Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity. Show all posts
university of West Australia
Cybersecurity Data Breach Password university of West Australia

University of Western Australia Hit by Cybersecurity Breach

 


The University of Western Australia (UWA) has confirmed a concerning cybersecurity incident that left thousands of staff, students, and visitors temporarily locked out of their accounts after hackers gained access to password data.

The breach was detected late Saturday, prompting UWA to immediately restrict access and require all users to reset their passwords. University officials stressed that the action was taken as a precaution to limit further risks.

Fiona Bishop, the university’s Chief Information Officer, explained that a critical response team was quickly formed to deal with the issue. According to her, IT staff worked through the night and across the weekend to reset login details and secure systems. She described the process of tracking the breach as “like following footprints in the sand,” suggesting that while there were signs of unauthorized entry, the full picture would take time to uncover.

At this stage, UWA says there is no evidence that any information beyond passwords was stolen. The investigation is ongoing, and authorities have not identified the source of the attack. Importantly, Bishop confirmed that there has been no indication of ransomware involvement, meaning no group has made contact to demand payment.

To reduce the impact on students, the university granted a three-day extension on assessment deadlines while systems were being restored. Bishop expressed appreciation for the quick efforts of the IT team, noting they worked “feverishly” to get operations back on track.

Despite the disruption, UWA has reassured its community that teaching and classes will continue as scheduled. Support teams are still assisting staff and students with password resets and will remain available until the situation is fully resolved.

Bishop also acknowledged the broader issue of cyberattacks in higher education. “Universities hold enormous amounts of valuable data, and the sector has increasingly become a target as it becomes more digital,” she said. She added that cyber threats against universities are ongoing and continue to grow in scale.

UWA has pledged to strengthen its security systems following the breach and emphasized its commitment to protecting personal information. For now, the priority remains ensuring that all users can safely access their accounts and resume their academic and professional work without interruption.

Read more »
Technology
Alexa CRA Cyberhackers Cybersecurity CyberThreat Google Assistant Home Safety IoT PSTI Smart TV Technology

Why Hackers Focus on Certain Smart Home Devices and How to Safeguard Them

 


In an era where convenience is the hallmark of modern living, smart devices have become a large part of households around the world, offering a range of advantages from voice-activated assistants to connected cameras and appliances. These technologies promise to streamline daily routines simply and productively. Even so, it's also important to remember that the same internet link that makes them function is also what exposes them to significant risks. 

Security experts warn that poorly protected devices can become a digital gateway for cybercriminals, providing them with the opportunity to break into home networks, steal sensitive personal information, monitor private spaces, and even hijack other connected systems if not well protected. The adoption of smart technologies is widespread, but many users are unaware of how easily they can be compromised, leaving entire smart homes vulnerable to exploitation. 

As smart technology has progressed, new vulnerabilities have been introduced into modern homes, as well as innovation. It is estimated that Smart TVs will account for 34 per cent of the reported security flaws in the year 2023, followed by smart plugs at 18 per cent, followed by digital video recorders at 13 per cent. Underscoring the risks that are hidden behind everyday devices, this study shows. 

Currently, the University of Bradford's School of Computer Science, Artificial Intelligence and Electronics is home to an array of digital threats. As a result, homeowners must adopt more comprehensive digital hygiene practices to protect themselves. It takes more than just buying the latest gadgets to create a smart home today; it also requires a careful assessment of privacy and security tradeoffs. Smart speakers, thermostats, and video doorbells are incredibly convenient devices, but they each come with potential risks that homeowners must weigh prior to purchasing them. 

Although security cameras can be useful for remote monitoring, they are often stored in the cloud, raising concerns about how manufacturers handle sensitive video footage. Experts suggest consumers carefully read privacy policies prior to installing such cameras in their home or elsewhere. As well as that, voice assistants such as Alexa, Google Assistant, and Siri constantly listen for wake words to be detected. 

In addition to enabling hands-free control, this feature also results in audio samples being sent to company servers for analysis, which results in an analysis of the audio snippets. It is all about the level of trust consumers place in the providers of these technology services that will decide if this feature enhances their lives or compromises their privacy. Although connected cameras, speakers, and appliances provide convenience by controlling lighting, entertainment, and security, many of them are designed with minimal privacy safeguards, making them vulnerable to hacking. 

In many cases, home networks are easy to access through weak default passwords, outdated firmware, and unencrypted data, allowing cybercriminals to gain entry into entire home networks with ease. It is clear from this trend that IoT manufacturers prioritise affordability and ease of use over robust security, leaving millions of households at risk. 

As a result, statistics reveal that over 112 million cyberattacks are predicted to have been launched by cybercriminals over the course of 2022 against smart devices across the globe. Enhanced security measures must be developed along with the technological advancements, since once a single device is compromised, it can be a gateway to sensitive personal information, security systems, and even financial accounts.

While smart technology is constantly redefining our living styles, it has never been more obvious that convenience and security are the two factors that should be balanced. As household devices become increasingly connected, cybercriminals have more opportunities to exploit weaknesses, potentially compromising financial data, private information, or even personal safety by exploiting weak points. 

Experts have emphasised that as IoT devices become more common, users must adopt stronger cybersecurity practices to safeguard their digital environments as they become increasingly dependent on these devices. Among the most important measures for protecting home Wi-Fi networks is to secure them with strong, unique passwords, rather than using default settings, and to apply similarly strong credentials across all accounts and devices. 

Using multi-factor authentication, which incorporates passwords with biometric verifications or secondary codes, we are able to enhance our ability to protect ourselves against credential stuffing attacks. In addition, consumers should consider their security track record and data-handling practices carefully before buying a device, since patches often address newly discovered vulnerabilities. It is important for consumers to regularly update their devices' software and mobile applications as new vulnerabilities are often discovered. 

There are several ways in which homeowners can enhance their security beyond device-level precautions, such as encrypting routers, setting up separate guest networks for IoT gadgets, and carefully monitoring network activity to identify suspicious activity. Additionally, software designed specifically for connected homes provides enhanced protection by automatically scanning for threats and flagging unauthorised access attempts as they happen. 

There is no doubt that the most important thing to remember is that every connection to Wi-Fi or Bluetooth represents a potential entry point. It has been observed that the smartest home is not just the most connected, but also the one with the most secure systems. In addition to the features that make smart devices appealing, they can also be powerful tools for cybercriminals to use.

IoT security weaknesses can allow hackers to exploit cameras and microphones as covert surveillance devices, compromise smart locks to gain remote access to homes, and infiltrate networks to steal sensitive data by hijacking cameras and microphones. As a result of thousands of unsecured devices being marshalled into botnets, which can cripple websites and online services globally, the botnets could cripple websites. 

Research has shown that while these risks exist, only 52 per cent of IoT manufacturers in the United Kingdom are currently complying with basic password security provisions, allowing significant openings for exploitation. To prevent these vulnerabilities from occurring in the future, experts argue manufacturers should integrate security into the design of their devices from the very beginning—by implementing robust coding practices, encrypting data transmission, and updating firmware regularly. 

It is becoming increasingly apparent that governments are responding to the threats: for instance, the UK's Product Security and Telecommunications Infrastructure (PSTI) Act and the European Union's Cyber Resilience Act (CRA) now require higher privacy and protection standards throughout the industry. It is important to note that legislation alone cannot guarantee safety; consumers, as well as manufacturers, must prioritise security as homes become increasingly connected. 

To maintain trust in smart home technology, it is imperative to strike a balance between convenience and resilience. Increasingly, as the boundaries of the home continue to blur together, the security of connected devices becomes increasingly important to consumer confidence as technology begins to take over the traditional home and office. 

Analysts note that a smart living environment will not be characterised by the sophistication of gadgets alone, but by the quality of the ecosystems they depend on. Increasing the collaboration between policy makers, manufacturers, and security researchers will be crucial to preventing hackers from exploiting loopholes so readily in the future. In order for consumers to maintain a secure smart home, they are responsible for more than just installing it. They must remain vigilant as well, as maintaining a secure smart home isn't just a one-time process.
Read more »
Reporters
Black Hut Cyber Attacks Cyber Hackers CyberCrime Cybersecurity CyberThreat Reporters

Black Hat 25 Reveals What Keeps Cyber Experts Awake


 

In an era where cyber threats are becoming increasingly complex, Black Hat USA 2025 sounded alarms ringing with a sense of urgency that were unmistakable in the way they were sounded. As Nicole Perlroth, formerly a New York Times reporter, and now a founding partner at Silver Buckshot Ventures, made her presentation to a global security audience, she warned that cyber threats are evolving faster than the defenses that are designed to contain them, are failing. 

It was discussed in the presentation how malware has moved from a loud disruption to a stealthy, autonomous persistence, and ransomware has now mimicked legitimate commerce by mimicking subscription-based models that have industrialized extortion. 

Perlroth warned us that artificial intelligence, as well as supercharging attacks, is also corroding trust through distortions that are eroding trust. She argued that the consequences go beyond the corporate networks, and that democratic institutions, critical infrastructure, and public discourse are all directly in the crossfire of a new digital war.

During the past few years, artificial intelligence has emerged as both a powerful shield and a formidable weapon for cybersecurity, transforming attacks in both speed and scale while challenging traditional defenses simultaneously. According to experts at Black Hat, despite the rise of artificial intelligence, the industry is still grappling with longstanding security issues including application security, vulnerability management, and data protection, issues which remain unresolved despite decades of effort. 

In a keynote address at the event, Paul Wheatman noted that, alongside these persistent challenges, artificial intelligence is bringing about a new set of opportunities and threats that have never existed before. The use of artificial intelligence is accelerating defense by enabling quicker, smarter threat detection, reducing false positives, and allowing security teams to prioritize strategy over triage, among other things. 

In contrast, it is empowering adversaries with a wide range of tools, including automation of vulnerability discovery, persuasive phishing lures, and evasive malware, which lowers the barriers for attackers, even those who are not very experienced. Although technology vendors are quick to highlight the benefits of artificial intelligence, Wheatman noted that they are far less likely to address the risks of the technology. 

According to him, artificial intelligence is simultaneously the greatest asset of cybersecurity as well as the greatest threat, which is why the technology is both its greatest asset and its greatest threat in 2025. It has been reported that 13% of organizations have already experienced security incidents linked to artificial intelligence models or applications, and 97% of them occurred in environments which had no proper access controls in place. 

This is particularly true of the fact that the use of generative AI has allowed attackers to create phishing schemes and social engineering schemes faster and more convincing than they were once able to, eroding the barriers that once separated skilled adversaries from opportunistic criminals. There is a race on the defensive side of organizations, where they are rewriting policies, retraining their staffs, and overhauling incident response frameworks in order to keep up with an adversary that is no longer only dependent on human creativity. 

In the opinion of Ken Phelan, chief technology officer at Gotham Technology Group in New York City, this rapid acceleration is more than simply a software problem, but also a fundamental infrastructure problem, which requires a rethinking of the very systems that support digital security. 

In addition to the increasing complexity of the cybersecurity landscape, Black Hat USA also underscored how artificial intelligence is now used as a tool as well as a shield, and the cloud is now becoming the new arena on which battles are being fought. 

This year's keynote sessions focused on how automation and artificial intelligence are amplifying the scale of malicious activity, which has turned malware from an inconvenience in the past into an advanced threat weapon used by financially motivated, organized threat actors. In today's world, the stakes for defenders are high as attacks are no longer solely targeted at code, but also people, institutions, and even society. 

CISOs face both a tremendous challenge and an opportunity to showcase the strategic value of their work and investments as a result of this volatility, which is both an enormous challenge and an opportunity. Even so, the role of the CISO has also grown more challenging as it is becoming increasingly necessary to bring order to a chaotic and noisy environment. It has been well known for the past five years that more tools do not always result in stronger defences. 

This is why vendors are now proving that their products are actually measurable, rather than positioning themselves as optional add-ons. A shift in cybersecurity posture was also highlighted at the conference, with experts stressing the importance of moving from a reactive to a proactive posture. At an executive panel organised by Dataminr, panellists shared how AI-powered platforms, like the Dataminr Pulse for Cyber Risk, are making it possible for teams to analyse huge amounts of data at machine speed, prioritise threats more effectively, and maximise existing resources using big data. 

Without these approaches, there will remain a widening gap between increasingly agile threat actors and under-resourced defenders. A number of discussions at Black Hat USA 2025 made it impossible to ignore the fact that cybersecurity is no longer a siloed technical issue, but rather a societal imperative requiring agility, foresight, and collaboration at the global level. 

There is no doubt that artificial intelligence, automation, and cloud technologies are transforming both the threat landscape as well as organisations' defensive capabilities, but the real challenge for companies lies in adapting strategy at the same speed as adversaries are adapting tactics. According to experts, tool investments are not a replacement for investments in people, processes, and governance.

Leadership and cultural readiness are as important as technology in ensuring resilience, they stressed. Cybersecurity risks are now becoming increasingly intertwined with geopolitical tensions, supply chain instability, and the erosion of digital trust, proving that the stakes go far beyond the value of corporate assets. 

The message was clear to many attendees: cybersecurity leaders are being challenged not only to protect networks, but also to safeguard institutions, economies, and the integrity of public discourse itself in addition to protecting networks. This challenge is not only a daunting one, but also a great opportunity for the profession to take on a historic role in shaping the future of digital security, when the lines between defence strategy and survival have all but vanished in an era where the lines between defence, strategy, and survival are almost nonexistent.
Read more »
workforce upskilling
AI Phishing Artificial Intelligence Cybersecurity deepfake threats Quantum computing Technology workforce upskilling

AI and Quantum Computing: The Next Cybersecurity Frontier Demands Urgent Workforce Upskilling

 

Artificial intelligence (AI) has firmly taken center stage in today’s enterprise landscape. From the rapid integration of AI into company products, the rising demand for AI skills in job postings, and the increasing presence of AI in industry conferences, it’s clear that businesses are paying attention.

However, awareness alone isn’t enough. For AI to be implemented responsibly and securely, organizations must invest in robust training and skill development. This is becoming even more urgent with another technological disruptor on the horizon—quantum computing. Quantum advancements are expected to supercharge AI capabilities, but they will also amplify security risks.

As AI evolves, so do cyber threats. Deepfake scams and AI-powered phishing attacks are becoming more sophisticated. According to ISACA’s 2025 AI Pulse Poll, “two in three respondents expect deepfake cyberthreats to become more prevalent and sophisticated within the next year,” while 59% believe AI phishing is harder to detect. Generative AI adds another layer of complexity—McKinsey reports that only “27% of respondents whose organizations use gen AI say that employees review all content created by gen AI before it is used,” highlighting critical gaps in oversight.

Quantum computing raises its own red flags. ISACA’s Quantum Pulse Poll shows 56% of professionals are concerned about “harvest now, decrypt later” attacks. Meanwhile, 73% of U.S. respondents in a KPMG survey believe it’s “a matter of time” before cybercriminals exploit quantum computing to break modern encryption.

Despite these looming challenges, prioritization is alarmingly low. In ISACA’s AI Pulse Poll, just 42% of respondents said AI risks were a business priority, and in the quantum space, only 5% saw it becoming a top priority soon. This lack of urgency is risky, especially since no one knows exactly when “Q Day”—the moment quantum computers can break current encryption—will arrive.

Addressing AI and quantum risks begins with building a highly skilled workforce. Without the right expertise, AI deployments risk being ineffective or eroding trust through security and privacy failures. In the quantum domain, the stakes are even higher—quantum machines could render today’s public key cryptography obsolete, requiring a rapid transition to post-quantum cryptographic (PQC) standards.

While the shift sounds simple, the reality is complex. Digital infrastructures deeply depend on current encryption, meaning organizations must start identifying dependencies, coordinating with vendors, and planning migrations now. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has already released PQC standards, and cybersecurity leaders need to ensure teams are trained to adopt them.

Fortunately, the resources to address these challenges are growing. AI-specific training programs, certifications, and skill pathways are available for individuals and teams, with specialized credentials for integrating AI into cybersecurity, privacy, and IT auditing. Similarly, quantum security education is becoming more accessible, enabling teams to prepare for emerging threats.

Building training programs that explore how AI and quantum intersect—and how to manage their combined risks—will be crucial. These capabilities could allow organizations to not only defend against evolving threats but also harness AI and quantum computing for advanced attack detection, real-time vulnerability assessments, and innovative solutions.

The cyber threat landscape is not static—it’s accelerating. As AI and quantum computing redefine both opportunities and risks, organizations must treat workforce upskilling as a strategic investment. Those that act now will be best positioned to innovate securely, protect stakeholder trust, and stay ahead in a rapidly evolving digital era.
Read more »
Security Breach
Customer Data CyberCrime Cyberhackers Cybersecurity Data Breach Jewellery Pandora Security Breach

Pandora Admits Customer Data Compromised in Security Breach


 

A major player in the global fashion jewellery market for many years, Pandora has long been positioned as a dominant force in this field as the world's largest jewellery brand. However, the luxury retailer is now one of a growing number of companies that have been targeted by cybercriminals. 

Pandora confirmed on August 5, 2025, that a cyberattack had been launched on the platform used to store customer data by a third party. A Forbes report indicates that the breach was caused by unauthorised access to basic personal information, including customer name and email address. As a result, no passwords, credit card numbers, or any other sensitive financial information were compromised, the company stressed. 

In response to the incident, Pandora has taken steps to contain it, improved its security measures, and stated that at the present time, no evidence has been found that suggests that the stolen information has been leaked or misused. There is no doubt that supply chain dependencies can be a vulnerability for attackers due to the recent breach at Danish jewellery giant Pandora, as evidenced by this breach. 

The incident, rather than being the result of a direct intrusion into Pandora's core infrastructure, has been traced back to a third-party vendor platform — a reminder of the vulnerability of external services, including customer relationship management tools and marketing automation systems, which can be used by hackers as gateways. 

Using this tactic, cybercriminals were able to gain unauthorised access to customer data. Cybercriminals often employ this tactic to facilitate secondary crimes such as phishing, identity theft, and targeted scams. This incident is part of a broader industry challenge, with organisations increasingly outsourcing critical functions while ignoring the security risks associated with these outsourcing agreements. 

However, Pandora has not revealed who the third-party platform is; however, it has confirmed that some of Pandora's customer information was accessed through it, so the company's core internal systems remained unaffected by the intrusion. According to the jewellery retailer, the intrusion has been swiftly contained, and additional security measures have been put in place in order to ensure that future attacks do not occur again. 

According to the investigation, only the most common types of data - the names, dates, and email addresses of customers - were copied, and there was no compromise of passwords, identity documents or financial information. Several researchers have noted that cybercriminals have been orchestrating social engineering campaigns on behalf of companies and help desks for as long as January 2025, often to obtain Salesforce credentials or trick the staff into authorising malicious OAuth applications. 

It is not the only issue that is concerning the retail sector, as Chanel, a French fashion and cosmetics giant, also confirmed earlier this month a cyberattack perpetrated by the ShinyHunter extortion group, reportedly targeting Salesforce applications on August 1 through a social media-based intrusion, causing a significant amount of disruption in the industry. 

In the last year, the UK retail sector has been experiencing challenges as a result of cyberattacks that have affected major brands such as M&S, Harrods, and The Co-op. This latest incident comes at a time when the retail sector has been facing an increasing number of cyberattacks. A breach earlier this year resulting in the theft of customer data led M&S to declare a loss of around £300 million for its annual profit. 

It has been noted that in recent years, retailers have become prime targets for sophisticated hackers due to the vast amounts of consumer information they collect for marketing purposes and the outdated security infrastructure they use. Many retailers have underinvested in cybersecurity resilience in their pursuit of speed, scale, and convenience, which is something well-organised threat actors, such as Scattered Spider, are exploiting by taking advantage of this gap. 

Cybersecurity expert Christoph Cemper advised Pandora customers to remain vigilant against potential phishing emails, warning that such attacks can lead to the theft of sensitive information or financial losses if recipients click malicious links or download harmful attachments. Pandora reaffirmed its commitment to data protection, stating, Cemper, however, emphasised that retailers must adopt more proactive measures to safeguard customer information. 

Despite this incident, Pandora stressed the importance of not compromising passwords, payment information, or other sensitive details of customers. Specifically, the incident only involved “very common types of customer data”, including names and e-mail addresses, with no compromises to passwords, payment information, or other sensitive information. 

As a result of its investigation, the company stated that no evidence of misuse of the stolen data was found, but it advised customers to remain vigilant, especially in situations where they receive unsolicited emails or ask for personal information online. In its warning to customers, Pandora advised them not to click on unfamiliar links or download attachments from unverified sources. 

Pandora did not specify who was responsible for the intrusion, how the hack was executed, or how many people had been affected. Nonetheless, security researchers have been able to link the incident to the ShinyHunters group, which is said to have targeted corporate Salesforce databases with various social engineering and phishing techniques since January 2025. 

Several of the members of this group claim that they will "perform a mass sale or leak" of data from companies unwilling to comply with ransom demands. As far as Salesforce is concerned, the company has not been compromised. Its statement attributed these breaches instead to sophisticated phishing attacks and social engineering attacks that have become increasingly sophisticated over the years, reiterating that customers are responsible for safeguarding their data on their own. 

Today's interconnected retail environment serves as a reminder that cyber risks are no longer confined to a company's own network perimeter but are now a part of a company's wider digital footprint. It has become increasingly apparent that the lines between internal and external security responsibilities are blurring in light of the increasing use of vulnerability in third-party platforms, social engineering tactics, and overlooked digital entry points. 

The stakes for global brands are not limited to immediate disruption to operations. In addition to consumer trust, brand reputation, and regulatory scrutiny, cybersecurity experts agree that a holistic approach is now needed in order to mitigate cyberattacks. In addition to rigorous vendor risk assessments, continuous employee training, advanced threat detection, and resilient incident response frameworks, these strategies are all important. 

In an industry like luxury retail that is vulnerable to cyberattacks, Pandora's experience demonstrates what is becoming an increasingly common industry imperative: proactive defences are becoming not just an option but an essential tool for safeguarding the online relationships of customers and protecting their digital assets.
Read more »
Katz
Atlantis AIO CaaS Credentials Theft CyberCrime cybercriminals Cybersecurity Data Breach Data Harvesting SDK data security Data Theft Flashpoint infostealers Katz

Cybercrime-as-a-Service Drives Surge in Data Breaches and Stolen Credentials

 

The era of lone cybercriminals operating in isolation is over. In 2025, organized cybercrime groups dominate the threat landscape, leveraging large-scale operations and sophisticated tools to breach global organizations. Recent intelligence from Flashpoint reveals a troubling surge in cyberattacks during just the first half of the year, showing how professionalized cybercrime has become — particularly through the use of Cybercrime-as-a-Service (CaaS) offerings. 

One of the most alarming findings is the 235% rise in data breaches globally, with the United States accounting for two-thirds of these incidents. These breaches exposed an astounding 9.45 billion records. However, this number is eclipsed by the dramatic 800% increase in stolen login credentials. In total, threat actors using information-stealing malware compromised more than 1.8 billion credentials in just six months. 

These tools — such as Katz Stealer or Atlantis AIO — are widely accessible to hackers for as little as $30, yet they offer devastating capabilities, harvesting sensitive data from commonly used browsers and applications. Flashpoint’s report emphasizes that unauthorized access, largely facilitated by infostealers, was the initial attack vector in nearly 78% of breach cases. 

These tools enable threat actors to infiltrate organizations and pivot across networks and supply chains with ease. Because of their low cost and high effectiveness, infostealers are now the top choice for initial access among cybercriminals. This rise in credential theft coincides with a 179% surge in ransomware attacks during the same period. 

According to Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint, this dramatic escalation highlights the industrial scale at which cybercrime is now conducted. The report suggests that to counter this growing threat, organizations must adopt a dual strategy: monitor stolen credential datasets and set up alert systems tied to specific compromised domains.  

Furthermore, the report advocates for moving beyond traditional password-based authentication. Replacing passwords and basic two-factor authentication (2FA) with passkeys or other robust methods can help reduce risk. 

As cybercriminal operations grow increasingly professional, relying on outdated security measures only makes organizations more vulnerable. With CaaS tools making sophisticated attacks more accessible than ever, companies must act swiftly to enhance identity protection, tighten access controls, and build real-time breach detection into their infrastructure. 

The rapid evolution of cybercrime in 2025 is a stark reminder that prevention and preparedness are more critical than ever.
Read more »
VPN
Age Verification CyberCrime Cyberhackers Cybersecurity CyberThreat Digital Privacy Privacy VPN

How Age Verification Measures Are Endangering Digital Privacy in the UK



A pivotal moment in the regulation of the digital sphere has been marked by the introduction of the United Kingdom's Online Safety Act in July 2025. With the introduction of this act, strict age verification measures have been implemented to ensure that users are over the age of 25 when accessing certain types of online content, specifically adult websites. 

Under the law, all UK internet users have to verify their age before using any of these platforms to protect minors from harmful material. As a consequence of the rollout, there has been an increase in circumvention efforts, with many resorting to the use of virtual private networks (VPNs) in an attempt to circumvent these controls. 

As a result, a national debate has arisen about how to balance child protection with privacy, as well as the limits of government authority in online spaces, with regard to child protection. A company that falls within the Online Safety Act entails that they must implement stringent safeguards designed to protect children from harmful online material as a result of its provisions. 

In addition to this, all pornography websites are legally required to have robust age verification systems in place. In a report from Ofcom, the UK's regulator for telecoms and responsible for enforcing the Child Poverty Act, it was found that almost 8% of children aged between eight and fourteen had accessed or downloaded a pornographic website or application in the previous month. 

Furthermore, under this legislation, major search engines and social media platforms are required to take proactive measures to keep minors away from pornographic material, as well as content that promotes suicide, self-harm, or eating disorders, which must not be available on children's feeds at all. Hundreds of companies across a wide range of industries have now been required to comply with these rules on such a large scale. 

The United Kingdom’s Online Safety Act came into force on Friday. Immediately following the legislation, a dramatic increase was observed in the use of virtual private networks (VPNs) and other circumvention methods across the country. Since many users have sought alternative means of accessing pornographic, self-harm, suicide, and eating disorder content because of the legislation, which mandates "highly effective" age verification measures for platforms hosting these types of content, the legislation has led some users to seek alternatives to the platforms. 

The verification process can require an individual to upload their official identification as well as a selfie in order to be analysed, which raises privacy concerns and leads to people searching for workarounds that work. There is no doubt that the surge in VPN usage was widely predicted, mirroring patterns seen in other nations with similar laws. However, reports indicate that users are experimenting with increasingly creative methods of bypassing the restrictions imposed on them. 

There is a strange tactic that is being used in the online community to trick certain age-gated platforms with a selfie of Sam Porter Bridges, the protagonist of Death Stranding, in the photo mode of the video game. In today's increasingly creative circumventions, the ongoing cat-and-mouse relationship between regulatory enforcement and digital anonymity underscores how inventive circumventions can be. 

Virtual private networks (VPNs) have become increasingly common in recent years, as they have enabled users to bypass the United Kingdom's age verification requirements by routing their internet traffic through servers that are located outside the country, which has contributed to the surge in circumvention. As a result of this technique, it appears that a user is browsing from a jurisdiction that is not regulated by the Online Safety Act since it masks their IP address. 

It is very simple to use, simply by selecting a trustworthy VPN provider, installing the application, and connecting to a server in a country such as the United States or the Netherlands. Once the platform has been active for some time, age-restricted platforms usually cease to display verification prompts, as the system does not consider the user to be located within the UK any longer.

Following the switch of servers, reports from online forums such as Reddit indicate seamless access to previously blocked content. A recent study indicated VPN downloads had soared by up to 1,800 per cent in the UK since the Act came into force. Some analysts are arguing that under-18s are likely to represent a significant portion of the spike, a trend that has caused lawmakers to express concern. 

There have been many instances where platforms, such as Pornhub, have attempted to counter circumvention by blocking entire geographical regions, but VPN technology is still available as a means of gaining access for those who are determined to do so. Despite the fact that the Online Safety Act covers a wide range of digital platforms besides adult websites that host user-generated content or facilitate online interaction, it extends far beyond adult websites. 

The same stringent age checks have now been implemented by social media platforms like X, Bluesky, and Reddit, as well as dating apps, instant messaging services, video sharing platforms, and cloud-based file sharing services, as well as social network platforms like X, Bluesky, and Reddit. Because the methods to prove age have advanced far beyond simply entering the date of birth, public privacy concerns are intensified.

In the UK’s communications regulator, Ofcom, a number of mechanisms have been approved for verifying the identity of people, including estimating their facial age by uploading images or videos, matching photo IDs, and confirming their identity through bank or credit card records. Some platforms perform these checks themselves, while many rely on third-party providers-entities that will process and store sensitive personal information like passports, biometric information, and financial information. 

The Information Commissioner's Office, along with Ofcom, has issued guidance stating that any data collected should only be used for verification purposes, retained for a limited period of time, and never used to advertise or market to individuals. Despite these safeguards being advisory rather than mandatory, they remain in place. 

With the vast amount of highly personal data involved in the system and its reliance on external services, there is concern that the system could pose significant risks to user privacy and data security. As well as the privacy concerns, the Online Safety Act imposes a significant burden on digital platforms to comply with it, as they are required to implement “highly effective age assurance” systems by the deadline of July 2025, or face substantial penalties as a result. 

A disproportionate amount of these obligations is placed on smaller companies and startups, and international platforms must decide between investing heavily in UK-specific compliance measures or withdrawing all services altogether, thereby reducing availability for British users and fragmenting global markets. As a result of the high level of regulatory pressure, in some cases, platforms have blocked legitimate adult users as a precaution against sanctions, which has led to over-enforcement. 

Opposition to this Act has been loud and strong: an online petition calling for its repeal has gathered more than 400,000 signatures, but the government still maintains that there are no plans in place to reverse it. Increasingly, critics assert that political rhetoric is framed in a way that implies tacit support for extremist material, which exacerbates polarisation and stifles nuanced discussion. 

While global observers are paying close attention to the UK's internet governance model, which could influence future internet governance in other parts of the world, global observers are closely watching it. The privacy advocates argue that the Act's verification infrastructure could lead to expanded surveillance powers as a result of its comparison to the European Union's more restrictive policies toward facial recognition. 

There are a number of tools, such as VPNs, that can help individuals protect their privacy if they are used by reputable providers who have strong encryption policies, as well as no-log policies, which are in place to ensure that no data is collected or stored. While such measures are legal, experts caution that they may breach the terms of service of platforms, forcing users to weigh privacy protections versus the possibility of account restrictions when implementing such measures. 

The use of "challenge ages" as part of some verification systems is intended to reduce the likelihood that underage users will slip through undetected, since they will be more likely to be detected if an age verification system is not accurate enough. According to Yoti's trials, setting the threshold at 20 resulted in fewer than 1% of users aged 13 to 17 being incorrectly granted access after being set at 20. 

Another popular method of accessing a secure account involves asking for formal identification such as a passport or driving licence, and processing the information purely for verification purposes without retaining the information. Even though all pornographic websites must conduct such checks, industry observers believe that some smaller operators may attempt to avoid them out of fear of a decline in user engagement due to the compliance requirement. 

In order to take action, many are expected to closely observe how Ofcom responds to breaches. There are extensive enforcement powers that the regulator has at its disposal, which include the power to issue fines up to £18 million or 10 per cent of a company's global turnover, whichever is higher. Considering that Meta is a large corporation, this could add up to about $16 billion in damages. Further, formal warnings, court-ordered site blocks, as well as criminal liability for senior executives, may also be an option. 

For those company leaders who ignore enforcement notices and repeatedly fail to comply with the duty of care to protect children, there could be a sentence of up to two years in jail. In the United Kingdom, mandatory age verification has begun to become increasingly commonplace, but the long-term trajectory of the policy remains uncertain as we move into the era. 

Even though it has been widely accepted in principle that the program is intended to protect minors from harmful digital content, its execution raises unresolved questions about proportionality, security, and unintended changes to the nation's internet infrastructure. Several technology companies are already exploring alternative compliance methods that minimise data exposure, such as the use of anonymous credentials and on-device verifications, but widespread adoption of these methods depends on the combination of the ability to bear the cost and regulatory endorsement. 

It is predicted that future amendments to the Online Safety Act- or court challenges to its provisions-will redefine the boundary between personal privacy and state-mandated supervision, according to legal experts. Increasingly, the UK's approach is being regarded as an example of a potential blueprint for similar initiatives, particularly in jurisdictions where digital regulation is taking off. 

Civil liberties advocates see a larger issue at play than just age checks: the infrastructure that is being constructed could become a basis for more intrusive monitoring in the future. It will ultimately be decided whether or not the Act will have an enduring impact based on not only its effectiveness in protecting children, but also its ability to safeguard the rights of millions of law-abiding internet users in the future.

Read more »
Software
Cyber Attacks Cyberhackers Cybersecurity CyberThreat Infrastructure PyPI python Software

Hackers Deploy Lookalike PyPI Platform to Lure Python Developers


The Python Package Index (PyPI) website is being used to launch sophisticated phishing campaigns targeting Python developers, highlighting the ongoing threats that open-source ecosystems face. The phishing campaign is utilising a counterfeit version of the website to target Python developers. 

In an official advisory issued earlier this week by the Python Software Foundation (PSF), attackers have warned developers against defrauding them of their login credentials by using the official PyPI domain for their phishing campaign. 

Despite the fact that PyPI's core infrastructure has not been compromised, the threat actors are distributing deceptive emails directing recipients to a fake website that closely resembles the official repository of PyPI. Because PyPI is the central repository for publishing and installing third-party Python libraries, this campaign poses a significant threat to developers' accounts as well as to the entire software supply chain as a whole.

In addition to using subtle visual deception, social engineering techniques are also used by attackers to craft phishing emails that appear convincingly legitimate to unsuspecting recipients of the emails. A subject line of the email normally reads "[PyPI] Email verification." These emails are typically sent to addresses harvested from the Python Package Index metadata of packages. 

A noteworthy aspect of the spam emails is that they are coming from email addresses using the domain @pypj.org, a nearly identical spoof of the official @pypi.org domain—only one character in the spoof differs, where the legitimate “i” is replaced by a lowercase “j”. 

To verify the authenticity of the email address, developers are asked to click a link provided in the email that directs them to a fake website that is meticulously designed to emulate the authentic PyPI interface in every way possible. This phishing site takes the victims’ passwords and forwards them to PyPI's official website in a particularly deceptive way, effectively logging them in and masking the fact that they have been cheated, which leaves many unaware of the security breach.

As a result, PyPI maintainers have urged all users who have interacted with the fraudulent email to change their passwords as soon as possible and to review their "Security History" in order to look for unauthorised access signs. 

Among the many examples of targeted deception within the developer ecosystem, threat actors have not only impersonated trusted platforms such as PyPI but also expanded their phishing campaigns to include developers of Firefox add-ons as part of a broader pattern of targeted deception. As part of the PyPI-focused attacks, developers are required to verify their email addresses by clicking on a link that takes them to a fake PyPI site that has an interface that is nearly identical to the legitimate PyPI site.

One of the most insidious aspects of this scam is the ability of the hacker to harvest login credentials and transmit them directly to PyPI's real site, thereby seamlessly logging in victims and concealing the breach. This clever redirection often leaves developers unaware that their credentials were compromised due to this clever redirection. 

There have been several reports this week about phishing campaigns targeting Firefox extension developers, including a parallel phishing campaign that has been launched to target Firefox extension developers as well. The PyPI team has advised any affected users to change their passwords immediately and check the Security History section for any signs of unauthorised access. 

Despite the fact that these emails falsely claim to originate from Mozilla or its Add-ons platform (AMO), they are instructing recipients to update their account details to maintain access to developer features. Upon closer examination, however, it is evident that these messages are not sophisticated at all: some of them are sent from generic Gmail accounts, and sometimes the word "Mozilla" is even misspelt, missing one letter from the “l” on some occasions. 

As a result of these warnings, the exploitation of platform trust remains one of the most powerful ways in which developers can compromise their accounts across a wide range of ecosystems. As social engineering threats have increased across the software supply chain, the Python Software Foundation (PSF) and other ecosystem stewards continue to face increasingly sophisticated phishing and malware attacks regularly. 

The PyPI Foundation has introduced a new feature known as Project Archival, which allows PyPI publishers to formally archive their projects, signalling to users that they will not be receiving any further updates shortly. In March 2024, PyPI was forced to temporarily suspend new user registrations as well as the creation of new projects due to a malware campaign in which hundreds of malicious packages disguised as legitimate tools were uploaded. 

These efforts were soon tested by PyPI. A response to the issue has been issued by PyPI, which has urged users to be vigilant by inspecting browser URLs carefully before logging in to their accounts and not clicking links from suspicious emails. It's interesting to note that similar attacks have also been aimed at the NPM registry recently. This time, however, they are using typosquatted domains-npnjs[.]com instead of npmjs[.]com-to send credential-stealing email verification messages to the registry. 

Several npm packages were compromised as a result of that campaign, which were then weaponised to deliver malware dubbed Scavenger Stealer. With this malicious payload, sensitive data could be extracted from browsers, system information could be captured, and it could be exfiltrated through a WebSocket connection in order for it to be exfiltrated. 

It has been documented that similar threats have been encountered across GitHub and other developer platforms, using a combination of typosquatting, impersonation, and reverse proxy phishing techniques. It is important to note that these attacks, despite appearing to be so simple to execute, are meant to compromise accounts that maintain widely used packages, which poses a systemic security risk. 

For best results, security experts suggest that users verify domain names, use browser extensions that flag suspicious URLs, and use password managers with auto-fill that only allow for trusted domains in order to reduce the possibility of exposure. There has been an increase in phishing and typosquatting campaigns targeting software registries like PyPI, npm, and GitHub, which is indicative of a larger and more serious trend in exploiting developer trust by hacking. 

In light of these incidents, developers, maintainers, and platform providers must establish enhanced security hygiene measures. Even though open-source ecosystems continue to serve as the foundation for modern software infrastructure, it is clear that the consequences of compromised developer accounts are no longer limited to individual projects. They are now threatening the integrity of the global software supply chain as a whole. 

Developers must take proactive measures in light of this shifting landscape by treating unexpected account verification requests with scepticism, verifying domain identity character by character, and implementing multi-layered security safeguards such as two-factor authentication and password managers that are security-conscious. 

A push is also being made for platform operators to accelerate investment in the detection of threats, communication transparency, and education of their users. Ultimately, the community will be able to defend itself against these low-tech, but highly impactful, attacks by recognising deception before it can cause damage. 

The sophistication of threat actors is allowing them to exploit familiarity and automation to their advantage, making security the first principle to be put forward across the development ecosystem to ensure resilience to attacks.

Read more »
data breach news
Allianz Life Cybersecurity Data Breach data breach news

Allianz Life Confirms Data Breach Affecting 1.4 Million Customers in North America

 

Allianz Life Insurance Company of North America has confirmed a significant data breach that compromised the personal information of a majority of its 1.4 million U.S. customers. The breach, discovered in mid-July, involved sensitive data including names, addresses, dates of birth, and Social Security numbers. 

According to a statement issued by parent company Allianz SE to the BBC, the incident occurred on July 16, 2025, when hackers exploited a third-party, cloud-based customer relationship management (CRM) system used by Allianz Life. 

The attackers gained access through a social engineering attack, an increasingly common tactic in which cybercriminals manipulate employees into providing access credentials or system entry. The breach was limited to Allianz Life’s North American operations and did not impact the wider global operations of Allianz SE, which serves over 125 million customers worldwide. 

The company stressed that there is no evidence suggesting the intrusion affected its core network or internal policy systems. While the precise number of affected individuals was not confirmed in the company's legal filing with the Maine Attorney General’s office, estimates suggest that nearly all of Allianz Life’s American customer base may have been impacted. Following the discovery of the breach on July 17, Allianz Life said it took swift action to contain the incident, informed the FBI, and engaged cybersecurity experts to investigate and reinforce system security. 

The company began notifying affected individuals on August 1 and is offering free identity monitoring services. There is currently no indication that the stolen data has been publicly leaked or posted to the dark web. However, cybersecurity analysts warn that stolen information of this nature may be sold or used in identity theft schemes over time. 

Notably, the hackers did not demand a ransom, and Allianz has not attributed the attack to any particular group. The company has not ruled out the possibility that the attackers may have targeted specific individuals or demographics within its customer base. This incident is part of a wider trend, with other major insurers including Aflac and Erie Insurance, also facing cyberattacks in recent months. 

The growing prevalence of data breaches highlights the need for more robust digital defences, particularly in industries handling sensitive financial and personal data. Consumers are advised to remain vigilant, use strong passwords, enable two-factor authentication (2FA), and monitor their credit and financial accounts for any suspicious activity.
Read more »
Zscaler
Cyber Attacks CyberCrime Cybersecurity Data Exploit Digital Security Ransomware Security Infrastructure Security Vulnerabilities VPN Zero Trust Zscaler

Sharp Increase in Ransomware Incidents Hits Energy Sector

 


The cyber threat landscape is constantly evolving, and ransomware attacks have increased in both scale and sophistication, highlighting how urgent it is for enterprises to take a strategic approach to cybersecurity. A survey conducted by Zscaler in 2025 found that ransomware incidents increased 146% over the past year. 

Ten prominent groups took 238 terabytes of data from their servers over the past year, nearly doubling the 123 terabytes they stole a year ago. There has been an alarming 900% increase in attacks in the oil and gas industry, largely attributed to the development of digital infrastructure as well as unresolved security vulnerabilities. Additionally, manufacturing, technology, and healthcare have all been affected by this increase, resulting in more than 2,600 reported incidents combined. 

A large percentage of ransomware cases were reported in the United States, which accounts for more than twice the total number of cases reported in the next 14 most affected countries combined. According to experts, threat actors are increasingly turning to generative artificial intelligence (AI) in order to streamline operations and perform more targeted and efficient attacks. This shift corresponds with the growing preference for data extortion over traditional file encryption, resulting in more effective attacks. 

In response to these evolving tactics, cybersecurity leaders are advocating the widespread adoption of Zero Trust architecture in order to prevent large-scale data loss and contain lateral movement within networks. The rise of digital transformation is accelerating the use of ransomware actors to launch increasingly sophisticated attacks on critical infrastructure sectors while automating and leveraging vulnerable industrial control systems as a source of attack. 

A dramatic increase in the number of attacks on the oil and gas industry was attributed to expanding digital footprints and security lapses, whereas Zscaler's latest research indicates that manufacturing, information technology, and healthcare are the sectors that are most frequently targeted by cybercriminals. This attack disproportionately affected the United States, as there were 3,671 ransomware incidents registered in this country, which is more than any of the next 14 most targeted countries combined. 

Over the past year, 238 terabytes of data were exfiltrated in ransomware campaigns, a 92% increase over last year. In the April-to-April period, RansomHub emerged as the most active ransomware group, followed by Akira and Clop in a close second place. These intrusions were largely caused by vulnerabilities that were known to exist in widely used enterprise technologies, such as VMware hypervisors, Fortinet and SonicWall VPNs, and Veeam backup software, making the critical need for proactive vulnerability management and real-time threat detection to be implemented across all levels of IT and operational infrastructure even clearer.

In recent years, cybercriminal groups have adopted more targeted and scalable approaches to extortion, which is reshaping the global ransomware landscape. According to Zscaler's ThreatLabz Ransomware Report for 2025, RansomHub, Akira, and Clop are the three most prolific groups, each of which has claimed more than 850 victims, 520 victims, and 488 victims, respectively. 

The success of Ariara is attributed primarily to its affiliate-based operation model and close collaboration with initial access brokers, while Clop has continued to exploit vulnerabilities in commonly used third-party software to execute impactful supply chain attacks in the last few years. In spite of the high-profile actors involved in this reporting period, Zscaler tracked 425 ransomware groups, so this is just a small part of a much broader and rapidly growing ecosystem. 34 new ransomware groups were created during the reporting period. 

In addition, according to this report, a significant proportion of ransomware campaigns were exploiting a limited range of critical software vulnerabilities, primarily in internet-facing technologies such as SonicWall VPNs and Fortinet VPNs, VMware hypervisors, Veeam backup tools, and SimpleHelp remote access servers. 

It is due to their widespread deployment and ease of discovery through simple scanning techniques that these vulnerabilities remain so attractive. This allows both veteran and newly formed groups of hackers to launch high-impact attacks more effectively and with greater precision. The ransomware ecosystem continues to grow at an alarming rate, and there have been unprecedented numbers of groups launching ransomware attacks. 

There have been 34 new ransomware gangs reported by Zscaler between April 2024 and April 2025, totalling 425 groups that have been tracked so far. Clearly, the significant growth in ransomware over recent years is a reflection of the enduring appeal of ransomware as an attractive criminal model, and it demonstrates how sophisticated and agile cybercriminal organisations have become over the last few years. 

Even though the continued rise in new ransomware actors is a concern, some signs sustained law enforcement action and stronger cybersecurity frameworks are beginning to help counteract this trend, as well as strong cybersecurity frameworks. To dismantle ransomware infrastructures, sixteen illicit assets, and disrupt cybercrime networks, international efforts are increasing pressure on cybercriminals. Not only can these actions impede operational capabilities, but they may also serve as a psychological deterrent, preventing emerging gangs from maintaining momentum or evading detection. 

Experts suggest, even in spite of the complexity and evolution of ransomware threats, that efforts by law enforcement agencies, cybersecurity professionals, and private sector stakeholders are beginning to make a meaningful contribution to combating ransomware threats. In spite of the growth of the number of threat groups, it is becoming increasingly difficult for these groups to sustain operations over the long run. 

In the face of the global ransomware threat, there is a cautious but growing sense of optimism, as long as we continue to collaborate and be vigilant. In terms of ransomware activity, there is still a stark imbalance in the distribution of attacks across the globe. The United States remains, by a wide margin, the nation that has been hit the most frequently. 

The 2025 ThreatLabz report from Zscaler indicates that 50 per cent of all ransomware attacks originated from U.S.-based organisations, totalling 3,671 incidents - more than double the total number of attacks reported across the next 14 most targeted countries combined. The United Kingdom and Canada ranked distantly behind the US and Canada, respectively, with only 5 and 4 per cent of global incidents.
This concentration of attacks is a result of the strategic targeting of highly dense, high-value economies by threat actors looking for maximum disruption and financial gain as a result of their actions. In this surge, several prominent ransomware groups were at the forefront, including RansomHub, which had 833 victims publicly identified by the media. 

As an affiliate program and partnership with initial access brokers helped Akira rise to prominence, involving 520 victims, it became a leading ransomware group. A close second was Clop, which had 488 victims, using its proven tactics to leverage vulnerable third-party software, in order to carry out large-scale supply chain attacks using vulnerable third-party software. 

Zscaler identified 34 new ransomware families in the past year, increasing the total number of tracked groups from 425 to 425. There are more than 1,000 ransomware notes available on GitHub, with 73 new samples being added every day within the past year, highlighting the scale of the threat and its persistence. With the increasing threat landscape, Zscaler continues to advance its Zero Trust Exchange framework, powered by artificial intelligence, to combat ransomware at every stage of its lifecycle. 

By replacing legacy perimeter-based security models with this platform, you will be able to minimise attack surfaces, block initial compromises, eliminate lateral movement, and stop data exfiltration that was previously possible. 

As part of Zscaler’s architecture, which is enhanced with artificial intelligence-driven capabilities like breach prediction, phishing and command and control detection, inline sandboxing, segmentation, dynamic policy enforcement, and robust data loss prevention, we can take an active and scalable approach to ransomware mitigation, aligning with the evolving needs of modern cybersecurity. 

Increasingly, ransomware is becoming a systemic risk across digital economies, which makes it essential for enterprises and governments to develop comprehensive, forward-looking cyber defence strategies. As a result of the convergence of industrial digitisation, widespread software vulnerabilities, and the emergence of ransomware-as-a-service (RaaS) models, the global threat landscape is changing in ways that require both public and private sectors to take immediate action. 

The attacks have not only caused immediate financial and operational losses, but they have also now threatened national security, supply chain resilience, and public infrastructure, particularly within high-value, interconnected industries like the energy industry, manufacturing industry, healthcare industry, and technology industry. Leaders in cybersecurity have increasingly advocated for a paradigm shift from reactive control measures to proactive cyber resilience strategies. 

Embedding zero trust principles into organization infrastructure, modernising legacy systems, and investing in artificial intelligence-driven threat detection are some of the steps that are required to achieve this objective, as well as building intelligence-sharing ecosystems between private companies, governments, and law enforcement agencies. 

There is also a constant need to evaluate the role of artificial intelligence in both attack and defence cycles, where defenders have the need to outperform their adversaries by automating, analysing, and enforcing policy in real time. As for the policy level, the increased use of ransomware underscores the need for globally aligned cybersecurity standards and enforcement frameworks. 

Isolated responses cannot be relied upon anymore when transnational threat actors leverage decentralized infrastructure and exploit jurisdictional loopholes in order to exploit them. In order to disrupt the ransomware economy and regain trust in the digital world, a holistic collaboration is essential that involves advanced technologies, legal deterrents, and public awareness.

While there is no indication that ransomware is going away anytime soon, the progress being made in detecting threats, managing vulnerabilities, and coordinating cross-border responses offers a path forward as long as we work together on these improvements. The need to protect digital assets and ensure long-term operational continuity is not just a matter of IT hygiene anymore – it has become a foundational pillar of enterprise risk management, and therefore a crucial component for the management of business continuity in today's environment.
Read more »
Social Security Numbers
141 Million File Leak CyberCrime Cybersecurity CyberThreat Data Breach Financial Breach intellectual property ITRC PII Social Security Numbers

Cybercriminals Exploit Unprecedented Data Exposure in 141 Million File Leak



Digital transformation has transformed cybersecurity from a technical safeguard to a strategic imperative for business continuity, consumer trust, and national security, particularlyin an era wofrapid digital transformation  With the rise of digital infrastructure and the advent of data as the new currency, cyber threats have increased in scale, frequency, and sophistication, placing significant pressure on public and private sectors to reassess their cybersecurity strategies. 

The Identity Theft Resource Center (ITRC) reported that the United States had experienced the most data breaches in its history in 2021, or 1,862 breaches compared to 2020. These breaches disrupted a wide range of industries, including healthcare, finance, retail, and energy. It is anticipated that in 2023 and beyond, artificial intelligence, nation-state actors, and global cybercrime syndicates will be the driving force behind even more advanced attack vectors. In order to prevent these threats, cybersecurity frameworks need to be proactive, resilient, and adaptive. 

A growing dependence on digital ecosystems has resulted in cybersecurity becoming an essential business enabler, impacting risk management, compliance, innovation, and investor confidence across a broad range of industries. There is no denying that the security landscape has reached an important inflexion point amid the growing complexity of digital technology. Earlier this year, 141 million compromised files were linked to 1,297 distinct ransomware and data breach incidents, which underscored the sobering inflexion point in the cybersecurity landscape. 

There is a staggering amount of sensitive, unstructured data being stolen in modern cyberattacks, causing the attention to shift from conventional credential theft to a wider range of sensitive, unstructured data as a result of this groundbreaking study. As opposed to previous breach assessments, which focused on structured databases and login information, this study examines the unstructured files in corporate systems, often the most valuable and vulnerable assets. 

It is believed that these files contain financial records, personally identifiable information (PII), internal communications, and cryptographic security keys, which give cybercriminals an insight into how organisations operate. These findings demonstrate not only the extent to which data is exposed in a variety of sectors, but also the inadequacy of traditional security postures when it comes to securing today’s data-rich environment as it pertains to data security. 

Cyberattacks are becoming more surgical and data-centric as they become increasingly sophisticated. To keep their businesses safe, enterprises must implement advanced threat intelligence, encryption, and zero-trust architectures into their cybersecurity strategies at the core. According to our investigation, there is a very alarming degree of personal data exposure in the current breach landscape, with four out of five incidents having compromised personal data, including information about individual customers and business entities. 

Especially troubling is the discovery that 67% of the data analysed originated from routine customer service interactions. This underscores the fact that everyday communications have been exposed as being extremely vulnerable. A major weakness was identified as email correspondence, with over half of the breaches (51%) involving emails containing Social Security numbers (highly sensitive identifiers that, once exposed, created enduring risks because of their immutability and centrality to a wide range of financial and governmental systems created enduring risks. 

 As a matter of concern, cryptographic keys were detected in 18% of analysed breaches. When these keys, which underpin security protocols such as encryption and authentication, are compromised, they can provide an unprecedented amount of risk for the organisation. This can result in the degradation of digital trust and the enabling of unauthorised access to protected systems as a result. Since cryptographic keys are more difficult to replace than passwords and often require systemic overhauls to be properly maintained, their exposure is a critical security risk. 

Increasingly, attackers are shifting from encrypting files to stealing and exchanging sensitive data in order to compound these risks as ransomware tactics evolve. Among the major threat groups, data exfiltration has increased by 92% year-over-year, and the number of ransomware attacks blocked has increased by 146%, thus signalling a shift towards monetising breached information as opposed to traditional ransom demands. 

Cybercriminals are embarking on a profound shift in their playbook of cybercriminals, which leaves organisations under pressure to cope with both operational disruptions as well as the reputational consequences. There was 17% of exposed data consisting of source code and other intellectual property. This posed a serious risk to innovation-driven businesses. When proprietary code is leaked, not only does it undermine competitive advantage, but it also gives adversaries a deep understanding of the vulnerabilities within an application, compromising years of strategic development for an adversary. 

Cybercriminals are targeting a trove of unstructured, public, and sensitive data in the modern day, which represents an increasingly sophisticated trove of data, far more sensitive than the traditional theft of usernames and passwords. According to a comprehensive analysis of 141 million compromised files resulting from nearly 1,300 ransomware and breach incidents, cyberattackers are increasingly targeting confidential business documents, financial records, internal communications, and source code—assets that can offer exponentially more value than just login credentials alone—as assets that are extremely valuable. In the majority of these cases, financial documents were found in 93% of the incidents, with 41% of the exposed material consisting of these files. 

In almost half of these breaches, bank statements were found in the datasets, and International Bank Account Numbers (IBANs) were present in 36% of the datasets, which clearly indicated that the information stolen was both accurate and useful. Unstructured data, such as contracts, meeting notes, configuration files, and emails, is often not encrypted or protected in a way that makes them prime targets for hackers, as opposed to structured databases. 

Approximately 82% of breaches involved personally identifiable information (PII), most of which was embedded in customer service communication, which often contained detailed information about verifications and complaint histories. There were a number of breaches analysed that also exposed emails with Social Security Numbers, and 18% of those contained cryptographic keys that could undermine authentication systems and enable persistence of access to the data. 

In addition to the threat, there are now cybercrime as-a-service platforms that allow the users to rent information-stealing malware for a very low price and then use it to harvest vast amounts of data from unprotected systems, compounding the threat. The dark web market is rumoured to be flooded with billions of login credentials, yet analysts believe the most valuable commodities in this century are source code, legal contracts, business plans, and sensitive client records, all of which are often hidden in cloud repositories or inadequately secured file-sharing drives. 

A cybercriminal can adapt to the new climate by adapting their methods accordingly, operating more like a data scientist, sorting, categorising, and exploiting leaked information in a calculated manner so that they can infiltrate, steal information, commit fraud, and sabotage operations for the long run. In light of these findings, organisations must adopt holistic data protection strategies that go beyond the traditional perimeter-based security models in order to protect their data from threats. 

The threat of cyberattacks is increasing, and businesses must prioritise the implementation of advanced data classification systems that can accurately identify and categorise high-value information to protect themselves from cybersecurity threats. Whenever sensitive documents are being transferred, it is extremely important to apply rigorous encryption to ensure they are protected from unauthorised access, both at rest and during transit. 

Continuous monitoring solutions are equally important in shared environments where visibility is often limited, and it is imperative that continuous monitoring solutions detect anomalous data access patterns. As part of a security assessment, it is essential to perform a detailed inventory of all data repositories, focusing in particular on unstructured files that often fail to attract traditional security oversight, but contain critical business information. 

The use of cryptographic keys and other foundational security assets requires strict access controls and dedicated monitoring to prevent unauthorised use or exposure. Human error is still the greatest vulnerability; therefore, it is necessary to enhance employee awareness programs in order to highlight the risks associated with embedding sensitive information in routine communications, such as emails, meeting notes, and unsecured attachments, so that this vulnerability does not occur. 

Organizations can mitigate the increasing risks associated with today's data-centric threat landscape by cultivating a culture of security-conscious behavior and strengthening the governance of data lifecycle management as well as fostering a culture of security-conscious behavior. In light of the rapid growth and complexity of the digital threat environment, the cybersecurity community has reached an inflexion point that is requiring a more forward-looking approach to cybersecurity rather than reactive band-aid solutions. 

A fundamental shift in mindset is needed at this transformative moment. Cybersecurity is no longer viewed as just another compliance checkbox; it is an integral component of digital infrastructure and enterprise risk management. In order for cybersecurity to be a tool of growth instead of a constraint, board members, CISOs, and IT leaders must collaborate across functional lines to align security priorities with company goals, ensuring that cybersecurity is a tool to enable growth, not a hindrance. Investing in cyber resilience cannot be limited to technology alone, but should also include vendor risk management, incident response readiness, and strategic threat models as well.

In today's world, new technologies exist that provide new avenues for the detection and neutralisation of threats before they become an epidemic, including AI-powered behavioural analytics, deception-based defences, and cloud-native security platforms. As regulatory frameworks tighten around the world, companies have to demonstrate transparency, accountability, and proactive data governance in order to meet the demands of these regulators. 

It is clear that organisations operating in today’s volatile cyberscape need to embrace the lessons learned from the past: protecting their digital environment is no longer just about building taller walls, but also cultivating intelligence, adaptability, and resilience at every level. When organisations fail to evolve, they risk more than just operational disruptions; they also risk compromising their reputations, stakeholder trust, and long-term viability in this age of data becoming a permanent weapon in the hands of adversaries, once breached. In this climate of cybercrime, cybersecurity is no longer just a defensive function but a core business necessity to be able to survive and grow.

Read more »
Visual Deception
cryptomining CyberCrime Cybersecurity CyberThreat Koske Linux malware Panda Visual Deception

Emerging Koske Malware Leverages Visual Deception on Linux Platforms


 

The new Linux malware strain, Kosk, has emerged in a striking demonstration of how artificial intelligence is being used to fight cybercrime. In a remarkable development in how cybercrime intersects with artificial intelligence, the malware uses stealthy delivery mechanisms and AI-assisted development to deploy cryptomining payloads. 

Koske disguises himself behind seemingly harmless images of pandas and uses dropper techniques and advanced evasion tactics in order to infiltrate target systems using a variety of techniques. Aqua Nautilus, Aqua Security's threat intelligence team, reports that the malware's code structure indicates a large language model (LLM) influence on its code structure. 

It is believed that Koske, a sophisticated Linux threat, has evidently been developed using artificial intelligence tools, as the malware was partially generated or optimised using them. According to Aqua researcher Assaf Morag, "Koske, a sophisticated Linux threat, shows clear signs of artificial intelligence-assisted development." A new generation of adaptable and highly specialised malware is now available on the market. Koske is characterised by modular payloads, persistent rootkits, and innovative steganographic delivery methods. 

Koske represents an entirely new type of malware, able to perform one unique goal: the unauthorised mining of cryptocurrency on a large scale. As discovered by Aqua Nautilus researchers through a honeypot, the malware strain known as Koske combines a unique blend of advanced threat engineering, automation, and artificial intelligence. 

According to the Koske cryptominer manual, the application is designed in such a way that it will assess the processing capabilities of the host environment and then deploy GPU-or CPU-optimised miners that are tailored specifically for extracting value from a wide range of digital assets, including Monero and Ravencoin. In his opinion, Koske was almost entirely artificial intelligence-generated, according to Assaf Morag, Aqua Nautilus' Director of Threat Intelligence. Several indicators within the code itself supported this assessment, such as context-aware, explanatory comments and a structurally consistent, machine-like coding style that was consistent with the underlying code. 

Koske stands out from a crowd of malware generated by artificial intelligence in 2025 by providing levels of sophistication that can rival—and in some cases exceed—that of traditional, manually crafted malware strains. In a brilliant demonstration of deception mixed with technical sophistication, Koske exploits a misconfigured JupyterLab instance exposed to the internet to gain initial system access. 

Once the attackers have penetrated the system, they execute remote commands to retrieve two panda-themed JPEG images that have been hosted by legitimate websites like Postimage, OVH Images, and Freeimage that have been compromised. Although these images may appear harmless, they are in fact polyglot files that conceal executable scripts, allowing them to run arbitrary commands on the host computer as long as they are hidden within the files. 

Research by AquaSec suggests that the malware's architecture was shaped by automation frameworks or large language models, which contributed to the malware's modularity and scalability. After Koske has been executed, it activates both GPU- and CPU-optimised cryptocurrency miners that exploit system resources to mine over 18 digital assets, including Monero, Tari, Zano, Ravencoin, and Nexa, among others. In the future, Koske could evolve to incorporate real-time adaptive capabilities, positioning it as a precursor to a class of AI-assisted cyber threats that are expected to prove more powerful in the future. 

As a stunning example of the dual-purpose manipulation of files, Koske uses polyglot files rather than traditional steganography to conceal the malicious payloads, a method that illustrates its technical ingenuity as a hacker. Aqua Security points out that these files are structured in such a way that they can be understood as both valid JPEG images as well as executable scripts, depending on what context they are accessed.

There appears to be no harm in the fact that the files are innocent panda-themed images to the casual user, but upon processing by a script interpreter, the files contain shell scripts and C code embedded within. It is important to note that each image file within the attack chain contains its own payload, which is executed simultaneously upon activation. 

It is common for these payloads to consist of C code that is directly written to memory, compiled, and then run as a shared object (.so) file, which functions as a rootkit. In addition to overriding the readdir() function, the rootkit uses LD_PRELOAD to conceal malware-related processes, files, and directories from user space monitoring tools, thereby causing the malware to appear as if it were unrelated to them. 

Besides hardcoded keywords like koske and hideproc, the data is filtered using hidden process identifiers located in /dev/shm/.hiddenpid, as well. In addition to this payload, there is a stealth shell script implemented by hacking native Linux utilities in order to execute it entirely in memory. Through the use of cron jobs that run every 30 minutes and custom system services, persistence is established. 

As part of the script, Cloudflare and Google DNS are rewritten into /etc/resolv.conf, chattr +i attribute is added to it, iptables rules are flushed, proxy environment variables are reset, and a custom module is deployed to brute-force operational proxies using curl, wget, and raw TCP calls in order to further enhance operational security.

According to AquaSec researchers, this degree of adaptability, combined with the fact that Koske executes in memory and has a minimal forensic footprint, strongly suggests that automation frameworks or large language models may have been used in the development of the application. Koske's exemplifies how artificial intelligence is playing an increasingly prominent role in cyber warfare as a whole, signalling a significant shift in the cyber threat landscape. 

It was observed by Aqua Security analysts that the malware's codebase had several characteristics that suggested an AI-assisted development process. These included verbose scripts with well-commented comments, clean logic structures with a modular approach, and consistent defensive programming techniques. In addition, the malware contains Serbian language strings in some functions, which are likely to have been inserted to obscure the malware's true origin or to make attribution attempts difficult.

In the Aqua team's opinion, Koske may be an early indicator of a bigger trend: a weaponisation of artificial intelligence by malicious actors that could be a larger trend over time. While defenders have increasingly adopted AI as a way of detecting threats and automating processes, adversaries are also beginning to use the same technology to enhance obfuscation, develop polymorphic code, and implement adaptive features that may make it difficult to detect and attribute a cyberattack. 

There is an arms race going on between attackers and cybersecurity teams due to the dual-use potential of AI. It is recommended that organisations maintain a proactive monitoring system for shell file changes, unexpected startup behaviours, and changes to DNS configurations or systemd services. Each of these changes may indicate that malicious activity has occurred. The container security tools should also be optimised so they can prevent rootkit injection as well as block unknown binaries.

In the face of the next generation of malware, Koske stands as a warning not simply of the skillfulness of human hackers but likewise of the increasing influence of artificial intelligence on the next generation of malware, which raises the stakes for security professionals across multiple industries. The Aqua Security team stresses that organizations must adopt a more proactive and layered defense strategy in light of Koske's advanced capabilities and stealthy infection vectors, as well as adopt a proactive, layered defense strategy. 

As a first line of defence, people need to audit and secure all exposed instances of JupyterLab, which is commonly used in Koske campaigns. People also need to disable unnecessary services and enforce robust access controls to protect the environment. Likewise, it is imperative to continuously monitor system activity for anomalies like executions that take place only in memory, or cron jobs that are unauthorised, or the misuse of native Linux utilities, to establish persistence. 

Given that the threat consists of hybrid elements - image files that act as scripts as well as executables - traditional signature-based defences may be insufficient. It is Aqua's recommendation to deploy behaviour-based detection tools in order to identify suspicious execution patterns. These tools are especially helpful for bypassing disk-based traces, and Aqua recommends doing so. 

Furthermore, organisations are advised to revise their incident response plans to accommodate AI-assisted, polymorphic threats such as Koske, which blur the lines between conventional malware and intelligent automation. Security teams can greatly benefit from integrating these countermeasures to be more equipped in detecting, containing, and neutralising emerging cyberattacks whose intelligence and adaptability are on the rise. 

In Koske's opinion, the evolution of cyber threats has reached a critical point, where artificial intelligence, automation, and sophisticated evasion techniques have converged to create malware that is more agile, stealthy, and adaptive than ever before. Apart from its cryptomining function, Koske also illustrates the shift towards intelligent, modular, and self-sustaining threats that challenge traditional security assumptions in a way that is beyond the scope of crypto mining. 

Incorporating polyglot files, memory-resident execution and AI-generated code into attacks demonstrates how attackers are rapidly evolving, leveraging the same technologies that are used by defenders to defend themselves. The data from Koske indicates that organisations need to take proactive measures to defend themselves against modern threats. They need to be able to detect threats using behaviour-based detection, hardened environments, and proactive monitoring. 

As attackers begin to use artificial intelligence more and more industrially, Koske's discovery is only the beginning. This discovery reminds us that in the era of intelligent automation, cyber defence must be equally agile, adaptable, and forward-looking.
Read more »
Subscribe to: Posts (Atom)