Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
NHAI Ban Surveillance Tech
Chinese Cameras Cyber Security data security Highway Tolls NHAI Ban Surveillance Tech

India Bans Chinese Cameras at Highway Tolls Over Data Security Fears

 

India has taken a firm stand against potential surveillance risks by barring Chinese-made high-speed cameras from its highway toll plazas, prioritizing national security amid ongoing border tensions with China. The government's decision stems from concerns that data captured by these devices could be exploited for intelligence gathering, especially in conflict scenarios, prompting officials to replace existing installations and halt new imports of sensitive technology from China. 

This move aligns with broader efforts to reduce reliance on foreign hardware vulnerable to backdoors or remote access. The initiative is part of the National Highways Authority of India (NHAI)'s ambitious FASTag-enabled project to equip around 1,150 toll collection sites with advanced video devices that allow vehicles to pass without slowing down, enhancing traffic efficiency. 

Previously, cheaper Chinese cameras dominated due to cost advantages, but now NHAI has shortlisted trusted alternatives: Taiwan's VIVOTEK (a Delta Electronics unit), Germany's Robert Bosch GmbH, and US-based Motorola Solutions Inc. These suppliers' products, though pricier, undergo rigorous scrutiny to ensure no critical Chinese components. 

India's Standardisation Testing and Quality Certification Directorate (STQC) plays a pivotal role, testing cameras for highway tolls, CCTVs, and government deployments to verify origins and approve only those free of Chinese parts. This mirrors actions in Delhi, where over 140,000 Chinese CCTV cameras are being phased out in stages due to similar security worries.Companies like Hikvision and Dahua face effective bans on internet-connected video equipment, reflecting a nationwide push against perceived data vulnerabilities. 

The decision underscores persistent trust deficits despite recent India-China diplomatic thaws, rooted in decades-old border disputes. Globally, nations like the US, UK, and Australia have imposed restrictions on Chinese surveillance tech—Washington's watchlist targets over 130 firms with military ties, while the UK excluded Huawei from telecoms—fearing espionage via embedded software. India's proactive stance safeguards critical infrastructure handling vast vehicle data, including license plates and movements. 

While costlier, the shift bolsters digital sovereignty and sets a precedent for secure tech procurement in sensitive sectors. As India expands its highway network, this policy ensures smoother tolling without compromising security, signaling a strategic pivot toward reliable international partners.
Read more »
Windows 11
ChromeOS Cloud based services Cyber Security Google Microsoft Operating system Windows 11

Google Promotes ChromeOS Flex as Free Upgrade Option for Millions of Unsupported Windows 10 PCs

 





More than 500 million devices currently running Windows 10 are approaching a critical turning point, as many of them are not eligible for an upgrade to Windows 11 due to hardware limitations. This has raised growing concerns about long-term security risks once support deadlines pass. In response, Google is actively promoting an alternative, positioning its ChromeOS Flex platform as a free way to modernize aging systems.

Google states that older laptops and desktops can be converted into faster, more secure, and easier-to-manage devices by installing ChromeOS Flex. The system is cloud-based and designed to extend the usability of existing hardware without requiring users to purchase new machines. Although ChromeOS Flex has been available for some time, Google has now made adoption simpler by introducing a physical USB installation kit. Developed in partnership with Back Market, the kit allows users to install the operating system more easily. It is priced at approximately $3 or €3, is reusable, and is supported by recycling-focused efforts such as Closing the Loop to reduce electronic waste.

The timing of this push is closely linked to Microsoft’s decision to end mainstream support for Windows 10 in October 2025. That shift has forced users into a difficult position: invest in new hardware or continue using an operating system that will no longer receive full security updates. While Microsoft does offer an Extended Security Updates (ESU) program, it is only a temporary solution. For individual users, coverage extends for roughly one additional year, while enterprise customers may receive longer support under specific licensing agreements.

The transition to Windows 11 has also been slower than expected. Adoption challenges, largely driven by strict hardware requirements, have resulted in an unusually large number of users remaining on Windows 10 even after its official lifecycle milestone. This contrasts with Microsoft’s earlier expectations of a smoother migration similar to the shift from Windows 7 to Windows 10, which had seen broader and faster adoption.

Google is also emphasizing environmental considerations as part of its messaging. The company highlights that manufacturing a new laptop contributes significantly to its overall carbon footprint. By extending the lifespan of existing devices, ChromeOS Flex helps reduce landfill waste and avoids emissions associated with producing new hardware. Google further claims that ChromeOS-based systems consume around 19% less energy on average compared to similar platforms.

Despite this, switching away from Windows remains a debated decision. Many users rely on the Windows ecosystem for software compatibility, workflows, and familiarity. However, for devices that cannot support Windows 11, alternatives such as ChromeOS Flex present a practical workaround. Even in cases where users purchase new computers, older machines can still be repurposed using such operating systems, for example within households.

At the same time, Microsoft is continuing to strengthen its Windows 11 ecosystem. Devices already running Windows 11 are being automatically updated to newer versions to maintain consistent security coverage. The company is using artificial intelligence to determine when systems are ready for upgrades and applying updates accordingly. While a similar approach could theoretically be applied to Windows 10 devices that meet upgrade requirements, this has not yet been implemented. It remains uncertain whether this could change as future deadlines approach.

Recent developments have also drawn attention to user hesitation around Windows 11. Reports indicated that a recent update disrupted a key Start menu function, even as official communication suggested there were no outstanding issues. Subsequent updates and documentation now indicate that previously known bugs have been resolved, with Microsoft steadily addressing issues since the platform’s release in late 2024.

Additional reporting suggests that all known issues in the current Windows 11 version have been marked as resolved in official tracking systems. This reflects ongoing improvements, though it also underlines the complexity of maintaining stability across large-scale operating system deployments.

For enterprise users, Microsoft is extending support in more flexible ways. Certain legacy versions of Windows 10, including enterprise and IoT editions released in 2016, are eligible for additional security updates. These updates are delivered through ESU programs available via volume licensing or cloud solution providers. However, Microsoft continues to describe this as a temporary measure rather than a permanent extension.

For individual users, the situation is more restrictive. Extended Security Updates are limited in duration, and once they expire, devices will no longer receive security patches, bug fixes, or technical support. However, the continued availability of such programs suggests that support timelines may evolve depending on broader user adoption patterns.

The wider ecosystem is also seeing alternative recommendations. Some industry discussions encourage migration to Linux-based systems, while Google’s ChromeOS Flex represents a more consumer-friendly option. With hundreds of millions of devices affected, the coming months will play a crucial role in determining whether users remain within the Windows ecosystem or begin shifting toward alternative platforms.


Read more »
HubSpot
AI technology AI tools Bing AI search security Cyber Security Google search algorithm Google Search History HubSpot

AI Search Shift Causes HubSpot Traffic Drop and Forces Businesses to Rethink Digital Strategy

 

Surprisingly fast growth in AI-driven search is reshaping how people find information online. As habits shift, companies are seeing major traffic changes—HubSpot, for instance, lost nearly 140 million visits in just one year. This decline is closely tied to reduced reliance on traditional search engines, as users increasingly turn to AI tools for answers. Instead of clicking through multiple websites, people now get instant summaries, often without leaving the search page. 

This shift isn’t driven by a single factor. Search engine algorithm updates now prioritize credible, in-depth content while filtering out low-quality AI-generated material. At the same time, AI-generated overviews appear at the top of results, significantly reducing click-through rates—by as much as 60% to 70% in some cases. As a result, website traffic drops sharply when users get all the information they need upfront. 

Search behavior itself has evolved. Instead of typing short keywords, users now ask detailed, conversational questions. This forces companies to rethink how they structure their content. Traditional SEO alone is no longer enough—businesses must now optimize for AI systems that prioritize clarity, structure, and relevance over keyword density. This has led to the rise of Answer Engine Optimization (AEO), also known as generative engine optimization. 

Rather than focusing solely on search rankings, AEO ensures that AI tools can easily find, understand, and extract content. These systems, powered by large language models, favor well-organized, context-rich information that directly answers user queries. To adapt, companies like HubSpot are restructuring content into smaller, digestible sections that AI can easily pull from. While overall traffic may decline, the quality of visitors improves—those who arrive are more likely to engage and convert. 

Similarly, brands like Spice Kitchen and MKM Building Supplies are focusing on authoritative, informative content that positions them as reliable sources for AI-generated answers. Trust has become a key factor. Strong backlinks, transparent authorship, and clear, structured information all contribute to credibility. Unlike traditional search engines that relied heavily on keywords, AI systems prioritize meaning, coherence, and usefulness. Despite reduced traffic, AI-driven discovery offers advantages. 

Visitors coming through AI channels tend to be more informed and closer to making decisions, leading to higher conversion rates. These users arrive with intent, not just curiosity. Overall, AI-powered search marks a fundamental shift in digital marketing. Companies that fail to adapt risk becoming invisible, while those embracing AEO and structured content strategies can stay relevant. As AI continues to evolve, aligning content with changing user behavior will be critical for long-term success.
Read more »
Windows Zero Day
BlueHammer Vulnerability Cyber Security Endpoint security Exploit Code Release Microsoft Security Flaw NTLM Hash Theft Privilege Escalation Vulnerability management Windows Zero Day

Over 1 Billion Users Potentially Impacted by Microsoft Zero Day Exposure


 

Informally known as BlueHammer, a newly discovered Windows zero-day vulnerability has drawn attention to the cybersecurity community because of its ability to quietly hand over control to attackers. As privilege escalation flaws are not uncommon, this particular vulnerability is noteworthy because of its ability to bridge the gap between restricted access and total system control so efficiently. 

A malicious adversary who has already gained access to a device may leverage this flaw to elevate privileges to NT AUTHORITY/SYSTEM, effectively bypassing the core safeguards designed to keep damage at bay. Additionally, an exploit code that was fully functional and disclosed by a security researcher on April 3, which had not been made available for official remediation or defensive guidance, further aggravated the situation. 

The lack of a CVE, no patch, and the minimal acknowledgement from Microsoft so far indicate that BlueHammer has created a volatile window of exposure which leaves defenders without clear direction. On the other hand, threat actors face considerably lowered barriers to exploitation. 

In addition to the previous analysis, BlueHammer was found to operate as a sophisticated local privilege escalation chain integrated within the Windows Defender signature update process, rather than exploiting traditional memory safety flaws by abusing trusted system components. To trigger a race condition between the time of check and the time of use, a coordinated interaction between the Volume Shadow Copy Service, Cloud Files API, and opportunistic locking mechanisms is orchestrated. 

Using file state transition manipulations during signature updates, the exploit can access protected resources without requiring kernel-level vulnerabilities or elevated privileges. After execution, the exploit extracts the Security Account Manager database using a Volume Shadow Copy snapshot, revealing the password hashes of local accounts corresponding to the NTLM protocol. 

By utilizing these credentials, an administrator can assume administrative control, which leads to the launch of a shell in SYSTEM context. It is noteworthy that the exploit incorporates a cleaning routine that reverts back to the original password hash after execution, which minimizes the likelihood of immediate detection and complicates forensic analysis. Independent validations have confirmed the threat's credibility. The exploit chain, despite minor reliability issues in the initial proof-of-concept, is functionally sound once corrected, according to Will Dormann, Tharros' principal vulnerability analyst. 

Other researchers have demonstrated successful end-to-end compromises in subsequent tests, demonstrating that operational barriers are lowering quickly. This risk profile is heightened by the fact that there is no available patch, which leaves organizations without a direct method of remediation, and by the fact that exploit code has been published to the public, which historically accelerates the adoption of ransomware and advanced persistent threat attacks. 

In addition to standard user-level access, slightly outdated Defender signatures are required for the attack to occur, lowering the entry threshold. Further, the exploit is constructed from a series of independent primitives that can be used again after targeted fixes have been introduced, indicating a longer-term impact beyond a single vulnerability cycle. Additionally, the circumstances surrounding the disclosure have attracted public attention. 

The exploit was released publicly by a researcher operating under the alias Chaotic Eclipse, who expressed dissatisfaction with Microsoft's handling of the problem. It is evident from the accompanying statements that both frustration and intent were evident, as the researcher declined to provide detailed technical explanations but implied that experienced practitioners would be able to grasp the underlying mechanics quickly. 

Although the original codebase contained bugs affecting stability, these limitations have been addressed within the research community already. Due to these developments, what began as a partially functional demonstration has quickly evolved into a reproducible attack path, reinforcing concerns that BlueHammer may be able to go from a proof-of-concept to an active exploitation scenario for real environments. 

According to emerging details surrounding the disclosure, Microsoft had already been informed of the BlueHammer vulnerability, however, unresolved concerns in the handling process appeared to have led the researcher to release the exploit publicly without having it assigned a formal CVE. It is clear that although the published proof-of-concept initially encountered minor implementation problems, it has since proven viable for practical use. 

During independent validation by Will Dormann, the exploit was confirmed to be reliable across a variety of environments, including Windows Server deployments, where it achieved administrative control even when full SYSTEM privileges were not consistently acquired.

Using technical refinements from Cyderes' Howler Cell team, the exploit chain was executed completely after addressing the PoC inconsistencies, emphasizing the rapid decline of operational barriers associated with the exploit. It is designed to manipulate Microsoft Defender to generate a Volume Shadow Copy, and then strategically interrupt that process at a specific execution point so that sensitive registry data can be accessed before cleanup routines are activated.

Through this controlled interruption, NTLM password hashes associated with local accounts may be extracted and decrypted, followed by unauthorized alteration of administrative credentials. By using token duplication techniques, the attacker inherits administrative security tokens, elevates them to SYSTEM integrity levels, and utilizes the Windows service creation mechanism to launch a secondary payload as a result of this compromise. 

As a result of this, an active user session is initiated by launching a command shell operating under the NT AUTHORITY/SYSTEM authority. As a means of obscuring evidence, the exploit then restores the original password hash, ensuring that user credentials remain unchanged while erasing immediate indicators of compromise. 

According to security practitioners, BlueHammer represents a broader class of exploitation in which unintended combinations of legitimate system features are combined with discrete software defects to create an exploit. 

Cyderes leadership has noted that the technique weaponizes Windows functionality in such a manner that it evades conventional detection logic, and current Defender signatures appear to identify only the binary originally published. It is possible to bypass these detections by simply modifying the codebase, retaining the underlying methodology in its original form. 

Due to the absence of vendor-provided patches, defensive efforts have shifted toward behavioral monitoring, such as abnormal interactions with Volume Shadow Copy mechanisms, irregular Cloud File API activity, and unexpected creations of Windows services originating from low-privileged contexts. 

A number of additional indicators indicate potential exploitation attempts, including transient changes to local administrator passwords followed by rapid restoration. There are no confirmed reports of active in-the-wild abuse at this point, however the public availability of the exploit dramatically reduces the timeline for potential weaponization.

In the past, ransomware groups and advanced threat actors have demonstrated the capability to operationalize these disclosures within days, often integrating them into more comprehensive intrusion frameworks. 

While the requirement for local access to the network at first is a constraint, it does not pose a significant barrier to determined adversaries, who routinely gain access through credential theft, phishing campaigns, or lateral movement within compromised networks. Thus, BlueHammer should be considered a proactive exposure window, not an isolated vulnerability, highlighting the risks inherent in complex system interactions as well as the challenges associated with defending against exploitation paths that do not rely on a single, easily remediable flaw to exploit.

In the absence of immediate remediation, a containment strategy and a reduction of exposure are necessary response strategies for BlueHammer. It is recommended that security teams prioritize environments where untrusted or potentially compromised code is already running, since vulnerabilities of this nature are most effective when they have established a solid foothold. It is possible to significantly reduce the available attack surface in the short term by enforcing least-privilege enforcement, eliminating unnecessary local administrative rights, and closely inspecting anomalous privilege escalation patterns. 

Detecting subtle indicators of post-compromise activity is also critical, including irregular access to sensitive account data, unexpected privilege transitions, and processes that deviate from baselines, which indicate that a compromise has occurred. Managing risk from a broader perspective requires a clear understanding of emerging vulnerabilities and exposed assets. 

As a result of context-driven approaches that correlate newly disclosed vulnerabilities with organizational infrastructure, remediation efforts can be prioritized where they have the greatest impact rather than applying uniform responses across all systems. There is a particular need for this in scenarios where there is no immediate vendor guidance available, requiring defenders to rely on situational awareness and adaptive monitoring strategies. 

Finally, BlueHammer illustrates how a vulnerability can quickly shift from controlled disclosure to operational risk if exploit code is available in the public domain before it is properly fixed. Response timelines are compressed by these conditions, and defenders are disadvantaged, even in the absence of widespread exploitation that has been confirmed. 

Furthermore, this underscores the persistent reality of Windows security: attackers are often not required to use sophisticated remote exploits to achieve meaningful compromise in Windows. If a limited foothold is combined with a reliable escalation path, it is sufficient to take full control of the system. 

However, when that pathway becomes public without mitigations, the risk profile increases dramatically, and affected organisms must maintain a disciplined defensive posture and maintain sustained attention. It emphasizes the importance of resilience when faced with incomplete information and delayed remediation as a result of BlueHammer. 

Organizations that prioritize proactive threat hunting, adhere to strict access controls, and continuously verify system behavior against expected norms are better prepared to mitigate emerging threats in such scenarios. For limiting the impact of evolving exploitation techniques, a multilayered defensive strategy incorporating visibility, control, and rapid response is necessary rather than only relying on vendor-driven fixes.
Read more »
Ransomware
Backups Cyber Security Data Extortion Data Theft encryption system Ransomware

Why Backups Alone Can No Longer Protect Against Modern Ransomware




For a long time, ransomware incidents have followed a predictable pattern. An organization’s systems are locked, critical files become inaccessible, operations slow down or stop entirely, and leadership must decide whether to recover data from backups or pay a ransom.

That pattern still exists today, but recent findings show that the threat has evolved into multiple forms.

A recent industry report based on hundreds of real-world incident response cases reveals that attackers are increasingly moving toward a different strategy. Instead of encrypting data, many are now stealing it and using it for extortion. These “data-only” attacks have increased sharply, rising from just 2 percent of cases to 22 percent within a year, representing an elevenfold jump.

This trend is also reflected in broader industry data. The Verizon 2025 Data Breach Investigations Report treats both encrypted and non-encrypted ransomware incidents as part of a single extortion category. According to its findings, ransomware was involved in 44 percent of the breaches it studied.


Why resilience needs to be redefined

These developments highlight a critical issue. Many organizations still treat ransomware mainly as a problem of restoring operations. Their focus is often on how quickly systems can be brought back online, whether backups are secure, and how much downtime can be managed.

While these factors remain relevant, they are no longer enough to address the full scope of risk.

When attackers shift their focus from disabling systems to stealing sensitive information, the situation changes completely. The priority is no longer just restoring access to systems. Instead, organizations must immediately understand what data has been taken, who owns it, and how sensitive it is.

This includes identifying whether the exposed information involves customer records, regulated datasets, intellectual property, or internal communications. It also requires knowing where that data was stored, whether in primary systems, cloud services, third-party platforms, or legacy storage that may have been retained unnecessarily.

If leadership teams cannot quickly answer these questions, restoring systems will not prevent further damage, including regulatory consequences, reputational harm, or legal exposure.


Data theft is becoming the main objective

Additional reporting reinforces this shift. Data from Coveware shows that in the second quarter of 2025, data exfiltration occurred in 74 percent of ransomware incidents. The company noted that in many cases, stealing data has become the central objective rather than just a step before encryption.

Attackers are no longer focused only on disruption. Instead, they are aiming to maximize pressure by using stolen data as leverage.


Encryption still exists, but its role is changing

This does not mean that encryption-based attacks have disappeared. Many ransomware operations still use a “double extortion” approach, where they both lock systems and steal data.

However, the key change is that data theft alone can now be enough to force payment. This reduces the effectiveness of relying solely on backups as a defense strategy.

Organizations such as the Cybersecurity and Infrastructure Security Agency continue to stress the importance of maintaining secure and offline backups that are regularly tested. At the same time, they warn that cloud-based backups can fail if compromised data is synchronized back into the system and overwrites clean versions.

This underlines a broader reality: restoring systems is only one part of true resilience.


Moving beyond a recovery-focused mindset

The cybersecurity industry is gradually adjusting to these changes. There is a growing emphasis on protecting and understanding data, rather than focusing only on system recovery.

This reflects a more dynamic turn of events. Resilience is no longer just about recovering from an attack. It is about reducing uncertainty about data exposure before an incident occurs.

However, many organizations still measure their preparedness using disaster recovery metrics such as recovery time objectives and backup testing. Even service providers often frame ransomware readiness in these terms.

In a data-driven threat environment, a more meaningful measure of security maturity is whether an organization truly understands its data. This includes knowing where sensitive information is stored, how it moves across systems, who has access to it, and whether it needs to be retained.

Guidance from the National Institute of Standards and Technology supports this approach. Its Cybersecurity Framework 2.0 recommends maintaining detailed inventories of data, including its type, ownership, origin, and location. It also emphasizes lifecycle management, such as securely deleting unnecessary data and reducing redundant systems that increase exposure.

NIST’s incident response guidance further highlights that organizations with clear data inventories are better equipped to determine what information may have been affected during a breach.


The hidden risk of data sprawl

A major challenge for many organizations is uncontrolled data growth. Sensitive information is often copied across multiple platforms, including cloud storage, collaboration tools, shared drives, employee devices, and third-party services.

At the same time, outdated data is rarely deleted, often because responsibility for doing so is unclear. Access permissions also tend to expand over time without proper review.

As a result, organizations may appear prepared due to strong backup systems, while actually carrying significant hidden risk due to poorly managed data.


The bigger strategic lesson

The key takeaway is not that backups are unimportant. They remain a critical part of cybersecurity. However, they solve a different problem.

Backups help restore systems after disruption. They do not protect against the consequences of stolen data, such as loss of confidentiality, reputational damage, or reduced negotiating power during an extortion attempt.

To address modern threats, resilience must become more focused on data. This includes better classification of sensitive information, stronger access controls, improved visibility across cloud and third-party systems, and stricter data retention practices to reduce unnecessary exposure.

Organizations also need to communicate more clearly with leadership and stakeholders about the difference between operational recovery and true resilience.

Ultimately, the organizations best prepared for modern ransomware are not just those that can recover quickly, but those that already understand their data well enough to respond immediately.

In today’s environment, the gap between having backups and truly understanding data is where attackers gain their advantage.

Read more »
Lunar Survey
Breach Monitoring Credential Security Cyber Security Infostealer Threats Lunar Survey

Beyond Basic Monitoring: Why 2026 Demands Advanced Credential Defense

 

In today's cybersecurity landscape, stolen credentials represent a paramount threat, with infostealers harvesting 4.17 billion credentials in 2025 alone. A Lunar survey reveals that 85% of organizations view them as a high or very high risk, ranking them among the top three priorities for 62% of enterprises. Yet, many still rely on basic, checkbox-style monitoring tools that fail to address the evolving sophistication of attacks. 

Traditional breach monitoring focuses narrowly on data breaches while overlooking infostealer logs, combolists, and underground marketplaces. These tools suffer from high latency, stale data, and a lack of automation or forensic details like compromised accounts, infected devices, or stolen session cookies. Only 32% of surveyed enterprises use dedicated solutions, while 17% have none, leaving critical blind spots.IBM reports credential-related breaches cost $4.81-4.88 million on average. 

Modern infostealers like LummaC2 and AMOS bypass MFA and EDR by targeting active session tokens from unmanaged devices, enabling attackers to access accounts without passwords. Monthly checks cannot match the speed and scale of these threats, which evade detection through non-forensic data and ultra-low prices (ULPs) on dark web forums. This "breach monitoring paradox" persists even among knowledgeable teams.

To counter this, organizations must adopt continuous, normalized monitoring across breaches, stealer logs, and channels for a deduplicated exposure view. Targeted automation reduces false positives, prioritizing high-risk identities and sessions.Integrating behavioral analysis and session integrity checks detects post-authentication anomalies. AWS environments highlight similar issues, where manual monitoring fails against dynamic changes and 24/7 threats. 

Redefining breach monitoring as an ongoing program—beyond one-off products—delivers visibility, context, and automated playbooks. In 2026, with AI-powered attacks rising and detection times averaging 132 days, proactive strategies are essential. Enterprises ignoring this shift risk catastrophic losses amid infostealer proliferation.
Read more »
fintech companies
Cyber Security digital financial crime Digital Payment fake error messages Fintech fintech companies

Zoho Books Dispute Highlights Third-Party Payment Error Impacting FlexyPe Transactions

 

A conflict involving the fintech firm FlexyPe and the accounting platform Zoho has highlighted potential dangers when external tools connect to financial platforms. Problems emerged following inconsistencies found in FlexyPe's payment logs, which it first linked to flaws within Zoho Books. 

Out of the blue, FlexyPe's Azeem Hussain shared that a hands-on review of financial records showed some transaction failures wrongly labeled as completed. Because of this mismatch, around ₹3.8 lakh appeared logged in Zoho Books as paid - though the money never arrived. While checking entries line by line, the team spotted the gap between system data and real bank inflows. Since then, corrections have been made to reflect what actually moved through the accounts. 

Still nothing arrived, yet Zoho claimed otherwise, Hussain noted - wondering just how many months slipped by undetected. Processing vast numbers of transactions every day, the company now examines its finances more deeply, tracing back twenty-four months to uncover further mismatches that might exist. Still, Zoho pushed back hard against the allegations, insisting the fault lay elsewhere. 

Its official statement pointed to a different source: problems emerged not from inside its own systems. Instead, trouble began when Cashfree Payments - handling payments externally - marked failed attempts as complete. This mismatch fed faulty data into FlexyPe’s records. The result? Discrepancies piled up where numbers should have balanced. Zoho pointed out how its staff helped FlexyPe trace the core problem, while mentioning Cashfree’s public admission of the flaw. 

Although the inquiry wasn’t finished, FlexyPe aired accusations online - a move Zoho called premature. Because of this, the firm views those statements as inaccurate, which might lead to legal steps. Now, questions arise about timing, given the early release of unverified details by one party. Cashfree Payments addressed the matter, stating they found the problem within their system and are now moving forward with corrective steps. 

While building a lasting answer, a short-term adjustment went live to keep FlexyPe running smoothly. Even after clear explanations, legal steps are being prepared by Hussain to claim back money lost because of the event. What happened shows why checking records carefully matters - especially when outside software plays a key role in handling finances. When companies depend more on linked systems, this event shows how small connection mistakes might trigger serious problems in operations and costs.
Read more »
UNC4736 AppleJeus
Cyber Security DeFi security breach Drift Protocol Hack multisig attack crypto North Korean hackers crypto UNC4736 AppleJeus

North Korean Group Allegedly Orchestrates $270M Drift Protocol Hack After Months-Long Infiltration

 

A sophisticated intelligence campaign spanning six months reportedly led to the $270 million breach of Drift Protocol, with investigators linking the operation to a North Korean state-backed threat group. The details were revealed in an incident update shared by the protocol’s team on Sunday.

According to the report, the attackers initiated contact in fall 2025 during a prominent cryptocurrency conference. They posed as representatives of a quantitative trading firm interested in integrating with Drift. The group demonstrated strong technical expertise, credible professional histories, and a deep understanding of the platform’s functionality. Communication soon moved to a Telegram group, where discussions over trading strategies and vault integrations continued for months—mirroring typical onboarding processes for DeFi trading firms.

Between December 2025 and January 2026, the group successfully onboarded an Ecosystem Vault, participated in multiple collaborative sessions, invested more than $1 million of their own funds, and established a seemingly legitimate operational role within the ecosystem.

Drift contributors also met members of the group in person at several major global industry events through February and March. By the time the exploit occurred on April 1, the relationship had developed over nearly half a year.

Investigators believe the breach stemmed from two primary attack vectors.

One of these involved a malicious TestFlight application—Apple’s platform for distributing pre-release apps outside the App Store’s standard review process—which the attackers presented as their wallet solution.

The second vector exploited a known vulnerability in widely used development tools VSCode and Cursor. Security researchers had flagged this issue since late 2025, noting that simply opening a file or folder could trigger silent execution of malicious code without any warning.

After gaining access to contributor devices, the attackers were able to secure the required approvals for a multisig transaction. These pre-authorized transactions remained inactive for over a week before being executed on April 1, allowing the attackers to siphon $270 million from Drift’s vaults in less than a minute.

The attack has been attributed to UNC4736, a group associated with North Korea and also known as AppleJeus or Citrine Sleet. This conclusion is based on blockchain transaction trails linked to previous Radiant Capital attacks, as well as similarities in operational tactics tied to known DPRK-linked actors.

Interestingly, individuals who attended conferences and interacted in person were not North Korean nationals. Experts note that such groups often deploy intermediaries with carefully crafted identities, complete with credible employment records and professional networks designed to pass scrutiny.

In response, Drift has advised other DeFi protocols to reassess their security frameworks, particularly access controls. The team emphasized that any device involved in multisig governance should be treated as a potential point of compromise.

The incident raises broader concerns for the industry. Multisig systems are widely relied upon as a core security mechanism, but this case highlights their limitations. If attackers are prepared to invest months, significant capital, and real-world interactions to build trust within a platform, it challenges the effectiveness of existing security models in detecting such deeply embedded threats.
Read more »
Google
Cyber Security Cybersecurity data security Gmail Google

Gmail Address Change Feature Fails to Address Core Security Risks, Report Warns

 

A recent update by Google allowing users to change their Gmail address has drawn attention, but cybersecurity experts say it does little to solve deeper issues tied to email privacy and security. 

The feature, which has gained visibility following its rollout in the United States, lets users modify their primary Gmail address while keeping the old one active as an alias. 

The change has been framed as a way to move beyond outdated or inappropriate usernames created years ago. Google CEO Sundar Pichai highlighted the shift in a public post, noting that users no longer need to be tied to early-era email identities. 

However, experts say the update does not address the main problem facing email users today, widespread exposure of email addresses to marketers, data brokers and cybercriminals. 

Once an email address is used online, it is likely to be stored across multiple databases, making it a long-term target for spam and phishing attempts. Changing the visible username does not remove that exposure, especially since older addresses continue to function. 

Jake Moore, a cybersecurity specialist at ESET, said the ability to edit email addresses reflects a broader shift in how digital identity works, but warned it could introduce new risks. “Old addresses will still work as aliases,” he said, adding that this could increase the risk of impersonation and phishing attacks. 

Security researchers also point to the absence of a built-in privacy feature similar to Apple’s “Hide My Email,” which allows users to generate disposable email addresses for sign-ups and online transactions. These temporary addresses can be disabled at any time, limiting long-term exposure. 

Without a comparable system, Gmail users who change their address may still need to share their primary email widely, continuing the cycle of data exposure. 

The update may also create new vulnerabilities in the short term. Cybersecurity reports indicate that attackers are already using the feature as a lure in phishing campaigns, sending emails that direct users to fake login pages designed to steal account credentials. 

There are also early signs of increased spam activity. Online forums have reported a rise in unwanted emails, with some researchers suggesting the address change feature could allow attackers to bypass existing spam filters and start fresh. 

According to security researchers cited by industry outlets, many email filtering systems rely heavily on known sender addresses. 

If attackers rotate or modify those addresses, they may temporarily evade detection until new filters are applied. At the same time, changing a Gmail address does not stop unwanted messages from reaching the original account, since it remains active in the background. 

Experts say the update highlights a broader issue in email security. While giving users more flexibility over their identity, it does not reduce reliance on a single, permanent address that is repeatedly shared across services. 

They suggest that more effective solutions would include tools that limit how widely a primary email address is distributed, along with stronger controls over incoming messages. 

For now, users are being advised to treat emails related to the new feature with caution, particularly those that include links to account settings, as these may be part of phishing attempts.
Read more »
Mobile Security
Android Smartphone Cyber risks Cyber Security Cyberattacks Malware attacks Mobile Security

Why Restarting Your Smartphone Daily Can Improve Security and Reduce Cyber Risks

 

A daily routine most overlook could strengthen phone security in ways people rarely consider. Spurred by recent suggestions from Anthony Albanese, turning off mobile devices briefly each day is gaining notice among experts. Moments of complete shutdown, though small, disrupt potential digital intrusions before they take hold. Some risks fade simply because systems reset, clearing temporary weaknesses. What seems minor may actually reduce exposure over time. Brief downtime gives software a chance to shed lingering vulnerabilities. Officials now highlight this pause as both practical and effective. Restarting cuts connection threads hackers might exploit unnoticed. Even short breaks in operation tighten overall defenses. The act itself costs nothing, yet builds resilience through repetition. 

Though dismissed by some as old-fashioned, rebooting your device still holds value against modern digital threats. Security specialist Priyadarsi Nanda points out that such a step interrupts harmful background activities. On either platform - be it Apple’s system or Google’s - it makes intrusion less likely. One simple restart, oddly enough, weakens active exploits. Most times, turning a phone off and on removes short-lived glitches inside the system. Though an app seems inactive, it might still trigger unseen tasks behind the scenes. 

Under certain conditions, hackers take advantage of these lingering operations to stay connected to the hardware. A fresh start shuts every program and silent helper at once - breaking chains that sneaky actions rely upon. This tip has backing from the National Security Agency too; it suggests regular restarts to stay ahead of digital dangers. Its advice states that turning your phone off and on several times weekly may reduce exposure - not just to scams aimed at stealing data, but to complex intrusions as well. Even seemingly harmless app downloads might hide phishing traps aimed at stealing access. 

On the flip side, advanced methods like zero-click breaches take control without clicks or taps. Hidden flaws in chat platforms often open doors for these silent intrusions. A reboot won’t wipe out every trace of such stealthy code - but it may break its hold temporarily. Still, specialists point out rebooting alone won’t secure systems fully. One part of wider protection means also applying patches, steering clear of questionable websites, while relying on verified software. 

People managing confidential information might need extra steps beyond these basics. Though basic, rebooting a phone now then helps guard against shifting digital threats. Doing so each night before sleep cuts potential vulnerabilities without demanding much effort.
Read more »
public Quizlet
CBP Cyber Security Department of Homeland Security public Quizlet

Public Quizlet Flashcards Raise Concerns Over Possible CBP Security Exposure

 



A set of publicly available flashcards discovered through simple online searches has sparked concern after appearing to reveal sensitive details related to facility security at U.S. Customs and Border Protection locations in Kingsville, Texas.

The flashcards were hosted on Quizlet and compiled under the title “USBP Review” in February. They remained accessible until March 20, when the set was made private shortly after an inquiry was sent to a phone number potentially linked to the account. Although the listed user appeared to be located near a CBP facility, there is no confirmation that the content was created by an active employee or contractor.

CBP has stated that its Office of Professional Responsibility is reviewing the matter, emphasizing that such reviews are routine and do not automatically indicate misconduct. Other agencies under the Department of Homeland Security, including Immigration and Customs Enforcement, did not respond to requests for comment.

If the material is found to be linked to CBP personnel, it could signal a serious lapse for an agency tasked with protecting national borders and safeguarding the country.

The flashcards included what appeared to be access codes for checkpoint doors and specific facility gates, with exact numerical combinations provided in response to direct prompts. Some gate names were not disclosed in reporting due to uncertainty over their confidentiality. Additional entries outlined immigration-related violations such as passport misuse, visa fraud, and attempts to evade checkpoints, along with associated legal consequences.

Several cards also detailed procedural workflows, including voluntary return processes, expedited removals, and warrants of removal. These entries referenced required documentation and reminded users to verify accuracy using an internal “agents Resources Page.”

Quizlet stated that it takes reports of sensitive content seriously and removes material that violates its policies, encouraging users to report concerning sets for review.

Further content within the set described the Kingsville sector’s operational scope, covering approximately 1,932 square miles across six counties. It also explained internal grid and zone systems, noting that one grid designation does not exist due to the layout of regional highways.

The flashcards additionally identified 11 operational towers in the area, including abbreviated naming formats and shared jurisdiction between certain towers. Some of these references appeared to align with the previously mentioned gate locations, increasing the potential sensitivity.

Another entry described an internal system called “E3 BEST,” which enables officers to record, investigate, and process secondary inspection cases. The system allows simultaneous database checks on individuals and vehicles and supports the creation of event records tied to enforcement outcomes.

The incident comes at a time of accelerated hiring across border enforcement agencies. CBP has offered incentives of up to $60,000 to attract recruits, while ICE has promoted similar packages, including signing bonuses and student loan repayment support. Increased recruitment may expand the use of informal study tools, raising the risk of unintended exposure.

Additional searches also surfaced other flashcard sets potentially linked to DHS-related training. These included materials on detention standards and transportation procedures, with prompts such as detainees being transported in a “safe and humane manner” and rules stating that driving under the influence is prohibited. Another set appeared to contain answers to internal training questions, including multiple-choice responses such as “Both A and C” and “All of the above.”

One user created more than 60 flashcard sets between November 2025 and February 2026, covering topics from radio codes and alphabets to more advanced areas like body-worn camera policies and immigration-related Spanish vocabulary. A more recent set included terms resembling language used in recruitment messaging, such as “the nation,” “the security,” and “the homeland.”

From a broader security perspective, the incident highlights how publicly accessible platforms can unintentionally expose operational knowledge. While no confirmed misuse has been reported, the situation underlines the importance of controlling how internal training materials are created, shared, and stored, particularly within agencies responsible for national security.

Read more »
LinkedIn Users
Cyber Security Cybersecurity Jobs Fake Job Fake Job Ads Linkedin Linkedin Hacks LinkedIn Users

How to Spot and Avoid LinkedIn Scams: A Complete Guide to Staying Safe Online

 

Most people trust LinkedIn for connecting careers, finding jobs, or growing businesses - yet that very trust opens doors for fraudsters. Because profiles often reveal detailed backgrounds, attackers pull facts straight from bios to craft believable tricks. Spotting odd requests or sudden offers helps block risks before they grow. Awareness matters, especially when messages seem too eager or oddly timed. 

Most people come across false job listings on LinkedIn at some point. Fake recruiter accounts tend to advertise positions offering large salaries, little work, fast placement, or overseas moves. Often, these deals turn out poorly once applicants get asked for private details or required to cover costs like setup fees, instruction modules, or tools. A different but frequent method relies on deceptive messages that mimic real notifications from the platform - these contain harmful web addresses meant to capture account passwords and access codes. 

One way attackers operate now involves tailored tactics, including spear-phishing. Studying someone's online activity helps them design messages appearing genuine and familiar. Sometimes these interactions shift from LinkedIn to apps such as WhatsApp or Telegram, avoiding detection more easily. Moving communication elsewhere raises serious concerns - it typically precedes deeper manipulation. Another trend gaining ground includes scams based on fake investments or romantic connections; here, confidence grows slowly until false money offers appear, frequently tied to digital currency. Watch out for certain red flags when using professional platforms. 

When messages push you to act fast, promise big rewards, or ask for private data, stay cautious. A profile showing few contacts, missing background, or odd job timelines might not be genuine. Confirm who you're dealing with by checking corporate sites - this basic move often gets ignored. Start smart - shielding your online presence begins with straightforward habits. Click only trusted links, since risky ones open doors to trouble. Two-step login adds a layer of safety, making breaches harder. Strong passwords matter; reusing them weakens protection. 

Staying inside LinkedIn messages helps keep exchanges secure. Sharing less personal detail lowers exposure quietly. Privacy controls fine-tune who sees what - adjust them often. Safety grows when small steps add up behind the scenes. Right away, cut contact if something feels off - then alert LinkedIn about the account. 

When financial data might be exposed, changing passwords fast becomes key, while also warning your bank without delay. Even as the platform expands, threats rise at the same pace, which means staying alert matters more than any tool. Awareness acts quietly but powerfully, standing between safety and harm.
Read more »
Residential Proxies
Cyber Security GreyNoise IP‑reputation Residential Proxies

Residential Proxies Evade IP Reputation Checks in 78% of 4 Billion Sessions

 

Residential proxy networks are now evading IP‑reputation‑based security controls in a majority of malicious sessions, greatly undercutting a core pillar of network defense. A recent analysis by cybersecurity intelligence firm GreyNoise found that residential‑proxy‑routed traffic escaped IP‑reputation checks in 78% of roughly 4 billion malicious sessions over a three‑month window. Attackers rely on ordinary home and mobile‑network IP addresses passed through these proxies, making it hard for defenders to distinguish malicious scans from legitimate user traffic.

How residential proxies work 

Residential proxies route traffic through real‑world consumer devices—home routers, mobile phones, and small‑business connections—owned by ordinary users or enrolled into third‑party bandwidth‑sharing schemes. Many of these IPs are short‑lived, appearing only once or twice in attacker logs before being rotated, which prevents reputation feeds from cataloging them in time. About 89.7% of the residential IPs involved in attacks are active for under a month, with only small fractions persisting beyond two or three months.

The main problem is that IP reputation typically tags long‑running or heavily abused addresses, yet most residential proxy IPs are highly transient and geographically scattered. GreyNoise’s data shows the attacking residential IPs come from 683 different ISPs, blending with normal customer traffic and diluting any clear “bad‑IP” signal. Because attackers mainly use these proxies for low‑volume network scanning and reconnaissance instead of direct exploits, traffic patterns look benign at the network layer, letting 78% of such sessions slip past reputation‑based filters.

The study points to China, India, and Brazil as major sources of residential‑proxy traffic, with usage patterns that mirror human behavior, such as a noticeable drop in activity at night. GreyNoise identifies two main ecosystems behind these proxies: IoT botnets and compromised consumer devices whose installed software—such as free VPNs and ad‑blocking apps—secretly sells the device’s bandwidth. SDKs embedded in these apps enroll consenting or unaware users into proxy networks that monetize idle home‑network capacity.

Implications and future defenses 

The high evasion rate means relying solely on IP reputation is no longer sufficient for detecting threats routed through residential proxies. GreyNoise recommends shifting toward behavior‑based detection, including tracking sequential probing from rotating residential IPs, blocking unsupported enterprise protocols from ISP‑facing networks, and persistently fingerprinting devices even when their IP changes. Security teams will need layered analytics—combining session‑level behavior, device profiles, and protocol anomalies—to stay effective as attackers continue to exploit the camouflage of residential‑proxy infrastructure.
Read more »
NVIDIA
AMD Corporations Cyber Security Intel NVIDIA

AMD Announces Plan to Acquire Intel in Unprecedented Industry Turn

 




Advanced Micro Devices has revealed plans to acquire long-time rival Intel Corporation, marking a dramatic reversal in one of the most enduring rivalries in the semiconductor industry.

The proposed transaction, structured entirely as a stock-based deal, signals a major shift in industry power. Once viewed as the underdog, AMD has now surpassed Intel in market valuation, and the acquisition would further cement that transition.

For over four decades, the relationship between the two companies has been defined by competition, imitation, legal disputes, and strategic overlap. AMD historically operated in Intel’s shadow, often positioning itself as a secondary supplier while attempting to challenge its dominance. In recent years, however, AMD has strengthened its position across multiple computing segments and improved investor confidence, while Intel has faced setbacks.

Intel’s struggles have included delays in manufacturing advancements, inconsistent product execution, and repeated strategic adjustments. These challenges have contributed to a broader shift in market perception, allowing AMD to close the gap and eventually move ahead in key areas.

The idea of AMD acquiring Intel would have seemed highly unlikely just a few years ago, given Intel’s long-standing dominance as the central force in the personal computing ecosystem. The potential merger now reflects how drastically that balance has changed.

If completed, integrating the two companies could present organizational and cultural challenges, given their long history as direct competitors. Leadership from AMD indicated that the combined entity could accelerate product development timelines, streamline user experience, and maintain a level of internal competition despite operating under one structure.

In its response, Intel stated that the agreement could enhance shareholder value while providing its engineering teams with clearer direction and stronger operational support to rebuild competitive product offerings.

Industry analysts are still assessing the broader implications. Historically, Intel’s scale and manufacturing capabilities positioned it at the center of the computing market, while AMD functioned as a challenger that introduced competitive pressure. That dynamic has shifted as AMD expanded its presence in servers, desktops, and mobile computing, while Intel’s recovery efforts remain ongoing.

Several practical questions remain unresolved. These include how branding will be handled, whether both product lines will continue independently, and how regulators will evaluate the consolidation of two primary x86 architecture competitors under a single entity.

Sources familiar with the matter suggest AMD may adopt a structure that retains both brands in the near term. One internal concept reportedly frames Intel as a legacy-focused division, reflecting its historical significance while redefining its position within the organization.

Investor reaction has ranged from surprise to cautious optimism. Some market participants see the potential for operational efficiency and reduced rivalry, while others are concerned that combining the two companies could limit competition in the x86 processor market.

From a regulatory perspective, the deal is likely to face scrutiny due to the potential concentration of market power. The long-standing competition between AMD and Intel has historically driven innovation and pricing balance, and its reduction could reshape industry dynamics.

The announcement comes at a time when the semiconductor sector is undergoing rapid transformation, driven by demand for artificial intelligence, high-performance computing, and evolving global supply chains. Both companies have been investing heavily in these areas, alongside competitors such as NVIDIA Corporation.

At present, the timeline for completion remains subject to regulatory approvals and further review. While the companies have indicated confidence in moving forward, the scale and implications of the deal mean that its outcome will be closely watched across the industry.

Read more »
Malware Threats
AI cyberattacks AI Malware AI technology Cyber Security Cyberattacks DeepLoad Malware Threats

Windows 11 Faces Rising Threats from AI Malware and Critical Security Flaws

 

Pressure on Windows 11 security grows - driven by emerging AI-powered malware alongside unpatched flaws threatening companies and everyday users alike. The pace of change in digital threats becomes clearer through recent incidents, especially within large organizational networks. DeepLoad sits at the heart of recent cybersecurity worries. This particular threat skips typical download tactics altogether. 

Instead of dropping files, it operates without any - earning its "fileless" label. Users themselves become part of the breach process. By following deceptive prompts, they run benign-looking instructions in system utilities such as Command Prompt. Once executed, those inputs quietly trigger malicious activity behind the scenes. Since nothing gets written to disk, standard virus scanners often miss what's happening. 

Detection becomes difficult when there’s no file footprint to flag. After running, the malware stays active by embedding itself into system processes while reaching out to remote servers through standard Windows tools. Because it targets confidential information like passwords, its presence poses serious risks inside business environments. What makes it harder to detect is how it blends malicious activity with normal operating routines. Security teams may overlook it during routine checks due to this camouflage technique. 

Artificial intelligence makes existing threats more dangerous. Because AI-driven malware adjusts on the fly, it slips past standard detection systems. As a result, security tools struggle to keep up. With each change the malware makes, response times shrink. The gap between finding a flaw and facing an attack grows narrower by the hour. Meanwhile, security patches have been rolled out by Microsoft to fix numerous high-risk weaknesses. 

Affected are various business-focused builds of Windows 11 - both recent iterations and extended support variants. One major concern involves defects within the Routing and Remote Access Service (RRAS), where exploitation might let threat actors run harmful software from a distance. Full administrative access to compromised machines becomes possible through these gaps. Not just isolated systems feel the impact. 

That last Patch Tuesday, Microsoft fixed over eighty security gaps in its programs - problems hiding even inside tools such as Excel and Outlook. Opening an attachment wasn’t needed; sometimes, just looking at it could activate harmful code, showing how dangerous these weaknesses really are. Experts warn that even emerging AI tools, such as Microsoft Copilot, could introduce new risks if not properly secured, particularly when sensitive data is handled automatically. 

Though companies face the most attacks, regular individuals can still be affected. When new patches arrive, it helps to apply them without delay - timing often matters more than assumed. Opening unknown scripts carries risk; many breaches begin there. Unexpected requests, especially those demanding immediate steps, deserve extra skepticism. 

Change is shaping a new kind of digital danger - cleverer, slyer, built to exploit how people act just as much as system flaws. One moment it mimics trust; the next, it slips through unnoticed.
Read more »
water utility cybersecurity
Cyber Security Minot North Dakota news Ransomware attack SCADA system breach water treatment plant cyberattack water utility cybersecurity

Ransomware Attack Hits North Dakota Water Plant, Operations Shifted to Manual Monitoring

 

A water treatment facility in northern North Dakota was recently targeted in a ransomware attack, prompting operators to temporarily switch to manual monitoring of system gauges.

Officials from the City of Minot confirmed on Wednesday that despite the cyber incident, the region’s drinking water remained secure. In a letter submitted to the FBI, staff reported detecting the ransomware on March 14, which led to the use of “manual procedures” for approximately 16 hours until a replacement server was installed.

Jennifer Kleen, communications and engagement manager for Minot, explained that the ransomware affected the plant’s SCADA system, “which is kind of like a dashboard system. It brings all of those gauge readings to one spot.” While manual gauge checks are part of standard practice, employees had to perform them more frequently during the system outage.

The Minot water treatment plant supplies water to the city—home to around 50,000 residents—and surrounding communities under the Northwest Area Water Supply network, reaching a total of about 80,000 users.

Authorities discovered a ransom note on the compromised SCADA server, but it did not specify any payment demand. No ransom was paid, and officials have not identified the group responsible for the attack.

Recovery efforts are nearly complete, with the facility currently relying on an older server while preparing a new system. The city noted that the incident has created “opportunities for training exercises, improved communication, and preventative system design.” In a local television interview, City Manager Tom Joyce acknowledged that he would have convened a “crisis action team” earlier, including key officials, “to ensure we’re all on the same page right away.”

Cyber threats to water utilities have been on the rise, with groups linked to countries like China and Iran frequently targeting such infrastructure. A 2024 report by the Environmental Protection Agency’s Office of Inspector General highlighted multiple vulnerabilities across U.S. water systems. Out of more than 1,000 systems assessed—serving 193 million people—97 were found to have critical or high-risk vulnerabilities, while 211 had moderate to low-risk issues, including “having externally visible open portals.”

Government bodies at both federal and state levels have been pushing for stronger cybersecurity measures in the water sector. Proposed legislation aims to help smaller utilities modernize their systems and meet updated security standards. Meanwhile, New York recently introduced “first-in-nation” cybersecurity regulations, supported by funding for water treatment facilities.

However, experts warn that implementing such upgrades can take significant time—often months or even years—leaving systems exposed in the interim. Recent geopolitical tensions, including military actions involving the United States and Israel against Iran, have further heightened concerns. Information-sharing organizations, including the Water Information Sharing and Analysis Center, recently cautioned about a “highly volatile” threat landscape, warning of possible “increased cyberattacks from Iranian state-sponsored actors, hacktivists, and cybercriminal groups aligned with Iran.”
Read more »
Malware attacks
Axios Cyber Security Cyberattacks Deceptive npm packages Global Supply Chain Security macOS Malware attacks

Axios Supply Chain Attack Exposes npm Security Gaps with Token-Based Compromise

 

A breach in the Axios library - one of many relied upon in modern web development - has exposed flaws that linger beneath surface-level fixes. Through stolen access, hackers slipped harmful updates into what users assumed was safe code. This event underscores how fragile trust can be, even when systems claim stronger defenses. Progress in verifying packages and securing logins appears incomplete, given such exploits still succeed. Confidence in tools like those hosted on npm remains shaken by failures that feel both avoidable and familiar. 

A lead developer’s extended-use npm token was accessed by hackers, reports show from Huntress and Wiz. Through this entry point, altered builds of Axios emerged - versions laced with hidden code deploying a multi-system remote control tool. Not limited to one environment, the harmful update reached machines running on macOS, Windows, or Linux setups. Lasting just under three hours, the rogue releases stayed active online until taken down. 

Axios ranks among the top tools in JavaScript, downloaded more than a hundred million times each week, found in roughly eight out of ten cloud setups. Moments after the tainted update went live, malware started spreading fast; Huntress later verified infection on 135 machines while the vulnerability was active. Hidden within a third-party addition, plain-crypto-js slipped into Axios’s environment without touching its main codebase. Not through direct changes but via a concealed payload activated after installation. 

Running quietly once set up, it triggered deployment of a remote access tool on developers’ systems. Built to avoid notice, the malicious code erased itself under certain conditions. Altered components were restored automatically, masking traces left behind. One reason this breach stands out lies in its method - evading defenses thought secure. Even after adopting standard safeguards like OIDC for verified publishing and robust supply chain models, outdated tools remained active. 

A leftover npm access key opened the door despite stronger systems being in place. Where two login paths existed, preference went to the original token, rendering recent upgrades useless under that condition. This is now the third significant breach of the npm supply chain in just a few months, after events such as the Shai-Hulud incident. 

Each time, hackers used compromised maintainer login details to gain access, revealing a recurring weakness across the system. Though security professionals highlight benefits of measures like multi-factor verification and origin monitoring, these fail to block every threat when login data is exposed. 

With growing pressure, companies must examine third-party links, apply tighter rules on software setup, yet phase out outdated access methods instead. When trust rests on open-source tools, weaknesses in how credentials are handled can still invite breaches. A single event shows flaws aren’t always in the code itself - sometimes they hide where access is managed.
Read more »
vehicle AI security
Automotive Cybersecurity car hacking risks connected vehicles security Cyber Security OTA update vulnerabilities vehicle AI security

Cybersecurity Risks Rise as Modern Vehicles Become Complex Digital Ecosystems

 

Today’s vehicles have evolved into highly interconnected cyber-physical systems, combining mobile apps, backend infrastructure, over-the-air (OTA) update mechanisms, and AI-powered decision-making. This growing integration has significantly expanded the potential attack surface, introducing security risks that traditional IT frameworks were not designed to address. As a result, vulnerabilities are increasingly surfacing across the entire automotive ecosystem.

"Unlike a traditional IT system, like a mail server or your home network, the worst case scenario involves things like safety implications or real-world operational disruptions like closing down a road or being able to cause damage to the environment," said Kamel Ghali, vice president at Car Hacking Village.

With the shift toward software-defined vehicles and reliance on OTA updates, cars are beginning to inherit many of the same security weaknesses seen in conventional IT systems. At the same time, the integration of artificial intelligence introduces new concerns, as these models—now responsible for safety-critical decisions—must be safeguarded against manipulation or external interference, Ghali noted.

During a video interview with Information Security Media Group at the RSAC Conference 2026, Ghali further highlighted several key developments. He explained that the automotive supply chain is increasingly investing in cryptographically secure processors to gain a competitive edge. 

He also pointed out that threat modeling in the automotive sector is expanding beyond traditional IT considerations to address safety, operational continuity, and environmental impact. Additionally, he emphasized that maintaining supply chain integrity will likely emerge as the most significant long-term cybersecurity challenge for the automotive industry.

Ghali brings over seven years of expertise in automotive cybersecurity, specializing in ethical hacking, penetration testing, training, and product security. He is an active contributor to the global cybersecurity community, leads outreach initiatives for the DEF CON Car Hacking Village, and plays a key role in raising awareness about vehicle security risks.

Read more »
data security
Ai Data AI technology CPU Cyber Security Data Center data center GPUs Data protection data security

AI Datacenter Boom Triggers Global CPU and Memory Shortages, Driving Price Hikes

 

Spurred by growing reliance on artificial intelligence, computing hardware networks are pushing chip production to its limits - shortages once limited to memory chips now affect core processors too. Because demand for AI-optimized facilities keeps climbing, industry leaders say delivery delays and cost increases may linger well into the coming decade. 

Now coming into view, top chip producers like Intel and AMD face difficulty keeping up with processor needs. Because of tighter supplies, computer and server builders get fewer chips than ordered - slowing assembly processes down. This gap pushes shipment timelines further out while lifting prices by roughly one-tenth to slightly more than an eighth. With supply trailing behind, companies brace for longer waits and steeper costs. Heavy demand has pushed key tech suppliers like Dell and HP to report deeper shortages lately. Server parts now take months rather than weeks to arrive - delays once rare are becoming routine. 

Into early 2026, experts expect disruptions to grow worse, stretching stress across business systems and home buyers alike. With CPU availability shrinking, pressure grows on a memory market already strained. Because of rising AI-driven datacenter projects, need for DRAM and NAND has jumped sharply - shifting production lines from devices like smartphones and laptops. This shift means newer tech such as DDR5 costs more than before, making upgrades less appealing. People now hold onto older machines longer, especially those running DDR4, simply because replacing them feels too costly. 

Nowhere is the strain more visible than in everyday device markets. Higher expenses for parts translate directly into steeper price tags on laptops, along with slower release cycles. Take Valve - their Linux-powered compact desktop hit pause, held back by material shortages. On another front, Micron stepped away from selling memory modules to regular users, focusing instead on large-scale computing and artificial intelligence needs. Shifts like these reveal where attention now lies within the sector. 

Facing growing challenges, legacy chip producers watch as new players step in. Not far behind, Arm launches its debut self-designed CPU, built specifically for artificial intelligence tasks. Demand was lacking - now it's shifting. Big names like Meta, Cloudflare, OpenAI, and Lenovo are paying attention, drawn by fresh potential. Change arrives quietly, then spreads. 

Facing ongoing shortages, market projections point to extended disruptions through the 2030s - altering how prices evolve while shifting the rhythm of technological advances in chips and computing systems.
Read more »
Subscribe to: Comments (Atom)