Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Windows
BYOVD Attack cloud storage Cyber Attacks Linux phishing Ransomware Reynolds Windows

New Ransomware Uses Trusted Drivers to Disable Security Defenses

 


Security monitoring teams are tracking a new ransomware strain called Reynolds that merges system sabotage and file encryption into a single delivery package. Instead of relying on separate utilities to weaken defenses, the malware installs a flawed system driver as part of the infection process, allowing it to disable protective software before encrypting data.

The method used is known in security research as Bring Your Own Vulnerable Driver, or BYOVD. This approach abuses legitimate drivers that contain known weaknesses. Because operating systems recognize these drivers as trusted components, attackers can exploit them to gain deep system access and stop endpoint protection tools with reduced risk of detection. This tactic has been repeatedly observed across multiple ransomware operations in recent years.

In the Reynolds incidents, the malware deploys the NSecKrnl driver produced by NsecSoft. This driver contains a publicly documented vulnerability tracked as CVE-2025-68947, rated 5.7 in severity. The flaw allows any running process to be forcibly terminated, which attackers use to shut down security platforms including Avast, CrowdStrike Falcon, Palo Alto Networks Cortex XDR, Sophos with HitmanPro.Alert, and Symantec Endpoint Protection. The same driver has previously been abused by a threat actor known as Silver Fox in campaigns that disabled security tools before deploying ValleyRAT. Silver Fox has also relied on other vulnerable drivers, such as truesight.sys and amsdk.sys, during similar operations.

Security analysts note that integrating defense suppression into ransomware itself is not unprecedented. A comparable approach appeared during a Ryuk ransomware incident in 2020 and later in activity linked to the Obscura ransomware family in August 2025. Folding multiple attack stages into a single payload reduces operational complexity for attackers and decreases the number of separate files defenders might detect.

Investigations into recent intrusions uncovered signs of long-term preparation. A suspicious loader that used side-loading techniques was found on victim networks several weeks before encryption occurred. Following deployment of the ransomware, a remote access program known as GotoHTTP was installed within one day, indicating an effort to preserve long-term control over compromised systems.

Parallel ransomware campaigns reveal additional shifts in attacker behavior. Large phishing operations are circulating shortcut file attachments that trigger PowerShell scripts, leading to the installation of Phorpiex malware, which then delivers GLOBAL GROUP ransomware. This ransomware conducts all operations locally and does not transmit stolen data, allowing it to function in networks without internet access. Other campaigns tied to WantToCry have exploited virtual machines provisioned through ISPsystem, a legitimate infrastructure management service, to distribute malware at scale. Some of the same hosting infrastructure has been linked to LockBit, Qilin, Conti, BlackCat, and Ursnif, as well as malware families including NetSupport RAT, PureRAT, Lampion, Lumma Stealer, and RedLine Stealer.

Researchers assess that bulletproof hosting providers are renting ISPsystem virtual machines to criminal actors by abusing a design flaw in VMmanager’s default Windows templates. Because these templates reuse identical hostnames and system identifiers, thousands of virtual machines can be created with the same fingerprint, making takedown efforts more difficult.

Ransomware groups are also expanding their business models. DragonForce now provides affiliates with a “Company Data Audit” service, which includes risk assessments, pre-written call scripts, executive-level letters, and negotiation guidance. The group operates as a cartel that allows affiliates to launch their own brands while sharing infrastructure and services.

Technical changes are shaping newer ransomware versions. LockBit 5.0 has replaced AES encryption with ChaCha20 and now targets Windows, Linux, and ESXi environments. The latest version includes file wiping capabilities, delayed execution, encryption progress tracking, improved evasion techniques, stronger in-memory operation, and reduced disk footprints. The Interlock group continues to target organizations in the United Kingdom and United States, particularly in education. One attack exploited a zero-day vulnerability in the GameDriverx64.sys anti-cheat driver, tracked as CVE-2025-61155 with a 5.5 severity score, to disable security tools using BYOVD methods. The same campaign deployed NodeSnake, also known as Interlock RAT or CORNFLAKE, with MintLoader identified as the initial access point.

Targeting strategies are also shifting toward cloud storage. Poorly configured Amazon Web Services S3 buckets are being abused through native platform functions to erase data, restrict access, overwrite files, or quietly extract sensitive information while remaining difficult to detect.

Industry tracking from Cyble indicates that GLOBAL GROUP is among several ransomware crews that appeared in 2025, alongside Devman, DireWolf, NOVA, J group, Warlock, BEAST, Sinobi, NightSpire, and The Gentlemen. ReliaQuest reported that Sinobi’s data leak activity increased by 306 percent in the final quarter of 2025, ranking it third behind Qilin and Akira. LockBit’s resurgence included 110 victim listings in December alone. Researchers estimate that ransomware actors claimed 4,737 attacks in 2025, compared with 4,701 in 2024. Incidents centered only on data theft rose to 6,182, reflecting a 23 percent increase. Coveware reported that average ransom demands reached $591,988 in late 2025, driven by a small number of exceptionally large settlements, and warned that attackers may shift back toward encryption-based extortion to increase pressure on victims.

Read more »
Linkedin
Corporate Cyber Crime Fake Job Job Scam Linkedin

Threat Actors Pose As Remote IT Workers on LinkedIn to Hack Companies


The IT workers related to the Democratic People's Republic of Korea (DPRK) are now applying for remote jobs using LinkedIn accounts of other individuals. This attack tactic is unique. 

According to the Security Alliance (SEAL) post on X, "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate.”

The IT worker scare has been haunting the industry for a long time. It originates from North Korea, the threat actors pose as remote workers to get jobs in Western organizations and other places using fake identities. The scam is infamous as Wagemole, PurpleDelta, and Jasper Sleet. 

The end goal?

To make significant income to fund the country’s cyber espionage operations, weapons programs, and also conduct ransomware campaigns. 

In January, cybersecurity firm Silent Push said that the DPRK remote worker program is a “high-volume revenue engine" for the country, allowing the hackers to gain administrative access to secret codebases and also get the perks of corporate infrastructure.  

Once the threat actors get their salaries, DPRK IT workers send cryptocurrency via multiple money laundering techniques. 

Chain-hopping and/or token swapping are two ways that IT professionals and their money laundering colleagues sever the connection between the source and destination of payments on the chain. To make money tracking more difficult, they use smart contracts like bridge protocols and decentralized exchanges.

What should individuals do?

To escape the threat, users who think their identities are being stolen in fake job applications should post a warning on their social media and also report on official communication platforms. SEAL advises to always “validate that accounts listed by candidates are controlled by the email they provide. Simple checks like asking them to connect with you on LinkedIn will verify their ownership and control of the account.”

The news comes after the Norwegian Police Security (PST) released an advisory, claiming to be aware of "several cases" in the last 12 months in which IT worker schemes have affected Norwegian companies. 

PST reported last week that “businesses have been tricked into hiring what are likely North Korean IT workers in home office positions. The salary income North Korean employees receive through such positions probably goes to finance the country's weapons and nuclear weapons program.”

Read more »
FIIG Securities
ASIC enforcement Cyber Security cybersecurity failures data breach Australia Federal Court penalty FIIG Securities

Federal Court Fines FIIG $2.5 Million for Major Cybersecurity Breaches; Schools Push Phone-Free Policies

 


Fixed income manager FIIG Securities has been ordered by the Federal Court to pay $2.5 million in penalties over serious cybersecurity shortcomings. The ruling follows findings that the firm failed to adequately safeguard client data over a four-year period, culminating in a significant cyberattack in 2023.

The breach impacted approximately 18,000 clients and resulted in the theft of around 385 gigabytes of sensitive data. Information exposed on the dark web included driver’s licences, passport details, bank account information and tax file numbers.

According to the court, between 13 March 2019 and 8 June 2023, FIIG failed to implement essential cybersecurity safeguards. These failures included insufficient allocation of financial and technological resources, lack of qualified cybersecurity personnel, absence of multi-factor authentication for remote access, weak password and privileged account controls, inadequate firewall and software configurations, and failure to conduct regular penetration testing and vulnerability scans.

The firm also lacked a structured software update process to address security vulnerabilities, did not have properly trained IT staff monitoring threat alerts, failed to provide mandatory cybersecurity awareness training to employees, and did not maintain or regularly test an appropriate cyber incident response plan.

In addition to the $2.5 million penalty, the court ordered FIIG to contribute $500,000 toward ASIC’s legal costs. The company must also undertake a compliance program, including appointing an independent expert to review and strengthen its cybersecurity and cyber resilience frameworks.

This marks the first instance in which the Federal Court has imposed civil penalties for cybersecurity breaches under general Australian Financial Services (AFS) licence obligations.

“FIIG admitted that it failed to comply with its AFS licence obligations and that adequate cyber security measures – suited to a firm of its size and the sensitivity of client data held – would have enabled it to detect and respond to the data breach sooner.

“It also admitted that complying with its own policies and procedures could have supported earlier detection and prevented some or all of the client information from being downloaded.”

ASIC deputy chair Sarah Court emphasised the regulator’s stance on cybersecurity compliance: “Cyber-attacks and data breaches are escalating in both scale and sophistication, and inadequate controls put clients and companies at real risk.

“ASIC expects financial services licensees to be on the front foot every day to protect their clients. FIIG wasn’t – and they put thousands of clients at risk.

“In this case, the consequences far exceeded what it would have cost FIIG to implement adequate controls in the first place.”

Responding to the ruling, FIIG stated: “FIIG accepts the Federal Court’s ruling related to a cybersecurity incident that occurred in 2023 and will comply with all obligations. We cooperated fully throughout the process and have continued to strengthen our systems, governance and controls. No client funds were impacted, and we remain focused on supporting our clients and maintaining the highest standards of information security.”

ASIC Steps Up Cyber Enforcement

The case underscores ASIC’s growing focus on cybersecurity enforcement within the financial services sector.

In July 2025, ASIC initiated civil proceedings against Fortnum Private Wealth Limited, alleging failures to appropriately manage and mitigate cybersecurity risks. Earlier, in May 2022, the Federal Court determined that AFS licensee RI Advice had breached its obligations by failing to maintain adequate risk management systems to address cybersecurity threats.

The Court stated: “Clients entrust licensees with sensitive and confidential information, and that trust carries clear responsibilities.”

In its 2026 key priorities document, ASIC identified cyberattacks, data breaches and weak operational resilience as major risks capable of undermining market integrity and harming consumers.

“Digitisation, legacy systems, reliance on third parties, and evolving threat actor capability continue to elevate cyber risk in ASIC’s view. ASIC is urging directors and financial services license holders to maintain robust risk management frameworks, test their operational resilience and crisis responses, and address vulnerabilities with their third-party service providers.”

Smartphone Restrictions Gain Momentum in Schools

Separately, debate over smartphone use in schools continues to intensify as institutions adopt phone-free policies to improve learning outcomes and student wellbeing.

Addressing concerns about the cost and necessity of phone restrictions, one advocate explained:

"Yes it can seem an expensive way of keeping phones out of schools, and some people question why they can't just insist phones remain in a student's bag," he explains.

"But smartphones create anxiety, fixation, and FOMO - a fear of missing out. The only way to genuinely allow children to concentrate in lessons, and to enjoy break time, is to lock them away."

Supporters argue that schools introducing phone-free systems have seen tangible improvements.

"There have been notable improvements in academic performance, and headteachers also report reductions in bullying," he explains.

Vale of York Academy implemented phone pouches in November. Headteacher Gillian Mills told the BBC:

"It's given us an extra level of confidence that students aren't having their learning interrupted.

"We're not seeing phone confiscations now, which took up time, or the arguments about handing phones over, but also teachers are saying that they are able to teach."

The political landscape is also responding. Conservative leader Kemi Badenoch has pledged to enforce a nationwide smartphone ban in schools if elected, while the Labour government has opted to leave decisions to headteachers and launched a consultation on limiting social media access for under-16s.

As part of broader measures, Ofsted will gain authority to assess school phone policies, with ministers signalling expectations that schools become “phone-free by default”.

Some parents, however, prefer their children to carry phones for safety during travel.

"The first week or so after we install the system is a nightmare," he adds. "Kids refuse, or try and break the pouches open. But once they realise no-one else has a phone, most of them embrace it as a kind of freedom."

The broader societal debate continues as smartphone use expands alongside social media and AI-driven content ecosystems.

"We're getting so many enquiries now. People want to ban phones at weddings, in theatres, and even on film sets," he says.

"Effectively carrying a computer around in your hand has many benefits, but smartphones also open us up to a lot of misdirection and misinformation.

"Enforcing a break, especially for young people, has so many positives, not least for their mental health."

Dugoni believes society may be approaching a critical moment:

"We're getting close to threatening the root of what makes us human, in terms of social interaction, critical thinking faculties, and developing the skills to operate in the modern world," he explains.

Read more »
Network Attacks
AI technology AI threats Cyber Security Cyberattacks Digital Security Identity Theft Network Attacks

AI and Network Attacks Redefine Cybersecurity Risks on Safer Internet Day 2026

 

As Safer Internet Day 2026 approaches, expanding AI capabilities and a rise in network-based attacks are reshaping digital risk. Automated systems now drive both legitimate platforms and criminal activity, prompting leaders at Ping Identity, Cloudflare, KnowBe4, and WatchGuard to call for updated approaches to identity management, network security, and user education. Traditional defences are struggling against faster, more adaptive threats, pushing organisations to rethink protections across access, infrastructure, and human behaviour. While innovation delivers clear benefits, it also equips attackers with powerful tools, increasing risks for businesses, schools, and policymakers who fail to adapt.  

Ping Identity highlights a widening gap between legacy security models and modern AI operations. Systems designed for static environments are ill-suited to dynamic AI applications that operate independently and make real-time decisions. Alex Laurie, the company’s go-to-market CTO, explained that AI agents now behave like active users, initiating processes, accessing sensitive data, and choosing next steps without human prompts. Because their actions closely resemble those of real people, distinguishing between human and machine activity is increasingly difficult. Without proper oversight, these agents can introduce unpredictable risks and expand organisational attack surfaces. 

Laurie advocates moving beyond static credentials toward continuous, verified trust. Instead of assuming legitimacy after login, organisations should validate identity, intent, and context at every interaction. Access decisions must adapt in real time, guided by behaviour and current risk conditions. This approach enables AI innovation while protecting data and users in an environment filled with autonomous digital actors. 

Cloudflare also warns of AI’s dual-use nature. While it boosts efficiency, it accelerates cybercrime by making attacks faster, cheaper, and harder to detect. Pat Breen cited Australian data from 2024–25, when more than 1,200 cyber incidents required response, including a sharp rise in denial-of-service attacks. Such disruptions immediately impact essential services like healthcare, banking, education, transport, and government systems. Whether AI ultimately increases safety or risk depends on how quickly cyber defences evolve. 

KnowBe4’s Erich Kron stresses the importance of digital mindfulness as AI-generated content and deepfakes spread. Identifying fake content is no longer a technical skill but a basic life skill. Verifying information, protecting personal data, using strong authentication, and keeping software updated are critical habits for reducing harm. WatchGuard Technologies reports a shift away from malware toward network-focused attacks. 

Anthony Daniel notes that this trend reinforces the need for Zero Trust strategies that verify every connection. Safer Internet Day underscores that cybersecurity is a shared responsibility, strengthened through consistent, everyday actions.
Read more »
Offline Security
Air Gaps Black hat Cyber Security Data Leak Offline Security

Black Hat Researcher Proves Air Gaps Fail to Secure Data

 

Air gaps, long hailed as the ultimate defense for sensitive data, are under siege according to Black Hat researcher Mordechai Guri. In a compelling presentation, Guri demonstrated multiple innovative methods to exfiltrate information from supposedly isolated computers, shattering the myth of complete offline security. These techniques exploit everyday hardware components, proving that physical disconnection alone cannot guarantee protection in high-stakes environments like government and military networks.

Guri's BeatCoin malware turns computer speakers into covert transmitters, emitting near-ultrasonic sounds inaudible to humans but detectable by nearby smartphones up to 10 meters away. This allows private keys or other secrets to leak out effortlessly. Even disabling speakers fails, as Fansmitter modulates fan speeds to alter blade frequencies, creating acoustic signals receivable by listening devices within 8 meters. For scenarios without microphones, the Mosquito attack repurposes speakers as rudimentary microphones via GPIO manipulation, enabling ultrasonic data transmission between air-gapped machines.

Electromagnetic exploits further erode air-gap defenses. AirHopper manipulates monitor cables to radiate FM-band signals, capturable by a smartphone's built-in receiver. GSMem leverages CPU-RAM pathways to generate cellular-like transmissions detectable by basic feature phones, while USBee transforms USB ports into antennas for broad leakage. These methods highlight how standard peripherals become unwitting conduits for data escape.

Faraday cages, designed to block electromagnetic waves, offer no sanctuary either. Guri's ODINI attack generates low-frequency magnetic fields from CPU cores, penetrating these shields.PowerHammer goes further by inducing parasitic signals on building power lines, tappable by attackers monitoring electrical infrastructure.Such persistence underscores the vulnerability of even fortified setups.

While these attacks assume initial malware infection—often via USB or insiders—real-world precedents like Stuxnet validate the threat. Organizations must layer defenses with anomaly detection, hardware restrictions, and continuous monitoring beyond mere air-gapping. Guri's work urges a reevaluation of "secure" isolation strategies in an era of sophisticated side-channel threats.
Read more »
Software Defined Vehicles
AI Data Governance AI Regulatory Policy Automotive Cybersecurity Autonomous Vehicle Risks Connected Vehicle Security Privacy Software Defined Vehicles

Intelligent Vehicles Fuel a New Era of Automotive Data Trade


 

In the past, automotive sophistication was measured in mechanical terms. Conversations centered around engine calibration, refinement of drivetrains, suspension geometry, and steering feedback were centered around engine calibration. 

The shorthand used to describe innovation was horsepower output, torque delivery, and braking distance. This hierarchy has been radically altered. It has been estimated that the industry has undergone an unprecedented transformation over the last two years. 

In recent years, electrification has evolved from an ambitious strategy to an expectation among the mainstream. Features subscriptions have reshaped ownership economics in many ways. Driver assistance systems and semiautonomous capabilities have evolved from experimental prototypes to production versions. 

In contrast to mechanical engineering, software now serves as a coequal force that shapes product identity and long-term value for consumers. The consumer increasingly evaluates vehicles based on their digital capabilities, rather than purely mechanical differences. 

As important as acceleration figures and ride quality are, over-the-air update infrastructure, predictive diagnostics, integrated app ecosystems, natural language interfaces, and automated parking functions carry a significant amount of weight. It is not only important for vehicles to perform well on the road, but also that they integrate with digital life, adapt to changes through data, and improve over time. 

The contemporary automobile has evolved not only in terms of its chassis and powertrain, but also through its software stack and network connectivity. Digital architecture is no longer an overlay on a vehicle; it is integral to its design. Technology realignment has been accompanied by an important recalibration of federal AI policy. 

During the first day of his administration, President Donald Trump signed Executive Order 14179, repealing previous directives considered restrictive to domestic AI development. A 2023 framework, which stressed precautionary oversight and risk mitigation, has been superseded by this order. 

According to a previously issued guidance, if AI adoption is irresponsible or inadequately governed, fraud, bias, discrimination, displacement of labor, competitive distortions, and national security vulnerabilities will intensify. Therefore, safeguards are required proportionate to the increasing influence of AI. 

When executive guardrails have been removed, the regulatory environment has been tilted in favor of acceleration and competitive positioning. The implications of AI are immediate for sectors already integrating machine learning into operational infrastructure, such as automobile manufacturers who integrate machine learning into vehicle operating systems, driver monitoring, predictive maintenance and personalization engines. 

Consequently, the federal government has focused on technological leadership and deployment velocity as part of its policy shift. With vehicles becoming increasingly connected computing platforms capable of continuous data capture and algorithmic decision-making, the absence of prescriptive federal constraints creates an opportunity for rapid integration of artificial intelligence-based features across passenger vehicles and commercial fleets. 

As evidenced by the dominant use of artificial intelligence at CES 2026, automakers presented AI as more than just a supplement to next-generation mobility ecosystems, but rather as the enabler layer, accelerating autonomous driving initiatives in particular. 

The Ford executive in charge of electric vehicles, digital platforms, and design, Doug Field, articulated the vision of artificial intelligence as an embedded companion system - an adaptive layer able to synthesize contextual inputs such as driving behavior, geographical location, and vehicle performance. 

In order to simplify decision-making, the objective, he argued, is to interpret complex conditions in real time and translate them into intuitive interactions between driver and machine. Ford plans to implement this vision beginning as early as 2027 by integrating embedded artificial intelligence assistants into all new and refreshed models. This initiative represents the overall shift of the automotive industry towards software-defined vehicle architectures which incorporate cloud connectivity, scalable computing, and continuous training to enhance functionality long after the vehicle has been sold. 

Additionally, the company has taken steps to define its data governance position. The Chief Privacy Officer at Ford, Kristin Jones, has stated publicly that the company does not sell vehicle data, but instead uses it to support connected services and to improve products. 

In communications with customers, the company has made it clear that data practices will be transparent, and that customers will be able to determine if their data is shared for designated purposes. A broader competitive trend is reflected in Ford's approach. Manufacturers across the globe are integrating generative and conversational artificial intelligence engines into the infotainment and vehicle control systems. 

Volkswagen has integrated its IDA assistant with ChatGPT while emphasizing the protection of personal information. With the integration of ChatGPT and Google's Gemini models into Mercedes-Benz's MBUX interface, Mercedes has enhanced its MBUX experience. BMW has presented an AI-based assistant based on Amazon's Alexa+ infrastructure, showcasing its capabilities in a public demonstration. 

In recent years, Tesla has integrated Grok, an artificial intelligence model developed within its larger technology ecosystem, into aspects of its in-vehicle experience—a move attracting scrutiny due to the prior controversy surrounding the model's external application. 

In addition to enhanced voice recognition and natural language command processing, some deployments also include telemetry analysis, driver behavior modeling, contextual personalization, and adaptive cabin intelligence. As Geely presented at CES, the significance of the shift was clearly evident. The company leadership characterized the modern vehicle as a computer-based system rather than a mechanical platform that is enhanced with software. 

In introducing Full-Domain AI 2.0, an intelligent cockpit environment and advanced autonomous driving were supported through a unified framework based on AI 2.0. As part of the accompanying Geely Afari Smart Driving system, perception modules, decision-making engines, and interface layers are integrated into an artificial intelligence stack. This framing was explicit: competitive advantage in the automotive sector is based on algorithmic capability, data throughput, and computation performance as opposed to traditional mechanical differentiation. 

A parallel development in the autonomous driving supply chain reinforces that trajectory. As part of its CES presentation at CES, Nvidia exhibited its open-source Alpamayo family of open-source artificial intelligence models tailored to self-driving applications. 

The growing dependency of autonomous systems on large-scale model training and real-time inference highlights the need for scalable, high-performance computing infrastructure. The Lucid Gravity vehicle architecture was developed in collaboration with Nuro to integrate artificial intelligence technologies into a upcoming robotaxi platform built around the Lucid Gravity vehicle architecture. 

These announcements demonstrate the convergence of automotive engineering, cloud computing, semiconductor innovation, and machine learning technologies. In order to address this challenge, vehicles have evolved into persistent data-generating systems, which collect granular telemetry, geolocation histories, biometric indicators, and inputs from environmental mapping systems. 

The continuous data streams produced by autonomous stacks and AI companions are not guaranteed to be free from secondary repurposing or commercial repurposing across jurisdictions. Historically, adjacent digital industries have demonstrated that monetization incentives and third-party data-sharing arrangements tend to increase when large-scale data ecosystems are established.

As a result of a policy landscape that emphasizes rapid deployment of artificial intelligence (AI), the boundaries governing automotive data flows are uneven, and in some cases undefined. Therefore, commercial logic for data extraction is becoming intrinsically embedded in vehicle development roadmaps. 

There are recurring patterns in regulatory settlements, investigative reports, and litigation: technical capability generally advances more rapidly than governance mechanisms designed to prevent misuse. Despite manufacturers' claims that artificial intelligence systems act as copilots or intelligent assistants, these systems require extensive, continuous data acquisition frameworks which require disciplined oversight to operate. 

The automotive industry may achieve sustainable advancements less by incremental improvements in model performance than by ensuring that the underlying data architecture is robust. It is necessary to translate concepts of privacy-by-design, granular consent interfaces, strict purpose limits, and rigorous data minimization from policy language into technical controls that can be enforced within firmware, vehicle operating systems, and cloud backends. 

Cross-border data-sharing agreements should be expected to be subject to regulatory scrutiny in markets where vehicles are operated. De-identification processes should be auditable and technically valid, rather than declarative.
Read more »
United Kingdom
Botnet construction Cyber Attacks Prometei Russia United Kingdom

UK Construction Company’s Windows Server Infiltrated by Prometei Botnet

 



In January 2026, a construction company in the United Kingdom found an unwelcome presence inside one of its Windows servers. Cybersecurity analysts from eSentire’s Threat Response Unit (TRU) determined that the intruder was a long-running malware network known as Prometei, a botnet with links to Russian threat activity and active since at least 2016.

Although Prometei has been widely observed conducting covert cryptocurrency mining, the investigation showed that this malware can do much more than simply generate digital currency. In this case, it was also capable of capturing passwords and potentially enabling remote control of the affected system.

According to the analysis shared with cybersecurity media, this attack did not involve complex hacking techniques. The initial intrusion appears to have occurred because the attackers were able to successfully log into the server using Remote Desktop Protocol (RDP) with weak or default login credentials. Remote Desktop, a tool used to access computers over a network, can be exploited easily if account passwords are simple.

Prometei is not a single program that drops onto a system. Instead, it operates as a collection of tools designed to carry out multiple functions once it gains access. When the malware first infects a machine, it adds a new service with a name such as “UPlugPlay,” and it creates a file called sqhost.exe to ensure that it relaunches automatically every time the server restarts.

Once these persistence mechanisms are in place, the malware downloads its main functional component, often called zsvc.exe, from a command server linked to an entity identified in analysis as Primesoftex Ltd. This payload is transmitted in encrypted form and disguised to avoid detection.

After establishing itself, Prometei collects basic technical information about the infected system by using legitimate Windows utilities. It then employs credential-harvesting techniques that resemble the behaviour of publicly known tools, capturing passwords stored on the server and within the network. In the course of this activity, Prometei commonly leverages the TOR anonymity network to conceal its command and control communications, making it harder for defenders to trace its actions.

Prometei also has built-in countermeasures to evade analysis and detection. For example, the malware checks for the presence of a specific file called mshlpda32.dll. If this file is absent, instead of crashing or revealing obvious malicious behaviour, the malware executes benign-looking operations that mimic routine system tasks. This is a deliberate method to confuse security researchers and automated analysis tools that attempt to study the malware in safe environments.

In a further twist, once Prometei has established a foothold, it also deploys a utility referred to as netdefender.exe. This component monitors failed login attempts and blocks them, effectively locking out other potential attackers. While this might seem beneficial, its purpose is to ensure that the malicious operator retains exclusive control of the compromised server.

To protect systems from similar threats, cybersecurity experts urge organisations to replace default passwords with complex, unique credentials. They recommend implementing multi-factor authentication for remote access services, keeping software up to date with security patches, and monitoring login activity for unusual access attempts. eSentire has also released specialised analysis tools that allow defenders to unpack Prometei’s components and study its behaviour in controlled settings.


Read more »
Solar Winds
Cloud Cyber Security Data RCE Solar Winds

SolarWinds Web Help Desk Compromised for RCE Multi Stage


SolarWinds compromised 

The threat actors used internet-exposed SolarWinds Web Help Desk (WHD) instances to gain initial access and then proceed laterally across the organization's network to other high-value assets, according to Microsoft's disclosure of a multi-stage attack. 

However, it is unclear if the activity used a previously patched vulnerability (CVE-2025-26399, CVSS score: 9.8) or recently revealed vulnerabilities (CVE-2025-40551, CVSS score: 9.8, and CVE-2025-40536, CVSS score: 8.1), according to the Microsoft Defender Security Research Team.

"Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold," the company said in the report. 

About the exploit

CVE-2025-40551 and CVE-2025-26399 both relate to untrusted data deserialization vulnerabilities that could result in remote code execution, and CVE-2025-400536 is a security control bypass vulnerability that might enable an unauthenticated attacker to access some restricted functionality.

Citing proof of active exploitation in the field, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-40551 to its list of known exploited vulnerabilities (KEVs) last week. By February 6, 2026, agencies of the Federal Civilian Executive Branch (FCEB) were required to implement the solutions for the defect. 

The impact 

The successful exploitation of the exposed SolarWinds WHD instance in the attacks that Microsoft discovered gave the attackers the ability to execute arbitrary commands within the WHD application environment and accomplish unauthenticated remote code execution.

Microsoft claimed that in at least one instance, the threat actors used a DCSync attack, in which they impersonated a Domain Controller (DC) and asked an Active Directory (AD) database for password hashes and other private data. 

What can users do?

Users are recommended to update WHD instances, identify and eliminate any unauthorized RMM tools, rotate admin and service accounts, and isolate vulnerable workstations to minimize the breach in order to combat the attack. 

"This activity reflects a common but high-impact pattern: a single exposed application can provide a path to full domain compromise when vulnerabilities are unpatched or insufficiently monitored," the creator of Windows stated.

Read more »
Smart TV Security
Android TV botnet Cyber Security IoT device hacking Ireland cyberattack warning Kimwolf botnet Smart TV Security

Urgent Alert for Irish Homes as Massive Cyberattacks Exploit Smart TVs and IoT Devices

 

An urgent cybersecurity alert has been issued to households across Ireland amid warnings of “large scale” cyberattacks that could compromise everyday home devices.

Grant Thornton Ireland has cautioned that devices such as Android TV boxes and TV streaming hardware are increasingly being leveraged in cyberattacks on a daily basis. The warning follows one of the largest Distributed Denial of Service (DDoS) attacks ever recorded, which occurred in November 2025.

Although the attack lasted only 35 seconds, it reached an unprecedented peak of 31.4 terabits per second. Investigations revealed that the assault was carried out by a botnet known as Kimwolf, largely made up of hijacked Android-powered televisions and TV streaming devices.

The attack was identified and mitigated by cybersecurity firm Cloudflare. However, security specialists warn that millions of low-cost, poorly secured devices remain vulnerable to infection and remote control by cybercriminals.

Experts at Grant Thornton highlighted that cyber risks are no longer limited to workplace systems. Instead, individuals are increasingly being targeted through commonly used household technology.

Once compromised, devices such as smart TVs or even smart lightbulbs can provide attackers with a gateway into a home network. From there, cybercriminals can gather personal information and launch more tailored phishing campaigns. Devices lacking proper security protections are considered the most vulnerable.

Cybersecurity Partner at Grant Thornton Ireland, Howard Shortt, said:
“Many people don’t realise that a low-cost Android TV box in their sitting room or a cheap smart lightbulb can be compromised in seconds.

“Once attackers gain access, they can use that device as part of a botnet or quietly profile the household to support more targeted and convincing phishing attacks.

“Attackers typically exploit default passwords, outdated software, or unpatched vulnerabilities in internet-connected devices and once inside a home network, can observe traffic patterns and build a profile of the household.

“That information allows criminals to engineer highly believable phishing messages.

“For example, posing as a streaming provider with a prompt to review a show you have just watched.

“At that point, the scam is no longer random and much more believable.”

Grant Thornton stressed that “the risk extends beyond TV devices” and warned that low-cost Internet of Things (IoT) gadgets are becoming increasingly common in Irish homes, often with minimal built-in security.

Shortt urged households to take a proactive stance on home cybersecurity, recommending “basic steps such as changing default passwords on all smart devices and routers”.

He also advised consumers to purchase devices only from reputable brands and trusted vendors to reduce the risk of compromise.

Read more »
Online Payments
Blockchain Blockchain Payments Blockchain Technology Cyber Security Digital Payment Digital payment system Online Payments

How HesabPay and Algorand Are Enabling Humanitarian Aid and Financial Inclusion in Afghanistan

A sudden shift unfolded across Afghanistan once American and NATO troops left in August 2021. Power structures backed by Washington vanished almost overnight; chaos spread quickly through regions. Instead, authority shifted back into the hands of the Taliban - two decades after their last rule ended. Hardship deepened ever since, turning daily life into struggle for millions. Among the worst humanitarian emergencies today, the nation battles crippling poverty, hunger that reaches far, along with frozen financial systems. 

Right now, about 97 out of every 100 people in Afghanistan survive on less than what is considered a basic living standard. Close to twenty million individuals - half the country's residents - face severe shortages in reliable access to meals, reports the UN’s food aid agency. Over a million kids younger than five endure ongoing lack of proper nutrition, their growth stunted by months without balanced diets. While some manage to stay alive, future well-being frequently remains compromised due to lasting physical strain. When circumstances reach this level, outside help isn’t just helpful - it becomes something people depend on simply to continue breathing. 

Hardship deepens as economic strains mount. Drought drags on, world food costs climb, while aid linked to departing troops vanishes overnight - wrecking ways people earn a living. Few jobs exist; instead, each day brings another test just to stay alive for countless Afghan families. 

With sanctions in place, overseas funds locked up, banks barely functioning, yet cash hard to find, money flows have shrunk sharply nationwide. Because of these pressures, large numbers rely on support from global bodies like the WFP, UNICEF, along with key NGOs. Even so, amid ongoing challenges, a local tech venture named HesabPay introduced a digital payment system using Algorand's blockchain, aiming to send assistance straight to people. 

A digital form of the Afghan Afghani, supported by real money held in bank accounts, is released by HesabPay. Built on the Algorand blockchain, it handles transfers efficiently. Even without smartphones, people move money thanks to compatibility with basic handsets. Payments happen daily - for food, phone credit, power charges - without delays. Changing paper notes into electronic value takes place at local centers run by HesabPay. These spots stretch across every province, reaching distant regions others miss. Access stays open regardless of location because of this spread. 

A single QR card connects each user to their account, helping those without phones join easily. When someone pays, shops scan the code while confirmation comes via text message - no tech skills needed. Backing it up, checks grow stricter step by step: identity verified, banned parties screened, transactions watched using shared ledger tracking to block fraud before it spreads. With a network now reaching 400,000 individuals and 3,000 businesses across the country, HesabPay has handled close to 4.5 million transactions so far. 

Running on Algorand’s blockchain technology, it keeps transaction costs minimal - often zero - for consumers at storefronts. When assistance flows straight into the hands of women, results shift noticeably; household stability strengthens, community wellbeing rises. Efficiency isn’t the only outcome here. 

Now imagine a tool that quietly reshapes aid delivery - HesabPay does exactly that by using blockchain to build systems that grow easily, stay clear, and include more people. Where banks vanish or never existed, alternatives like this prove digital setups can reopen doors to basic needs while returning respect to those often left behind.
Read more »
Ransomware
cyber attack Data Breach Data Theft mental Health Ransomware

Birmingham Mental Health Authority Alerts More than 30,000 People to Ransomware-linked Data Breach

 

A public mental health authority in Birmingham, Alabama has notified more than 30,000 individuals that their personal and medical information may have been exposed in a data breach linked to a ransomware attack late last year. 

The informed 30,434 people of the breach, according to a disclosure filed with the . The incident occurred in November 2025 and affected data collected over a period spanning more than a decade. According to the notification sent to those affected, unauthorized access to the authority’s network was detected on or around November 25, 2025. 

An internal investigation found that certain files may have been accessed or taken without authorization. The potentially exposed information includes names, Social Security numbers, dates of birth, health insurance details and extensive medical information. 

The compromised medical data may include billing and claims records, diagnoses, physician information, medical record numbers, Medicare or Medicaid details, prescription data and treatment or diagnostic information. 

The authority said the affected records relate to patients or employees dating back to 2011. A ransomware group known as claimed responsibility for the attack in December 2025, demanding a ransom of $200,000 and threatening to publish 168.6 gigabytes of allegedly stolen data. 

The group posted sample images online as proof of the breach. The mental health authority has not publicly confirmed Medusa’s claim and has not disclosed whether a ransom was paid. 

The authority declined to comment on how attackers gained access to its systems. The breach notification does not mention any offer of free credit monitoring or identity theft protection for affected individuals. Medusa has been active since 2019 and operates a ransomware-as-a-service model, in which affiliates use its tools to carry out attacks. 

In 2025, the group claimed responsibility for dozens of confirmed ransomware incidents, many of them targeting healthcare providers. Those attacks exposed the personal data of more than 1.7 million people, according to publicly reported figures. 

Healthcare organizations have been a frequent target of ransomware groups in the US. Researchers tracking cyber incidents reported more than 100 confirmed ransomware attacks on hospitals, clinics and care providers in 2025, compromising data belonging to millions of patients. Such attacks can disrupt clinical operations, force providers to revert to manual systems and raise risks to patient safety and privacy. 

The Jefferson Blount St. Claire Mental Health Authority operates four mental health facilities serving Jefferson, Blount and St. Clair counties in Alabama.
Read more »
Data Theft
Business Cyber Breaches Cyber Security Cybersecurity Data Theft

Cybersecurity Breaches Emerge as top Business Risk for Indian Companies

 


Cybersecurity breaches and attacks have become the leading threat to business performance for Indian companies, with 51% of senior executives identifying them as their primary risk, according to a new survey released by FICCI and EY. 

The FICCI-EY Risk Survey 2026 ranked changing customer expectations and geopolitical developments as the next most significant risks, flagged by 49% and 48% of respondents respectively. 

The findings point to a business environment where technology, regulation and external shocks are increasingly interconnected. 

The survey, conducted through a web-based questionnaire, gathered responses from 137 senior decision-makers, including CXOs, across multiple sectors. 

Technology firms accounted for the largest share of respondents, followed by professional services companies. According to the report, technology-related risks are now closely tied to operational continuity and resilience. 

About 61% of respondents said rapid technological change and digital disruption are affecting their competitive position, while an equal proportion cited cyber-attacks and data breaches as major financial and reputational threats. 

More than half of those surveyed, 57%, flagged risks related to data theft and insider fraud, and 47% said they face difficulties in countering increasingly sophisticated cyber threats. 

Artificial intelligence emerged as a dual risk area. While 60% of executives said inadequate adoption of emerging technologies, including AI, could weaken operational effectiveness, 54% said risks linked to AI ethics and governance are not being managed effectively. 

“In a business environment shaped by volatility, the ability to anticipate, absorb and adapt to risk is emerging as a defining capability for sustained growth,” said Rajeev Sharma, chair of the FICCI Committee on Corporate Security and Disaster Risk Reduction. 

He added that organisations are increasingly embedding risk considerations into strategic decision-making rather than treating them as isolated events. 

The survey also highlighted workforce-related concerns. Nearly two-thirds of respondents said talent shortages and skill gaps could hurt organisational performance, while 59% pointed to weak succession planning as a risk to long-term stability. 

Regulatory change remains another pressure point. About 67% of executives said regulatory developments need to be addressed proactively, while 40% acknowledged that existing compliance frameworks struggle to keep pace with evolving rules. 

Climate and environmental, social and governance risks are also translating into financial exposure. Around 45% of respondents cited climate-related financial impacts as a critical operational risk, and 44% said non-compliance with ESG disclosure requirements could significantly affect business outcomes. 

Supply chain disruptions continue to weigh on corporate planning, with 54% of leaders identifying them as a risk to operational and business continuity. 

“Organisations are navigating a phase where multiple risks are converging rather than occurring in isolation,” said Sudhakar Rajendran, risk consulting leader at EY India, pointing to the combined impact of inflation, cyber threats, AI governance, climate exposure and regulatory change on corporate resilience.
Read more »
Singapore Telecoms
China Nexus Cyber Attacks cyber espionage Singapore Telecoms

Singapore Telecoms Hit by China-Linked Cyber Espionage

 

Singapore’s cyber watchdog has disclosed that an advanced cyber espionage group — UNC3886, with which APT10 and Red October have been linked — was behind attacks that targeted the four major telecom operators last year. The affected companies were Singtel, StarHub, M1 and Simba Telecom, which collectively provide the backbone of Singapore’s communications infrastructure. The authorities said this is the first time they have publicly acknowledged that the group’s targets have included telecommunications networks, highlighting how these systems are increasingly viewed as vital to national security. 

Although the hackers were able to gain access to some areas of the operators' networks, the Cyber Security Agency of Singapore said that no disruptions were caused to services and that no data belonging to customers was stolen. The breaches were deemed to be orchestrated to be stealthy, rather than loud, investigators said, with the hackers taking a sideways route through compromised networks inside chosen segments, rather than triggering massive outages. Officials stressed the incident was isolated and that there is no indication that the end users were directly affected and cautioned that the breaches are a serious security issue even if the attacks didn’t seem to affect them. 

The hackers were able to extract a limited amount of technical information from the telecom environments, primarily network‑related data such as configuration details and system metadata. Singapore’s cyber agency believes this information was stolen to support the group’s longer‑term operational objectives, including planning future intrusions, improving their understanding of the infrastructure and identifying potential weak points. While the volume of exfiltrated data was described as small, officials cautioned that even narrow slices of high‑value technical data can significantly enhance a sophisticated actor’s capabilities.

Google‑owned cybersecurity firm Mandiant has profiled UNC3886 as a highly advanced “China‑nexus” espionage group that has previously targeted defence, technology and telecommunications organisations in both the United States and Asia. Beijing routinely rejects allegations that it conducts or sponsors cyber espionage, insisting that China opposes all forms of cyberattacks and is itself a victim of malicious cyber activity. The Chinese Embassy in Singapore did not immediately respond to requests for comment on the latest disclosures about UNC3886.

In a joint statement, Singtel, StarHub, M1 and Simba Telecom acknowledged that they regularly face a wide spectrum of cyber threats, ranging from distributed denial‑of‑service attacks and malware to phishing campaigns and more persistent, stealthy intrusions. The operators said they employ “defence‑in‑depth” strategies, combining layered security controls with continuous monitoring and prompt remediation when suspicious activity is detected. They added that they work closely with government agencies and industry experts to strengthen the resilience of Singapore’s telecom infrastructure as cyber adversaries grow more capable.
Read more »
Vendor Risk Management
Data Breach Email Service Provider Incident response Phishing Risk SaaS security supply chain security Third-party breach User Data Protection Vendor Risk Management

Flickr Reveals Data Breach Originating From Third Party Systems


 

A security incident affecting the user data of popular photo sharing platform Flickr has been confirmed to be the result of a compromise within a third-party service integrated into Flickr's operation, rather than the company's core infrastructure. 

According to the company, sensitive customer information was exposed through a breach involving an external email service provider, which exposed an undisclosed number of users' sensitive data. In spite of Flickr's emphasis on the fact that the intrusion was detected and contained within hours, the incident illustrates the persisting risks associated with third-party dependencies within modern cloud and SaaS environments. 

An unauthorized access was discovered on February 5, which resulted in immediate incident response measures as indicated in a breach notification circulated to affected users and reviewed by The Register. 

An external provider's vulnerable endpoint was identified as a source of malicious activity by Flickr, which was immediately isolated in order to prevent further data exposure or lateral movement. In addition to revocation of pathways and expulsion of threat actors, notifications were also sent to the relevant regulatory authorities, data protection bodies, and affected customers regarding the malicious activity. 

A thorough forensic investigation has been commissioned by the company's third-party provider, and detailed findings will be shared as soon as possible, signaling the company's commitment to reviewing vendor security controls and accountability in a broader way. 

Following notification to users, the incident disclosure indicates that Flickr's exposure was caused by a security breach within an external email service provider it uses rather than a compromise of its primary platform itself. 

Among the information that could potentially have been accessed by unauthorized parties were real names, email addresses, IP addresses, and limited account activity information. Flickr declined to identify the third-party provider involved in the incident and did not specify how many users may have been affected, merely stating that investigation continues to determine the scope of the impact. 

Since Flickr's founding in 2004, it has grown into one of the world's largest communities of photographers, hosting over 28 billion photos and videos, and reporting a monthly active user base of over 35 million users, with over 800 million page views. 

The company stated in its statement that immediate containment measures were initiated following the detection of the issue. These measures included revoking access to the affected systems, severing connections with the vulnerable endpoints, and engaging a third-party provider to conduct an extensive forensic examination.

In parallel with these actions, Flickr notified relevant data protection authorities and initiated an internal security assessment intended to strengthen governance and technical controls across third-party integrations.

In its user advisory, Flickr urged customers to be aware of potential phishing attempts that may impersonate official communications in order to exploit this incident. As part of the company's recommendations, the company also recommended that customers review their account activity for anomalies and update their credentials on other services in cases where they may have been reused, reinforcing the importance of standard post-breach hygiene practices during the investigation process. 

As part of its notification to users, Flickr indicated that they are conducting an in-depth investigation as well as reinforcing the security controls governing third-party providers, and that the relevant data protection authorities have been formally notified. 

It was clarified by the company that the attackers accessed a variety of information based on the user, such as name, email address, username, account types, IP addresses, and approximate location information. 

In light of the incident, Flickr stressed that passwords, payment information, and other financial information were not compromised. Specifically, the company cautioned users to be on their guard when receiving suspicious e-mails, particularly messages that purport to be from the company, as the exposed personally identifiable information could be utilized to develop convincing social engineering attacks. 

Additionally, the notification included references to European and United States data protection authorities, which suggests that the incident may have affected users in more than one jurisdiction. With over 35 million monthly users across 190 countries, Flickr has a global exposure spanning a wide geographical area. 

Neither the threat actor nor the data had surfaced on known underground marketplaces at the time of disclosure. However, security experts note that even limited account metadata may be exploited in order to stage targeted phishing attempts, such as fraudulent account suspension notices or payment verification requests, aimed at obtaining additional credentials or financial information from users without their knowledge.

It is important to remember that third-party integrations, particularly those embedded in identity, communication, and notification workflows, create an expanding attack surface. Even though the immediate impact of Flickr's breach was limited by its rapid containment, the incident demonstrates the importance of continuous risk assessments and endpoint visibility among external service providers, as well as contractual security obligations. 

Increasingly, organizations operating at a global scale must regard third-party services as extensions of their internal environment, subject to the same monitoring, logging, and incident response procedures as they do their internal systems. 

A user may be exposed to long-term risks associated with the misuse of seemingly low-sensitivity account information, which can later be repurposed to facilitate highly targeted phishing and account takeover attempts. 

According to security professionals, it is advisable to maintain separate credentials across different services, to enable additional authentication safeguards when they are available, and to exercise caution when responding to unsolicited communication regarding users' account.

During the course of the investigation, the broader industry will closely observe for any further disclosures that may affect how platform operators balance their reliance on external vendors with demonstrating an effective supply-chain security infrastructure.
Read more »
Yondr pouches
live music experience Paul McCartney concert phone-free concerts schools phone ban smartphone ban Technology Yondr pouches

Paul McCartney’s Phone-Free Concert Sparks Growing Push to Lock Smartphones Away

 


When Sir Paul McCartney took the stage at the Santa Barbara Bowl, he promised fans a close, personal performance. He went a step further by introducing a strict no-phones policy, effectively creating a temporary “lockdown” on selfies and video recording.

All 4,500 attendees were required to place their mobile phones inside magnetically sealed pouches for the entire show, resulting in a completely phone-free concert experience.

"Nobody's got a phone," McCartney announced during his 25-song performance. "Really, it's better!" he added.

The process behind enforcing such a large-scale phone ban is relatively straightforward. As fans enter the venue, their phones are sealed inside special pouches that remain with them throughout the event. Once the show ends, the magnetic lock is released and devices are returned to normal use.

A growing number of artists have adopted similar policies. Performers including Dave Chappelle, Alicia Keys, Guns N' Roses, Childish Gambino and Jack White say phone-free environments help them deliver better performances and even take creative risks.

In a June interview with Rolling Stone, Sabrina Carpenter also spoke about the possibility of banning phones at future concerts. Many fans appear open to the idea.

Shannon Valdes, who attended a Lane8 DJ set, shared her experience online: "It was refreshing to be part of a crowd where everyone was fully present - dancing, connecting, and enjoying the best moments - rather than recording them."

The inspiration behind the pouch technology dates back to 2012, when Graham Dugoni witnessed a moment at a music festival that left a lasting impression.

"I saw a man drunk and dancing and a stranger filmed him and immediately posted it online," Dugoni explains. "It kind of shocked me.

"I wondered what the implications might be for him, but I also started questioning what our expectations of privacy should be in the modern world."

Within two years, the former professional footballer launched Yondr, a US-based start-up focused on creating phone-free spaces. While the lockable pouch industry is still developing, more companies are entering the market. These pouches are now commonly used in theatres, art galleries, and increasingly in schools.

Prices typically range from £7 to £30 per pouch, depending on order size and supplier. Yondr says it has partnered with around 2.2 million schools in the US, while roughly 250,000 students across 500 schools in England now use its pouches. One academy trust in Yorkshire reportedly spent £75,000 implementing the system.

Paul Nugent, founder of Hush Pouch, spent two decades installing school lockers before entering this space. He says school leaders must weigh several factors before adopting the technology.

"Yes it can seem an expensive way of keeping phones out of schools, and some people question why they can't just insist phones remain in a student's bag," he explains.

"But smartphones create anxiety, fixation, and FOMO - a fear of missing out. The only way to genuinely allow children to concentrate in lessons, and to enjoy break time, is to lock them away."

According to Dugoni, schools that have introduced phone-free policies have reported measurable benefits.

"There have been notable improvements in academic performance, and headteachers also report reductions in bullying," he explains.

Vale of York Academy introduced pouches in November. Headteacher Gillian Mills told the BBC: "It's given us an extra level of confidence that students aren't having their learning interrupted.

"We're not seeing phone confiscations now, which took up time, or the arguments about handing phones over, but also teachers are saying that they are able to teach."

The political debate around smartphones in schools is also intensifying. Conservative leader Kemi Badenoch has said her party would push for a complete ban on smartphones in schools if elected. The Labour government has stopped short of a nationwide ban, instead allowing headteachers to decide, while opening a consultation on restricting social media access for under-16s.

As part of these measures, Ofsted will be granted powers to review phone-use policies, with ministers expecting schools to become “phone-free by default”.

Nugent notes that many parents prefer their children to carry phones for safety reasons during travel.

"The first week or so after we install the system is a nightmare," he adds. "Kids refuse, or try and break the pouches open. But once they realise no-one else has a phone, most of them embrace it as a kind of freedom."

The rapid expansion of social media platforms and AI-driven content places these phone-free initiatives in direct opposition to tech companies whose algorithms encourage constant smartphone use. Still, Nugent believes public sentiment is shifting.

"We're getting so many enquiries now. People want to ban phones at weddings, in theatres, and even on film sets," he says.

"Effectively carrying a computer around in your hand has many benefits, but smartphones also open us up to a lot of misdirection and misinformation.

"Enforcing a break, especially for young people, has so many positives, not least for their mental health."

Dugoni agrees that society may be reaching a turning point.

"We're getting close to threatening the root of what makes us human, in terms of social interaction, critical thinking faculties, and developing the skills to operate in the modern world," he explains.

"If we continue to outsource those, with this crutch in our pocket at all times, there is a danger we end up undermining what it means to be a productive person.

"And that is a moment where it's worth pushing back and trying to understand where we go from here."

As 4,500 McCartney fans sang along to Hey Jude under a late-September sky, many may have felt the former Beatle’s message resonate just as strongly as the music.

Read more »
Students
AI Cyber Security entrepreneurs founders Healthcare new startup Stanford University Students

Student Founders Establish Backed Program to Help Peers Build Startups

 



Two students affiliated with Stanford University have raised $2 million to expand an accelerator program designed for entrepreneurs who are still in college or who have recently graduated. The initiative, called Breakthrough Ventures, focuses on helping early-stage founders move from rough ideas to viable businesses by providing capital, guidance, and access to professional networks.

The program was created by Roman Scott, a recent graduate, and Itbaan Nafi, a current master’s student. Their work began with small-scale demo days held at Stanford in 2024, where student teams presented early concepts and received feedback. Interest from participants and observers revealed a clear gap. Many students had promising ideas but lacked practical support, legal guidance, and introductions to investors. The founders then formalized the effort into a structured accelerator and raised funding to scale it.

Breakthrough Ventures aims to address two common obstacles faced by student founders. First, early funding is difficult to access before a product or revenue exists. Second, students often do not have reliable access to mentors and industry networks. The program responds to both challenges through a combination of financial support and hands-on assistance.

Selected teams receive grant funding of up to $10,000 without giving up ownership in their companies. Participants also gain access to legal support and structured mentorship from experienced professionals. The program includes technical resources such as compute credits from technology partners, which can lower early development costs for startups building software or data-driven products. At the end of the program, founders who demonstrate progress may be considered for additional investment of up to $50,000.

The accelerator operates through a hybrid format. Founders participate in a mix of online sessions and in-person meetups, and the program concludes with a demo day at Stanford, where teams present their progress to potential investors and collaborators. This structure is intended to keep participation accessible while still offering in-person exposure to the startup ecosystem.

Over the next three years, the organizers plan to deploy the $2 million fund to support at least 100 student-led companies across areas such as artificial intelligence, healthcare, consumer products, sustainability, and deep technology. By targeting founders at an early stage, the program aims to reduce the friction between having an idea and building a credible company, while promoting responsible, well-supported innovation within the student community.

Read more »
Ukraine
Cloud Data Starlink Technology Ukraine

Ukraine Increases Control Over Starlink Terminals


New Starlink verification system 

Ukraine has launched a new authentication system for Starlink satellite internet terminals used by the public and the military after verifying that Russia state sponsored hackers have started using the technology to attack drones. 

The government has also introduced a compulsory “whitelist” for Starlink terminals, where only authenticated and registered devices will work in Ukraine. All other terminals used will be removed, as per the statement from Mykhailo Fedorov, country's recently appointed defense chief. 

Why the new move?

Kyiv claims that Russian unmanned aerial vehicles are now being commanded in real time using Starlink links, making them more difficult to detect, jam, or shoot down. This action is intended to counteract these threats. "It is challenging to intercept Russian drones that are equipped with Starlink," Fedorov stated earlier this week. "They can be controlled by operators over long distances in real time, will not be affected by electronic warfare, and fly at low altitudes." The Ministry of Defense is implementing the whitelist in collaboration with SpaceX, the company that runs the constellation of low-Earth orbit satellites for Starlink.

The step is presently the only technological way to stop Russia from abusing the system, Fedorov revealed Wednesday, adding that citizens have already started registering their terminals. "The government has taken this forced action to save Ukrainian lives and safeguard our energy infrastructure," he stated. 

How will it impact other sectors?

Businesses will be able to validate devices online using Ukraine's e-government services, while citizens will be able to register their terminals at local government offices under the new system. According to Ukraine's Ministry of Defense, military units will be exempt from disclosing account information and will utilize a different secure registration method.

Using Starlink connectivity, Ukraine discovered a Russian drone operating over Ukrainian territory at the end of January. After then, Kyiv got in touch with SpaceX to resolve the problem, albeit the specifics of the emergency procedures were not made public. Army, a Ukrainian military outletSetting a maximum speed at which Starlink terminals can operate was one step, according to Inform, which cited an initial cap of about 75 kilometers per hour. According to the study, Russian strike drones usually fly faster than that, making it impossible for operators to manage them in real time.


Read more »
Subscribe to: Comments (Atom)