Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Purple Team Myth Exposed: Why It's Just Red vs Blue in 2026

  Many organizations tout their "purple teams" as the pinnacle of cybersecurity collaboration, blending offensive red team tactics...

All the recent news you need to know
Digital Security
Cyber Protection Cyber Security Cyber Threats Data protection Data threats Digital Security

Apricorn Launches 32TB Encrypted Drive to Strengthen Offline Data Security Against Cyber Threats

 

Security feels stronger when data is scrambled, yet that strength vanishes if login steps or secret codes fall into the wrong hands. Instead of relying on system files tucked inside computers - where sneaky programs like spyware or digital snoopers lurk - real protection means keeping those pieces far away from risk. Enter a fresh take from Apricorn: their updated Aegis Padlock DT FIPS line now includes a 32TB model built to lock out the host machine completely. 

This shift sidesteps common traps by handling safeguards directly on the drive itself. Authentication happens right on the device, using keys embedded into the drive's own interface. Rather than typing codes through the host machine, individuals enter their access number straight into the unit. Because of this setup, login details do not pass through the computer’s software layer, lowering risks tied to infected endpoints. 

According to Apricorn, cryptographic operations are managed entirely within the hardware via custom-built AegisWare code, ensuring private information stays separate from vulnerable environments. Isolated encrypted storage remains key for strong cyber defenses, says Apricorn's Kurt Markley. Not limited to online solutions, the device fits into wider efforts for securing data without connectivity. 

Instead of relying on the host system, access control moves directly onto the hardware itself. Threats often exploit weaknesses in software-driven methods - this design helps avoid those pitfalls. With every file saved, encryption happens instantly on the Aegis Padlock DT FIPS. Even at rest, both data and access codes stay locked down through strong encoding. Firmware tampering? Not possible - Apricorn built it so updates can’t sneak in. 

That wall keeps out threats like BadUSB, which twists ordinary USB gear into tools for system breaches. Priced close to $2,000, the 32TB model enters alongside lower-capacity encrypted drives. With built-in 256-bit AES XTS encryption, it operates directly through hardware protection. Verified under FIPS 140-2 Level 2 by NIST, its design meets strict governmental requirements. Compatibility spans across Windows, Linux, macOS, Android, and ChromeOS - no extra software needed. Despite higher cost, access remains smooth on multiple platforms out of the box. 

Despite limitations in certain setups, the device works reliably where standard encryption methods fail - think medical scanners, factory machines, isolated storage units, or built-in controllers. Transfer rates reach 5 gigabits per second thanks to a USB 3.2 Gen 1 connection. Inside, vital parts are shielded by a dense epoxy layer, resisting drops, impacts, and deliberate interference. Built tough, it handles rough conditions without compromising security. 

Even with strong built-in protections, the device cannot block all digital threats. Though separating encryption and login checks from the host machine lowers infection chances, firms have to protect where the drive is kept. Should someone get hold of the unit physically, how it's managed day-to-day matters as much as its coded defenses. Firms relying on this tool must enforce clear rules for where it's stored, who can reach it, and which verified machines link to it. 

Security hardware gains traction amid rising digital risks, driven by frequent attacks on weak software defenses and leaked login data. A surge in complex breaches pushes companies to adopt built-in protection methods instead of relying solely on traditional programs. This move reflects deeper changes across sectors aiming to reduce exposure through physical safeguards. Growing reliance on embedded tools marks a departure from older models dependent on patch-prone applications.
Read more »
North Korean Hackers
Crypto Cyber Crime Hacked Hacking North Korean Hackers

North Korean Hackers Hack US Crytpo Executives in Just Five Minutes

 

About Arctic Wolf 


Cybersecurity experts at Arctic Wolf have disclosed information about an advanced campaign attacking North American Web3 and cryptocurrency organizations. State-sponsored group BlueNoroff launched the attack campaign, it is a financially motivated gang associated with the infamous North Korean Lazarus Group. The aim is to make persistent access on the victim device.  

The gang does this by fooling the victim into deploying malware on the systems; however, their tactic is quite advanced.  

The discovery 


Arctic Wolf found an active malicious intrusion in which the threat actor used spear-phishing to send an altered Calendly calendar invite with a typo-squatted Zoom link while posing as a respectable person in the Fintech legal industry. When the victim clicked the link, they were shown a phony Zoom meeting interface that simultaneously launched a ClickFix-style clipboard injection attack and secretly exfiltrated their live camera feed to use as a lure in subsequent attacks. 

After that, information was stolen from the victim's device and browsers via a multi-stage credential extraction pipeline that concentrated on cryptocurrency wallet extensions.v Now enters ClickFix 

While launching the attack campaign, the hackers use real, high-profile people from the Web3 world, create fake headshots (that look real) via ChatGPT, and generate animated videos via Adobe Premiere Pro. 

After this, the hackers would make a fake Zoom video call website similar to the actual Zoom call page, and would show the video to make it all look real.  

Attack tactic 


After this, BlueNoroff gang would invite the actual victim via Calendly, six months prior (to make it all look real and convincing) as prominent people are busy.  

Once the victim opens the Zoom link, they see the usual: a video call webpage with the user on the other side moving and acting like they are real people (remember they are all fake sem-animated video)but, after eight seconds on call, a notification comes up, saying their “SDK is deprecated” and showing users “Update Now” option. 

“The technical execution chain in this campaign is both efficient and operationally disciplined. From initial URL click to full system compromise, including C2 establishment, Telegram session theft, browser credential harvesting, and persistence, the attacker completed in under five minutes,” Arctic Wolf said.
Read more »
us marines
Data Breach Hacking Group Handala hackers Iranian hackers MOIS us marines

U.S. Marines Reportedly Targeted by Iranian-Linked Hackers in New Data Exposure Incident

 



Iran-linked hacking group Handala has allegedly leaked personal information belonging to thousands of U.S. Marines deployed across the Persian Gulf region, shortly after American military personnel in the Middle East began receiving threatening messages from the group.

According to posts published on Handala’s website, the hackers claim to have released the names and phone numbers of 2,379 U.S. Marines as proof of what they described as their “intelligence superiority.” The group further claimed that the exposed information represents only a small sample from a much larger collection of data allegedly tied to American military personnel stationed in the region.

Handala asserted that it possesses additional details related to military members and their families, including home addresses, movement patterns, military base affiliations, commuting routines, shopping behavior, and other personal activities. These claims have not been independently verified by U.S. authorities.

The alleged leak surfaced days after several U.S. service members reportedly received threatening WhatsApp messages warning that they were under surveillance. The messages referenced Iranian drone and missile systems and attempted to intimidate military personnel by claiming their identities and movements were being tracked. Similar threatening communications believed to be linked to Handala were also reportedly sent to civilians in Israel earlier this week, suggesting a broader psychological and cyber influence campaign connected to escalating tensions in the Middle East.

Since the regional conflict involving Iran, Israel, and the United States intensified earlier this year, Handala has repeatedly claimed responsibility for several high-profile cyber incidents. Last month, the group allegedly leaked hundreds of emails said to have originated from the personal Gmail account of Kash Patel. The hackers have also been linked to a cyberattack targeting medical technology company Stryker, an operation that reportedly resulted in data being erased from tens of thousands of employee devices globally.

However, questions remain regarding the authenticity and quality of the newly leaked Marine data. An analysis of the published sample reportedly identified multiple inconsistencies, including incomplete phone numbers and entries that appeared to contain military contract identifiers rather than personal names. Several listed numbers reportedly connected only to automated voicemail systems.

In a limited number of cases, voicemail names reportedly matched information included in the leak. One individual contacted by reporters allegedly confirmed their identity before ending the call, while others declined to comment or redirected inquiries to military public affairs officials.

U.S. Central Command referred media questions regarding the incident to the Naval Criminal Investigative Service, which had not publicly commented on the matter at the time of reporting.

The incident comes amid growing concerns over cyber-enabled psychological operations targeting military personnel and their families. Earlier this month, Navy Secretary John Phelan urged sailors to strengthen the security of their mobile devices and social media accounts amid concerns over phishing attacks and malicious online activity. In an internal warning, he noted that threat actors may attempt to manipulate military personnel into opening harmful files or clicking malicious links designed to compromise personal accounts and devices.

Handala publicly portrays itself as a pro-Palestinian hacktivist organization. However, multiple cybersecurity firms and recent assessments from the U.S. Department of Justice have alleged that the group operates as a front tied to Iran’s Ministry of Intelligence and Security (MOIS).

Cybersecurity experts note that modern cyber campaigns increasingly combine data leaks, online intimidation, and misinformation tactics to create psychological pressure rather than relying solely on technical disruption. Analysts also caution that hacker groups sometimes exaggerate the scale or sensitivity of stolen data to amplify fear and media attention.

Although U.S. authorities have previously seized domains associated with Handala, the group continues to remain active by turning to new websites and communication platforms, including Telegram, allowing it to sustain its cyber and propaganda operations online.

Read more »
Whatsapp Scam
Cyber Fraud Cybercrime Investigation Digital Arrest Scam Identity Impersonification Online Financial Crime SIM Verification Social Engineering Attack Whatsapp Scam

Investigation Uncovers Thousands of Accounts Tied to Digital Arrest Fraud Networks

 

Indian authorities have launched a massive enforcement response to the escalation of extortion and impersonation fraud resulting from cyber technology. The government informed the Supreme Court in January 2026 that over 9,400 WhatsApp accounts linked to so-called "digital arrest" scams had been banned following a focused 12-week operation. 

Organizing and implementing a coordinated crackdown on organized fraud networks, in partnership with government agencies, reflects a growing concern about organizations exploiting communication platforms to impersonate law enforcement and regulatory authorities in cybercrime campaigns that are financially motivated. 

The WhatsApp countermeasure strategy consists of a combination of behavioural detection technologies and intelligence-driven monitoring systems. In addition to logo-matching capability, account name logging, large language model-based scam pattern analysis, and a repeat offender database, WhatsApp has implemented a combination of these technologies in its countermeasure strategy, in order to identify and disrupt evolving fraud infrastructures. 

Attorney General Venkataramani explained the government's position before the apex court by stating that the enforcement measures and account suspensions were documented in the detailed status report that the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs submitted on February 9th. This submission was made to comply with Supreme Court directives aimed at curbing the rapid increase in digital arrest fraud in the country that were issued on February 9. 

Chief Justice Surya Kant's bench is monitoring the case, which was previously brought up suo motu by another bench, which had taken notice of escalating online financial crimes involving impersonation-based extortion schemes and fraudulent virtual detentions. 

The court, as part of a wider institutional response, directed key regulatory and infrastructure agencies, such as the Reserve Bank of India and the Department of Telecommunications, to develop a unified operational framework for victim compensation and cyber fraud response mechanisms, signaling an emerging policy push towards regulating digital risk and mitigation of financial fraud between agencies. It has been reported that the case relates to a coordinated fraud operation that involves impersonating law enforcement officials to manipulate victims into believing that they are under active investigation. 

The accused individuals allegedly used digital communication platforms to fabricate fear, urgency, and intimidation against potential victims. A former bank official has been arrested along with two suspected associates who were allegedly involved in the execution of the scam infrastructure with the Central Bureau of Investigation. These "digital arrest" schemes typically involve prolonged voice or video interactions that isolate target groups from external verification channels. 

As a result, fraudsters remain psychologically in control while coercing victims to transfer funds in the guise of legal clearances, compliance verifications, or settlements. In light of the involvement of a banking insider, investigators have intensified their investigation into the potential misuse of financial systems, as they examine whether privileged access to transaction mechanisms or sensitive financial data permitted illegal funds to be transferred and withdrawn rapidly. 

Forensic analysis of communication logs, transactional paths, and digital evidence is being conducted as part of the ongoing investigation to map the criminal ecosystem supporting the operation as well as identify additional facilitators, beneficiaries, and individuals affected by it. According to law enforcement agencies, digital arrest frauds are on the rise across the nation, incorporating social engineering, identity appropriation, and coordinated cyber-enabled deception techniques to exploit victims.

In addition, legitimate government agencies will never ask for financial payments in order to prevent criminal or legal action from occurring. When investigative inputs were shared by the Indian Cyber Crime Coordination Centre, the Ministry of Electronics and Information Technology, and the Department of Telecommunications, enforcement efforts intensified, leading to a broader intelligence-driven disruption campaign that targeted the ecosystem of organised digital fraud. 

According to WhatsApp, government-reported accounts are not handled as isolated abuse incidents, but rather are analyzed as behavioural indicators to identify interconnected criminal infrastructures and their associated threat networks.

Nearly 3,800 accounts were originally flagged by the government, but the company's internal detection system greatly expanded the scope of the investigation, leading to the removal of thousands of additional accounts associated with suspected scam activities. 

In conjunction with a parallel preventive strategy, the platform has implemented several product-level safeguards in an effort to intercept fraud attempts during early contact stages of the fraud process. Alerts for suspicious first-time interactions, visibility indicators that provide account age information for unknown users, suppression of profile photographs when high-risk conversations occur, and expanded caller identification features are included in this strategy. 

The company expressed confidence that these interventions could help reduce the number of digital arrest frauds. However, it acknowledged that many operations are supported by cross-border criminal infrastructure, unauthorised payment channels, and external communication networks outside of its direct control, and stressed that multijurisdictional law enforcement actions would be required to prevent long-term disruptions. 

Aside from its submission to the Supreme Court, the Center also proposed the establishment of an extensive multi-agency enforcement framework designed to strengthen telecom verification systems, financial fraud response protocols, and cybercrime prevention systems nationally. Following consultation with regulatory and enforcement stakeholders, the report urged the court to direct telecommunications, electronics, and information technology authorities, as well as the Reserve Bank of India to establish standardized and time-bound safeguards against digital arrest scams. 

An important element of the proposal is the rapid implementation of Telecommunications (User Identification) Rules along with a Biometric Identity Verification System in order to establish nationwide traceability and visibility into SIM issuance processes. 

The Department of Telecommunications has instructed telecom service providers to enforce stricter compliance measures and Point of Sale vendors that activate SIM cards are required to meet enhanced verification and accountability requirements in accordance with a circular dated August 31, 2023 issued by the Department of Telecommunications.

Further, the report recommends that suspicious SIM cards associated with cybercrime investigations are blocked immediately. It also recommends that subscriber activation records and point of sale data be shared in real time with investigative agencies in order to improve the effectiveness of emergency response operations. 

During the course of monitoring the rapid expansion of digital arrest scams across India, the Supreme Court requested coordinated national action and periodic status updates from the enforcement and regulatory bodies responsible for the mitigation of cybercrime in India.

One of India's most significant institutional responses to digital arrest fraud has been the coordinated crackdown, reflecting the increasing convergence of cybercrime enforcement, telecommunication regulation, financial oversight, and platform-level security interventions, as well as the increasing threat of digital arrest frauds.

Investigative agencies continue to trace broader criminal networks, as well as regulatory agencies implementing stricter identity verification and fraud prevention guidelines, authorities believe sustained inter-agency coordination is crucial in disrupting organized scam ecosystems across digital communication networks and financial infrastructures. 

Moreover, these developments suggest that India’s cybercrime response strategy has also evolved, in which technology platforms, telecom operators, banks, and law enforcement agencies are collaborating in an effort to counter increasingly sophisticated forms of cybercrime-enabled financial fraud.
Read more »
Toronto Police
Canada Cyber Crime Cyber Scam SMS Blaster Toronto Police

Canada's First SMS Blaster Bust: 3 Arrested in Toronto Cybercrime Crackdown

 

Toronto police have exposed a first-of-its-kind SMS blaster cybercrime case in Canada, where investigators say three men used a rogue device to mimic a cell tower and push fake texts to nearby phones. The operation, known as Project Lighthouse, reportedly ran across the Greater Toronto Area for months before police arrested the suspects and seized multiple devices. 

The core issue is the use of an SMS blaster, a tool that can trick smartphones into connecting to a fake cellular signal. Once connected, the device can send fraudulent messages that look like they come from banks, delivery services, or other trusted organizations, often leading victims to phishing sites that steal passwords or banking details. Police also said the tactic creates a wider network risk because it can interrupt legitimate mobile connections. 

Investigators say the threat was not small in scale. Reports indicate tens of thousands of devices may have connected to the rogue equipment over several months, and police recorded more than 13 million network disruptions linked to the operation. That disruption is especially serious because it can interfere with emergency access, including the ability to reach 911.

The arrests show how quickly cybercrime is evolving from online-only scams into hybrid attacks that combine physical devices, mobility, and social engineering. Police charged the three suspects with a combined 44 offences, including fraud, mischief, personation, and unauthorized interception-related crimes. The case is being treated as Canada’s first confirmed investigation of this kind, which makes it a warning sign for other cities and countries. 

The broader lesson is that mobile phones can be vulnerable even when users do not click anything suspicious. If a rogue tower is nearby, the attack can start at the network level and then move into fake texts, credential theft, and financial fraud. For readers, the main takeaway is to be cautious with urgent SMS links, verify messages through official apps or websites, and treat unexpected texts from banks or government services as potentially malicious.
Read more »
leaked sensitive data
API API Attack API Keys API security Cyber Security data security government data breaches leaked sensitive data

ClickUp API Key Exposure Leaves Corporate and Government Email Data Public for Over a Year

 

A previously unnoticed weakness in ClickUp’s web infrastructure sat undetected - exposing private data due to an embedded API key left visible on its public site. For over twelve months, access to internal records remained possible because safeguards were missing at a basic level. Emails tied to businesses and official agencies could be pulled by outside parties; no login required. This gap emerged not from complex hacking but from routine coding oversights ignored during deployment. Hidden credentials like these often escape review until examined closely. Months passed before scrutiny revealed what should have been caught earlier. Security gaps of this kind stem less from advanced threats and more from everyday lapses repeated across teams. 

Open talk about the problem began when security analyst Impulsive shared findings showing the leaked credential sat inside a JavaScript file served by ClickUp's site, even before login steps occurred. Since code running in browsers can always be seen, grabbing the API key took little effort and allowed contact with internal servers. Without needing any special access, one basic query allegedly pulled close to a thousand emails plus vast numbers of hidden development settings from the system. The study showed that 959 employee email addresses were part of the leaked data, tied to staff in large companies and public institutions spanning various locations. 

About 3,165 feature flags also turned up in the exposure - visible without restriction. Hidden inside what looks like routine code, these flags might expose how teams test software, plan releases, roll out new tools, or shape future updates. Because of that, malicious actors might mine them to craft deceptive emails, manipulate individuals through tailored messages, or collect insights on rivals’ progress. Surprisingly useful intel often hides where it seems least likely. Early in 2025, news of the exposure surfaced - yet by April 2026, it still hadn’t been fixed, stretching out the time hackers could act. Because access stayed open so long, experts say attackers gained more chances to try breaking in using stolen login details, fake identities, or personalized emails targeting workers linked to the affected websites. 

What happened shows a wider issue for groups depending on cloud-based services. Though easy to avoid, fixed login details remain common in today’s coding practices. When secret access tokens appear in open-source repositories, bots usually find them fast - sometimes in under sixty seconds. Even low-level access codes can lead to large data leaks if internal systems lack strong verification rules. Rotating API keys often helps lower exposure over time. Client-side apps without embedded secrets tend to withstand attacks better. Strict limits on backend access form another layer of defense. 

Protection against phishing gains strength when using tools like DMARC, SPF, or DKIM. Unusual logins catch attention faster with constant tracking. Exposed domains become visible through active threat data streams. Security improves not by one fix alone, but steady adjustments across systems. A quiet mistake lingered unseen within ClickUp's system, revealing data widely before detection. When operations move into shared online environments, oversight gaps often emerge - making careful monitoring essential. Security lapses like this highlight growing pressure on organizations to act earlier, respond smarter, stay alert longer.
Read more »
Subscribe to: Posts (Atom)

Featured