Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Trust Wallet Chrome Extension Hack Costs $8.5 Million Theft

Chrome extension compromise resulted in millions of theft Trust Wallet recently disclosed that the Sha1-Hulur supply chain attack last year ...

All the recent news you need to know
Password Security
Account security Account Takeover Compromised Passwords Credential stealing Cyber Security Cyberattacks data security Password Security

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025

 

As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials. 

The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed. 

Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem. 

The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts. 

This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens. 

For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers. 

These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts. 

Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential. 

As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.
Read more »
US Security
ByteDance Sale Cyber Security Data Privacy TikTok Deal TikTok Investors US Security

TikTok US Deal: ByteDance Sells Majority Stake Amid Security Fears

 


TikTok’s Chinese parent company, ByteDance, has finalized a landmark deal with US investors to restructure its operations in America, aiming to address longstanding national security concerns and regulatory pressures. The agreement, signed in late December 2025, will see a consortium of American investors take a controlling stake in TikTok’s US business, effectively separating it from ByteDance’s direct management. This move comes after years of scrutiny by US lawmakers, who have raised alarms about data privacy and potential foreign influence through the popular social media platform.

Under the new arrangement, TikTok US will operate as an independent entity, with its own board and leadership team. The investors involved are said to include major US financial firms and technology executives, signaling strong confidence in the platform’s future growth prospects. The deal is expected to preserve TikTok’s core features and user experience for its more than 170 million American users, while ensuring compliance with US data protection laws and national security standards.

Critics and privacy advocates have welcomed the move as a step toward greater transparency and accountability, but some remain skeptical about whether the separation will be deep enough to truly mitigate risks. National security experts argue that as long as ByteDance retains any indirect influence or access to user data, the underlying concerns may persist. 

US regulators have indicated they will continue to monitor the situation closely, with potential further oversight measures possible in the coming months.The deal is also expected to impact TikTok’s global expansion strategy. With its US operations now under American control, TikTok may find it easier to negotiate partnerships and investments in other Western markets where similar regulatory hurdles exist. However, challenges remain, especially in regions where geopolitical tensions could complicate business operations.

For users, the immediate effect is likely to be minimal. TikTok’s content, features, and community guidelines are expected to remain unchanged in the short term. Over the longer term, the separation could lead to new product innovations and business models tailored specifically to the US market. The deal marks a significant shift in the global tech landscape, reflecting the growing importance of data sovereignty and regulatory compliance in the digital age.
Read more »
Unleash Protocol hack
crypto security breach Cyber Attacks smart contract upgrade attack Unleash Protocol exploit Unleash Protocol hack

Unleash Protocol Suffers $3.9M Crypto Loss After Unauthorized Smart Contract Upgrade

 

Decentralized intellectual property platform Unleash Protocol has reported a loss of approximately $3.9 million in digital assets following an unauthorized upgrade to its smart contracts that enabled illicit withdrawals.

The Unleash team stated that the attacker managed to gain sufficient signing authority to function as an administrator within the project’s multisig governance framework.

"Our initial investigation indicates that an externally owned address gained administrative control via Unleash’s multisig governance and carried out an unauthorized contract upgrade," the company says in a public announcement.

"This upgrade enabled asset withdrawals that were not approved by the Unleash team and occurred outside our intended governance and operational procedures."

Unleash Protocol positions itself as a blockchain-based operating system for intellectual property management, transforming IP into tokenized on-chain assets. These assets can be used within decentralized finance (DeFi) applications, while smart contracts automate licensing, monetization, and royalty distribution among predefined stakeholders.

By exploiting the unauthorized contract upgrade, the attacker unlocked withdrawal functionality and siphoned multiple assets, including WIP (wrapped IP), USDC, WETH (wrapped Ether), stIP (staked IP), and vIP (voting-escrowed IP).

Blockchain security firm PeckShieldAlert estimates the total losses at roughly $3.9 million.

Following the withdrawals, the stolen funds were bridged using third-party services and sent to external wallets to obscure their movement. PeckShieldAlert further noted that the attacker deposited the funds into the Tornado Cash mixing service, totaling 1,337 ETH.

Tornado Cash, which was sanctioned by the United States in 2022 and later delisted in 2025 for its involvement in laundering funds linked to North Korean hacking groups, allows users to obscure transaction trails before moving funds to new wallets. Although intended to enhance privacy on public blockchains, the service has frequently been misused by cybercriminals to evade tracking and asset recovery.

In response to the breach, Unleash Protocol has halted all platform operations and initiated a comprehensive investigation with external security specialists to identify the root cause. The team is also assessing possible remediation and recovery strategies.

Until further notice, users have been urged to avoid interacting with Unleash Protocol smart contracts and to rely solely on official communication channels for updates regarding platform safety.
Read more »
Technology
Bitcoin Cryptography Blockchain Security Crypto Risk cyber threat Decentralised Consensus Post Quantum Crypto Public Key Exposure Quantum computing Shor Algorithm Technology

Bitcoin’s Security Assumptions Challenged by Quantum Advancements


While the debate surrounding Bitcoin’s security architecture has entered a familiar yet new phase, theoretical risks associated with quantum computing have emerged in digital forums and investor circles as a result of the ongoing debate. 

Although quantum machines may not be able to decipher blockchain encryption anytime soon, the recurring debate underscores an unresolved issue that is more of an interpretation than an immediacy issue. However, developers and market participants continue to approach the issue from fundamentally different perspectives, often without a shared technical or linguistic framework, despite the fact that they are both deeply concerned with the long-term integrity of the network. 

In response to comments made by well-known Bitcoin developers seeking to dispel growing narratives of a cryptographic threat that was threatening the bitcoin ecosystem, a resurgence of discussion has recently taken place. There is no doubt that they hold an firmly held position rooted in technical pragmatism: computational systems are not currently capable of breaking down Bitcoin's underlying cryptography, and scientific estimates indicate they would not be able to do so at a scale that would threaten the network for decades to come.

Although the reassurances are grounded in the practicality of the situation now, they have not been able to dampen the renewed momentum of speculation. This reveals that the debate is fueled as much as by perception and readiness as it is by technological capability itself. In addition, industry security leaders have provided input to the debate, including Jameson Lopp, Chief Security Officer at Casa, who pointed out that Bitcoin cannot be prepared structurally for a postquantum future because of its structural difficulties. 

Nonetheless, Lopp has warned that while quantum computing is not likely to pose an actual threat for Bitcoin's elliptic curve cryptography today, there is a timetable for defensive upgrades which is defined less by science feasibility and more by how complicated the governance system is. While centralized digital infrastructures may be patched at will as they are deployed at will, Bitcoin’s protocol modifications require broad consensus across a stakeholder landscape which is unusually fragmented. 

There is a requirement that node operators, miners, wallet providers, exchanges, and independent users all be part of a deliberative process that is difficult to interrupt quickly due to its deliberate nature. Based on Lopp's estimation, it may take five to ten years to transition the network to post-quantum standards. This is due to the friction inherent to decentralized decision-making, rather than the technical impossibility of the process. 

In this regard, Lopp emphasizes an important recurring theme: the threat is not urgent, but choreography—ensuring future safeguards are formulated with precision, patience, and overwhelming agreement, while not undermining Bitcoin's unique decentralization, which defines its resilience. In what had largely been a theoretical debate, the debate regarding Bitcoin's future-proofing has now gained a new dimension with the inclusion of empirical testing in what was largely a theoretical one. 

Project Eleven, a quantum computing research organization, has released a competitive challenge that aims to assess the stability of the network against actual quantum capabilities rather than projected advances in quantum technology. This initiative, which has been branded as the Q-Day Prize, offers 1 Bitcoin - an amount estimated to be approximately $84,000 at the time of release - to anyone able to decode the largest segment of a Bitcoin private key using Shor's algorithm on an operating quantum computer within a 12-month period. 

It is explicitly prohibited from participating in the contest if hybrid or classical computational assistance are employed, further emphasizing the contest's requirement that quantum performance be demonstrated unambiguously. 

It is not just the technical rigor that explains why the project was initiated, but it is also a strategic signaling exercise: Project Eleven claims that more than 10 million Bitcoin addresses have disclosed public keys to date, securing an estimated 6 million Bitcoins in total, the current market value of which is approximately $500 billion. 

Despite the fact that even a minimal level of progress – like successfully extracting even a fraction of the key bits – would constitute a significant milestone for this company, the firm maintains that even a breach of just three bits would be a monumental event, since no real-world elliptic curve cryptographic key has ever been breached at such a large scale.

In the spirit of Project Eleven, the project is not intended as an attack vector, but rather as a benchmark for preparedness, which is aimed at replacing conjecture with measurable results and increasing momentum towards post quantum cryptographic research before the technology reaches adversarial maturity. 

There is some stark divergence in perspectives on the quantum question among prominent Bitcoin community figures, though there is a common thread in how they assess the urgency of the situation. Founder of infrastructure firm Blockstream Adam Back asserted that the risk of quantum computing was in fact “effectively nonexistent in the near term,” arguing that it is still “ridiculously early” and is faced with numerous unresolved scientific challenges, and that even under extreme scenarios, Bitcoin's architecture would not suddenly expose all of its coins to seizure even if extreme scenarios occurred. 

The view expressed by Thicke echoes an underlying sentiment amongst designers who emphasize that even though Bitcoin's use of elliptic curve cryptography theoretically exposes some addresses to future risks, this has not translated into any current vulnerabilities as a result and that is why it is still regarded as something for the future. 

In theory, sufficiently powerful quantum machines running Shor's algorithm could, in theory, derive private keys from exposed public keys, which is something experts are concerned could threaten funds held in legacy address formats, such as Satoshi Nakamoto's untouched supply, which have been languishing for years. However, this remains speculative; quantum advances are not expected to result in the network failing immediately as a consequence. 

There are already a number of major companies and governments that are preparing for the future preemptively, with the United States signaling plans to phase out classical cryptography by the mid-2030s and firms like Cloudflare and Apple integrating quantum-resilient systems into their products. The absence of a clear transition strategy, however, in Bitcoin is drawing increased investor attention as a result of the absence of a formalized transition strategy. 

There appears to be a disconnect between cryptographic theory and practical readiness, as Nic Carter, a partner at Castle Island Ventures, has observed. The capital markets are less interested in the precise timing of quantum breakthroughs than in whether Bitcoin can demonstrate a viable path forward if cryptographic standards are altered, as opposed to whether they can predict a quantum breakthrough when it happens. 

A debate about Bitcoin's quantum security goes well beyond technical discourse; it is about extending the trust that has historically defined Bitcoin’s credibility—the underlying basis of Bitcoin’s credibility. As Bitcoin's ecosystem evolves into a financial infrastructure of global consequence, it is now intersecting institutional capital, sovereign research priorities, and retail investment on a scale that once seemed unimaginable, revealing how it has become so influential. 

According to industry observers and analysts, network confidence is no longer based on the network’s capacity for resisting hypothetical attacks, but rather on its ability to anticipate them. For long-term security planning, it is becoming increasingly important for Bitcoin’s decentralised design to be based on its philosophical foundations — self-custody, open collaboration, and distributed responsibility — to serve as strategic imperatives in order to achieve them. 

Some commentators caution against dismissing a time-bound vulnerability that is well recognized as such, and risk being interpreted as a failure of stewardship, especially since governments and major technology companies are rapidly adopting quantum-resistant cryptographic systems in an effort to avoid cyber security vulnerabilities. 

In spite of the fact that market sentiment is far from panicky, it does reflect an increasing intolerance of strategic ambiguity among investors and developers. Both are being urged to align once again around the principle which made Bitcoin so popular in the first place. The ability to survive and thrive in finance and emerging technologies requires proactive foresight, as well as the ability to adapt and develop in an innovative manner. 

BIP360 advocates argue that the proposal is not about forecasting quantum capability, but rather about determining the appropriate strategic time to implement the proposal. It is argued that the transition to post-quantum cryptographic standards - should it be pursued - will require a rare degree of synchronization across Bitcoin's distributed ecosystem, which means phased software upgrades, infrastructure revisions, as well as coordinated action on the part of wallet providers, node operators, custodians, and end users in order to achieve these goals.

It is stressed by supporters that initiating the conversation early can act as a means of risk mitigation, decreasing the probability that decision-making will be compressed should technological progress outpace consensus mechanisms. 

The governance model that has historically insulated Bitcoin from impulsive changes is now being reframed as a constraint in debates where horizons are shaped by decade-scale rather than immediate attack vectors. Quantum computing is viewed by cryptography experts as a non-existent threat to the network, and no credible scientific roadmaps suggest that an imminent threat will emerge from it. 

In spite of this, market participants noted that bitcoin has attracted more institutional capital and has longer investment cycles, which have led to a narrowing of tolerance towards unresolved systemic questions, no matter how distant. 

A lack of a common evaluative framework between protocol developers and investors continues to keep the quantum debate peripherie of sentiment, not as an urgent alarm, but rather as an unresolved variable quietly influencing the market psychology in a subtle way.
Read more »
ToneShell
cyber espionage Kapersky Kernel malware ToneShell

Advanced Rootkit Used to Conceal ToneShell Malware in Targeted Cyberespionage Attacks

 



Cybersecurity researchers have brought to light a new wave of cyberespionage activity in which government networks across parts of Asia were quietly compromised using an upgraded version of the ToneShell backdoor. What sets this campaign apart is the method used to hide the malware. Instead of relying solely on user-level tools, the attackers deployed a kernel-mode component that operates deep within the Windows operating system, allowing the intrusion to remain largely invisible.

The activity has been linked with high confidence to a China-aligned cyberespionage group that has a long history of targeting government agencies, policy institutions, non-governmental organizations, and research bodies. Investigators say the campaign reflects a continued focus on long-term intelligence collection rather than short-lived attacks.

The findings come from an investigation by Kaspersky, which identified malicious system drivers on compromised machines in countries including Myanmar and Thailand. Evidence suggests the campaign has been active since at least February 2025. In several cases, the affected systems had previously been infected with older espionage tools tied to the same threat ecosystem, indicating that access was maintained and expanded over time.

At the centre of the operation is a malicious kernel-mode driver disguised as a legitimate system component. The driver is digitally signed using an older certificate that appears to have been improperly reused, helping it avoid immediate suspicion during installation. Once active, it acts as a rootkit, injecting hidden code into normal processes and blocking attempts by security software to detect or remove it.

The driver protects itself aggressively. It prevents its files and registry entries from being altered, assigns itself a high execution priority, and interferes with Microsoft Defender by stopping key components from fully loading. While malicious code is running, it temporarily blocks access to infected processes, removing those restrictions afterwards to leave fewer traces behind.

The ToneShell backdoor delivered by this loader has also been updated. Earlier versions used a longer and more distinctive system identifier. The new variant switches to a shorter four-byte host marker, making individual infections harder to track. Its network traffic has been altered as well, with communications disguised to resemble legitimate encrypted web connections through the use of fake security headers.

Once installed, the backdoor gives attackers broad control over compromised systems. It can stage data in temporary files, upload and download information, cancel transfers when needed, open interactive remote command sessions, execute instructions in real time, and close connections cleanly to reduce forensic evidence. These features point to a tool designed for sustained, low-noise espionage rather than disruptive attacks.

Kaspersky warns that detecting this activity requires more than standard file scanning. Because much of the malicious behaviour occurs in memory and at the kernel level, advanced memory forensics are critical for uncovering infections. The researchers note that the campaign demonstrates a clear shift toward greater stealth and resilience, underscoring the growing sophistication of modern cyberespionage operations.

Read more »
VeraBank
Artisans' Bank cyberattack Data Breach Marquis Software ransomware attack US bank data breach VeraBank

Two US Banks Disclose Customer Data Exposure Linked to Marquis Software Ransomware Attack

 

Two American banks have issued public warnings to customers after being affected by a ransomware incident that occurred in August at a widely used financial software provider.

Artisans' Bank and VeraBank notified regulators in Maine last week that recent data breaches traced back to a cyberattack on Marquis Software. The vendor had earlier confirmed it suffered a ransomware attack around August 14, impacting dozens of corporate clients and thousands of individuals connected to those organizations.

In notification letters sent to affected customers, VeraBank clarified that Marquis Software serves as its “customer communication and data analysis vendor.”

“They had access to your data to communicate relevant and necessary updates with you and also to analyze what bank products and services may best fit your needs,” the Texas-based lender stated. “We only provided Marquis with access to your data after they had contractually agreed to secure and protect the same.”

According to VeraBank’s disclosures, 37,318 individuals had personal information compromised, though the bank did not specify exactly what data was taken.

Artisans' Bank, headquartered in Delaware, said it was alerted to the incident by Marquis Software in October. Its investigation revealed that the breach exposed the names and Social Security numbers of 32,344 people.

Both banks emphasized that their internal systems were not compromised and that the stolen information was “maintained by Marquis Software.”

The disclosures make VeraBank and Artisans' Bank the latest financial institutions identified as downstream victims of the Marquis Software attack. The company provides data analytics, compliance services, and digital marketing solutions to hundreds of banks and credit unions nationwide.

Marquis Software stated in its own breach notifications that it contacted federal law enforcement after discovering the cyberattack in August. The company said investigators traced the breach to a vulnerability in a SonicWall firewall device.

According to Marquis Software, the stolen data included names, addresses, phone numbers, Social Security numbers, taxpayer identification numbers, dates of birth, and financial account details that did not include security or access codes.

Between October 27 and November 25, Marquis Software notified at least 74 banks, credit unions, and financial institutions that their data was involved in the breach. The company filed reports with regulators in multiple states, including Maine, South Carolina, Washington, and Iowa, and also issued notices on behalf of several affected institutions.

The firm has not responded to inquiries about whether additional financial organizations have since been impacted or how many total individuals were affected.

Based on victim counts collected from various state breach registries, cybersecurity researchers and law firms estimate the total number of affected individuals could range from approximately 788,000 to 1.35 million.

Cybersecurity firm Comparitech reported obtaining a now-deleted breach notification letter from Iowa-based Community 1st Credit Union that alleged Marquis Software paid a ransom to the attackers. The company has not commented on whether a payment was made, and no ransomware group has publicly claimed responsibility for the attack.


Read more »
Subscribe to: Comments (Atom)

Featured