Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

eth.limo DNS Hijack Thwarted By DNSSEC After Social Engineering Attack On EasyDNS

  Unexpectedly, the ENS gateway known as eth.limo revealed a DNS hijack stemming from a social engineering scheme aimed at EasyDNS, its doma...

All the recent news you need to know
Stryker
Business Security Cyber Attacks Data Leak Medical Tech Stryker

Stryker Attack Wipes Thousands of Devices Without Malware

 

Stryker’s latest cyber incident is a stark reminder that attackers do not always need malware to cause major damage. The medical technology company said the breach was confined to its internal Microsoft environment and did not affect its products, including connected and life-saving devices, which remain safe to use. Even so, the attack disrupted business operations and forced customers to place orders manually while electronic ordering systems stayed offline. 

According to the report, the incident was not a ransomware attack, and Stryker emphasized that no malware was deployed on its systems. Instead, the threat actor appears to have used legitimate Microsoft Intune tools to remotely wipe devices after compromising an administrator account and creating a new Global Administrator account. That method made the attack especially dangerous because it relied on trusted enterprise controls rather than suspicious malicious software. 

The scale of the wipe was severe. A source familiar with the attack told BleepingComputer that nearly 80,000 devices were erased between 5:00 and 8:00 a.m. UTC on March 11. Employees across multiple countries reportedly woke up to find company-managed laptops and mobile devices wiped overnight. The group Handala, believed to be linked to Iran, claimed responsibility and said it had destroyed over 200,000 systems and stolen 50 terabytes of data, though investigators did not confirm those claims. 

What makes this case notable is that the attack appears to have used “living off the land” tactics, meaning the intruder abused legitimate administrative access rather than deploying custom code. That approach can be harder to detect because security tools often look for malware signatures or known exploit behavior, not authorized commands executed by a compromised admin account. The result is a fast, high-impact disruption that can spread across a corporate fleet in hours. 

For enterprises, the Stryker case reinforces the need for stronger identity protection, tighter administrator controls, and better monitoring of cloud management platforms. Privileged access should be minimized, account creation should be closely audited, and wipe capabilities should require strong checks before execution. In this incident, the attacker did not need an exploit or a virus; a stolen credential and a legitimate tool were enough to cripple a large organization.
Read more »
Web Application Security
Access Control Failure customer data leak Cyber Security Cybersecurity Incident Data Exposure Data protection Privacy Risk URL Enumeration Web Application Security

Retailer Secures Website After Customer Data Leak Risk Identified


 

Express has quietly fixed a security flaw that permitted unauthorized access to customer order data following a significant lapse in web application security. This vulnerability exposed sensitive information ranging from customer names, emails, telephone numbers, shipping details, and partial payment data through search engine indexing, which resulted in an inadvertent public disclosure of order confirmation pages through search engine indexing.

There were at least a dozen such records appearing in search results, demonstrating that sequential order identifiers embedded within URLs may be exploited without sophisticated intrusion techniques. In a fraud investigation conducted by an independent security researcher, the issue was uncovered, which highlights how seemingly routine investigations can reveal deeper systemic weaknesses in data handling and access controls. The company was then able to take immediate and corrective measures.

A wide variety of personally identifiable information was disclosed in the exposed records, including customer name, phone number, email address, billing and delivery locations as well as masked payment card information, which was accessible via publicly accessible order confirmation pages. Initially, users could enumerate order records by altering parameters within the web address due to inadequate access controls and predictable URL patterns.

In investigating a suspicious transaction involving a family member, Rey Bango discovered that a simple search query could reveal unrelated customer orders that had previously been indexed by search engines when investigating a suspicious transaction. 

Upon the disclosure of this incident, Express, which is now owned by WHP Global, took steps to remediate the issue. However, the company has not yet clarified whether affected individuals will receive a formal notification. Despite reaffirming the organization's commitment to safeguarding consumer data and encouraging responsible reporting of vulnerabilities, Joe Berean did not outline a structured reporting process for vulnerabilities. 

A number of data exposure incidents have been linked to misconfigured web assets in the past year, reinforcing the persistent gaps in secure development practices as well as the challenges that enterprises must overcome when preventing unintended data leaks at large scales. 

The discovery emerged largely as an accident, resulting from Rey Bango's attempt to validate a potentially fraudulent transaction involving a family member's account after further investigation. In the absence of a clearly defined reporting channel, he escalated the issue by submitting a report in order to ensure prompt resolution. Based on his findings, search engines could surface unrelated records of customers by querying order numbers through indexed confirmation pages coupled with sequential order identifiers. 

As a result of independent verification, minor manipulations of URL parameters enabled the unauthorized access to other users' order histories and personal information, a vulnerability that could be amplified through automated enumeration. After the flaw was disclosed, Express addressed it, but the response evolved to clarify whether the affected customers would be notified and whether forensic logs could be used to determine the extent of unauthorized access. 

The company’s marketing head, Joe Berean, reinforced the company's commitment to data security, but offered limited transparency regarding incident response measures, such as the absence of information about a formal vulnerability disclosure framework or regulatory notification requirements. 

Despite persistent governance gaps, the lack of clarity regarding follow-up compliance, particularly concerning U.S. breach disclosure requirements, highlights these shortcomings. As seen in recent disclosures involving Home Depot and Petco, this episode aligns with a general pattern of exposure incidents that are related to misconfigurations. Because of overlooked security controls, sensitive customer data remains accessible, highlighting the ongoing challenges of enforcing robust web application security. 

The incident illustrates how relatively simple design oversights, such as predictable identifiers and improperly restricted web resources, can quickly morph into large-scale privacy risks, when combined with search engine indexing and absent disclosure mechanisms. 

The company has taken steps to resolve the immediate vulnerability, but the lack of clarity around notification to customers, audit logging, and formal vulnerability intake procedures raises concerns regarding incident readiness and accountability. 

Due to the expansion of digital commerce footprints, the case illustrates the necessity of incorporating secure-by-design principles, in addition to implementing robust access controls and maintaining transparent reporting mechanisms in order to address flaws before they become more serious. 

When these safeguards are not in place, even routine transactional systems can become unintentional points of vulnerability, reinforcing the necessity of continuous security validation throughout the lifecycle of an application.
Read more »
Vulnerability
Anthropic API Artificial Intelligence Cyber Security Vulnerability

Researchers Reproduce Anthropic-Style AI Vulnerability Findings Using Public Models at Low Cost

 


New research suggests that the ability to discover software vulnerabilities using artificial intelligence is becoming both inexpensive and widely accessible, raising concerns that advanced cyber capabilities may be spreading faster than anticipated.

A study by Vidoc Security demonstrates that vulnerability discovery techniques similar to those highlighted in Anthropic’s recent “Mythos” work can be reproduced using publicly available AI models. By leveraging GPT-5.4 and Claude Opus 4.6 within an open-source framework called opencode, researchers were able to replicate key findings for under $30 per scan, without access to Anthropic’s internal systems or restricted programs.

Anthropic had earlier positioned its Mythos research as highly sensitive, limiting access to a small group of major organizations and prompting concern across policy and financial circles. Reports indicated that senior figures, including Scott Bessent and Jerome Powell, discussed the implications alongside leading financial executives. The term “vulnpocalypse” resurfaced in cybersecurity discussions, reflecting fears of large-scale AI-driven exploitation.

The Vidoc team sought to test whether such capabilities were truly restricted. Using patched vulnerability examples referenced in Anthropic’s public materials, they examined issues affecting a file-sharing protocol, a security-focused operating system’s networking components, widely used video-processing software, and cryptographic libraries used for identity verification online.

Across three independent runs, both models successfully reproduced two of the documented vulnerability cases each time. Claude Opus 4.6 also independently rediscovered a flaw in OpenBSD in all three attempts, while GPT-5.4 failed to identify that specific issue. In other instances, including vulnerabilities tied to FFmpeg and wolfSSL, the systems correctly identified relevant code regions but did not fully determine the root cause.

The methodology closely mirrored workflows described by Anthropic. Instead of relying on a single prompt, the system first analyzed entire codebases, divided them into smaller segments, and ran parallel detection processes. These processes filtered meaningful signals from noise and cross-checked findings across files. Importantly, the selection of code segments was automated through earlier planning steps, rather than manually guided.

Despite these results, the study underlines a clear distinction. Anthropic’s system reportedly went beyond identifying vulnerabilities by constructing detailed exploit pathways, such as chaining code fragments across multiple network packets to achieve full remote control of a system. The public models, while capable of locating weaknesses, did not reach that level of execution.

According to researcher Dawid Moczadło, this indicates a new turn of events in cybersecurity economics. The most resource-intensive part of the process, identifying credible vulnerability signals, is becoming accessible to anyone with standard API access. However, validating those findings and converting them into reliable security insights or exploit strategies remains significantly more complex.

Anthropic itself has acknowledged that traditional benchmarks like Cybench are no longer sufficient to measure modern AI cyber capabilities, noting that its Mythos system exceeded those standards. The company estimated that comparable capabilities could become widespread within six to eighteen months.

The Vidoc findings suggest that, at least for vulnerability discovery, this transition may already be underway. By publishing their methodology, prompts, and results, the researchers highlight how open tools and commercially available models can replicate parts of workflows once considered highly restricted.

For organizations, the implications are instrumental. As AI reduces the cost and effort required to uncover software flaws, defenders may need to adopt continuous monitoring, faster remediation cycles, and deeper behavioral analysis. The challenge is no longer just identifying vulnerabilities, but managing the scale and speed at which they can now be discovered.

Read more »
Fake Calls
AI Phishing Threats bank scams Consumer Protection Cyber Scams Cyber Security Fake Calls

Fake Court Summons And Survey Scams Surge As Regions Bank Warns Of Rising Consumer Fraud Risks

 


Fear remains one of the most powerful tools scammers use, and today’s fraud tactics are evolving to exploit it more effectively than ever. Fake court summons and deceptive online survey scams are now being widely used to trick individuals into revealing sensitive information or making payments. Regions Bank has raised awareness around these threats, emphasizing that such schemes are designed to steal passwords, drain bank accounts, or silently install malware on personal devices. 

One of the more alarming trends involves fraudulent legal notices. Victims may receive messages claiming they missed a court date, failed to pay a toll, or owe a penalty. These alerts often create a sense of urgency, warning of arrest or severe consequences if immediate action is not taken. The goal is to push individuals into reacting quickly without verifying the information. Instead of legitimate resolution channels, these messages direct users to click suspicious links, scan QR codes, or call phone numbers that connect them directly to scammers.  

Although these communications can appear convincing, they often contain clear warning signs. Aggressive or threatening language, demands for immediate payment, and instructions to use unconventional methods such as gift cards or wire transfers are strong indicators of fraud. Genuine legal authorities follow formal processes and provide verifiable documentation, allowing individuals to confirm claims through official sources. Ignoring these red flags can lead to serious financial and data security consequences. Another emerging tactic involves fake CAPTCHA prompts. 

These scams exploit the familiarity of “I’m not a robot” verification tools but introduce unusual instructions, such as pressing specific keyboard shortcuts. What seems like a routine step can actually trigger hidden malicious code, potentially installing malware on the user’s device. Legitimate CAPTCHA systems are simple and never require complex or unexpected actions, making any deviation a likely sign of a scam. Survey scams represent another widespread threat. These schemes lure victims with promises of rewards such as cash, gift cards, or free products. After completing a series of questions, users are told they have “won” and are asked to provide payment details for a small fee. 

In reality, the reward never materializes, and the scammers gain access to valuable financial information. Organizations like the Better Business Bureau have noted a rise in such scams, highlighting unrealistic offers, vague company information, suspicious links, and poor grammar as common warning signs. If individuals encounter these scams, experts recommend deleting the message immediately, avoiding any engagement, and reporting the incident through official platforms such as the Internet Crime Complaint Center. Acting quickly is critical, especially if personal or financial information has already been shared. 

Ultimately, staying vigilant is the most effective defense. Avoid clicking on unknown links, verify information through trusted sources, enable multi-factor authentication, and regularly monitor financial accounts for unusual activity. These scams rely on urgency, fear, and enticing rewards to bypass rational thinking. While tactics continue to evolve, a cautious and informed approach remains the strongest way to protect against fraud in an increasingly digital environment.
Read more »
U.S. Regulators
Anthropic AI Bank of America Claude Mythos Technology U.S. Regulators

Bank of America Bets Big on Risky Anthropic AI

 

Bank of America is aggressively expanding its use of Anthropic's advanced AI technology, even as U.S. regulators issue stark cybersecurity warnings. The bank's commitment highlights a broader trend where nearly 70% of financial institutions integrate AI into operations, prioritizing innovation over potential risks. This move comes amid global concerns about Anthropic's Claude Mythos Preview model, which has detected thousands of high-severity vulnerabilities in major operating systems and browsers. 

In early April 2026, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell urgently met with CEOs from top U.S. banks, including Bank of America, to flag risks from Mythos. Officials warned that deploying the model could expose customer personal data to cyber threats, prompting Anthropic to limit access to a select group of tech and banking experts. World leaders echoed these fears: Bank of England Governor Andrew Bailey called AI a "very serious challenge," while ECB President Christine Lagarde supported restrictions on the technology. 

Anthropic itself has cautioned about the dangers, stating that rapid AI progress could spread powerful vulnerability-detection capabilities to unsafe actors, with severe fallout for economies and national security. Despite this, banks like JPMorgan, Goldman Sachs, Citigroup, and Bank of America are testing Mythos to bolster their own defenses. Canadian regulators and European counterparts have also raised alarms, underscoring the technology's global implications. 

Bank of America leads in AI adoption, with over 90% of its 200,000+ employees using the tools daily and a client-facing AI assistant logging three billion interactions in 2025 alone. Backed by a $13.5 billion tech budget—including $4 billion for AI initiatives—the bank focuses on end-to-end process transformation to boost revenue, client experience, and efficiency. Recent rollouts include an AI tool for financial advisors to identify prospects and summarize meetings. 

Bank of America's CTO Hari Gopalkrishnan emphasized balancing scale with governance at the Semafor World Economy 2026 summit, noting, "If you overdo it, you stall innovation. If you underdo it, you introduce a lot of risk." The strategy shifts from small proofs-of-concept to large-scale applications, aiming for measurable ROI while navigating regulatory scrutiny. As AI reshapes banking, Bank of America's bold push tests the fine line between opportunity and peril.
Read more »
Windows security bypass
hidden virtual machines attack Linux VM hacking malware QEMU Windows security bypass

Hackers Use Hidden QEMU Linux VMs to Evade Windows Security and Launch Stealth Attacks

 

Cybersecurity experts have uncovered a stealthy tactic where attackers bypass Windows defenses by running concealed Linux virtual machines using QEMU. Researchers warn that these hidden environments allow threat actors to maintain persistent access, steal sensitive data, and even deploy ransomware.

Earlier findings highlighted how Russian-linked groups exploited Microsoft Hyper-V to install covert Linux virtual machines on targeted systems. However, because enterprise environments typically restrict or closely monitor Hyper-V, attackers have shifted to less scrutinized alternatives.

Security firm Sophos reports active misuse of QEMU, which enables attackers to operate a full Linux system within a Windows host. Activities carried out inside these virtual machines are largely undetectable by endpoint protection tools such as Windows Defender.

“Rather than deploying a pre-built toolkit, the attackers manually install and compile their full attack suite within the VM, including Impacket, KrbRelayx, Coercer, BloodHound.py, NetExec, Kerbrute, Metasploit, and supporting libraries for Python, Rust, Ruby, and C++,” Sophos said in a report detailing active exploitation campaigns.

Attackers frequently rely on Alpine Linux, particularly version 3.22.0, due to its minimal size and low resource consumption. This allows the malicious VM to operate with almost no visible impact on the host system.

Once their objectives are achieved, attackers can simply shut down the VM, erase its image, and disappear without leaving significant traces.

“Attackers are drawn to QEMU and more common hypervisor-based virtualization tools like Hyper-V, VirtualBox, and VMware,” Sophos researchers said.

“Malicious activity within a virtual machine (VM) is essentially invisible to endpoint security controls and leaves little forensic evidence on the host itself.”

One group leveraging this technique is linked to the PayoutsKing ransomware campaign and tracked as STAC4713. In observed cases, attackers used QEMU to establish covert reverse SSH backdoors, enabling them to deploy additional malicious payloads.

Even though a basic QEMU setup can run without administrative privileges, attackers often escalate access by launching VMs under a SYSTEM account via scheduled tasks. They disguise virtual disk files as innocuous items like “vault.db” and later shift to obscure DLL filenames such as “birsv.dll.”

Through these hidden VMs, attackers create reverse SSH tunnels to remote servers, granting full control over compromised systems. They also exploit built-in Windows applications like Paint, Notepad, and Edge to explore network shares and access files.

Another threat actor, identified as STAC3725, deployed a QEMU-based VM in February to conduct credential harvesting and system reconnaissance. This setup enabled activities such as Kerberos enumeration, Active Directory mapping, and even running FTP servers for staging malware or exfiltrating data.

“The abuse of QEMU represents a growing evasion trend where threat actors leverage legitimate virtualization software to conceal malicious actions from endpoint protection agents and audit logs,” Sophos warns.

“A hidden VM with a pre-loaded or compiled attack toolkit can enable a threat actor to have long-term access to a network, providing the ability to deploy malware, harvest credentials, and move laterally without leaving evidence on the host itself.”

To mitigate such risks, researchers advise IT teams to regularly audit systems for unexpected QEMU installations and suspicious scheduled tasks, especially those running under SYSTEM-level privileges. Indicators of compromise may include unusual SSH port forwarding (particularly port 22), outbound SSH connections from uncommon ports, and virtual disk files with atypical extensions such as .db, .dll, or .qcow2.
Read more »
Subscribe to: Posts (Atom)

Featured