Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
User Privacy
Cyber Security Legislative Amendment Ransomware attack UK Government User Privacy

UK Government Proposes Mandatory Reporting of Ransomware Attacks

 

The British government's proposals to amend its ransomware strategy marked a minor milestone on Tuesday, when the Home Office issued its formal answer to a survey on modifying the law, but questions remain regarding the effectiveness of the measures. 

The legislative process in the United Kingdom regularly involves public consultations. In order to address the ransomware issue, the Home Office outlined three main policy recommendations and asked for public input in order to support forthcoming legislation. 

The three main policy ideas are prohibiting payments from public sector or critical national infrastructure organisations; requiring victims to notify the government prior to making any extortion payments; and requiring all victims to report attacks to law enforcement.

Following a string of high-profile ransomware incidents that affected the nation, including several that left the shelves of several high-street grocery stores empty and one that contributed to the death of a hospital patient in London, the official response was published on Tuesday, cataloguing feedback for and against the measures.

Despite being labelled as part of the government's much-talked-about Plan for Change, the plans are identical to those made while the Conservative Party was in control prior to Rishi Sunak's snap election, which delayed the consultation's introduction. Even that plan in 2024 was late to the game. 

In 2022, ransomware attacks dominated the British government's crisis management COBR meetings. However, successive home secretaries prioritised responding to small boat crossings of migrants in the English Channel. Ransomware attacks on British organisations had increased year after year for the past five years. 

“The proposals are a sign that the government is taking ransomware more seriously, which after five years of punishing attacks on UK businesses and critical national infrastructure is very welcome,” stated Jamie MacColl, a senior research fellow at think tank RUSI. But MacColl said there remained numerous questions regarding how effective the response might be. 

Earlier this year, the government announced what the Cyber Security and Resilience Bill (CSRB) will include when it is brought to Parliament. The CSRB, which only applies to regulated critical infrastructure firms, is likely to overlap with the ransomware regulations by enhancing cyber incident reporting requirements, but it is unclear how.
Read more »
User Privacy
Chinese Government Cyber Security Digital Protection National ID Online Surveillance User Privacy

Chinese Government Launches National Cyber ID Amid Privacy Concerns

 

China's national online ID service went into effect earlier this month with the promise of improving user privacy by limiting the amount of data collected by private-sector companies. However, the measures have been criticised by privacy and digital rights activists as giving the government more control over citizens' online activities.

The National Online Identity Authentication Public Service is a government-run digital identity system that will reduce the overall information footprint by allowing citizens to register with legitimate government documents and then protecting their data from Internet services. Users can choose not to utilise the service at this time, however businesses are expected to refrain from collecting users' personal information unless specifically mandated by law. 

Kendra Schaefer, a partner at Beijing-based policy consultancy Trivium China, claims that the rules, on the surface, give Internet users a centralised repository for their identity data, owned by the government, and to prevent inconsistent handling by private enterprises. 

"Basically, they're just switching the holder of data," Schaefer stated. "Users use to have to put their ID information into each new website when they logged into that website. ... It would be up to the collector of that data — for example, the platform itself — to properly encrypt it, properly transmit it to the state for verification. ... That is sort of being eliminated now.” 

Several nations are adopting regulations to establish digital identity systems that link online and offline identities. For instance, Australia expanded its government digital ID, permitted private sector participation, and strengthened privacy protections in 2024 with the adoption of the Digital ID Act of 2024. Based on Estonia's digital-government system, Singapore has long provided its people with a digital ID, SingPass, to facilitate transactions with government services. 

However, China's strategy has sparked serious concerns about escalating government monitoring under the guise of privacy and data security. According to an analysis by the Network of Chinese Human Rights Defenders (CHRD), a non-governmental collective of domestic and international Chinese human rights activists and groups, and Article 19, an international non-governmental organisation, the measures contain privacy and notification clauses, but several loopholes allow authorities to easily access private information without notification.

According to Shane Yi, a researcher with CHRD, the new Internet ID system is intended to bolster the state's monitoring apparatus rather than to safeguard individual privacy. 

The goal of the Internet ID numbers, also known as Network Numbers, is to centralise the process of confirming residents' digital identities. Real-name verification is required by the Chinese government, but since it is spread across numerous internet services, it may pose a data security threat. The Chinese regulation states that Internet platforms cannot maintain information about a citizen's true identity if they use a digital ID. The new restrictions (translation) entered into effect on July 15, 2025.

"After internet platforms access the Public Service, where users elect to use Network Numbers or Network Credentials to register and verify their real identity information, and pass verification, the internet platforms must not require that the users separately provide explicit identification information, except where laws or administrative regulations provide otherwise or the users consent to provide it," the regulation reads. 

Chinese officials say that the strategy strengthens citizens' privacy. Lin Wei, president of the Southwest University of Political Science and Law in Chongqing, China, claims that the 67 sites and applications that use the virtual ID service collect 89% less personal information. According to reports, the Ministry of Public Security in China released the academic's work.
Read more »
Zero Day Vulnerabilities
CIS CISA Cyber Exploits Cyber Security CyberCrime DNA Global Attacks Malicious Software Microsoft 365 SharePoint Storm 2603 Zero Day Vulnerabilities

SharePoint Exploit Emerges as Root of Global Cyber Threat

 


A global cybersecurity crisis has been triggered by a newly discovered and unpatched vulnerability in Microsoft SharePoint Server, prompting the Governments of the United States, Canada, and Australia to conduct urgent investigations. In what experts are calling a coordinated and large-scale zero-day attack, which is a breach that takes advantage of a previously unknown security vulnerability, an exploit that enables remote code execution without the user's input, a critical flaw has been exploited to exploit a critical flaw that enables remote code execution without user interaction. 

A widely used enterprise platform called SharePoint, which facilitates the sharing and collaboration of documents and ideas, has been identified as one of the latest attack vectors by threat actors looking to gain access to high-value systems. Thousands of servers are said to be vulnerable to the attack, with organisations across the public and private sectors scrambling to protect their systems since there has been no official security patch available from Microsoft for some time. 

After this incident, concerns over Microsoft's security posture continue to grow, coming after a Chinese spying campaign in 2023 compromised email accounts belonging to U.S. government officials, including those belonging to the highest levels of the executive branch. As a result of the review, both the U.S. government and industry experts heavily criticised the company's security practices. 

The latest breach highlights persistent vulnerabilities in widely-used platforms, as well as raising serious concerns about whether the global infrastructure is sufficiently prepared for sophisticated, evolving cyber threats that are rapidly evolving in complexity. There has been an increase in threats surrounding the SharePoint vulnerability following the emergence of a ransomware attack by the threat actor referred to as Storm-2603. 

The group has changed its strategy from initially focusing on cyber-espionage operations to one focused on more destructive tactics, which is a troubling development in its campaign strategy. It appears that Storm-2603 is currently exploiting a vulnerable SharePoint flaw in order to infiltrate vulnerable systems and spread ransomware payloads. This is a worrying shift in the group's strategy. 

By encrypting entire networks with malicious software, this malicious software demands cryptocurrency payments to restore access, effectively paralysing the operations of the targeted businesses. As a result of this strategic pivot, Microsoft announced this in a blog post released late Wednesday. During its extended analysis, it found that the transition from silent data theft to overt disruption and extortion had occurred over the past couple of years. 

A ransomware campaign using this same zero-day vulnerability not only amplifies the threat posed by the campaign but also demonstrates that cybercriminal groups are blurring the line between espionage and financially motivated attacks as they become more prevalent in the world. As analysts warn, this dual-purpose exploitation could result in a greater financial and operational impact, especially for organisations that have not yet implemented compensating control or detection measures, which will lead to greater operational damage. 

Moreover, this incident underscores the urgency of timely patching, comprehensive threat monitoring, as well as cross-border cybersecurity collaboration, which are all imperative to preventing any future attacks on SharePoint. Microsoft has attributed the ongoing exploitation of the SharePoint vulnerability to a threat group known as Storm-263, which is rated as based in China with moderate confidence. 

Storm-2603 has not been directly connected to any other known Chinese threat actors, but has been linked to the attempted exfiltration of sensitive data, including MachineKeys, via on-premises SharePoint flaws. As of July 18, 2025, Microsoft has been observing the group actively deploying ransomware using the exploited vulnerability, despite not being directly linked to any Chinese threat actors. 

An attack chain for this attack starts when a malicious payload (spinstall0.aspx) is executed on internet-exposed SharePoint servers in order to enable the execution of commands through the w3wp.exe process. In addition to conducting reconnaissance through tools such as whoami, cmd.exe, and batch scripts, Storm-2603 disables Microsoft Defender by altering the system registry. 

An actor maintains persistence by installing web shells, creating scheduled tasks, and manipulating IIS components in a way that allows malicious .NET assemblies to be loaded and to maintain persistence. In order to move around and steal credentials, tools such as Mimikatz, PsExec, Impacket, and WMI are employed. 

Ultimately, the operation results in the installation of the Warlock ransomware using modified Group Policy Objects (GPOs). Moreover, Microsoft warns that other threat actors may exploit the same vulnerability, which emphasises the necessity of organisations to implement security mitigations and apply patches without delay to prevent further damage from occurring. 

According to the CVSS scale, CVE-2025-53770 is the critical zero-day vulnerability at the centre of the ongoing exploitation campaign. It has been assigned a severity score of 9.8 on the CVSS scale, meaning it is a critical zero-day flaw. There has been a classification given by security researchers for this vulnerability that which is a variation of the CVE-2025-49704 vulnerability that has been patched in the past, with a slightly less severe rating of 8.8. This vulnerability entailed code injection and remote code execution within Microsoft SharePoint Server. 

Although Microsoft's Patch Tuesday release of July 2025 addressed the earlier flaw, the newly discovered variant has not been patched, which leaves many SharePoint environments running on-premises at risk. A Microsoft advisory issued on July 19 says that the core problem stems from the derivation of untrusted data, which could lead to attackers remotely executing arbitrary code over a network without authenticating themselves. 

According to the company, the exploit is a serious one, and a comprehensive fix is in the process of being developed and undergoing extensive testing at the moment. Viettel Cyber Security has been credited with discovering the vulnerability via Trend Micro Zero Day Initiative (ZDI). The issue was reported to Trend Micro via the Zero Day Initiative (ZDI) and has been credited with the discovery. 

As outlined in a separate security bulletin released by Microsoft on the following weekend, Microsoft has confirmed that an active exploit of the vulnerability is still in progress, specifically targeting on-premise deployments. However, according to the company, SharePoint Online services within Microsoft 365 are not affected by the threat. 

A zero-day vulnerability known as CVE-2025-53770 has become a growing threat to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as a result of its increasing threats. Earlier this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the Known Exploited Vulnerabilities (KEV) catalogue. 

Federal agencies have a limited timeframe—until Monday—to implement immediate mitigations. As a consequence of the active exploitation, according to Chris Butera, Acting Executive Assistant Director for Cybersecurity, the agency was alerted to the issue by a trusted partner, who promptly coordinated with Microsoft to resolve it. 

Researchers have attributed this vulnerability to the broader version of CVE-2025-49706, a vulnerability that was previously patched by Microsoft for spoofing. This vulnerability has been referred to as "ToolShell" by researchers. As the first cybersecurity firm to notice the attacks in action, Eye Security, a Dutch cybersecurity firm, reported that several high-profile targets, including multinational corporations, government institutions, and major banks, have already been compromised across several countries, including the United States, Germany, France, and Australia. 

It has been stated by Eye Security CTO Piet Kerkhofs that attackers are executing large numbers of exploit waves to gain unauthorised control through the use of the remote code execution (RCE) flaw. As a result of a technical analysis, it has been discovered that attackers are using the exploit to install web shells on compromised SharePoint servers and then to retrieve cryptographic keys from those servers. 

Through these keys, adversaries can forge authentication tokens and retain privileged access even after patches have been applied. Microsoft has advised organisations to make sure that all SharePoint servers have Defender Antivirus installed and that the Antimalware Scan Interface (AMSI) is integrated into SharePoint.

In case AMSI implementation is not possible, Microsoft recommends that vulnerable SharePoint instances be temporarily disconnected from the internet until a full security update is made available. Note that this vulnerability does not affect users of SharePoint Online within Microsoft 365, which is the cloud-based version of SharePoint. 

It has been reported that the CISA was first notified by a private cyber research firm on Friday of an active exploit of the SharePoint vulnerability, and Microsoft has been immediately notified, according to a spokesperson for the agency. A number of critical questions have been raised once again regarding Microsoft’s vulnerability management procedures as a result of this incident. 

There has previously been controversy surrounding the company due to its narrowly focused patches that do not often address similar attack paths, leaving organisations vulnerable to follow-up attacks that target similar exploits. It has been reported that Microsoft, one of the largest technology providers to global governments, has experienced a number of cybersecurity failures over the past two years, including attacks on its corporate infrastructure and executive email accounts, among other high-profile incidents. 

The Chinese government-backed threat actors were able to access federal official emails by exploiting a programming flaw in Microsoft's cloud services in one major incident. In addition, controversy was sparked after investigative outlet ProPublica reported Microsoft had hired engineers based in China to work on Department of Defence cloud projects. In response to the report, Defence Secretary Pete Hegseth immediately inspected the Pentagon cloud contracts and a formal review was initiated. 

Additionally, the nonprofit Centre for Internet Security (CIS) warned more than 100 vulnerable organisations, including public schools and universities, that they were at risk of being compromised by the threat. While Randy Rose, Vice President of CIS, indicated that incident response efforts had been significantly delayed as a result of a 65% cut to funding, CISA has had to significantly reduce its threat intelligence staffing.

In the future, this incident should serve as a crucial turning point for enterprises as they attempt to develop a comprehensive cybersecurity strategy beyond immediate containment. Organisations will need to adopt a mindset of continuous vigilance, integrating secure architecture with timely intelligence sharing, and automating threat detection into their operational DNA. 

When threat actors are constantly adapting and repurposing vulnerabilities, it is no longer sufficient to rely on vendor assurances without independent validation, especially in an environment where threat actors are constantly adapting and repurposing vulnerabilities. To minimise the blast radius in the event of a breach, organisations should prioritise scenario-based resilience planning, routine red teams, and strict access governance. 

Additionally, a close alignment between cybersecurity, legal, and executive leadership is essential in order to make informed decisions at the speed of modern threats. There is more to security than patchwork responses, as the threat matrix is evolving; it requires a security-first culture that is backed by investment, accountability, and strategic planning.
Read more »
User Security
CrowdStrike outage Cyber Security Hospital System threat report User Security

Patient Care Technology Disruptions Linked With the CrowdStrike Outage, Study Finds

 

A little more than a year ago, nearly 8.5 million Windows-based IT systems went down due to a simple error made during a routine software update. Computers were unable to reboot for several hours due to a bug from CrowdStrike, a cybersecurity business whose products are used to detect and respond to security attacks. Many of the systems needed further manual patches, which prolonged the outage.

The estimated financial toll? Anywhere between $5 billion and $10 billion for Fortune 500 firms – and close to $2 billion for the healthcare sector specifically.

A new report reveals that the negative repercussions on healthcare organisations have gone far beyond financial. A study published in JAMA Network Open by the University of California San Diego found that the incident triggered measurable disruptions in a large proportion of US hospitals, including technical issues that impacted basic operations, research activities, and direct patient care. The researchers discovered that immediately following the CrowdStrike upgrade on July 19, 759 hospitals (out of 2232 with available data) had measurable service disruptions. That represents more than one-third of healthcare organisations.

Of a total of 1098 service outages across those organisations, 21.8% were patient-facing and had a direct impact on patient care. Just over 15% were relevant to health-care operations, with 5.3% affecting research activities. The remaining 57% were either not classified as significant or unknown. 

“Patient-facing services spanned imaging platforms, prehospital medicine health record systems, patient transfer portals, access to secure documentation, and staff portals for viewing patient details,” the researchers explained. “In addition to staff portals, we saw outages in patient access platforms across diverse hospital systems; these platforms, when operating as usual, allow patients to schedule appointments, contact health care practitioners, access laboratory results, and refill prescriptions.” 

Additionally, some hospitals experienced outages in laboratory information systems (LIS), behavioural health apps, and patient monitoring systems like foetal monitors and cardiac telemetry devices. Software in development or pre-deployment stages, informational pages, educational resources for medical and nursing students, or donation pages for institutions were primarily impacted by the outages classified as irrelevant or unknown.

3.9% of hospitals had outages longer than 48 hours, while the majority of hospital services returned within 6 hours. Outages lasting longer than two full days were most common in hospitals in South Carolina, Maryland, and New Jersey. With the majority of assessed hospitals returning to service within six hours, Southern US organizations—including those in Tennessee, North Carolina, Louisiana, Alabama, Texas, and Florida—were among the quickest to recover.

The incident served as a stark reminder that human error is and always will be a serious threat to even the most resilient-seeming technologies, while also highlighting the extraordinarily fragile nature of the modern, hyperconnected healthcare ecosystem. CrowdStrike criticised the UCSD research methods and findings, but it also acknowledged and apologised to its customers and other impacted parties for the disruption and promised to be focused on enhancing the resilience of its platform.
Read more »
User Privacy
Cyber Security Dark Web threat report Travel Agencies User Privacy

Trustwave Reveals Dark Web Travel Agencies' Secrets

 

Within the underground economy, dark web travel agencies have become one of the more sophisticated and profitable businesses. 

According to the Wall Street Journal's report on Trustwave's findings, these shady companies use credit card fraud, compromised loyalty program accounts, and fake identification documents to provide drastically reduced airfare, upscale hotel stays, rental cars, and full vacation packages. However, what some may consider to be inexpensive vacation packages are actually the last in a series of cybercrimes.

One of their main advantages is their flexibility; as soon as one channel is closed, another one opens up, often with better strategies and more extensive service offerings. The core of the issue is a robust, decentralised underground economy that views fraudulent travel as just another way to make money, rather than any one platform or provider. 

Credential theft campaigns, automation, and the development of AI tools only increase the accessibility and scalability of these services. Dark web travel firms will persist as long as there is a need for big travel bargains with no questions asked and as long as data breaches continue to generate profits. 

Potential red flags in the system 

For airlines, hotels, car rental services, and booking platforms, the symptoms of fraud perpetrated by dark web travel companies are often subtle at first, but if ignored, these indicators can swiftly develop into financial losses, reputation harm, and increased fraud risk exposure. Recognising early symptoms of carded bookings is critical for any organisation involved in the travel industry. 

One of the most prevalent red flags is a high-value or international booking made under a newly formed account, especially if it's linked with last-minute travel or same-day check-in. These are traditional methods to shorten the time frame for detecting or reversing fraud. 

  • Mismatched information is another crucial indicator. This includes discrepancies between the ID shown at check-in, the credit card name, and the booking name. In situations involving hotels and rental cars, a visitor may act evasively when asked for confirmation, appear unfamiliar with the booking details, or refuse to provide further proof. 
  • Loyalty-based bookings may show high or unexpected point redemptions, particularly from dormant accounts or those accessed from foreign IP addresses. Fraudsters frequently abuse these apps using previously compromised login credentials or phishing efforts. 
  • Finally, be wary of repeat bookings with similar names or patterns that come from different accounts. This could imply organised abuse, in which a dark web agency operates primarily through a specific travel platform or API.

Safety tips 

  • Monitor the Dark Web and Telegram Channels for Brand Abuse: Invest in threat intelligence tools or collaborate with cybersecurity firms that can detect unauthorised mentions of your company on underground forums, marketplaces, and encrypted messaging platforms.
  • Improve loyalty program security: Add MFA, transaction alerts, and geofencing to your loyalty accounts. These programs are commonly targeted since they make it easy to monetise miles and points for bookings. 
  • Review API Access and Third-Party Integrations: Dark web retailers frequently exploit flaws in booking APIs or third-party aggregators. Regularly check these systems for abuse patterns, access controls, and rate-limiting enforcement.
Read more »
Malware Attack
AI Models AI Prompt AI prompt injection attack Cyber Security cybercriminals DNS DNS attacks DNS Hacking DOH DoT Hacker attack Malware Attack

Hackers Use DNS Records to Hide Malware and AI Prompt Injections

 

Cybercriminals are increasingly leveraging an unexpected and largely unmonitored part of the internet’s infrastructure—the Domain Name System (DNS)—to hide malicious code and exploit security weaknesses. Security researchers at DomainTools have uncovered a campaign in which attackers embedded malware directly into DNS records, a method that helps them avoid traditional detection systems. 

DNS records are typically used to translate website names into IP addresses, allowing users to access websites without memorizing numerical codes. However, they can also include TXT records, which are designed to hold arbitrary text. These records are often used for legitimate purposes, such as domain verification for services like Google Workspace. Unfortunately, they can also be misused to store and distribute malicious scripts. 

In a recent case, attackers converted a binary file of the Joke Screenmate malware into hexadecimal code and split it into hundreds of fragments. These fragments were stored across multiple subdomains of a single domain, with each piece placed inside a TXT record. Once an attacker gains access to a system, they can quietly retrieve these fragments through DNS queries, reconstruct the binary code, and deploy the malware. Since DNS traffic often escapes close scrutiny—especially when encrypted via DNS over HTTPS (DOH) or DNS over TLS (DOT)—this method is particularly stealthy. 

Ian Campbell, a senior security engineer at DomainTools, noted that even companies with their own internal DNS resolvers often struggle to distinguish between normal and suspicious DNS requests. The rise of encrypted DNS traffic only makes it harder to detect such activity, as the actual content of DNS queries remains hidden from most monitoring tools. This isn’t a new tactic. Security researchers have observed similar methods in the past, including the use of DNS records to host PowerShell scripts. 

However, the specific use of hexadecimal-encoded binaries in TXT records, as described in DomainTools’ latest findings, adds a new layer of sophistication. Beyond malware, the research also revealed that TXT records are being used to launch prompt injection attacks against AI chatbots. These injections involve embedding deceptive or malicious prompts into files or documents processed by AI models. 

In one instance, TXT records were found to contain commands instructing a chatbot to delete its training data, return nonsensical information, or ignore future instructions entirely. This discovery highlights how the DNS system—an essential but often overlooked component of the internet—can be weaponized in creative and potentially damaging ways. 

As encryption becomes more widespread, organizations need to enhance their DNS monitoring capabilities and adopt more robust defensive strategies to close this blind spot before it’s further exploited.
Read more »
Websites
browser extensions Chrome Cyber Security Emoji keyboard Websites

Over 2 Million Users Affected: Browser Extensions Turned Into Silent Spying Tools


An alarming cyber threat has come to light involving common browser extensions used by millions across the world. According to a recent investigation by cybersecurity firm Koi Security, at least 18 browser add-ons, once considered safe were secretly turned into tools to track users without their knowledge. The attack, named “RedDirection,” affected more than 2.3 million people.

What makes this case especially alarming is that many of these extensions were originally trusted. They included tools like emoji keyboards, volume boosters, and weather forecasts popular utilities often downloaded from official platforms like the Chrome Web Store and Microsoft Edge Add-ons Store. With high ratings and verified badges, they seemed completely legitimate.

However, after gaining a large number of users, the attackers behind the campaign quietly pushed harmful updates. These updates gave the extensions the ability to access users’ online activity, including the websites they visited, cookies, and even login information. In some cases, users were redirected to fake websites designed to steal sensitive data like passwords.

Extensions such as “Emoji keyboard online,” “Free Weather Forecast,” and “Volume Max” on Chrome, as well as “Unlock TikTok” and “Volume Booster” on Edge, were found to be connected to the same background server. This suggests that all of them may have been controlled by a single group or organization.

One of the biggest concerns is how easily these harmful changes were delivered. Most browser extensions update automatically in the background, with no alerts or approval required from users. This allowed attackers to silently take control of millions of browsers without anyone noticing.

This isn’t the first case of browser extensions being misused. Past incidents like the 2019 “DataSpii” leak and 2021’s “CursedChrome” attack followed a similar pattern, trustworthy tools were hijacked over time and repurposed for spying or data collection.

If you use browser extensions, it’s important to take action now. Open your browser settings (by typing chrome://extensions or edge://extensions in the address bar), review all installed extensions, and remove anything suspicious or unused. You should also clear your browsing history and run a full antivirus scan on your device.

To stay safe in the future, treat browser extensions carefully. Only install what you truly need, and review the permissions each extension asks for. Think of your extensions like apps on your phone or medications in your home, regular cleanups can prevent major problems.

This recent discovery reminds us that even trusted tools can be misused over time. Staying alert and informed is the best defense.

Read more »
Phobos ransomware
8Base decryptor Cyber Security free ransomware decryptor Japanese police cybersecurity Phobos ransomware

Free Ransomware Decryptor Released for Phobos and 8Base Victims by Japanese Police

 

In a significant win against cybercrime, the Japanese police have unveiled a free ransomware decryptor that helps victims of Phobos and 8Base ransomware recover their encrypted files without paying a ransom. The tool has been independently tested and verified by BleepingComputer, which confirmed its effectiveness in decrypting compromised files.

Phobos, a ransomware-as-a-service (RaaS) operation, has been active since December 2018, allowing cybercriminals to deploy its encryption software in exchange for a share of the ransom. While it hasn’t gained as much public attention as other ransomware strains, it has been behind numerous global attacks, particularly targeting businesses.

In 2023, a subgroup of Phobos affiliates launched the 8Base ransomware, using a tweaked version of the original Phobos encryptor. This group adopted a more aggressive double extortion model—encrypting files and stealing data, then threatening to leak the information unless payment was made.

The international crackdown on these ransomware groups escalated in 2024, when a Russian national suspected of being a Phobos administrator was extradited from South Korea to the U.S. on a 13-count indictment. Later, a coordinated law enforcement operation dismantled the infrastructure behind the ransomware, seizing 27 servers and arresting four individuals linked to the 8Base group.

Now, leveraging intelligence reportedly gathered during these actions, the Japanese police have developed and released a decryptor tool. It is accessible via their official website and through Europol’s NoMoreRansom platform, with usage instructions available in English. Europol and the FBI are also backing the tool, underlining its legitimacy.

Though some browsers like Chrome and Firefox may flag the decryptor as malware, BleepingComputer assures users that it is safe and effective. In their test, the tool successfully decrypted all 150 files encrypted by a recent Phobos variant using the .LIZARD extension.

Currently, the decryptor supports several file extensions including .phobos, .8base, .elbie, .faust, and .LIZARD, but the Japanese authorities note it may work with additional file types as well.

To use the tool:
  • Launch the decryptor and accept the license agreement.
  • Enable long file name support if prompted.
  • Select the encrypted files and specify an output directory.
  • Click Decrypt to start the process.

The tool also supports recursive decryption—preserving the original folder structure when restoring files.

Victims of Phobos and 8Base attacks are strongly encouraged to try the decryptor, even if their files use a different extension, as it may still work.

“BleepingComputer can confirm that the decryptor successfully decrypted all 150 files encrypted by the LIZARD variant of Phobos ransomware.”

This development marks another step forward in the global fight against ransomware, giving victims a much-needed lifeline without resorting to ransom payments.
Read more »
Ransomwares
corporate cyber attacks Cyber Security Cyber Security Tool Cyberattack Cyberthreart Data protection data security Enterprise security Ingram Micro Password Security ransomware attacks Ransomwares

Why Major Companies Are Still Falling to Basic Cybersecurity Failures

 

In recent weeks, three major companies—Ingram Micro, United Natural Foods Inc. (UNFI), and McDonald’s—faced disruptive cybersecurity incidents. Despite operating in vastly different sectors—technology distribution, food logistics, and fast food retail—all three breaches stemmed from poor security fundamentals, not advanced cyber threats. 

Ingram Micro, a global distributor of IT and cybersecurity products, was hit by a ransomware attack in early July 2025. The company’s order systems and communication channels were temporarily shut down. Though systems were restored within days, the incident highlights a deeper issue: Ingram had access to top-tier security tools, yet failed to use them effectively. This wasn’t a tech failure—it was a lapse in execution and internal discipline. 

Just two weeks earlier, UNFI, the main distributor for Whole Foods, suffered a similar ransomware attack. The disruption caused significant delays in food supply chains, exposing the fragility of critical infrastructure. In industries that rely on real-time operations, cyber incidents are not just IT issues—they’re direct threats to business continuity. 

Meanwhile, McDonald’s experienced a different type of breach. Researchers discovered that its AI-powered hiring tool, McHire, could be accessed using a default admin login and a weak password—“123456.” This exposed sensitive applicant data, potentially impacting millions. The breach wasn’t due to a sophisticated hacker but to oversight and poor configuration. All three cases demonstrate a common truth: major companies are still vulnerable to basic errors. 

Threat actors like SafePay and Pay2Key are capitalizing on these gaps. SafePay infiltrates networks through stolen VPN credentials, while Pay2Key, allegedly backed by Iran, is now offering incentives for targeting U.S. firms. These groups don’t need advanced tools when companies are leaving the door open. Although Ingram Micro responded quickly—resetting credentials, enforcing MFA, and working with external experts—the damage had already been done. 

Preventive action, such as stricter access control, routine security audits, and proper use of existing tools, could have stopped the breach before it started. These incidents aren’t isolated—they’re indicative of a larger issue: a culture that prioritizes speed and convenience over governance and accountability. 

Security frameworks like NIST or CMMC offer roadmaps for better protection, but they must be followed in practice, not just on paper. The lesson is clear: when organizations fail to take care of cybersecurity basics, they put systems, customers, and their own reputations at risk. Prevention starts with leadership, not technology.
Read more »
OpenAI
AI integration AI Powered AI technology Browser ChatGPT Chrome Cyber Security Data collection data security Google Chrome Internet Browser OpenAI

OpenAI Launching AI-Powered Web Browser to Rival Chrome, Drive ChatGPT Integration

 

OpenAI is reportedly developing its own web browser, integrating artificial intelligence to offer users a new way to explore the internet. According to sources cited by Reuters, the tool is expected to be unveiled in the coming weeks, although an official release date has not yet been announced. With this move, OpenAI seems to be stepping into the competitive browser space with the goal of challenging Google Chrome’s dominance, while also gaining access to valuable user data that could enhance its AI models and advertising potential. 

The browser is expected to serve as more than just a window to the web—it will likely come packed with AI features, offering users the ability to interact with tools like ChatGPT directly within their browsing sessions. This integration could mean that AI-generated responses, intelligent page summaries, and voice-based search capabilities are no longer separate from web activity but built into the browsing experience itself. Users may be able to complete tasks, ask questions, and retrieve information all within a single, unified interface. 

A major incentive for OpenAI is the access to first-party data. Currently, most of the data that fuels targeted advertising and search engine algorithms is captured by Google through Chrome. By creating its own browser, OpenAI could tap into a similar stream of data—helping to both improve its large language models and create new revenue opportunities through ad placements or subscription services. While details on privacy controls are unclear, such deep integration with AI may raise concerns about data protection and user consent. 

Despite the potential, OpenAI faces stiff competition. Chrome currently holds a dominant share of the global browser market, with nearly 70% of users relying on it for daily web access. OpenAI would need to provide compelling reasons for people to switch—whether through better performance, advanced AI tools, or stronger privacy options. Meanwhile, other companies are racing to enter the same space. Perplexity AI, for instance, recently launched a browser named Comet, giving early adopters a glimpse into what AI-first browsing might look like. 

Ultimately, OpenAI’s browser could mark a turning point in how artificial intelligence intersects with the internet. If it succeeds, users might soon navigate the web in ways that are faster, more intuitive, and increasingly guided by AI. But for now, whether this approach will truly transform online experiences—or simply add another player to the browser wars—remains to be seen.
Read more »
SPN
AES Cryptographic Cryptographically Relevant Quantum Computer Cyber Encryption Cyber Security Cyberattacks CyberThreat Decryption Tool Global Encryption Hardware RSA SPN

Global Encryption at Risk as China Reportedly Advances Decryption Capabilities

 


It has been announced that researchers at Shanghai University have achieved a breakthrough in quantum computing that could have a profound impact on modern cryptographic systems. They achieved a significant leap in quantum computing. The team used a quantum annealing processor called D-Wave to successfully factor a 22-bit RSA number, a feat that has, until now, been beyond the practical capabilities of this particular class of quantum processor. 

There is no real-world value in a 22-bit key, but this milestone marks the beginning of the development of quantum algorithms and the improvement of hardware efficiency, even though it is relatively small and holds no real-world encryption value today. A growing vulnerability has been observed in classical encryption methods such as RSA, which are foundational to digital security across a wide range of financial systems, communication networks and government infrastructures. 

It is a great example of the accelerated pace at which the quantum arms race is occurring, and it reinforces the urgency around the creation of quantum-resistant cryptographic standards and the adoption of quantum-resistant protocols globally. 

As a result of quantum computing's progress, one of the greatest threats is that it has the potential to break widely used public key cryptographic algorithms, including Rivest-Shamir-Adleman (RSA), Diffie-Hellman, and even symmetric encryption standards, such as Advanced Encryption Standard (AES), very quickly and with ease.

Global digital security is built on the backbone of these encryption protocols, safeguarding everything from financial transactions and confidential communications to government and defense data, a safeguard that protects everything from financial transactions to confidential communications. As quantum computers become more advanced, this system might become obsolete if quantum computers become sufficiently advanced by dramatically reducing the time required to decrypt, posing a serious risk to privacy and infrastructure security. 

As a result of this threat looming over the world, major global powers have already refocused their strategic priorities. There is a widespread belief that nation-states that are financially and technologically able to develop quantum computing capabilities are actively engaged in a long-term offensive referred to as “harvest now, decrypt later”, which is the purpose of this offensive. 

Essentially, this tactic involves gathering enormous amounts of encrypted data today to decrypt that data in the future, when quantum computers reach a level of functionality that can break classical encryption. Even if the data has remained secure for now, its long-term confidentiality could be compromised. 

According to this strategy, there is a pressing need for quantum-resistant cryptographic standards to be developed and deployed urgently to provide a future-proof solution to sensitive data against the inevitable rise in quantum decryption capabilities that is inevitable. Despite the fact that 22-bit RSA keys are far from secure by contemporary standards, and they can be easily cracked by classical computer methods, this experiment marks the largest number of quantum annealing calculations to date, a process that is fundamentally different from the gate-based quantum systems that are most commonly discussed. 

It is important to note that this experiment is not related to Shor's algorithm, which has been thecentrer of theoretical discussions about breaking RSA encryption and uses gate-based quantum computers based on highly advanced technology. Instead, this experiment utilised quantum annealing, an algorithm that is specifically designed to solve a specific type of mathematical problem, such as factoring and optimisation, using quantum computing. 

The difference is very significant: whereas Shor's algorithm remains largely impractical at scale because of hardware limitations at the moment, D-Wave offers a solution to this dilemma by demonstrating how real-world factoring can be achieved on existing quantum hardware. Although it is limited to small key sizes, it does demonstrate the potential for real-world factoring on existing quantum hardware. This development has a lot of importance for the broader cryptographic security community. 

For decades, RSA encryption has provided online transactions, confidential communications, software integrity, and authentication systems with the necessary level of security. The RSA encryption is heavily dependent upon the computational difficulty of factorising large semiprime numbers. Classical computers have required a tremendous amount of time and resources to crack such encryption, which has kept the RSA encryption in business for decades to come.

In spite of the advances made by Wang and his team, it appears that even alternative quantum methods, beyond the widely discussed gate-based systems, may have tangible results for attacking these cryptographic barriers in the coming years. While it may be the case that quantum annealing is still at its infancy, the trajectory is still clearly in sight: quantum annealing is maturing, and as a result, the urgency for transitioning to post-quantum cryptographic standards becomes increasingly important.

A 22-bit RSA key does not have any real cryptographic value in today's digital landscape — where standard RSA keys usually exceed 2048 bits — but the successful factoring of such a key using quantum annealing represents a crucial step forward in quantum computing research. A demonstration, which is being organised by researchers in Shanghai, will not address the immediate practical threats that quantum attacks pose, but rather what it will reveal concerning quantum attack scalability in the future. 

A compelling proof-of-concept has been demonstrated here, illustrating that with refined techniques and optimisation, more significant encryption scenarios may soon come under attack. What makes this experiment so compelling is the technical efficiency reached by the research team as a result of their work. A team of researchers demonstrated that the current hardware limitations might actually be more flexible than previously thought by minimising the number of physical qubits required per variable, improving embeddings, and reducing noise through improved embeddings. 

By using quantum annealers—specialised quantum devices previously thought to be too limited for such tasks, this opens up the possibility to factor out larger key sizes. Additionally, there have been successful implementations of the quantum annealing approach for use with symmetric cryptography algorithms, including Substitution-Permutation Network (SPN) cyphers such as Present and Rectangle, which have proven to be highly effective. 

In the real world, lightweight cyphers are common in embedded systems as well as Internet of Things (IoT) devices, which makes this the first demonstration of a quantum processor that poses a credible threat to both asymmetric as well as symmetric encryption mechanisms simultaneously instead of only one or the other. 

There are far-reaching implications to the advancements that have been made as a result of this advancement, and they have not gone unnoticed by the world at large. In response to the accelerated pace of quantum developments, the US National Institute of Standards and Technology (NIST) published the first official post-quantum cryptography (PQC) standards in August of 2024. These standards were formalised under the FIPS 203, 204, and 205 codes. 

There is no doubt that this transition is backed by the adoption of the Hamming Quasi-Cyclic scheme by NIST, marking another milestone in the move toward a quantum-safe infrastructure, as it is based on lattice-based cryptography that is believed to be resistant to both current and emerging quantum attacks. This adoption further solidifies the transition into this field. There has also been a strong emphasis on the urgency of the issue from the White House in policy directives issued by the White House. 

A number of federal agencies have been instructed to begin phasing out vulnerable public key encryption protocols. The directive highlights the growing consensus that proactive mitigation is essential in light of the threat of "harvest now, decrypt later" strategies, where adversaries collect encrypted data today in anticipation of the possibility that future quantum technologies can be used to decrypt it. 

Increasing quantum breakthroughs are making it increasingly important to move to post-quantum cryptographic systems as soon as possible, as this is no longer a theoretical exercise but a necessity for the security of the world at large. While the 22-bit RSA key is very small when compared to the 2048-bit keys commonly used in contemporary cryptographic systems, the recent breakthrough by Shanghai researchers holds a great deal of significance both scientifically and technologically. 

Previously, quantum factoring was attempted with annealing-based systems, but had reached a plateau at 19-bit keys. This required a significant number of qubits per variable, which was rather excessive. By fine-tuning the local field and coupling coefficients within their Ising model, the researchers were able to overcome this barrier in their quantum setup. 

Through these optimisations, the noise reduction and factoring process was enhanced, and the factoring process was more consistent, which suggests that with further refinement, a higher level of complexity can be reached in the future with the RSA key size, according to independent experts who are aware of the possible implications. 

Despite not being involved in this study, Prabhjyot Kaur, an analyst at Everest Group who was not involved, has warned that advances in quantum computing could pose serious security threats to a wide range of industries. She underscored that cybersecurity professionals and policymakers alike are becoming increasingly conscious of the fact that theoretical risks are rapidly becoming operational realities in the field of cybersecurity. 

A significant majority of the concern surrounding quantum threats to encryption has traditionally focused on Shor's algorithm - a powerful quantum technique capable of factoring large numbers efficiently, but requiring a quantum computer based on gate-based quantum algorithms to be implemented. 

Though theoretically, these universal quantum machines are not without their limitations in hardware, such as the limited number of qubits, the limited coherence times, and the difficult correction of quantum errors. The quantum annealers from D-Wave, on the other hand, are much more mature, commercially accessible and do not have a universal function, but are considerably more mature than the ones from other companies. 

With its current generation of Advantage systems, D-Wave has been able to boast over 5,000 qubits and maintain an analogue quantum evolution process that is extremely stable at an ultra-low temperature of 15 millikelvin. There are limitations to quantum annealers, particularly in the form of exponential scaling costs, limiting their ability to crack only small moduli at present, but they also present a unique path to quantum-assisted cryptanalysis that is becoming increasingly viable as time goes by. 

By utilising a fundamentally different model of computation, annealers avoid many of the pitfalls associated with gate-based systems, including deep quantum circuits and high error rates, which are common in gate-based systems. In addition to demonstrating the versatility of quantum platforms, this divergence in approach also underscores how important it is for organisations to remain up to date and adaptive as multiple forms of quantum computing continue to evolve at the same time. 

The quantum era is steadily approaching, and as a result, organisations, governments, and security professionals must acknowledge the importance of cryptographic resilience as not only a theoretical concern but an urgent operational issue. There is no doubt that recent advances in quantum annealing, although they may be limited in their immediate threat, serve as a clear indication that quantum technology is progressing at a faster ra///-te than many had expected. 

The risk of enterprises and institutions not being able to afford to wait for large-scale quantum computers to become fully capable before implementing security transitions is too great to take. Rather than passively watching, companies and institutions must start by establishing a full understanding of the cryptographic assets they are deploying across their infrastructure in order to be able to make informed decisions about their cryptographic assets. 

It is also critical to adopt quantum-resistant algorithms, embrace crypto-agility, and participate in standards-based migration efforts if people hope to secure digital ecosystems for the long term. Moreover, continuous education is equally important to ensure that decision-makers remain informed about quantum developments as they develop to make timely and strategic security investments promptly. 

The disruptive potential of quantum computing presents undeniable risks, however it also presents a rare opportunity for modernizing foundational digital security practices. As people approach post-quantum cryptography, the digital future should be viewed not as one-time upgrade but as a transformation that integrates foresight, flexibility, and resilience, enabling us to become more resilient, resilient, and flexible. Taking proactive measures today will have a significant impact on whether people remain secure in the future.
Read more »
employee productivity
Accountability Cyber Security Data Privacy Data security software Data tracking Employee employee cybersecurity Employee Data employee productivity

Balancing Accountability and Privacy in the Age of Work Tracking Software

 

As businesses adopt employee monitoring tools to improve output and align team goals, they must also consider the implications for privacy. The success of these systems doesn’t rest solely on data collection, but on how transparently and respectfully they are implemented. When done right, work tracking software can enhance productivity while preserving employee dignity and fostering a culture of trust. 

One of the strongest arguments for using tracking software lies in the visibility it offers. In hybrid and remote work settings, where face-to-face supervision is limited, these tools offer leaders critical insights into workflows, project progress, and resource allocation. They enable more informed decisions and help identify process inefficiencies that could otherwise remain hidden. At the same time, they give employees the opportunity to highlight their own efforts, especially in collaborative environments where individual contributions can easily go unnoticed. 

For workers, having access to objective performance data ensures that their time and effort are acknowledged. Instead of constant managerial oversight, employees can benefit from automated insights that help them manage their time more effectively. This reduces the need for frequent check-ins and allows greater autonomy in daily schedules, ultimately leading to better focus and outcomes. 

However, the ethical use of these tools requires more than functionality—it demands transparency. Companies must clearly communicate what is being monitored, why it’s necessary, and how the collected data will be used. Monitoring practices should be limited to work-related metrics like app usage or project activity and should avoid invasive methods such as covert screen recording or keystroke logging. When employees are informed and involved from the start, they are more likely to accept the tools as supportive rather than punitive. 

Modern tracking platforms often go beyond timekeeping. Many offer dashboards that enable employees to view their own productivity patterns, identify distractions, and make self-directed improvements. This shift from oversight to insight empowers workers and contributes to their personal and professional development. At the organizational level, this data can guide strategy, uncover training needs, and drive better resource distribution—without compromising individual privacy. 

Ultimately, integrating work tracking tools responsibly is less about trade-offs and more about fostering mutual respect. The most successful implementations are those that treat transparency as a priority, not an afterthought. By framing these tools as resources for growth rather than surveillance, organizations can reinforce trust while improving overall performance. 

Used ethically and with clear communication, work tracking software has the potential to unify rather than divide. It supports both the operational needs of businesses and the autonomy of employees, proving that accountability and privacy can, in fact, coexist.
Read more »
Vulnerabilities
Al Technology Cyber Security Cyber Tools CyberCrime CyberThreat Ransomware Vulnerabilities

The Alarming Convergence of Cyber Crime and Real-World Threats

 


It is becoming increasingly evident that every aspect of everyday life relies on digital systems in today’s hyper-connected world, from banking and shopping to remote work and social media, as well as cloud-based services. With more and more people integrating technology into their daily lives, cybercriminals have become increasingly successful in hunting down and exploiting them. 

Malicious actors are exploiting vulnerabilities in both systems as well as human behaviour to launch sophisticated attacks, ranging from identity theft and phishing scams to massive ransomware campaigns and financial frauds, and the list goes on. There is no doubt that cybercrime has become a pervasive and damaging threat in the modern era. 

It affects both individuals, businesses, and governments. As lone hackers once dominated the market, this has now developed into a globally organized, organised industry that is driven by profit and armed with ever-evolving tools, including artificial intelligence, that are transforming the cybersecurity industry. 

The risk of falling victim to cyber-enabled crime continues to rise as billions of people interact with digital platforms daily, thereby making cybersecurity not only a technical matter but a fundamental necessity of our time. In the years that have followed, cybercrime has continued to grow in scope and sophistication, causing unprecedented damage to the global economy through phishing attacks and artificial intelligence-driven scams, now over $1 trillion annually. 

There is no doubt that cybercriminals are becoming more and more sophisticated as technology advances, and this alarming trend indicates that a coordinated, long-term response needs to take place that transcends the boundaries of individual organisations. A recognition of the systemic nature of cybercrime has led the Partnership against Cybercrime and the Institute for Security and Technology to launch the Systemic Defence initiative, which is in collaboration with the Institute for Security and Technology.

In this global effort, companies will be developing a multi-stakeholder, forward-looking, multi-layered approach to cybersecurity threats, especially phishing and cyber-enabled fraud, that will redefine how people deal with these threats in the future. There is a strong argument made by the project that instead of relying solely on reactive measures, that responsibility should be moved upstream, where risks can be mitigated before they become major problems before they become larger. 

Through this initiative, the government, industry leaders, law enforcement, and civil society members are encouraged to collaborate in order to create a more resilient digital ecosystem in which cyber threats can be anticipated and neutralised. There has never been a better time than now to share intelligence, deploy proactive defences, and establish unified standards in response to the growing use of artificial intelligence by threat actors to launch more deceptive and scalable attacks. 

As part of the Systemic Defence project, poeples will be able to identify and protect the global digital infrastructure from a rapidly evolving threat landscape as people move towards this goal. As cybercrime scales and impacts, experts warn of an increasing financial toll that could soon overshadow even the most devastating global events. This alarming pace has caused experts to warn that cybercrime could become more prevalent than ever before. 

According to projections by Cybersecurity Ventures, the cost of cybercrime worldwide will increase by 15 per cent annually by 2025, reaching $10.5 trillion per year in 2025 - an increase of 15 per cent from the $3 trillion in 2015. A dramatic escalation of this situation is widely considered to be the largest transfer of wealth in human history, putting a direct threat to global innovation, economic stability, and long-term investment. 

This forecast is not based on speculation, but rather on an in-depth analysis of historical data, combined with an increased number of state-sponsored cyberattacks and organized cybercrime syndicates, and an exponential increase in the number of digital attacks, all of which have led to this forecast. Increasingly, as the world becomes increasingly dependent on interconnected technologies, such as personal devices and enterprise systems, there are more opportunities for exploitation. This results in an ever-evolving landscape of risks in the world of cybercrime. 

There are far-reaching and multifaceted economic costs associated with cybercrime. Among the most significant losses are the destruction or theft of data, direct financial loss, disruption to operations, productivity losses, theft of intellectual property and confidential data, embezzlement and fraud, as well as the high costs associated with legal and forensic investigation. Additionally, organisations suffer long-term reputational damage as well as a loss of customer trust, which can be difficult to recover from for quite some time. 

In addition to its potential financial impact, cybercrime will have a much larger economic impact than all major illegal drugs combined, making it even more pressing. Cybercrime is expected to be more costly than the combined global trade of all major illegal drugs, and its economic impact will be exponentially larger than all natural disasters combined. As a consequence, cybercrime is no longer a niche security problem; it is now regarded as a systemic global threat that requires urgent, coordinated, and sustained attention from every sector. 

In the last decade or so, the cyber threat landscape has been transformed fundamentally, as a result of the rapid evolution of cybercrime and the increasing use of advanced persistent threat (APT) tactics by criminal actors. In 2024, Critical Start's Cyber Research Unit (CRU) is expecting a significant shift in cyber criminal activity, as they will be refining and using APT-level techniques that were once primarily associated with nation states. 

Using advanced methods, such as artificial intelligence, machine learning, social engineering, as well as spear-phishing campaigns, cyberattacks are becoming more effective, stealthier, and harder to detect or contain, as they now make use of smart methodologies. The APT tactic enables criminals, in contrast to traditional cyberattacks, which often rely on quick attacks and brute-force intrusion, to establish a long-term foothold within networks, carry out sustained surveillance, and carry out highly precise, calculated operations. 

As a result of the ability to remain undetected while gathering intelligence or gradually executing malicious objectives, governments, businesses, critical infrastructure companies, as well as individuals have been increasingly threatened. Despite the fact that cybercriminals have evolved in tactics, there has also been a fundamental shift in the scale, scope, and motivation of cybercrime as a whole. Cybercrime has since grown into a profitable enterprise mimicking the structure and strategy of legitimate businesses, which has evolved from a business largely driven by prestige or mischief during the early internet era of the 1990s. 

During the 1990s and 2006, cybercriminals began to capitalise on the economic potential of the internet, resulting in a period in which digital crime was being monetised. According to the World Economic Forum, cybercrime represents the third-largest economy in the world, illustrating its tremendous financial impact. Even more alarming about this evolution is the easy access to cybercriminal tools and services that make cybercrime so common. 

As a result of the democratisation of cybercrime, individuals with little or no technical expertise can now purchase malware kits, rent access to compromised networks, or utilise ransomware-as-a-service platforms at very low costs. Because of this, sophisticated attacks have increased in sophistication, especially in sectors such as healthcare, education, and commerce, as a result of this democratisation of cybercrime.

Cybercriminals have continued to blur the lines between criminal enterprises and nation-state tactics, making ransomware one of the most effective and preferred attack vectors. In today's cyber world, cybercriminals are often able to deliver malicious software through exploited security gaps. As such, it has become increasingly important to implement proactive, intelligence-driven, and systemic cybersecurity measures. This evolving digital warfront does not remain limited to high-profile organisations any longer. 

Every connected device and vulnerable system now represents a potential entry point into this digital war. In today's cybercrime ecosystem, there are a number of alarming aspects that are highlighting the use of the dark web by sophisticated threat actors, including state-sponsored organisations, which is becoming more prevalent. 

Based on the IBM X-Force 2025 Threat Intelligence Index, it is reported that actors are exploiting the anonymity and the decentralized nature of the dark web to acquire high-end cyber tools, exploit kits, stolen credentials, and services that will enable them to increase the scope and precision of their attacks by acquiring cutting-edge cyber tools. 

Cybercriminal innovation has been fueled by this hidden marketplace, enabling a level of coordination, automation, and operational sophistication that has reshaped the global threat landscape for the better. A threat from this adversary is no longer an isolated hacker working in a silo, but rather a group of highly organised, collaborative cybercriminals whose structure and efficiency are similar to that of legitimate businesses. 

In recent years, cybercriminals have been evolving in a rapid fashion, with unprecedented technical sophistication that allows them to go beyond simple data breaches to launch widespread disruptions in the digital world. Cybersecurity attacks include attacks on critical infrastructure, supply chains, and services that are essential to our daily lives, often with devastating consequences. Parallel to this growing threat, cyberattacks are posing a much greater financial toll than they ever have. 

According to IBM's latest report on the Cost of Data Breach, the average cost of a data breach is rising steadily at an alarming rate. The average cost of a data breach has increased by 10% from USD 4.45 million in 2023, which is the sharpest spike ever since the beginning of COVID-19. In addition to the increasing complexity and severity of cyber incidents, organisations are under increasing pressure to respond quickly and effectively to these incidents. 

The costs associated with business breaches are increasing, ranging from direct financial losses to forensic investigations, legal fees, customer notification, and identity protection services. During the past year, these post-incident expenses had increased by nearly 11%, and there has been a growing number of regulatory penalties that have been imposed. 

Throughout the report, it is highlighted that the number of organisations that have been fined more than USD 50,000 jumped 22.7%, and the number of organisations facing penalties over USD 100,000 increased by 19.5%. Therefore, organisations should think beyond traditional cybersecurity strategies to achieve the most effective results. 

The emergence of increasingly elusive and well-equipped threat actors has made it essential for businesses to develop an adaptable, intelligence-led, and resilience-focused approach so that they can mitigate long-term damage to digital assets and protect business continuity as well. It is well known that cybercrime is a resilient ecosystem, with actors who are financially driven specialising in specific roles, such as malware development, the brokerage of initial access, or the laundering of money. 

In general, these actors often work together fluidly, forming flexible alliances but maintaining multiple partners for the same service. This means that when one ransomware-as-a-service provider or malware hub is taken down, the disruption is only temporary, and others will quickly fill in to take over. There is no doubt that this adaptability illustrates the importance of broad, coordinated strategies geared towards dismantling the infrastructure that makes such operations possible, focusing instead on removing the individuals who facilitate these operations.

Organisations, governments, and individuals must adopt a proactive security mindset based on continuous adaptation to effectively combat the rising tide of cybercrime. It is not enough to deploy advanced technologies to accomplish this; it is essential that people foster cyber literacy at all levels, build cross-sectoral alliances, and incorporate security as a part of the DNA of digital transformation as a whole.

As threat landscapes change, regulatory frameworks must evolve in tandem, encouraging transparency, accountability and security-by-design across all sectors of technology. As the global digital economy becomes increasingly reliant on digital technology, cybersecurity is becoming a strategic imperative—an investment in long-term trust, innovation, and stability that can be achieved by building a resilient cyber workforce capable of anticipating and responding to threats quickly and with agility. 

As digital dependence deepens, cybersecurity must become a strategic imperative instead of just an operational consideration. Taking no action today will not only embolden the threat actors but will also undermine the very infrastructure that is at the heart of modern society if people do not act decisively.
Read more »
LLaMA
AI Chatbots AI Models AI technology Chatbots ChatGPT Cloud Cyber Security Data Privacy data security DeepSeek Gemini AI LLaMA

Why Running AI Locally with an NPU Offers Better Privacy, Speed, and Reliability

 

Running AI applications locally offers a compelling alternative to relying on cloud-based chatbots like ChatGPT, Gemini, or Deepseek, especially for those concerned about data privacy, internet dependency, and speed. Though cloud services promise protections through subscription terms, the reality remains uncertain. In contrast, using AI locally means your data never leaves your device, which is particularly advantageous for professionals handling sensitive customer information or individuals wary of sharing personal data with third parties. 

Local AI eliminates the need for a constant, high-speed internet connection. This reliable offline capability means that even in areas with spotty coverage or during network outages, tools for voice control, image recognition, and text generation remain functional. Lower latency also translates to near-instantaneous responses, unlike cloud AI that may lag due to network round-trip times. 

A powerful hardware component is essential here: the Neural Processing Unit (NPU). Typical CPUs and GPUs can struggle with AI workloads like large language models and image processing, leading to slowdowns, heat, noise, and shortened battery life. NPUs are specifically designed for handling matrix-heavy computations—vital for AI—and they allow these models to run efficiently right on your laptop, without burdening the main processor. 

Currently, consumer devices such as Intel Core Ultra, Qualcomm Snapdragon X Elite, and Apple’s M-series chips (M1–M4) come equipped with NPUs built for this purpose. With one of these devices, you can run open-source AI models like DeepSeek‑R1, Qwen 3, or LLaMA 3.3 using tools such as Ollama, which supports Windows, macOS, and Linux. By pairing Ollama with a user-friendly interface like OpenWeb UI, you can replicate the experience of cloud chatbots entirely offline.  

Other local tools like GPT4All and Jan.ai also provide convenient interfaces for running AI models locally. However, be aware that model files can be quite large (often 20 GB or more), and without NPU support, performance may be sluggish and battery life will suffer.  

Using AI locally comes with several key advantages. You gain full control over your data, knowing it’s never sent to external servers. Offline compatibility ensures uninterrupted use, even in remote or unstable network environments. In terms of responsiveness, local AI often outperforms cloud models due to the absence of network latency. Many tools are open source, making experimentation and customization financially accessible. Lastly, NPUs offer energy-efficient performance, enabling richer AI experiences on everyday devices. 

In summary, if you’re looking for a faster, more private, and reliable AI workflow that doesn’t depend on the internet, equipping your laptop with an NPU and installing tools like Ollama, OpenWeb UI, GPT4All, or Jan.ai is a smart move. Not only will your interactions be quick and seamless, but they’ll also remain securely under your control.
Read more »
Subscribe to: Posts (Atom)