Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Chinese-Linked Hackers Exploit Claude AI to Run Automated Attacks

  Anthropic has revealed a major security incident that marks what the company describes as the first large-scale cyber espionage operation ...

All the recent news you need to know
vulnerability exploitation
AI cyberattacks Cyber Security Cybersecurity Threats fileless ransomware nation-state hackers Ransomware Groups Rapid7 report vulnerability exploitation

Cybercriminals Speed Up Tactics as AI-Driven Attacks, Ransomware Alliances, and Rapid Exploitation Reshape Threat Landscape

 

Cybercriminals are rapidly advancing their attack methods, strengthening partnerships, and harnessing artificial intelligence to gain an edge over defenders, according to new threat intelligence. Rapid7’s latest quarterly findings paint a picture of a threat environment that is evolving at high speed, with attackers leaning on fileless ransomware, instant exploitation of vulnerabilities, and AI-enabled phishing operations.

While newly exploited vulnerabilities fell by 21% compared to the previous quarter, threat actors are increasingly turning to long-standing unpatched flaws—some over a decade old. These outdated weaknesses remain potent entry points, reflected in widespread attacks targeting Microsoft SharePoint and Cisco ASA/FTD devices via recently revealed critical bugs.

The report also notes a shrinking window between public disclosure of vulnerabilities and active exploitation, leaving organisations with less time to respond.

"The moment a vulnerability is disclosed, it becomes a bullet in the attacker's arsenal," said Christiaan Beek, Senior Director of Threat Intelligence and Analytics, Rapid7.
"Attackers are no longer waiting. Instead, they're weaponising vulnerabilities in real time and turning every disclosure into an opportunity for exploitation. Organisations must now assume that exploitation begins the moment a vulnerability is made public and act accordingly," said Beek.

The number of active ransomware groups surged from 65 to 88 this quarter. Rapid7’s analysis shows increasing consolidation among these syndicates, with groups pooling infrastructure, blending tactics, and even coordinating public messaging to increase their reach. Prominent operators such as Qilin, SafePay, and WorldLeaks adopted fileless techniques, launched extensive data-leak operations, and introduced affiliate services such as ransom negotiation assistance. Sectors including business services, healthcare, and manufacturing were among the most frequently targeted.

"Ransomware has evolved significantly beyond its early days to become a calculated strategy that destabilises industries," said Raj Samani, Chief Scientist, Rapid7.
"In addition, the groups themselves are operating like shadow corporations. They merge infrastructure, tactics, and PR strategies to project dominance and erode trust faster than ever," said Samani.

Generative AI continues to lower the barrier for cybercriminals, enabling them to automate and scale phishing and malware development. The report points to malware families such as LAMEHUG, which now have advanced adaptive features, allowing them to issue new commands on the fly and evade standard detection tools.

AI is making it easier for inexperienced attackers to craft realistic, large-volume phishing campaigns, creating new obstacles for security teams already struggling to keep pace with modern threats.

State-linked actors from Russia, China, and Iran are also evolving, shifting from straightforward espionage to intricate hybrid operations that blend intelligence collection with disruptive actions. Many of these campaigns focus on infiltrating supply chains and compromising identity systems, employing stealthy tactics to maintain long-term access and avoid detection.

Overall, Rapid7’s quarterly analysis emphasises the urgent need for organisations to modernise their security strategies to counter the speed, coordination, and technological sophistication of today’s attackers.
Read more »
monitoring
Apple Apple ID Cyber Privacy Cyber Security Data Safety data security Digital Privacy enhanced user privacy monitoring

Apple’s Digital ID Tool Sparks Privacy Debate Despite Promised Security

 

Apple’s newly introduced Digital ID feature has quickly ignited a divide among users and cybersecurity professionals, with reactions ranging from excitement to deep skepticism. Announced earlier this week, the feature gives U.S. iPhone owners a way to present their passport directly from Apple Wallet at Transportation Security Administration checkpoints across more than 250 airports nationwide. Designed to replace the need for physical identity documents at select travel touchpoints, the rollout marks a major step in Apple’s broader effort to make digital credentials mainstream. But the move has sparked conversations about how willing society should be to entrust critical identity information to smartphones. 

On one side are supporters who welcome the convenience of leaving physical IDs at home, believing Apple’s security infrastructure offers a safer and more streamlined travel experience. On the other side are privacy advocates who fear that such technology could pave the way for increased surveillance and data misuse, especially if government agencies gain new avenues to track citizens. These concerns mirror wider debates already unfolding in regions like the United Kingdom and the European Union, where national and bloc-wide digital identity programs have faced opposition from civil liberties organizations. 

Apple states that its Digital ID system relies on advanced encryption and on-device storage to protect sensitive information from unauthorized access. Unlike cloud-based sharing models, Apple notes that passport data will remain confined to the user’s iPhone, and only the minimal information necessary for verification will be transmitted during identification checks. Authentication through Face ID or Touch ID is required to access the ID, aiming to ensure that no one else can view or alter the data. Apple has emphasized that it does not gain access to passport details and claims its design prioritizes privacy at every stage. 

Despite these assurances, cybersecurity experts and digital rights advocates are unconvinced. Jason Bassler, co-founder of The Free Thought Project, argued publicly that increasing reliance on smartphone-based identity tools could normalize a culture of compromised privacy dressed up as convenience. He warned that once the public becomes comfortable with digital credentials, resistance to broader forms of monitoring may fade. Other specialists, such as Swiss security researcher Jean-Paul Donner, note that iPhone security is not impenetrable, and both hackers and law enforcement have previously circumvented device protections. 

Major organizations like the ACLU, EFF, and CDT have also called for strict safeguards, insisting that identity systems must be designed to prevent authorities from tracking when or where identification is used. They argue that without explicit structural barriers to surveillance, the technology could be exploited in ways that undermine civil liberties. 

Whether Apple can fully guarantee the safety and independence of digital identity data remains an open question. As adoption expands and security is tested in practice, the debate over convenience versus privacy is unlikely to go away anytime soon. TechRadar is continuing to consult industry experts and will provide updates as more insights emerge.
Read more »
Tech Firm
Checkout Data Breach Ransomware ShinyHunters Tech Firm

Checkout Refuses ShinyHunters Ransom, Donates Funds to Cybersecurity Research

 

Checkout, a UK-based financial tech firm, recently suffered a data breach orchestrated by the cybercriminal group ShinyHunters, who have demanded a ransom for stolen merchant data. In response, the company announced it would not pay the ransom but instead donate the equivalent amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to fund cybercrime research initiatives.

The breach occurred after ShinyHunters gained unauthorized access to a legacy third-party cloud storage system used by Checkout in 2020 and earlier. This system, which had not been properly decommissioned, contained internal operational documents, onboarding materials, and data from a significant portion of company’s merchant base, including past and current customers. The company estimates that less than 25% of its current merchant base was affected by the incident.

The tech firm provides payment processing services to major global brands such as eBay, Uber Eats, adidas, GE Healthcare, IKEA, Klarna, Pinterest, Alibaba, Shein, Sainsbury’s, Sony, DocuSign, Samsung, and HelloFresh, managing billions in merchandise revenue. The company’s systems include a unified payments API, hosted payment portals, mobile SDKs, and plugins for existing platforms, along with fraud detection, identity verification, and dispute management features.

ShinyHunters is an international threat group known for targeting large organizations, often leveraging phishing, OAuth attacks, and social engineering to infiltrate systems and extort ransom payments. The group has recently exploited the Oracle E-Business Suite zero-day vulnerability (CVE-2025-61884) and carried out attacks on Salesforce and Drift systems affecting multiple organizations earlier in the year.

Despite the pressure to pay a ransom to prevent the leaked data from being published, Checkout has refused and opted for a different strategy. The company will invest in strengthening its own security infrastructure and protecting its customers more effectively in the future. Additionally, the company has committed to supporting academic research in cybersecurity by channeling the intended ransom funds to prestigious universities.

Checkout has not disclosed the identity of the compromised third-party cloud file storage system or the specific breach method. The company continues to work on bolstering its defenses and has emphasized its commitment to transparency and customer protection. This decision sets a notable precedent for organizations facing ransomware demands, highlighting the importance of proactive security investment and responsible action in the face of cyber threats.
Read more »
WhatsApp Security
Cross-Platform Messaging Cyber Security Digital Markets Act Encrypted Communication EU Tech Regulation Messaging Compliance Meta Interoperability Secure Connectivity Third-Party Chats WhatsApp Security

Users Will Soon Text From External Apps Directly Inside WhatsApp

 


WhatsApp is taking a significant step towards ensuring greater digital openness across Europe by enabling seamless communication that extends beyond the borders of its own platform, making it closer to enabling seamless communication that extends beyond the confines of its platform itself. 

According to the requirements for interoperability outlined in the EU’s Digital Markets Act, the company is preparing to add third-party chat support to its chat services within the European Union. A new feature that is being offered by WhatsApp will allow users to communicate with users on other messaging services which are willing to integrate with the WhatsApp framework. This feature can be opted into by individuals who choose to opt in. 

An initial rollout, planned in Europe for both Android and iOS devices, will cover the basics like text, photos, videos, voice notes, and files, while a later phase will include a broader range of capabilities, including cross-platform group chats. 

The new system is offered as an option and can be controlled in the application's settings. However, WhatsApp's new features have been built in a way that ensures that end-to-end encryption standards are maintained within WhatsApp's existing security protocols, ensuring users' privacy is never compromised as a result of expanding connectivity. 

A few users in the European Union have reported a new "third-party chats" section in their WhatsApp account settings, which indicates that WhatsApp may be expanding its cross-platform ambitions. While this feature is still under development and has not yet been formally introduced, it gives a glimpse into how the platform intends to streamline communication across multiple platforms by making it easier to communicate. 

The Messenger app also offers users the option to sync their messages, photos, videos, voice messages, and documents with external apps, allowing them to exchange messages, photos, videos, voice notes, and documents with these apps or separate them into a separate section that is clearly identified and accessible to them.

It is important to note that some WhatsApp functions, including status posts, disappearing messages, and stickers, remain unsupported for the time being, and there are some limitations in place, such as the possibility of receiving messages from individuals previously blocked on WhatsApp who initiate contact through another platform. 

When users receive incoming message requests from third-party platforms, they can choose to respond immediately to messages or review them at their convenience according to how they want. In addition to providing a detailed preview of how the cross-platform experience will function once it has been released to a broader audience, WhatsApp’s testing phase will also give an in-depth look at how the cross-platform experience functions in real life. 

In parts of the European Union, Google is undergoing test trials regarding a new setting that exists within the app, known as "third-party chats," and allows users to exchange text messages, images, videos, voice notes, and documents with compatible external services through these third-party chats. In the beta period, BirdyChat seems to be the only app that is connected, but as more platforms adopt the required technical framework, there is expected to be a broader interoperability.

It is up to the user to decide whether to store these conversations in his or her primary inbox or separate folders based on his or her individual preferences. Some platform-specific tools, such as status updates, disappearing messages, and stickers, will not carry over to external exchanges, since they will only be accessible on WhatsApp. This feature is entirely optional, allowing those satisfied with WhatsApp's existing environment to leave it disabled. Further, WhatsApp blocked users are still able to reach out to those blocked via a third-party application, which the company has noted in its testing. 

Although WhatsApp's own communication channels continue to be encrypted end-to-end, the level of protection for messages that are exchanged with other platforms is a result of the encryption policies adopted by those services. The company maintains that it cannot read the content of chats sent by third parties, even when they are accessed through WhatsApp' interface. 

Despite months of controlled testing, what has been done to highlight the progress made through the cross-platform initiative is now moving into a broader rollout phase. As part of a recent announcement by the company, we learned that WhatsApp users in the European region will shortly be able to communicate directly with people using BirdyChat and Haiket by using the newly introduced third-party chat feature. 

Meta describes this advance as a key milestone that will help Meta meet the EU's requirements for interoperability under the Digital Markets Act of the European Union. The new feature will enable European users to send messages, images, voice notes, videos, and files via external platforms to their external contacts and as soon as partner services complete their own technical preparations, users will be able to exchange group messages and images with each other. 

A notification will appear in the Settings tab to guide users through the opt-in process as Meta plans to enter this feature gradually over the coming weeks. Currently, the feature is only compatible with Android and iOS, leaving desktop, web, and tablet versions of the app unaffected. 

As Meta points out, these partnerships were developed over the course of several years as a result of repeated efforts by European messaging providers and the European Commission to establish an interoperability framework that is both DMA-compliant and protects the privacy of users. It is mandatory for all third-party interactions to follow encryption protocols, which are consistent with WhatsApp's own end-to-end protections. 

Furthermore, the interface has been designed to make it easy for users to distinguish between native and external chats. The system was already previewed by Meta in late 2024, which included features like a dedicated folder for third-party messages and an alert system when a new external messaging service becomes available for use. In accordance with the Digital Markets Act, WhatsApp is under pressure to support only the most basic messaging functionality. 

However, WhatsApp is in the process of developing advanced features for third-party chat users who enable the function. A number of advanced interaction features will accompany the initial rollout of Meta's communication services, such as message reaction, threaded replies, typing indicator, and read receipts, ensuring a smoother and more familiar communication process across multiple services.

There is also a long-term roadmap that has been developed by the company, which includes the introduction of cross-platform group chats in 2025, as well as the implementation of voice and video calling by 2027, once technical integrations have matured. 

Aside from the fact that WhatsApp emphasizes that the wider availability of these features depends on how soon other messaging apps will embrace the necessary standards for interoperability, the company believes the ultimate goal is to create an intuitive, secure platform that allows users to seamlessly communicate across multiple platforms with ease and without any hassle.

A feature like the one listed above, as WhatsApp moves steadily towards a more integrated messaging ecosystem, will likely have a long-term impact that extends beyond the convenience it provides. As WhatsApp opens its doors to external platforms, it is positioning itself at the center of a unified digital communication landscape—one in which users will not have to juggle a variety of applications in order to remain in touch.

The shift provides consumers with greater flexibility, a wider reach, and fewer barriers between services, while for developers it creates a new competitive environment based on interoperability rather than isolation. It is quite likely that, if this transition is executed well, it will redefine how millions of people around the world navigate their daily lives.
Read more »
USA
Bulletproof hosting Cyber Crime media land Ransomware Russia USA

Governments sanction Russian “bulletproof” host for aiding ransomware networks

 



Authorities in the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian bulletproof hosting provider accused of giving safe and long-term technical support to ransomware operators and other criminal groups. Officials say the newly sanctioned entities have played a central role in keeping several high-impact cybercrime operations online.

A bulletproof hosting service is a type of internet infrastructure provider that knowingly allows harmful activity on its servers. These companies rent out digital space and refuse to take down malicious websites, even when they receive complaints from victims or requests from law enforcement. Such services help threat actors conduct phishing campaigns, distribute malware, run command and control systems for their attacks, and host illegal content without fear of quick removal. This resistance to oversight makes it harder for investigators to disrupt cybercriminal networks.


Media Land and its linked companies named as key targets

The United States Treasury’s Office of Foreign Assets Control announced that Media Land, a Russia-based provider, has been added to the sanctions list along with three related firms: Media Land Technology, Data Center Kirishi, and ML Cloud. According to officials, Media Land’s infrastructure has been connected to well-known ransomware groups. It has also been tied to distributed denial-of-service attacks that targeted American companies, including systems categorized as critical infrastructure such as parts of the telecommunications sector.


Officials name individuals connected to the operation

Sanctions also extend to three people associated with Media Land. Aleksandr Volosovik has been identified as someone who promoted the company’s services on underground cybercriminal forums under the username Yalishanda. Another individual, Kirill Zatolokin, is accused of handling customer payments. A third person, Yulia Pankova, is said to have assisted with legal matters and financial management. The United Kingdom additionally stated that Volosovik has interacted with multiple cybercrime groups in the past.


Other companies involved in supporting the infrastructure

The sanctions package further includes Aeza Group LLC, another bulletproof hosting operator that had already been sanctioned earlier this year. Authorities say Aeza attempted to continue operating by using a UK-based company named Hypercore Ltd as a front. Additional entities in Serbia and Uzbekistan that provided technical assistance to the network have also been designated.


Government agencies issue defensive guidance

Along with the sanctions, cybersecurity agencies across the Five Eyes alliance released technical recommendations to help defenders identify and block activity linked to bulletproof hosting services. They suggest creating high-confidence lists of harmful internet resources based on verified threat intelligence, performing continuous monitoring of network traffic, and applying filtering rules at network boundaries while examining how those rules might affect legitimate users. The guidance also encourages service providers to maintain stronger onboarding checks for new customers since criminal operators often hide behind temporary email accounts or phone numbers.


Implications of the sanctions

All assets connected to the named individuals and companies within the United States, the United Kingdom, and Australia will now be frozen. Any organisation or person that continues to conduct transactions with them may face secondary sanctions or other enforcement actions. This step builds on earlier actions taken in February, when the three nations sanctioned ZServers, another Russian hosting operation, while Dutch authorities seized more than one hundred of its servers.

The coordinated announcement signals a growing international effort to dismantle the online infrastructure that ransomware groups depend on. It also reinforces the need for organisations to maintain strong cybersecurity practices, rely on reputable service providers, and monitor threat intelligence to reduce exposure to criminal activity.

Read more »
Mobile Spyware
Android Smartphone CVE CVE exploits CVE vulnerability CVEs Cyber Security Exploits Landfall mobile security measures Mobile Spyware

Samsung Zero-Day Exploit “Landfall” Targeted Galaxy Devices Before April Patch

 

A recently disclosed zero-day vulnerability affecting several of Samsung’s flagship smartphones has raised renewed concerns around mobile device security. Researchers from Palo Alto Networks’ Unit 42 revealed that attackers had been exploiting a flaw in Samsung’s image processing library, tracked as CVE-2025-21042, for months before a security fix was released. The vulnerability, which the researchers named “Landfall,” allowed threat actors to compromise devices using weaponized image files without requiring any interaction from the victim. 

The flaw impacted premium Samsung models across the Galaxy S22, S23, and S24 generations as well as the Galaxy Z Fold 4 and Galaxy Z Flip 4. Unit 42 found that attackers could embed malicious data into DNG image files, disguising them with .jpeg extensions to appear legitimate and avoid suspicion. These files could be delivered through everyday communication channels such as WhatsApp, where users are accustomed to receiving shared photos. Because the exploit required no clicks and relied solely on the image being processed, even careful users were at risk. 

Once installed, spyware leveraging Landfall could obtain access to sensitive data stored on the device, including photos, contacts, and location information. It was also capable of recording audio and collecting call logs, giving attackers broad surveillance capabilities. The targeting appeared focused primarily on users in the Middle East, with infections detected in countries such as Iraq, Iran, Turkey, and Morocco. Samsung was first alerted to the exploit in September 2024 and issued a patch in April, closing the zero-day vulnerability across affected devices.  

The seriousness of the flaw prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to place CVE-2025-21042 in its Known Exploited Vulnerabilities catalog, a list reserved for security issues actively abused in attacks. Federal agencies have been instructed to ensure that any vulnerable Samsung devices under their management are updated no later than December 1st, reflecting the urgency of mitigation efforts.  

For consumers, the incident underscores the importance of maintaining strong cybersecurity habits on mobile devices. Regularly updating the operating system is one of the most effective defenses against emerging exploits, as patches often include protections for newly discovered vulnerabilities. Users are also encouraged to be cautious regarding unsolicited content, including media files sent from unknown contacts, and to avoid clicking links or downloading attachments they cannot verify. 

Security experts additionally recommend using reputable mobile security tools alongside Google Play Protect to strengthen device defenses. Many modern Android antivirus apps offer supplementary safeguards such as phishing alerts, VPN access, and warnings about malicious websites. 

Zero-day attacks remain an unavoidable challenge in the smartphone landscape, as cybercriminals continually look for undiscovered flaws to exploit. But with proactive device updates and careful online behavior, users can significantly reduce their exposure to threats like Landfall and help ensure their personal data remains secure.
Read more »
Subscribe to: Comments (Atom)

Featured