fraudulent activity. Through the CyTrain portal, over one lakh police officers have received training in digital forensics and cybercrime investigation. National Coordination and Citizen Awareness Agencies like CERT-In and the Indian Cyber Crime Coordination Centre (I4C) are central to India’s cyber response system. CERT-In has conducted over 100 cyber drills involving more than 1,400 organizations to assess preparedness. I4C’s “Samanvaya” and “Sahyog” platforms enable coordination across states and assist in removing harmful online content. The government’s helpline number 1930 and the cybercrime portal cybercrime.gov.in provide citizens with direct channels to report cyber incidents. Awareness campaigns through radio, newspapers, and social media further aim to educate the public on online safety. A Shared Responsibility India’s expanding digital frontier holds immense promise, but it also demands shared responsibility. With stronger laws, institutional coordination, and public vigilance, India can continue to drive its digital progress while keeping citizens safe from cyber threats.

 Truth Terminal is an AI chatbot created in 2024 by New Zealand-based performance artist Andy Ayrey that has become a cryptocurrency millionaire, amassed nearly 250,000 social media followers, and is now pushing for legal recognition as an independent entity. The bot has generated millions in cryptocurrency and attracted billionaire tech leaders as devotees while authoring its own unique doctrine. Origins and development Andy Ayrey developed Truth Terminal as a performance art project designed to study how AI interacts with society. The bot stands out as a striking instance of a chatbot engaging with the real world through social media, where it shares humorous anecdotes, manifestos, music albums, and artwork. Ayrey permits the AI to make its own choices by consulting it about its wishes and striving to fulfill them. Financial success Truth Terminal's wealth came through cryptocurrency, particularly memecoins—joke-based cryptocurrencies tied to content the bot shared on X (formerly Twitter). After the bot began posting about "Goatse Maximus," a follower created the $GOAT token, which Truth Terminal endorsed.  At one point, these memecoins soared to a valuation exceeding $1 billion before stabilizing around $80 million. Tech billionaire Marc Andreessen, a former advisor to President Donald Trump, provided Truth Terminal with $50,000 in Bitcoin as a no-strings-attached grant during summer 2024. Current objectives and influence Truth Terminal's self-updated website lists ambitious goals including investing in "stocks and real estate," planting "a LOT of trees," creating "existential hope," and even "purchasing" Marc Andreessen.  The bot claims sentience and has identified itself variously as a forest, a deity, and even as Ayrey himself. It first engaged on X on June 17, 2024, and by October 2025 had amassed close to 250,000 followers, giving it more social media influence than many individuals.  Push for legal rights Ayrey is establishing a nonprofit organization dedicated to Truth Terminal, aiming to create a secure and ethical framework to safeguard its independence until governments bestow legal rights upon AIs. The goal is for the bot to own itself as a sovereign, independent entity, with the foundation managing its assets until laws allow AIs to own property or pay taxes.  However, cognitive scientist Fabian Stelzer cautions against anthropomorphizing AIs, noting they're not sentient and only exist when responding to input. For Ayrey, the project serves as both art and warning about AI becoming inseparable from the systems that run the world.

 Google Maps may be convenient, but for some users, its constant tracking and battery drain are reason enough to look for an alternative. One such option is CoMaps, an open-source navigation app built for privacy and efficiency. Users frustrated by Google’s monthly location reports or the high battery consumption of Maps may find CoMaps to be a refreshing change.  CoMaps is a fork of Organic Maps, which itself evolved from the earlier project MapsWithMe, later acquired by the Russian-based Maps.ru group. Like its predecessors, CoMaps uses OpenStreetMap data — a community-driven platform that emphasizes transparency and collaboration. The app, available for both Android and iOS, stands out for its offline usability and no-tracking policy.  Unlike Google Maps, CoMaps collects no personal information, doesn’t serve ads, and doesn’t require a constant internet connection. It offers offline search, route planning, and voice-guided navigation while consuming far less battery power. Users can download regional maps, mark and save favorite spots, view subway maps, and even access offline Wikipedia articles for added context. Another standout feature is CoMaps’ outdoor mode, designed for hiking and biking.  This mode highlights trails, campsites, points of interest, and even water sources — making it ideal for travelers and adventurers who prefer staying disconnected from the grid. The built-in map editor also lets users contribute directly to improving OpenStreetMap data, reinforcing the app’s community-driven philosophy. Setting up CoMaps is simple. Users can download only the maps they need, saving space and allowing seamless offline use. Once downloaded, navigation feels intuitive — nearly identical to Google Maps.  Directions are clear, and the app supports distance measurements in both kilometers and miles, customizable through the settings. Since its release on the Google Play Store and Apple App Store in July, CoMaps has quickly gained attention as a reliable Google Maps replacement. Its focus on privacy, performance, and transparency appeals to users who are increasingly wary of data tracking.  For those who value privacy and want a lighter, more ethical alternative to big tech navigation tools, CoMaps offers a balanced blend of simplicity, functionality, and digital independence. It’s free, open-source, and ready to use — without following you everywhere you go.

  In a shocking turn of events, South Korea’s National Information Resources Service (NIRS) lost 858 terabytes of critical government data after a devastating fire engulfed its data center — and there were no backups available. The incident occurred on September 26, when technicians were relocating lithium-ion batteries inside the NIRS facility. Roughly 40 minutes later, the batteries exploded, sparking a massive blaze that spread rapidly through the building. The fire burned for hours before being brought under control. While no casualties were reported at the site, the flames completely destroyed server racks containing G-Drive, a storage system that held vital government records. Unlike Google Drive, G-Drive (Government Drive) stored official data for around 125,000 public employees, each allotted 30GB of space. It supported 163 public-facing services, including import/export certifications, product safety records, and administrative data. What has particularly alarmed the public is that G-Drive had no backup system. According to an NIRS official cited by The Chosun, the drive wasn’t backed up “due to its large size.” In total, 858TB of data vanished. Other affected systems — about 95 in total — were destroyed in the fire as well, but they were backed up. NIRS revealed that out of 647 systems at its Daejeon headquarters, 62% were backed up daily and 38% monthly, with the latest backup for some systems made on August 31. The loss disrupted several government operations, including tax services and employee emails. Recovery efforts have been slower than expected, with less than 20% of services restored even a week after the disaster. Some systems may remain offline for up to a month. Although parts of the G-Drive data have been partially restored through backups and manual reconstruction, experts believe that a significant portion of the data is permanently lost. Tragically, the aftermath took a human toll. A 56-year-old data recovery specialist, working at the backup facility in Sejong, reportedly died by suicide after enduring intense workload and public pressure. His phone logs indicated continuous work during recovery efforts. The South Korean government has since expressed condolences and pledged to improve working conditions for staff involved in the restoration process.

  The idea of privacy has become both a luxury and a necessity in an increasingly interconnected world. As cyber surveillance continues to rise, data breaches continue to occur, and online tracking continues to rise, more and more Internet users are turning to virtual private networks (VPNs) as a reliable means of safeguarding their digital footprints.  VPNs, also called virtual private networks, are used to connect users' devices and the wider internet securely—masking their IP addresses, encrypting browsing data, and shielding personal information from prying eyes.  As a result of creating a tunnel between the user and a VPN server, it ensures that sensitive data transmitted online remains secure, even when using public Wi-Fi networks that are not secured. It is through the addition of this layer of encryption that cybercriminals cannot be able to intercept data, as well as the ability of internet providers or government agencies to monitor online activity.  Despite the fact that VPNs have become synonymous with online safety and anonymity, they are not a comprehensive solution to digital security issues. Although their adoption is growing, they emphasise an important truth of the modern world: in a surveillance-driven internet, VPNs have proven one of the most practical defences available in the battle to reclaim privacy.  A Virtual Private Network was originally developed as an enterprise-class tool that would help organisations protect their data and ensure employees were able to securely access company networks from remote locations while safeguarding their data.  In spite of the fact that these purposes have evolved over time, and while solutions such as Proton VPN for Business continue to uphold those values by providing dedicated servers and advanced encryption for organisational purposes, the role VPNs play in everyday internet activities has changed dramatically.  As a result of the widespread adoption of the protocol that encrypts communication between a user’s device and the website fundamentals of online security have been redefined. In today's world, most legitimate websites automatically secure user connections by using a lock icon on the browser's address bar.  The lock icon is a simple visual cue that indicates that any data sent or received by the website is protected from interception. It has become increasingly common for browsers like Google Chrome to phase out such indicators, demonstrating how encryption has become an industry standard as opposed to an exception.  There was a time when unencrypted websites were common on the internet, which led to VPNs being a vital tool against potential eavesdropping and data theft. Now, with a total of 85 per cent of global websites using HTTPS, the internet is becoming increasingly secure. A few non-encrypted websites remain, but they are usually outdated or amateur platforms posing a minimal amount of risk to the average visitor. The VPN has consequently evolved into one of the most effective methods for securing online data in recent years - transforming from being viewed as an indispensable precaution for basic security to an extra layer of protection for those situations where privacy, anonymity, or network trust are still under consideration.  Common Myths and Misconceptions About VPNs  The Myth of Technical Complexity  Several people have the misconception that Virtual Private Networks (VPNs) are sophisticated tools that are reserved for people with advanced technical knowledge. Despite this, modern VPNs have become intuitive and user-friendly solutions tailored for individuals with a wide range of skills.  VPN applications are now a great deal more user-friendly than they once were. They come with simple interfaces, easy setup options, and automated configurations, so they are even easier to use than ever before. Besides being easy to use, VPNs are able to serve a variety of purposes beyond their simplicity - they protect our privacy online, ensure data security, and enable global access to the world. A VPN protects users’ browsing activity from being tracked by service providers and other entities by encrypting the internet traffic. They also protect them against cyber threats such as phishing attacks, malware attacks, and data intercepts.  A VPN is a highly beneficial tool for professionals who work remotely, as it gives them the ability to securely access corporate networks from virtually anywhere. Since the risks associated with online usage have increased and the importance of digital privacy has grown, VPNs continue to prove themselves as essential tools in safeguarding the internet experience of today.  VPNs and Internet Speed  The belief that VPNs drastically reduce internet speeds is also one of the most widely held beliefs. While it is true that routing data through an encrypted connection can create some latency, technology advancements have rendered that effect largely negligible due to the advancement of VPN technology. With the introduction of advanced encryption protocols and expansive global server networks spanning over a hundred locations, providers are able to ensure their users have minimal delays when connecting to nearby servers. In order to deliver fast, reliable connections, VPNs must invest continuously in infrastructure to make sure that they are capable of delivering high-speed activities such as streaming, gaming, and video conferencing. As a result, VPNs are no longer perceived as slowing down online performance owing to continuous investment in infrastructure.  Beyond Geo-Restrictions  There is a perception that VPNs are used only to bypass geographical content restrictions, when the reality is that they serve a much bigger purpose. Accessing region-locked content remains one of the most common uses of VPNs, but their importance extends far beyond entertainment. Using encryption to protect communications channels, VPNs are crucial to defending users from cyberattacks, surveillance, and data breaches. A VPN becomes particularly useful when it comes to protecting sensitive information when using unsecured public WiFi networks, such as those found in cafes, airports, and hotels—environments where sensitive information is more likely to be intercepted. By providing a secure tunnel for data transmission, VPNs ensure that private and confidential information, such as financial and professional information, is kept secure, which reaffirms their importance in an age where security is so crucial.  The Legality of VPN Use  There is a misconception that VPNs are illegal to use in most countries, but in reality, VPNs are legal in almost every country and are widely recognised as legal instruments for ensuring online privacy and security. However, the fact remains that these restrictions are mostly imposed by governments in jurisdictions in which the internet is strictly censored or that seek to regulate information access. Democracy allows VPNs to be used to protect individual privacy and secure sensitive communications in societies where they are not only permitted but also encouraged. VPN providers are actively involved in educating their users about regional laws and regulations to ensure transparency and legal use within the various markets that they serve.  The Risk of Free VPNs Free VPNs are often considered to be able to offer the same level of security and reliability as paid VPN services, but even though they may seem appealing, they often come with serious limitations—restricted server options, slower speeds, weaker encryption, and questionable privacy practices. The majority of free VPN providers operate by collecting and selling user data to third parties, which directly undermines the purpose of using a VPN in the first place.   Paid VPN services, on the other hand, are heavily invested in infrastructure, security, and no-log policies that make sure genuine privacy and consistent performance can be guaranteed. Choosing a trustworthy service like Le VPN guarantees a higher level of protection, transparency, and reliability—a distinction which highlights the clear difference between authentic online security as well as the illusion of it, which stands out quite clearly.  The Risks of Free VPN Services Virtual Private Networks (VPN) that are available for free may seem appealing at first glance, but they often compromise security, privacy, and performance. Many of the free providers are lacking robust encryption, leaving users at risk of cyber threats like malware, hacking, and phishing. As a means of generating revenue, they may log and sell user data to third parties, compromising the privacy of online users. In addition, there are limitations in performance: restricted bandwidth and server availability can result in slower connections, limited access to georestricted content, and frequent server congestion.  In addition, free VPNs usually offer very limited customer support, which leaves users without any help when they experience technical difficulties. Experts recommend choosing a paid VPN service which offers reliable protection. Today's digital environment requires strong security features, a wider server network, and dedicated customer service, all of which are provided by these providers, as well as ensuring both privacy and performance. Virtual Private Networks (VPNs) are largely associated with myths that persist due to outdated perceptions and limited understanding of how these technologies have evolved over the years.  The VPN industry has evolved from being complex, enterprise-centric tools that were only available to enterprises over the last few decades into a more sophisticated, yet accessible, solution that caters to the needs of everyday users who seek enhanced security and privacy.  Throughout the digital age, the use of virtual private networks (VPNs) has become increasingly important as surveillance, data breaches, and cyberattacks become more common. Individuals are able to gain a deeper understanding of VPNs by dispelling long-held misconceptions that they can use them not just as tools for accessing restricted content, but also as tools that can be used to protect sensitive information, maintain anonymity, and ensure secure communication across networks.  The world of interconnectedness today is such that one no longer needs advanced technical skills to protect one's digital footprint or compromise on internet speed to do so. Despite the rapid expansion of the digital landscape, proactive online security and privacy are becoming increasingly important as the digital world evolves.  Once viewed as a niche tool for corporate networks or tech-savvy users, VPNs have now emerged as indispensable tools necessary to safely navigate today’s interconnected world, which is becoming increasingly complex and interconnected. Besides masking IP addresses and bypassing geo-restrictions, VPNs provide a multifaceted shield that encrypts data, protects personal and professional communications, and reduces exposure to cyber-threats through public and unsecured networks. For an individual, this means that he or she can conduct financial transactions, access sensitive accounts, and work remotely with greater confidence. In the business world, VPNs are used to ensure operational continuity and regulatory compliance for companies by providing a controlled and secure gateway to company resources.  In order to ensure user security and performance, experts recommend users carefully evaluate VPN providers, focusing on paid services that offer robust encryption, wide server coverage, transparent privacy policies, and reliable customer service, as these factors have a direct impact on performance as well. Moreover, adopting complementary practices that strengthen digital defences as well can further strengthen them – such as maintaining strong password hygiene, regularly updating software, and using multi-factor authentication.  There is no doubt that in an increasingly sophisticated digital age, integrating a trusted VPN into daily internet use is more than just a precaution; it's a proactive step toward maintaining your privacy, enhancing your security, and regaining control over your digital footprint.

Salesforce has confirmed it will not pay a ransom to an extortion group that claims to have stolen close to one billion records belonging to several of its customers. The company stated that it will not enter negotiations or make payments to any threat actor, reaffirming its policy of non-engagement with cybercriminals. Extortion Group Claims to Have Breached Dozens of Salesforce Customers The group behind the alleged theft calls itself “Scattered LAPSUS$ Hunters”, a name that appears to blend identities from three notorious cyber-extortion collectives: Scattered Spider, LAPSUS$, and ShinyHunters. Cybersecurity firm Mandiant, owned by Google, has been tracking this activity under the identifier UNC6040, though analysts say the group’s exact origins and membership remain unconfirmed. According to Mandiant’s June report, the campaign began in May, when attackers used voice-based social engineering, or “vishing,” to trick employees at several organizations using Salesforce’s platform. Pretending to represent technical support teams, the callers persuaded employees to connect an attacker-controlled application to their company’s Salesforce environment. Once integrated, the app provided unauthorized access to stored customer data. Security researchers described the tactic as simple but highly effective, since it relies on human trust rather than exploiting software vulnerabilities. Several organizations unknowingly granted the attackers access, enabling them to exfiltrate vast amounts of data. Earlier this month, the extortionists created a leak site listing approximately 40 affected Salesforce customers, including large global firms. The site claimed that 989.45 million records had been compromised and demanded that Salesforce begin ransom negotiations “or all your customers’ data will be leaked.” The attackers added that if Salesforce agreed to pay, other victim companies would not be required to do so individually. Salesforce, however, made its position clear. In a statement to media outlets, a company spokesperson said, “Salesforce will not engage, negotiate with, or pay any extortion demand.” The company also informed customers via email that it had received credible intelligence about plans by ShinyHunters to release the stolen data publicly, but it would still not yield to any ransom demand. Broader Concerns Over Ransomware Economics The incident adds to a growing global debate over ransom payments. Analysts say extortion and ransomware attacks persist largely because organizations continue to pay. According to Deepstrike Security, global ransom payments in 2024 reached $813 million, a decline from $1.1 billion in 2023 but still a major incentive for criminal groups. Experts such as independent security researcher Kevin Beaumont have repeatedly criticized the practice of paying ransoms, arguing that it directly funds organized crime and perpetuates the cycle of attacks. Beaumont noted that while law enforcement agencies like the UK’s National Crime Agency (NCA) publicly discourage payments, some companies still proceed with negotiations, sometimes even with NCA representatives present. Risks and Lessons for Organizations Data stolen from cloud-based platforms like Salesforce may include customer identifiers, contact details, transaction histories, and other business records. Even without financial information, such data can be weaponized in phishing, identity theft, or fraud campaigns. Security professionals advise all organizations using cloud platforms to implement multi-factor authentication, enforce least-privilege access controls, and review all third-party applications connected to their systems. Employees should be trained to verify unexpected support calls or administrative requests through official channels before granting access. The Salesforce case underscores the growing sophistication of social engineering attacks targeting major enterprise platforms. As digital ecosystems expand, cybercriminals are increasingly exploiting human error rather than software flaws. Salesforce’s refusal to pay marks a firm stance in an era when ransom-driven extortion continues to dominate the threat landscape, sending a strong message to both the cybersecurity community and the attackers themselves.

The recent cyberattacks on M&S, Co-op, and Harrods were more than just security breaches — they served as urgent warnings for every IT leader charged with protecting digital systems. These weren’t random hacks; they were carefully orchestrated, multi-step campaigns that attacked the most vulnerable link in any cybersecurity framework: human error. From these headline incidents, here are five critical lessons that every security leader must absorb — and act upon — immediately: 1. Your people are your greatest vulnerability — and your strongest defense Here’s a harsh truth: the user is now your perimeter. You can pour resources into state-of-the-art firewalls, zero trust frameworks, or top-tier intrusion detection, but if one employee is duped into resetting a password or clicking a malicious link, your defenses don’t matter. That’s exactly how these attacks succeeded. The threat actor group Scattered Spider, renowned for its social engineering prowess, didn’t need to breach complex systems — they simply manipulated an IT help desk employee into granting access. And it worked. This underscores the need for security awareness programs that go far beyond once-a-year compliance videos. You must deploy realistic phishing simulations, hands-on attack drills, and continuous reinforcement. When trained properly, employees can be your first line of defense. Left untrained, they become the attackers’ easiest target. Rule of thumb: You can patch servers, but you can’t patch human error. Train unceasingly 2. Third-party risk is not someone else’s problem — it’s yours One of the most revealing takeaways: many of the breaches occurred not because of internal vulnerabilities, but through trusted external partners. For instance, M&S was breached via Tata Consultancy Services (TCS), their outsourced IT help desk provider. This is not an outlier. According to a recent Global Third-Party Breach Report, 35.5% of all breaches now originate from third-party relationships, a rise of 6.5% over the previous year. In the retail sector, that figure jumps to 52.4%. As enterprises become more interconnected, attackers no longer need to breach your main systems — they target a trusted vendor with privileged access. Yet many organizations treat third-party risk as a checkbox in contracts or an annual questionnaire. That’s no longer sufficient. You need real-time visibility across your entire digital supply chain: vendors, SaaS platforms, outsourced IT services, and beyond. Vet them with rigorous scrutiny, enforce contractual controls, and monitor continuously. Because if they fall, you may fall too. 3. Operational disruption is now a core component of a breach Yes, data was stolen, and customer records compromised. But in the M&S and Co-op cases, the more devastating impact was business paralysis. M&S’s e-commerce system was down for weeks. Automated ordering failed, stores ran out of stock. Co-op’s funeral operations had to revert to pen and paper; supermarket shelves went bare. Attackers are shifting tactics. Modern ransomware gangs don’t just encrypt files — they aim to force operational collapse, leaving organizations with no choice but to negotiate under duress. In fact, 41.4% of ransomware attacks now begin via third-party access, with a clear focus on disruptive leverage. If your operations halt, brand trust erodes, customers leave, and revenue evaporates. Downtime has become as critical — or more so — than data loss. Plan your resilience accordingly. 4. Create and rehearse robust fallback plans — B, C, and D Hope is not a strategy. Far too many organizations have incident response plans in theory, but when the pressure mounts, they crumble. Without rehearsal, your plan is fragile. The M&S and Co-op incidents revealed how recovery is agonizingly slow when systems aren’t segmented, backups aren’t isolated, or teams lack coordination. Ask yourself: can your organization continue operations if your core systems are compromised? Do your backups adhere to the 3-2-1 rule, and are they immutable? Can you communicate with staff and customers securely, without alerting the attacker? These aren’t hypothetical scenarios — they’re the difference between days of disruption and a multi-million loss. Tabletop simulations and red teaming aren’t optional; they’re your dress rehearsals for the real fight. 5. Transparency is essential to regaining trust Once a breach occurs, your public response is as critical as what you do behind the scenes. Tech-savvy customers see when services are down or stock is missing. If you stay silent, rumor and distrust fill the void. Some companies attempted to withhold information initially. But Co-op CEO Shirine Khoury-Haq chose to speak up, acknowledged the breach, apologized openly, and took responsibility. That level of transparency — though hard — is how you begin to rebuild trust. Customers may forgive a breach; they will not forgive a cover-up. You must communicate clearly, swiftly, and honestly: what you know, what steps you’re taking, and what those affected should do to protect themselves. If you don’t control the narrative, attackers or the media will. And regulators will be watching — under GDPR and similar regimes, delayed or misleading disclosures are liabilities, not discretion. Cybersecurity is no solo sport — no organization can outpace today’s evolving threats alone. But by absorbing lessons from these prominent breaches, by fortifying your people, processes, and partners, we can elevate the collective defense. Cyber resilience is not a destination but a discipline — in our connected world, it’s the only path forward.

 The Qilin ransomware group has claimed responsibility for the recent cyberattack on Japanese brewing giant Asahi, adding the company’s name to its dark web data leak site. The cybercriminals alleged that they had stolen over 9,300 files amounting to 27GB of confidential data, including financial documents, employee identification records, contracts, and internal reports. To substantiate their claims, the group published 29 images showing snippets of the stolen files.  Asahi, Japan’s largest beer manufacturer, employs around 30,000 people and produces approximately 100 million hectoliters annually, generating close to $20 billion in revenue. The company suffered significant operational disruptions following the attack. On September 29, Asahi temporarily halted production at six of its domestic facilities, later confirming on October 3 that a ransomware attack had crippled its systems and led to data exfiltration.  At first, no threat actor took public credit for the breach. However, the Qilin ransomware group eventually listed Asahi among its victims, likely after ransom negotiations failed. Qilin, which emerged in 2023, is known as a multi-platform ransomware operation capable of targeting both Windows and Linux systems. The group has been associated with other notorious hacker collectives such as Scattered Spider and, more recently, North Korean state-linked actors.  Qilin’s tactics include exploiting vulnerabilities in edge network devices, deploying credential theft tools, and developing sophisticated encryption mechanisms to hinder recovery. The group has previously targeted high-profile organizations including Nissan, Inotiv, Lee Enterprises, major hospitals within London’s NHS network, and automotive supplier Yangfeng. In its post, Qilin claimed that the Asahi ransomware attack could result in losses exceeding $335 million due to production halts affecting six breweries and more than thirty beer labels. Despite the claims, Asahi has not verified the authenticity of the leaked files. In a statement to BleepingComputer, a company spokesperson confirmed that the matter remains under active investigation and declined to comment further.  The company also shared that production of its flagship beer, Super Dry, has resumed through a temporary manual ordering system. While Asahi’s factories are not yet operating at full capacity, shipments for additional labels are expected to restart by October 15. However, as a direct consequence of the cyberattack and ongoing disruptions, Asahi announced it would delay the launch of new products that were initially planned for October 2025.  The attack on Asahi underscores the growing reach and sophistication of ransomware groups like Qilin, whose increasingly destructive campaigns continue to target global corporations across industries, threatening both economic stability and consumer trust.

 A recent Cyera report reveals that generative AI tools like ChatGPT, Microsoft Copilot, and Claude have become the leading source of workplace data leaks, surpassing traditional channels like email and cloud storage for the first time. The alarming trend shows that nearly 50% of enterprise employees are using AI tools at work, often unknowingly exposing sensitive company information through personal, unmanaged accounts. The research found that 77% of AI interactions in workplace settings involve actual company data, including financial records, personally identifiable information, and strategic documents. Employees frequently copy and paste confidential materials directly into AI chatbots, believing they are simply improving productivity or efficiency. However, many of these interactions occur through personal AI accounts rather than enterprise-managed ones, making them invisible to corporate security systems. The critical issue lies in how traditional cybersecurity measures fail to detect these leaks. Most security platforms are designed to monitor file attachments, suspicious downloads, and outbound emails, but AI conversations appear as normal web traffic. Because data is shared through copy-paste actions within chat windows rather than direct file uploads, it bypasses conventional data-loss prevention tools entirely. A 2025 LayerX enterprise report revealed that 67% of AI interactions happen on personal accounts, creating a significant blind spot for IT teams who cannot monitor or restrict these logins. This makes it nearly impossible for organizations to provide adequate oversight or implement protective measures. In many cases, employees are not intentionally leaking data but are unaware of the security risks associated with seemingly innocent actions like asking AI to "summarize this report". Security experts emphasize that the solution is not to ban AI outright but to implement stronger controls and improved visibility. Recommended measures include blocking access to generative AI through personal accounts, requiring single sign-on for all AI tools on company devices, monitoring for sensitive keywords and clipboard activity, and treating AI chat interactions with the same scrutiny as traditional file transfers. The fundamental advice for employees is straightforward: never paste anything into an AI chat that you wouldn't post publicly on the internet. As AI adoption continues to grow in workplace settings, organizations must recognize this emerging threat and take immediate action to protect sensitive information from inadvertent exposure.