Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Nvidia Introduces AI-Focused PC Chip as Industry Pushes Toward Local AI Processing

 Nvidia has announced a new processor designed to run artificial intelligence applications directly on personal computers, signaling the co...

All the recent news you need to know
Sugar Mill
Cloud Cyber Security Data Breach Harvesting Internet Sugar Mill

Hackers Attack Sugar Mill, Force Operations and Harvesting Shutdown


Australia’s second-biggest sugar producer, Mackay Sugar, is looking into a cyberattack that impacted parts of its operations and temporarily stopped sugarcane harvesting. 

The incident caused the stoppage of milling activities at two of the firm’s facilities while authorities and experts tried to assess the disruption of the attack.

In a recent statement, Mackay Sugar acknowledged the cyberattacks and disruption impacting few of its operations. 

The immediate priorities are ensuring staff safety, continuing business operations safely, and safeguarding operational systems. “Our immediate focus is the safety of our people, protecting operational systems, and maintaining business continuity,” it said. 

About risk assessment

Mackey Sugar is also working with authorities to inspect the incident and recover impacted systems safety.

The incident directly impacted production operations. Local media reports have hinted that the company was compelled to close down its Racecourse and Farleigh sugar mills, two key facilities based in Queensland’s Mackay area. This caused the growers to stop harvesting sugarcane until notified. 

The impact on production

The group also verified that the Farleigh and Racecourse mills' cane hauling and sugar milling operations had been halted. Shortly after both facilities started their yearly sugarcane crushing season, there was an interruption. 

Although many growers in the area have been impacted by the closure, producers in the Marian district have not been immediately impacted. The district's third mill for Mackay Sugar is not expected to start up until next week, according to a report from Australia's ABC News. 

While recovery efforts continue, the sugar producer said it has put in place temporary measures and interim procedures to support critical business operations and minimize operational impact.

Mitigation processes

According to the company, "interim procedures are in place to support critical business functions and minimize disruption where possible." 

Additionally, the company stressed that throughout the event, it is staying in touch with growers, staff, and business partners. 

"We will continue to provide updates as more information becomes available and are in direct communication with our employees, growers, and key partners," Mackay Sugar stated. 

About recovery

Mackay Sugar acknowledged the anxiety brought on by the disruption and reaffirmed that company takes cybersecurity duties seriously. 

"We take extremely seriously our obligation to safeguard our information, operations, and systems. We will give timely updates as we complete our inquiry, and we apologize for any inconvenience or uncertainty this incident may have caused," the business stated. 

Read more »
User Security
Cyber Fraud Cyberabad Police eSim Scam Sim Swapping User Security

Cyberabad Police Busts eSIM Banking Fraud Gang in Hyderabad

 

Cyberabad police have exposed an inter-state cyber fraud racket that used eSIM manipulation, SIM swapping tactics, and OTP diversion to steal money from bank customers. The case underlines how criminals are mixing telecom fraud with banking deception to bypass normal security checks and move money fast. 

Investigators said the accused impersonated staff from a bank’s premium credit card division and contacted victims under the guise of DoT verification. They persuaded targets to convert eSIMs into physical SIM cards, then sent preloaded mobile devices carrying malicious apps, which helped redirect OTPs and banking alerts to the fraudsters. 

Once the OTPs were diverted, the gang could access bank accounts, authorize transfers, and siphon off funds before the victims understood what had happened. Police said six people were arrested in the case: Selim Mondal, Abdul Alim SK alias Mittu, Saiyad Hasim Reza alias Tippu, Mijanur Rahaman Shaik, Bansidhar, and Mehebub Alam Ansary alias Suraj. The fraud amount was put at Rs 77.75 lakh, and police recovered Rs 15 lakh in cash during searches at the accused persons’ homes. 

The bigger concern is that this type of scam is highly scalable. It does not depend on hacking a bank’s servers; instead, it exploits human trust, weak verification habits, and the phone number as a security key. If a criminal gets control of your SIM or eSIM flow, they may also gain access to banking apps, password resets, and other sensitive services that rely on SMS verification.

Mitigation tips 

To stay safe from this type of eSIM banking fraud, never share OTPs, PINs, card details, or recovery codes with anyone over call, SMS, or WhatsApp, even if the caller claims to be from a bank or telecom company; verify any eSIM or SIM change request only through your operator’s official app, website, or helpline; avoid clicking suspicious links or scanning unknown QR codes.

Additionally, do not insert a SIM into any courier-delivered or unfamiliar device; enable banking alerts, use strong passwords and authenticator apps instead of SMS-based verification where possible; and if your phone suddenly loses signal or you suspect a SIM hijack, immediately contact your mobile provider, freeze transactions with your bank, and report the issue through India’s cybercrime helpline 1930 or the official cybercrime portal.
Read more »
Enterprise Security Risks
CVE CVE vulnerability Cyber Attacks Cybersecurity Threats Data Breaches enterprise cybersecurity Enterprise Security Risks

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach Universities and Enterprise Systems

 

A breach tied to the hacking collective ShinyHunters emerged during a wave of intrusions leveraging an undisclosed weakness in Oracle PeopleSoft platforms. Unauthorized entry occurred because security gaps went unpatched - access followed swiftly after initial compromise. Data theft unfolded across multiple campuses and research-focused entities throughout May into June's first days. Evidence gathered by Google Cloud Mandiant analysts pointed directly toward systemic exploitation prior to any public alert from Oracle. Control over affected servers enabled extraction of confidential information before patches were available. 

One security team links these actions to a hacking cluster known internally as UNC6240. Exploiting a weakness labeled CVE-2026-35273, they triggered unauthorized code on Oracle PeopleSoft systems. This issue sits near the top of risk scales - rated 9.8/10 - given how easily it can be abused. With nothing more than an open HTTP connection, intruders bypass login checks entirely. Access unfolds remotely; no clicks or credentials required by victims. 

Within the PeopleSoft platform, the weakness lies specifically in the Environment Management Hub. Though Oracle officially acknowledged issues in PeopleTools 8.61 and 8.62, earlier versions - no longer supported - could still face risks. Because exploitation began prior to Oracle's public notice, the vulnerability acted like a real zero-day during the entire attack period. Hidden weaknesses emerged when hackers mistakenly left key systems visible on the web. 

A closer look revealed open servers storing malware frameworks, communication hubs, admin utilities masked as legitimate cloud documents, along with automation codes designed to navigate internal corporate environments. Spread through connected devices began once access was gained, followed by bundling sensitive material before sending it toward platforms tied to ShinyHunters’ operations. Mandiant found over 100 groups facing possible system exposure, alerting each to the danger. Higher education made up close to 68% of these cases, primarily within the U.S. 

While certain schools stopped threats in time, several faced verified intrusions alongside leaked information. Among the earliest cases made public stood the University of Nottingham. Reports tracking data leaks indicate the exposed records include around 455,000 distinct email addresses, followed by private details such as full names, residential locations, telephone numbers, passport identifiers, ethnic background, and data tied to disabilities. Confirmation of the event came directly from the institution itself. 

Turning off the Environment Management Hub service is a step Oracle suggests when feasible, while limiting outside connections to vulnerable endpoints. Experts in cybersecurity point out that checking system logs matters, along with hunting down odd-looking files. Uncommon patterns in data leaving the network should catch attention. Applying fixes from Oracle promptly stands as another measure worth taking. 

Surprisingly, ShinyHunters once stuck to phishing, compromised logins, or manipulating people through psychological tricks. Now, though - using a previously unknown flaw in server software suggests their methods have taken a sharper turn. This shift hints at ERP platforms being eyed more closely going forward, even if nothing is certain yet.
Read more »
red hat
Cybersecurity Digital Supply Chain Risk GitHub malware red hat

Red Hat Investigates npm Package Compromise After Malware Found in Official Repository

 



Security researchers have identified malicious code in dozens of packages distributed through Red Hat's official @redhat-cloud-services namespace on npm after attackers gained unauthorized access to the repository.

The incident was first reported by researchers at Aikido Security, who found that software packages published through the trusted Red Hat namespace had been modified to include malware capable of collecting credentials from developer environments. Because the affected namespace is used for legitimate Red Hat cloud-related packages, developers may have installed the compromised versions without suspecting unauthorized changes.

According to researchers, more than 30 package versions were affected. Several remained available for download when the activity was initially disclosed, creating a risk for organizations that automatically pull dependencies into development workflows.

Technical analysis showed that the malicious code was designed to run during package installation. This means exposure could occur as soon as a package is installed, even if the software itself is never executed inside an application.

Researchers found that the malware searched infected systems for authentication data commonly used by developers and cloud administrators. The targeted information reportedly included GitHub Actions secrets, npm access tokens, Kubernetes credentials, Vault secrets, and other cloud-service authentication material that could provide access to source code repositories, deployment environments, and internal infrastructure.

The malware also contained mechanisms intended to expand the compromise beyond the initial victim. If credentials with sufficient privileges were discovered, the malicious code could attempt to publish altered packages through repositories or accounts available to the infected environment. This behavior could allow attackers to use one compromised system as a stepping stone into additional software projects.

Investigators further observed that stolen information was encrypted before being transmitted from infected systems. Reports indicate that the malware included backup methods for data exfiltration, including the ability to use compromised GitHub repositories if its primary communication channel became unavailable.

Researchers noted signs that the incident may have involved CI/CD infrastructure. Continuous Integration and Continuous Delivery systems automate software building, testing, and deployment, making them attractive targets because a compromise can provide access to multiple projects simultaneously. Evidence reviewed by researchers suggested that GitHub Actions OpenID Connect workflows may have been involved in publishing the affected packages.

The exact method used to gain access to the Red Hat namespace remains under investigation. Researchers have not publicly attributed the initial compromise to a specific technique, although they believe unauthorized access to publishing credentials likely played a role.

Security firms examining the incident linked the malware to a variant of "Shai-Hulud," a credential-stealing program that has appeared in recent software supply-chain investigations. Researchers noted that code associated with the malware has circulated publicly, increasing the likelihood that similar attacks could be adopted by multiple threat actors.

Following notification of the issue, Red Hat removed the affected packages and began an internal investigation. In a public statement, the company said the compromised packages were intended for internal development purposes and were not distributed to customers through Red Hat production services. The company also stated that it had not identified evidence of impact to customer environments, partner systems, or production infrastructure at the time of its investigation.

Security experts recommend that any organization or developer who installed affected package versions review their systems immediately. Response measures should include rotating credentials, examining CI/CD environments for unauthorized activity, reviewing repository permissions, and checking software dependencies for indicators associated with the compromise.

The incident illustrates a recurring challenge in modern software development: trust placed in widely used package repositories can become a point of failure when an attacker gains access to a legitimate publishing channel. When that occurs, malicious code can reach downstream users through routine software updates rather than through traditional intrusion methods. 

Read more »
wordpress
Malicious Payload Malicious Payloads malware Malware Steam Profiles wordpress

WordPress Malware Campaign Hides Payloads in Steam Profiles

 

WordPress malware campaign hides payloads in Steam profiles, marking one of the most unconventional cyberattacks in recent security history. Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control data, according to GoDaddy security engineers who uncovered the campaign. This bizarre attack chain demonstrates how threat actors increasingly exploit legitimate platforms to evade traditional detection methods. 

The technical sophistication lies in how the malware uses invisible Unicode characters to encode its payload. The threat actor uses six specific invisible Unicode characters: Zero-width non-joiner (U+200C), Zero-width joiner (U+200D), Function application (U+2061), Invisible times (U+2062), Invisible separator (U+2063), and Invisible plus (U+2064). The decoder ignores visible characters and maps invisible ones to corresponding numbers, then converts them to binary representation to reconstruct bytes. This encoding allows binary data to embed within normal-looking text, with visible characters serving as camouflage while invisible characters carry the actual payload. 

Since the campaign was first uncovered in July 2025, researchers have found malware on approximately 1,980 WordPress websites, though the initial infection vector remains unclear. Attackers likely breached websites through stolen admin logins, compromised FTP/SFTP credentials, vulnerable WordPress themes or plugins, or supply-chain compromises. The first-stage malware uses WordPress page loads to reach specific Steam profiles and extract text from benign-looking comments that sometimes include ASCII art disguised malicious text. The decoded payload builds a hello-mywordl[.]info URL serving JavaScript code injected into every frontend WordPress page. 

GoDaddy describes several evasion mechanisms including obfuscated strings using octal and hex escapes, randomized function names, fake disabled logging code, and standard WordPress APIs that blend with normal activity. The campaign pairs this encoding with a server-side backdoor enabling attackers to remotely rewrite any plugin or theme file using a simple POST request with the right cookie, meaning even removed injected scripts can reinstall. This dual approach makes the malware particularly persistent and difficult to eliminate completely. 

Site owners can defend by checking for Steam Community URL references, suspicious external JavaScript injections, outbound connections from WordPress servers to Steam, and unexpected scripts loading from domains like hello-mywordl[.]info. Other indicators include invisible Unicode characters, suspicious transient_caption cache entries, disabled SSL verification in cURL requests, and POST requests containing malware authentication cookies or the new_code parameter. This attack underscores the importance of monitoring unusual outbound connections and implementing comprehensive security scanning for invisible character anomalies in web content.
Read more »
Technology
AI Akira Convention Center Data Ransomware Technology

Akira Gang Claims Ransomware Attack at Convention Center, Extorts $250 Million


Akira gang extorts $250 million

Akira, the infamous ransomware gang has extorted over $250 million from businesses globally. It is now blackmailing to leak 46 GBs of data allegedly extorted from the Buffalo Convention Center. The stolen data includes financial information, contracts, employee records, and private data linked to around 1,80,000 people.

What do the experts say?

Resilience director at Gate 15, Ben Taylor has warned that ransomware gangs often boast the amount of data stolen. The alleged figure of 1,80,00 impacted people suggests data retrieved via a third-party provider, exaggerated claims to extort victims, or direct breach of venue systems. 

The dark web monitoring firm Breach Sense verified the Buffalo Convention Center data breach. The FBI has classified Akira as a ransomware-as-a-service gang that extorted over $250 million from hundreds of businesses since 2023.

Convention centres have become a lucrative target for hackers

Convention centers, which increasingly act as repository for guest registrations, exhibitor information, payment data, contracts, and operational systems, are facing an escalating cybersecurity issue as a result of the alleged incident.

Ransomware gangs claim that they have gained access to a company in order to obtain leverage for a swift and simple payment. According to Taylor, there are situations in which these assertions are true and some that are not.

Ransomware as double extortion

Additionally, the attack illustrates how contemporary ransomware operations have evolved. "Double extortion" is a common method used by organizations such as Akira. Before encrypting networks, they take confidential files and threaten to reveal the information if payment is not received.

According to Taylor, developments in AI are intensifying the problem by making it simpler to scale and customize phishing campaigns and other cybercrime tactics.

About the victims

Buffalo Convention Center was not the only enterprise to suffer a ransomware attack. 

High-case hospital hacks showcase the operational effect of a ransomware attack. According to MGM Resorts, in 2023, a cyberattack leaked personal data linked to millions of guests and impacted hotel operations for days. Another famous enterprise, Caesars Entertainment was also breached and allegedly paid $15 million in ransom to hackers.

The dangers go beyond convention centers. In April, Carnival Corporation was attacked by a gang that claims to have stolen over 8.7 million records such as dates of birth, names, and other personal data. 

Read more »
Subscribe to: Posts (Atom)

Featured