Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

TCLBANKER Threat Actors Intensify Financial Attacks Using Outlook and WhatsApp Worms

  Elastic Security Labs has identified TCLBANKER as REF3076, which represents a significant development in Latin American banking malware. I...

All the recent news you need to know
User Security
Data Breach Data Theft Medtronic Breach ShinyHunters User Security

Medtronic Confirms ShinyHunters' Theft of 9 Million Records

 

Medtronic, a leading global medical device manufacturer, recently confirmed a significant cybersecurity breach affecting its corporate IT systems. The incident came to light after the notorious hacking group ShinyHunters claimed responsibility, boasting of stealing over 9 million records containing personally identifiable information (PII) and terabytes of internal corporate data. 

On April 17 and 18, 2026, the group listed Medtronic on its Tor-based data leak site, issuing a ransom ultimatum that expired on April 21 without public confirmation of payment or data release. Medtronic publicly disclosed the breach on April 24, 2026, via its website and a U.S. Securities and Exchange Commission Form 8-K filing, acknowledging unauthorized access but emphasizing that the intrusion was contained with no disruption to operations.

The breach targeted non-critical corporate networks, sparing patient-facing systems, medical devices, manufacturing, and distribution channels. Medtronic stated explicitly that products, patient safety, customer connections, financial reporting, and care delivery remained unaffected, as these operate on segregated infrastructure. ShinyHunters, known for high-profile extortion campaigns against over 40 organizations in 2026—including ADT, Amtrak, and Cisco—alleged the haul included sensitive PII from employees, partners, or affiliates, though Medtronic has not verified the exact volume or contents. The group's listing vanished from the leak site shortly after, fueling speculation of behind-the-scenes negotiations.

This incident underscores escalating threats to healthcare giants, where corporate IT often serves as a softer entry point for attackers. ShinyHunters has exploited misconfigured Salesforce Experience Cloud guest permissions in multiple cases, a customer setup issue rather than a platform flaw, according to Salesforce. Medtronic's response involved activating incident protocols with external cybersecurity experts to assess data exfiltration and potential exposure. An ongoing forensic investigation aims to pinpoint compromised information, with commitments to notify and support affected individuals if personal data is confirmed stolen.

The implications ripple beyond Medtronic, highlighting vulnerabilities in the medical technology sector amid rising ransomware and extortion tactics. Law firms like Schubert Jonckheer & Kolbe LLP launched investigations by early May 2026, probing liabilities for the nearly 9 million potentially impacted records. While no widespread data dumps have surfaced publicly, the breach erodes trust in supply chain security, even when clinical operations stay insulated. Healthcare firms face mounting pressure to fortify perimeter defenses as cybercriminals increasingly target administrative data for profit.

To mitigate risks from such incidents, individuals should monitor credit reports, enable two-factor authentication on personal accounts, and freeze credit if notified of exposure. Organizations are advised to segment networks rigorously, conduct regular penetration testing, patch third-party configurations like Salesforce promptly, and develop robust incident response plans. Medtronic's case reinforces the need for proactive cybersecurity hygiene to safeguard sensitive data in high-stakes industries.
Read more »
Hijacking attacks
Account Hijacking Risks Account security account takeover scams Cyber Attacks Cyber Hackers Cyber Phishing Hacker attack Hijacking attacks

Signal Plans New Security Measures After Russian Hackers Hijack Hundreds of Accounts

 

Following revelations that hackers tied to the Russian government breached numerous German users' accounts via focused phishing schemes, Signal, a secure messaging service, moves to strengthen its defenses. Though the core encryption stays intact, manipulation tactics targeting people - not systems - spark renewed alarm among experts. Some reports suggest around 300 people in 

Germany faced incidents, such as prominent politicians. 
The head of the German parliament ranked among them, showing a shift toward targeting authorities, campaigners, and well-known personalities. Though less common before, such actions now point to more deliberate choices by offenders. What happened did not involve any break-in at Signal’s core security setup. Their encryption methods stayed intact throughout the incidents. Hackers found another path - using deceptive messages aimed directly at people. 

These tricks led some users to hand over private login details without realizing it. The app itself remained untouched, including its built-in privacy safeguards. Reportedly, fake messages came from someone pretending to be "Signal Support," arriving straight in user inboxes. Instead of ignoring them, some people gave up their single-use login codes, personal Signal PINs, along with backup account information. 

With that data in hand, intruders then activated the targeted accounts on separate devices. Private conversations became reachable - all because stolen details allowed full transfer control. Earlier warnings came from security experts across Europe, along with U.S. agencies like the FBI, flagging such tactics recently. Phishing efforts resembling these have drawn attention due to their repeated appearance. 

Targets included individuals speaking out against China’s policies, according to reports. These patterns hint at coordinated monitoring backed by governmental support. Observers note the consistency in techniques points beyond random attacks. Human behavior plays a central role in these breaches, differing from conventional hacks targeting code flaws. 

Instead of cracking software defenses, intruders gain access by persuading individuals to disclose credentials. Once granted entry through trust rather than force, encrypted environments offer little resistance. Security analysts observe a shift: tricking people now works better than overcoming digital barriers. What used to require complex tools now succeeds with conversation. Now working on new protections, Signal aims to make scam detection easier for its users. 

Without revealing exact details, the team mentioned updates targeting phishing-driven breaches. These adjustments will start appearing within weeks. Changes are expected to limit how often accounts get compromised through deceptive messages. Although the group operating Signal emphasizes strong privacy safeguards, these very protections reduce how much information they can gather. 

Because messages are secured with end-to-end coding, personal chats remain hidden even from the service itself. Limited access to usage details means deeper inspection of scam attempts becomes difficult. Only minimal traces of activity stay visible, due to built-in system constraints. Later updates show Signal warning people: real support teams won’t message inside the app, on social platforms, by text, or call asking for logins, access codes, or personal IDs. 

Messages from the team arrive strictly via confirmed accounts ending in @signal.org, according to their statement. Communication like this stays limited - no exceptions appear. Despite strong encryption, hacking through stolen credentials shows weaknesses still exist at the human level. With scams now harder to spot, specialists stress vigilance alongside tools like two-step checks - protection depends on behavior, not code alone.
Read more »
Malware Campaign
Banking Cyber Scammers Cybersecurity Discord Illegal Porn malware Malware Campaign

Malware Campaign: Porn Viewers Should Hide Webcams

 

Any users who visit porn sites should be extra careful now. Porn viewers should hide their cameras. If users do not hide their webcams, they risk unpleasant recordings and extortion. Porn viewers should hide their webcams. 

According to a new blog post by security experts at Proofpoint, a new malware type is currently going viral. It is classified as an infostealer that reads various data and sends it in text form. However, there’s more to it. Another component of the new malware campaign specifically hacks the privacy of those impacted. 

Now, porn viewers should immediately protect their cameras. According to the report, the malicious software would immediately detect when someone opens an adult website on compromised browsers.  

Attack tactic 


The malware scans the page for keywords like “sex” or “porn”. In such incidents, it promptly captures a screenshot of the desktop and accesses the webcam to click an image of the person in front of it. 

These screen captures (sometimes nudes) are later used for extortion. Thus, it becomes crucial for porn viewers to at least cover their webcams to protect themselves from unsolicited recordings, from apps like Omegle. This is not the first time porn viewers have been targeted by scammers.  

While malware taking pictures is not a new tactic, it is still comparatively rare. Porn viewers should secure their cameras as much as possible. 

Potential for extensive data theft 


Researchers from Proofpoint explained that there can be extensive data theft, and the information can be disseminated through different platforms. The stolen data comprises: bank details, session cookies, session data, logins, email, access info, and system information keystrokes. The distribution takes place via platforms such as Telegram, SMTP, Discord, or file hosts. 

Phishing emails for malware 


The current malware is based on the open-source malware Stealerium; it is publicly accessible and has been active since 2022. Hackers can easily download and adjust it for their needs. 

Recently, there has been a surge in attacks despite the malware age. From May to August 2025, there was a spike in malware campaigns. The key distribution method of malware was phishing emails concerning legal or banking issues. Impacted users should be careful with messages from unknown senders and recognize phishing emails.  Even a single click could be hazardous.
Read more »
Vulnerability Management
AI Security APRA Artificial Intelligence Banking Security Critical Infrastructure Cyber Threats Cybersecurity Mythos AI Vulnerability Management

Australia Demands Faster Cybersecurity Action to Address Mythos Activity


 

Australian financial regulators are increasingly concerned about the safety of frontier artificial intelligence platforms such as myth, and are reviewing their cybersecurity policies. A strong worded communication issued by the Australian Securities and Investments Commission on Friday stressed that financial institutions should no longer regard artificial intelligence-driven cyber exposure as a future threat, and that defensive controls, governance mechanisms, and operational resilience frameworks must be strengthened immediately. 

According to the regulator, the rapid integration of advanced artificial intelligence technologies within financial ecosystems is increasing the attack surface across critical systems, making robust cybersecurity preparedness an urgent priority. This increased regulatory focus comes as a result of ongoing government engagement with developers of advanced artificial intelligence systems, such as Anthropic, as officials attempt to assess the security implications of increasingly autonomous cyber capabilities. 

Tony Burke's spokesperson confirmed earlier this week that Australian authorities are actively coordinating with software vendors and artificial intelligence firms to ensure they remain informed of newly discovered vulnerabilities and evolving threats affecting critical infrastructure. 

It is unclear whether the government is directly participating in the restricted Mythos Preview platform of Anthropic or is participating only through advisory and intelligence sharing channels. However, the statement underscores growing institutional concerns regarding the operational risks posed by artificial intelligence security tools of the future.

A small group of major technology companies was given access to the platform instead of the platform being made available publicly, a practice that has sparked intense debate within the cybersecurity community. 

Some analysts believe the technology will accelerate vulnerability discovery and defensive research, while others warn that such concentrated offensive capabilities can pose significant systemic risks if compromised or misused. There have also been questions surrounding the credibility of claims made about Mythos’ capabilities, comparing them to previous industry claims about very capable artificial intelligence systems that did not live up to public expectations. 

Concerns raised by the Australian Prudential Regulation Authority have escalated further after it warned that the country's banking sector is falling behind artificial intelligence developments, in particular when it comes to cyber resilience and governance oversight. 

As stated in a formal communication addressed to financial institutions, APRA expressed concern that many existing information security frameworks are not evolving rapidly enough to address the operational risks introduced by frontier AI systems such as Anthropic's Mythos. 

APRA warned that rapidly evolving AI models could significantly increase the speed, scale, and precision of cyber intrusions by enabling automated vulnerability discovery and exploit development. An analysis of the industry by APRA indicated growing concerns regarding the potential material changes to the cybersecurity threat landscape for Australia's financial sector by high-capability AI systems with advanced coding capabilities. 

Project Glasswing, an initiative that involves a number of major technology companies such as Amazon, Microsoft, Nvidia, and Apple, specifically cited Anthropic’s Claude Mythos. A number of security experts have cautioned that systems capable of autonomously analyzing software architectures and identifying vulnerabilities can introduce unprecedented offensive potential if accessed by malicious actors. 

Despite the fact that Anthropic did not respond to the request for comment, regulators continue to assess the implications of artificial intelligence-driven cyber operations, as the scrutiny surrounding the platform continues to intensify. An increasing regulatory focus on frontier artificial intelligence reflects a general shift in cyber risk assessment across the financial sector, in which advanced AI capabilities and critical digital infrastructure are creating an increasingly volatile threat environment as a result of their convergence. 

The Australian government appears increasingly concerned that conventional security models may not be sufficient against AI-assisted intrusion techniques capable of speeding reconnaissance, vulnerability discovery, and large-scale exploitation. 

Since the announcement, there has been considerable debate within the cyber security and artificial intelligence sectors. Supporters have framed Mythos as a potentially transformative platform aimed at accelerating defensive security research and fundamentally transforming vulnerability management. In contrast, critics argue that concentrating such capabilities within a limited ecosystem would pose systemic severe risks if malicious actors were to leak, weaponize or replicate the technology.

A number of people have questioned whether the narrative surrounding Mythos is a reflection of true technological advancement or an attempt to gain market attention through fear-based security messaging. Furthermore, earlier claims regarding advanced AI models in the broader industry have been compared, including statements regarding OpenAI systems which were later criticized for a failure to match the public image of their capabilities with actual performance.

As financial institutions continue integrating AI into critical operations, regulators are signaling that stronger technical oversight, faster defensive adaptation, and deeper executive-level understanding of emerging technologies will become essential to maintaining resilience against increasingly sophisticated cyber threats

Read more »
Vulnerabilities and Exploits
Cisco CVSS DoS Server Software Vulnerabilities and Exploits

Cisco Warns of Network Management Flaw That Can Force Systems Offline Through Remote DoS Attacks




Cisco has disclosed a high-severity vulnerability affecting its network management platforms, Cisco Crosswork Network Controller and Cisco Network Services Orchestrator, which could allow remote attackers to crash vulnerable systems by exhausting their available connection resources.

The security issue, tracked as CVE-2026-20188, carries a CVSS score of 7.5. According to Cisco, the flaw can be exploited remotely without authentication, meaning an attacker does not need valid credentials or prior access to interfere with affected servers.

At the center of the problem is how the platforms manage incoming network connections. Cisco explained that the affected software does not properly control or restrict the rate of connection requests sent to the server. Because of this weakness, a malicious actor can continuously bombard the system with repeated requests until all available connection resources are consumed.

Once the systems run out of resources, both Cisco CNC and NSO can stop responding entirely. Administrators may lose access to management interfaces, while network operations that depend on these platforms can experience abrupt disruption.

Unlike temporary service slowdowns, the systems do not automatically recover after the overload occurs. Cisco stated that administrators must manually reboot the affected platforms to clear the exhausted resources and restore normal operations.

The company internally tracks the issue under Bug ID CSCwr08237. Cisco said the flaw originates from the connection-handling mechanisms used within both products.

Denial-of-service vulnerabilities of this kind are often disruptive because they target system availability rather than data theft. In enterprise environments, orchestration and network control platforms are responsible for coordinating automated processes, monitoring infrastructure, and managing service delivery across large networks. If these systems become unreachable, organizations can temporarily lose visibility into network operations and automated workflows.

Cisco is urging organizations using these products to immediately review their software versions and determine whether their environments are exposed.

For Cisco Crosswork Network Controller, the vulnerability affects version 7.1 and all earlier releases. Cisco confirmed that version 7.2 is not impacted, making upgrades necessary for organizations still operating older deployments.

The issue also affects several release branches of Cisco Network Services Orchestrator. Systems running version 6.3 or earlier remain vulnerable and require immediate updates. Cisco further confirmed that the flaw exists within the 6.4 release branch, although the issue was corrected beginning with version 6.4.1.3. Organizations operating NSO version 6.5 or later are not affected.

Cisco discovered the vulnerability internally while handling a routine Technical Assistance Center support case. At this time, the company’s Product Security Incident Response Team said it has not observed public proof-of-concept exploit code or evidence showing active attacks targeting the flaw.

Even so, the company warned that customers cannot rely on temporary mitigations to reduce exposure. Cisco stated there are currently no workarounds capable of preventing the resource exhaustion issue without affecting legitimate system functionality. Because of this, upgrading to patched software releases remains the only available method for fully securing vulnerable environments.

Security professionals have increasingly warned that resource exhaustion attacks continue to pose operational risks for enterprises because they can interrupt business-critical infrastructure without requiring sophisticated intrusion techniques. Attackers often exploit weaknesses in traffic handling, connection management, or request validation to overwhelm services and force outages.

Cisco is advising affected customers to schedule maintenance windows and deploy the recommended updates as quickly as possible to reduce the risk of service interruptions and administrative lockouts.

Read more »
X Platform
Algorithm Bias Criminal Investigation Cyber Crime Elon Musk French Probe X Platform

French Prosecutors Escalate Elon Musk X Probe to Criminal Investigation

 

French prosecutors have escalated their inquiry into Elon Musk and X into a criminal investigation, widening a case that already included allegations of algorithmic manipulation, improper data extraction, and harmful content on the platform. The move deepens a legal fight that has followed Musk’s company across Europe and adds fresh pressure on X’s leadership as regulators scrutinize how the platform operates inside France. 

Paris prosecutors say the investigation began after complaints in 2025 raised concerns that X’s recommendation systems may have influenced political discourse in France. The case later expanded to examine whether the platform’s chatbot Grok helped generate or spread content such as Holocaust denial, sexually explicit deepfakes, and material involving non-consensual or abusive imagery. French officials have also looked at whether X knowingly facilitated the creation and distribution of such content. 

According to reporting on the case, Musk and former X chief executive Linda Yaccarino were summoned for questioning on April 20, but neither appeared or cooperated with the interview request. Musk has previously rejected the allegations, calling the probe politically motivated and describing earlier enforcement actions as an attack. The French side has continued moving forward despite his objections. 

The investigation has broader implications because it touches on how social media platforms manage algorithms, user data, and AI-generated content. It also reflects a wider regulatory pattern in which governments are testing whether major tech companies can be held responsible for content moderation failures, platform design choices, and possible violations of local law. X has already faced similar scrutiny in other jurisdictions, adding to the company’s legal and reputational burden. 

There is also an international dimension to the dispute. Reports say the U.S. Department of Justice declined to assist French authorities, arguing that France was improperly interfering in an American company’s affairs. That leaves the case positioned not only as a criminal probe of X, but also as a test of how far national regulators can go when platform decisions and AI tools have cross-border effects.
Read more »
Subscribe to: Posts (Atom)

Featured