Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Anthropic's Claude Code Leak: 500K Lines Exposed

  On March 31, 2026, Anthropic, the safety-focused AI company behind Claude, accidentally leaked over 500,000 lines of proprietary source co...

All the recent news you need to know
Malware attacks
Axios Cyber Security Cyberattacks Deceptive npm packages Global Supply Chain Security macOS Malware attacks

Axios Supply Chain Attack Exposes npm Security Gaps with Token-Based Compromise

 

A breach in the Axios library - one of many relied upon in modern web development - has exposed flaws that linger beneath surface-level fixes. Through stolen access, hackers slipped harmful updates into what users assumed was safe code. This event underscores how fragile trust can be, even when systems claim stronger defenses. Progress in verifying packages and securing logins appears incomplete, given such exploits still succeed. Confidence in tools like those hosted on npm remains shaken by failures that feel both avoidable and familiar. 

A lead developer’s extended-use npm token was accessed by hackers, reports show from Huntress and Wiz. Through this entry point, altered builds of Axios emerged - versions laced with hidden code deploying a multi-system remote control tool. Not limited to one environment, the harmful update reached machines running on macOS, Windows, or Linux setups. Lasting just under three hours, the rogue releases stayed active online until taken down. 

Axios ranks among the top tools in JavaScript, downloaded more than a hundred million times each week, found in roughly eight out of ten cloud setups. Moments after the tainted update went live, malware started spreading fast; Huntress later verified infection on 135 machines while the vulnerability was active. Hidden within a third-party addition, plain-crypto-js slipped into Axios’s environment without touching its main codebase. Not through direct changes but via a concealed payload activated after installation. 

Running quietly once set up, it triggered deployment of a remote access tool on developers’ systems. Built to avoid notice, the malicious code erased itself under certain conditions. Altered components were restored automatically, masking traces left behind. One reason this breach stands out lies in its method - evading defenses thought secure. Even after adopting standard safeguards like OIDC for verified publishing and robust supply chain models, outdated tools remained active. 

A leftover npm access key opened the door despite stronger systems being in place. Where two login paths existed, preference went to the original token, rendering recent upgrades useless under that condition. This is now the third significant breach of the npm supply chain in just a few months, after events such as the Shai-Hulud incident. 

Each time, hackers used compromised maintainer login details to gain access, revealing a recurring weakness across the system. Though security professionals highlight benefits of measures like multi-factor verification and origin monitoring, these fail to block every threat when login data is exposed. 

With growing pressure, companies must examine third-party links, apply tighter rules on software setup, yet phase out outdated access methods instead. When trust rests on open-source tools, weaknesses in how credentials are handled can still invite breaches. A single event shows flaws aren’t always in the code itself - sometimes they hide where access is managed.
Read more »
Windows Utility Exploit
Cyber Threats Gigabyte Control Center Vulnerability Patch Management Privilege Escalation Remote Code Execution Windows Utility Exploit

Arbitrary File Write Bug in Gigabyte Control Center Sparks Security Alerts


 

It is becoming increasingly apparent that trusted system utilities are embedded with persistent security risks, as GIGABYTE Control Center, a widely deployed Windows-based management tool that is packaged with select devices, has been put under scrutiny following the disclosure of a critical security flaw. 

Inadvertently, the software designed to give users centralized control over essential hardware functions exposed a potential pathway for threat actors to alter system behavior on a fundamental level. Despite the fact that the vulnerability has been addressed, it is potential to exploit it in order to execute unauthorized code, write arbitrary files, and potentially disrupt system availability through denial-of-service. 

Since the utility is deeply entwined with device operations and is installed on GIGABYTE motherboards, the vulnerability has significant implications for users as well as enterprises, making it increasingly important to deploy patches and harden systems in a timely manner. Software vulnerable to this vulnerability is GIGABYTE Control Center, which is pre-installed on all laptops and supported motherboards, serving as a central point of configuration and oversight for the entire system.

Integrated with Windows, it provides a comprehensive set of operational controls for monitoring and managing hardware, adjusting thermal and fan curves, optimizing performance, customizing RGB lighting, and installing driver and firmware updates. 

The broad access to underlying system functions, which is intended to enhance user convenience, amplifies the potential impact of any vulnerabilities in the system. There is a particular concern regarding an integrated "pairing" feature designed to facilitate communication between host systems and external devices or services over a network. 

When enabled in versions of Control Center up to and including 25.07.21.01, this function significantly expands the application's interaction surface. Thus, it introduces a vulnerability that can be exploited under specific circumstances, increasing the attack surface of affected systems by creating a network-exposed vector. It is this feature that makes it an important focal point when assessing the overall risk profile associated with the vulnerability because it is linked to elevated system privileges and network-enabled communication. 

According to additional technical analysis, the issue may be related to the vulnerability CVE-2026-4415, which has a rating of 9.2 under CVSS 4.0 framework, and has been identified within the pairing mechanism within GIGABYTE Control Center versions 25.07.21.01 and earlier. As a result of insufficient safeguards regarding how the application handles network-initiated interactions, David Sprüngli is credited with discovering the vulnerability. 

The pairing feature provides an opportunity for unauthenticated remote actors to write arbitrary files across the system's file structure when it is active. With the utility's elevated privileges and close integration with system processes, such access is potentially useful for the execution of remote code, escalation of privileges, or disruption of system availability. 

A particularly concerning aspect of the vulnerability is its ability to bypass conventional trust boundaries, effectively creating a potential attack vector from a legitimate management feature. A new version of GIGABYTE's Control Center has been released, titled 25.12.10.01, which introduces a series of corrections across multiple functional layers, including download handling routines, message validation processes, and command-level encryption, as well as corrective measures for multiple functional layers. In combination, these enhancements mitigate the risks associated with the exposed pairing interface. 

According to the company's advisory, users should update immediately and obtain the patched version only through official software distribution channels, thereby reducing the possibility of compromised or tampered installers occurring. Such incidents reinforce the importance of treating vendor-supplied utilities the same way we'd treat any externally sourced software, especially when they're elevated privileges and have network access. 

The company and individual users should both adopt a proactive patch management strategy, audit pre-installed applications on a regular basis, and disable features not specifically required for use, such as remote pairing. The implementation of multiple security controls, including endpoint monitoring, network segmentation, and strict access policies, can significantly reduce exposure to similar threats. 

The integration of hardware ecosystems and software-driven management layers becomes increasingly complex, so maintaining vigilance over these trusted components is crucial to maintaining the integrity of the overall system.
Read more »
malware
Aisuru botnet API Chaos Malware Cloud systems Docker malware

New Chaos Malware Variant Expands to Cloud Targets, Introduces Proxy Capability

 



A newly observed version of the Chaos malware is now targeting poorly secured cloud environments, indicating a defining shift in how this threat is being deployed and scaled.

According to analysis by Darktrace, the malware is increasingly exploiting misconfigured cloud systems, moving beyond its earlier focus on routers and edge devices. This change suggests that attackers are adapting to the growing reliance on cloud infrastructure, where configuration errors can expose critical services.

Chaos was first identified in September 2022 by Lumen Black Lotus Labs. At the time, it was described as a cross-platform threat capable of infecting both Windows and Linux machines. Its functionality included executing remote shell commands, deploying additional malicious modules, spreading across systems by brute-forcing SSH credentials, mining cryptocurrency, and launching distributed denial-of-service attacks using protocols such as HTTP, TLS, TCP, UDP, and WebSocket.

Researchers believe Chaos developed from an earlier DDoS-focused malware strain known as Kaiji, which specifically targeted exposed Docker instances. While the exact operators behind Chaos remain unidentified, the presence of Chinese-language elements in the code and the use of infrastructure linked to China suggest a possible connection to threat actors from that region.

Darktrace detected the latest variant within its honeypot network, specifically on a deliberately misconfigured Hadoop deployment that allowed remote code execution. The attack began with an HTTP request sent to the Hadoop service to initiate the creation of a new application.

That application contained a sequence of shell commands designed to download a Chaos binary from an attacker-controlled domain, identified as “pan.tenire[.]com.” The commands then modified the file’s permissions using “chmod 777,” allowing full access to all users, before executing the binary and deleting it from the system to reduce forensic evidence.

Notably, the same domain had previously been linked to a phishing operation conducted by the cybercrime group Silver Fox. That campaign, referred to as Operation Silk Lure by Seqrite Labs in October 2025, was used to distribute decoy documents and ValleyRAT malware, suggesting infrastructure reuse across campaigns.

The newly identified sample is a 64-bit ELF binary that has been reworked and updated. While it retains much of its original functionality, several features have been removed. In particular, capabilities for spreading via SSH and exploiting router vulnerabilities are no longer present.

In their place, the malware now incorporates a SOCKS proxy feature. This allows compromised systems to relay network traffic, effectively masking the origin of malicious activity and making detection and mitigation more difficult for defenders.

Darktrace also noted that components previously associated with Kaiji have been modified, indicating that the malware has likely been rewritten or significantly refactored rather than simply reused.

The addition of proxy functionality points to a broader monetization strategy. Beyond cryptocurrency mining and DDoS-for-hire operations, attackers may now leverage infected systems to provide anonymized traffic routing or other illicit services, reflecting increasing competition within cybercriminal ecosystems.

This shift aligns with a wider trend observed in other botnets, such as AISURU, where proxy services are becoming a central feature. As a result, the threat infrastructure is expanding beyond traditional service disruption to include more complex abuse scenarios.

Security experts emphasize that misconfigured cloud services, including platforms like Hadoop and Docker, remain a critical risk factor. Without proper access controls, attackers can exploit these systems to gain initial entry and deploy malware with minimal resistance.

The continued evolution of Chaos underlines how threat actors are persistently enhancing their tools to expand botnet capabilities. It also reinforces the need for continuous security monitoring, as changes in how APIs and services function may not always appear as direct vulnerabilities but can exponentially increase exposure.

Organizations are advised to regularly audit configurations, restrict unnecessary access, and monitor for unusual behavior to mitigate the risks posed by increasingly adaptive malware threats.

Read more »
user data security
Apple Privacy cybersecurity risks Data protection Email Anonymity email encryption Hide My Email Law Enforcement Access Privacy user data security

Apple Reinforces Digital Privacy for Users Without Restricting Law Enforcement Oversight


 

The company has long positioned its privacy architecture as a defining aspect of its ecosystem, marketing it as more than a feature, but a fundamental right built into its products as well. However, the latest disclosures emerging from US legal proceedings suggest that privacy boundaries are neither absolute nor impermeable, and that a more nuanced reality emerges. 

It is the "Hide My Email" function that is under scrutiny, a tool designed to hide users' real email addresses from third-party apps and websites. Despite its success in minimizing commercial tracking and unsolicited exposure, recent legal revelations indicate that this layer of anonymity can be effectively reversed under lawful authority to ensure effectiveness. 

Moreover, the development highlights the important distinction between consumer privacy assurances and judicial obligations imposed by technology companies, reframing conditional anonymity as a controlled filter operating within clearly defined legal limits rather than as a cloak of invisibility. 

Subsequent disclosures from investigative proceedings provide additional insight into how this conditional anonymity works in practice. Apple has received a request from federal authorities, including the Federal Bureau of Investigation, for subscriber information regarding a threatening communication directed at Alexis Wilkins, a person who was reported to have been associated with FBI Director Kash Patel.

According to the warrant application, Apple was able to correlate the anonymized "Hide My Email" alias to a specific user account by providing details on subscriber identification along with a wider dataset that contained over a hundred additional aliases created under the same profile. It was found that Homeland Security Investigations investigated an alleged identity fraud operation in a similar manner, in which multiple masked email identities were linked to Apple accounts under underlying identity fraud schemes, allowing investigators to consolidate disparate digital footprints into one framework for attribution. 

Collectively, these examples reveal an important structural aspect of Apple's ecosystem: while certain layers of iCloud services are protected by end-to-end encryption, a portion of account and communication information is still accessible under valid legal processes. Despite the fact that subscriber information, including names, billing credentials, and associated identifiers, remains within the compliance boundary rather than a cryptographic boundary, which does not contain end-to-end encryption of the content. 

The delineation reinforces an issue of broader significance to the industry, in which conventional email infrastructure is built without pervasive encryption safeguards, making it inherently vulnerable to lawful interception by its users. It is against this backdrop that privacy-conscious individuals are increasingly turning to platforms such as Signal, which offer default end-to-end encryption and minimal data retention. 

As for Apple, it has not responded directly to these developments, although the disclosures have prompted a review of how privacy assurances are communicated and understood within technologically advanced and legally obligated environments. A sustained increase in government access requests against major technology providers is reflective of the context in which these disclosures are made. 

According to Apple's transparency data, it processed more than 13,000 such requests for customer information during the first half of 2025, with email-related records contributing significantly to account attribution, threat analysis, and criminal investigations due to their evidentiary value. Nevertheless, this dynamic is not limited to Apple's ecosystem.

Similar constraints exist among providers such as Google and Microsoft, where legacy email protocols - architected in an era before modern encryption standards - continue to limit the amount of privacy protection inherent within their systems. Although niche services such as Proton have attempted to address this issue by implementing end-to-end encryption by design, their adoption remains marginal relative to the global email user base, which underscores the persistence of structurally exposed communication channels within this environment. 

Apple’s position is especially interesting in light of the divergence between its privacy-oriented messaging and its email infrastructure's technical realities. Hide My Email provides demonstrably reduced exposure to commercial tracking and data aggregation, however it does not alter the underlying compliance model governing lawful data access. 

The distinction has re-ignited an ongoing policy debate around encryption, a controversy Apple has previously encountered with the use of iMessage and other Apple services. Regulations and law enforcement agencies contend that inaccessible communications impede legitimate investigations, and extending comparable end-to-end encryption to iCloud Mail may result in renewed friction.

In contrast, privacy advocates contend that any lowering of encryption standards introduces systemic security risks. Thus, email privacy remains a compromise governed both by legal frameworks as well as engineering decisions at present. 

It is common for users seeking stronger privacy to rely on specialized encryption platforms, but such platforms present usability constraints and interoperability challenges with the larger email ecosystem. There is an important distinction to be drawn from recent federal requests: privacy controls designed to limit the visibility of corporate data do not automatically ensure that government access is restricted. 

The implementation of Apple's products is within this boundary, balancing user expectations with statutory obligations. However, there remains a considerable gap between perceptions and operational realities that calls for reevaluation. It is unclear if the company will extend its end-to-end encryption model to email services, particularly in light of the political and regulatory implications of such a shift. 

It is important to note that privacy is not a binary guarantee, but rather a layered construct that is shaped by both technical design and legal jurisdiction as a result of the developments. As such, organizations and individuals alike should reassess their threat models, identifying clearly between protections required for sensitive communications as opposed to protections against commercial data exposure. 

In cases where confidentiality is extremely important, standard email services may be insufficient, which necessitates selective adoption of stronger encryption techniques, secure communication channels, and disciplined data handling procedures. As a result of clear, and often misunderstood, boundaries within which privacy features operate, informed usage remains the most reliable safeguard in an environment where privacy features operate within clearly defined boundaries.
Read more »
Technology
AI ChatGPT Duck.ai DuckDuckGo Gemini GenAI Google Technology

How Duck.ai Offer Better Privacy Compared to Commercial Chatbots


Better privacy with DuckDuckGo's AI bot

Privacy issues have always bothered users and business organizations. With the rapid adoption of AI, the threats are also rising. DuckDuckGo’s Duck.ai chatbot benefits from this.

The latest report from Similarweb revealed that traffic to Duck.ai increased rapidly last month. The traffic recorded 11.1 million visits in February 2026, 300% more than January. 

Duck.ai's sudden traffic jump

The statistics seem small when compared with the most popular chatbots such as ChatGPT, Claude, or Gemini. 

Similarweb estimates that ChatGPT recorded 5.4 billion visits in February 2026, and Google’s Gemini recorded 2.1 billion, whereas Claude recorded 290.3 million. 

For DuckDuckGo, the numbers show a good sign, as the bot was launched as beta in 2025, and has shown a sharp rise in visits. 

DuckDuckGo browser is known for its privacy, and the company aims to apply the same principle to its AI bot. Duck.ai doesn't run a bespoke LLM, it uses frontier models from Meta, Anthropic, and OpenAI, but it doesn't expose your IP address and personal data. 

Duck.ai's privacy policy reads, "In addition, we have agreements in place with all model providers that further limit how they can use data from these anonymous requests, including not using Prompts and Outputs to develop or improve their models, as well as deleting all information received once it is no longer necessary to provide Outputs (at most within 30 days, with limited exceptions for safety and legal compliance),”

Duck.ai is famous now

What is the reason for this sudden surge? The bot has two advantages over individual commercial bots like ChatGPT and Gemini, it offers an option to toggle between multiple models and better privacy security. The privacy aspect sets it apart. Users on Reddit have praised Duck.ai, one person noting "it's way better than Google's," which means Gemini. 

Privacy concerns in AI bots

In March, Anthropic rejected a few applications of its technology for mass surveillance and weapons submitted by the Department of Defense. The DoD retaliated by breaking the contract. Soon after, OpenAI stepped in. 

The incident stirred controversies around privacy concerns and ethical AI use. This explains why users may prefer chatbots like Duck.ai that safeguard user data from both the government and the big tech. 

Read more »
Malware attacks
ClickFix ClickFix Attack Cyber Attacks data security Data Theft Infostealer Infostealer Malware leaked sensitive data Mac OS Malware attacks

Infiniti Stealer Targets Mac Users with ClickFix Social Engineering Attack

 

Not stopping at typical malware tricks, Infiniti Stealer targets Macs using clever social manipulation instead of system flaws. Security firm Malwarebytes uncovered the operation, highlighting how it dodges standard protection tools. Once inside, the software slips under the radar easily. What stands out is its reliance on tricking users, not breaking through digital walls. 

Starting off, attackers rely on a technique called ClickFix, tricking people into running harmful software without realizing it. Instead of clear warnings, users land on fake websites designed to look real - usually through deceptive emails or infected links. These pages imitate trusted security checks used by Cloudflare, copying their layout closely. A common "I am not a robot" checkbox shows up first. Then comes misleading directions hidden inside what seems like normal steps. Though simple at glance, each piece nudges victims toward unintended actions.  

Spotlight pops up when users start the process, guiding them toward finding Terminal. Once there, they run an unfamiliar line of code by pasting it directly. What seems like a small task hides its real intent - execution happens under human control, so security tools often stand down. The trick works because actions led by people rarely trigger alarms, even if those actions carry risk. Hidden behind normal behavior, the command slips through defenses without raising flags. 

Execution triggers installation of Infiniti Stealer onto the system. Though built in Python, it becomes a standalone macOS executable through compilation with Nuitka. Because of this conversion, detection by security software weakens. Analysis grows more difficult when facing such repackaged threats instead of standard interpreted scripts. Stealth improves simply by changing how the code runs.  

Once installed, it starts pulling private details from the compromised device. Things like stored login credentials, web history including cookies, snapshots of screens appear among what gets gathered. From there, the data flows toward remote machines managed by hackers - opening doors to hijacked accounts or stolen identities. What leaves the machine often fuels more invasive misuse downstream. What stands out is how this campaign signals a change in the way attackers operate. 

Moving away from technical flaws or harmful file attachments, they now lean heavily on manipulating people’s actions - especially by abusing their confidence in everyday website features such as CAPTCHA challenges. When unsure, steer clear of directions from unknown online sources - particularly if they involve running Terminal commands. Real authentication processes never ask people to enter scripts into core system utilities. 

When signs of infection appear, stop using the device without delay. Security professionals suggest changing credentials through an unaffected system right away. Access tokens tied to the infected hardware should be invalidated promptly. A different machine must handle these updates to prevent further exposure.
Read more »
Subscribe to: Comments (Atom)

Featured