Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

School Buses Could Become Surveillance Vehicles for Government in The US

In the US, school buses may soon become surveillance vehicles, according to 404 media’s report. A review of leaked documents revealed plans ...

All the recent news you need to know
Vulnerabilities and Exploits
Authentication Bypass CVE-2026-35616 EKZ Infostealer FortiClient EMS Fortinet vulnerability Vulnerabilities and Exploits

Hackers Exploit FortiClient EMS Flaw to Deploy EKZ Credential-Stealing Malware

 

Cybersecurity researchers have uncovered active attacks exploiting a critical vulnerability in FortiClient Enterprise Management Server (EMS) to distribute a previously undocumented credential-stealing malware known as EKZ Infostealer.

The attacks leverage CVE-2026-35616, an authentication bypass flaw in FortiClient EMS that enables unauthenticated remote attackers to execute arbitrary commands or code through specially crafted requests. The vulnerability stems from improper access control mechanisms and has been actively exploited in the wild.

Threat actors reportedly disguised the malware as a legitimate Fortinet endpoint update and delivered it through VPN scripting workflows managed by FortiClient. Fortinet acknowledged the exploitation of the flaw in early April and subsequently issued emergency hotfixes for versions 7.4.5 and 7.4.6 of the software.

Following reports of malicious activity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed federal agencies to secure vulnerable systems within days. Around the same period, The Shadowserver Foundation identified approximately 2,000 internet-exposed EMS instances.

Researchers at Arctic Wolf recently observed threat actors using the vulnerability to deploy the EKZ Infostealer. According to the company, attackers begin by abusing endpoint APIs to carry out administrative actions without requiring authentication.

After gaining access, the attackers alter EMS configurations and VPN policies to enable the execution of malicious scripts. Once an endpoint establishes an IPsec connection with a FortiGate firewall, the legitimate FortiClient process, fortitray.exe, launches malicious batch scripts through Command Prompt.

These scripts then execute a Base64-encoded PowerShell payload that downloads malware disguised as a Fortinet software update. The payload subsequently collects data from the victim's device and sends it to an attacker-controlled virtual private server (VPS) over HTTP.

“Rather than relying on a generic malware lure, the payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” reads the report from Arctic Wolf.

“On affected endpoints, FortiClient components launched command scripts that invoked PowerShell, downloaded a credential stealer, executed it silently, and exfiltrated harvested browser data before removing local artifacts.”

The malware, tracked as EKZ Infostealer, is designed to harvest sensitive information from both Chromium-based and Firefox browsers. It extracts stored browser data into text files and is capable of bypassing encrypted password protections.

Among the targeted data are login credentials, credit card information, addresses, phone numbers, and browser cookies. By stealing cookies, attackers may gain access to accounts protected by multi-factor authentication without needing the user's credentials.

Arctic Wolf noted that one potential indicator of compromise is the appearance of the log entry “Certificate not found in request header.” During testing, this message was often followed within seconds by another log entry indicating that a certificate associated with "fortinet-ca2" had been successfully updated.

Security teams are advised to monitor for unusual certificate authentication events and unauthorized modifications to Remote Access Profile settings. Additionally, suspicious administrative actions, newly created accounts, logins originating from unfamiliar locations such as Tor networks or VPS-hosted IP addresses, and unexpected configuration changes should be treated as potential warning signs of compromise.

Arctic Wolf has also released detailed detection and mitigation guidance to help organizations identify and defend against these attacks.

Read more »
Digital Personal Data Protection
Ad Data Privacy Browser privacy risks customer data privacy Cyber Security Data Surveillance Data-Driven Pricing Digital Personal Data Protection

Americans Back Surveillance Pricing Ban Amid Growing Privacy and Consumer Cost Concerns

 

Ahead of schedule, more people in the U.S. resist price tracking based on private information - details like where they shop, what they buy, or how often they spend. Because companies gather these patterns, each customer might face different costs for the same item. Although firms have used such methods before, fresh survey results show resistance gaining strength now. Despite quiet implementation earlier, citizens appear less willing lately to accept unseen adjustments shaped by their own data. 

A recent poll from GBAO Strategies shows public worry over how monitoring-based pricing might affect household expenses, especially food bills. While examining attitudes, it emerged that two-thirds think data-driven pricing models may push grocery costs higher. In contrast, nearly as many see risks in electronic shelf labels that let stores adjust prices instantly. Rather than accept these systems, most people lean toward intervention - about 67 percent back a full prohibition. Such views highlight unease with automated pricing methods shaped by customer tracking. 

Across party affiliations, resistance to tracking-based price adjustments emerged clearly. Most Democrats, those unaffiliated with either major party, and Republicans backed legal restrictions, showing suspicion of algorithmic cost calculations cuts through ideological boundaries. Uneasiness around how stores gather personal details to shape what people pay appears widespread. What worries privacy supporters isn’t just what things cost. The Electronic Frontier Foundation points out how much private detail is needed for tracking-based price models. Systems tap into details like age, where someone lives, their online activity, past buys - sometimes even race or gender. 

Using such data to set prices, some say, puts personal secrecy at risk. Questions also emerge around whether the process plays fair - and if anyone can truly see how it works. Some shoppers might already be experiencing such tactics, according to available data. Back in 2025, a probe by Consumer Reports uncovered disparities in item costs during an Instacart trial using artificial intelligence for pricing. Identical products carried distinct price tags depending on the user viewing them. 

At times, differences climbed up to one-quarter more than others paid. Although mentioned in internal presentations meant for business stakeholders, most buyers did not know adjustments were happening behind the scenes. Most times, people talk about surveillance pricing together with dynamic pricing - both shaped by algorithms in retail settings. Shaped by demand shifts, stock availability, or broader economic climates, prices shift under this model. 

Firms like Amazon and Walmart already apply forms of this method. Even though personal information plays a smaller role here, actions taken by shoppers - their habits, past buys - still guide how prices are set. Though talk grows louder, officials now question if tighter rules must follow. 

Because worries stretch across spending habits alongside personal data risks, how stores track buyers shapes wider talks on fairness and control. While some argue restraint matters more, others see unchecked patterns where price shifts tie too closely to who is watching.
Read more »
Vulnerabilities and Exploits
AI Security Bug Bounty Bug Hunting Security Patch Vulnerabilities and Exploits

AI Era Ignites Bug-Hunting Arms Race as Exploits Accelerate Faster Than Patches

 

The AI era has triggered a new cybersecurity arms race in which attackers and defenders are both using machine learning to find and exploit software vulnerabilities faster than ever. According to security experts, attackers are ramping up AI-powered exploit development, while security teams are deploying AI-driven detection and patching workflows to respond in real time. 

This acceleration is reshaping the economics of software security: the speed of vulnerability discovery no longer matches the slower pace of traditional analysis, triage, and patching, creating a dangerous imbalance between how quickly bugs are found and how quickly they can be fixed. The main issue is the flood of AI-generated bug reports overwhelming existing programs. Curl ended its bug bounty program after being inundated with low-quality submissions generated by AI tools. Linux’s security mailing list has become “almost entirely unmanageable” due to high volumes and duplicate AI bug reports from automated scanners.

Google recently overhauled its Vulnerability Reward Programs for Chrome and Android, lowering payouts for some bug classes while increasing others to focus on the most challenging and impactful vulnerabilities. These changes show that the industry is struggling to sort useful findings from noise while keeping costs sustainable. The same AI tools that help defenders also help attackers, which is the core asymmetry of this arms race. AI systems can now scan entire codebases, detect subtle patterns humans miss, and generate exploit code in days or even hours instead of months. 

Historically, exploiting a vulnerability could take years; now, exploits can emerge within 24 hours after discovery. This compression of the timeline means developers have less time to patch, attackers can automate exploitation, and low-skilled hackers gain advanced capabilities that were once reserved for elite teams. The result is a shrinking window between finding a flaw and it being weaponized. 

Organizations are responding with a mix of economic and structural measures. Some researchers argue that companies cannot simply “patch their way out of this” and must instead build infrastructure that makes many bugs irrelevant in practice. The industry is shifting toward “secure by default” designs, automated scanning in release candidates, and security-first development practices that reduce the number of exploitable weaknesses from the start. Google’s payout adjustments reflect a strategic shift to reward only the most impactful vulnerabilities, while smaller firms may struggle to keep up with rising costs and report volumes. 

The long-term issue is that vulnerability discovery is no longer a human-limited process but a machine-driven one, changing the balance of power in cybersecurity. AI exposes weaknesses faster than communities can respond, and the backlog of bugs now grows faster than it can be resolved. The winners will be those who treat security as continuous defense-in-depth, not as a one-time fix, and who build systems where most bugs are made irrelevant by design rather than by constant patching.
Read more »
Surveillance
AI Cloud Data FROST Internet Privacy Spying Surveillance

FROST Attack: Websites Can Now Spy on Users Via SSDs


Websites have always tried to spy on user activity through browsing histories, mouse clicks and keystrokes, and device fingerprints. Even Yandex and Meta were caught spying on users recently.

Hackers exploiting SSDs

These days, hackers are exploiting SSDs to spy on user activity. Known as Fingerprinting Remotely using OPFS-based SSD Timing or FROST, the technique lets hackers spy on other websites a visitor is viewing and what other applications are open on a user device.

In a research paper, the authors explained the exploit tactic. Hackers exploit a side channel, creating a type of leak that results from data caches or electromagnetic emanations. By computing the physical manifestations, hackers can decode encoded traffic and hack other confidential information.

Sites spying on user activity

The exploit that FROST used was called a contention side channel, which calculates the communication of other processes all using a given resource. By measuring input-output (I/O) time of SSD operations that a visitor uses, the experts found out websites opened in different tabs and browsers; even the applications that were opened on the user device. FROST doesn’t need any communication from the visitor but only requires opening the site hosting the exploit.

The attack tactic

According to the researchers, “Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications.” They also said that “companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” 

The impact

The authors also noted that, "while these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”

About the exploit

The attack is different to older contention-side channel attacks on SSDs. FROST runs only in the browser and uses JavaScript that communicated with OPFS (origing private file system), a dedicated storage space that is kept for a particular site to rune codes needed to do a given task. Sites can make one with zero communication required by the user.

“The attacker continuously measures SSD contention by performing random reads from a large OPFS file. SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model,” said the researchers. 

Read more »
data security
Android Smartphone Customer Data Exposed customer data leak Data Breach Data Leak Data Privacy data security

Trump Mobile Data Leak Exposes Customer Information as Questions Grow Around T1 Smartphone

 

Following confirmation by Trump Mobile, fresh attention has turned toward the company over a breach affecting its T1 smartphone users. Sensitive data - such as contact numbers, residential locations, emails, and additional private records - appeared publicly online, sources indicate. This exposure casts doubt on how securely the firm manages user information. Questions emerge about safeguards meant to protect personal details. 

A statement from a Trump Mobile representative confirmed none of the leaked data involved monetary records. Yet word emerged solely once people found their private info appearing on web platforms. Skeptics wonder about the delay in alerting impacted clients despite clear dangers tied to such leaks. Despite awareness, updates reached users well after exposure occurred. Blame for the event points toward an outside tech partner handling parts of Trump Mobile's systems. 

Though confirmation came from Trump Mobile about information being exposed, the specific vendor stayed unnamed in public updates. Details about customer notifications remain unclear, with no official word on outreach efforts so far. Later arriving than first planned, the phone now joins past problems tied to the Trump Mobile T1 handset. Though initially set for an August 2025 release, several setbacks pushed delivery further into delay. 

At first, ads insisted production would happen within U.S. borders - this messaging changed over time, replaced by phrases like "crafted around American ideals." Despite its appeal, the T1 phone faces scrutiny due to visual and sourcing concerns. A golden exterior carries a symbolic banner on the rear - yet close inspection reveals just eleven bars where thirteen should appear. Some watchers point out discrepancies resembling those seen in national imagery. Doubt emerges too around innovation claims, given speculation it may simply repurpose another model already on the market. 

Some industry analyses point to similarities between the T1 and earlier Android phones, many made outside domestic markets. Because of these links, questions about its cost have grown - priced above five hundred dollars, it stands out next to far cheaper counterparts. Though not identical, enough resemblance exists to spark discussion among buyers and critics alike. Worries have grown since details of the leak came to light, touching both users and analysts. 

Though Trump Mobile insists nothing related to money was exposed, risks tied to trust and safety surface when private details are found unprotected on the web. With reviews still underway, clarity could become a priority - especially around how the event unfolded and what happens behind the scenes with user records.
Read more »
Private Data
Data Breach NHS Trust Nottingham Attacks Patient Records Private Data

Nottingham Attacks Survivors Left Out in Data Breach Inquiry as NHS Trust Apologizes

 

Nottingham University Hospitals NHS Trust has issued an apology after a public inquiry revealed that survivors of the Nottingham attacks were not properly considered when a major data breach investigation began. Medical director Manjeet Shehmar acknowledged that the trust’s early response caused additional distress to victims and their families, admitting that the initial focus was too narrow and primarily centered on the families of those who died rather than including the people who survived the attack. 

The breach stems from the June 13, 2023 attacks carried out by Valdo Calocane, who murdered three people and seriously injured three others at locations in and around Nottingham. Following the attacks, it was discovered that staff at the trust had inappropriately accessed medical records belonging to victims without proper authorization. The trust launched an internal investigation in 2025, which uncovered widespread unauthorized access to sensitive patient information during a period when survivors and bereaved families were already coping with extreme trauma. 

The inquiry found that 11 employees were dismissed after the trust confirmed multiple serious breaches of data protection protocols. The dismissed staff included nurses and other healthcare workers, indicating that the unauthorized access was not confined to a single department. Several other employees received final written warnings or first written warnings. The scale of the dismissals and warnings highlighted how deeply the breach penetrated the trust’s operations and raised serious concerns about internal safeguards for protecting patient records.

Survivors’ legal representatives had to intervene before the trust fully recognized that survivors should be included in the inquiry process from the beginning. This delay meant that the emotional and psychological impact on the people who lived through the attack was not initially addressed, even though they were directly affected by both the original violence and the subsequent data breach. The trust acknowledged that it failed to consider survivors from the start, which compounded the distress caused by the breach. 

The case has become a significant example of how institutions must balance their duty to investigate data breaches with their responsibility to protect the well-being of victims. For survivors and bereaved families, critical questions remain about what specific information was accessed, who viewed the records, and why existing safeguards were not strong enough to prevent unauthorized access. The inquiry continues to examine these issues as part of a broader review of institutional responses to major crimes when the very systems meant to protect patients fail during times of crisis.
Read more »
Subscribe to: Posts (Atom)

Featured