Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

WeedHack Malware Infects Over 116,000 Minecraft Players Through Fake Mods and Cheats

  Early this year, a large-scale digital attack named WeedHack began spreading, tricking more than 116,000 Minecraft players worldwide. Inst...

All the recent news you need to know
Technology
AI Claude Crypto Data Malware Attack Technology

Hackers Exploit Fake Claude Code Installers and Install Malware


Developers looking into Claude Code deployment instructions could be lured into an advanced malware campaign that hides itself as a genuine AI tooling documentation. 

Fake Claude code exploit

Experts found a few fake Claude Code and developer platform websites built to steal credentials, cryptocurrency, and API keys.

According to Straiker researchers, “the attack chain runs on the same unchecked trust that makes AI developer tools so easy to adopt.  “You copy a command. You paste it in your terminal. By then, it’s already too late,” said Straiker researchers in their analysis of the campaign. 

Highlights of the fake Claude code campaign 

1. Experts found over 88 fake domains mimicking Claude Code and other developer sites. The campaign utilises SEO infection and Google ads to deploy malicious install web pages over genuine documentation.

2. Threat actors hide infected commands within genuine installation commands, without impacting the deployment process.

3. The malware particularly attacks AI-based assets such as cloud development credentials, API keys, and verification tokens.

About the credential theft campaign 

The campaign attacked users of famous AI and developer tools, such as Claude Code, JetBrains, Perplexity Comet, and Cline. 

As per the experts, the operation depends on over 88 domains hosted throughout genuine platforms and constantly shuffles infrastructure, letting malicious sites to immediately resurface after shutdowns. To trap targets, threat actors use redirect chains, SEO poisoning and paid Google ads that place scammed installations over genuine documentation in search results.

These websites closely impersonate genuine vendor resources and demonstrate installation commands that look genuine but include hidden separators, such as “&,” that launch malicious actions along with the expected software deployment.

In various incidents, the genuine command still runs effectively, helping hide the hack.

Delivery of malware and launch tactics

Experts found various delivery techniques, such as rundll32.exe loading infected DLLs, Base64-encoded commands, mshta.exe abuse, JavaScript-based payloads, and GitHub-hosted scripts. 

By such techniques, hackers improve their potential to escape convention detection tools. Contrary to infostealers, the campaign pick on AI assets like authentication tokens, API Key, and cloud development credentials from tools such as Continue[.]dev, Cline. 

After execution, the malware uses a multi-level malicious chain that features encoded C2 communications, anti-analysis capabilities, fileless execution tactics, and credential theft functions.

Experts found the primary payload as ACRStealer, a malware family that steals information and has developed to include sophisticated encryption and escape tactics. Experts also identified a cryptocurrency clipboard hacker that rediverts transactions by replacing copied wallet addresses.

Read more »
Password Vault
Brute-force attack Cyber Attacks Dashlane Data Leak Password Vault

Hackers Steal Encrypted Password Vaults in Dashlane Attack

 

Dashlane’s June 2026 breach is a reminder that even password managers can become targets when attackers focus on account access rather than the encrypted vault itself. In this case, hackers used brute-force attacks against Dashlane’s two-factor authentication flow, gained access to a small number of customer accounts, and downloaded encrypted password vaults. 

According to Dashlane’s disclosure, the attackers targeted the device-registration process, which lets a new phone or computer be added to an account after verification. Dashlane said the campaign affected about 20 customer accounts and resulted in at least a dozen encrypted vaults being copied, while the company’s own infrastructure was not compromised. 

The good news is that the stolen vaults are still encrypted and cannot be opened without each user’s master password. Dashlane’s zero-knowledge design means it does not store master passwords in plaintext, so the immediate risk depends heavily on how strong and unique the user’s master password is. That said, the incident still matters because an encrypted vault can be dangerous if the master password is weak, reused, or already exposed elsewhere. Security researchers also noted the broader lesson: once attackers have a copy of the vault, they can attempt offline cracking without triggering more defenses on the service side. 

For users, the safest response is to change the master password to a long, unique passphrase, review recently registered devices, and reset any sensitive accounts stored in the vault, starting with email, banking, and identity services. It is also wise to use phishing-resistant 2FA such as a hardware security key where possible, and watch for suspicious password-reset emails for the next few weeks.
Read more »
rapid7
Cyber Crime Digital Fraud Extortion FBI FTSE IABs ransomware rapid7

Ransomware Revenues Climb as Criminal Networks Expand and Adapt like unwanted vines

 




Ransomware operators continue to generate substantial profits, with new research from Rapid7 indicating that several cybercrime groups are recording revenue growth that outpaces many publicly traded businesses.

According to the cybersecurity firm's analysis, ransomware groups collectively received an estimated $529.2 million during the first quarter of 2026. That figure represents a 39% increase compared with the same period a year earlier. Rapid7 noted that none of the companies within the FTSE 350 index reported year-over-year revenue growth exceeding 30% during that quarter, placing ransomware operators among the fastest-growing entities examined in the study.

Several well-established ransomware operations appear to be benefiting from this trend. Rapid7 estimates that the Qilin ransomware group generated approximately $193 million between July 2025 and March 2026. During the same period, the Gentleman group is estimated to have collected roughly $52 million in ransom payments.

Rapid7 researchers argue that modern ransomware operations bear little resemblance to the stereotype of small groups of hackers working independently. Instead, many function through interconnected networks of specialists who focus on specific stages of an attack. Some actors gain access to victim networks, others develop malware, while separate teams handle extortion demands and payment negotiations.

A major factor behind this growth is the emergence of Initial Access Brokers, or IABs. These actors specialize in obtaining access to corporate networks and then selling that access to other criminals. As a result, launching a ransomware attack no longer requires extensive technical expertise. Access to compromised systems, attack tools, and even managed cybercrime services can now be purchased through underground marketplaces.

Researchers say this division of labor has created a more structured criminal economy. Different groups contribute individual services, allowing ransomware campaigns to operate through networks that resemble commercial supply chains rather than isolated criminal crews.

The study also highlights the resilience of these operations. Infrastructure used by ransomware groups, including servers, data leak platforms, and victim negotiation portals, can often be restored quickly after disruptions. Law enforcement agencies, meanwhile, frequently require lengthy investigations and international coordination before conducting enforcement actions. This difference in speed allows many criminal networks to continue operating even when portions of their infrastructure are removed.

Rapid7 CTO EMEA Thom Langford said ransomware groups have demonstrated an ability to continue generating revenue despite disruptions because their operations are designed to function even when individual components are taken offline. In many cases, the removal of a single server or criminal group does not significantly affect the broader ecosystem supporting ransomware activity.

The findings come amid continued financial losses linked to cybercrime. According to the FBI's Internet Crime Complaint Center, organizations and individuals reported more than $16 billion in cybercrime losses during 2024, reflecting the growing economic impact of digital fraud, extortion, and network intrusions.

To reduce ransomware risk, Rapid7 recommends that organizations continuously review their exposed systems and identify weaknesses that could provide attackers with an entry point. Particular attention should be given to misconfigured services, overlooked assets, and internet-facing systems, which are frequently targeted by Initial Access Brokers seeking access to corporate environments.

The company also advises security teams to make greater use of threat intelligence to understand how attackers operate, including the infrastructure, tools, and access methods commonly used during intrusions. Researchers further recommend strengthening identity security through tighter access controls, least-privilege policies, and monitoring for signs that employee credentials have been stolen, resold, or abused.

According to Rapid7, disrupting ransomware attacks before attackers establish access remains one of the most effective defensive strategies. By identifying weaknesses early and restricting opportunities for credential theft, organizations may be able to prevent ransomware incidents before they progress to the extortion stage.

Read more »
Technology for Data Protection
AI Surveillance Amazon Ring Biometric Data Collection biometric privacy Consumer Privacy Rights Facial Recognition Privacy Smart Doorbell Security Technology for Data Protection

Amazon Faces Lawsuit Over Ring Facial Recognition Practices


 

Face recognition capabilities are increasingly integrated into consumer surveillance platforms, prompting increased legal scrutiny over Amazon's Ring division's handling of biometric information. Newly filed lawsuits allege that Ring's optional "Familiar Faces" feature captures, processes, and stores facial images without obtaining consent from each individual who may have their likeness recorded. 

Privacy compliance, biometric data governance, and the legal boundaries of AI-driven identification technologies are raised as a result of this lawsuit. In the complaint, which has been filed by a Virginia resident seeking class-action status and substantial damages, one of the most widely used smart doorbell ecosystems is placed at the center of a escalating debate concerning how companies balance convenience with security and data protection. 

Charles Sigwalt, who initiated the proposed class-action lawsuit in Seattle, is at the center of the legal challenge. As part of Ring's "Familiar Faces" technology, individuals within the range of compatible doorbell cameras are scanned and classified through artificial intelligence using artificial intelligence. Sigwalt claims that the feature generates and retains an unique template of the individual's face that may be used in future encounters to identify the same individual. 

Whereas Sigwalt received no notice that his biometric information was being captured or processed during his visits to friends and relatives who used Ring devices, he claims this process occurred while he was visiting those homes. Furthermore, the lawsuit alleges that the company continues to retain such data, as well as asserting that the individuals recorded by the system did not provide consent to such collection. 

Although Amazon did not respond to the allegations, this case highlights the technical operation of Ring's "Familiar Faces" feature that was introduced in September 2025 as an optional tool to enhance visitor notifications. 

By replacing generic alerts with personalized ones, this system enables cameras to recognize recurring visitors over time and send notifications based on their names instead of the usual motion or presence alerts. However Ring claims that the feature can be enabled or disabled by the user at any time, the lawsuit raises broader questions regarding how consent mechanisms adequately address biometric data of individuals who do not own the device, but may still be subjected to facial recognition analysis despite not being device owners. 

Additionally, the complaint asserts that the collection of facial recognition data extends beyond Ring device owners and may negatively affect individuals who walk through cameras monitored entryways without their knowledge or consent. 

In the filing, it is stated that millions of people may have been able to capture their facial images by simply appearing within the viewing area of Ring-equipped properties, raising questions regarding the extent of biometric data collection in residential surveillance settings. Amazon declined to comment on the litigation, however the case adds to a growing list of privacy challenges for Ring since Amazon acquired the smart security company for $1 billion in 2018. 

Ring also faced criticism months ago over its neighborhood camera network feature, which was promoted during the Super Bowl to help users locate missing pets. There has been some controversy surrounding this initiative, since privacy advocates and some users have warned that the expansion of interconnected camera coverage could result in a broader surveillance of public spaces and residential communities than the initiative's stated objective. 

Both controversies emphasize the increased scrutiny that has been focused on the deployment of networked surveillance and the handling of biometric information on a large scale by regulators and the public. Increasingly, consumer security products are providing features such as biometric recognition and artificial intelligence-driven surveillance. 

The legal challenge filed against Ring demonstrates the growing tension between the advancement of technology and the protection of individual privacy. In this case, the outcome could affect the development of facial recognition systems, biometric data management, and the process by which organizations obtain meaningful consent from individuals who are likely to be captured by connected devices. 

As intelligent surveillance technologies continue to evolve, transparency, data governance, and privacy-by-design principles remain essential safeguards for consumers and corporations alike.
Read more »
residential proxy network
Botnet attack Cyber Security DDOS Attacks Dutch Police malware infection residential proxy network

Dutch Authorities Dismantle Massive Botnet Network Linked to 17 Million Compromised Devices

 

Dutch authorities have shut down what is believed to be one of the largest botnet operations ever uncovered, disrupting a cybercrime network that compromised more than 17 million internet-connected devices globally. The affected devices reportedly included computers, smartphones, tablets, security cameras, and other connected hardware that were unknowingly used to facilitate large-scale cyberattacks.

According to Dutch investigators, approximately 200 servers located in the Netherlands were seized as part of the operation. These servers allegedly formed the backbone of a sophisticated botnet infrastructure that transformed infected devices into components of a residential proxy network.

A botnet is a collection of compromised devices that cybercriminals can remotely control after infecting them with malware. Such networks are commonly used to launch Distributed Denial of Service (DDoS) attacks, distribute phishing campaigns, send spam, commit fraud, and conceal the origins of malicious online activities.

Dutch media outlet NL Times reported that cybercriminals targeted devices with weak security protections, converting them into nodes within a residential proxy service. Once infected, the devices were used to redirect internet traffic and allegedly help "launch large-scale cyberattacks" without the owners' knowledge. Authorities confirmed that the network has now been taken offline.

The investigation began after a cybersecurity researcher working with the National Cyber Security Centre (NCSC) identified suspicious activity linked to the botnet. The NCSC, which operates under the Netherlands' Ministry of Justice and Security, subsequently partnered with Dutch law enforcement agencies to investigate the case. Their efforts led to the identification and seizure of the servers supporting the operation.

While authorities have not disclosed the exact method used to infect more than 17 million devices, cybersecurity experts note that botnets are commonly spread through malicious applications, software vulnerabilities, phishing campaigns, and brute-force attacks.

The dismantled network has reportedly been linked by NL Times to Asocks, a residential proxy service that has previously faced scrutiny over alleged connections to botnet-related activities. However, Dutch police have not officially confirmed any association.

In 2024, cybersecurity company HUMAN reported that a botnet known as Proxylib had infected nearly 190,000 devices and integrated them into Asocks' proxy network. Researchers connected that operation to a discontinued VPN service and at least 28 Android applications.

Residential proxy services route internet traffic through the IP addresses of ordinary users, making online activity appear to originate from legitimate residential locations. While such services can have lawful uses, including bypassing geographic restrictions, experts warn that they are increasingly being exploited by cybercriminals.

Following the takedown, the NCSC updated its guidance on residential proxy networks and highlighted the risks they pose. In an updated statement, the agency said the enforcement action "demonstrates" how residential proxies pose "a threat to national and international cybersecurity."

The agency further warned that the technique is "being deployed more and more frequently in digital attacks," enabling activities such as DDoS attacks, phishing campaigns, credential theft, brute-force attacks, malware distribution, and SMS pumping.

The operation reflects a broader international effort to combat cybercrime infrastructure. In March, authorities from Germany, Canada, and the United States coordinated actions against two major botnets known as "Aisuru" and "Kimwolf," which were allegedly responsible for large-scale DDoS attacks. U.S. authorities reported that those networks had compromised more than three million devices.

Earlier this year, Google disrupted the IPIDEA proxy network, whose development kits were reportedly used by the Kimwolf botnet. Separately, the Netherlands' Fiscal Information and Investigation Service (FIOD) seized more than 800 servers connected to an illegal hosting platform allegedly used for botnet and malware-related activities.

Cybersecurity experts continue to advise users to strengthen their digital defenses by creating strong passwords, regularly updating software, monitoring network activity, enabling WPA2 or WPA3 Wi-Fi security protocols, and avoiding downloads from unverified sources. Users are also encouraged to carefully review application permissions and terms of service to ensure their devices are not unknowingly enrolled in proxy networks. Traditional antivirus protection remains an important layer of defense against evolving cyber threats.

Read more »
leadership
CEO accountability cyberattack responsibility cybersecurity breaches Data Breach leadership

Debate Intensifies Over CEO Accountability in Cybersecurity Breaches

 

A growing debate is emerging around whether chief executives should be held directly accountable when companies suffer cyberattacks. Some experts argue that CEOs must face severe consequences, including automatic dismissal after a major breach, while others warn that such a policy could create dangerous incentives and worsen crisis management.

One viewpoint insists that cybersecurity failures are ultimately leadership failures. Security executives, according to this argument, often act as “bullet fodder” despite lacking control over budgets, risk appetite, or enforcement across business units. They can identify risks and recommend action, but final decisions rest with company leadership.

“CEOs should absolutely be held accountable for a cyberattack. In fact, I would go even further: when there’s a breach, defined as a system being compromised or data being stolen, the CEO should be automatically fired as a result.”

Supporters of stricter accountability say catastrophic breaches can damage customers, employees, supply chains, and the broader business ecosystem. When leadership underfunds security or ignores warnings, they argue, that is a deliberate business choice. They compare major cyber incidents to executive negligence in other corporate functions and suggest boards should establish predefined thresholds for breaches that automatically trigger CEO removal.

Another key point in this camp is incentives. Cyber resilience and risk reduction, advocates say, should be tied directly to executive compensation and employee bonuses so that cybersecurity becomes a company-wide priority rather than a secondary concern.

“When failure carries no personal cost for leadership, accountability shifts downward. Personal accountability at CEO level restores seriousness to cyber risk and aligns decision-making with real-world consequences for all stakeholders.”

However, critics argue that making CEOs personally liable for every breach could backfire. Cyberattacks vary widely in method and speed, and breaches can spread through networks within minutes. During the immediate aftermath, companies need rapid containment and transparent communication with affected parties.

Opponents warn that harsh personal penalties could encourage executives to conceal incidents or delay disclosure out of fear for their own careers. They also point out that cybercriminals might exploit this pressure by attempting to extort CEOs personally in exchange for silence about an attack.

“The focus should be on identifying and penalising the perpetrators, not the victims.”

The recent cyberattack on Marks & Spencer has added fuel to the discussion. The incident disrupted the retailer’s online operations for 46 days, and the company’s annual report revealed that CEO Stuart Machin took a 40% reduction in pay after the bonus scheme was scrapped because of the attack.
Read more »
Subscribe to: Posts (Atom)

Featured