Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Pulitzer-Winning Journalists Expose the Human Cost and Hidden Network Behind Digital Arrest Scams

  Digital arrest scams in India are rapidly expanding by exploiting fear, trust, and emotional vulnerability. Pulitzer-winning journalists ...

All the recent news you need to know
Token Theft
AI AI Economy Crypto Technology Token Pilfering Token Theft

Token Pilfering: How Token Theft is Plaguing Cybersecurity


AI economy and computing threat

The rising AI economy is bringing a new type of cybercrime. Cybercriminals are scamming AI firms by signing up for new accounts to steal tokens via computing power. The problem is getting worse, according to Patrick Collison, CEO of payment behemoth Stripe. The token hackers now amount for one in every six new customer subscriptions.

Token pilfering

Experts said that the threat actors steal the tokens to later sell them on the dark web. ‘Token pilfering’ has plagued the cybersecurity world and is becoming quite expensive for AI startups to give free trials to potential customers.

Startups attacked for money

It is not new for hackers to attack startups. With the AI economy rising, it has created fractures for hackers because with traditional software trials, a registration for an AI firm brings valuable tokens for compute power that hackers can sell later.

The token theft

The most neglected subject in AI is token theft. Because they are using tokens at machine speed, these attackers can swiftly accrue enormous consumption bills that they never plan to pay and burn inference costs. This is one of the most frightening aspects of that.

In order to use the tokens for purposes unrelated to what the company is delivering or to resell them, token theft sometimes involves thieves creating many accounts at an AI company and across multiple firms. They always vanish after using up all of the tokens; Sands compared this swindle to those who "dine and dash" at restaurants.

Attack tactic

The problem surfaces as the crooks use agents to steal the tokens in minutes. Unlike a traditional software company, the cybercrime happens too fast for the organization to address the issue.

It is hell for AI firms who want to give out free trials to get more new users. Typically, it costs nothing for a firm to give out free trials on a temporary basis, but for AI firms, the customer-acquisition costs can go up to $500 due to scammers abusing the startup policies of giving out free tokens for trial accounts.

Token epidemic

The token epidemic has created problems for startups. Few have stopped free trials, but it has affected their growth as it shuts down the opportunities to get new customers.

Luckily, one solution exists. According to Stripe, there exists a product called Radar that works as a default fraud detector in the credit card payment network, adapts tools, and helps clients find and block token fraud.

Read more »
Worm Infection
Credential Stealer Linux Shell malware PCPJack Worm Worm Infection

PCPJack Worm Steals Cloud Credentials While Wiping Out TeamPCP Infections

 

A new malware framework called PCPJack is drawing attention because it not only steals credentials from exposed cloud systems but also wipes out traces of TeamPCP infections before taking over the environment. The campaign shows how one criminal group can piggyback on another group’s compromised infrastructure to expand access, harvest secrets, and monetize stolen data. 

PCPJack begins with a Linux shell script that creates a hidden workspace, installs Python dependencies, downloads extra modules, sets up persistence, and launches an orchestrator that manages the infection. During that startup sequence, it actively searches for TeamPCP processes, services, files, containers, and persistence artifacts, then removes them so its own payload can operate without interference. That behavior makes the malware unusually aggressive even by cloud-threat standards. 

Once inside a host, the framework focuses on credential theft across cloud, container, developer, productivity, and financial services. Reported targets include SSH keys, environment files, tokens, Docker and Kubernetes secrets, WordPress configs, and logins for services such as AWS, Slack, GitHub, OpenAI, Anthropic, Discord, and Office 365. Researchers also noted that the malware exfiltrates data to Telegram after encrypting it and splitting it into small chunks to fit message limits. 

The worm-like spread is what makes PCPJack especially dangerous in exposed cloud environments. It is built to move laterally, search for additional systems, and exploit vulnerable web applications and services such as Docker, Kubernetes, Redis, MongoDB, RayML, and other internet-facing infrastructure. It does not appear to rely on cryptomining, which suggests the main motive is stolen-access monetization through fraud, spam, extortion, or credential resale.

Organizations can reduce risk by hardening cloud access and secrets management, enforcing MFA, and limiting exposure of Docker, Kubernetes, and web applications. Security teams should also monitor for unusual shell-script activity, hidden directories, unexpected persistence, and outbound traffic to attacker-controlled messaging channels. In practice, PCPJack is a reminder that cloud intrusions are increasingly iterative, with one attacker cleaning up another’s mess only to create a new one.
Read more »
European Union
AI Act AI Deepfakes AI Privacy AI Risks AI Security Cyber Security Deepfake Deepfake Images EU European Union

European Union Agrees to Ban AI Generated Non Consensual Sexualized Deepfakes

 

A temporary deal emerged Thursday between EU lawmakers and national representatives, targeting AI tools that create explicit fake images without consent. Such technology, when applied to produce child exploitation material, will also fall under the new restrictions. Agreement came after extended discussions on digital ethics and public safety concerns. Rules now aim to block deployment of systems designed for these harmful purposes. The move reflects growing attention to misuse of synthetic media across Europe. Final approval processes remain pending among governing bodies. 

Part of wider changes to the EU’s approach on AI, this move fits within the “Omnibus VII” laws meant to streamline digital rule-making. Rules for artificial intelligence across European countries are being aligned through these adjustments, reducing complexity where possible. One goal stands clear - making compliance less fragmented without adding new layers. 

Updates like this reshape how standards apply, slowly shifting the landscape from within. Following talks, officials announced updated guidelines banning artificial intelligence systems from producing private or explicit material about people without their agreement. These measures single out synthetic media depicting minors in sexually abusive scenarios - prompted by rising unease around how machine learning models enable manipulation, harmful behavior, and digital assault. 

Though broad in scope, enforcement hinges on consistent oversight across platforms where such technologies operate. Still, Marilena Raouna noted the deal could ease repeated paperwork demands on firms in the EU's tech industry - so long as safeguards around AI oversight remain intact. Compliance dates shift for high-risk AI under the new version of the framework. Starting December 2, 2027, standalone systems classified as high risk must follow the requirements. 

By August 2, 2028, those integrated into physical products come into scope. The timeline change appears in the current draft deal. Rules apply earlier to independent platforms than built-in ones. Registration of exempted AI tools in the European Union's high-risk database forms part of the deal. Authorities believe tracking these technologies will support clearer monitoring. Oversight gains clarity when deployments become visible through such records. Among updated measures, tighter rules return for handling sensitive personal details via AI aimed at spotting or fixing skewed algorithms. 

Government representatives noted these changes strengthen individual privacy safeguards, yet still require firms to justify extensive data use with concrete need. Now arriving amid global scrutiny, the deal reflects mounting demands on authorities to control tools that craft lifelike false media through artificial intelligence. 

While Europe's officials stress consequences, they point especially at intimate imagery made without permission - citing threats it poses to personal boundaries, digital safety, truth integrity, and public standing. Though not yet legally binding, the agreement advances the EU’s push to shape how artificial intelligence is built and used throughout its countries. Approval must come later, but momentum continues.
Read more »
zero day
CISA EPMM IP Address Ivanti EPM ransomware security flaws vulnerabilities and Exploits zero day

Ivanti Patches New EPMM Vulnerability Linked to Active Zero-Day Exploitation

 



Software provider Ivanti has released security updates for a newly identified vulnerability in its Endpoint Manager Mobile (EPMM) platform after confirming that the flaw has already been used in limited zero-day attacks.

The vulnerability, tracked as CVE-2026-6973, has been classified as high severity. According to Ivanti, the issue is caused by improper input validation, which refers to a weakness in how an application processes and checks incoming data before handling a request. If exploited successfully, the flaw could allow a remote attacker with administrator-level access to run arbitrary code on vulnerable systems.

Ivanti stated that the vulnerability affects EPMM version 12.8.0.0 and earlier releases. To reduce exposure, the company has issued patched versions including EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1. The company is also advising customers to review accounts with administrative privileges and rotate credentials where necessary, particularly in environments where earlier compromise activity may have occurred.

In its advisory, Ivanti said the exploitation activity observed so far appears to be limited in scope and requires valid administrator authentication in order to succeed. The company added that it has not identified active exploitation involving the additional vulnerabilities disclosed alongside CVE-2026-6973.

Ivanti also clarified that the issue impacts only the on-premises version of Endpoint Manager Mobile. The company said the flaw does not affect Ivanti Neurons for MDM, which is its cloud-based endpoint management platform. Other products, including Ivanti EPM and Ivanti Sentry, were also listed as unaffected.

Data published by internet monitoring organization Shadowserver Foundation currently shows more than 850 internet-accessible IP addresses associated with Ivanti EPMM deployments. Most of the exposed systems appear to be located in Europe, followed by North America. However, there is still no public visibility into how many of those servers have already installed the latest patches.

Alongside the actively exploited flaw, Ivanti disclosed fixes for four additional high-severity vulnerabilities identified as CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. According to the company, these flaws could potentially be used to obtain administrator access, impersonate registered Sentry hosts to receive valid certificate authority-signed client certificates, invoke unauthorized methods, or gain access to restricted information stored within affected environments.

The company stated that it currently has no evidence showing these four vulnerabilities have been exploited in real-world attacks. Ivanti also noted that CVE-2026-7821 affects only organizations using Apple Device Enrollment configurations.

The latest disclosure follows earlier security incidents involving Ivanti EPMM earlier this year. In January, the company disclosed two separate code-injection vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, which were also exploited as zero-days against what Ivanti described at the time as a very limited number of customers.

Ivanti now says customers who followed its earlier recommendation to rotate credentials after the January incidents are likely to face a significantly lower risk of exploitation from CVE-2026-6973. The guidance reflects a growing concern within the cybersecurity industry that attackers often attempt to reuse stolen administrative credentials across multiple intrusion campaigns.

The issue also drew attention from the U.S. Cybersecurity and Infrastructure Security Agency earlier this year. In April, the agency instructed federal civilian agencies to secure vulnerable systems against attacks involving CVE-2026-1340 within four days after adding the flaw to its Known Exploited Vulnerabilities catalog.

Ivanti products have repeatedly appeared in incident response investigations over the last several years, particularly because endpoint and device management platforms typically operate with elevated privileges across enterprise networks. Security agencies and researchers have warned that these systems remain attractive targets for threat actors seeking broad administrative control over organizational infrastructure.

According to data previously published by CISA, 33 Ivanti vulnerabilities have been publicly identified as exploited in the wild, including 12 that were also linked to ransomware-related activity.

Ivanti says it currently serves more than 40,000 customers worldwide through a partner network consisting of over 7,000 organizations.

Read more »
WhatsApp Privacy
cybersecurity news digital surveillance End To End Encryption Federal Investigation Meta Security Privacy Secure Messaging WhatsApp Encryption WhatsApp Privacy

WhatsApp Encryption Comes Under Spotlight Following Federal Allegations

 


Federal Investigation Into WhatsApp Encryption

A confidential federal investigation into encryption integrity has morphed into a broader debate addressing the technical transparency of one of the largest messaging platforms in the world. According to a Bloomberg report citing individuals familiar with the matter, investigators quietly examined whether Meta’s WhatsApp could, under certain internal conditions, expose access to user conversations despite its longstanding end-to-end encryption assurances. 

There was considerable weight to these allegations, considering WhatsApp has more than three billion users globally, many of whom depend on the platform for confidential personal communications, corporate coordination, and sensitive business communications. The inquiry was led by a special agent from the U.S. Department of Commerce's Bureau of Industry and Security over a period of nearly ten months, during which internal documents were reviewed, interviews were conducted, and an assessment of the handling of message data behind the platform's infrastructure layers was carried out. 

The investigation reportedly intensified after a January 16 internal memorandum circulated across multiple federal agencies claimed that certain Meta employees and contractors could access message content in ways that conflicted with WhatsApp’s public encryption narrative. In spite of the technical and regulatory implications of the findings, the federal investigation was abruptly ended earlier this year without any explanation of the reasons for the sudden halt of the investigation. 

In 2024, an anonymous whistleblower alleged that WhatsApp’s privacy architecture was not as impenetrable as it was publicly portrayed, resulting in renewed controversy surrounding WhatsApp. According to the reports, U.S. authorities began a federal investigation quietly in 2025, ordering investigators to examine whether the messaging service's internal systems allowed access to the supposedly encrypted communications through its internal systems. 

The investigation is reported to have taken nearly ten months. Investigators collected technical records, interviewed personnel, and reviewed the internal operational processes related to Meta's storage and handling of message data. A report indicates that preliminary findings suggested that a mechanism could be established that would allow message content to be exposed unencrypted under certain circumstances, prompting internal attention to the investigation. The investigation was ultimately terminated without any formal public findings, further deepening concerns surrounding transparency and encrypted data governance.

Meta Defends WhatsApp’s Encryption Architecture

According to Meta, WhatsApp's end-to-end encryption framework prevents even the company itself from gaining access to message content while it is being transmitted. WhatsApp has consistently denied allegations that it reads private conversations on the service. After Meta acquired WhatsApp in 2014, the platform introduced end-to-end encryption globally in 2016. The system was designed so that only the sender and recipient possess the cryptographic keys required to unlock conversations. From a technical standpoint, the encryption architecture continues to be regarded by many cybersecurity researchers as fundamentally secure during message transmission. 

Public Distrust and Global Security Concerns

The public, however, remains skeptical of the program, partly because many users believe ads often appear to relate to topics discussed in supposedly private conversations. The perception of large-scale data collection practices in digital ecosystems has continued to fuel distrust, even though no verifiable evidence has conclusively demonstrated that WhatsApp monitors encrypted communications for advertising purposes. 

A number of governments and state institutions have emphasized the potential threat WhatsApp poses to sensitive communications, despite its claims that it is encrypted. The concerns extend beyond consumer privacy issues to national security concerns and operational risk management concerns. A number of countries, including Iran and Russia, have repeatedly expressed concerns regarding the platform’s data handling practices and foreign ownership structure, including the United States, where the application was prohibited from being used on official devices for the House of Representatives. 

In addition, a class action lawsuit filed in San Francisco in 2026 alleges that Meta unlawfully intercepted and shared private WhatsApp communications with unauthorized parties, adding further pressure. It was alleged in the complaint that company personnel could access messages in real time via internal request systems. According to report, one federal investigator involved in the investigation concluded Meta can store text, audio, image, and video data in a non-encrypted format within certain backend environments. This claim has been strongly contested by the company. 

India’s Encryption and Traceability Clash

In India, where privacy rights and regulatory oversight have increasingly collided over digital communications, the encryption debate has been particularly significant. After WhatsApp updated its privacy policy in 2021, tensions escalated. At the same time, the Indian government introduced new information technology rules requiring message service providers to provide a method for “tracing” messages so that law enforcement can examine them. 

WhatsApp would have been forced to fundamentally change its encryption model in order to comply with the regulations, effectively undermining the fundamental principle of end-to-end encryption. As a result, the platform challenged the requirements in court, arguing that a requirement for traceability would substantially compromise user privacy and weaken the protections provided by digital security.  In spite of India enacting the Digital Personal Data Protection Act in 2023, the legal dispute has not yet been resolved. 

When WhatsApp appeared before the Delhi High Court in 2024, it stated that it may be forced to cease operations in India if forced to violate encryption safeguards, a scenario that would negatively impact approximately half a billion users. Despite the ongoing legal standoff, the platform continues to operate in India without implementing the government's traceability requirement, tkeeping the broader debate surrounding encryption, surveillance, and digital privacy far from resolved. 

Whistleblower Complaint and Operation Sourced Encryption

The allegations against Meta did not originate from online speculation or public conspiracy theories but reportedly emerged through a formal whistleblower complaint submitted to the U.S. As stated in the complaint filed by the Securities and Exchange Commission in 2024, WhatsApp may have provided limited access to user communications, despite repeated assurances regarding end-to-end encryption provided by the platform. 

The seriousness of the allegations prompted federal authorities to quietly launch an internal investigation that remained largely shielded from public scrutiny. An investigation was later handled by a special agent within the Bureau of Industry and Security, specifically through its Office of Export Enforcement, where Operation Sourced Encryption was reportedly conducted. 

During the inquiry, officials interviewed individuals familiar with Meta’s operational workflows, reviewed internal technical processes, and examined whether backend systems created any pathway through which employees or contractors could access message-related content after transmission. 

Internal Findings and Access Allegations

The investigation reached a turning point in January 2026 when the lead agent circulated a memo to numerous agencies, including the Securities and Exchange Commission and the Federal Trade Commission, regarding the allegations of misrepresentation. According to the memorandum referenced in the report, the agent concluded that Meta possessed the technical capability to store and potentially access WhatsApp communications, including text messages, photographs, audio clips, and video recordings.

The findings further suggested that certain internal practices could conflict with federal standards governing consumer privacy and corporate disclosure One of the investigation’s central findings involved what the agent described as a ‘tiered permissions system,’ an internal access framework allegedly active since at least 2019. 

According to the memo, the structure provided varying levels of platform visibility to employees, contractors, and overseas personnel, including workers based in India. Individuals interviewed during the probe reportedly stated that moderation-related operations conducted through Accenture involved broad access to message-associated content.” 

Sudden Shutdown of the Federal Probe

If the findings were circulated internally, senior leadership of the Commerce Department reportedly ordered the investigation to be terminated shortly thereafter. Those officials who supported the closure of the investigation later referred to the agent's conclusions as "unsubstantiated" and argued that the investigation exceeded the authority typically granted to export enforcement officers. 

Though the federal investigation was formally terminated without any public release of its conclusions, the controversy has intensified scrutiny of the ways in which encrypted communication platforms manage backend infrastructure, moderation systems, metadata processing, and administrative access controls.

The investigation has heightened industry concerns over whether large-scale messaging platforms will be able to simultaneously maintain strong encryption guarantees, regulatory compliance, and operational oversight without creating hidden exposure points, despite Meta's continued rejection of allegations that WhatsApp compromises private conversations. 

There are now many questions raised by regulators, cybersecurity researchers, and privacy advocates that go far beyond a particular application, resulting in a profound debate regarding transparency, trust, and the future architecture of secure digital communications.
Read more »
European Union hacking
Chinese Cyber Threat Chinese Hackers Cyber Security Cyberespionage Cybersecurity EU cybersecurity European Union hacking

Chinese Cyber Threats to Europe Growing Through Silent Espionage Tactics

 

Chinese state-supported hacking groups are becoming one of the most serious cybersecurity concerns for the European Union, with experts cautioning that their activities often go unnoticed due to their discreet nature.

Unlike the highly visible cyberattacks commonly associated with Russia, Chinese-linked operations usually focus on quietly gaining long-term access to systems and collecting intelligence over extended periods.

According to Antonia Hmaidi, a senior analyst at the Mercator Institute for China Studies, one of the major risks involves cyber actors targeting small office devices used across Europe. These include routers, printers, and network equipment that frequently lack strong security protections, making them easier to exploit as entry points into larger systems.

“It’s not like Russian attacks, which are very visible. Therefore, we tend to underestimate it,” Hmaidi said.

Concerns over cyberespionage continue to rise

European authorities have increasingly expressed concerns over cyberespionage activities allegedly linked to China, especially as more incidents involving government agencies and private businesses continue to surface.

Rather than disrupting systems immediately, these cyber campaigns are often aimed at gathering confidential information and monitoring sensitive activity over time.

In response to growing security risks, several European institutions have tightened cybersecurity precautions. Earlier this year, members of the European Parliament travelling to China were reportedly advised to use burner phones and avoid carrying personal electronic devices.

Officials stated that the measures were introduced to minimise the possibility of surveillance or cyber intrusion during overseas visits. Lawmakers and staff members were also provided with security guidance and training before departure.

Similar safety protocols have been adopted by other EU institutions as well. Reports suggest that internal guidelines within the Council of the European Union recommend officials avoid carrying electronic devices to certain countries, including China. If devices must be taken, authorities reportedly advise wiping them completely after returning.

At the same time, staff members of the European Commission travelling abroad have reportedly been issued temporary phones and basic laptops to reduce the risk of espionage.

A stealth-driven cyber strategy

Cybersecurity experts believe Chinese cyber operations differ significantly from more aggressive attacks because they prioritise stealth, persistence, and long-term infiltration.

Instead of causing immediate and visible disruption, attackers quietly enter systems, observe operations, and gradually extract valuable information. This strategy makes detection far more difficult and allows intruders to remain active within networks for long periods without being discovered.

As Europe becomes increasingly dependent on digital infrastructure for governance, business, and communication, analysts warn that failing to recognise these hidden cyber risks could pose serious challenges to the region’s long-term security and technological independence.
Read more »
Subscribe to: Posts (Atom)

Featured