Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

This Week in Cybersecurity: User Data Theft, AI-Driven Fraud, and System Vulnerabilities

  This week surfaced several developments that accentuate how cyber threats continue to affect individuals, corporations, and governments ac...

All the recent news you need to know
Malware Attack
GlassWorm malware Malware Attack

GlassWorm Malware Returns with MacOS-focused Attack via VS Code Extensions

 

A fourth wave of the GlassWorm malware campaign is targeting macOS developers through malicious extensions distributed on the OpenVSX registry and the Microsoft Visual Studio Marketplace, according to researchers at Koi Security. 

The campaign involves compromised extensions designed for VS Code compatible editors. These extensions, which typically add productivity tools or language support, have been weaponised to deliver malware that steals developer credentials and cryptocurrency data. 

GlassWorm was first identified in October after being hidden inside extensions using invisible Unicode characters. Once installed, the malware attempted to harvest login details for GitHub, npm and OpenVSX accounts, as well as data from cryptocurrency wallet extensions. 

It also enabled remote access via VNC and allowed attackers to route traffic through infected systems using a SOCKS proxy. Despite public disclosure and additional safeguards, the malware resurfaced in early November on OpenVSX and again in early December on the VS Code marketplace. 

In the latest campaign, researchers observed a shift in tactics. The new wave targets macOS systems exclusively, unlike earlier versions that focused on Windows. The malware now uses an AES 256 CBC encrypted payload embedded in compiled JavaScript within OpenVSX extensions, rather than invisible Unicode characters or compiled Rust binaries. 

The identified extensions include studio velte distributor pro svelte extension, cudra production vsce prettier pro and puccin development full access catppuccin pro extension. The malicious code activates after a 15 minute delay, likely to avoid detection in automated analysis environments. 

Persistence is achieved through macOS LaunchAgents, and AppleScript is used instead of PowerShell. The campaign continues to rely on a Solana blockchain based command and control mechanism, with infrastructure overlaps seen across earlier waves. 

Koi Security said the malware now attempts to extract macOS Keychain passwords and checks for installed hardware wallet applications such as Ledger Live and Trezor Suite. 

If found, it attempts to replace them with trojanised versions. Researchers noted that this feature is currently not functioning as intended, with the substituted wallet files appearing empty. 

According to Koi Security, all other malicious capabilities remain active, including credential theft, data exfiltration and system persistence. 

OpenVSX has flagged warnings for two of the identified extensions, citing unverified publishers. While download figures show more than 33,000 installs, researchers warned that such metrics are often inflated to create a false sense of legitimacy. 

Developers who installed any of the affected extensions are advised to remove them immediately, reset GitHub passwords, revoke npm access tokens and check systems for compromise. Reinstalling the operating system may be necessary in cases of confirmed infection.
Read more »
phishing
cyber attack DHL phishing campaigns phishing

Fake DHL Pickup Slips Used in QR Code Phishing Scam

 

Criminals are using fake DHL pickup slips to carry out a new phishing scam that targets customers during periods of high online shopping activity, according to the company. 

The scam involves counterfeit versions of DHL’s familiar yellow delivery notices, which are typically left when a parcel cannot be delivered. Unlike genuine slips, the fake notices contain a QR code that prompts recipients to scan it to arrange a redelivery. 

Scanning the code redirects users to a fraudulent website designed to closely resemble DHL’s official site. Victims are then asked to enter personal information, including names, addresses and bank details, which can be used for financial fraud and identity theft. 

The tactic is part of a broader trend known as “quishing,” a form of phishing that relies on QR codes rather than email links. These scams are increasingly being spread through physical notices, emails, text messages and fake social media accounts. 

Jens-Uwe Hogardt, a spokesperson for DHL, said such fraud attempts are becoming more sophisticated and harder to detect. He noted that official DHL communications are sent only from verified email domains such as “@dhl.com” or “@dhl.de,” and that legitimate messages do not originate from generic email services. 

DHL advises customers to track parcels only through its official website or mobile app and to avoid scanning QR codes from unsolicited delivery notices. 

Users who believe they have been targeted are urged to contact local police and DHL customer service, change passwords immediately and refrain from sharing personal or financial details through unknown links. 

"If you suspect having received fraudulent emails, SMS or found a website or social media account that tries to pass off as DHL, we encourage you to let us know at your earliest convenience, so that we can quickly take actions to stop the fraud," DHL posted. 

Authorities and companies continue to warn that vigilance is especially important during peak shopping seasons, when delivery-related scams tend to increase.
Read more »
Social Engineering
AI Cyber Attacks Data Microsoft phishing Russia Scams Social Engineering

2FA Fail: Hackers Exploit Microsoft 365 to Launch Code Phishing Attacks


Two-factor authentication (2FA) has been one of the most secure ways to protect online accounts. It requires a secondary code besides a password. However, in recent times, 2FA has not been a reliable method anymore, as hackers have started exploiting it easily. 

Experts advise users to use passkeys instead of 2FA these days, as they are more secure and less prone to hack attempts. Recent reports have shown that 2FA as a security method is undermined. 

Russian-linked state sponsored threat actors are now abusing flaws in Microsoft’s 365. Experts from Proofpoint have noticed a surge in Microsoft 365 account takeover cyberattacks, threat actors are exploiting authentication code phishing to compromise Microsoft’s device authorization flow.

They are also launching advanced phishing campaigns that escape 2FA and hack sensitive accounts. 

About the attack

The recent series of cyberattacks use device code phishing where hackers lure victims into giving their authentication codes on fake websites that look real. When the code is entered, hackers gain entry to the victim's Microsoft 365 account, escaping the safety of 2FA. 

The campaigns started in early 2025. In the beginning, hackers relied primarily on code phishing. By March, they increased their tactics to exploit Oauth authentication workflows, which are largely used for signing into apps and services. The development shows how fast threat actors adapt when security experts find their tricks.

Who is the victim? 

The attacks are particularly targeted against high-value sectors that include:

Universities and research institutes 

Defense contractors

Energy providers

Government agencies 

Telecommunication companies 

By targeting these sectors, hackers increase the impact of their attacks for purposes such as disruption, espionage, and financial motives. 

The impact 

The surge in 2FA code attacks exposes a major gap, no security measure is foolproof. While 2FA is still far stronger than relying on passwords alone, it can be undermined if users are deceived into handing over their codes. This is not a failure of the technology itself, but of human trust and awareness.  

A single compromised account can expose sensitive emails, documents, and internal systems. Users are at risk of losing their personal data, financial information, and even identity in these cases.

How to Stay Safe

Verify URLs carefully. Never enter authentication codes on unfamiliar or suspicious websites.  

Use phishing-resistant authentication. Hardware security keys (like YubiKeys) or biometric logins are harder to trick.  

Enable conditional access policies. Organizations can restrict logins based on location, device, or risk level.  

Monitor OAuth activity. Be cautious of unexpected consent requests from apps or services.  

Educate users. Awareness training is often the most effective defense against social engineering.  


Read more »
Mobile Security
Apple Apple device security Cybersecurity Threats iOS iOS Security Update iPhone Users Mobile Security

Apple Forces iOS 26 Upgrade Amid Active iPhone Security Threats

 

Apple has taken an unusually firm stance on software updates by effectively forcing many iPhone users to move to iOS 26, citing active security threats targeting devices in the wild. The decision marks a departure from Apple’s typical approach of offering extended security updates for older operating system versions, even after a major new release becomes available.

Until recently, it was widely expected that iOS 18.7.3 would serve as a final optional update for users unwilling or unable to upgrade to iOS 26, particularly those with newer devices such as the iPhone 11 and above. Early beta releases appeared to support this assumption, with fixes initially flagged for a broad range of devices. That position has since changed. 

Apple has now restricted key security fixes to older models, including the iPhone XS, XS Max, and XR, leaving newer devices with no option other than upgrading to iOS 26 to remain protected. Apple has confirmed that the vulnerabilities addressed in the latest updates are actively being exploited. The company has acknowledged the presence of mercenary spyware operating in the wild, targeting specific individuals but carrying the potential to spread more widely over time. These threats elevate the importance of timely updates, particularly as spyware campaigns increasingly focus on mobile platforms. 

The move has surprised industry observers, as iOS 18.7.3 was reportedly compatible with newer hardware and could have been released more broadly. Making the update available would likely have accelerated patch adoption across Apple’s ecosystem. Instead, Apple has chosen to draw a firm line, prioritizing rapid migration to iOS 26 over backward compatibility.

Resistance to upgrading remains significant. Analysts estimate that at least half of eligible users have not yet moved to iOS 26, citing factors such as storage limitations, unfamiliar design changes, and general update fatigue. While only a small percentage of users are believed to be running devices incompatible with iOS 26, a far larger group remains on older versions by choice. This creates a sizable population potentially exposed to known threats. 

Security firms continue to warn about the risks of delayed updates. Zimperium has reported that more than half of mobile devices globally run outdated operating systems at any given time, a condition that attackers routinely exploit. In response, U.S. authorities have also issued update warnings, reinforcing the urgency of Apple’s message. 

Beyond vulnerability fixes, iOS 26 introduces additional security enhancements. These include improved protections in Safari against advanced tracking techniques, safeguards against malicious wired connections similar to those highlighted by transportation security agencies, and new anti-scam features integrated into calls and messages. Collectively, these changes reflect Apple’s broader push to harden iPhones against evolving threat vectors. 

With iOS 26.3 expected in the coming weeks, users who upgrade now are effectively committing to Apple’s new update cadence, which emphasizes continuous feature and security changes rather than isolated patches. Apple has also expanded its ability to deploy background security updates without user interaction, although it remains unclear when this capability will be used at scale. 

Apple’s decision underscores a clear message: remaining on older software versions is no longer considered a safe or supported option. As active exploitation continues, the company appears willing to trade user convenience for faster, more comprehensive security coverage across its device ecosystem.
Read more »
Taiwan Bitcoin
Criminal Assets Cyber Crime Government Holdings Seized Crypto Taiwan Bitcoin

Taiwan Holds 210 BTC Seized from Criminals, Debates Bitcoin's Strategic Value

 

Taiwan’s government said it is holding more than 210.45 bitcoin, worth about $18 million, all of which were seized during criminal investigations related to fraud, money laundering, and other financial crime. This disclosure was in response to a legislator’s demand for information on the state’s digital asset balance, exposing Taiwan as the 10th largest government holder of bitcoin in the world. 

The value of the seized digital assets has amounted to nearly 1.3 billion NTD (about $41 million), including those in stablecoins and other cryptocurrencies. Taiwan’s stash of bitcoin is entirely the byproduct of law enforcement seizures, not strategic investing, and officials emphasise that these are funds gleaned from fighting cybercrime and financial misfeasance. 

In addition to bitcoin, the Taiwanese government also holds considerable amounts of stablecoins like USDT and USDC, as well as over 2,400 ethereum coins and smaller amounts of other digital tokens. Officials are seeking to standardize the storage, tracking and reporting of such assets systemwide so the media can be assured of transparency and security. 

The fate of the seized bitcoin remains undecided. Usually the practice is to auction the confiscated assets, and the proceeds are poured into the public coffers, but legislators have begun debating whether to categorize bitcoin as a strategic commodity. Some feel virtual assets are not just speculative commodities but could have a role in national security or financial sovereignty. 

Taiwan’s central bank has reportedly agreed to conduct a more detailed study of bitcoin, including potential regulatory schemes and experiments involving confiscated funds. It seems the acquisition of a long-term strategy would require legislative and regulatory guidance, an indication of the increasing relevance of digital assets as a matter of public policy and finance. 

Worldwide, over 640,000 BTC, which accounts for around 3% of all bitcoin supply, are held by governments, with the United States holding the largest amount, followed by China and the UK.Taiwan’s position highlights the expanding role of cryptocurrencies in law enforcement and national asset management.
Read more »
Technology
RBI contractual posts RBI lateral hiring RBI recruitment 2026 RBI supervision RBI technology roles Reserve Bank of India jobs Technology

India's RBI Opens Doors to Lateral Hiring in 2026, Signalling a Tech-First Shift in Financial Regulation

 

In a move highlighting the rapid evolution of India’s financial and digital landscape, the Reserve Bank of India (RBI) has announced a major lateral hiring initiative for 2026, inviting private-sector and specialist professionals into the central bank. This marks a strategic rethink in how India’s apex monetary authority prepares itself to regulate an economy increasingly driven by technology, data, cybersecurity challenges and cross-border capital movements.

The RBI has notified 93 contractual roles spanning supervision, information technology and infrastructure management. It is one of the most ambitious lateral recruitment efforts undertaken by the central bank in recent years, aimed at embedding specialised expertise directly within its core regulatory and operational functions.

A Central Bank Adapting to New Realities

Traditionally, the RBI has relied on a cadre-based structure, with talent largely sourced through internal promotions and competitive examinations. However, as the financial system becomes more digital, interconnected and complex, this model is being tested. The 2026 recruitment notification issued by the Reserve Bank of India Services Board reflects a growing recognition that modern regulation requires skills that conventional bureaucratic pathways may struggle to supply.

Emerging risks linked to cybersecurity, algorithm-based trading, artificial intelligence, advanced data analytics and sophisticated risk modelling have expanded the RBI’s responsibilities well beyond classical monetary policy. Addressing these challenges demands domain expertise that is often cultivated outside government systems.

Applications for these roles opened on December 17, 2025, and will close on January 6, 2026. Candidates will be shortlisted and interviewed, with no written examination — another clear break from long-standing recruitment practices.

A significant portion of the vacancies sit within the Department of Supervision, the RBI’s key arm for overseeing banks, non-banking financial companies and systemic risks. Roles covering credit risk, market and liquidity risk, operational risk and data analytics underline how supervision today depends heavily on interpreting complex datasets alongside enforcing regulations.

Positions such as cybersecurity analysts, data scientists, risk specialists and senior bank examiners signal a shift towards early risk detection rather than reactive crisis management. This analytics-led approach aligns with global regulatory trends, particularly as central banks worldwide respond to fintech growth and shadow banking challenges.

Technology and Data Take Centre Stage

The recruitment drive also underscores the RBI’s expanding dependence on technology. Through its Department of Information Technology, the central bank is seeking professionals in data science, AI and machine learning, network management and IT security.

These roles are central to governance, not auxiliary. RBI officials have repeatedly noted that digital payments, online lending platforms and financial infrastructure are now just as critical to systemic stability as traditional banks. The focus on advanced analytics and cyber defence reflects increasing concern about vulnerabilities in digital finance, especially as India’s transaction volumes and real-time payment systems continue to scale rapidly.

By offering full-time contractual roles, the RBI appears to be prioritising flexibility — enabling it to address skill shortages quickly without long training or induction periods.

A Broader Message for Public Institutions

Beyond filling vacancies, the 2026 hiring initiative sends a wider signal across India’s regulatory ecosystem. It suggests a subtle but important shift in how elite public institutions perceive expertise — recognising that in fast-changing environments, critical knowledge may need to be sourced directly from the market.

For seasoned professionals in technology, risk management and financial analytics, this opens a rare opportunity to contribute to policymaking at the highest level. For the RBI, it represents an experiment in combining institutional continuity with external perspectives.

Whether this infusion of lateral talent will transform the central bank’s internal culture remains uncertain. However, as India’s financial system becomes more sophisticated and globally integrated, the RBI’s decision indicates a clear understanding that maintaining stability may now require capabilities developed as much outside Mint Street as within it.
Read more »
Subscribe to: Comments (Atom)

Featured