Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Foxconn Cyberattack Exposes Alleged Intel, Apple, Nvidia and Google Project Data

  A wave of digital intrusion lately hit Foxconn, causing interruptions across certain segments of its North American facilities when the Ni...

All the recent news you need to know
zero-day vulnerability
AI-generated exploit Artificial Intelligence Cybersecurity Google Threat Intelligence Group Technology zero-day vulnerability

Google Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool

 

Researchers from Google Threat Intelligence Group (GTIG) have revealed that a recently identified zero-day exploit aimed at a widely used open-source web administration platform was likely created with the help of artificial intelligence.

The vulnerability, which targeted the platform’s two-factor authentication (2FA) mechanism, could have allowed attackers to bypass critical security protections. While the software involved has not been publicly identified, researchers confirmed that the attack was stopped before it reached large-scale exploitation.

According to GTIG, analysis of the Python-based exploit strongly indicates the involvement of AI tools during the vulnerability discovery and weaponization process. The team noted that the coding style, educational explanations within the script, and even fabricated technical details closely resembled outputs commonly produced by large language models (LLMs).

“For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data,” GTIG says in a report today.

Researchers also stated that the flaw itself appeared to be a semantic logic issue — an area where AI systems tend to perform effectively — rather than traditional vulnerabilities like memory corruption or poor input sanitization that are usually identified through fuzzing or static analysis techniques.

Google informed the affected software developer about the issue, allowing security measures to be implemented quickly and the attack to be disrupted before wider abuse occurred.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.

The report additionally highlights the increasing role of AI in cybercrime operations. Google observed threat groups linked to China and North Korea — including APT27, APT45, UNC2814, UNC5673, and UNC6201 — using AI systems for exploit development and vulnerability research.

Meanwhile, Russia-associated threat actors were reportedly using AI-generated decoy code to conceal malware strains such as CANFAIL and LONGSTREAM. Google also referenced a Russian campaign known as “Overload,” where AI voice cloning technology was allegedly used to imitate journalists in fabricated videos spreading anti-Ukraine narratives.

The report further examined the Android malware PromptSpy, previously documented by ESET, for its integration with Gemini APIs to automate interactions on infected devices.

Investigators identified an autonomous component called "GeminiAutomationAgent," which reportedly relies on a hardcoded prompt to help the malware evade AI safety mechanisms. Researchers explained that the prompt assigns the malware a harmless persona, enabling it to calculate interface geometry and interact with device functions more effectively.

Google researchers also warned that the malware appears capable of replaying authentication methods, including PINs and lock patterns, using AI-assisted techniques.

The company concluded that cybercriminals are increasingly scaling access to premium AI services through methods such as automated account generation, proxy relay systems, and shared account infrastructures.
Read more »
WhatsApp Payments
Bengaluru Startup Delayed Payments Fintech Solution Technology WhatsApp Payments

WhatsApp-Based Bengaluru Start-up Aims to Reduce Delayed Payment Woes

 

Delayed payments are a quiet but serious problem for small businesses, freelancers, tutors, and service providers, because the work may be complete while the money still remains stuck in follow-up cycles. In Bengaluru, a start-up called Lenda is trying to address that friction with a WhatsApp-first tool that automates reminders, supports negotiation, and helps users recover dues without creating awkward back-and-forth. 

The issue is not only financial but also practical, since chasing payments consumes time and can damage relationships between clients and providers. Many people already rely on WhatsApp for everyday communication, so the start-up is using that familiarity to make payment collection feel less like a formal recovery process and more like a normal conversation. 

Lenda’s approach is built around interactive messages instead of one-way reminders, which means a borrower can respond directly inside WhatsApp. The system lets recipients confirm payment, ask for extra time, raise a dispute, or even make a partial payment, which makes the process more flexible than a standard SMS reminder. That interaction matters because delayed payments often happen not just from unwillingness to pay, but also from timing problems, confusion, or simple forgetfulness. 

The start-up also tries to solve a structural problem for small operators such as teachers, class coordinators, and freelancers who collect money from many people at once. Its batch-reminder feature allows users to organize groups and send collective follow-ups, which reduces repetitive manual work and makes collections easier to manage. Lenda also includes late-fee options and a repayment score, aiming to encourage timely payment while giving businesses more control over overdue accounts. 

What makes the issue important is that delayed payments can disrupt cash flow, especially for small businesses that depend on regular incoming money to pay expenses and plan operations. By offering a “no-app” solution inside WhatsApp, Lenda is betting that the biggest barrier is not a lack of reminders, but the inconvenience and discomfort of asking for money repeatedly. That is why this Bengaluru start-up’s idea is less about messaging and more about fixing a common payment problem in a simpler, more human way.
Read more »
Secure Messaging
Apple Privacy Apple Security Encrypted RCS End To End Encryption iOS 26.5 iPhone Security Mobile Cyber Security RCS Protocol Secure Messaging

iOS 26.5 Introduces Private RCS Messaging and Core Feature Improvements


 

By introducing end-to-end encrypted RCS messaging between iPhone and Android devices for the first time, Apple has taken another step towards unifying secure cross-platform communication. 

In the update, Apple's messaging architecture has been significantly altered, extending advanced encryption protections beyond its proprietary ecosystem and into carriers' Rich Communication Services networks. This feature is currently being tested across major US networks and enables encrypted message exchange through the most recent version of Google Messages for Android, as well as Apple's native messaging experience, which is enhanced with visual encryption indicators and automatic activation mechanisms. 

RCS encrypted messages are currently available through a phased beta rollout to iPhone users running iOS 26.5 across supported carrier networks. Android compatibility is dependent on the latest version of Google Messages. It has been confirmed that encryption will be activated by default and gradually extended to both newly initiated and existing RCS conversations, eliminating the need for users to configure encryption manually.

Supported chats are now equipped with a dedicated lock icon that acts as a real-time confirmation layer, making sure messages are not readable while in transit between devices. Apple reiterated its commitment to privacy as its first priority, stating that iMessage remains fully encrypted within its native ecosystem, while the expansion of encrypted RCS provides an additional layer of security for cross-platform communication. 

According to industry analysts, the move is more of a strategic extension of Apple's broader device security framework than simply a messaging upgrade. According to Faisal Kawoosa, Founder and Chief Analyst at Techarc, the latest update enhances security assurances for Apple users outside of the iOS ecosystem, despite the fact that third-party messaging platforms will continue to be relevant.

With iOS 26.5, multiple system-level vulnerabilities are addressed, including issues relating to malicious media files and crafted text messages, causing application crashes, interface freezing, and potential denial-of-service exploitation scenarios before. 

Along with messaging overhaul, iOS 26.5 incorporates stability and security fixes. Modernizing the functionality of RCS itself, the update also brings advanced messaging capabilities, including high-resolution media transfer, typing indicators, read acknowledgement, reactions, and collaborative group chats across multiple devices. 

 Additionally, iOS 26.5 introduces a series of ecosystem refinements for personalization, subscription flexibility, and contextual user experiences in addition to its security-focused messaging upgrades. Apple has released an animated vertical light band wallpaper collection entitled Pride Luminance in honor of Pride Month, which shifts subtly as the device is unlocked, highlighting the importance of awareness of Pride Month. 

Apple continues to integrate adaptive visual design into iOS with its newest features, allowing users to customize wallpaper based on 11 predefined colour combinations or to create their own palette configurations. In addition to expanding subscription controls in the App Store, developers may also now offer monthly payment structures for discounted annual plans, a move that is intended to reduce upfront costs for long-term subscriptions while maintaining yearly commitments. 

The revised billing framework will require users who subscribe to annual packages through monthly payments to complete the payment cycle, regardless of whether the subscription is cancelled prior to the expiration date. Along with these additions, Apple has been continuing to expand its RCS rollout. Even though Rich Communication Services support was introduced with iOS 18 in 2024, it did not initially offer end-to-end encryption support, despite offering advanced messaging features such as high-resolution media sharing, typing indicators, read receipts, and advanced group chat features. 

In response to the integration of E2EE standards in the RCS specification by the GSMA last year, Apple has begun testing encrypted RCS support through the iOS 26 beta cycle and is preparing for a wider stable rollout. The availability of RCS support on iPhones continues to vary according to the network provider, because RCS functionality remains dependent on carrier-level implementation. 

Through the Messages settings panel, eligible users can manage the feature, displaying dedicated visual verification indicators, such as lock icons and encrypted session labels, in encrypted RCS chats. Aside from the refinement of core applications within Apple's release cycle, other core applications are being refined as well, including Maps updates that incorporate recommendations based on nearby trends and recent search behaviour, demonstrating the company's growing emphasis on contextually relevant software. 

Apple's iOS 26.5 not only extends feature parity between platforms but also reinforces its broader strategy to embed privacy and resilience deeper into everyday digital communication. By implementing end-to-end encryption for RCS conversations and simultaneously addressing media-handling vulnerabilities at the system level, the company is strengthening security controls around one of the most widely targeted layers of the mobile ecosystem. 

It reflects the growing industry trend towards interoperable, yet encrypted communication standards, where usability enhancements will increasingly coexist with enterprise-grade security protections and real-time threat mitigation.
Read more »
Phishing
2FA Cyber Attacks MFA Microsoft password Phishing

Microsoft Warns Passwords and SMS-Based 2FA Are No Longer Enough Against Modern Cyberattacks






Microsoft is intensifying its push toward passwordless security, warning that traditional passwords and older forms of two-factor authentication are becoming increasingly ineffective against modern phishing attacks powered by artificial intelligence.

In a statement released during World Passkey Day, Microsoft said the cybersecurity industry must reduce dependence on passwords and other “phishable” login methods by accelerating the adoption of passkeys. 

For years, technology companies encouraged users to strengthen account security by enabling two-factor authentication (2FA) or multi-factor authentication (MFA). Microsoft itself previously stated that MFA could block more than 99% of password-based attacks. However, cybercriminals have steadily adapted their tactics, particularly targeting SMS-based authentication systems through phishing pages, SIM-swapping schemes, session hijacking, and social engineering attacks.

The company now argues that passwords, even when paired with weak MFA methods like text-message verification codes, continue to leave accounts vulnerable. Microsoft described these older protections as “legacy” authentication methods that can still become entry points for attackers. 

Instead, Microsoft is promoting passkeys, which rely on cryptographic authentication rather than memorized passwords. A passkey stores a private digital key directly on a user’s device and only works on the legitimate website or application where it was created. Access is then confirmed through biometric verification, such as fingerprints or facial recognition, or through a device PIN. 

Security experts say this approach makes phishing significantly harder because passkeys cannot be reused on fake websites designed to imitate legitimate login pages. Unlike passwords or SMS codes, the authentication process is tied directly to the original domain. 

Microsoft also stressed that enabling passkeys alone is not enough if passwords and fallback authentication methods remain active on accounts. According to the company, weak backup options can still be exploited even after stronger protections are introduced. Microsoft has therefore continued removing older authentication systems across its ecosystem, including plans to eliminate security questions from password reset flows beginning in 2027. 

The urgency surrounding this transition has increased alongside the rapid growth of AI-generated phishing campaigns. Microsoft cited internal findings showing that AI-assisted phishing operations can achieve click-through rates as high as 54%, meaning more than half of targeted users may interact with malicious messages. 

Industry-wide adoption of passkeys is also accelerating. The FIDO Alliance estimates that more than five billion passkeys are already in use globally. Microsoft said hundreds of millions of users now sign into services such as OneDrive, Xbox, and Copilot using passkeys every day. 

Internally, Microsoft claims that over 99% of users within its environment now have access to phishing-resistant authentication methods. The company added that account recovery systems remain a critical security challenge because attackers increasingly target recovery processes instead of direct logins. 

Researchers and government agencies are broadly supporting the move toward passwordless security. The United Kingdom’s National Cyber Security Centre recently encouraged organizations and consumers to adopt passkeys, citing growing risks from AI-driven phishing and phishing-as-a-service platforms. 

Still, cybersecurity researchers caution that passkeys are not completely immune to attack. Recent academic research examining FIDO2 authentication methods found that while passkeys substantially raise the difficulty for attackers, sophisticated compromise techniques involving infected devices, session theft, or manipulated browser environments may still pose risks under certain conditions. 

Microsoft maintains that removing passwords and other phishable credentials remains essential as AI systems increasingly act on behalf of users across enterprise environments. If a single digital identity is compromised, attackers could potentially exploit connected AI agents to access systems, trigger workflows, and operate with existing permissions at machine speed. 

Read more »
Malware Attack
Cyber Attacks Cyber Breaches Cyber websites data security Fake Windows Linux Linux Malware Malware Attack

JDownloader Website Breach Spreads Malware Through Fake Windows and Linux Installers

 

In early May 2026, the official website for JDownloader was compromised, causing users to unknowingly download infected installers instead of legitimate software. During the two-day breach window, attackers replaced Windows and Linux setup files with malicious versions carrying hidden malware. Researchers later discovered that the Windows payload deployed a stealthy Python-based remote access trojan capable of giving attackers control over infected systems. 

Because the files appeared authentic and came directly from a trusted source, many users installed them without suspicion. JDownloader remains one of the most widely used download automation tools, supporting downloads from hosting services, streaming sites, and premium file-sharing platforms across Windows, Linux, and macOS. Its long-standing reputation and large user base made the attack especially dangerous, as users naturally trusted downloads from the official website. 

The issue first gained attention after a Reddit user reported Microsoft Defender warnings while downloading updated installers from the JDownloader website. The files showed suspicious digital signatures linked to unknown names like “Zipline LLC” and “The Water Team” instead of AppWork GmbH, the legitimate developer. Community concern quickly spread online, prompting the development team to investigate. 

Soon after, JDownloader confirmed that attackers had exploited an unpatched flaw in the site’s content management system to modify download links and redirect users toward malicious third-party installers. Developers stated that the compromise was limited to public-facing web content and did not extend to deeper server infrastructure or operating system-level access. The team later clarified that only the Windows “Alternative Installer” downloads and Linux shell installer links were affected. 

Other distribution channels, including macOS packages, Flatpak, Winget, Snap releases, in-app updates, and the main JAR package, remained secure throughout the incident. Developers urged users to verify installer authenticity by checking digital signatures within file properties. Legitimate files should display a verified signature from AppWork GmbH, while unsigned installers or files signed by unfamiliar publishers should be avoided immediately. 

Cybersecurity researcher Thomas Klemenc later analyzed the malicious Windows files and found they acted as loaders for a heavily obfuscated Python-based remote access tool. According to his findings, the malware could execute remote commands through command-and-control servers, silently turning infected devices into attacker-controlled systems. Analysis of the Linux shell installer also uncovered injected malicious code designed to download disguised payloads from suspicious domains. 

Once executed, the malware installed hidden binaries, created persistence mechanisms, elevated privileges using root-level configurations, and disguised itself as legitimate Linux system processes to avoid detection. Experts noted that parts of the Linux malware remain difficult to fully understand because the payload was heavily protected using obfuscation tools like Pyarmor, limiting deeper analysis. 

Although JDownloader stressed that only users who downloaded and executed installers during the breach window were at risk, security professionals strongly recommend reinstalling operating systems on infected machines. Since arbitrary code execution was possible, experts also advise resetting all passwords after cleaning affected devices due to potential credential theft. 

The attack reflects a growing cybersecurity trend in which hackers target trusted software platforms to distribute malware through compromised downloads. Similar incidents recently affected CPU-Z, HWMonitor, and DAEMON Tools, where attackers replaced legitimate installers with infected versions carrying hidden malware.  

As supply chain attacks continue increasing, cybersecurity experts stress the importance of checking digital signatures carefully and avoiding suspicious downloads, even on trusted software platforms.
Read more »
WolfSSL flaw
AI cybersecurity Anthropic Claude Mythos Preview Project Glasswing software vulnerabilities Vulnerabilities and Exploits WolfSSL flaw

Anthropic’s Project Glasswing Detects Over 10,000 Critical Software Vulnerabilities Worldwide

 

iArtificial intelligence company Anthropic has revealed that its cybersecurity initiative, Project Glasswing, has successfully identified more than 10,000 high- and critical-severity vulnerabilities across globally significant software systems since the program was introduced last month.

The initiative was designed as a defensive cybersecurity program aimed at strengthening critical software infrastructure worldwide. Through Project Glasswing, around 50 trusted partners receive early access to Claude Mythos Preview — an advanced AI model capable of autonomously discovering vulnerabilities in widely used software before malicious actors can exploit them.

According to Anthropic, 6,202 of the detected vulnerabilities were categorized as high or critical severity and affected over 1,000 open-source projects. Further review confirmed 1,726 of these findings as legitimate true positives, while 1,094 vulnerabilities were assessed as either high or critical in severity.

Among the major discoveries was a critical security flaw in WolfSSL identified as CVE-2026-5194, carrying a CVSS score of 9.1. The vulnerability could potentially allow attackers to forge certificates and impersonate legitimate services. Anthropic noted that the initiative has already contributed to 97 vulnerabilities being patched upstream along with the release of 88 security advisories.

"The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity," Anthropic acknowledged. "Confronting this challenge successfully will make our software far safer than before."

The announcement comes amid a broader rise in AI-assisted vulnerability discovery, with software vendors releasing patches at an unprecedented pace. Microsoft recently indicated that the number of monthly security patches is expected to continue increasing over time.

Cybersecurity firm XBOW described Mythos Preview as "a major advance" that is "substantially better than prior models at finding vulnerability candidates" and "adept at analyzing source code with a security mindset." Researchers have also observed the model’s effectiveness in converting vulnerabilities into complete end-to-end attack chains.

Anthropic highlighted that the capabilities of Mythos Preview extend beyond vulnerability detection. In one reported incident, a banking partner participating in Glasswing used the AI model to identify and block a fraudulent wire transfer worth $1.5 million after a threat actor compromised a customer’s email account and attempted spoofed phone calls.

The company warned that AI models with capabilities similar to Mythos could become widely accessible in the near future, prompting a need for organizations to accelerate their patch management processes. Oracle has already transitioned to a monthly patch cycle to respond more quickly to critical security vulnerabilities.

"Network defenders should shorten their patch testing and deployment timelines," Anthropic said. "These include steps like hardening networks' default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response."

Anthropic also announced the launch of its Cyber Verification Program, which allows verified security researchers to use its AI models without standard guardrails for legitimate cybersecurity activities such as penetration testing, vulnerability research, and red teaming. The move mirrors OpenAI’s Daybreak initiative, which enables defenders to work with GPT-5.5-Cyber for specialized security workflows.

Despite their advanced capabilities, models such as Mythos Preview and GPT-5.5-Cyber have not yet been publicly released due to concerns surrounding potential misuse and the absence of sufficient safeguards against large-scale abuse.

"Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage," it pointed out. "However, there is an urgent need for as many organizations as possible to shore up their cyber defenses. We hope that our generally available models, and the new tools, resources, and research we're providing to accompany them, will support those organizations to improve their cybersecurity posture."
Read more »
Subscribe to: Posts (Atom)

Featured