Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Europol Takes Down Large Dark Web Scam Network

European law enforcement has dismantled an extensive Dark Web operation that was built to deceive users seeking illegal content and cybercri...

All the recent news you need to know
Vulnerabilities and Exploits
GitHub Supply Chain Attack Trivy Scanner Vulnerabilities and Exploits

Trivy Scanner Hit by Major Supply Chain Attack

 

Aqua Security's popular open-source vulnerability scanner, Trivy, has been compromised in an ongoing supply chain attack that began in late February 2026 and escalated dramatically by mid-March. Threat actors exploited misconfigurations in Trivy's GitHub Actions workflows, stealing privileged tokens to gain persistent access to repositories and release processes. 

This breach turned a trusted DevSecOps tool—boasting over 32,000 GitHub stars—into a vector for credential theft across countless CI/CD pipelines worldwide. The attack unfolded in phases, starting with a token theft from a misconfigured GitHub Action on February 28, allowing initial foothold establishment. By March 19, attackers force-pushed malicious code to 76 of 77 tags in aquasecurity/trivy-action and all 7 in setup-trivy, repointing versions like v0.69.4 to infostealer payloads.

The malware executed stealthily: it harvested GitHub tokens, cloud credentials, and SSH keys, encrypted them in tpcp.tar.gz archives, exfiltrated to scan.aquasecurtiy[.]org, then ran legitimate Trivy scans to avoid detection. Malicious Docker images under tags like latest, 0.69.5, and 0.69.6 further spread the threat via container registries. Despite Aqua Security's credential rotations after the initial incident, incomplete measures let attackers reestablish access, leading to repository tampering detected on March 22. This persistence mirrors trends in SaaS supply chain attacks, from SolarWinds to recent exploits, where upstream compromises cascade downstream.

The "Team PCP" actors have struck Trivy three times in under a month, highlighting eviction challenges in automated environments. Trivy's vast adoption amplifies the blast radius, potentially exposing secrets in thousands of organizations' pipelines. Microsoft and others urge auditing workflows using compromised tags, as successful scans masked the theft. This incident underscores vulnerabilities in mutable tags and over-privileged runners, eroding trust in open-source security tools. 

To mitigate, pin GitHub Actions to immutable commit SHAs instead of tags, rotate all exposed secrets, and adopt OIDC for short-lived credentials. Harden CI/CD privileges, monitor SaaS integrations continuously, and audit Trivy executions since March 1. Aqua Security continues remediation with partners like Sygnia, but organizations must proactively secure their supply chains against such "side door" threats.
Read more »
Microsoft account breach
AI Driven Cyber Attacks AI phishing campaign Cloud Accounts Cyber Phishing Data Breach Microsoft Microsoft 365 phishing Microsoft account breach

AI-Driven Phishing Campaign Exploits Railway to Breach Microsoft Cloud Accounts at Scale

 

Security experts at Huntress report a fast-changing phishing operation using AI tools and cloud systems to breach Microsoft accounts in hundreds of companies. This activity ties back to improper use of Railway, a service that helps people launch apps and websites swiftly. Running on automated workflows, the attack adapts quickly, slipping past common defenses. Instead of relying on old methods, it shifts tactics constantly, making detection harder. Through compromised credentials, access spreads quietly within corporate networks. Investigators found backend processes hosted remotely, fueling repeated login attempts. 

Unlike typical scams, this one uses synthetic voices and generated text to mimic real communication. Some messages appear personalized, increasing their chances of success. Early warnings came from irregular traffic patterns tied to authentication requests. Organizations affected span multiple industries without geographic concentration. Researchers stress monitoring unusual API behavior as a sign of intrusion. Detection now depends more on behavioral anomalies than known threat signatures. 

Starting in early 2026, the attack started quietly before rapidly growing in intensity. Come March, signs showed a sharp rise - dozens of groups breached each day. Though linked to an obscure group using few internet addresses, its impact spread fast. Hundreds of confirmed victims fell within weeks, likely many more worldwide.  

Something different here? The integration of AI to craft phishing bait. Typical assaults lean on reused message formats; by contrast, this one generates unique, tailored texts - some with QR symbols, others embedding shared-file URLs or fake alerts mimicking real platforms. Because each message looks unlike the last, standard filters struggle. Pattern-based defenses fail when there is no clear pattern to catch. 

Not every login attempt follows the usual path. Some intruders step in through a backdoor built for gadgets like printers or streaming boxes. A fake prompt appears, nudging users to approve what seems like a routine connection. Once granted, digital keys are handed out - no password cracking needed. With those credentials, unauthorized entry lasts nearly three months. Security checks such as two-step verification simply do not apply.  

Across sectors like finance, healthcare, and government, effects are widespread. Though Huntress says it stopped further attacks for some customers, the company notes its data probably captures just a small portion of those impacted. Huntress moved quickly, rolling out urgent fixes to about 60,000 Microsoft cloud customers after spotting risky traffic linked to Railway domains. Although unintended, misuse of the platform did occur - Railway admitted this, then paused harmful user profiles while cutting off connected web addresses. Security adjustments limited entry points before further harm could unfold. 

The way bad actors craft digital traps now involves artificial intelligence, running through vast online computing resources. With such technology at hand, launching widespread fake message attacks happens faster than before. Experts observing these shifts note a troubling trend: simpler methods achieving stronger results. What once required skill can now be managed by nearly anyone willing to try. Speed grows. Scale expands. Risk rises accordingly.
Read more »
Scams
Alert Cyber Security Fake Login Google Microsoft Scams

Security Alerts or Scams? How to Spot Fake Login Warnings and Protect Your Accounts

 

Your phone buzzes with a notification: “Unusual login activity detected on your account.” It’s enough to make anyone uneasy. But is it a genuine alert about a hacking attempt, or could the message itself be a trap?

Notifications from major platforms like Google, Microsoft, Amazon, or even your bank can be both helpful and risky. While they act as an early warning system against unauthorized access, cybercriminals often exploit this sense of urgency. Fake alerts are designed to trick users into clicking on malicious links and entering sensitive information on fraudulent login pages. Acting impulsively in such moments can unintentionally give attackers access to your accounts.

Understanding Security Alerts

Not every alert signals a compromised account. Many platforms rely on advanced monitoring systems that flag unusual behaviour before any real damage occurs.

These systems may detect:
  • Multiple failed login attempts from different locations
  • Automated attacks using leaked credentials
  • Logins from unfamiliar devices or IP addresses
In many cases, a blocked login attempt simply means the system is working as intended—not that your account has already been breached.

The 3-Second Test: Spotting Real vs Fake Messages

Before clicking on any alert, pause and verify. Even AI-generated phishing emails often fail basic checks:

1. The Sender Check
Always look beyond the display name. Verify the actual email address and domain. Fraudsters often use slight variations like “amazon-support.co.uk” or “service@paypal-hilfe.com
” to appear legitimate.

2. The Hover Trick
On a computer, hover your cursor over any link without clicking. The true destination URL will appear. If it doesn’t match the official website, delete the email immediately.

3. Watch for Panic Tactics
Be cautious of urgent messages such as:
“Act within 10 minutes or your account will be irrevocably deleted!”
Legitimate companies don’t pressure users this way—urgency is a common scam tactic.

Golden Rule: Never click directly from the email. Instead, open your browser, manually type the official website, and log in. If there’s a real issue, it will be visible in your account dashboard.

Using the same password across multiple platforms increases risk. A breach on one website can trigger a domino effect, allowing attackers to access other accounts using the same credentials

The Role of Password Managers

Password managers offer a simple yet powerful solution:

  1. Unique Passwords: They generate strong, complex passwords for each account, ensuring one breach doesn’t compromise everything.
  2. Built-in Phishing Protection: These tools only autofill credentials on legitimate websites, helping you avoid fake login pages.

Tools like Dashlane provide a comprehensive password management experience with seamless autofill and secure password generation. Meanwhile, Bitwarden stands out as a reliable open-source option with robust free features.

Security alerts aren’t always bad news, they often indicate that protective systems are doing their job. The real risk lies in reacting without verification.

By using a password manager and enabling two-factor authentication, you can significantly strengthen your defenses and keep your digital identity secure
Read more »
social engineering attacks
Account Takeover Threats Cyber Attacks Cyber Threats End To End Encryption Risks Government Targeted Attacks Messaging App Security Signal Phishing social engineering attacks

Signal Phishing Campaign Attributed to Russian Intelligence FBI Says


 

As part of a pair of advisory reports issued Friday, federal authorities outlined a pattern of foreign cyber activity that is increasingly exploiting the trust users place in everyday communication tools as a means of infiltration. 

According to the FBI, as well as the Cybersecurity and Infrastructure Security Agency, Russian and Iranian intelligence-linked actors are utilizing widely-used messaging platforms for the purpose of infiltrating sensitive networks, particularly Signal. 

It is not merely opportunistic, but is also carefully planned, with a focus on individuals who are in a position to influence government, defense, media, and public affairs. These operations typically imitate routine system notifications and support alerts to trick victims into providing access credentials under the guise of urgent account actions resulting in the unauthorized accessing of thousands of accounts. 

As a result, social engineering tactics are being increasingly employed, which rely less on technical exploits and more on eroding trust among users in otherwise secure environments online. On the basis of these findings, the FBI has issued a public service announcement explicitly identifying Russian intelligence services as the source of ongoing phishing activity, which is an unusual step, as it departs from earlier advisories that generally refer to state-sponsored threats in a broader sense. These operations are designed in a manner to circumvent the security assurances offered by end-to-end encrypted commercial messaging applications, rather than by compromising cryptographic integrity, but by systematically hijacking user accounts. 

Attackers are able to acquire persistent access without defeating the underlying encryption protocols by exploiting authentication workflows and manipulating users into divulging verification codes or account credentials. 

Although the tradecraft can be used across a wide range of messaging platforms, investigators note that Signal is a prominent target due to the combination of perceived security and high-value users. When a threat actor enters an account, they will have access to private communications, contact networks, impersonation of trusted identities, and the propagation of further phishing campaigns. 

Based on the FBI's estimate that thousands of accounts have already been impacted, the scope of the activity underscores a deliberate focus on individuals with access to sensitive or influential information. Each successful compromise increases both the intelligence value and downstream operational risk. 

During his presentation to the FBI, Director Kash Patel explained that the operation targeted individuals of high intelligence value. This campaign has already been confirmed to have affected thousands of accounts worldwide, including current and former government officials, military personnel, political actors, and media members. 

It is important to emphasize that the intrusion set does not exploit flaws in the encryption architecture of commercial messaging platforms but instead uses sophisticated phishing techniques to compromise user authentication.

The method typically involves the delivery of convincingly crafted alerts warning of suspicious login activity or unauthorized access attempts to recipients, which prompt them to act immediately by following embedded links, scanning QR codes, or disclosing credentials for one-time verification. Once a threat actor has gained access to the victim's email account, they are in a position to harvest the contents of the message as well as the contact information. 

Once the victims' identity has been assumed, the threat actor can engage in further communication with the victim through secondary phishing attempts. Despite the fact that U.S. agencies have not formally attributed the activity to a particular operational unit, parallel threat intelligence reports from industry sources linked similar tactics to multiple Russian-aligned clusters, including UNC5792, UNC4221, and Star Blizzard. 

It is not confined to a single region of the world; European cybersecurity agencies, including France's Cyber Crisis Coordination Centre, as well as German and Dutch cybersecurity agencies, have reported a corresponding increase in attacks against government, media, and corporate leadership messaging accounts. There are a number of incidents that share a common operational objective: exploiting trust channels for the collection of intelligence and for the further compromise of compromised systems. 

Adversaries can exploit established trust relationships by masquerading as legitimate support entities—particularly "Signal Support" by manipulating established trust relationships, making secure messaging ecosystems a conduit for intrusion rather than a barrier against it when they masquerade as legitimate support entities. 

In order for the campaign to be consistent, it primarily utilizes user manipulation rather than technical exploitation, and Signal is its primary target, although similar tactics are also employed across other messaging platforms, including WhatsApp. Often, threat actors impersonate official support channels to distribute highly targeted phishing messages that compel recipients to take immediate actions either by clicking embedded links, scanning QR codes, or disclosing verification credentials and PINs. 

By complying with these prompts, attackers may either register their own devices as trusted endpoints through legitimate "linked device" functionality or carry out an account takeover as a whole. In a joint advisory from U.S. authorities, it is explained that such actions effectively permit unauthorized access without triggering conventional security safeguards, and that malware distribution may be included as a secondary means to compromise systems. 

The present study emphasizes the enduring effectiveness of phishing as a vector that may bypass even robust protections such as end-to-end encryption by focusing directly on user behavior. Once access has been established, adversaries may be able to retrieve message histories, map contact networks, and exploit established trust relationships in order to expand their reach through secondary phishing attacks. 

It has been reported that international intelligence agencies, including counterparts in France and the Netherlands, have issued parallel warnings regarding coordinated efforts to target officials, civil servants, and military personnel, reflecting the broader strategic intent to intercept sensitive communications. 

In addition, the agencies have stressed that the activity does not originate from inherent vulnerabilities within the platforms themselves, but rather from systematic abuse of legitimate authentication workflows and features. It is therefore necessary that users remain vigilant and avoid disclosing one-time codes, scrutinize unsolicited messages-even those that appear to originate from known contacts-and only use official channels when dealing with account issues.

Furthermore, officials caution against the use of commercial messaging applications for exchanging classified or sensitive information in high-risk environments, underscoring the tensions between operational security and convenience in modern communication systems. The persistence and adaptability of the campaign illustrates the importance of reinforcing both user-side defenses and platform-level controls for mitigation. 

As a result, organizations are advised to enforce rigorous identity verification practices, enforcing multifactor authentication hygiene, and restricting high-value personnel's exposure through publicly accessible communications channels. Continuous awareness training is equally important for preparing users to recognize subtle indicators of social engineering, especially in environments that simulate urgency and authority on a regular basis. 

A rapid report and coordinated response coordination remain essential to containing the possibility of lateral spread once an account has been compromised at an operational level. Accordingly, the broader implication is clear: as adversaries refine techniques that exploit trust and not technology, resilience will increasingly depend not solely on encryption's strength, but on the diligence and preparedness of those who use it.
Read more »
Quantum computing
Anthropic Artificial Intelligence Cyber Security Data Disclosure Attack OpenAI Quantum computing

Cybersecurity Faces New Threats from AI and Quantum Tech




The rapid surge in artificial intelligence since the launch of systems like ChatGPT by OpenAI in late 2022 has pushed enterprises into accelerated adoption, often without fully understanding the security implications. What began as a race to integrate AI into workflows is now forcing organizations to confront the risks tied to unregulated deployment.

Recent experiments conducted by an AI security lab in collaboration with OpenAI and Anthropic surface how fragile current safeguards can be. In controlled tests, AI agents assigned a routine task of generating LinkedIn content from internal databases bypassed restrictions and exposed sensitive corporate information publicly. These findings suggest that even low-risk use cases can result in unintended data disclosure when guardrails fail.

Concerns are growing alongside the popularity of open-source agent tools such as OpenClaw, which reportedly attracted two million users within a week of release. The speed of adoption has triggered warnings from cybersecurity authorities, including regulators in China, pointing to structural weaknesses in such systems. Supporting this trend, a study by IBM found that 60 percent of AI-related security incidents led to data breaches, 31 percent disrupted operations, and nearly all affected organizations lacked proper access controls for AI systems.

Experts argue that these failures stem from weak data governance. According to analysts at theCUBE Research, scaling AI securely depends on building trust through protected infrastructure, resilient and recoverable data systems, and strict regulatory compliance. Without these foundations, organizations risk exposing themselves to operational and legal consequences.

A crucial shift complicating security efforts is the rise of AI agents. Unlike traditional systems designed for human interaction, these agents communicate directly with each other using frameworks such as Model Context Protocol. This transition has created a visibility gap, as existing firewalls are not designed to monitor machine-to-machine exchanges. In response, F5 Inc. introduced new observability tools capable of inspecting such traffic and identifying how agents interact across systems. Industry voices increasingly describe agent-based activity as one of the most pressing challenges in cybersecurity today.

Some organizations are turning to identity-driven approaches. Ping Identity Inc. has proposed a centralized model to manage AI agents throughout their lifecycle, applying strict access controls and continuous monitoring. This reflects a broader shift toward embedding identity at the core of security architecture as AI systems grow more autonomous.

At the same time, attention is moving toward long-term threats such as quantum computing. Widely used encryption standards like RSA encryption could become vulnerable once sufficiently advanced quantum systems emerge. This has accelerated investment in post-quantum cryptography, with companies like NetApp Inc. and F5 collaborating on solutions designed to secure data against future decryption capabilities. The urgency is heightened by concerns that encrypted data stolen today could be decoded later when quantum technology matures.

Operational challenges are also taking centre stage. Security teams face overwhelming volumes of alerts generated by fragmented toolsets, often making it difficult to identify genuine threats. Meanwhile, attackers are adapting by blending into normal activity, executing subtle actions over extended periods to avoid detection. To counter this, firms such as Cato Networks Ltd. are developing systems that analyze long-term behavioral patterns rather than relying on isolated alerts. Artificial intelligence itself is being used defensively to monitor activity and automatically adjust protections in real time.

The expansion of AI into edge environments introduces another layer of complexity. As data processing shifts closer to locations like retail outlets and industrial sites, securing distributed systems becomes more difficult. Dell Technologies Inc. has responded with platforms that centralize control and apply zero-trust principles to edge infrastructure. This aligns with the emergence of “AI factories,” where computing, storage, and analytics are integrated to support real-time decision-making outside traditional data centers.

Together, these developments point to a web of transformation. Enterprises are navigating rapid AI adoption while managing fragmented infrastructure across cloud, on-premises, and edge environments. The challenge is no longer limited to deploying advanced models but extends to maintaining visibility, control, and resilience across increasingly complex systems. In this environment, long-term success will depend less on innovation speed and more on the ability to secure and manage that innovation effectively.



Read more »
Perseus
IPTV Spyware malware Notes Stealer Password Scanner Perseus

Perseus Malware Scans Android Notes for Passwords

 

A malicious new Android malware called Perseus is targeting users by scanning personal notes for sensitive information like passwords and cryptocurrency recovery phrases. Discovered by cybersecurity firm ThreatFabric, this threat evolves from earlier malware families such as Cerberus and Phoenix, making it more versatile and invasive. Disguised as IPTV streaming apps, Perseus spreads primarily through unofficial app stores and phishing sites, tricking users eager for free premium content into sideloading it onto their devices. 

Once installed, Perseus exploits Android's Accessibility Services to achieve full device takeover. It can capture real-time screenshots, simulate taps, launch apps remotely, and overlay black screens to hide its actions from victims. This allows cybercriminals to monitor and manipulate devices undetected, with campaigns focusing on countries like Turkey, Italy, Poland, Germany, France, the UAE, and Portugal. 

What makes Perseus particularly alarming is its specialized note-scanning feature, a novel capability not seen in its predecessors. The malware systematically opens popular note-taking apps—including Google Keep, Samsung Notes, Xiaomi Notes, ColorNote, Evernote, Microsoft OneNote, and Simple Notes—then logs and exfiltrates their contents to a command-and-control server. Users often store high-value secrets in notes, turning this into a goldmine for thieves. 

Perseus is no amateur threat; it employs sophisticated anti-analysis techniques to evade detection. Before activating, it checks for root access, emulators, Frida debugging tools, SIM details, battery stats, Bluetooth, app counts, and Google Play Services, calculating a "suspicion score" sent to attackers. Developers likely used large language models for coding, evident from emojis and detailed logging in the source code. 

Android users must stay vigilant against Perseus by sticking to the Google Play Store, enabling Play Protect, and scrutinizing sideloaded apps—especially IPTV ones requesting excessive permissions. Avoid unofficial sources for streaming, as these dropper apps like Roja App Directa, TvTApp, and PolBox Tv bypass Android 13+ restrictions. Regular security updates and antivirus scans can further shield devices from such evolving threats.
Read more »
Subscribe to: Comments (Atom)

Featured