Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

AMD Announces Plan to Acquire Intel in Unprecedented Industry Turn

  Advanced Micro Devices has revealed plans to acquire long-time rival Intel Corporation, marking a dramatic reversal in one of the most end...

All the recent news you need to know
malware
AI Cloud Data GlassWorm Internet malware

GlassWorm Malware Campaign Attacks Developer IDEs, Steals Data


About GlassWorm campaign 

Cybersecurity experts have discovered another incident of the ongoing GlassWorm campaign, which uses a new Zig dropper that's built to secretly compromise all integrated development environments (IDEs) on a developer's system. 

The tactic was found in an Open VSX extension called "specstudio.code-wakatime-activity-tracker”, which disguised as WakaTime, a famous tool that calculates the time programmes spend with the IDE. The extension can not be downloaded now. 

Attack tactic 

In previous attacks, GlassWorm used the same native compiled code in extensions. Instead of using the binary as the payload directly, it is deployed as a covert indirection for the visible GlassWorm dropper. It can secretly compromise all other IDEs that may be present in your device. 

The recently discovered Microsoft Visual Studio Code (VS Code) extension is a replica (almost).

The extension installs a universal Mach-O binary called "mac.node," if the system is running Apple macOS, and a binary called "win.node" for Windows computers.

Execution 

These Zig-written compiled shared libraries that load straight into Node's runtime and run outside of the JavaScript sandbox with complete operating system-level access are Node.js native addons.

Finding every IDE on the system that supports VS Code extensions is the binary's main objective once it has been loaded. This includes forks like VSCodium, Positron, and other AI-powered coding tools like Cursor and Windsurf, in addition to Microsoft VS Code and VS Code Insiders.

Malicious code installation 

Once this is achieved, the binary installs an infected VS Code extension (.VSIX) from a hacker-owned GitHub account. The extension, known as “floktokbok.autoimport”, imitates “steoates.autoimport”, an authentic extension with over 5 million downloads on the office Visual Studio Marketplace.

After that, the installed .VSIX file is written to a secondary path and secretly deployed into each IDE via editor's CLI installer. 

In the second-stage, VS Code extension works as a dropper that escapes deployment on Russian devices, interacts with the Solana blockchain, gets personal data, and deploys a remote access trojan (RAT). In the final stage, RAT installs a data-stealing Google Chrome extension. 

“The campaign has expanded repeatedly since then, compromising hundreds of projects across GitHub, npm, and VS Code, and most recently delivering a persistent RAT through a fake Chrome extension that logged keystrokes and dumped session cookies. The group keeps iterating, and they just made a meaningful jump,” cybersecurity firm aikido reported. 

Read more »
Slack
AI botTechnology Salesforce Slack

Salesforce Unveils AI-Powered Slack Overhaul with 30 Game-Changing Features

 

Salesforce has unveiled a transformative AI overhaul for its Slack platform, introducing 30 new features designed to elevate it from a mere messaging tool to a comprehensive AI-powered workflow engine. Announced by CEO Marc Benioff at a San Francisco event in late March 2026, this update builds on Slack's acquisition five years ago, which has driven two-and-a-half times revenue growth across a million businesses. The changes position Slack at the heart of Salesforce's AI-centric strategy, aiming to automate repetitive tasks and boost enterprise productivity. 

Central to the makeover is an enhanced Slackbot, now boasting agentic capabilities far beyond basic queries. Following a January 2026 update that enabled it to draft emails, schedule meetings, and scan inboxes, the new features introduce reusable AI skills. Users can define custom tasks—like generating a project budget—that Slackbot executes across contexts by pulling data from channels, connected apps, and external sources. These skills come pre-built in a library but allow personalization, slashing manual effort dramatically. 

For instance, commanding Slackbot to "create a budget for the team retreat" triggers it to aggregate expenses from Slack threads, integrate CRM data, draft a plan, and auto-schedule a review meeting with relevant stakeholders based on their roles. This seamless automation extends to Slackbot acting as an MCP client, interfacing with external tools like Salesforce's Agentforce platform from 2024. It routes queries intelligently to the optimal agent or app, minimizing human oversight. 

Meeting management sees significant upgrades too, with Slackbot now transcribing huddles, generating summaries, and extracting action items. Missed details? A quick ask delivers a personalized recap, including your assigned tasks. The bot's reach expands beyond Slack, monitoring desktop activities such as calendars, deals, conversations, and habits to offer proactive suggestions—like drafting follow-ups. Privacy controls let users tweak permissions, ensuring data access aligns with comfort levels. 

These 30 features, rolling out gradually over coming months, underscore Salesforce's vision to embed AI deeply into daily work. Early tests report up to 20 hours weekly productivity gains, powered partly by models like Anthropic’s Claude. Slack evolves into a versatile hub where communication, automation, and decision-making converge, potentially redefining enterprise tools. As businesses grapple with AI integration, this Slack revamp highlights both promise and challenges—like dependency on vendor ecosystems and data governance. For teams already in Salesforce's orbit, it promises efficiency; for others, it signals a competitive push in AI-driven collaboration. The update arrives amid rapid tech shifts, urging companies to adapt swiftly.
Read more »
Malware Threats
AI cyberattacks AI Malware AI technology Cyber Security Cyberattacks DeepLoad Malware Threats

Windows 11 Faces Rising Threats from AI Malware and Critical Security Flaws

 

Pressure on Windows 11 security grows - driven by emerging AI-powered malware alongside unpatched flaws threatening companies and everyday users alike. The pace of change in digital threats becomes clearer through recent incidents, especially within large organizational networks. DeepLoad sits at the heart of recent cybersecurity worries. This particular threat skips typical download tactics altogether. 

Instead of dropping files, it operates without any - earning its "fileless" label. Users themselves become part of the breach process. By following deceptive prompts, they run benign-looking instructions in system utilities such as Command Prompt. Once executed, those inputs quietly trigger malicious activity behind the scenes. Since nothing gets written to disk, standard virus scanners often miss what's happening. 

Detection becomes difficult when there’s no file footprint to flag. After running, the malware stays active by embedding itself into system processes while reaching out to remote servers through standard Windows tools. Because it targets confidential information like passwords, its presence poses serious risks inside business environments. What makes it harder to detect is how it blends malicious activity with normal operating routines. Security teams may overlook it during routine checks due to this camouflage technique. 

Artificial intelligence makes existing threats more dangerous. Because AI-driven malware adjusts on the fly, it slips past standard detection systems. As a result, security tools struggle to keep up. With each change the malware makes, response times shrink. The gap between finding a flaw and facing an attack grows narrower by the hour. Meanwhile, security patches have been rolled out by Microsoft to fix numerous high-risk weaknesses. 

Affected are various business-focused builds of Windows 11 - both recent iterations and extended support variants. One major concern involves defects within the Routing and Remote Access Service (RRAS), where exploitation might let threat actors run harmful software from a distance. Full administrative access to compromised machines becomes possible through these gaps. Not just isolated systems feel the impact. 

That last Patch Tuesday, Microsoft fixed over eighty security gaps in its programs - problems hiding even inside tools such as Excel and Outlook. Opening an attachment wasn’t needed; sometimes, just looking at it could activate harmful code, showing how dangerous these weaknesses really are. Experts warn that even emerging AI tools, such as Microsoft Copilot, could introduce new risks if not properly secured, particularly when sensitive data is handled automatically. 

Though companies face the most attacks, regular individuals can still be affected. When new patches arrive, it helps to apply them without delay - timing often matters more than assumed. Opening unknown scripts carries risk; many breaches begin there. Unexpected requests, especially those demanding immediate steps, deserve extra skepticism. 

Change is shaping a new kind of digital danger - cleverer, slyer, built to exploit how people act just as much as system flaws. One moment it mimics trust; the next, it slips through unnoticed.
Read more »
Supply Chain Attack
Cybercrime India Data Theft Risks Firmware Attack malware MediaTek Vulnerability Mobile Security Threats Remote Access Trojan Smartphone Security Supply Chain Attack

Hidden Android Malware Capable of Controlling Devices Raises Security Concerns


 

Smartphones have become increasingly important as repositories of identity, finances, and daily communications. The recent identification of a new Android malware strain, recently flagged by the National Cybercrime Threat Analytics Unit and ominously dubbed "God Mode", is indicative of a worrying escalation in mobile security threats. 

As opposed to conventional scams that employ visible deception or user interaction, this variant is designed to persist silently, enabling attackers to gain an unsettling degree of control without prompting immediate suspicion. 

The name of the program is not accidental; it reflects its ability to assume a wide range of permissions and surveillance capabilities once deployed, reducing users to the position of unaware bystanders.  It is noteworthy that this development coincides with an increase in sophisticated malware campaigns throughout India, where cybercriminals are increasingly utilizing the perception of legitimacy of digital services to exploit public trust, mimicking official government platforms. 

Often deployed through widely used messaging channels, these operations take advantage of urgency and limited verification by utilizing carefully orchestrated social engineering tactics, resulting in a seamless illusion of authenticity that has already led to widespread identity theft and financial fraud. In view of these concerns, researchers have identified a threat class that is more deeply ingrained into the Android operating system.

The Oblivion Remote Access Trojan, observed recently, signals the shift from surface-level compromise to systemic invasion. Based on reports, the malware is being distributed through subscription-based distribution models across a wide range of Android devices running versions 8 through 16 and is designed to operate across a broad range of devices.

Using Certo's analysis, it appears that the toolkit is not simply a standalone payload, but rather a structured package with a configurable builder that enables operators to create malicious applications that resemble legitimate applications. As a complement, a dropper mechanism was developed to mimic routine system update prompts, a tactic that blends seamlessly with user expectations and greatly increases the likelihood of execution. 

Kaspersky has found parallel evidence linking this activity to a strain they call "Keenadu," discovered during deeper investigations into firmware-level threats that resembled the earlier Triada threat. It is noteworthy that this variant is persistent: instead of being installed solely by the user, it has been observed embedded within the device firmware itself, indicating a compromise within the supply chain. 

The researchers claim that a tainted dependency introduced during firmware development enabled the malware to be integrated into the core system environment by allowing the malware to persist. Upon attachment to Android’s Zygote process, the malicious code replicates across all running applications on the device, resulting in widespread and difficult to detect control. Because affected devices may reach end users already compromised, manufacturers may be unaware of the intrusion prior to their products being distributed, which has significant consequences. 

There is a deceptively simple entry point into the infection chain associated with such threats: the link or application file is delivered via messaging platforms under the guise of legitimate notifications, often posing as bank alerts, service updates, or time-sensitive announcements. As soon as the application is executed, it strategically requests access to the Accessibility Service an Android feature intended to make the application more usable for people who are differently abled. 

A systemic abuse of this permission occurs in the context described above in order to establish extensive control over device operations. By gaining access to this level of access, the malware can monitor on-screen activity, intercept text communications, and perform autonomous user interactions. The ability to capture one-time passwords, navigate applications, and authorize transactions without explicit user awareness is included in this category. 

Most of the times observed, the initial payload is distributed via widely used communication channels such as instant messaging platforms as an APK file, where it appears as a routine application or system update via widely used communication channels. As a result of its outward appearance, the malware is often not suspected and is more likely to succeed during installation.

The malicious process embeds itself within the device and is designed to maintain persistence and stealth. By avoiding visibility within the standard application interface, the malicious process is evading casual detection while remaining silently operating in the background. The degree of risk introduced by this level of compromise is substantial. 

Through the malware's ability to access sensitive inputs, such as OTPs, personal messages, and contact databases, conventional authentication procedures are effectively bypassed. Further, by utilizing its ability to initiate or redirect calls, overlay fraudulent interfaces over legitimate banking applications, and simulate genuine user behavior, sophisticated financial exploitation and data exfiltration can be accomplished. 

Additionally, the threat is lowly visible; the lack of overt indicators, combined with its ability to avoid basic scrutiny, make it difficult for users to become aware of a breach until tangible damage has already occurred - financial or otherwise. Because the vulnerability does not uniformly impact all Android devices, assessing exposure becomes an important first step when confronted with this backdrop. 

According to current findings, the risk is primarily confined to smartphones equipped with MediaTek system-on-chip architectures, although devices that are powered by Qualcomm Snapdragon or Google Tensor are not affected. 

Users can verify their device's status by verifying its exact model in system settings and referencing its hardware specifications using manufacturer documentation. It becomes more urgent when the MediaTek chipset is identified to ensure that the latest security patches are applied as soon as possible. 

While a fix has been reportedly issued at the chipset level, its effectiveness is determined by the timely distribution by individual device manufacturers, making timely system updates a decisive factor in preventing exposures. A broader defensive posture requires a combination of technical safeguards and user discipline in addition to identification and patching. 

Security applications can not directly address firmware-level vulnerabilities, but they still play an important role in detecting secondary payloads, such as spyware or malicious applications, which may be deployed following a compromise. It is also important to minimize sensitive data stored locally on devices, particularly credentials, recovery keys, and financial information that could be accessed if access is obtained. Also highlighted in this case is the importance of physical security, as certain exploit vectors may require direct device access, which makes unattended or improperly handled devices potentially vulnerable. 

Additionally, complementary measures add essential layers of resistance against unauthorised activity, such as robust screen locks, shorter auto-lock intervals, and multi-factor authentication across critical accounts. In addition to reducing credential exposure, using encrypted password managers will help reduce device-level control capabilities, such as USB-restricted mode, when available, to limit data transfer capabilities while locked. 

As a result of these measures, the underlying vulnerability remains, however a layered security framework is established that significantly reduces the likelihood and impact of exploitation in the real world. As a result, these deeply embedded Android threats highlight a significant shift in the mobile security landscape, where risks are no longer restricted to user-level interactions, but extend to the underlying architecture of the device itself. 

With this evolving technology, users and manufacturers need to remain vigilant and informed, emphasizing proactive security hygiene, timely software maintenance, and carefully examining digital interactions. As threat actors continue to refine their methods, resilience will be determined by the development of layered, adaptive defense strategies that anticipate compromise and limit its impact, rather than a single safeguard.
Read more »
Technology
Claude Cloud Copilot Data GenAI Microsoft Technology

Microsoft Releases AI Upgrades, Launches Copilot Cowork to Early Access Customers


In an effort to enhance its AI offering and increase adoption, Microsoft (MSFT.O) recently introduced new features in its Copilot research assistant that would enable users to employ various AI models concurrently within the same workflow.

Instead of relying on a single model, Copilot's Researcher agent can now pull outputs from both OpenAI's GPT and Anthropic's Claude models for each response, thanks to a new feature called "Critique."

According to Microsoft, Claude will check the quality and correctness of the response before GPT provides it to the user. In the future, the business hopes to make that workflow bidirectional so that GPT may also evaluate Claude's writings.

"Having different models from ​different vendors in Copilot is highly attractive - but we're taking this to the next level, where customers actually get the benefits of the models working together," Nicole Herskowitz, VP of Copilot and  Microsoft, said to Reuters. 

The multi-model strategy will assist in increasing productivity and quality for customers by accelerating user workflow, controlling AI hallucinations, which occur when systems give incorrect information, and producing more dependable outputs.

Additionally, Microsoft is introducing a feature called "Council" that will let users compare results from various AI models side by side. The updates coincide with Microsoft expanding access to its new Copilot Cowork agentic AI tool for members of its "Frontier" program, which gives users early access to some of its most recent AI innovations.

According to Jared Spataro, Microsoft's AI-at-Work efforts leader, “We work only in a cloud environment, and we work only on behalf of the user. So you know exactly what information it (Copilot Cowork) has access ​to.”

On Monday, the company's stock increased by almost 1%. However, as investor confidence in AI declines, the stock is poised for its worst quarter since the global financial crisis of 2008, with a nearly 25% decline.

Microsoft capitalized on the increasing demand for autonomous AI agents earlier this month by releasing Copilot Cowork, a solution based on Anthropic's popular Claude Cowork product, in testing mode.

In the face of fierce competition from rivals like Google (GOOGL.O), the new tab Gemini, and autonomous agents like Claude Cowork, the Windows manufacturer has been rushing to enhance its Copilot assistant to promote greater usage.

Read more »
Technology
AI Bitcoin Cryptocurrencies Google Quantum Quantum computing Technology

Quantum Computing Could Threaten Bitcoin Security Sooner Than Expected, Study Finds

 



New research suggests the cryptocurrency industry may have less time than anticipated to prepare for the risks posed by quantum computing, with potential implications for Bitcoin, Ethereum, and other major digital assets.

A whitepaper released on March 31 by researchers at Google indicates that breaking the cryptographic systems securing these networks may require fewer than 500,000 physical qubits on a superconducting quantum computer. This marks a sharp reduction from earlier estimates, which placed the requirement in the millions.

The study brings together contributors from both academia and industry, including Justin Drake of the Ethereum Foundation and Dan Boneh, alongside Google Quantum AI researchers led by Ryan Babbush and Hartmut Neven. The research was also shared with U.S. government agencies prior to publication, with input from organizations such as Coinbase and the Ethereum Foundation.

At present, no quantum system is capable of carrying out such an attack. Google’s most advanced processor, Willow, operates with 105 qubits. However, researchers warn that the gap between current hardware and attack-capable machines is narrowing. Drake has estimated at least a 10% probability that a quantum computer could extract a private key from a public key by 2032.

The concern centers on how cryptocurrencies are secured. Bitcoin relies on a mathematical problem known as the Elliptic Curve Discrete Logarithm Problem, which is considered practically unsolvable using classical computers. However, Peter Shor demonstrated that quantum algorithms could solve this problem far more efficiently, potentially allowing attackers to recover private keys, forge signatures, and access funds.

Importantly, this threat does not extend to Bitcoin mining, which relies on the SHA-256 algorithm. Experts suggest that using quantum computing to meaningfully disrupt mining remains decades away. Instead, the vulnerability lies in signature schemes such as ECDSA and Schnorr, both based on the secp256k1.

The research outlines three potential attack scenarios. “On-spend” attacks target transactions in progress, where an attacker could intercept a transaction, derive the private key, and submit a fraudulent replacement before confirmation. With Bitcoin’s average block time of 10 minutes, the study estimates such an attack could be executed in roughly nine minutes using optimized quantum systems, with parallel processing increasing success rates. Faster blockchains such as Ethereum and Solana offer narrower windows but are not entirely immune.

“At-rest” attacks focus on wallets with already exposed public keys, such as reused or inactive addresses, where attackers have significantly more time. A third category, “on-setup” attacks, involves exploiting protocol-level parameters. While Bitcoin appears resistant to this method, certain Ethereum features and privacy tools like Tornado Cash may face higher exposure.

Technically, the researchers developed quantum circuits requiring fewer than 1,500 logical qubits and tens of millions of computational operations, translating to under 500,000 physical qubits under current assumptions. This is a substantial improvement over earlier estimates, such as a 2023 study that suggested around 9 million qubits would be needed. More optimistic models could reduce this further, though they depend on hardware capabilities not yet demonstrated.

In an unusual move, the team did not publish the full attack design. Instead, they used a zero-knowledge proof generated through the SP1 zero-knowledge virtual machine to validate their findings without exposing sensitive details. This approach, rarely used in quantum research, allows independent verification while limiting misuse.

The findings arrive as both industry and governments begin preparing for a post-quantum future. The National Security Agency has called for quantum-resistant systems by 2030, while Google has set a 2029 target for transitioning its own infrastructure. Ethereum has been actively working toward similar goals, aiming for a full migration within the same timeframe. Bitcoin, however, faces slower progress due to its decentralized governance model, where major upgrades can take years to implement.

Early mitigation efforts are underway. A recent Bitcoin proposal introduces new address formats designed to obscure public keys and support future quantum-resistant signatures. However, a full transition away from current cryptographic systems has not yet been finalized.

For now, users are advised to take precautionary steps. Moving funds to new addresses, avoiding address reuse, and monitoring updates from wallet providers can reduce exposure, particularly for long-term holdings. While the threat is not immediate, researchers emphasize that preparation must begin well in advance, as advances in quantum computing continue to accelerate.

Read more »
Subscribe to: Comments (Atom)

Featured