Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Security Flaw Exposes Personal Data on Somalia’s E-Visa System Weeks After Major Breach

  A recently uncovered weakness in Somalia’s electronic visa system has triggered fresh alarm over the protection of travelers’ personal in...

All the recent news you need to know
Password Security
Compromised Passwords Cyber Security Cyberattacks CyberCrime Data Theft FBI FBI Alert Password Security

FBI Discovers 630 Million Stolen Passwords in Major Cybercrime Investigation

 

A newly disclosed trove of stolen credentials has underscored the scale of modern cybercrime after U.S. federal investigators uncovered hundreds of millions of compromised passwords on devices seized from a single suspected hacker. The dataset, comprising approximately 630 million passwords, has now been integrated into the widely used Have I Been Pwned (HIBP) database, significantly expanding its ability to warn users about exposed credentials. 

The passwords were provided to HIBP by the Federal Bureau of Investigation as part of ongoing cybercrime investigations. According to Troy Hunt, the security researcher behind the service, this latest contribution is particularly striking because it originates from one individual rather than a large breach aggregation. While the FBI has shared compromised credentials with HIBP for several years, the sheer volume associated with this case highlights how centralized and extensive credential theft operations have become. 

Initial analysis suggests the data was collected from a mixture of underground sources, including dark web marketplaces, messaging platforms such as Telegram, and large-scale infostealer malware campaigns. Not all of the passwords were previously unknown, but a meaningful portion had never appeared in public breach repositories. Roughly 7.4% of the dataset represents newly identified compromised passwords, amounting to tens of millions of credentials that were previously undetectable by users relying on breach-monitoring tools. 

Security experts warn that even recycled or older passwords remain highly valuable to attackers. Stolen credentials are frequently reused in credential-stuffing attacks, where automated tools attempt the same password across multiple platforms. Because many users continue to reuse passwords, a single exposed credential can provide access to multiple accounts, amplifying the potential impact of historical data leaks. 

The expanded dataset is now searchable through the Pwned Passwords service, which allows users to check whether a password has appeared in known breach collections. The system is designed to preserve privacy by hashing submitted passwords and ensuring no personally identifiable information is stored or associated with search results. This enables individuals and organizations to proactively block compromised passwords without exposing sensitive data. 

The discovery has renewed calls for stronger credential hygiene across both consumer and enterprise environments. Cybersecurity professionals consistently emphasize that password reuse and weak password creation remain among the most common contributors to account compromise. Password managers are widely recommended as an effective countermeasure, as they allow users to generate and store long, unique passwords for every service without relying on memory. 

In addition to password managers, broader adoption of passkeys and multi-factor authentication is increasingly viewed as essential. These technologies significantly reduce reliance on static passwords and make stolen credential databases far less useful to attackers. Many platforms now support these features, yet adoption remains inconsistent. 

As law enforcement continues to uncover massive credential repositories during cybercrime investigations, experts caution that similar discoveries are likely in the future. Each new dataset reinforces the importance of assuming passwords will eventually be exposed and building defenses accordingly. Regular password audits, automated breach detection, and layered authentication controls are now considered baseline requirements for maintaining digital security.
Read more »
Vibe Crime
agentic AI AI threats Cyber Security Cybercrime Automation Trend Micro Vibe Crime

Trend Micro Warns: 'Vibe Crime' Ushers in Agentic AI-Driven Cybercrime Era

 

Trend Micro, a cybersecurity firm, has sounded the alarm over what it calls the rise of "vibe crime": fully automated cybercriminal operations powered by agentic AI, which marks a fundamental turn away from traditional ransomware and phishing campaigns. The report from the company forecasts a massive increase in attack volume as criminals take advantage of autonomous AI agents to perform continuous, large-scale operations. 

From service to servant model 

The criminal ecosystem is evolving from "Cybercrime as a Service" to "Cybercrime as a Servant," where chained AI agents and autonomous orchestration layers manage end-to-end criminal enterprises. Robert McArdle, director of forward-looking threat research at Trend Micro, stressed that the real risk does not come from sudden explosive growth but rather from the gradual automation of attacks that previously required a lot of skill, time, and effort.

"We will see an optimization of today's leading attacks, the amplification of attacks that previously had poor ROI, and the emergence of brand new 'Black Swan' cybercrime business models," McArdle stated. 

Researchers expect enterprise cloud and AI infrastructure to be increasingly targeted in the future, as criminals use these platforms as sources of scalable computing power, AI, storage, and potentially valuable data to run their agentic infrastructures. This transformation is supposed to bring with it new, previously unthinkable types of attacks as well as shake up the entire criminal ecosystem, introducing new revenue streams and business models.

Industry-wide alarm bells 

Trend Micro's alert echoes other warnings about an “agentic” AI threat in cyberspace. Anthropic acknowledged that its AI tools had been “weaponized” by hackers in September, criminals employed Claude Code to automate reconnaissance, gather credentials, and breach networks at 17 organizations in the fields of healthcare, emergency services, and government.

In a similar vein, the 2025 State of Malware report from Malwarebytes warned that agentic AI would “continue to dramatically change cyber criminal tactics” and accelerate development of even more dangerous malware. The researchers further stressed that defensive platforms must deploy their own autonomous agents and orchestrators to counter this evolution or face being overwhelmed. Organizations need to reassess security strategies immediately and invest in AI-driven defense before criminals industrialize their AI capabilities, or risk falling behind in an exponential arms race.
Read more »
UK Critical Infrastructure
Clop Ransomware Cybersecurity Dark Web Leak Data Breach Healthcare Cyber Attack Oracle Security Risks Ransomware attack Software Vulnerability UK Critical Infrastructure

Russian Hackers Obtain Sensitive NHS Documents from UK Royal Properties

 


In a recent cyberattack, a ransomware group affiliated with Russia infiltrated the NHS computer system and retrieved hundreds of thousands of highly sensitive medical records, including those associated with members of the royal family, triggering alarms in several parts of the United Kingdom.

A breach, which was first revealed by The Mail on Sunday, revealed that over 169,000 confidential medical documents, some of which contained high-profile patient information, were published on dark-web forums following a software vulnerability within NHS clinical infrastructure that was exploited. 

A number of sources indicated that the attackers took advantage of a software bug in healthcare software and were able to use ransomware and steal classified patient information from networks connected to several royal residences, including Buckingham Palace, Windsor Castle, Sandringham, and Clarence House, which serves as the official home of the King. 

It's important to note that the incident has raised concerns regarding national digital security, patient confidentiality and the ability of critical healthcare systems to withstand state-aligned cybercriminal activities as well as one of the most significant exposures of protected medical data in recent years. 

There has been increasing scrutiny of the NHS following the breach, as 169,000 confidential healthcare records have been discovered on dark web platforms after attackers exploited a software fault in the systems used within the national health network to conduct the intrusion. 

Additionally, reports indicated that the same group had accessed medical files stored in digital environments connected with several royal properties, including Buckingham Palace, Windsor Castle, Sandringham Estate, and Clarence House. This has led to increased concerns regarding how Royal Household records are safeguarded.

There has been no confirmation from the Royal Family as to who had sought treatment or what type of treatment they received, but it is understood that the leaked materials contain information relating to King Charles' ongoing cancer treatment, emphasizing the sensitivity of this issue. 

Cyber security experts had previously cautioned about the vulnerable software that had been compromised in October of last year, to the effect that Russian-aligned cyber operations were not just plausible, but also "highly likely," a risk that has now been confirmed by independent researchers. 

Following subsequent investigations by Google's security division and the GB News, it was determined that a hacking group referred to as Clop had earlier contacted senior executives across numerous organizations requesting money in exchange for withholding stolen data, and that they had asked for payment. It was ultimately not possible to prevent publication of the documents, which later became available online. 

Currently, it is widely recognized that the breach was part of a larger scheme of exploitation which impacted the BBC, as well as several Premier League football clubs, in addition to the breach. As a result, Barts NHS Health Trust has commenced legal action to prevent any further dissemination of this material, and authorities continue to investigate the full extent of the breach and its consequences. In addition to reviving concerns about the security of enterprise software embedded within critical UK institutions, the breach has also renewed earlier concerns about enterprise software security. 

The NHS, as well as the HM Treasury, both rely on Oracle platforms for their core functions in the areas of financial administration, human-resource workflows, payroll, and personnel management. It was reported by security analysts in October that several exploitable weaknesses in the software environment presented an attractive entry point for Russian-linked threat groups as well as a high probability of targeted exploitation occurring without immediate remediation if the flaws were not fixed. 

There was more evidence later to support the warnings that Google had issued on a ransomware collective known as Clop, which had distributed direct email communication to executives across a wide variety of organizations, claiming that sensitive information from their networks had been extracted by the ransomware collective. Google's threat-intelligence division reported that those reports had been strengthened by independent security research. 

It has been noted that in previous mass intrusions, the group was attempting to extort money in exchange for nondisclosure, a tactic similar to high-pressure extortion campaigns that were observed before. The subsequent leak has intensified debate over third-party software risk, supply-chain security, and the greater challenge of protecting a nation's infrastructure that is heavily reliant on widely used commercial platforms even though authorities did not confirm the alerts at that time. There are reports that health records have been compromised to the point of compromise. 

The disclosure of these health records arises during a particularly sensitive time for the monarchy. This follows King Charles's recent public health update indicating gradual progress in his ongoing cancer treatment. It was during a conversation with Channel 4's Stand Up To Cancer campaign, a joint campaign with Cancer Research UK, that the monarch, who had been diagnosed with an unknown form of cancer in February of last year and had first announced his condition publicly in January of this year, gave the monarch hope that, in the near future, his treatment schedule may be relaxed. 

As the King announced at Buckingham Palace this month, he expects his medical interventions to be reduced from beginning next year onwards, which is considered a cautiously optimistic development in his medical treatment. It was during the campaign that the King referred to the structure, regularity, and regularity of his treatment routine, revealing a very intimate insight into an aspect of the Royal Household which, until now, has remained virtually secret. 

It was intended that the update would raise awareness of cancer research and encourage national participation, but because of its timing, the update has inadvertently coincided with renewed concerns about the security of royal medical records. As a result, there has been an increased public debate about privacy, digital security, and the vulnerability of high-sensitivity health records connected to national figures, intensifying. 

It has been reported that public engagement in cancer awareness initiatives has surged in recent weeks following the King's televised appeal, and Cancer Research UK has reported that the number of people visiting its new Cancer Screening Checker has increased drastically. This service was introduced by the charity on 5 December to provide a straightforward way for consumers to compare cancer screening options available through the National Health Service and the Public Health Agency in Northern Ireland, along with personalised advice on eligibility for specific screening categories, and to provide them with the information that they need. 

In total, more than 100,000 people have used the tool to date, many of whom have done so as a result of King Charles sharing a video message on Friday in which he spoke candidly about his own cancer treatment journey on Channel 4’s Stand Up To Cancer programme. According to Michelle Mitchell, Chief Executive of Cancer Research UK, the King’s openness sparked unprecedented public interest, and this led to an unprecedented increase in public interest.

A major part of her argument was that most visits to the checker were made after the monarch discussed his diagnosis and routine care, when national attention was focused on early detection and screening. As a result of the rapid uptake of the service, it is evident that the public is becoming increasingly willing to seek verified health information, as well as the effect high-profile advocacy has on increasing participation in preventive healthcare services.

With the incident, it has become increasingly important for national institutions to balance digital innovation with defensive readiness, particularly when core public services are delivered through commercial infrastructure that is shared among them. In addition to immediate containment, cybersecurity advisors emphasize that maintaining sustained vigilance, releasing vulnerabilities and accelerating software patch cycles are imperative for critical sectors like healthcare, finance, and public administration as well. 

According to security experts, organizations should move towards layered security frameworks that combine encrypted records segmentation, zero-trust access policies, and continual simulations of ransomware attacks to mitigate both the likelihood and impact of future intrusions. The breach emphasizes that cyber literacy at the leadership level is urgently needed in order to assist executives in recognizing extortion tactics before their negotiations reach crisis point. This will help executive managers identify extortion tactics as soon as possible during negotiations. 

After this incident, there is a renewed awareness among the people about the fragility of personal data once it reaches the outside world. This emphasizes the importance of engaging with only reliable health platforms and exercising caution when dealing with unsolicited communications. 

A study is still in progress, but analysts note that the outcome of this breach might influence the way in which a stronger regulatory push is made to ensure software supply chain accountability and real-time threat intelligence sharing across UK institutions. Those lessons that can be drawn from this compromise will ultimately strengthen both policy and practice in an era of persistent, borderless cyber threats, reshaping the country's ability to protect its most sensitive digital assets.
Read more »
money mules
Bank Accounts Cyber Fraud Financial Fraud Money Laundering money mules

Why Banks Must Proactively Detect Money Mule Activity



Financial institutions are under increasing pressure to strengthen their response to money mule activity, a growing form of financial crime that enables fraud and money laundering. Money mules are bank account holders who move illegally obtained funds on behalf of criminals, either knowingly or unknowingly. These activities allow criminals to disguise the origin of stolen money and reintroduce it into the legitimate financial system.

Recent regulatory reviews and industry findings stress upon the scale of the problem. Hundreds of thousands of bank accounts linked to mule activity have been closed in recent years, yet only a fraction are formally reported to shared fraud databases. High evidentiary thresholds mean many suspicious cases go undocumented, allowing criminal networks to continue operating across institutions without early disruption.

At the same time, banks are increasingly relying on advanced technologies to address the issue. Machine learning systems are now being used to analyze customer behavior and transaction patterns, enabling institutions to flag large volumes of suspected mule accounts. This has become especially important as real-time and instant payment methods gain widespread adoption, leaving little time to react once funds have been transferred.

Money mules are often recruited through deceptive tactics. Criminals frequently use social media platforms to promote offers of quick and easy money, targeting individuals willing to participate knowingly. Others are drawn in through scams such as fake job listings or romance fraud, where victims are manipulated into moving money without understanding its illegal origin. This wide range of intent makes detection far more complex than traditional fraud cases.

To improve identification, fraud teams categorize mule behavior into five distinct profiles.

The first group includes individuals who intentionally commit fraud. These users open accounts with the clear purpose of laundering money and often rely on stolen or fabricated identities to avoid detection. Identifying them requires strong screening during account creation and close monitoring of early account behavior.

Another group consists of people who sell access to their bank accounts. These users may not move funds themselves, but they allow criminals to take control of their accounts. Because these accounts often have a history of normal use, detection depends on spotting sudden changes such as unfamiliar devices, new users, or altered behavior patterns. External intelligence sources can also support identification.

Some mules act as willing intermediaries, knowingly transferring illegal funds for personal gain. These individuals continue everyday banking activities alongside fraudulent transactions, making them harder to detect. Indicators include unusual transaction speed, abnormal payment destinations, and increased use of peer-to-peer payment services.

There are also mules who unknowingly facilitate fraud. These individuals believe they are handling legitimate payments, such as proceeds from online sales or temporary work. Detecting such cases requires careful analysis of transaction context, payment origins, and inconsistencies with the customer’s normal activity.

The final category includes victims whose accounts are exploited through account takeover. In these cases, fraudsters gain access and use the account as a laundering channel. Sudden deviations in login behavior, device usage, or transaction patterns are critical warning signs.

To reduce financial crime effectively, banks must monitor accounts continuously from the moment they are opened. Attempting to trace funds after they have moved through multiple institutions is costly and rarely successful. Cross-industry information sharing also remains essential to disrupting mule networks early and preventing widespread harm. 

Read more »
Personal Data
Cyber Scams Data Breach Data Leak data security Data Stealer data stealing Infostealer Malware Malwares Personal Data

AuraStealer Malware Uses Scam Yourself Tactics to Steal Sensitive Data

 

A recent investigation by Gen Digital’s Gen Threat Labs has brought attention to AuraStealer, a newly emerging malware-as-a-service offering that has begun circulating widely across underground cybercrime communities. First observed in mid-2025, the malware is being promoted as a powerful data-stealing tool capable of compromising a broad range of Windows operating systems. Despite its growing visibility, researchers caution that AuraStealer’s technical sophistication does not always match the claims made by its developers. 

Unlike conventional malware campaigns that rely on covert infection techniques such as malicious email attachments or exploit kits, AuraStealer employs a strategy that places users at the center of their own compromise. This approach, described as “scam-yourself,” relies heavily on social engineering rather than stealth delivery. Threat actors distribute convincing video content on popular social platforms, particularly TikTok, presenting the malware execution process as a legitimate software activation tutorial. 

These videos typically promise free access to paid software products. Viewers are guided through step-by-step instructions that require them to open an administrative PowerShell window and manually enter commands shown on screen. Instead of activating software, the commands quietly retrieve and execute AuraStealer, granting attackers access to the victim’s system without triggering traditional download-based defenses. 

From an analysis perspective, AuraStealer incorporates multiple layers of obfuscation designed to complicate both manual and automated inspection. The malware disrupts straightforward code execution paths by dynamically calculating control flow at runtime, preventing analysts from easily tracing its behavior. It also leverages exception-based execution techniques, intentionally generating system errors that are intercepted by custom handlers to perform malicious actions. These tactics are intended to confuse security sandboxes and delay detection. 

Functionally, AuraStealer targets a wide range of sensitive information. Researchers report that it is designed to harvest data from more than a hundred web browsers and dozens of desktop applications. Its focus includes credentials stored in both Chromium- and Gecko-based browsers, as well as data associated with cryptocurrency wallets maintained through browser extensions and standalone software. 

One of the more concerning aspects of the malware is its attempt to circumvent modern browser protections such as Application-Bound Encryption. The malware tries to launch browser processes in a suspended state and inject code capable of extracting encryption keys. However, researchers observed that this technique is inconsistently implemented and fails across multiple environments, suggesting that the malware remains technically immature. 

Despite being sold through subscription-based pricing that can reach several hundred dollars per month, AuraStealer contains notable weaknesses. Analysts found that its aggressive obfuscation introduces detectable patterns and that coding errors undermine its ability to remain stealthy. These shortcomings provide defenders with opportunities to identify and block infections before significant damage occurs. 

While AuraStealer is actively evolving and backed by ongoing development, its emergence highlights a broader trend toward manipulation-driven cybercrime. Security professionals continue to emphasize that any online tutorial instructing users to paste commands into a system terminal in exchange for free software should be treated as a significant warning sign.
Read more »
WebKit Exploit
Android Update Dangerous December iPhone Patch Vulnerabilities and Exploits WebKit Exploit

Dangerous December: Urgent Update Warning for All Android and iPhone Users

 

An emergent surge of urgent security advisories has permeated the tech sector in December, with both Google and Apple warning Android and iPhone users of critical vulnerabilities being actively exploited in the wild. Termed "Dangerous December," this time period marks a significant ramping up of the threat landscape for mobile users, as both companies have issued emergency patches to remediate vulnerabilities capable of enabling attacker control of devices through specially crafted web content or malicious image files. 

Google kicked off the month by confirming that Android devices are currently at risk due to two critical vulnerabilities being actively exploited. The company issued a rapid emergency patch for all Chrome users, so fast it was delivered before it even received an official CVE designation. The vulnerability is currently known as CVE-2025-14174 and is considered actively exploited; Google urges users to update now to avoid being compromised. 

Apple subsequently released emergency updates for iPhones, iPads, and other Apple devices to address two vulnerabilities, including CVE-2025-14174 and another identified as CVE-5-29. Both vulnerabilities are associated with the WebKit browser engine, which supports Safari and other browsers on iOS devices. Security specialists further note that browser engines have become one of the main targets for attackers, which correspondingly raises user exposure if updates are not applied in a timely manner. 

The U.S. Cybersecurity and Infrastructure Security Agency has issued a directive of its own, requiring federal employees to update Chrome and all Chromium-based browsers by January 2, or stop using them. For Apple devices, the deadline is January 5. CISA cautions that these vulnerabilities might allow remote attackers to perform out-of-bounds memory access, which may allow the attacker to take control of an affected device. 

While the attacks so far have been targeted, researchers warn that these exploits will soon become ubiquitous, which makes the need for immediate updates across all users paramount. In light of this, users of Android or iPhone devices, or any Chromium-based browser, should update their software right away to protect data and privacy. The threat is real, and any delay may expose people to sophisticated spyware and hacking attacks.
Read more »
Subscribe to: Comments (Atom)

Featured