Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Spyware
Android Cyber Phishing Financial Data iOS malware Personal Information Spyware

How To Tell If Spyware Is Hiding On Your Phone And What To Do About It

 



Your smartphone stores personal conversations, financial data, photos, and daily movements. This concentration of information makes it attractive to attackers who rely on spyware. Spyware is malicious software that pretends to be a useful app while silently collecting information. It can arrive through phishing messages, deceptive downloads, fake mobile tools, or through legitimate apps that receive harmful updates. Even monitoring tools designed for parents or employers can be misused to track someone without their knowledge.

Spyware exists in multiple forms. One common category is nuisanceware, which appears with legitimate apps and focuses on showing unwanted ads, altering browser settings, and gathering browsing data for advertisers. Although it does not usually damage the device, it still disrupts user activity and profits from forced ad interactions. Broader mobile spyware goes further by pulling system information, clipboard content, login credentials, and data linked to financial accounts. These threats rely on tricking users through harmful emails, unsafe attachments, social media links, fake text messages, or direct physical access.

A more aggressive class of spyware overlaps with stalkerware and can monitor nearly every action on a victim’s device. These tools read messages across different platforms, intercept calls, capture audio from the environment, trigger the camera, take screenshots, log keystrokes, track travel routes, and target social media platforms. They are widely associated with domestic abuse because they allow continuous surveillance of a person’s communication and location. At the highest end is commercial spyware sold to governments. Tools like Pegasus have been used against journalists, activists, and political opponents, although everyday users are rarely targeted due to the high cost of these operations.

There are several early signs of an attempted spyware install. Strange emails, unexpected social media messages, or SMS alerts urging you to click a link are often the first step. Attackers frequently use urgent language to pressure victims into downloading malicious files, including fake delivery notices or warnings framed as bank or tax office messages. Sometimes these messages appear to come from a trusted contact. Stalkerware may require physical access, which means a phone that briefly goes missing and returns with new settings or apps could have been tampered with.

Once spyware is installed, your phone may behave differently. Rapid battery drain, overheating, sudden reboots, location settings turning on without reason, or a sharp increase in mobile data use can indicate that data is being transmitted secretly. Some variants can subscribe victims to paid services or trigger unauthorized financial activity. Even harmless apps can turn malicious through updates, so new problems after installing an app deserve attention.

On Android devices, users can review settings that control installations from outside official stores. This option usually appears in Settings > Security > Allow unknown sources, although the exact location depends on the manufacturer. Another path to inspect is Apps > Menu > Special Access > Install unknown apps, which lists anything permitted to install packages. This check is not completely reliable because many spyware apps avoid appearing in the standard app view.

Some spyware hides behind generic names and icons to blend in with normal tools such as calculators, calendars, utilities, or currency converters. If an unfamiliar app shows up, running a quick search can help determine whether it belongs to legitimate software.

For iPhones that are not jailbroken, infection is generally harder unless attackers exploit a zero-day or an unpatched flaw. Risks increase when users delay firmware updates or do not run routine security scans. While both platforms can show signs of compromise, sophisticated spyware may remain silent.

Some advanced surveillance tools operate without leaving noticeable symptoms. These strains can disguise themselves as system services and limit resource use to avoid attention.

Removing spyware is challenging because these tools are designed to persist. Most infections can be removed, but some cases may require a full device reset or, in extreme scenarios, replacing the device. Stalkerware operators may also receive alerts when their access is disrupted, and a sudden halt in data flow can signal removal.

If removing spyware could put someone at physical risk, they should avoid tampering with the device and involve law enforcement or relevant support groups.

Several approaches can help remove mobile spyware:

1. Run a malware scan: Reputable mobile antivirus tools can detect many common spyware families, though they may miss advanced variants.

2. Use dedicated removal tools: Specialized spyware removal software can help, but it must only be downloaded from trusted sources to avoid further infection.

3. Remove suspicious apps: Reviewing installed applications and deleting anything unfamiliar or unused may eliminate threats.

4. Check device administrator settings: Spyware may grant itself administrator rights. If such apps cannot be removed normally, a factory reset might be necessary.

5. Boot into Safe Mode: Safe Mode disables third-party apps temporarily, making removal easier, though advanced spyware may still persist.

6. Update the operating system: Patches often close security gaps that spyware relies on.


After discovering suspicious activity, users should take additional security steps. First, change passwords and enable biometrics: Resetting passwords on a separate device and enabling biometric locks strengthens account and device security. Secondly, create a new email address: A private email account can help regain control of linked services without alerting a stalkerware operator.

Advanced, commercial spyware demands stronger precautions. Research-based recommendations include:

• Reboot the device daily to disrupt attacks that rely on temporary exploits.

• Disable iMessage and FaceTime on iOS, as they are frequent targets for exploitation.

• Use alternative browsers such as Firefox Focus or Tor Browser to reduce exposure from browser-based exploits.

• Use a trusted VPN and jailbreak detection tools to protect against network and system-level intrusion.

• Use a separate secure device like those running GrapheneOS for sensitive communication.

Reducing the risk of future infections requires consistent precautions:

• Maintain physical device security through PINs, patterns, or biometrics.

• Install system updates as soon as they are released.

• Run antivirus scans regularly.

• Avoid apps from unofficial sources.

• Enable built-in security scanners for new installations.

• Review app permissions routinely and remove intrusive apps.

• Be cautious of suspicious links.

• Avoid jailbreaking the device.

• Enable multi-factor authentication, keeping in mind that spyware may still capture some verification codes.



Read more »
Personal Data
Android Spyware CISA Cyber Security Cyberattacks Data Hacking data security Hacking WhatsApp Mobile Spyware Personal Data

CISA Warns of Rising Targeted Spyware Campaigns Against Encrypted Messaging Users

 

The U.S. Cybersecurity and Infrastructure Security Agency has issued an unusually direct warning regarding a series of active campaigns deploying advanced spyware against users of encrypted messaging platforms, including Signal and WhatsApp. According to the agency, these operations are being conducted by both state-backed actors and financially motivated threat groups, and their activity has broadened significantly throughout the year. The attacks now increasingly target politicians, government officials, military personnel, and other influential individuals across several regions. 

This advisory marks the first time CISA has publicly grouped together multiple operations that rely on commercial surveillance tools, remote-access malware, and sophisticated exploit chains capable of infiltrating secure communications without alerting the victim. The agency noted that the goal of these campaigns is often to hijack messaging accounts, exfiltrate private data, and sometimes obtain long-term access to devices for further exploitation. 

Researchers highlighted multiple operations demonstrating the scale and diversity of techniques. Russia-aligned groups reportedly misused Signal’s legitimate device-linking mechanism to silently take control of accounts. Android spyware families such as ProSpy and ToSpy were distributed through spoofed versions of well-known messaging apps in the UAE. Another campaign in Russia leveraged Telegram channels and phishing pages imitating WhatsApp, Google Photos, TikTok, and YouTube to spread the ClayRat malware. In more technically advanced incidents, attackers chained recently disclosed WhatsApp zero-day vulnerabilities to compromise fewer than 200 targeted users. Another operation, referred to as LANDFALL, used a Samsung vulnerability affecting devices in the Middle East. 

CISA stressed that these attacks are highly selective and aimed at individuals whose communications have geopolitical relevance. Officials described the activity as precision surveillance rather than broad collection. Analysts believe the increasing focus on encrypted platforms reflects a strategic shift as adversaries attempt to bypass the protections of end-to-end encryption by compromising the devices used to send and receive messages. 

The tactics used in these operations vary widely. Some rely on manipulated QR codes or impersonated apps, while others exploit previously unknown iOS and Android vulnerabilities requiring no user interaction. Experts warn that for individuals considered high-risk, standard cybersecurity practices may no longer be sufficient. 

CISA’s guidance urges those at risk to adopt stronger security measures, including hardware upgrades, phishing-resistant authentication, protected telecom accounts, and stricter device controls. The agency also recommends reliance on official app stores, frequent software updates, careful permission auditing, and enabling advanced device protections such as Lockdown Mode on iPhones or Google Play Protect on Android.  

Officials stated that the rapid increase in coordinated mobile surveillance operations reflects a global shift in espionage strategy. With encrypted messaging now central to sensitive communication, attackers are increasingly focused on compromising the endpoint rather than the encryption itself—a trend authorities expect to continue growing.
Read more »
Zero-Click Exploits
CISA advisory Mobile Security Spyware Zero-Click Exploits

Encrypted Chats Under Siege: Cyber-Mercenaries Target High-Profile Users

 

Encrypted Chats Under Siege Encrypted communication, once considered the final refuge for those seeking private dialogue, now faces a wave of targeted espionage campaigns that strike not at the encryption itself but at the fragile devices that carry it. Throughout this year, intelligence analysts and cybersecurity researchers have observed a striking escalation in operations using commercial spyware, deceptive app clones, and zero-interaction exploits to infiltrate platforms such as Signal and WhatsApp.
 
What is emerging is not a story of broken cryptographic protocols, but of adversaries who have learned to manipulate the ecosystem surrounding secure messaging, turning the endpoints themselves into compromised windows through which confidential conversations can be quietly observed.
  
The unfolding threat does not resemble the mass surveillance operations of previous decades. Instead, adversarial groups, ranging from state-aligned operators to profit-driven cyber-mercenaries, are launching surgical attacks against individuals whose communications carry strategic value.
 
High-ranking government functionaries, diplomats, military advisors, investigative journalists, and leaders of civil society organizations across the United States, Europe, the Middle East, and parts of Asia have found themselves increasingly within the crosshairs of these clandestine campaigns.
 
The intent, investigators say, is rarely broad data collection. Rather, the aim is account takeover, message interception, and long-term device persistence that lays the groundwork for deeper espionage efforts.
 

How Attackers Are Breaching Encrypted Platforms

 
At the center of these intrusions is a shift in methodology: instead of attempting to crack sophisticated encryption, threat actors compromise the applications and operating systems that enable it. Across multiple investigations, researchers have uncovered operations that rely on:
 
1. Exploiting Trusted Features
 
Russia-aligned operators have repeatedly abused the device-linking capabilities of messaging platforms, persuading victims—via social engineering—to scan malicious connection requests. This enables a stealthy secondary device to be linked to a target’s account, giving attackers real-time access without altering the encryption layer itself.
 
2. Deploying Zero-Interaction Exploits
 
Several campaigns emerged this year in which attackers weaponized vulnerabilities that required no user action at all. Specially crafted media files sent via messaging apps, or exploit chains triggered upon receipt, allowed silent compromise of devices, particularly on Android models widely used in conflict-prone regions.
 
3. Distributing Counterfeit Applications
 
Clone apps impersonating popular platforms have proliferated across unofficial channels, especially in parts of the Middle East and South Asia. These imitations often mimic user interfaces with uncanny accuracy while embedding spyware capable of harvesting chats, recordings, contact lists, and stored files.
 
4. Leveraging Commercial Spyware and “Cyber-For-Hire” Tools
 
Commercial surveillance products, traditionally marketed to law enforcement or intelligence agencies, continue to spill into the underground economy. Once deployed, these tools often serve as an entry point for further exploitation, allowing attackers to drop additional payloads, manipulate settings, or modify authentication tokens.
 

Why Encrypted Platforms Are Under Unprecedented Attack

 
Analysts suggest that encrypted applications have become the new battleground for geopolitical intelligence. Their rising adoption by policymakers, activists, and diplomats has elevated them from personal communication tools to repositories of sensitive, sometimes world-shaping information.
 
Because the cryptographic foundations remain resilient, adversaries have pivoted toward undermining the assumptions around secure communication—namely, that the device you hold in your hand is trustworthy. In reality, attackers are increasingly proving that even the strongest encryption is powerless if the endpoint is already compromised.
  
Across the world, governments are imposing stricter regulations on spyware vendors and reassessing the presence of encrypted apps on official devices. Several legislative bodies have either limited or outright banned certain messaging platforms in response to the increasing frequency of targeted exploits.
 
Experts warn that the rise of commercialized cyber-operations, where tools once reserved for state intelligence now circulate endlessly between contractors, mercenaries, and hostile groups, signals a long-term shift in digital espionage strategy rather than a temporary spike.
 

What High-Risk Users Must Do

 
Security specialists emphasize that individuals operating in sensitive fields cannot rely on everyday digital hygiene alone. Enhanced practices, such as hardware isolation, phishing-resistant authentication, rigid permission control, and using only trusted app repositories, are rapidly becoming baseline requirements.
 
Some also recommend adopting hardened device modes, performing frequent integrity checks, and treating unexpected prompts (including QR-code requests) as potential attack vectors.
Read more »
SIM Swap Scams
Cyber Attacks Cybercrime Networks cybersecurity breaches Data Protection Strategies Digital Identity Risks Global Data Leaks Online Fraud Tactics Phishing Crimes SIM Swap Scams

The Digital Trail That Led Scammers to Her Personal and Financial Information


 

In an unmistakable demonstration of the speed and sophistication of modern financial fraud, investigators say a sum of almost six crore was transferred within a matter of minutes, passing through an extensive chain of locations and accounts before disappearing without leaving a trace. It all began in a plush condominium tower in a gated enclave in the National Capital Region. 

Over time, it unravelled to a modest three-room home in a Haryana village, and then onto a rented terrace room on the outskirts of Hyderabad, and then to 15 further states across the country. It has been reported that as the trail grew colder, the money passed through 28 bank accounts, touching 141 more, revealing the increasingly brazen precision with which organized cyber-fraud networks operate as they operate through their intricate, circuitous route. 

Sue’s experience is an example of how a single cyber-security breach can cause the unraveling of an entire digital life. The personal details she provided were later found circulating freely online, which served as the entranceway for criminals who carried out a SIM-swap attack, convincing the mobile network that they were the legitimate account holders and obtaining access to her number. By doing so, they were able to access nearly all of her online accounts and reset the credentials. 

A woman describes the experience as “horrible” because she recalls being hijacked from her Gmail account, having her bank logins repeatedly locked after failing security checks, and even having her credit card stolen. Over £3,000 worth of vouchers had been purchased before she was able to stop it from happening. She took multiple trips to both her bank and her mobile provider in order to get control back. 

Each of these visits provided her with a greater understanding of what had happened to her identity - yet even then, the scammers did not quit attempting to exploit her. There is a common pattern among cyber fraudsters which exploits trust, urgency, and fear in order to breach people's digital defences in order to take advantage of them.

The scammers use these techniques to exploit trust, urgency, and fear in order to gain access to their victims. In addition to impersonating banks, government agencies, delivery companies and well-known brands, these groups construct convincing narratives designed to make individuals make hurried decisions. 

There are numerous ways in which fraudsters use phishing emails that mimic official communications and redirect users to fraudulent websites, to vishing calls where fraudsters try to force targets into divulging OTPs, banking credentials, and smishing messages which warn of blocked cards or suspicious transactions to get recipients to click on their malicious links in the hope that they will become victims. 

The methods each use rely on social engineering, which refers to manipulating human behaviour rather than breaking technical systems, and have proven increasingly effective as more personal data is made available online. 

Experts point out that targeting a person does not necessarily mean they are wealthy; rather, anyone with a digital footprint is a potential target. India has become increasingly digitalized, which means that a greater amount of information can be stored, shared, and exposed on multiple platforms. This has created a greater opportunity for criminals to misuse that information, placing users in a much more vulnerable position than they are aware of. 

As a result of the wide-ranging exposure of data to scams in recent years, it has become fertile ground for global scam networks. A pattern that is highlighted by the number of high-profile breaches reported in the year 2025. Marks & Spencer revealed in April that there had been a similar substantial intrusion at its retail outlets, but they have yet to disclose exactly the extent of the attack. 

The Co-op confirmed that personal information of 6.5 million people had been compromised, whereas Marks & Spencer confirmed a similar intrusion in April. According to Harrods, the company's luxury retail operations were breached after the disclosure of 400,000 customer details, and Qantas announced that 5.7 million flyers' data was compromised. 

Data Breach Observatory of Proton Mail estimates that so far this year, 794 verified breaches have been identified from identifiable sources, which have exposed more than 300 million records in a combined fashion. In the opinion of cybersecurity specialist Eamonn Maguire, the theft of personal information is one of the primary reasons why criminals are willing to pay such high prices for this information, as this information can be used for fraud, blackmail, and even further cyberattacks. Yet there is still a conflict between the corporate response to victims and the standard of standard of care that they are expected to provide. 

While companies are required to inform customers and regulators, no universally accepted protocol has been established for what support the affected individuals should receive. A free credit monitoring service has become less popular compared to a time when it was a standard gesture: Ticketmaster offered it last year to those affected by its breach, but some companies have refused to do the same for companies like Marks & Spencer and Qantas. 

The Co-op, on the other hand, chose to give customers a £10 voucher that they could redeem only with a purchase of £40, a gesture that has been widely criticized as insufficient. More and more victims are turning to class-action lawsuits as frustration grows, though these suits usually do not succeed since it can be difficult to prove individual harm in such suits. 

The following exceptions exist: T-Mobile has begun distributing payments to 76 million subscribers in response to a breach in 2021 which affected 76 million of them, a settlement worth $350 million. The compensation is estimated to range between $50 and $300. Despite this expanding threat landscape, experts warn vigilance and accountability are now essential components of effective protection as authorities struggle to cope with the resulting challenges. 

There is a call for individuals to monitor their financial activity closely and protect themselves from identity theft by enabling multifactor authentication and by treating unsolicited phone calls and messages with suspicion. Furthermore, policy-makers are urging clearer breach-response standards to ensure companies don't leave victims alone to deal with the fallout. 

It has become increasingly evident that cyber-fraud networks are becoming more agile and that data leaks have become more widespread and routine. Protecting one's digital identity is no longer an option, it is the first and most crucial defense against a system that too often in its favors the attacker.
Read more »
Internet
Cloud Cyber Security Data hack Google Internet

Google Confirms Data Breach from 200 Companies


Google has confirmed that hackers stole data from more than 200 companies after exploiting apps developed by Gainsight, a customer success software provider. The breach targeted Salesforce systems and is being described as one of the biggest supply chain attacks in recent months. 
 
Salesforce said last week that “certain customers’ Salesforce data” had been accessed through Gainsight applications, which are widely used by companies to manage customer relationships at scale. According to Google’s Threat Intelligence Group, more than 200 Salesforce instances were affected, indicating that the attackers targeted the ecosystem strategically rather than going after individual companies one by one. The incident has already raised deep concern across industries that depend heavily on third-party integrations to run core business functions. 
 
A group calling itself Scattered Lapsus$ Hunters, which includes members of the well-known ShinyHunters gang, has claimed responsibility. This collective has previously targeted prominent global firms and leaked confidential datasets online, earning a reputation for bold, high-impact intrusions. In this case, the hackers have published a list of alleged victims, naming companies such as Atlassian, CrowdStrike, DocuSign, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters, and Verizon. Some of these organisations have denied being affected, while others are still conducting internal investigations to determine whether their environments were touched. 
 
This attack underscores a growing reality: compromising a widely trusted application is often more efficient for attackers than breaching a single company. By infiltrating Gainsight’s software, the threat actors gained access to a broad swath of organisations simultaneously, effectively bypassing individual perimeter defences. TechCrunch notes that supply chain attacks remain among the most dangerous vectors because they exploit deeply rooted trust. Once a vendor’s application is subverted, it can become an invisible doorway leading directly into multiple corporate systems. 
 
Salesforce has stated that it is working closely with affected customers to secure environments and limit the impact, while Google continues to analyse the breadth of data exfiltration. Gainsight has not yet released a detailed public statement, prompting experts to call for greater transparency from vendors responsible for critical integrations. Cybersecurity firms advise all companies using third-party SaaS tools to review access permissions, rotate credentials, monitor logs for anomalies, and ensure stronger compliance frameworks for integrated platforms. 
 
The larger picture here reflects an industry-wide challenge. As enterprises increasingly rely on cloud services and SaaS tools, attackers are shifting their attention to these interconnected layers, where a single weak link can expose hundreds of organisations. This shift has prompted analysts to warn that due diligence on app vendors, once considered a formality, must now become a non-negotiable element of cybersecurity strategy. 
 
In light of the attack, experts believe companies will need to adopt a more vigilant posture, treating all integrations as potential threat surfaces, rather than assuming safety through trust. The Gainsight incident serves as a stark reminder that in a cloud-driven world, security is only as strong as the least protected partner in the chain.
Read more »
phishing
Cyber Security Fake Domains Login Credentials Microsoft phishing

Hackers Use Look-Alike Domain Trick to Imitate Microsoft and Capture User Credentials

 




A new phishing operation is misleading users through an extremely subtle visual technique that alters the appearance of Microsoft’s domain name. Attackers have registered the look-alike address “rnicrosoft(.)com,” which replaces the single letter m with the characters r and n positioned closely together. The small difference is enough to trick many people into believing they are interacting with the legitimate site.

This method is a form of typosquatting where criminals depend on how modern screens display text. Email clients and browsers often place r and n so closely that the pair resembles an m, leading the human eye to automatically correct the mistake. The result is a domain that appears trustworthy at first glance although it has no association with the actual company.

Experts note that phishing messages built around this tactic often copy Microsoft’s familiar presentation style. Everything from symbols to formatting is imitated to encourage users to act without closely checking the URL. The campaign takes advantage of predictable reading patterns where the brain prioritizes recognition over detail, particularly when the user is scanning quickly.

The deception becomes stronger on mobile screens. Limited display space can hide the entire web address and the address bar may shorten or disguise the domain. Criminals use this opportunity to push malicious links, deliver invoices that look genuine, or impersonate internal departments such as HR teams. Once a victim believes the message is legitimate, they are more likely to follow the link or download a harmful attachment.

The “rn” substitution is only one example of a broader pattern. Typosquatting groups also replace the letter o with the number zero, add hyphens to create official-sounding variations, or register sites with different top level domains that resemble the original brand. All of these are intended to mislead users into entering passwords or sending sensitive information.

Security specialists advise users to verify every unexpected message before interacting with it. Expanding the full sender address exposes inconsistencies that the display name may hide. Checking links by hovering over them, or using long-press previews on mobile devices, can reveal whether the destination is legitimate. Reviewing email headers, especially the Reply-To field, can also uncover signs that responses are being redirected to an external mailbox controlled by attackers.

When an email claims that a password reset or account change is required, the safest approach is to ignore the provided link. Instead, users should manually open a new browser tab and visit the official website. Organisations are encouraged to conduct repeated security awareness exercises so employees do not react instinctively to familiar-looking alerts.


Below are common variations used in these attacks:

Letter Pairing: r and n are combined to imitate m as seen in rnicrosoft(.)com.

Number Replacement: the letter o is switched with the number zero in addresses like micros0ft(.)com.

Added Hyphens: attackers introduce hyphens to create domains that appear official, such as microsoft-support(.)com.

Domain Substitution: similar names are created by altering only the top level domain, for example microsoft(.)co.


This phishing strategy succeeds because it relies on human perception rather than technical flaws. Recognising these small changes and adopting consistent verification habits remain the most effective protections against such attacks.



Read more »
Shai-Hulud 2.0 worm
developer credentials JavaScript SDK compromise malware npm malware attack PostHog security breach Shai-Hulud 2.0 worm

PostHog Details “Most Impactful” Security Breach as Shai-Hulud 2.0 npm Worm Spreads Through JavaScript SDKs

 

PostHog has described the Shai-Hulud 2.0 npm worm incident as “the largest and most impactful security incident” the company has ever faced, after attackers managed to push tainted versions of its JavaScript SDKs and attempted to automatically harvest developer credentials.

In a recently published postmortem, PostHog — one of the affected maintainers caught up in the Shai-Hulud 2.0 outbreak — revealed that multiple packages, including core libraries such as posthog-node, posthog-js, and posthog-react-native, were compromised. The malicious versions included a pre-install script that ran the moment the package was added to a project. This script executed TruffleHog to search for secrets, exported any discovered credentials to newly created public GitHub repositories, and then used the stolen npm tokens to publish additional malicious updates, allowing the worm to continue spreading.

Researchers at Wiz, who identified the resurgence of the Shai-Hulud campaign, reported that more than 25,000 developers had their credentials exposed within just three days. Beyond PostHog, the malware also infiltrated packages from Zapier, AsyncAPI, ENS Domains, and Postman — many of which receive thousands of downloads every week.

Unlike a standard trojan, Shai-Hulud 2.0 operates like a fully autonomous worm. Once a compromised package is installed, it can collect a wide range of sensitive data — from npm and GitHub tokens to cloud provider credentials (AWS, Azure, GCP), CI/CD secrets, environment variables, and other confidential information found on developer machines or build environments. PostHog has since revoked all affected tokens, removed the infected package versions, and rolled out “known-good” releases.

However, the postmortem also underscored a deeper systemic flaw: the breach wasn’t caused by a leaked secret, but by a misconfigured CI/CD workflow that allowed untrusted pull-request code to execute with overly broad privileges. A malicious pull request triggered an automated script that ran with full access to the project. Because the workflow did not restrict execution of code from the attacker’s branch, the intruder was able to extract a bot’s personal-access token with organization-wide write permissions and use it to inject malicious updates.

Using the stolen credentials, the attacker created a tampered lint workflow designed to siphon all GitHub secrets — including the npm publishing token. With that token in hand, they uploaded the weaponized SDKs to npm, turning the infection into a self-propagating dependency-chain worm.

PostHog says it is now shifting to a “trusted publisher” model for npm releases, tightening workflow review processes, and disabling install-script execution in CI/CD pipelines, among other security improvements.

If this sounds all too familiar, that’s because it reflects a broader pattern across the ecosystem: over-privileged bots, automated workflows running unchecked, and dependency updates happening faster than anyone can thoroughly validate. As the incident shows, sometimes that’s all a worm needs to thrive.
Read more »
North Korea Cyber Operations
APT Cyber Crime cyber espionage Cyber Security Financial crime Financial Cybersecurity North Korea North Korea Cyber Operations

North Korean APT Collaboration Signals Escalating Cyber Espionage and Financial Cybercrime

 

Security analysts have identified a new escalation in cyber operations linked to North Korea, as two of the country’s most well-known threat actors—Kimsuky and Lazarus—have begun coordinating attacks with unprecedented precision. A recent report from Trend Micro reveals that the collaboration merges Kimsuky’s extensive espionage methods with Lazarus’s advanced financial intrusion capabilities, creating a two-part operation designed to steal intelligence, exploit vulnerabilities, and extract funds at scale. 

Rather than operating independently, the two groups are now functioning as a complementary system. Kimsuky reportedly initiates most campaigns by collecting intelligence and identifying high-value victims through sophisticated phishing schemes. One notable 2024 campaign involved fraudulent invitations to a fake “Blockchain Security Symposium.” Attached to the email was a malicious Hangul Word Processor document embedded with FPSpy malware, which stealthily installed a keylogger called KLogEXE. This allowed operators to record keystrokes, steal credentials, and map internal systems for later exploitation. 

Once reconnaissance was complete, data collected by Kimsuky was funneled to Lazarus, which then executed the second phase of attacks. Investigators found Lazarus leveraged an unpatched Windows zero-day vulnerability, identified as CVE-2024-38193, to obtain full system privileges. The group distributed infected Node.js repositories posing as legitimate open-source tools to compromise server environments. With this access, the InvisibleFerret backdoor was deployed to extract cryptocurrency wallet contents and transactional logs. Advanced anti-analysis techniques, including Fudmodule, helped the malware avoid detection by enterprise security tools. Researchers estimate that within a 48-hour window, more than $30 million in digital assets were quietly stolen. 

Further digital forensic evidence reveals that both groups operated using shared command-and-control servers and identical infrastructure patterns previously observed in earlier North Korean cyberattacks, including the 2014 breach of a South Korean nuclear operator. This shared ecosystem suggests a formalized, state-aligned operational structure rather than ad-hoc collaboration.  

Threat activity has also expanded beyond finance and government entities. In early 2025, European energy providers received a series of targeted phishing attempts aimed at collecting operational power grid intelligence, signaling a concerning pivot toward critical infrastructure sectors. Experts believe this shift aligns with broader strategic motivations: bypassing sanctions, funding state programs, and positioning the regime to disrupt sensitive systems if geopolitical tensions escalate. 

Cybersecurity specialists advise organizations to strengthen resilience through aggressive patch management, multi-layered email security, secure cryptocurrency storage practices, and active monitoring for indicators of compromise such as unexpected execution of winlogon.exe or unauthorized access to blockchain-related directories. 

Researchers warn that the coordinated activity between Lazarus and Kimsuky marks a new phase in North Korea’s cyber posture—one blending intelligence gathering with highly organized financial theft, creating a sustained and evolving global threat.
Read more »
Phishing Attacks
Cybernews data security malware Phishing Attacks

More Breaches, More Risks: Experts say Protect Your Data Now

 

As data breaches surge, experts warn consumers to guard personal information before it reaches the dark web With data breaches becoming almost routine, more consumers are being forced to confront the risks of having their personal information exposed online. 

A recent US News survey found that 44 percent of respondents had received notices for multiple breaches involving their personal data. For many people, it now feels like another familiar company announces a breach every few days. Once stolen, this information typically ends up on the dark web, where it becomes a valuable resource for hackers, scammers, and cybercriminals. Breaches are only one pathway for data to be leaked. 

Clicking phishing links, entering details in viral social media quizzes, or having a device compromised by malware can all provide criminals with access to personal information that later circulates on underground forums. 

Dr. Darren Williams, founder and CEO of data privacy and ransomware protection company BlackFog, says the presence of some personal data on the dark web does not mean consumers should surrender to the problem. According to him, there are steps that can reduce exposure and protect information that has not yet been compromised. 

Williams explains that criminals increasingly rely on AI to pull together stolen data into detailed information bundles called “fullz.” These files can include banking credentials, addresses, medical data, and social security numbers. Scammers use them to impersonate relatives, romantic partners, or trusted contacts in targeted fraud attempts. 

He notes that while highly individualized scams are less common, criminals tend to target groups of victims at scale using dark web data. To understand their level of exposure, experts recommend that consumers start by scanning the dark web for leaked credentials. 

Many password managers and personal data removal services now offer monitoring tools that track whether email addresses, usernames, or passwords have been posted online. Removing data once it appears on dark web marketplaces is extremely difficult, which is why privacy specialists advise minimizing personal information shared online. Williams says reducing digital footprints can make individuals less appealing to attackers. 

Personal data removal services can help scrub information from commercial data broker sites, which can number in the hundreds. Security specialists also emphasize the importance of preventing criminals from expanding access to personal devices or financial accounts. 

Recommended practices include enabling multi-factor authentication, using strong and unique passwords stored in a password manager, installing antivirus software, avoiding links from unknown senders, updating operating systems regularly, and using a VPN on public Wi-Fi. Identity theft protection platforms and credit monitoring services can offer an extra layer of defense and provide real-time alerts if suspicious activity occurs.
Read more »
X Location Feature
Cyber Security Foreign Influence Political Misinformation US Politics X Location Feature

X’s New Location Feature Exposes Foreign Manipulation of US Political Accounts

 

X's new location feature has revealed that many high-engagement US political accounts, particularly pro-Trump ones, are actually operated from countries outside the United States such as Russia, Iran, and Kenya. 

This includes accounts that strongly claim to represent American interests but are based abroad, misleading followers and potentially influencing US political discourse. Similarly, some anti-Trump accounts that seemed to be run by Americans are also found to be foreign-operated. For example, a prominent anti-Trump account with 52,000 followers was based in Kenya and was deleted after exposure. 

The feature exposed widespread misinformation and deception as these accounts garner millions of interactions, often resulting in financial compensation through X's revenue-sharing scheme, allowing both individuals and possibly state-backed groups to exploit the platform for monetary or political gain.

Foreign influence and misinformation

The new location disclosure highlighted significant foreign manipulation of political conversations on X, which raises concerns about authenticity and trust in online discourse. Accounts that present themselves as authentic American voices may actually be linked to troll farms or nation-state actors aiming to amplify divisive narratives or to profit financially. 

This phenomenon is exacerbated by X’s pay-for-play blue tick verification system, which some experts, including Alexios Mantzarlis from Cornell Tech, criticize as a revenue scheme rather than a meaningful validation effort. Mantzarlis emphasizes that financial incentives often motivate such deceptive activities, with operators stoking America's cultural conflicts on social media.

Additional geographic findings

Beyond US politics, BBC Verify found accounts supporting Scottish independence that are purportedly based in Iran despite having smaller followings. This pattern aligns with previous coordinated networks flagged for deceptive political influence. Such accounts often use AI-generated profile images and post highly similar content, generating substantial views while hiding their actual geographic origins.

While the location feature is claimed to be about 99% accurate, there are limitations such as the use of VPNs, proxies, and other methods that can mask true locations, causing some data inaccuracies. The tool's launch also sparked controversy as some users claim their locations are inaccurately displayed, causing breaches of user trust. Experts caution that despite the added transparency, it is a developing tool, and bad actors will likely find ways to circumvent these measures.

Platform responses and transparency efforts

X’s community notes feature, allowing users to add context to viral posts, is viewed as a step toward enhanced transparency, though deception remains widespread. The platform indicates ongoing efforts to introduce more ways to authenticate content and maintain integrity in the "global town square" of social media.

However, researchers emphasize the need for continuous scrutiny given the high stakes of political misinformation and manipulation.This new feature exposes deep challenges in ensuring authenticity and trust in political discourse on X, uncovering foreign manipulation that spans multiple political ends, and revealing the complexities of combating misinformation amid financial and geopolitical motives.
Read more »
Wireless Encryption
AirPods Security Android Security Bluetooth Protocols Cross-Platform Integration Device Spoofing Ecosystem Bypass Firmware Access Open-Source Tools Technology Wireless Encryption

Indian Teen Enables Apple-Exclusive AirPods Features on Android


 As Apple's AirPods have long been known, they offer a wide range of intelligent features, such as seamless device switching, adaptive noise control, and detailed battery indicators, but only if they are paired with an iPhone. This has left Android users with little more than basic audio functions, despite the fact that they are available to Android users. 


It is now being challenged by an 18-year-old developer from Gurugram, who is regarded as an intentional reinforcement of Apple's closed ecosystem. The latest creation from Kavish Devar, LibrePods, is a significant breakthrough in the field of mobile devices: an open-source, completely free tool designed to replicate the experience of AirPods on Android or even Linux systems with striking accuracy. 

LibrePods removes the limitations previously accepted by Apple that restricted the full potential of AirPods outside Apple's ecosystem, enabling the earbuds to perform almost identically to the way they perform when paired with Apple's iOS devices. With this upgrade, Android users who rely on AirPods will experience a markedly enhanced and seamless user experience, which will include core functionalities, polished integration, and an unexpectedly familiar fluidity that will surprise them. 

The earlier efforts of the community, including OpenPods and MaterialPods, provided limited capabilities, including battery readings, but LibrePods goes a much further than these. With its near-complete control suite, Android users can quickly and easily access the functions normally reserved for Apple devices, effectively narrowing a gap that has existed for many years among Android devices. 

During his high school years, Devar is still a self-taught programmer who developed LibrePods after studying earlier attempts at improving Android users such as OpenPods and MaterialPods, both of whom provided very limited improvements. 

A much more ambitious approach is taken by his project, according to the detailed notes on its GitHub page. As it enables Apple to unlock AirPods' otherwise exclusive features on non-Apple platforms, LibrePods was designed to achieve this purpose. Among the features offered by Apple are noise-control features, adaptive transparency, hearing-assistance functions, ear-detection, personalized transparency settings, and precise battery information, all of which are traditionally exclusive to Apple's ecosystem. 

By making use of an app that emulates the behavior of an authorized Apple endpoint, the app is able to accomplish what it aims to accomplish: Android devices can communicate with AirPods almost exactly as iPhones would if they were connected to an authorized Apple device. 

A full range of features is most effective on the second- and third-generation AirPod Pros that are rooted via the Xposed framework and can be accessed through rooted Android devices. OnePlus and Oppo models running OxygenOS 16 or ColorOS 16 are also able to use LibrePods without rooting, which means Devar has ensured that LibrePods are accessible to a broader range of devices. 

Even though the older models of AirPods are not as customizable as those in the newer generations, they still have the advantage of accurate battery reporting, which makes them a good option for anyone who wants accurate battery data. 

Having these features unlocked will allow users to switch effortlessly between the Noise Cancellation, the Adaptive Audio, and the Transparency modes, rename their earbuds so they can be managed more easily, enable automatic play-and-pause functions, assign long-press actions to toggle ANC or trigger a voice assistant, as well as use head gesture controls to answer calls. This is an entirely new way to experience the AirPods on Android, bringing it to the next level of functionality and convenience. 

A meticulous reverse-engineering effort by Devar enabled AirPods to recognize Android handsets as if they were iPhones or iPads, and enabled them to recognize them as if they were an iPhone or iPad, enabling this level of cross-platform functionality. By using this technical trick, Apple is able to share the status data and advanced controls within the earphones that it typically confines to its own ecosystem. 

LibrePods, however, is not without some conditions, owing to what Devar describes as a persistent limitation in the Android Bluetooth stack, which leads to it currently needing to be connected to a rooted device which runs the Xposed framework, in order to achieve full functionality.

OnePlus and Oppo smartphones running OxygenOS 16 or ColorOS 16 can run the app without rooting, but certain advanced features—such as fine-tuning the Transparency mode adjustments—which require elevated system access are still available to those using these devices. This is a partial exception, but users on OnePlus and Oppo smartphones can still make use of the app without rooting. 

A central priority remains that of ensuring wide compatibility, with support extended across all the AirPods devices, including AirPods Max, the second- and third-generation AirPods Pro, though older models are naturally equipped with a dwindling range of features. The extensive documentation found on the project's GitHub repository may be helpful to those interested in exploring it further, as well as downloading the APK and installing it on their own computers. 

The LibrePods continues to receive widespread attention, and Devar's work reveals a broader shift in how users expect technology to work, namely the ability to choose, be open, and use it in a way that is more useful to them. In addition to restoring functionality lost to Android users who had to settle for a diluted AirPods experience, this project demonstrates the power of community-driven innovation in challenging established norms and challenging established expectations. 

The tool still comes with technical caveats, but its rapid evolution makes it more likely that further refinements will be added in the future. LibrePods, therefore, shows great promise of an improved, more flexible multi-platform audio future, one which is user-centric rather than platform-centric.
Read more »
WhatsApp
AI Cloud malware Social Media Sturnus Telegram WhatsApp

Banking Malware Can Hack.Communications via Encrypted Apps


Sturnus hacks communication 

A new Android banking malware dubbed Sturnus can hack interactions from entirety via encrypted messaging networks like Signal, WhatsApp, and Telegram, as well as take complete control of the device.  

While still under growth, the virus is fully functional and has been programmed to target accounts at various financial institutions across Europe by employing "region-specific overlay templates."  

Attack tactic 

Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication with the command-and-control (C2) server, making it a more sophisticated threat than existing Android malware families.

Sturnus may steal messages from secure messaging apps after the decryption step by recording the content from the device screen, according to a research from online fraud prevention and threat intelligence agency Threatfabric. The malware can also collect banking account details using HTML overlays and offers support for complete, real-time access through VNC session.

Malware distribution 

The researchers haven't found how the malware is disseminated but they assume that malvertising or direct communications are plausible approaches. Upon deployment, the malware connects to the C2 network to register the target via a cryptographic transaction. 

For instructions and data exfiltration, it creates an encrypted HTTPS connection; for real-time VNC operations and live monitoring, it creates an AES-encrypted WebSocket channel. Sturnus can begin reading text on the screen, record the victim's inputs, view the UI structure, identify program launches, press buttons, scroll, inject text, and traverse the phone by abusing the Accessibility services on the device.

To get full command of the system, Sturnus gets Android Device Administrator credentials, which let it keep tabs of password changes and attempts to unlock and lock the device remotely. The malware also tries to stop the user from disabling its privileges or deleting it from the device. Sturnus uses its permissions to identify message content, inputted text, contact names, and conversation contents when the user accesses WhatsApp, Telegram, or Signal.

Read more »
Technology
AI bubble debate AI chip market data center spending Nasdaq performance Nvidia earnings tech stocks Technology

Nvidia’s Strong Earnings Ease AI Bubble Fears Despite Market Volatility

 

Nvidia (NVDA) delivered a highly anticipated earnings report, and the AI semiconductor leader lived up to expectations.

“These results and commentary should help steady the ship for the AI trade into the end of the year,” Jefferies analysts wrote in a Thursday note.

The company’s late-Wednesday announcement arrived at a critical moment for the broader AI-driven market rally. Over the past few weeks, debate around whether AI valuations have entered bubble territory has intensified, fueled by concerns over massive data-center investments, the durability of AI infrastructure, and uncertainty around commercial adoption.

Thursday’s market swings showed just how unresolved the conversation remains. The Nasdaq Composite surged more than 2% early in the day, only to reverse course and fall nearly 2% by afternoon. Nvidia shares followed a similar pattern—after climbing 5% in the morning, the stock later slipped almost 3%.

Still, Nvidia’s exceptional performance provided some reassurance to investors worried about overheating in the AI sector.

The company reported that quarterly revenue jumped 62% to $57 billion, with expectations for current-quarter sales to reach $65 billion. Margins also improved, and Nvidia projected gross margins would expand further to nearly 75% in the coming quarter.

“Bubbles are irrational, with prices rising despite weaker fundamentals. Nvidia’s numbers show that fundamentals are still strong,” said David Russell, Global Head of Market Strategy at TradeStation.

Executives also addressed long-standing questions about AI profitability, return on investment, and the useful life of AI infrastructure during the earnings call.

CEO Jensen Huang highlighted the broad scope of industries adopting Nvidia hardware, pointing to Meta’s (META) rising ad conversions as evidence that “transitioning to generative AI represents substantial revenue gains for hyperscalers.”

CFO Colette Kress also reassured investors about hardware longevity, stating, “Thanks to CUDA, the A100 GPUs we shipped six years ago are still running at full utilization today.”
Her remarks appeared to indirectly counter claims from hedge fund manager Michael Burry, who recently suggested that tech firms were extending the assumed lifespan of GPUs to downplay data-center costs.

Most analysts responded positively to the report.

“On these numbers, it is very hard to see how this stock does not keep moving higher from here,” UBS analysts wrote. “Ultimately, the AI infrastructure tide is still rising so fast that all boats will be lifted,” they added.

However, not everyone is convinced that the concerns fueling the AI bubble debate have been resolved.

“The AI bubble debate has never been about whether or not NVIDIA can sell chips,” said Julius Franck, co-founder of Vertus. “Their outstanding results do not address the elephant in the room: will the customers buying all this hardware ever make money from it?”

Others suggested that investor scrutiny may only increase from here.

“Many of the risks now worrying investors, like heavy spending and asset depreciation, are real,” noted TradeStation's Russell. “We may see continued weakness in the shares of companies taking on debt to build data centers, even as the boom continues.”
Read more »
Privacy
Apps Browser Browsing digital tracking Fingerprinting Phone Privacy

Your Phone Is Being Tracked in Ways You Can’t See: One Click Shows the Truth

 



Many people believe they are safe online once they disable cookies, switch on private browsing, or limit app permissions. Yet these steps do not prevent one of the most persistent tracking techniques used today. Modern devices reveal enough technical information for websites to recognise them with surprising accuracy, and users can see this for themselves with a single click using publicly available testing tools.

This practice is known as device fingerprinting. It collects many small and unrelated pieces of information from your phone or computer, such as the type of browser you use, your display size, system settings, language preferences, installed components, and how your device handles certain functions. None of these details identify you directly, but when a large number of them are combined, they create a pattern that is specific to your device. This allows trackers to follow your activity across different sites, even when you try to browse discreetly.

The risk is not just about being observed. Once a fingerprint becomes associated with a single real-world action, such as logging into an account or visiting a page tied to your identity, that unique pattern can then be connected back to you. From that point onward, any online activity linked to that fingerprint can be tied to the same person. This makes fingerprinting an effective tool for profiling behaviour over long periods of time.

Growing concerns around online anonymity are making this issue more visible. Recent public debates about identity checks, age verification rules, and expanded monitoring of online behaviour have already placed digital privacy under pressure. Fingerprinting adds an additional layer of background tracking that does not rely on traditional cookies and cannot be easily switched off.

This method has also spread far beyond web browsers. Many internet-connected devices, including smart televisions and gaming systems, can reveal similar sets of technical signals that help build a recognisable device profile. As more home electronics become connected, these identifiers grow even harder for users to avoid.

Users can test their own exposure through tools such as the Electronic Frontier Foundation’s browser evaluation page. By selecting the option to analyse your browser, you will either receive a notice that your setup looks common or that it appears unique compared to others tested. A unique result means your device stands out strongly among the sample and can likely be recognised again. Another testing platform demonstrates just how many technical signals a website can collect within seconds, listing dozens of attributes that contribute to a fingerprint.

Some browsers attempt to make fingerprinting more difficult by randomising certain data points or limiting access to high-risk identifiers. These protections reduce the accuracy of device recognition, although they cannot completely prevent it. A virtual private network can hide your network address, but it cannot block the internal characteristics that form a fingerprint.

Tracking also happens through mobile apps and background services. Many applications collect usage and technical data, and privacy labels do not always make this clear to users. Studies have shown that complex privacy settings and permission structures often leave people unaware of how much information their devices share.

Users should also be aware of design features that shift them out of protected environments. For example, when performing a search through a mobile browser, some pages include prompts that encourage the user to open a separate application instead of continuing in the browser. These buttons are typically placed near navigation controls, making accidental taps more likely. Moving into a dedicated search app places users in a different data-collection environment, where protections offered by the browser may no longer apply.

While there is no complete way to avoid fingerprinting, users can limit their exposure by choosing browsers with built-in privacy protections, reviewing app permissions frequently, and avoiding unnecessary redirections into external applications. Ultimately, the choice depends on how much value an individual places on privacy, but understanding how this technology works is the first step toward reducing risk.

Read more »
Data Breach
CrowdStrike data breach cyber attack Cybernews Data Breach

CrowdStrike Fires Insider Who Leaked Internal Screenshots to Hacker Groups, Says no Customer Data was Breached

 

American cybersecurity company CrowdStrike has confirmed that screenshots taken from its internal systems were shared with hacker groups by a now-terminated employee. 

The disclosure follows the appearance of the screenshots on Telegram, posted by the cybercrime collective known as Scattered Lapsus$ Hunters. 

In a statement to BleepingComputer, a CrowdStrike spokesperson said the company’s security was not compromised as a result of the insider activity and that customers remained fully protected. According to the spokesperson, the employee in question was identified during an internal investigation last month. 

The individual was later terminated and the matter has been reported to law enforcement. CrowdStrike did not clarify which threat group was behind the leak or what drove the employee to share sensitive images. 

However, the company offered the statement after BleepingComputer reached out regarding screenshots of CrowdStrike systems circulating on Telegram. Those screenshots were posted by members of ShinyHunters, Scattered Spider, and the Lapsus$ group, who now operate collectively under the name Scattered Lapsus$ Hunters. ShinyHunters told BleepingComputer that they allegedly paid the insider 25,000 dollars for access to CrowdStrike’s network. 

The threat actors claimed they received SSO authentication cookies, but CrowdStrike had already detected the suspicious activity and revoked the employee’s access. 

The group also claimed it attempted to buy internal CrowdStrike reports on ShinyHunters and Scattered Spider but never received them. 

Scattered Lapsus$ Hunters have been responsible for a large-scale extortion campaign against companies using Salesforce. Since the beginning of the year, the group has launched voice phishing attacks to breach Salesforce customers. Their list of known or claimed victims includes Google, Cisco, Allianz Life, Farmers Insurance, Qantas, Adidas, Workday, and luxury brands under LVMH such as Dior, Louis Vuitton, and Tiffany & Co. 

They have also attempted to extort numerous high-profile organizations including FedEx, Disney, McDonald’s, Marriott, Home Depot, UPS, Chanel, and IKEA. 

The group has previously claimed responsibility for a major breach at Jaguar Land Rover that exposed sensitive data and disrupted operations, resulting in losses estimated at more than 196 million pounds. 

Most recently, ShinyHunters asserted that over 280 companies were affected in a new wave of Salesforce-related data theft. Among the names mentioned were LinkedIn, GitLab, Atlassian, Verizon, and DocuSign. 

Though, DocuSign has denied being breached, stating that internal investigations have shown no evidence of compromise.
Read more »
Technology
AI music Deezer AI Generated Tracks Music Detection Technology

Streaming Platforms Face AI Music Detection Crisis

 

Distinguishing AI-generated music from human compositions has become extraordinarily challenging as generative models improve, raising urgent questions about detection, transparency, and industry safeguards. This article explores why even trained listeners struggle to identify machine-made tracks and what technical, cultural, and regulatory responses are emerging.

Why detection is so difficult

Modern AI music systems produce outputs that blend seamlessly into mainstream genres, especially pop and electronic styles already dominated by digital production. Traditional warning signs—slightly slurred vocals, unnatural consonant pronunciation, or "ghost" harmonies that appear and vanish unpredictably—remain only hints rather than definitive proof, and these tells fade as models advance. Music producer insights emphasize that AI recognizes patterns but lacks the emotional depth and personal narratives behind human creativity, yet casual listeners find these distinctions nearly impossible to hear.

Technical solutions and limits

Streaming platform Deezer launched an AI detection tool in January 2024 and introduced visible tagging for fully AI-generated tracks by summer, reporting that over one-third of daily uploads—approximately 50,000 tracks—are now entirely machine-made.The company's research director noted initial detection volumes were so high they suspected a system error. Deezer claims detection accuracy exceeds 99.8 percent by identifying subtle audio artifacts left by generative models, with minimal false positives. However, critics warn that watermarking schemes can be stripped through basic audio processing, and no universal standard yet exists across platforms.

Economic and ethical implications

Undisclosed AI music floods catalogues, distorts recommendation algorithms, and crowds out human artists, potentially driving down streaming payouts.Training data disputes compound the problem: many AI systems learn from copyrighted recordings without consent or compensation, sparking legal battles over ownership and moral rights. Survey data shows 80 percent of listeners want mandatory labelling for fully AI-generated tracks, and three-quarters prefer platforms to flag AI recommendations.

Industry and policy response

Spotify announced support for new DDEX standards requiring AI disclosure in music credits, alongside enhanced spam filtering and impersonation enforcement. Deezer removes fully AI tracks from editorial playlists and algorithmic recommendations. Yet regulatory frameworks lag technological capability, leaving artists exposed as adoption accelerates and platforms develop inconsistent, case-by-case policies The article concludes that transparent labelling and enforceable standards are essential to protect both creators and listener choice.
Read more »
Personal Data
AI Privacy AI Systems AI technology ChatGPT Cyber Security Employee Data monitoring Personal Data

AI Emotional Monitoring in the Workplace Raises New Privacy and Ethical Concerns

 

As artificial intelligence becomes more deeply woven into daily life, tools like ChatGPT have already demonstrated how appealing digital emotional support can be. While public discussions have largely focused on the risks of using AI for therapy—particularly for younger or vulnerable users—a quieter trend is unfolding inside workplaces. Increasingly, companies are deploying generative AI systems not just for productivity but to monitor emotional well-being and provide psychological support to employees. 

This shift accelerated after the pandemic reshaped workplaces and normalized remote communication. Now, industries including healthcare, corporate services and HR are turning to software that can identify stress, assess psychological health and respond to emotional distress. Unlike consumer-facing mental wellness apps, these systems sit inside corporate environments, raising questions about power dynamics, privacy boundaries and accountability. 

Some companies initially introduced AI-based counseling tools that mimic therapeutic conversation. Early research suggests people sometimes feel more validated by AI responses than by human interaction. One study found chatbot replies were perceived as equally or more empathetic than responses from licensed therapists. This is largely attributed to predictably supportive responses, lack of judgment and uninterrupted listening—qualities users say make it easier to discuss sensitive topics. 

Yet the workplace context changes everything. Studies show many employees hesitate to use employer-provided mental health tools due to fear that personal disclosures could resurface in performance reviews or influence job security. The concern is not irrational: some AI-powered platforms now go beyond conversation, analyzing emails, Slack messages and virtual meeting behavior to generate emotional profiles. These systems can detect tone shifts, estimate personal stress levels and map emotional trends across departments. 

One example involves workplace platforms using facial analytics to categorize emotional expression and assign wellness scores. While advocates claim this data can help organizations spot burnout and intervene early, critics warn it blurs the line between support and surveillance. The same system designed to offer empathy can simultaneously collect insights that may be used to evaluate morale, predict resignations or inform management decisions. 

Research indicates that constant monitoring can heighten stress rather than reduce it. Workers who know they are being analyzed tend to modulate behavior, speak differently or avoid emotional honesty altogether. The risk of misinterpretation is another concern: existing emotion-tracking models have demonstrated bias against marginalized groups, potentially leading to misread emotional cues and unfair conclusions. 

The growing use of AI-mediated emotional support raises broader organizational questions. If employees trust AI more than managers, what does that imply about leadership? And if AI becomes the primary emotional outlet, what happens to the human relationships workplaces rely on? 

Experts argue that AI can play a positive role, but only when paired with transparent data use policies, strict privacy protections and ethical limits. Ultimately, technology may help supplement emotional care—but it cannot replace the trust, nuance and accountability required to sustain healthy workplace relationships.
Read more »
Subscribe to: Comments (Atom)