Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Five Eyes Warn AI-Powered Cyberattacks Could Outpace Defenses Within Months

  A Five Eyes intelligence alliance has issued an urgent warning, warning that advanced artificial intelligence could soon allow cyberattack...

All the recent news you need to know

Proxy Servers Power More Than Cybersecurity, Emerging as a Backbone for AI and Digital Businesses

 

Proxy servers are commonly linked with cybersecurity and online privacy, with much of the public conversation focusing on their association with cybercrime. However, beyond these concerns, proxy servers have become an essential part of modern business operations, research activities and emerging technologies, particularly artificial intelligence (AI).

According to Proxyway's annual market report, which has tracked the commercial proxy server industry since 2019, proxy servers play a much larger role in the digital economy than many people realise.

Proxy servers are computers that allow users to access the internet through a different internet connection. By routing traffic through another device, users can obtain a different IP address, making it appear as though they are browsing from another location or internet service provider.

Although they share similarities with virtual private networks (VPNs), proxy servers differ in one important way. Businesses often operate multiple proxy servers simultaneously instead of relying on a single connection, enabling them to collect publicly available web data on a much larger scale, subject to the policies of individual websites.

Beyond cybersecurity, proxy servers have become a key part of legitimate commercial operations. A well-established industry now provides proxy services to businesses across the globe while working towards responsible self-regulation. Several leading providers generate significant annual revenues by offering enterprises tools for large-scale web access and data collection.

Proxyway surveyed 13 major proxy service providers and found that e-commerce remains the biggest area of demand. Businesses use proxy servers to monitor competitors' product listings and pricing, build price comparison platforms, analyse customer reviews to understand market sentiment and support other commercial intelligence activities.

Proxy servers are also used to detect counterfeit products across online marketplaces and verify that digital advertisements appear in the intended locations.

In the travel industry, proxy technology enables online travel agencies and hotel booking platforms to compare prices and secure competitive deals. Digital marketers rely on proxies to track search engine rankings across different locations, while cybersecurity professionals use them to identify malicious applications online. Researchers and academic institutions also depend on proxy networks to gather extensive datasets, including studies examining media representation of women in workplaces.

Supporting AI development

Proxy servers are increasingly becoming an important component of the AI ecosystem.

They help facilitate access to the vast volumes of web data needed to train and update large language models. As AI systems continue to evolve through regular retraining, proxy infrastructure supports ongoing data collection efforts.

The report also highlights the growing role of proxy servers in agentic AI, where autonomous AI systems perform tasks on behalf of users.

For several proxy providers, AI-focused clients now represent a substantial share of their customer base. One major industry participant has reported strong year-on-year growth driven partly by rising demand from AI companies, with annualised recurring revenue increasing significantly and further expansion expected, according to the report.

Industry experts stress that proxy servers themselves are neutral technologies whose impact depends on how they are used. Their applications range from cybersecurity investigations and academic research to commercial operations and AI development.

Many established providers have adopted measures to ensure responsible usage. Residential proxy networks are built by obtaining users' consent and offering compensation to participants who contribute their internet connections.

Providers also conduct customer verification, with some requiring identity documents and video-based authentication. Many restrict access to high-risk websites, including government and financial institutions, while continuously monitoring their networks for misuse.

Several companies have also come together under the Ethical Web Data Collection Initiative, a consortium that aims to promote responsible data collection practices, strengthen public confidence and encourage sustainable industry standards.

While debates continue around AI training practices and the use of publicly available web data, proxy servers remain an important part of the internet's infrastructure, quietly supporting many digital services that people use every day.

Sovereign File Architecture Gains Importance as Enterprises Rethink Cloud Data Control

 

Cloud computing changed enterprise IT by enabling organizations to achieve significant storage scalability and cost savings. Companies quickly embraced the idea of storing data in the cloud because of its flexibility and accessibility. However, because information remains on physical servers, companies are discovering that data is stored in a specific location subject to local legislation. 

This led to the concept of sovereign file architecture, one of the strategies by which organizations seek to store information considering jurisdiction as a critical factor. The data storage strategy is now focused on achieving file sovereignty and residency rather than convenience. Data sovereignty differs from privacy in that the former concerns the primary authority that possesses the right to store and access information, while the latter relates to its geographic location. 

While the early cloud computing innovators placed their data with the most accessible and cost-effective infrastructure, there was little information on where exactly it was stored. This created a sovereignty gap, as the organizations had limited insight into who could access the information and the applicable legal frameworks. At the same time, there are more data residency and sovereignty risks today as countries impose strict regulations and trade barriers while dealing with cybersecurity threats and geopolitical tensions. 

Data residency is a crucial consideration for many organizations, particularly those dealing with sensitive data and operating at a multinational level. Disasters, government restrictions, or geopolitical tensions may render some servers inaccessible, thus necessitating the need to store data in different jurisdictions. Enterprises are now prioritizing storage solutions that give them the most control by allowing them to migrate or place their information as they see fit. 

These factors are driving companies to adopt sovereign file architecture, which is designed to decouple file management from storage. By doing so, organizations satisfy the need to store data in several jurisdictions and maintain flexibility regarding where to store sensitive or non-sensitive information. Enterprises can also utilize a hybrid strategy consisting of private and public storage methods, thus balancing costs and file security. 

Sovereign file architecture allows organizations to remain compliant with the increasingly stringent data residency and sovereignty laws enforced by governments worldwide. Consequently, there is now a growing preference for sovereign file architectures over other options when considering factors such as transparency, legal protection, and control.

Chinese AI Model GLM 5.2 Pushes Open-Weight AI Forward

 




Chinese artificial intelligence company Z.ai, formerly known as Zhipu AI, has introduced GLM 5.2, an open-weight large language model that is attracting attention among developers for combining advanced AI capabilities with the flexibility to run on privately owned hardware. Unlike proprietary AI platforms such as ChatGPT and Claude, which are primarily accessed through cloud-based subscriptions, GLM 5.2 allows developers to download, customize, and deploy the model within their own computing environments, offering greater control over infrastructure, privacy, and operational costs.

The release comes as open-weight AI models continue to narrow the performance gap with leading commercial systems. While proprietary models have traditionally dominated the AI ecosystem with stronger reasoning capabilities, newer open-weight alternatives, including Meta's Llama family, Mistral, and now GLM 5.2, are demonstrating that many enterprise workloads no longer require exclusive reliance on premium cloud-hosted models. Businesses commonly use AI to summarize extensive document repositories, generate and debug software code, automate repetitive workflows, and retrieve information from internal knowledge bases, making cost-efficient deployment an increasingly important consideration.

Unlike fully open-source AI projects that typically publish training code, data processing pipelines, evaluation frameworks, and other development components, open-weight models primarily provide access to the trained model parameters. This enables organizations to fine-tune and integrate the model into their own applications while maintaining considerably more flexibility than closed AI services, where the underlying model remains inaccessible.

Interest in GLM 5.2 has also grown following demonstrations showing the model running locally on high-end Apple systems, including the Mac mini. Although these deployments require powerful hardware, they illustrate how advanced AI models are gradually becoming practical outside centralized cloud infrastructure. For organizations handling sensitive financial information, medical records, intellectual property, or confidential research, local deployment reduces the need to transmit data to third-party platforms, strengthening privacy protections while supporting regulatory compliance and data sovereignty requirements.

Despite its flexibility, GLM 5.2 remains an exceptionally demanding model. Built using a Mixture-of-Experts architecture containing between 744 billion and 753 billion parameters, the model occupies approximately 1.51TB of storage and memory in its original form. Developers therefore rely on quantization, a compression technique that reduces memory requirements by lowering the numerical precision of model weights. Even after aggressive optimization, approximately 240GB of memory is still required to load the model. GLM 5.2 also supports a one-million-token context window, allowing it to process entire software repositories, lengthy technical documentation, and extensive research collections within a single prompt, though doing so places additional demands on system memory.

As organizations continue evaluating how AI should be deployed across their operations, GLM 5.2 reflects a broader industry movement toward flexible AI ecosystems where proprietary, open-weight, and locally hosted models each serve different operational needs. Rather than replacing commercial AI platforms outright, models such as GLM 5.2 provide businesses with additional options to balance performance, cost, security, and data control as enterprise AI adoption continues to evolve.

Free VPNs and Streaming Apps Turn Your Device Into a Criminal Proxy

 

Free VPNs and streaming apps are quietly transforming everyday devices into tools for cybercriminals. Unwitting users are allowing their internet connections to be hijacked and used to mask illegal activity, exposing them to serious security and legal risks. While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times. 

Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month. Criminals exploit these proxies for activities like fraud, online ad fraud, fake account creation, unauthorized data scraping, and bypassing regional restrictions on streaming platforms. Because their traffic blends in with legitimate user requests, businesses often struggle to identify and block these threats until real damage has occurred. 

Most users are unaware that their devices are being weaponized. Permission is either buried in the fine print of end-user license agreements or never properly obtained at all. Once inside a network, these apps can silently forward requests from threat actors, who benefit from the anonymity of a residential IP. Victims may later face issues such as flagged accounts, CAPTCHA overload, or extra verification steps, as their IP addresses get tagged by reputation systems for suspicious behavior. 

Certain categories of software are higher risk. Free VPNs, cheap IoT devices from unknown manufacturers, screen-recording or streaming software, and browser extensions can all serve as entry points for residential proxy abuse. These tools often lack transparency about their data and traffic practices, prioritizing monetization over user safety. 

Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network. To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.

Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak


 

Council of Europe is investigating a major data breach following the public release of approximately 297 GB of sensitive employee data by cybercriminal group ShinyHunters following the expiration of a ransom deadline. 

An archive has been leaked that contains information regarding more than 10,000 current and former employees, contractors, and job applicants dating from 15 years ago. As one of Europe's leading human rights organizations since 1949, the Council of Europe has been an official observer at the United Nations since 1949. It represents 46 member states and is a central force in promoting democracy, human rights, and the rule of law throughout Europe. 

Since the information it holds is sensitive, the breach of confidentiality is particularly significant. As reported by ShinyHunters, more than 429,000 files, including personnel data, were obtained from multiple Council departments, including human resources and administrative units. This was one of the largest breaches of personal data involving an intergovernmental organization in Europe. 

Information available indicates that payroll records, bank account information, medical information, tax information, social security information, salary histories, personnel files, and thousands of CVs were exposed. Due to the large size of the dataset, identity theft, financial fraud, and highly targeted phishing are significantly more likely to occur. It has been reported that the breach is related to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability affecting Oracle PeopleSoft's Environment Management Hub (PSEMHUB). 

According to security researchers, the vulnerability allowed attackers to execute arbitrary code remotely without authentication. According to Google's Mandiant team, more than 100 organizations had actively exploited the vulnerability prior to Oracle's release of security guidance. Using the zero-day vulnerability in combination with older vulnerabilities, ShinyHunters obtained persistent access, migrated laterally through compromised environments, and exfiltrated data while posing as legitimate users. 

The exploit was conducted between May 27 and June 9, before mitigations were available. ShinyHunters has also altered its extortion strategy significantly following the Council of Europe declining to meet the ransom demand. In response to the Council's refusal to pay the ransom, ShinyHunters announced it would permanently distribute stolen datasets through multiple mirror sites and torrent networks, thereby reducing the likelihood of future takedown efforts.

In addition, the incident adds to the growing number of campaigns involving ShinyHunterS Researchers have recently linked the group to attacks targeting multiple organizations, while Google's threat intelligence team has linked the group's latest activity to widespread exploitation of the Oracle PeopleSoft zero-day vulnerability before mitigations were available. 

According to a brief statement issued by the Council of Europe, the organization was "investigating the matter and assessing the situation." Further comment was not provided. The organization has not yet announced a formal notification process or measures to protect individuals' identities. Zero-day exploitation and data extortion campaigns are becoming increasingly prevalent, with public disclosure increasingly taking precedence over traditional ransomware encryption. 

The threat of persistent leak strategies is increasing, which is why organizations are being urged to strengthen vulnerability management, accelerate patch deployment, and improve incident response to minimize both institutions and individuals' long-term risks.

Critical Bugs In Cursor IDE via Zero-Click Prompt Injection Can Launch RCE


CATO AI labs discovered two critical flaws in the famous AI code editor ‘Cursor’ that could result in remote code execution (RCE) outside the IDE’s sandbox. 

Duneslide

The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.

The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.

A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.

Key takeaways

Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.

Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.

Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.

Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.

First vulnerability: Parameter altering

The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.

This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.

Second vulnerability: Symlink failure

The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances.  It allows hackers to avoid beyond-limits write restrictions via symbolic links.

In most traditional software, an external hacker cannot remotely generate symlinks on the target's system.  In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise. 

Featured