Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Hackers Hide Credit Card Stealer in 1‑Pixel SVG Image on Magento Sites

  Security researchers have uncovered a stealthy web‑skimming campaign in which cybercriminals are hiding credit card‑stealing code inside a...

All the recent news you need to know
Cyber Security
advance payment scams and money laundering Apple Apple device security Apple Pay call scams Cyber Fraud Cyber Security

Apple Pay Scam Surge Targets iPhone Users With Fake Fraud Alerts and Urgent Calls

 

A fresh surge in digital deception now sweeps through global iPhone communities - fraudsters twist anxiety into action using counterfeit Apple Pay warnings. Moments of panic open doors; criminals slip in, siphoning cash before victims react. Across continents - from city hubs in America to quiet towns in Europe - the pattern repeats quietly, yet widely. These traps snap shut fast: funds vanish while confusion lingers behind. 

A fake alert arrives by text, pretending to be from Apple, saying there is odd behavior on someone’s Apple Pay. Usually, it holds a contact line, pushing people to dial right away if they want to block what seems like theft. Pressure builds fast - this rush matters, because confusion helps trick targets into moving before checking facts. Right away, after the call connects, the person speaking is actually a fraudster pretending to be from Apple support, a financial institution employee, or sometimes even someone claiming police authority. 

Often beginning mid-sentence, these criminals rely on rehearsed dialogue - sometimes knowing bits of private facts - to appear legitimate. Driven by deception, their aim involves getting individuals to disclose confidential credentials like login codes, temporary access numbers, or credit account specifics. Instead of helping, they push for immediate fund transfers using false claims about protecting digital profiles. What makes these attacks effective isn’t code - it’s mimicry paired with pressure. Fake sites appear almost identical, pulling people in through urgency instead of malware. 

Access unfolds when someone hands over a verification number, thinking it's routine. Sometimes, approval prompts arrive disguised as normal alerts - clicking confirms access for thieves. Control shifts without force; consent does the work, quietly. Alerts pretending to come from Apple might seem convincing. Still, the firm emphasizes it never reaches out first to ask for login details or access codes. Messages showing up without warning, particularly ones demanding quick replies, deserve careful attention. 

Instead of responding, consider them suspicious by default. Official communications will not pressure anyone into instant decisions. Should you spot something off, snap a picture of the message and send it straight to Apple’s dedicated fraud inbox. Above all else, stay clear of phone numbers or links tucked inside those alerts - get in touch only via trusted paths marked out by Apple itself. Scammers cast a wider net than just Apple. 

Pretending to be support agents from well-known tech giants - Microsoft, say, or Google - is common practice among cyber actors aiming at regular people, showing how manipulation methods keep evolving across digital spaces. Surprisingly, fake Apple Pay messages show how clever online thieves have gotten lately. Because such tricks now happen so often, staying alert and acting carefully matters more than ever. 

Unexpected notifications should always spark doubt - never hand out private details without verifying first. Real businesses do not demand quick decisions by email or text message, a fact worth repeating quietly to oneself when pressured.
Read more »
Sanctioned Exchange Breach
Africa under cyber threats Blockchain Forensics Investigation Cross Chain Transaction Tracking Cryptocurrency Security Risks Cyber Security Darknet Financial Networks Sanctioned Exchange Breach

$13.74M Exploit Leads to Closure of Sanctioned Grinex Exchange Amid Intelligence Concerns


 

As a consequence of a reported security breach valued at approximately $13.74 million, Grinex, a cryptocurrency exchange registered in Kyrgyzstan, has been suspended from operations as a consequence of sanctions imposed by both the United States and the UK in the previous year. 

Based on the platform's description of the incident, it alleges the involvement of Western intelligence-linked actors in a highly coordinated cyber intrusion. Consequently, unauthorized access to user assets exceeding 1 billion rubles resulted, prompting a temporary suspension of operations while internal containment and assessment procedures were implemented. 

The company further asserted in its official disclosure that the compromise was of a level of sophistication that matches state-grade cyber capabilities. This suggests that advanced tools and infrastructure have been used beyond typical cybercriminal activity. According to Grinex, preliminary forensic analysis indicates a targeted operation that is likely to undermine perceptions of financial stability within sanctioned ecosystems in order to undermine perceived financial stability. 

Additionally, the exchange outlined that its systems had been subjected to persistent probing and hostile activity since inception, and framed the latest incident as an important escalation in an ongoing pattern of attacks that have attempted to weaken the exchange's financial stability and operational environment. It has become increasingly difficult to assess Grinex’s potential continuity with previously sanctioned infrastructure following further investigations into its operational lineage and transactional footprint, particularly since multiple blockchain intelligence assessments have linked it to the defunct Garantex ecosystem. 

The United States Treasury first designated Garantex in April 2022 on allegations that it assisted ransomware-related laundering activities through darknet markets such as Conti and Hydra. When authorities cited more than $100 million in illicit transaction processing and sustained exposure to money laundering networks, the company was subjected to renewed restrictions in August 2025. 

As a result of enforcement actions, analysts from Elliptic and TRM Labs have concluded that Grinex may have effectively absorbed Garantex's user base. During this process, Grinex deployed a ruble-pegged stablecoin mechanism identified as A7A5, which maintained liquidity flows and maintained transactional continuity despite regulatory pressure.

On-chain intelligence has also mapped a wider ecosystem of interconnected exchanges, according to Elliptic. Rapira, an exchange incorporated in Georgia with a presence in Moscow, has executed cryptoasset transfers to and from Grinex worth more than $72 million, reinforcing concerns regarding persistent sanctions circumvention channels linked to Russian financial institutions. 

Elliptic has independently corroborated the timeline of the $13.74 million asset compromise, indicating that the breach occurred at approximately 12:00 UTC on April 15, 2026 and then the assets were rapidly dispersed across both TRON and Ethereum networks. An attacker is believed to have systematically converted USDT holdings into liquid and less traceable assets such as TRX and ETH to mitigate the risk associated with issuer-level freezing mechanisms. 

The TRM Labs team has since identified approximately 70 blockchain addresses associated with this incident, as well as highlighting a concurrent disruption at TokenSpot, a Kyrgyzstan-based exchange suspected of operating in conjunction with Grinex. TokenSpot initially attributed service interruption to routine maintenance through its Telegram communication system, however subsequent activity indicated partial fund movements associated with the same consolidation wallet structure as the Grinex breach, although on a much smaller scale. 

A chain-analysis assessment further indicated the rapid conversion strategy employed during the incident, which was characterised as a well-established method of laundering assets that outpaced enforcement response by rapidly rotating assets from stablecoins into decentralized tokens. As well as raising the possibility of strategic deception within the incident narrative, the firm argued that given Grinex’s sanctioned status and historically opaque organizational structure, the breach may have been the result of either opportunistic cyberexploitation or a deliberately created false flag.

Although various theories have been advanced as to whether or not the event is to be attributed to any particular person, analysts agree that the event has materially disrupted a financial architecture long associated with sanctions evasion mechanisms and cross-border illicit liquidity flows. 

The Grinex incident highlights the evolution of the risk landscape, as cybersecurity analysts suggest that continuous monitoring of cross-chain fund movements is critical, stricter compliance alignment is necessary among exchanges operating in high-risk jurisdictions, and enhanced due diligence needs to be conducted regarding stablecoin liquidity routes. 

In light of this case, it is even more important that blockchain analytics firms, regulators, and financial platforms coordinate intelligence sharing to detect and disrupt laundering activities at a very early stage. Increasing the effectiveness of on-chain tracing capabilities, enforcing robust asset freezing protocols, and improving the transparency of exchange ownership structures will all help reduce systemic exposure to similar incidents in the future.
Read more »
LinkedIn privacy policy
browser extension scanning Cyber Security Data Privacy Concerns Fairlinked report LinkedIn lawsuit LinkedIn privacy policy

LinkedIn Faces Lawsuits Over Alleged Browser Extension Surveillance, Denies Privacy Violations

 

Two class-action lawsuits have been initiated against LinkedIn, accusing the platform of secretly monitoring users through browser extension scanning. The company, however, has strongly rejected the claims, stating that its practices are transparent and already outlined in its privacy policy.

"This is a house of cards built entirely upon a fabrication. We do disclose that we scan for browser extensions in our Privacy Policy, in order to detect abuse and provide defense for site stability," LinkedIn tells PCMag.

The lawsuits were filed on Monday in a U.S. District Court in California, following a report by German organization Fairlinked e.V.. The report alleges that LinkedIn uses a JavaScript file on its website to scan users’ Chrome browser extensions, checking for as many as 6,222 extensions. It further claims that this data could potentially be used to profile users or identify whether they are using competing tools.

LinkedIn disputes these allegations, explaining that the scanning is designed to combat web scraping activities. “We do not use this data to infer sensitive information about members,” the company tells PCMag. Its privacy policy also mentions that it may collect device and network-related data, including details about browsers and add-ons.

According to LinkedIn, the scanning mechanism serves as a protective measure to prevent unauthorized scraping of member profiles. Despite this explanation, the lawsuits argue that the company’s actions exceed reasonable expectations of user privacy and are seeking damages, along with a halt to the scanning practice.

"No reasonable user would read generalized references to URLs, browser data, add-ons, device features, cookies, automated systems, security, anti-abuse, fraud prevention, or similar matters and understand that LinkedIn would covertly interrogate the user’s browser, enumerate or infer installed extensions," one of the complaints says.

One of the lawsuits, filed by California resident Jeff Ganan, claims the practice violates the Electronic Communications Privacy Act and the California Comprehensive Computer Data Access and Fraud Act, among other statutes. A second lawsuit, filed by Nicholas Farrell, raises similar concerns with a stronger focus on alleged violations of California-specific laws.

Fairlinked, which represents commercial LinkedIn users, is also connected to the controversy through one of its board members, believed to be Steven Morell, founder of Teamfluence. LinkedIn claims it previously restricted accounts linked to Teamfluence over concerns about misuse of member data.

Commenting on the dispute, LinkedIn’s Vice President for Legal, Sarah Wight, said: “So we acted to restrict the accounts associated with Teamfluence. In retaliation for their accounts being suspended, in January, the creator of Teamfluence sought an injunction against LinkedIn in Germany,” adding, “I’m happy to report that the court thoroughly rejected Teamfluence’s claims, reaffirming LinkedIn’s ability to act swiftly and decisively against bad actors who access member data inappropriately."

In a separate statement to PCMag, LinkedIn added, “Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy,” referring to the ongoing controversy.

Fairlinked, however, disputes LinkedIn’s narrative, stating: “the court case Microsoft cites has nothing to do with the surveillance operation. That case concerns an account suspension. BrowserGate was never mentioned in the proceedings. Microsoft implies it prevailed. It did not. A motion for a preliminary injunction was denied. Both plaintiffs have appealed. The litigation is ongoing.”

The group has also challenged LinkedIn’s justification for scanning browser extensions, arguing that the scope of data collection goes far beyond security needs. “Scanning for 6,000 extensions and transmitting the results to third parties without user consent is not server protection. It’s an illegal spying operation,” it says. "The scan list contains thousands of extensions that have nothing to do with scraping. Religious extensions. Political opinion extensions. Job search tools. Neurodivergent aids. Amazon image downloaders. Pharmacy operations tools. Delivery schedulers. Clearly, server protection is not the goal here.”
Read more »
Malicious Link
2FA Cyber Phishing Data Breach Financial Fraud Fraud Alert Identity Theft Malicious Link

Data Breach Alert: What It Means, Why It Matters, and How to Protect Yourself Immediately




Data breach notifications should never be ignored. Discarding them as junk mail can expose you to serious risks, including financial fraud, identity theft, and unauthorized access to your personal records.

These alerts are now extremely common. They often arrive as emails or letters from organizations such as banks, telecom providers, insurers, or even gyms. Because of their frequency, many individuals overlook them. However, the Identity Theft Resource Center reports that nearly 80 percent of people received at least one such notice in the past year, with many receiving several. This repeated exposure has led to what experts describe as “breach fatigue,” where individuals stop responding to warnings altogether.

The consequences of ignoring these alerts can be severe. Criminals may open credit accounts in your name, accumulate large debts within minutes, or misuse identification numbers to access services such as healthcare. For example, a recent breach involving a U.S.-based benefits administrator exposed Social Security numbers of 2.7 million individuals. In 2024 alone, 1.36 billion breach notifications were issued. While 2025 saw fewer victims overall, the incidents became more serious. Highly sensitive data, including Social Security numbers, appeared in two-thirds of cases, while financial details or driver’s license information were involved in roughly one-third.

Cybersecurity professionals, including Sandra Glading, Greg Oslan, and David Trapp, define a data breach as an incident where unauthorized actors gain access to systems and extract personal data. This information may include basic details such as names and contact information, or more sensitive data like passwords, banking details, or national identifiers. The level of risk increases significantly when multiple types of data are combined, as attackers can reconstruct identities and carry out complex fraud.

The scale of the issue has grown rapidly. The Identity Theft Resource Center recorded 3,322 breaches affecting more than 278 million individuals in the United States in 2025, marking the highest level on record and a 79 percent increase over five years. Two decades ago, such incidents were far less frequent. Around 2010, there were roughly 600 breaches annually, and attackers primarily targeted governments or large institutions. Today, the threat landscape has shifted toward mass exploitation driven by financial incentives. According to the Federal Bureau of Investigation, cybercrime losses reached $16.6 billion in 2024, demonstrating the scale of this criminal ecosystem.


How Do You Know If You’ve Been Affected?

In many countries, including the United States, companies are legally required to inform individuals when their personal data is compromised. Notifications may arrive via email, physical mail, or identity-protection services. In major incidents, the news media may report the breach before individuals receive direct communication.

However, this system is not foolproof. Experts warn that notifications often take months because companies need time to investigate. By the time you are informed, your data may already be in use by attackers.

At the same time, scammers exploit these situations by sending fake breach alerts. These messages may include links offering free credit monitoring or contact numbers. You should never act immediately on such messages. Always verify the information through the official website of the organization before clicking links or sharing personal data.


What to Do Immediately After a Data Breach

Security experts stress that speed matters. According to IBM, the average data breach remains active for 241 days, giving attackers an advantage before detection.

1. Identify What Information Was Exposed

Different types of data create different risks. For example, an exposed email address may lead to phishing attempts, while a leaked Social Security number can enable identity theft.

Carefully review the breach notification and locate the section that lists the compromised data. If the details are unclear, contact the organization directly. You can also use trusted breach-checking tools such as services provided by the National Cybersecurity Center or “Have I Been Pwned” to verify whether your email appears in known leaks.

2. Freeze Your Credit

A credit freeze prevents lenders from accessing your credit report, making it difficult for criminals to open new accounts in your name.

To do this, contact the three major credit bureaus:

• Experian

• Equifax

• TransUnion

This process is free and can typically be completed online within minutes.

3. Place a Fraud Alert

A fraud alert requires lenders to verify your identity before approving new credit.

You only need to contact one credit bureau, which will notify the others. Standard alerts last one year, while extended alerts for confirmed identity theft victims can remain active for up to seven years.

4. Monitor Financial Accounts Closely

Unauthorized transactions may appear quickly or after a delay.

Review your bank and credit card statements regularly for several months. Enable transaction alerts to receive real-time notifications of account activity. If you notice suspicious charges, report them immediately. Most financial institutions offer zero-liability protection, but timely reporting is essential.

5. Update Your Passwords

If login credentials are exposed, attackers often attempt to reuse them across multiple platforms.

Immediately change the password for the affected account. Then update any other accounts that use the same or similar credentials. Use strong, unique passwords for each account to reduce risk.

6. Enable Two-Factor Authentication

Two-factor authentication adds an additional layer of security by requiring a temporary code generated on your device.

Although it may seem inconvenient, it significantly reduces the chances of unauthorized access. Whenever possible, use authenticator apps instead of SMS-based codes, as they are more secure.


Additional Steps to Strengthen Long-Term Protection

After addressing immediate risks, you should adopt preventive measures:

• Use a password manager to create and store complex passwords.

• Enable passkeys, which rely on biometrics or device authentication instead of traditional passwords.

• Consider identity-protection services that monitor credit activity and data leaks.

• Stay alert to phishing attempts, especially after a breach, as attackers often impersonate trusted organizations. Avoid clicking unknown links or downloading unexpected attachments.

Experts also recommend tools like the Personal Cyber Advisor from the National Cybersecurity Center, which provides tailored guidance and alerts to help users reduce their risk.


Why This Matters Now

Data breaches are no longer rare or isolated events. They have become part of a large-scale, financially driven cybercrime ecosystem. The increasing frequency, combined with the growing sensitivity of exposed data, means individuals must take a more proactive approach to digital security.

Ignoring a breach notification is no longer a safe option. Acting quickly and following the correct steps can significantly reduce the potential damage.


Read more »
NHAI Ban Surveillance Tech
Chinese Cameras Cyber Security data security Highway Tolls NHAI Ban Surveillance Tech

India Bans Chinese Cameras at Highway Tolls Over Data Security Fears

 

India has taken a firm stand against potential surveillance risks by barring Chinese-made high-speed cameras from its highway toll plazas, prioritizing national security amid ongoing border tensions with China. The government's decision stems from concerns that data captured by these devices could be exploited for intelligence gathering, especially in conflict scenarios, prompting officials to replace existing installations and halt new imports of sensitive technology from China. 

This move aligns with broader efforts to reduce reliance on foreign hardware vulnerable to backdoors or remote access. The initiative is part of the National Highways Authority of India (NHAI)'s ambitious FASTag-enabled project to equip around 1,150 toll collection sites with advanced video devices that allow vehicles to pass without slowing down, enhancing traffic efficiency. 

Previously, cheaper Chinese cameras dominated due to cost advantages, but now NHAI has shortlisted trusted alternatives: Taiwan's VIVOTEK (a Delta Electronics unit), Germany's Robert Bosch GmbH, and US-based Motorola Solutions Inc. These suppliers' products, though pricier, undergo rigorous scrutiny to ensure no critical Chinese components. 

India's Standardisation Testing and Quality Certification Directorate (STQC) plays a pivotal role, testing cameras for highway tolls, CCTVs, and government deployments to verify origins and approve only those free of Chinese parts. This mirrors actions in Delhi, where over 140,000 Chinese CCTV cameras are being phased out in stages due to similar security worries.Companies like Hikvision and Dahua face effective bans on internet-connected video equipment, reflecting a nationwide push against perceived data vulnerabilities. 

The decision underscores persistent trust deficits despite recent India-China diplomatic thaws, rooted in decades-old border disputes. Globally, nations like the US, UK, and Australia have imposed restrictions on Chinese surveillance tech—Washington's watchlist targets over 130 firms with military ties, while the UK excluded Huawei from telecoms—fearing espionage via embedded software. India's proactive stance safeguards critical infrastructure handling vast vehicle data, including license plates and movements. 

While costlier, the shift bolsters digital sovereignty and sets a precedent for secure tech procurement in sensitive sectors. As India expands its highway network, this policy ensures smoother tolling without compromising security, signaling a strategic pivot toward reliable international partners.
Read more »
DNSaaS
Cloud Platform Cyberattacks Data Breach Data Integration Data protection data security Data Theft data theft attacks DNSaaS

SaaS Integration Breach Triggers Snowflake Data Theft Attacks Across Multiple Companies

 

A major security event unfolded through a SaaS connector firm, triggering repeated data breaches across over twelve organizations - exposing vulnerabilities inherent in linked cloud environments. Through stolen login credentials, attackers gained indirect entry into various systems, bypassing traditional defenses. Most intrusions focused on user accounts tied to Snowflake, a common cloud storage solution. Access spread quietly, amplified by trust relationships between services. 

This pattern reveals how one weak link can ripple through digital infrastructure. Security teams now face pressure to rethink third-party access controls. Monitoring once-perimeter-based threats must adapt to these fluid attack paths. Trust, when automated, becomes an exploitable feature. Few expected such widespread impact from a single vendor gap. Hidden connections often carry unseen risk. 

Unusual patterns emerged across several client profiles tied to one outside tool, Snowflake confirmed. Not its core network - security gaps arose elsewhere, beyond company walls. To reduce risk, account entry points got temporarily locked down. Notifications went out, alongside practical steps users could apply immediately. External links triggered the alarms, not flaws in-house. Unexpected findings pointed to Anodot - a tool using artificial intelligence for data analysis - as the source of the incident. Though now part of Glassbox since 2025, it struggled worldwide with every linked service. Connections to systems like Snowflake, Amazon S3, and Kinesis stopped working at once. 

Because of these failures, gathering information slowed down sharply. Alerts either came late or did not appear at all - hinting at deeper problems behind the scenes. Unauthorized individuals used compromised login credentials taken from Anodot to infiltrate linked networks, then remove confidential files. Responsibility for these intrusions was asserted by the hacking collective known as ShinyHunters, which says it acquired records from several companies. Instead of immediate disclosure, they are pressuring affected parties through threats of public exposure unless demands are met. 

According to their statements, access to Anodot's infrastructure might have lasted weeks - possibly longer. That timeline hints at serious weaknesses in monitoring and response capabilities. Surprisingly, stolen credentials weren’t just aimed at Snowflake - reports indicate attempts to reach Salesforce too. Detection occurred early enough that no information was exposed during those trials. Notably, hackers increasingly favor slipping through connected services instead of breaking into core software directly. 

Even though the event was large, some groups stayed untouched. One of them, Payoneer, said it knew about Anodot's security problem yet insisted its own setup faced no risk. On another note, Google’s team tracking online threats mentioned keeping an eye on developments - without sharing more specifics. Though widespread, the impact skipped certain players entirely. One event highlights how cyber threats now exploit outside connections more often than before. 

Instead of targeting main systems directly, attackers slip through partner logins and linked software platforms. When companies connect many cloud services together, one weak entry point may spread harm widely. Security must extend beyond internal networks - overlooking external ties creates unseen gaps. A failure at any connected vendor might quickly become everyone’s problem.
Read more »
Subscribe to: Comments (Atom)

Featured