Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Signal and Other Firms Oppose Canada's Proposed Surveillance Law

  A developing number of technology companies are raising concerns over Canada's proposed lawful access legislation, arguing that some p...

All the recent news you need to know
sensitive data
AI Agent AI Security claw Patrol Cyber Security Firewall sensitive data

Deno Releases Open-Source Firewall to Limit AI Agent Access to Sensitive Data

Deno has introduced an open-source security framework called Claw Patrol, a tool designed to help organizations control how AI agents interact with databases, business applications, cloud services, and other external systems.

The release comes as companies increasingly deploy AI agents to perform tasks that involve accessing internal resources, executing commands, and communicating with third-party services. While these capabilities can automate routine work, they also create security concerns if an AI system is manipulated, makes an incorrect decision, or gains access to information it should not handle.

According to Deno, Claw Patrol operates as an intermediary between an AI agent and the systems it needs to access. Instead of providing the agent with direct access to credentials such as API keys, authentication tokens, or database passwords, those secrets remain stored on a dedicated gateway server. When an authenticated request is required, the gateway supplies the credentials automatically, preventing the AI agent from viewing or storing them.

This approach is intended to reduce the risk of credential theft and prompt injection attacks, a technique where attackers attempt to manipulate AI models into revealing sensitive information or performing unauthorized actions. Even if an agent is tricked into executing a malicious instruction, the underlying credentials remain isolated from the model itself.

Beyond protecting credentials, Claw Patrol gives administrators the ability to define rules that determine exactly what actions an AI agent is allowed to perform. Organizations can block potentially dangerous database commands, restrict connections to unauthorized external services, or require additional approval before sensitive operations are executed.

For tasks that carry greater risk, the platform supports human review workflows. This allows certain requests to be paused until they are approved by an administrator, adding an additional layer of oversight before changes are made to critical systems.

Deno also states that the firewall can use large language model-based evaluation to assist with policy enforcement in situations where static rules may not be sufficient. This enables security controls to assess requests dynamically while still operating within predefined boundaries established by administrators.

To help organizations monitor AI activity, Claw Patrol includes tools that provide visibility into agent behavior. Administrators can review active sessions, inspect actions performed by agents, monitor resource consumption, and investigate unusual activity through a centralized monitoring interface. These capabilities are designed to support auditing and incident response efforts.

The platform is configured using HashiCorp Configuration Language (HCL), which allows administrators to define security policies, credentials, access permissions, and system endpoints. Deno says the framework supports multiple credential types and can be extended through custom plugins to meet specialized requirements.

Claw Patrol also incorporates role-based access controls, enabling organizations to assign permissions according to job responsibilities. This helps limit access to sensitive resources and reduces the likelihood of unauthorized activity within AI-powered workflows.

For secure communications, the platform can integrate with technologies such as WireGuard and Tailscale, allowing AI agents to connect to protected environments without exposing internal infrastructure directly to public networks. Deno has also included testing capabilities that allow administrators to evaluate policy changes against real-world actions before deploying them into production systems.

While the project introduces several security-focused capabilities, some challenges remain. Organizations unfamiliar with firewall administration or HCL-based configuration may face a learning curve during deployment. The current version also relies heavily on configuration files, and some users may prefer a graphical interface for managing rules and credentials. Additionally, certain networking features may require further refinement as the project matures.

Despite these limitations, the release reflects a growing focus on AI security as autonomous systems gain broader access to enterprise environments. By separating credentials from AI agents, restricting actions through policy controls, and providing continuous monitoring, Claw Patrol aims to give organizations greater control over how AI systems interact with critical business resources.

The project has been released as open-source software, allowing developers and security teams to inspect its code, modify its capabilities, and adapt it to their own operational requirements.

Read more »
Spear Phishing
Booking Scam Credential Theft Cyber Threats Guest Data Security Hospitality Cybersecurity Hotel Phishing Payment Fraud Social Engineering Spear Phishing

Fraudsters Exploit Hotel Reservation Records to Deceive Travelers


 

For years, phishing campaigns have relied on urgency, deception, and impersonation to lure victims into surrendering sensitive information. A newly observed threat, however, demonstrates how cybercriminals are increasingly enhancing those tactics with stolen or exposed real-world data. 

Security researchers have identified a large-scale operation in which threat actors leverage legitimate hotel reservation details to create highly convincing phishing messages that appear directly tied to a traveller’s recent booking activity. 

By incorporating authentic reservation information into their communications, attackers are able to bypass many of the warning signs users typically associate with scams, significantly increasing the credibility and effectiveness of the attack. The campaign, which reportedly affects customers linked to hundreds of hotels and vacation rental properties across dozens of countries, highlights a growing trend in cybercrime where access to genuine customer data is being weaponised to enable precision-targeted social engineering and financial fraud. 

By blending seamlessly into legitimate travel communications, the attackers are able to bypass the obvious warning signs of unsolicited email messages. Instead of sending unsolicited emails, the attackers approach travellers based on their current travel reservations. 

A guest relations or customer service department may send messages that seem to originate from the hotel and contain specific booking details that correspond to the guest's upcoming stay. As a routine verification request, payment confirmation, or administrative check, the communication creates a sense of legitimacy that significantly reduces suspicions of the hotel. 

In the recipient's perspective, the interaction resembles correspondence between hotels and guests, which makes the interaction very difficult to distinguish from genuine customer service initiatives. Research indicates that the scheme is more advanced than traditional phishing since it utilises the trust that has already been established by making a legitimate reservation to exploit the system. 

Threat actors may also compromise hotel employee credentials through separate phishing attacks, gaining access to hotel management systems, booking portals, or partner communication platforms through phishing attacks. Criminals can use this access to interact with travellers by using legitimate channels relating to real reservations, which allows them to embed fraudulent requests within trusted processes. Therefore, the attack has evolved from simple impersonation of a brand to the misuse of authentic hospitality infrastructure, thereby giving scammers a new level of credibility.

As a consequence of this evolution, there is a broader cybersecurity concern: social engineering becomes considerably more persuasive and much harder for both organisations and travellers to detect when attackers gain access to trusted business systems and customer context simultaneously. 

Although the exact source of the reservation data is currently under investigation, security experts have concluded that the information is likely to have been obtained as a result of compromises affecting hotel systems, hospitality partners, or third-party booking systems. As opposed to exploiting travellers directly, attackers typically target organisations that manage reservations directly at the onset. 

There are several methods by which hotel employees may be phished, malware-laden attachments are received, credentials are stolen, or booking service providers can be compromised. Once this information is obtained, it can become a powerful asset in social engineering campaigns. According to Cloudbeds Vice President of Engineering, Aaron Ownbey, the effectiveness of these scams is the result of the attackers possessing precise details regarding a guest's identity, travel dates, reservations value, and accommodation plans in addition to their knowledge of a guest's travel dates. 

Through such visibility, threat actors can create communications that closely resemble legitimate pre-arrival interactions, strengthening the call within the hospitality industry for increased employee security awareness, stronger authentication mechanisms against phishing attacks, and stricter controls over the access, export, and sharing of guest information.

Upon analysis of the fraud activity, two interconnected paths appear to be emerging. There is a first method of directly targeting guests, in which travellers receive WhatsApp messages, emails, SMS notifications, or booking-platform communications originating from hotels or guest service departments. 

In response to the fraudulent payment verification portal, victims are directed to fraudulent sites intended to harvest financial information while masquerading as routine account validation processes. This pattern has been notably observed by investigators in incidents related to online booking ecosystems, where genuine reservation information is an important component of creating credibility. 

Several countries have been identified as having been targeted by these campaigns, including the United Kingdom, France, Germany, the United States, Brazil, and Australia, highlighting the threat's international reach. Furthermore, by utilising multiple delivery channels, the operation is not dependent on a single platform, but is rather able to function as a flexible fraud framework that can adapt to any traveller's needs. It is also possible to compromise hotel-side systems and hospitality management platforms, a potentially more concerning attack path. 

When threat actors obtain employee credentials, they are able to gain access to reservations management tools, guest communication systems, and operational workflows. The platforms used to coordinate bookings and traveller interactions can then be exploited to communicate with guests using accounts that appear to be entirely legitimate. Researchers examined several incidents where attackers posed as security teams from trusted booking services and distributed what appeared to be mandatory software or security updates to accommodation partners. 

By delivering remote access malware, the deceptive material enabled further credential theft and deeper penetration of hospitality environments, enabling further credential theft. The criminal can then move beyond simple impersonation within these systems and begin operating through trusted channels that already occur within these systems on a day-to-day basis. As a whole, these incidents reveal an organised fraud pipeline rather than an isolated phishing attack.

A typical fraud attack typically begins with obtaining contextual information, followed by delivering a persuasive message via a trusted communication channel, and directing the victim into an automated payment or verification process designed to appear administrative rather than malicious. The ultimate objective is much greater than the fraudulent transaction itself. 

Payment cards that have been stolen can be used for low-value purchases, reused for larger transactions, or circulated within criminal marketplaces where they can be abused in the future. By combining this model with genuine reservation data and compromised hospitality systems, it becomes particularly difficult for traditional fraud indicators to detect. As these campaigns become increasingly prevalent, they highlight a wider challenge facing the hospitality industry.

Inherently trusted interactions, continuous guest communication, and rapid response requirements are the hallmarks of hotel operations. Messages regarding check-in procedures, payment confirmations, room preferences, and identity verification requests are received regularly by travellers, creating an operational backdrop that attackers can exploit easily. 

Consequently, conventional advice which focuses exclusively on identifying suspicious links or poor grammar is becoming less effective when the communication contains accurate reservation details and may even originate from legitimate business systems. This type of attack relies heavily on trusted context rather than branding or visual deception as its primary weapon. 

No matter which channel the unexpected payment verification request arrives through, it is best to treat it with caution when it occurs. It is important to navigate directly to the official booking service, hotel website, or verified mobile application to complete payment updates, irrespective of whether the message appears within a booking platform, via email, SMS, or messaging application. 

To obtain confirmation, guests should contact the property using information obtained independently from trusted sources rather than embedding information within the message. The individual who has already submitted payment details should assume that the information may be compromised. They should notify their financial institution as soon as possible, replace the affected cards, enable transaction monitoring, and be vigilant for subsequent fraud attempts that may utilise the stolen information. 

As phishing campaigns based on reservations are emerging, they illustrate how cybercrime is evolving beyond mass deception towards highly contextual attacks that utilise trust, timing, and legitimate data. A growing number of threat actors are exploiting compromised business systems as well as customer information, which leads to diminished visibility of traditional fraud indicators, leaving organisations and consumers exposed to risks that are more difficult to identify and prevent.

For the hospitality sector, the incident is a reminder that protecting guest data has become a critical security responsibility, which has direct consequences for customer trust rather than simply a privacy obligation. 

As a traveller, the best way to protect yourself is by verifying through trustworthy channels and exercising a healthy degree of caution in unexpected situations involving payments or sensitive information. As even genuine booking information can be weaponised in such an environment, trust should be anchored in independently verified actions rather than the apparent authenticity of a message.
Read more »
Technology
AI ALPR Data Spying Surveillance Technology

School Buses Could Become Surveillance Vehicles for Government in The US


In the US, school buses may soon become surveillance vehicles, according to 404 media’s report. A review of leaked documents revealed plans to deploy buses with automatic license plate readers (ALPR). 

The data will be allegedly given to government agencies. Already, privacy is a concerning issue amid rising data safety violations. Equipping buses with surveillance cameras will be unconstitutional and national-level spying of citizens in the US. 

About the incident

Bus Patrol, US’ leading provider of school bus stop-arm cameras has  over 40,000 AI-based cameras throughout 24 states. These cameras are allowed in 30 states, and are installed on school buses, and capture images of vehicles violating traffic rules when the bus is stopped. 

The footages captured  by the buses are “recorded, reviewed, and submitted to local law enforcement for review and final approval,” says BusPatrol. 

Stop-arm cameras claim to improve driver behaviour near school buses and student safety, but they have faced backlashes for failing on both ends. Stop-arm cameras also generate millions of dollars for businesses like BusPatrol. 

Currently, the firm plans to increase its data collection, revenue, and teaming with local law enforcement by changing stop-arm camera into ALPRs, as per the leaked BusPatrol documents. 

Why is ALPR system an issue?

ALPR systems are run by firms such as Flock Safety. They record the license plate number of passing vehicles but unlike traffic signals or stop-cameras, ALPR "cameras photograph every vehicle that drives by and can use artificial intelligence to create a profile with identifying information that then gets stored into a massive data base,” said the Institute for Justice (I.J), a public interest law firm. 

The data can be sent to law agencies which might use it for searching a vehicle or driver without requiring a legal warrant. The ALPR cameras fixed on moving school buses will help enforcement agencies to capture every moving vehicle they come across.

Flawed implementation

Without ethical enforcement, these cameras can be exploited. joshua Windham, a senior I.J. attorney, announced a nationwide campaign to oppose the uncontrolled and unconstitutional deployment of ALPR technology. 

Earlier ALPR systems’ data security has come under scrutiny after cases of sharing databases with immigration agencies surfaced despite company policies forbidding it. 

In Kansas, an officer used the data to trace his ex-girlfriend whereas in Texas, officers used the data to search for a woman who got an abortion. Such incidents have caused a few communities to termiate their contracts and discontinue ALPR entirely.

Read more »
Vulnerabilities and Exploits
Authentication Bypass CVE-2026-35616 EKZ Infostealer FortiClient EMS Fortinet vulnerability Vulnerabilities and Exploits

Hackers Exploit FortiClient EMS Flaw to Deploy EKZ Credential-Stealing Malware

 

Cybersecurity researchers have uncovered active attacks exploiting a critical vulnerability in FortiClient Enterprise Management Server (EMS) to distribute a previously undocumented credential-stealing malware known as EKZ Infostealer.

The attacks leverage CVE-2026-35616, an authentication bypass flaw in FortiClient EMS that enables unauthenticated remote attackers to execute arbitrary commands or code through specially crafted requests. The vulnerability stems from improper access control mechanisms and has been actively exploited in the wild.

Threat actors reportedly disguised the malware as a legitimate Fortinet endpoint update and delivered it through VPN scripting workflows managed by FortiClient. Fortinet acknowledged the exploitation of the flaw in early April and subsequently issued emergency hotfixes for versions 7.4.5 and 7.4.6 of the software.

Following reports of malicious activity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed federal agencies to secure vulnerable systems within days. Around the same period, The Shadowserver Foundation identified approximately 2,000 internet-exposed EMS instances.

Researchers at Arctic Wolf recently observed threat actors using the vulnerability to deploy the EKZ Infostealer. According to the company, attackers begin by abusing endpoint APIs to carry out administrative actions without requiring authentication.

After gaining access, the attackers alter EMS configurations and VPN policies to enable the execution of malicious scripts. Once an endpoint establishes an IPsec connection with a FortiGate firewall, the legitimate FortiClient process, fortitray.exe, launches malicious batch scripts through Command Prompt.

These scripts then execute a Base64-encoded PowerShell payload that downloads malware disguised as a Fortinet software update. The payload subsequently collects data from the victim's device and sends it to an attacker-controlled virtual private server (VPS) over HTTP.

“Rather than relying on a generic malware lure, the payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” reads the report from Arctic Wolf.

“On affected endpoints, FortiClient components launched command scripts that invoked PowerShell, downloaded a credential stealer, executed it silently, and exfiltrated harvested browser data before removing local artifacts.”

The malware, tracked as EKZ Infostealer, is designed to harvest sensitive information from both Chromium-based and Firefox browsers. It extracts stored browser data into text files and is capable of bypassing encrypted password protections.

Among the targeted data are login credentials, credit card information, addresses, phone numbers, and browser cookies. By stealing cookies, attackers may gain access to accounts protected by multi-factor authentication without needing the user's credentials.

Arctic Wolf noted that one potential indicator of compromise is the appearance of the log entry “Certificate not found in request header.” During testing, this message was often followed within seconds by another log entry indicating that a certificate associated with "fortinet-ca2" had been successfully updated.

Security teams are advised to monitor for unusual certificate authentication events and unauthorized modifications to Remote Access Profile settings. Additionally, suspicious administrative actions, newly created accounts, logins originating from unfamiliar locations such as Tor networks or VPS-hosted IP addresses, and unexpected configuration changes should be treated as potential warning signs of compromise.

Arctic Wolf has also released detailed detection and mitigation guidance to help organizations identify and defend against these attacks.

Read more »
Digital Personal Data Protection
Ad Data Privacy Browser privacy risks customer data privacy Cyber Security Data Surveillance Data-Driven Pricing Digital Personal Data Protection

Americans Back Surveillance Pricing Ban Amid Growing Privacy and Consumer Cost Concerns

 

Ahead of schedule, more people in the U.S. resist price tracking based on private information - details like where they shop, what they buy, or how often they spend. Because companies gather these patterns, each customer might face different costs for the same item. Although firms have used such methods before, fresh survey results show resistance gaining strength now. Despite quiet implementation earlier, citizens appear less willing lately to accept unseen adjustments shaped by their own data. 

A recent poll from GBAO Strategies shows public worry over how monitoring-based pricing might affect household expenses, especially food bills. While examining attitudes, it emerged that two-thirds think data-driven pricing models may push grocery costs higher. In contrast, nearly as many see risks in electronic shelf labels that let stores adjust prices instantly. Rather than accept these systems, most people lean toward intervention - about 67 percent back a full prohibition. Such views highlight unease with automated pricing methods shaped by customer tracking. 

Across party affiliations, resistance to tracking-based price adjustments emerged clearly. Most Democrats, those unaffiliated with either major party, and Republicans backed legal restrictions, showing suspicion of algorithmic cost calculations cuts through ideological boundaries. Uneasiness around how stores gather personal details to shape what people pay appears widespread. What worries privacy supporters isn’t just what things cost. The Electronic Frontier Foundation points out how much private detail is needed for tracking-based price models. Systems tap into details like age, where someone lives, their online activity, past buys - sometimes even race or gender. 

Using such data to set prices, some say, puts personal secrecy at risk. Questions also emerge around whether the process plays fair - and if anyone can truly see how it works. Some shoppers might already be experiencing such tactics, according to available data. Back in 2025, a probe by Consumer Reports uncovered disparities in item costs during an Instacart trial using artificial intelligence for pricing. Identical products carried distinct price tags depending on the user viewing them. 

At times, differences climbed up to one-quarter more than others paid. Although mentioned in internal presentations meant for business stakeholders, most buyers did not know adjustments were happening behind the scenes. Most times, people talk about surveillance pricing together with dynamic pricing - both shaped by algorithms in retail settings. Shaped by demand shifts, stock availability, or broader economic climates, prices shift under this model. 

Firms like Amazon and Walmart already apply forms of this method. Even though personal information plays a smaller role here, actions taken by shoppers - their habits, past buys - still guide how prices are set. Though talk grows louder, officials now question if tighter rules must follow. 

Because worries stretch across spending habits alongside personal data risks, how stores track buyers shapes wider talks on fairness and control. While some argue restraint matters more, others see unchecked patterns where price shifts tie too closely to who is watching.
Read more »
Vulnerabilities and Exploits
AI Security Bug Bounty Bug Hunting Security Patch Vulnerabilities and Exploits

AI Era Ignites Bug-Hunting Arms Race as Exploits Accelerate Faster Than Patches

 

The AI era has triggered a new cybersecurity arms race in which attackers and defenders are both using machine learning to find and exploit software vulnerabilities faster than ever. According to security experts, attackers are ramping up AI-powered exploit development, while security teams are deploying AI-driven detection and patching workflows to respond in real time. 

This acceleration is reshaping the economics of software security: the speed of vulnerability discovery no longer matches the slower pace of traditional analysis, triage, and patching, creating a dangerous imbalance between how quickly bugs are found and how quickly they can be fixed. The main issue is the flood of AI-generated bug reports overwhelming existing programs. Curl ended its bug bounty program after being inundated with low-quality submissions generated by AI tools. Linux’s security mailing list has become “almost entirely unmanageable” due to high volumes and duplicate AI bug reports from automated scanners.

Google recently overhauled its Vulnerability Reward Programs for Chrome and Android, lowering payouts for some bug classes while increasing others to focus on the most challenging and impactful vulnerabilities. These changes show that the industry is struggling to sort useful findings from noise while keeping costs sustainable. The same AI tools that help defenders also help attackers, which is the core asymmetry of this arms race. AI systems can now scan entire codebases, detect subtle patterns humans miss, and generate exploit code in days or even hours instead of months. 

Historically, exploiting a vulnerability could take years; now, exploits can emerge within 24 hours after discovery. This compression of the timeline means developers have less time to patch, attackers can automate exploitation, and low-skilled hackers gain advanced capabilities that were once reserved for elite teams. The result is a shrinking window between finding a flaw and it being weaponized. 

Organizations are responding with a mix of economic and structural measures. Some researchers argue that companies cannot simply “patch their way out of this” and must instead build infrastructure that makes many bugs irrelevant in practice. The industry is shifting toward “secure by default” designs, automated scanning in release candidates, and security-first development practices that reduce the number of exploitable weaknesses from the start. Google’s payout adjustments reflect a strategic shift to reward only the most impactful vulnerabilities, while smaller firms may struggle to keep up with rising costs and report volumes. 

The long-term issue is that vulnerability discovery is no longer a human-limited process but a machine-driven one, changing the balance of power in cybersecurity. AI exposes weaknesses faster than communities can respond, and the backlog of bugs now grows faster than it can be resolved. The winners will be those who treat security as continuous defense-in-depth, not as a one-time fix, and who build systems where most bugs are made irrelevant by design rather than by constant patching.
Read more »
Subscribe to: Posts (Atom)

Featured