Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud. Show all posts
Windows
AI Cloud Internet Microsoft PCs Technology Windows

Microsoft to end support for Windows 10, 400 million PCs will be impacted


Microsoft is ending software updates for Windows 10

From October 14, Microsoft will end its support for Windows 10, experts believe it will impact around 400 million computers, exposing them to cyber threats. People and groups worldwide are requesting that Microsoft extend its free support. 

According to recent research, 40.8% of desktop users still use Windows 10. This means around 600 million PCs worldwide use Windows 10. Soon, most of them will not receive software updates, security fixes, or technical assistance. 

400 million PCs will be impacted

Experts believe that these 400 million PCs will continue to work even after October 14th because hardware upgrades won’t be possible in such a short duration. 

“When support for Windows 8 ended in January 2016, only 3.7% of Windows users were still using it. Only 2.2% of Windows users were still using Windows 8.1 when support ended in January 2023,” PIRG said. PIGR has also called this move a “looming security disaster.”

What can Windows users do?

The permanent solution is to upgrade to Windows 11. But there are certain hardware requirements when you want to upgrade, and most users will not be able to upgrade as they will have to buy new PCs with compatible hardware. 

But Microsoft has offered few free options for personal users, if you use 1,000 Microsoft Rewards points. Users can also back up their data to the Windows Backup cloud service to get a free upgrade. If this impacts you, you can earn these points via Microsoft services such as Xbox games, store purchases, and Bing searches. But this will take time, and users don’t have it, unfortunately. 

The only viable option for users is to pay $30 (around Rs 2,650) for an Extended Security Updates (ESU) plan, but it will only work for one year.

According to PIGR, “Unless Microsoft changes course, users will face the choice between exposing themselves to cyberattacks or discarding their old computers and buying new ones. The solution is clear: Microsoft must extend free, automatic support.”

Read more »
zero-click
AI Cloud Data Internet Spyware Technology zero-click

Zero-click Exploit AI Flaws to Hack Systems


What if machines, not humans, become the centre of cyber-warfare? Imagine if your device could be hijacked without you opening any link, downloading a file, or knowing the hack happened? This is a real threat called zero-click attacks, a covert and dangerous type of cyber attack that abuses software bugs to hack systems without user interaction. 

The threat

These attacks have used spywares such as Pegasus and AI-driven EchoLeak, and shown their power to attack millions of systems, compromise critical devices, and steal sensitive information. With the surge of AI agents, the risk is high now. The AI-driven streamlining of work and risen productivity has become a lucrative target for exploitation, increasing the scale and attack tactics of breaches.

IBM technology explained how the combination of AI systems and zero-click flaws has reshaped the cybersecurity landscape. “Cybercriminals are increasingly adopting stealthy tactics and prioritizing data theft over encryption and exploiting identities at scale. A surge in phishing emails delivering infostealer malware and credential phishing is fueling this trend—and may be attributed to attackers leveraging AI to scale distribution,” said the IBM report.

A few risks of autonomous AI are highlighted, such as:

  • Threat of prompt injection 
  • Need for an AI firewall
  • Gaps in addressing the challenges due to AI-driven tech

About Zero-click attacks

These attacks do not need user interaction, unlike traditional cyberattacks that relied on social engineering campaigns or phishing attacks. Zero-click attacks exploit flaws in communication or software protocols to gain unauthorized entry into systems.  

Echoleak: An AI-based attack that modifies AI systems to hack sensitive information.

Stagefright: A flaw in Android devices that allows hackers to install malicious code via multimedia messages (MMS), hacking millions of devices.

Pegasus: A spyware that hacks devices through apps such as iMessage and WhatsApp, it conducts surveillance, can gain unauthorized access to sensitive data, and facilitate data theft as well.

How to stay safe?

According to IBM, “Despite the magnitude of these challenges, we found that most organizations still don’t have a cyber crisis plan or playbooks for scenarios that require swift responses.” To stay safe, IBM suggests “quick, decisive action to counteract the faster pace with which threat actors, increasingly aided by AI, conduct attacks, exfiltrate data, and exploit vulnerabilities.”

Read more »
Tehcnology
Cloud GitHub GitLab Internet Red Hat Tehcnology

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

An extortion gang by the name of Crimson Collective claimed to have stolen approximately 570GB of compressed data from internal development repositories belonging to Red Hat. Red Hat confirmed the breach impacted one of its GitLab instances.

The stolen data contains around 800 Customer Engagement Reports (CERs), which contain sensitive data about a customer’s platform and network. A CER is a consulting document made for clients that includes infrastructure data, configuration details, authentication tokens, and other data that could be exploited to attack customer networks. 

Red Hat confirmed that it was hit by a security breach impacting its consulting business, but it has not confirmed any of the threat actor’s claims about the stolen GitLab repositories and customer CERs. 

According to Bleeping Computer’s conversation with the hacker, the breach happened two weeks ago. Threat actors allegedly accessed the full database URIs, authentication tokens, and private data in Red Hat CERs and code. They claim that the data was used to get access to the downstream customer infrastructure.

The hacking gang also released a full directory containing the list of the allegedly extracted GitLab repositories and a list of CERs between 2020 and 2025 on Telegram. 

The directory list of CERs contains various sectors and famous organizations like AT&T, Fidelity, Kaiser, Bank of America, Mayo Clinic,  T-Mobile, Costco, Federal Aviation Administration, the US Navy’s Naval Surface Warfare Center, the House of Representatives, etc. 

The hackers claim they contacted Red Hat with an extortion ransom, but did not get any reply except a message asking the hackers to provide a vulnerability report to Red Hat’s security team.

"We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements. Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities. Our ongoing investigation found that an unauthorized third party had accessed and copied some data from this instance," said Red Hat

Read more »
Phishing Campaigns
AI Cloud Cyber Security GenAI Internet Microsoft Phishing Campaigns

Microsoft Stops Phishing Scam Which Used Gen-AI Codes to Fool Victims


AI: Boon or Curse?

AI code is in use across sectors for variety of tasks, particularly cybersecurity, and both threat actors and security teams have turned to LLMs for supporting their work. 

Security experts use AI to track and address to threats at scale as hackers are experimenting with AI to make phishing traps, create obfuscated codes, and make spoofed malicious payloads. 

Microsoft Threat Intelligence recently found and stopped a phishing campaign that allegedly used AI-generated code to cover payload within an SVG file. 

About the campaign 

The campaign used a small business email account to send self addressed mails with actual victims coveted in BCC fields, and the attachment looked like a PDF but consisted SVG script content. 

The SVG file consisted hidden elements that made it look like an original business dashboard, while a secretly embedded script changed business words into code that exposed a secret payload. Once opened, the file redirects users to a CAPTCHA gate, a standard social engineering tactical that leads to a scanned sign in page used to steal credentials. 

The hidden process combined business words and formulaic code patterns instead of cryptographic techniques. 

Security Copilot studied the file and listed markers in lines with LLM output. These things made the code look fancy on the surface, however, it made the experts think it was AI generated. 

Combating the threat

The experts used AI powered tools in Microsoft Defender for Office 375 to club together hints that were difficult for hackers to push under the rug. 

The AI tool flagged the rare self-addressed email trend , the unusual SVG file hidden as a PDF, the redirecting to a famous phishing site, the covert code within the file, and the detection tactics deployed on the phishing page. 

The incident was contained, and blocked without much effort, mainly targeting US based organizations, Microsoft, however, said that the attack show how threat actors are aggressively toying with AI to make believable tracks and sophisticated payloads.

Read more »
Technology
Cloud Data Facebook Google Internet Partiful Technology

Social Event App Partiful Did Not Collect GPS Locations from Photos

 

Social event planning app Partiful, also known as "Facebook events for hot people," has replaced Facebook as the go-to place for sending party invites. However, like Facebook, Partiful also collects user data. 

The hosts can create online invitations in a retro style, which allows users to RSVP to events easily. The platform strives to be user-friendly and trendy, which has made the app No.9 on the Apple store, and Google has called it "the best app" of 2024. 

About Partiful

Partiful has recently developed into a Facebook-like social graph; it maps your friends and also friends of friends, what you do, where you go, and your contact numbers. When the app became famous, people started doubting its origins, alleging that the app had former employees of a data-mining company. TechCrunch, however, found that the app was not storing any location data from user-uploaded images, which include public profile pictures. 

Metadata in photos

The photos that you have on your phones have metadata, which consists of file size, date of capture. With videos, Metadata can include information such as the type of camera used, the settings, and latitude/longitude coordinates. TechCrunch discovered that anyone could use the developer tools in a web browser to get raw user profile photos access from Partiful’s back-end database on Google Firebase. 

About the bug

The flaw could have been problematic, as it could have exposed the location of a person’s profile photo if someone used Partiful. 

According to TechCrunch, “Some Partiful user profile photos contained highly granular location data that could be used to identify the person’s home or work, particularly in rural areas where individual homes are easier to distinguish on a map.”

It is a common norm for companies hosting user photos and videos to automatically remove metadata once uploaded to prevent privacy issues, such as Partiful.

Read more »
Technology
Cloud Dark Web Data Digital ID Internet Technology

Is UK's Digital ID Hacker Proof?


Experts warned that our data will never be safe, as the UK government plans to launch Digital IDs for all citizens in the UK. The move has received harsh criticism due to a series of recent data attacks that leaked official government contacts, email accounts, staff addresses, and passwords. 

Why Digital IDs?

The rolling out of IDs means that digital identification will become mandatory for right-to-work checks in the UK by the end of this Parliament session. It aims to stop the illegal migrants from entering the UK, according to Keir Starmer, the UK's Prime Minister, also stressing that the IDs will prevent illegal working.

Experts, however, are not optimistic about this, as cyberattacks on critical national infrastructure, public service providers, and high street chains have surged. They have urged the parliament to ensure security and transparency when launching the new ID card scheme. 

According to former UK security and intelligence coordinator and director of GCHQ David Omand, the new plan will offer benefits, but it has to be implemented carefully. 

Benefits of Digital IDs

David Omand, former UK security and intelligence coordinator and director of GCHQ, said the scheme could offer enormous benefits, but only if it is implemented securely, as state hackers will try to hack and disrupt. 

To prevent this, the system should be made securely, and GCHQ must dedicate time and resources to robust implementation. The digital IDs would be on smartphones in the GOV.UK’s wallet app and verified against a central database of citizens having the right to live and work in the UK.

Risk with Digital IDs

There is always a risk of stolen data getting leaked on the dark web. According to an investigation by Cyjax, more than 1300 government email-password combinations, addresses, and contact details were accessed by threat actors over the past year. This is what makes the Digital ID card a risk, as the privacy of citizens can be put at risk. 

The UK government, however, has ensured that these digital IDs are made with robust security, secured via state-of-the-art encryption and authentication technology. 

According to PM Starmer, this offers citizens various benefits like proving their identity online and control over how data is shared and with whom.

Read more »
Technology
Cloud Data Domain Internet phishing PyPI Technology

Phishing Campaign Uses Fake PyPI Domain to Steal Login Credentials


Phishing campaign via fake domains

A highly advanced phishing campaign targeted maintainers of packages on the Python Package Index (PyPI), utilizing domain confusion methods to obtain login credentials from unsuspecting developers. The campaign leverages fake emails made to copy authentic PyPI communications and send recipients to fake domains that mimic the genuine PyPI infrastructure.

Campaign tactic

The phishing operation uses meticulously drafted emails that ask users to confirm their email address for “account maintenance and security reasons,” cautioning that accounts will be suspended if not done. 

These fake emails scare users, pushing them to make hasty decisions without confirming the authenticity of the communication. The phony emails redirect the victims to the malicious domain pypi-mirror.org, which mimics the genuine PyPI mirror but is not linked to the Python Software Foundation.

Broader scheme 

This phishing campaign highlights a series of attacks that have hit PyPi and similar other open-source repositories recently. Hackers have started changing domain names to avoid getting caught. 

Experts at PyPI said that these campaigns are part of a larger domain-confusion attack to abuse the trust relationship inside the open-source ecosystem.

The campaign uses technical deception and social engineering. When users open the malicious links, their credentials are stolen by the hackers. 

Domain confusion

The core of this campaign depends upon domain spoofing. The fake domain uses HTTPS encoding and sophisticated web design to build its authority, which tricks users who might not pay close attention while accessing these sites. The malicious sites mimic PyPI’s login page with stark reality, such as professional logos, form elements, and styling, giving users an authentic experience. 

This level of detail in the craft highlights robust planning and resource use by threat actors to increase the campaign’s effectiveness.

How to stay safe?

Users are advised to not open malicious links and pay attention while using websites, especially when putting in login details. 

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately. Inspect your account's Security History for anything unexpected. Report suspicious activity, such as potential phishing campaigns against PyPI, to security@pypi.org,” PyPI said in the blog post.

Read more »
Technology
AI ChatGPT Cloud Gemini Google Internet Technology

Gemini in Chrome: Google Can Now Track Your Phone

Gemini in Chrome: Google Can Now Track Your Phone

Is the Gemini browser collecting user data?

A new warning for 2 billion Chrome users, Google has announced that its browser will start collecting “sensitive data” on smartphones. “Starting today, we’re rolling out Gemini in Chrome,” Google said, which will be the “biggest upgrade to Chrome in its history.” The data that can be collected includes the device ID, username, location, search history, and browsing history. 

Agentic AI and browsers

Surfshark investigated the user privacy of AI browsers after Google’s announcement and found that if you use Chrome with Gemini on your smartphone, Google can collect 24 types of data. According to Surfshark, this is bigger than any other agentic AI browsers that have been analyzed. 

For instance, Microsoft’s Edge browser, which has Copilot, only collects half the data compared to Chrome and Gemini. Even Brave, Opera, and Perplexity collect less data. With the Gemini-in-Chrome extension, however, users should be more careful. 

Now that AI is everywhere, a lot of browsers like Firefox, Chrome, and Edge allow users to integrate agentic AI extensions. Although these tools are handy, relying on them can expose your privacy and personal data to third-party companies.

There have been incidents recently where data harvesting resulted from browser extensions, even those downloaded from official stores. 

The new data collection warning comes at the same time as the Gemini upgrade this month, called “Nano Banana.” This new update will also feed on user data. 

According to Android Authority, “Google may be working on bringing Nano Banana, Gemini’s popular image editing tool, to Google Photos. We’ve uncovered a GIF for a new ‘Create’ feature in the Google Photos app, suggesting it’ll use Nano Banana inside the app. It’s unclear when the feature will roll out.”

AI browser concerns

Experts have warned that every photo you upload has a biometric fingerprint which consists of your micro-expressions, unique facial geometry, body proportions, and micro-expressions. The biometric data included device fingerprinting, behavioural biometrics, social network mapping, and GPS coordinates.

Besides this, Apple’s Safari now has anti-fingerprinting technology as the default browsing for iOS 26. However, users should only use their own browser for it to work. For instance, if you use Chrome on an Apple device, it won’t work. Another reason why Apply is advising users to use the Safari browser and not Chrome. 

Read more »
Internet
Citrix Bleed Cloud Cyber Security Data Leak Email FEMA Internet

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies


An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management Agency technology employees.

Citrix bug leads to breach

The incident occurred on June 22, when threat actors infiltrated Citrix virtual desktop infrastructure inside FEMA via stolen login details. The data was stolen from Region 6 servers, according to NextGov. The DHS security staff were informed of the incident on July 7. A week later, an unknown hacker used a high-level access account and tried to deploy virtual networking software to retrieve details. Mitigation began on July 16. 

In September, further mitigation actions were taken, including reframing FEMA Zscaler policies and restricting access to a few websites. According to Nextgov, an internal FEMA email was found that instructed all employees to change their passwords, but no other details about the incidents were mentioned in the email. 

About FEMA firings

The FEMA employee layoffs happened on August 29, after a routine inspection of the agency’s infrastructure, which revealed a flaw that “allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole,” according to the Department of Homeland Security (DHS). 

The firing announcement came from DHS, which also hit FEMA’s top cybersecurity and technology officers. According to DHS, FEMA’s IT staff “resisted any efforts to fix the problem” and “lied” about the significance of flaws. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS said at the time.

Lack of effort: DHS

FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said when Noem first announced the staff terminations last month. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS also said.

About the Citrix bug

Citrix sells software that employees use for remote access of workplace apps. The flaw, named CitrixBleed 2.0, in the past has allowed threat actors to escape two-factor authentication measures. “Bleed” is a tactic that makes susceptible devices give out memory content, allowing threat actors to place pieces of data and assemble login credentials for infiltrating devices.

Read more »
Website
Advertising AI Cloud Cookie Data Internet Technology Website

The Cookie Problem. Should you Accept or Reject?


It is impossible for a user today to surf the internet without cookies, to reject or accept. A pop-up shows in our browser that asks to either “accept all” or “reject all.” In a few cases, a third option allows you to ‘manage preferences’.

The pop-ups can be annoying, and your first reaction is to remove them immediately, and you hit that “accept all” button. But is there anything else you can do?

About cookies

Cookies are small files that are saved by web pages, and they have information for personalizing user experience, particularly for the most visited websites. The cookies may remember your login details, preferred news items, or your shopping preferences based on your browsing history. Cookies also help advertisers target your browsing behaviour via targeted ads. 

Types of cookies

Session cookies: These are for temporary use, like tracking items in your shopping cart. When a browser session is inactive, the cookies are automatically deleted.

Persistent cookies: As the name suggests, these cookies are used for longer periods. For example, saving logging details for accessing emails faster. They can expire from days to years. 

About cookie options

When you are on a website, pop-ups inform you about the “essential cookies” that you can’t opt out of because if you do, you may not be able to use the website's online features, like shopping carts wouldn’t work. But in the settings, you can opt out of “non-essential cookies.”

Three types of non-essential cookies

  1. Functional cookies- Based on browsing experience. (for instance, region or language selection)
  2. Advertising cookies- Third-party cookies, which are used to track user browsing activities. These cookies can be shared with third parties and across domains and platforms that you did not visit.
  3. Analytics cookies- They give details about metrics, such as how visitors use the website

Read more »
Vietnam
AI Artificial Intelligence Cloud Cyber Attacks Internet Panama Ransomware Vietnam

Panama and Vietnam Governments Suffer Cyber Attacks, Data Leaked


Hackers stole government data from organizations in Panama and Vietnam in multiple cyber attacks that surfaced recently.

About the incident

According to Vietnam’s state news outlet, the Cyber Emergency Response Team (VNCERT) confirmed reports of a breach targeting the National Credit Information Center (CIC) that manages credit information for businesses and people, an organization run by the State Bank of Vietnam. 

Personal data leaked

Earlier reports suggested that personal information was exposed due to the attack. VNCERT is now investigating and working with various agencies and Viettel, a state-owned telecom. It said, “Initial verification results show signs of cybercrime attacks and intrusions to steal personal data. The amount of illegally acquired data is still being counted and clarified.”

VNCERT has requested citizens to avoid downloading and sharing stolen data and also threatened legal charges against people who do so.

Who was behind the attack?

The statement has come after threat actors linked to the Shiny Hunters Group and Scattered Spider cybercriminal organization took responsibility for hacking the CIC and stealing around 160 million records. 

Threat actors put up stolen data for sale on the cybercriminal platforms, giving a sneak peek of a sample that included personal information. DataBreaches.net interviewed the hackers, who said they abused a bug in end-of-life software, and didn’t offer a ransom for the stolen information.

CIC told banks that the Shiny Hunters gang was behind the incident, Bloomberg News reported.

The attackers have gained the attention of law enforcement agencies globally for various high-profile attacks in 2025, including various campaigns attacking big enterprises in the insurance, retail, and airline sectors. 

The Finance Ministry of Panama also hit

The Ministry of Economy and Finance in Panam was also hit by a cyber attack, government officials confirmed. “The Ministry of Economy and Finance (MEF) informs the public that today it detected an incident involving malicious software at one of the offices of the Ministry,” they said in a statement. 

The INC ransomware group claimed responsibility for the incident and stole 1.5 terabytes of data, such as emails, budgets, etc., from the ministry.

Read more »
zero-day
AI Cloud Internet malware WeepSteel zero-day

Hackers Exploit Zero-Day Bug to Install Backdoors and Steal Data


Sitecore bug abused

Threat actors exploited a zero-day bug in legacy Sitecore deployments to install WeepSteel spying malware. 

The bug, tracked as CVE-2025-53690, is a ViewState deserialization flaw caused by the addition of a sample ASP.NET machine key in pre-2017 Sitecore guides. 

A few users reused this key, which allowed hackers who knew about the key to create valid, but infected '_VIEWSTATE' payloads that fooled the server into deserializing and executing them, which led to remote code execution (RCE). 

The vulnerability isn’t a bug in ASP.NET; however, it is a misconfiguration flaw due to the reuse of publicly documented keys that were never intended for production use.

About exploitation

Mandiant experts found the exploit in the wild and said that the threat actors have been exploiting the bug in various multi-stage attacks. Threat actors target the '/sitecore/blocked.Aspx' endpoint, which consists of an unauthorized ViewState field, and get RCE by exploiting CVE-2025-53690. 

The malicious payload threat actors deploy is WeepSteel, a spying backdoor that gets process, system, disk, and network details, hiding its exfiltration as standard ViewState responses. Mendiant experts found the RCE of monitoring commands on compromised systems- tasklist, ipconfig/all, whoami, and netstat-ano. 

Mandiant observed the execution of reconnaissance commands on compromised environments, including whoami, hostname, tasklist, ipconfig /all, and netstat -ano. 

In the next attack stage, the threat actors installed Earthworm (a network tunneling and reverse SOCKS proxy), Dwagent (a remote access tool), and 7-Zip, which is used to make archives of the stolen information. After this, the threat actors increased access privileges by making local administrator accounts ('asp$,' 'sawadmin'), “cached (SAM and SYSTEM hives) credentials dumping, and attempted token impersonating via GoTokenTheft,” Bleeping Computer said. 

Threat actors secured persistence by disabling password expiration, which gave them RDP access and allowed them to register Dwagent as a SYSTEM service. 

“Mandiant recommends following security best practices in ASP.NET, including implementing automated machine key rotation, enabling View State Message Authentication Code (MAC), and encrypting any plaintext secrets within the web.config file,” the company said.

Read more »
User Privacy
AI Cloud Cyber Security Data Data Leak data security Internet User Privacy

Massive database of 250 million data leaked online for public access


Around a quarter of a billion identity records were left publicly accessible, exposing people located in seven countries- Saudi Arabia, the United Arab Emirates, Canada, Mexico, South Africa, Egypt, and Turkey. 

According to experts from Cybernews, three misconfigured servers, registered in the UAE and Brazil, hosting IP addresses, contained personal information such as “government-level” identity profiles. The leaked data included contact details, dates of birth, ID numbers, and home addresses. 

Cybernews experts who found the leak said the databases seemed to have similarities with the naming conventions and structure, which hinted towards the same source. But they could not identify the actor who was responsible for running the servers. 

“These databases were likely operated by a single party, due to the similar data structures, but there’s no attribution as to who controlled the data, or any hard links proving that these instances belonged to the same party,” they said. 

The leak is particularly concerning for citizens in South Africa, Egypt, and Turkey, as the databases there contained full-spectrum data. 

The leak would have exposed the database to multiple threats, such as phishing campaigns, scams, financial fraud, and abuses.

Currently, the database is not publicly accessible (a good sign). 

This is not the first incident where a massive database holding citizen data (250 million) has been exposed online. Cybernews’ research revealed that the entire Brazilian population might have been impacted by the breach.

Earlier, a misconfigured Elasticsearch instance included the data with details such as sex,  names, dates of birth, and Cadastro de Pessoas Físicas (CPF) numbers. This number is used to identify taxpayers in Brazil. 

Read more »
SwissBorg
AI Bitcoin Cloud cryptocurrency Cyber Security Cypto wallet Internet SwissBorg

Cryptoexchange SwissBorg Suffers $41 Million Theft, Will Reimburse Users


According to SwissBorg, a cryptoexchange platform, $41 million worth of cryptocurrency was stolen from an external wallet used for its SOL earn strategy in a cyberattack that also affected a partner company. The company, which is based in Switzerland, acknowledged the industry reports of the attack but has stressed that the platform was not compromised. 

CEO Cyrus Fazel said that an external finance wallet of a partner was compromised. The incident happened due to hacking of the partner’s API, a process that lets software customers communicate with each other, impacting a single counterparty. It was not a compromise of SwissBorg, the company said on X. 

SwissBorg said that the hack has impacted fewer than 1% of users. “A partner API was compromised, impacting our SOL Earn Program (~193k SOL, <1% of users).  Rest assured, the SwissBorg app remains fully secure and all other funds in Earn programs are 100% safe,” it tweeted. The company said they are looking into the incident with other blockchain security firms. 

All other assets are secure and will compensate for any losses, and user balances in the SwissBorg app are not impacted. SOL Earn redemptions have been stopped as recovery efforts are undergoing. The company has also teamed up with law enforcement agencies to recover the stolen funds. A detailed report will be released after the investigations end. 

The exploit surfaced after a surge in crypto thefts, with more than $2.17 billion already stolen this year. Kiln, the partner company, released its own statement: “SwissBorg and Kiln are investigating an incident that may have involved unauthorized access to a wallet used for staking operations. The incident resulted in Solana funds being improperly removed from the wallet used for staking operations.” 

After the attack, “SwissBorg and Kiln immediately activated an incident response plan, contained the activity, and engaged our security partners,” it said in a blogpost, and that “SwissBorg has paused Solana staking transactions on the platform to ensure no other customers are impacted.”

Fazel posted a video about the incident, informing users that the platform had suffered multiple breaches in the past.

Read more »
Technology
AI Anthropic ChatGPT Claude Cloud Internet Technology

Antrhopic to use your chats with Claude to train its AI


Antrhopic to use your chats with Claude to train its AI

Anthropic announced last week that it will update its terms of service and privacy policy to allow the use of chats for training its AI model “Claude.” Users of all subscription levels- Claude Free, Max, Pro, and Code subscribers- will be impacted by this new update. Anthropic’s new Consumer Terms and Privacy Policy will take effect from September 28, 2025. 

But users who use Claude under licenses such as Work, Team, and Enterprise plans, Claude Education, and Claude Gov will be exempted. Besides this, third-party users who use the Claude API through Google Cloud’s Vertex AI and Amazon Bedrock will also not be affected by the new policy.

If you are a Claude user, you can delay accepting the new policy by choosing ‘not now’, however, after September 28, your user account will be opted in by default to share your chat transcript for training the AI model. 

Why the new policies?

The new policy has come after the genAI boom, thanks to the massive data that has prompted various tech companies to rethink their update policies (although quietly) and update their terms of service. With this, these companies can use your data to train their AI models or give it out to other companies to improve their AI bots. 

"By participating, you’ll help us improve model safety, making our systems for detecting harmful content more accurate and less likely to flag harmless conversations. You’ll also help future Claude models improve at skills like coding, analysis, and reasoning, ultimately leading to better models for all users," Anthropic said.

Concerns around user safety

Earlier this year, in July, Wetransfer, a famous file-sharing platform, fell into controversy when it changed its terms of service agreement, facing immediate backlash from its users and online community. WeTransfer wanted the files uploaded on its platform could be used for improving machine learning models. After the incident, the platform has been trying to fix things by removing “any mention of AI and machine learning from the document,” according to the Indian Express. 

With rising concerns over the use of personal data for training AI models that compromise user privacy, companies are now offering users the option to opt out of data training for AI models.

Read more »
Ransomware
AI Cloud Cyber Security Data Organization Ransomware

How cybersecurity debts can damage your organization and finances

How cybersecurity debts can damage your organization and finances

A new term has emerged in the tech industry: “cybersecurity debt.” Similar to technical debt, cybersecurity debt refers to the accumulation of unaddressed security bugs and outdated systems resulting from inadequate investments in cybersecurity services. 

Delaying these expenditures can provide short-term financial gains, but long-term repercussions can be severe, causing greater dangers and exponential costs.

What causes cybersecurity debt?

Cybersecurity debt happens when organizations don’t update their systems frequently, ignoring software patches and neglecting security improvements for short-term financial gains. Slowly, this leads to a backlog of bugs that threat actors can abuse- leading to severe consequences. 

Contrary to financial debt that accumulates predictable interest, cybersecurity debt compounds in uncertain and hazardous ways. Even a single ignored bug can cause a massive data breach, a regulatory fine that can cost millions, or a ransomware attack. 

A 2024 IBM study about data breaches cost revealed that the average data breach cost had increased to $4.9 million, a record high. And even worse, 83% of organizations surveyed had suffered multiple breaches, suggesting that many businesses keep operating with cybersecurity debt. The more an organization avoids addressing problems, the greater the chances of cyber threats.

What can CEOs do?

Short-term gain vs long-term security

CEOs and CFOs are under constant pressure to give strong quarterly profits and increase revenue. As cybersecurity is a “cost center” and non-revenue-generating expenditure, it is sometimes seen as a service where costs can be cut without severe consequences. 

A CEO or CFO may opt for this short-term security gain, failing to address the long-term risks involved with rising cybersecurity debt. In some cases, the consequences are only visible when a business suffers a data breach. 

Philip D. Harris, Research Director, GRC Software & Services, IDC, suggests, “Executive management and the board of directors must support the strategic direction of IT and cybersecurity. Consider implementing cyber-risk quantification to accomplish this goal. When IT and cybersecurity leaders speak to executives and board members, from a financial perspective, it is easier to garner interest and support for investments to reduce cybersecurity debt.”

Limiting cybersecurity debt

CEOs and leaders should consider reassessing the risks. This can be achieved by adopting a comprehensive approach that adds cybersecurity debt into an organization’s wider risk management plans.

Read more »
Ransom Demands
Azure Cloud Cloud Attacks Cloud Security Cyber Security Data Theft Microsoft Microsoft Azure Ransom Demands

Microsoft Warns Storm-0501 Shifts to Cloud-Based Encryption, Data Theft, and Extortion

 

Microsoft has issued a warning about Storm-0501, a threat actor that has significantly evolved its tactics, moving away from traditional ransomware encryption on devices to targeting cloud environments for data theft, extortion, and cloud-based encryption. Instead of relying on conventional ransomware payloads, the group now abuses native cloud features to exfiltrate information, delete backups, and cripple storage systems, applying pressure on victims to pay without deploying malware in the traditional sense. 

Storm-0501 has been active since at least 2021, when it first used the Sabbath ransomware in attacks on organizations across multiple industries. Over time, it adopted ransomware-as-a-service (RaaS) tools, deploying encryptors from groups such as Hive, BlackCat (ALPHV), Hunters International, LockBit, and most recently, Embargo ransomware. In September 2024, Microsoft revealed that the group was expanding into hybrid cloud environments, compromising Active Directory and pivoting into Entra ID tenants. During those intrusions, attackers established persistence with malicious federated domains or encrypted on-premises devices with ransomware like Embargo. 

In its latest report, Microsoft highlights that Storm-0501 is now conducting attacks entirely in the cloud. Unlike conventional ransomware campaigns that spread malware across endpoints and then negotiate for decryption, the new approach leverages cloud-native tools to quickly exfiltrate large volumes of data, wipe storage backups, and encrypt files within the cloud itself. This strategy both accelerates the attack and reduces reliance on detectable malware deployment, making it more difficult for defenders to identify the threat in time. 

Recent cases show the group compromising multiple Active Directory domains and Entra tenants by exploiting weaknesses in Microsoft Defender configurations. Using stolen Directory Synchronization Accounts, Storm-0501 enumerated roles, users, and Azure resources with reconnaissance tools such as AzureHound. The attackers then identified a Global Administrator account without multifactor authentication, reset its password, and seized administrative control. With these elevated privileges, they maintained persistence by adding their own federated domains, which allowed them to impersonate users and bypass MFA entirely. 

From there, the attackers escalated further inside Azure by abusing the Microsoft.Authorization/elevateAccess/action capability, granting themselves Owner-level roles and taking complete control of the target’s cloud infrastructure. Once entrenched, they began disabling defenses and siphoning sensitive data from Azure Storage accounts. In many cases, they attempted to delete snapshots, restore points, Recovery Services vaults, and even entire storage accounts to prevent recovery. When these deletions failed, they created new Key Vaults and customer-managed keys to encrypt the data, effectively locking companies out unless a ransom was paid. 

The final stage of the attack involved contacting victims directly through Microsoft Teams accounts that had already been compromised, delivering ransom notes and threats. Microsoft warns that this shift illustrates how ransomware operations may increasingly migrate away from on-premises encryption as defenses improve, moving instead toward cloud-native extortion techniques. The report also includes guidance for detection, including Microsoft Defender XDR hunting queries, to help organizations identify the tactics used by Storm-0501.
Read more »
Technology
AI Cloud Data PromptLock Ransomware Technology

Experts discover first-ever AI-powered ransomware called "PromptLock"

Experts discover first-ever AI-powered ransomware called "PromptLock"

A ransomware attack is an organization’s worst nightmare. Not only does it harm the confidentiality of the organizations and their customers, but it also drains money and causes damage to the reputation. Defenders have been trying to address this serious threat, but threat actors keep developing new tactics to launch attacks. To make things worse, we have a new AI-powered ransomware strain. 

First AI ransomware

Cybersecurity experts have found the first-ever AI-powered ransomware strain. Experts Peter Strycek and Anton Cherepanov from ESET found the strain and have termed it “PromptLock.” "During infection, the AI autonomously decides which files to search, copy, or encrypt — marking a potential turning point in how cybercriminals operate," ESET said.

The malware has not been spotted in any cyberattack as of yet, experts say. Promptlock appears to be in development and is poised for launch. 

Although cyber criminals used GenAI tools to create malware in the past, PromptLock is the first ransomware case that is based on an AI model. According to Cherepanov’s LinkedIn post, Promptlock exploits the gpt-oss:20b model from OpenAI through the Ollama API to make new scripts.

About PromptLock

Cherepanov’s LinkedIn post highlighted that the ransomware script can exfiltrate files and encrypt data, but may destroy files in the future. He said that “while multiple indicators suggest that the sample is a proof-of-concept (PoC) or a work-in-progress rather than an operational threat in the wild, we believe it is crucial to raise awareness within the cybersecurity community about such emerging risks.

AI and ransomware threat

According to Dark Reading’s conversation with ESET experts, the AI-based ransomware is a serious threat to security teams. Strycek and Cherepanov are trying to find out more about PromptLock, but they want to warn the security teams immediately about the ransomware. 

ESET on X noted that "the PromptLock ransomware is written in #Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal."

Threat actors have started using AI tools to launch phishing campaigns by creating fake content and malicious websites, thanks to the rapid adoption across the industry. However, AI-powered ransomware will be a worse challenge for cybersecurity defenders.

Read more »
Technology
AI Business ChatGPT Cloud Data Data Leak GenAI Technology

CISOs fear material losses amid rising cyberattacks


Chief information security officers (CISOs) are worried about the dangers of a cyberattack, and there is an anxiety due to the material losses of data that organizations have suffered in the past year.

According to a report by Proofpoint, the majority of CISOs fear a material cyberattack in the next 12 months. These concerns highlight the increasing risks and cultural shifts among CISOs.

Changing roles of CISOs

“76% of CISOs anticipate a material cyberattack in the next year, with human risk and GenAI-driven data loss topping their concerns,” Proofpoint said. In this situation, corporate stakeholders are trying to get a better understanding of the risks involved when it comes to tech and whether they are safe or not. 

Experts believe that CISOs are being more open about these attacks, thanks to SEC disclosure rules, strict regulations, board expectations, and enquiries. The report surveyed 1,600 CISOs worldwide; all the organizations had more than 1000 employees. 

Doing business is a concern

The study highlights a rising concern about doing business amid incidents of cyberattacks. Although the majority of CISOs are confident about their cybersecurity culture, six out of 10 CISOs said their organizations are not prepared for a cyberattack. The majority of the CISOs were found in favour of paying ransoms to avoid the leak of sensitive data.

AI: Saviour or danger?

AI has risen both as a top concern as well as a top priority for CISOs. Two-thirds of CISOs believe that enabling GenAI tools is a top priority over the next two years, despite the ongoing risks. In the US, however, 80% CISOs worry about possible data breaches through GenAI platforms. 

With adoption rates rising, organizations have started to move from restriction to governance. “Most are responding with guardrails: 67% have implemented usage guidelines, and 68% are exploring AI-powered defenses, though enthusiasm has cooled from 87% last year. More than half (59%) restrict employee use of GenAI tools altogether,” Proofpoint said.

Read more »
Windows
AI Bitcoin Cloud Crypto Ethereum Internet Technology Windows

Malicous npm package exploit crypto wallets


Experts have found a malicious npm package that consists of stealthy features to deploy malicious code into pc apps targeting crypto wallets such as Exodus and Atomic. 

About the package

Termed as “nodejs-smtp,” the package imitates the genuine email library nodemailer with the same README descriptions, page styling, and tagline, bringing around 347 downloads since it was uploaded to the npm registry earlier this year by a user “nikotimon.” 

It is not available anymore. Socket experts Krill Boychenko said, "On import, the package uses Electron tooling to unpack Atomic Wallet's app.asar, replace a vendor bundle with a malicious payload, repackage the application, and remove traces by deleting its working directory.”

What is the CIS build kit?

The aim is to overwrite the recipient address with hard-coded wallets handled by a cybercriminal. The package delivers by working as an SMTP-based mailer while trying to escape developers’ attention. 

This has surfaced after ReversingLabs found an npm package called "pdf-to-office" that got the same results by releasing the “app.asar” archives linked to Exodus and Atomic wallets and changing the JavaScript file inside them to launch the clipper function. 

According to Boychenko, “this campaign shows how a routine import on a developer workstation can quietly modify a separate desktop application and persist across reboots. He also said that “by using import time execution and Electron packaging, a lookalike mailer becomes a wallet drainer that alters Atomic and Exodus on compromised Windows systems."

What next?

The campaign has exposed how a routine import on a developer's pc can silently change a different desktop application and stay alive in reboots. By exploiting the import time execution and Electron packaging, an identical mailer turns into a wallet drainer. Security teams should be careful of incoming wallet drainers deployed through package registries. 

Read more »
Subscribe to: Posts (Atom)