Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker attack. Show all posts
Iran-based hacker group
Critical Infrastructure Cyber Attacks Hacker attack Infrastructure Infrastructure Security Iran hackers Iran-based hacker group

Iran-Linked Hackers Targeted US Fuel Tank Systems Through Exposed ATG Networks

 

A cyber incident linked to suspected Iranian hackers targeted U.S. gas station fuel monitoring systems, exposing weaknesses in critical infrastructure. Internet-connected ATG systems lacking password protection reportedly allowed attackers to gain access without stolen credentials. Though designed to track fuel levels automatically, these systems became vulnerable because of poor security controls. 

The incident highlights how basic operational technology flaws can create major risks. Weakly protected infrastructure remains an attractive target for cyberattacks. Remote access features, while convenient, can become dangerous when left exposed online. 

Many of these monitoring tools operate quietly in the background until compromised. Security experts warn that even simple protections could have blocked the intrusion. Each exposed device increases risks across connected infrastructure networks. Although the attackers reportedly altered displayed fuel readings, authorities said the actual fuel levels inside storage tanks were not changed. 

Even so, cybersecurity specialists stressed that compromised ATG systems could still disrupt operations or create confusion during emergencies. Experts have warned for years that insecure fuel monitoring systems could become targets for hackers or state-backed groups seeking to impact critical services. Growing tensions involving the United States, Iran, and Israel have fueled suspicions around Iranian-linked cyber activity. Analysts noted similarities between this incident and earlier attacks tied to Iran targeting fuel distribution infrastructure. 

While officials have not publicly confirmed attribution, researchers said the timing and techniques resemble previous Iran-associated operations. Cybersecurity and Infrastructure Security Agency acknowledged reports of malicious activity involving automated tank gauge systems across critical sectors. While the agency stopped short of blaming Iran directly, it urged organizations to strengthen protections immediately. 

Recommendations included removing ATG systems from direct internet exposure, implementing strong passwords, reviewing logs regularly, and improving monitoring for suspicious behavior. Experts say modern geopolitical conflicts increasingly extend into digital systems supporting everyday life. Attacks targeting fuel infrastructure can trigger economic disruption, supply chain instability, and public panic even without causing physical damage. 

A relatively small cyber incident can still send a strategic message by demonstrating access to systems relied upon by millions. Many cybersecurity professionals continue warning that operational technology environments remain especially vulnerable because they often rely on outdated systems, weak segmentation, and limited visibility. Attackers frequently focus on these environments because even simple techniques can produce large-scale disruption. 

Researchers also pointed to lessons from the Colonial Pipeline ransomware attack, which caused fuel shortages and emergency declarations across multiple U.S. states in 2021. Experts believe similar attacks today could create ripple effects well beyond the originally targeted facilities. 

Security specialists now argue that industrial systems and connected devices should receive the same level of protection as traditional IT networks. Stronger segmentation, automated compliance checks, continuous monitoring, and recovery planning are increasingly viewed as necessary safeguards as cyber threats against critical infrastructure continue to grow.
Read more »
Malware attacks
AI Chatbot ChatGPT. OpenAI Cyber Attacks Digital Supply Chain Risk Hacker attack Malicious Software Malware attacks

OpenAI Confirms Employee Devices Hit in TanStack Supply Chain Malware Attack

 

A recent software supply-chain breach impacted several companies after hackers targeted widely used open-source tools. Among those affected was OpenAI, where compromised employee devices provided limited access to internal systems. At the center of the attack stood TanStack, a framework heavily relied upon for building websites and integrated across countless technology environments worldwide. Its broad adoption allowed the threat to spread far beyond a single platform. 

OpenAI stated that no customer information, production systems, intellectual property, or software releases were compromised. However, attackers did access a limited number of internal code repositories linked to employees whose systems had previously been infected. The company described the exposure as narrow in scope. 

The incident surfaced after TanStack disclosed that hackers had uploaded 84 malicious software updates within a six-minute period. Security researchers reportedly identified the suspicious activity within roughly twenty minutes, helping reduce broader impact. The compromised packages were designed to steal credentials from infected devices and quietly spread across connected systems. 

Although the breach exposed only a small amount of authentication material, OpenAI responded by rotating cryptographic certificates tied to the affected repositories. Some users running OpenAI applications on Apple devices may need updated installations following the security changes. OpenAI also stated that investigations found no evidence of altered production software or persistent threats within its operational infrastructure. Core systems reportedly remained secure throughout the incident. 

The identity of the attackers remains unknown. Researchers say open-source ecosystems are increasingly becoming targets because of how deeply they are embedded across modern technology stacks. Instead of attacking organizations directly, hackers compromise trusted software components and distribute malicious code through official update channels. 

One successful breach can therefore impact numerous downstream users simultaneously. Security analysts have linked similar tactics to multiple cyber threat groups over the past year. In March, North Korean-linked hackers reportedly compromised Axios to distribute malware capable of affecting large numbers of developers. More recently, suspected Chinese threat actors targeted Windows users through altered installers connected to DAEMON Tools. 

Supply-chain compromises have become particularly dangerous because developers routinely trust updates delivered through official repositories and package managers. Once malicious code enters legitimate distribution systems, organizations may unknowingly install infected software while assuming it is safe. Cybersecurity professionals warn that attacks targeting open-source infrastructure will likely continue increasing as businesses depend more heavily on shared frameworks, collaborative development tools, cloud services, and AI-powered systems. 

The same openness that accelerates innovation also creates opportunities for attackers to exploit weak points at scale. The latest incident highlights how even highly advanced technology companies remain vulnerable when trusted third-party tools are compromised. Security experts are now urging stronger oversight across software supply chains, including stricter dependency validation, improved monitoring, and deeper review of external code before deployment into production environments.
Read more »
Hacking Group
Canada Cyber Attacks Cyber Breach Digital Security Challenges education sector Education Sector Cybersecurity Hacker attack Hacking Group

ShinyHunters Cyberattack Disrupts Canvas Platform Across Universities and Schools

 

This week, a significant digital breach affected educational institutions throughout the United States, Canada, and Australia. The incident followed claims by the hacking collective ShinyHunters. Their target: Canvas, a commonly adopted online learning system. Despite its widespread use, the platform proved vulnerable. 

Though details remain partial, reports confirm active exploitation of security gaps. While some schools shifted to offline methods, others delayed classes. Because of the reach of the network, effects spread quickly. Since access was blocked at peak hours, confusion grew early. Not every region reported identical issues - some experienced minor delays instead. Even so, trust in ed-tech infrastructure has taken a hit. 

As investigations continue, officials are reviewing how data was exposed. Midway through the year’s final academic stretch, a cyberattack triggered broad system failures across roughly 9,000 schools globally. Coursework uploads faltered, exam access vanished, lectures disappeared, grading stalled - student work ground to a halt. Though Instructure owns the platform, control slipped when services went down; officials acknowledged the breach soon after. 

Recovery came slowly - Canvas returned for many, yet pockets of disruption lingered on campuses far apart. Midway through tests, alerts flashed unexpectedly - spreading uncertainty among test takers and instructors at multiple campuses. Because of the interference, assessments set for Friday at Mississippi State University got delayed without prior notice. Screens displayed warnings stating “ShinyHunters has breached Instructure (again),” followed by demands for cryptocurrency transfers to prevent data leaks. 

Some learners recalled frozen systems right when submitting answers. Though officials confirmed the incident, details remained limited throughout the afternoon. By evening, investigations had begun while backups were reviewed quietly behind closed doors. After finishing their long exam essays, one student - Aubrey Palmer - noticed the ransom note pop up. When doubts emerged about whether files were actually saved, stress began spreading through the group. 

Some felt upset right away, others grew uneasy only later. Midterms approached fast when campuses started alerting students about sudden changes. Following technical issues, Sydney advised against accessing Canvas until further details arrived from Instructure. With finals looming, the timing of the outage posed serious challenges. Though routine disruptions happen now and then, this one struck during peak assessment periods.  

Among those impacted were Penn State University, Idaho State University, the University of British Columbia, the University of Toronto, UCLA, and the University of Chicago. With IT departments reviewing how far the breach reached, some campuses postponed exams - others called them off entirely. Later on campus, Jacques Abou-Rizk noticed something off after opening an email link - he saw a message that seemed tied to a demand for payment. 

Though the note mimicked one from school staff, officials clarified they were already tracking the event. Despite initial concerns, leaders emphasized no additional platforms showed signs of intrusion. Cybersecurity analysts pointed to screenshots suggesting the attacks might have started several days before the public alerts, as seen in timed demands delivered to targeted organizations. 

While ransom discussions could still be happening behind the scenes, the hacker collective hasn’t revealed its next steps regarding the data it claims to possess. Besides earlier cases, another breach now ties back to ShinyHunters - a group already connected to several prominent corporate intrusions. While details differ, patterns point to similar tactics used before across large-scale data compromises. 

Surprisingly, the widespread outage sparked fresh worries over how ready schools really are when it comes to digital safety. At nearly the same time, officials like Senator Chuck Schumer began pushing for tougher nationwide protection - especially since artificial intelligence-driven attacks and online ransom schemes keep growing across countries.
Read more »
Infrastructure Security
API Cyber Attacks Cybersecurity Attack DDoS DDOS Attacks Hacker attack Infrastructure Security

Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure

 

A wave of traffic overwhelmed systems, briefly halting downloads, patches, and web resources managed by Canonical - the team responsible for Ubuntu Linux. Outages stretched nearly twenty-four hours, blocking access to essential tools during the incident. 

Midway through the disruption, Canonical confirmed issues affecting its online systems, calling them a prolonged international cyber incident. With efforts already underway to bring functions back online, progress reports were expected later via verified sources after conditions improved. 

Not just external sites felt the impact - insights from casual chats on unaffiliated Ubuntu message boards pointed to deeper issues. Failures popped up across several core functions: the security API stumbled, repository access broke, setup tools froze, package upgrades failed. When the outage struck, countless machines could neither pull patches nor start clean installs. The ripple spread wider than first assumed. 

A claim of responsibility emerged afterward, attributed to an entity calling itself The Islamic Cyber Resistance in Iraq 313 Team. Supposed messages circulated on Telegram suggest they relied on a service named Beemed - one that facilitates distributed denial-of-service attacks - to execute the incident. While details remain sparse, the method points toward accessible cyber tools being leveraged for disruptive purposes. Heavy network floods emerge when tools like Beamed hand out DDoS power to anyone willing to pay, masking harm behind so-called "testing" labels. 

Instead of building safeguards, some misuse these setups to drown web systems in endless data streams. With advertised force climbing toward 3.5 terabits each second, one sees how readily extreme digital pressure becomes a purchasable option. A single flood of fake signals can overwhelm digital infrastructure when launched from countless hijacked gadgets online. 

Such an event forces critical systems to choke on excessive demand, blocking normal access. Real people experience delays or complete service failures as their requests get lost in chaos. Machines turned into unwilling helpers generate relentless noise instead of useful responses. Performance drops sharply once capacity limits are breached without warning. Genuine interactions fade under pressure from artificial congestion. 

Most times, hacking groups start by slipping malicious software onto gadgets, sometimes using poor login codes instead of strong ones. From there, machines already taken over get bundled together - forming massive clusters run from far away via command centers online. These hijacked setups often change hands in hidden digital bazaars; launching short outages becomes possible for cheap, while heavier assaults require deeper spending. 

What follows? Buyers pick time-limited chaos or go all-in for longer surges. Surprisingly, more DDoS attacks happen now due to widespread access to self-running malware that exploits weak device protections across countries. While strong networks may resist some threats, major companies still face interruptions since hackers pair huge bot-driven data floods with focused attack plans.  

The Ubuntu event underscores how fragile key open-source tools have become - tools that developers, businesses, and public agencies depend on worldwide. When update servers or security interfaces go offline briefly, ripple effects follow. Patching halts. System rollouts stall. All of this unfolds while digital attacks are already underway.
Read more »
Hijacking attacks
Account Hijacking Risks Account security account takeover scams Cyber Attacks Cyber Hackers Cyber Phishing Hacker attack Hijacking attacks

Signal Plans New Security Measures After Russian Hackers Hijack Hundreds of Accounts

 

Following revelations that hackers tied to the Russian government breached numerous German users' accounts via focused phishing schemes, Signal, a secure messaging service, moves to strengthen its defenses. Though the core encryption stays intact, manipulation tactics targeting people - not systems - spark renewed alarm among experts. Some reports suggest around 300 people in 

Germany faced incidents, such as prominent politicians. 
The head of the German parliament ranked among them, showing a shift toward targeting authorities, campaigners, and well-known personalities. Though less common before, such actions now point to more deliberate choices by offenders. What happened did not involve any break-in at Signal’s core security setup. Their encryption methods stayed intact throughout the incidents. Hackers found another path - using deceptive messages aimed directly at people. 

These tricks led some users to hand over private login details without realizing it. The app itself remained untouched, including its built-in privacy safeguards. Reportedly, fake messages came from someone pretending to be "Signal Support," arriving straight in user inboxes. Instead of ignoring them, some people gave up their single-use login codes, personal Signal PINs, along with backup account information. 

With that data in hand, intruders then activated the targeted accounts on separate devices. Private conversations became reachable - all because stolen details allowed full transfer control. Earlier warnings came from security experts across Europe, along with U.S. agencies like the FBI, flagging such tactics recently. Phishing efforts resembling these have drawn attention due to their repeated appearance. 

Targets included individuals speaking out against China’s policies, according to reports. These patterns hint at coordinated monitoring backed by governmental support. Observers note the consistency in techniques points beyond random attacks. Human behavior plays a central role in these breaches, differing from conventional hacks targeting code flaws. 

Instead of cracking software defenses, intruders gain access by persuading individuals to disclose credentials. Once granted entry through trust rather than force, encrypted environments offer little resistance. Security analysts observe a shift: tricking people now works better than overcoming digital barriers. What used to require complex tools now succeeds with conversation. Now working on new protections, Signal aims to make scam detection easier for its users. 

Without revealing exact details, the team mentioned updates targeting phishing-driven breaches. These adjustments will start appearing within weeks. Changes are expected to limit how often accounts get compromised through deceptive messages. Although the group operating Signal emphasizes strong privacy safeguards, these very protections reduce how much information they can gather. 

Because messages are secured with end-to-end coding, personal chats remain hidden even from the service itself. Limited access to usage details means deeper inspection of scam attempts becomes difficult. Only minimal traces of activity stay visible, due to built-in system constraints. Later updates show Signal warning people: real support teams won’t message inside the app, on social platforms, by text, or call asking for logins, access codes, or personal IDs. 

Messages from the team arrive strictly via confirmed accounts ending in @signal.org, according to their statement. Communication like this stays limited - no exceptions appear. Despite strong encryption, hacking through stolen credentials shows weaknesses still exist at the human level. With scams now harder to spot, specialists stress vigilance alongside tools like two-step checks - protection depends on behavior, not code alone.
Read more »
Hacking Group
Cyber Attacks Cyber Outage Digital Learning E-learning Facebook Canvas Hacker attack Hacking Group

Canvas Learning Platform Outage Disrupts Universities After ShinyHunters Cyberattack

 

Midday classes hit pause when Canvas went offline nationwide following a security alert that triggered emergency repairs. Though the issue began in Texas, ripple effects reached campuses far outside, cutting off vital links to homework and recorded lectures. When servers dropped, so did access - assignments vanished from view, gradebooks locked tight. Some professors switched to paper handouts; others postponed deadlines without warning. 

By evening, partial functions returned, though glitches lingered like static on a radio. Not every login worked smoothly, leaving doubts about full recovery. Reports suggest a connection between the incident and ShinyHunters, a hacking collective lately seen exploiting cloud systems by leveraging weak points in external service providers. Though details remain limited, evidence traces back to prior attacks where stolen information was used as leverage against corporate networks. 

Instead of relying on brute force, the group often manipulates access flaws within shared digital environments. While some breaches go unnoticed at first, forensic analysis later reveals patterns matching earlier intrusions tied to similar tactics. Later came confirmation from Instructure - Canvas's developer - that the platform had entered temporary maintenance mode after the event unfolded. Though restoration of service remained possible, according to officials, institutions using the system faced urgent hurdles just when course activities demanded stability. 

Despite assurances, timing turned problematic for schools depending heavily on seamless access at a pivotal point in the term. Midway through the week, campuses like Southern Methodist University felt the strain as systems went offline. Not far behind, the University of North Texas System faced similar disruptions, slowing down daily functions. At Baylor University, staff worked under pressure - rescheduling classes became a priority. Meanwhile, Tarrant County College saw delays ripple across departments. With email and portals unreliable, instructors adapted on the fly while leadership tried to reconnect threads. 

Because updates lagged, many waited hours just to confirm basic plans. Final exams set for Friday at Southern Methodist University got pushed to Sunday after a widespread system failure left services down. Because of the same national disruption, Baylor University rescheduled its tests too, alerting learners that interruptions might stretch on without clear timing. Officials admitted they lacked answers about how long things would stay broken - access may return in hours or drag into multiple days. 

Across town, the University of North Texas System cut off broad access to Canvas until faculty and tech experts figured out next steps for ongoing classes, scores, and year-end tests. Farther south, Tarrant County College acknowledged its digital crews were checking the breach, watching for ripples among learners and workers alike. Unexpected outages reveal how tightly schools now rely on centralised online learning systems. 

Not only do tools such as Canvas support daily teaching tasks, but they also handle submission tracking, feedback cycles, and course materials distribution. Should access fail, functions stall - particularly under pressure, like mid-semester assessments. Interruptions expose fragile infrastructure beneath routine digital workflows. What stands out is how this event ties into a wider pattern - cyber gangs increasingly going after schools and companies that run online platforms. 

Though they hold vast collections of student records and private details, many learning organizations lack strong digital defenses. Because of these gaps, threat actors see them as easier wins when chasing ransom payments. Still probing the incident, campuses now shift toward regular classes - though officials stay alert for leaked data. This disruption highlights once more that when hackers strike common online systems, ripple effects hit countless people at many schools all at once.
Read more »
Hacking Group
Cyber Security Ransomware Attacks Data Breach Data Leak Data protection data security Hacker attack Hacking Group

ShinyHunters Targets McGraw Hill In Salesforce Data Leak Dispute Over Breach Scope

 

A breach at McGraw Hill came to light when details appeared on a leak page run by ShinyHunters, a hacking collective now seeking payment. Appearing online without warning, the listing suggested sensitive data had been taken. The firm acknowledged something went wrong only after outsiders pointed to the published claims. Instead of silence, there followed a brief statement - no elaborate explanations, just confirmation. What exactly was accessed remains partly unclear, though the criminals promise more leaks if demands go unmet. Their method? Take data first, then pressure victims publicly through exposure. 

Though the collective says it pulled around 45 million records from Salesforce setups, McGraw Hill challenges how serious the incident really was. A flaw in a cloud-based Salesforce setup - misconfigured, not hacked - led to what occurred, according to the company. Public release looms unless money changes hands by their stated date. Not a breach of core infrastructure, they clarify. Timing hinges on whether terms get fulfilled. What surfaced came via access error, not forced entry. 

Later came confirmation from the firm: only minor data sat exposed through a public page tied to Salesforce. Not part of deeper networks - systems handling daily operations stayed untouched. Customer records? Still secure. Educational material platforms? Unreached. Personal identifiers like income traces or school files showed no signs of exposure. The breach never reached those layers. A single weak link elsewhere might open doors wider than expected. Problems often start outside core networks, hidden in connected tools. 

One misstep in setup could ripple across several teams relying on Salesforce. When outside systems slip, sensitive details sometimes follow. Security gaps far from the main system still carry risk close to home. What seems distant can quickly become immediate. Even with those reassurances, ShinyHunters insists the breached records include personal details - setting their version against the firm’s own review. Contradictions like this often surface when attacks aim to extort, as hackers sometimes inflate what they took to push targets into responding. 

Now operating at a steady pace, ShinyHunters stands out within the underground scene by focusing less on locking files and more on quietly siphoning information. Instead of scrambling networks, they pressure victims using material already taken - payment demands follow exposure threats. Their name surfaced after breaches hit well-known companies, where leaked datasets served as leverage. Rather than causing immediate downtime, their power lies in what could be revealed. 

What stands out lately is how this group exploited a security gap at Anodet, an analytics company, gaining entry through leaked access tokens aimed squarely at cloud-based data systems. Alongside that incident came the public drop of massive corporate datasets - another sign their main goal remains pulling vast amounts of information from high-profile targets. Among recent breaches, the one involving McGraw Hill stands out - not because of its scale, but due to how it reveals weaknesses hidden within standard cloud setups. 

Instead of breaking through strong defenses, hackers often slip in via small errors made during setup steps handled by outside teams. What makes this case notable is less about immediate damage, more about what follows: sensitive information pulled quietly into unauthorized hands. While systems keep running without interruption, stolen data becomes the weapon - threatening public release unless demands are met. 

Over time, such tactics have shifted the focus of digital attacks away from crashes toward silent leaks. With probes still underway, one thing becomes clear: oversight of outside connections matters more now than ever. When digital intruders challenge what companies say, credibility hinges on openness. Tight rules around setup adjustments help reduce weak spots. How firms handle disclosures can shape public trust just as much as technical fixes. Clarity during crises often separates measured responses from confusion.
Read more »
Hacker attack
Cyber Attacks Cyber crimes Cyber Extortion cybercrime gangs CyberSecurity Ransomware Attacks Hacker attack

Rival Ransomware Gangs 0APT And Krybit Clash In Unusual Cyber Extortion Battle

 

A clash almost unseen among digital outlaws has begun - 0APT, a hacking collective, now warns it will unmask operatives from enemy faction Krybit. This shift came to light through surveillance of hidden online forums. Tension simmers beneath the surface of these underground circles. Rival gangs once operating in parallel seem to fracture under pressure. Trust, usually scarce, is vanishing faster than usual. Evidence points toward escalating friction inside ransomware communities. 

What began as covert threats may reshape alliances unexpectedly. Reports indicate 0APT sent a threat to Krybit, insisting on payment under risk of exposing private records - names, positions, operational files - if ignored. A limited set of claimed stolen materials was published shortly after, serving as evidence - a move mirroring classic dual-pressure methods seen in attacks on businesses. Yet using such an approach toward another illicit network stirs doubt around its real impact, given that public image matters little within hidden communities. 

Even so, the danger remains somewhat real. Because cybercrime networks depend on staying hidden, revealed identities might invite legal trouble or revenge attacks. From the exposed information, security analysts pulled login details tied to Krybit members - alongside digital currency wallets - hinting at weak points in how the group functions. Yet the full impact stays unclear. Now showing a blank page, Krybit's site now displays only a standard upkeep notice, hinting at disruptions tied to recent events. Little is known about the collective so far, mainly because big security analysts have published almost nothing on them - possibly a sign they are just beginning operations. 

On the opposite end, 0APT emerged around spring 2026 and gained attention fast, marked by complex tools and methods, even though some doubt surrounds how truthful their early reports of breaches really were. Odd as it seems, infighting among hackers has happened before. Earlier clashes included DragonForce going after opponents - BlackLock, then Mamona - by altering web pages and exposing private messages. 

In much the same way, activity aimed at RansomHub tied back to DragonForce, revealing ongoing friction between ransomware crews. This conflict taking shape between 0APT and Krybit signals changes in how cybercriminals operate - motives like money, dominance, and competition now spark open clashes. With ransomware networks evolving fast, these kinds of face-offs might happen more often, making it harder for security experts to follow the players involved.
Read more »
malicious PDF files
Adobe Adobe Reader Cyber Security Cyberattacks cybersecurity vulnerabilities data security Hacker attack Malicious Files Malicious PDF Attachment malicious PDF files

Adobe Reader Zero-Day PDF Exploit Actively Used in Attacks to Steal Data

 

A fresh security flaw in Adobe Reader - unknown until now - is under attack by hackers wielding manipulated PDFs, sparking alarm across global user bases. Since December, activity has persisted without pause; findings come from analyst Haifei Li, who traced repeated intrusions back months. 

What stands out is the method: an intricate exploit resembling digital fingerprinting, effective despite up-to-date installations. Even patched systems fall vulnerable to this quietly spreading technique. Open a single infected PDF, then the damage begins - little else matters after that. This method spreads quietly because it leans on normal software behaviors instead of obvious malware tricks. 

Instead of complex setups, it taps into built-in functions like util.readFileIntoStream and RSS.addFeed, tools meant for routine tasks. Because these actions look ordinary, alarms rarely sound. Information slips out before anyone notices anything wrong. What makes this flaw especially risky isn’t just stolen information. As Li points out, it might allow further intrusions - such as running unauthorized code from afar or breaking out of restricted environments. Control over the affected device could then shift entirely into an attacker’s hands, turning a minor leak into something far worse. 

Examining deeper, threat analyst Gi7w0rm noticed fake PDFs in these operations frequently include bait written in Russian. With topics tied to current oil and gas industry shifts, the material appears shaped deliberately - aimed at certain professionals to seem believable. Though subtle, the choice of subject matter reflects an effort to mirror real-world events closely. 

Still waiting, Li notified Adobe about the flaw earlier - yet when details emerged, a fix wasn’t available. Without an update out yet, anyone opening PDFs from outside channels stays at risk. For now, while waiting for a solution, specialists urge care with PDFs - especially ones arriving by email or unknown sources. 

Watch network activity closely; odd patterns like strange HTTP or HTTPS calls may point to the vulnerability being used. Unusual user-agent labels in web requests could mean trouble already started. One more zero-day surfaces, revealing how hackers now lean on familiar file types and common programs to slip past security walls. 

While the flaw stays open, sharp attention and careful handling of digital files become necessary tools for staying protected. Though fixes lag behind, cautious behavior offers some shield against unseen threats waiting in plain sight. 
Read more »
leaked sensitive data
cybercriminals Ransomware Attack Data Breach Data Hackers Data Leak data security Hacker attack leaked sensitive data

Qilin Ransomware Targets Die Linke in Suspected Politically Motivated Cyberattack

 

A major digital attack hit Die Linke when hackers using the name Qilin said they broke into internal networks and copied confidential files. Because of this breach, private details may appear online unless demands are met - raising alarms about rising cyber threats tied to political agendas across European nations. 

On March 27, the group made public what had just been noticed - odd behavior inside their digital setup. Though Die Linke admitted someone got in without permission, they did not at once call it a complete breakdown of data safety. Later signs point toward intruders possibly reaching inner networks. Some organizational details might now be exposed. One report suggests hackers aimed at company systems plus staff details, mainly tied to central offices. 

What got taken stays uncertain right now - no clear picture on volume or leaks so far. Still, authorities admit: chances of sensitive material being exposed feel real enough. Though gaps remain in understanding the full reach, concern holds steady. Notably, Die Linke confirmed its member records stayed untouched. That means information tied to more than 123,000 individuals likely avoided exposure. 

So, the incident may be narrower than first feared. Early in April, the Qilin ransomware crew named Die Linke among those hit, posting details on their public leak page. Despite holding back actual files until now, these moves often aim to push targets toward payment. Pressure builds when sensitive material might go live - this is how cyber gangs tighten control mid-talks. Something like this might point beyond mere hacking. Die Linke sees signs of coordination, possibly tied to Russian-speaking cybercriminal networks. Not accidental, they argue - the timing matters. 

A move within wider hybrid campaigns emerges here, blending digital strikes with influence efforts. Institutions become targets when data breaches align with disinformation. Cyber actions gain weight when paired with political pressure. This event fits a pattern some have seen before. Digital intrusions serve larger goals when linked to real-world disruption. Following the incident, German officials received official notification along with submission of a criminal report. To examine the security lapse, limit consequences, and repair compromised infrastructure, outside cyber specialists are now assisting the organization. 

Far from unique, such attacks mirror past patterns seen in Germany. State-backed hacking efforts have struck before - especially those tied to APT29 - with political groups often in their sights. Surprisingly, cyber operations against Die Linke reveal how digital security now intertwines with global power struggles - political groups face rising risks from attackers motivated by profit or belief alike. 

While once seen as separate realms, online threats today frequently mirror international tensions, pulling parties like Die Linke into the crosshairs without warning. Because motives differ, so do methods; yet all exploit vulnerabilities in systems meant to serve public discourse. Thus, a breach isn’t merely technical - it reflects broader shifts in who gets targeted, and why.
Read more »
Hacker attack
Cyber Attacks Cyber Breach Cyber Finance Cyber Software Cybersecurity Governance Hacker attack

Netherlands Ministry of Finance Cyberattack Exposes Gaps in Government Security Defenses

 

A fresh wave of worry now surrounds how well government digital safeguards really hold up, after hackers struck the Dutch Ministry of Finance. Fast response by authorities limited immediate damage - yet the event peeled back layers on long-standing weak spots in public infrastructure security. Though control was regained swiftly, underlying flaws remain exposed. 

An official report noted signs of intrusion on March 19, targeting systems essential to daily operations in a policy division. Because these systems support central government tasks - instead of secondary ones - the impact carries greater weight. What sets this apart is how deeply embedded the compromised tools are in routine governance work. 

Early warning came not from within but outside the organization, setting off a chain of internal reviews. Once identified, security units verified unauthorized entry before cutting connections and removing compromised components from service. Fast intervention reduced exposure, yet exposed a deeper issue - detection often waits on others’ signals instead of acting independently. Services visible to the public - like tax, customs, and welfare - are still running normally. Even so, staff members face behind-the-scenes issues due to recent system problems. 

The degree of disruption inside government operations hasn’t been fully revealed. While probes continue, it remains unclear if private information was seen or taken. To date, nobody has stepped forward claiming they carried out the incident. Far from standing alone, this case fits patterns seen before. Following close behind come multiple digital intrusions targeting organizations throughout the Netherlands. One clear instance hit the Dutch Custodial Institutions Agency - hackers moved through internal networks undetected over several months, pulling out staff information like phone numbers and login codes. 

Behind that attack lay weak spots in Ivanti Endpoint Manager Mobile, software flaws later found echoing across state entities such as courts and privacy oversight offices. What stands out now is how deep-rooted flaws still go unchecked. Not just detection holes, but reliance on outside parties to spot intrusions shows vulnerability. When systems grow tangled over time - especially within public sector networks - the risk expands quietly. 

Older setups, slow to adapt, offer openings that skilled adversaries exploit without pause. Past patterns reveal something more troubling: once inside, many never really leave. Officials admit the issue carries weight, yet details remain limited while probes continue. Still, analysts stress openness matters more now - trust hinges on it should private information prove exposed. 

Beyond the breach itself lies an uncomfortable truth: protecting digital assets within public institutions demands more than software fixes - it hinges on smarter oversight, quicker response loops, early warning signals woven into daily operations, systems built to bend instead of break. Governance fails when firewalls stand alone without institutional awareness backing them up.
Read more »
Medical Hacking
Cyber Attacks Cybersecurity Attack Data Removal data security Digital Infrastructure Hacker attack Malware attacks Medical Hacking

Stryker Hit by Major Cyberattack as Hacktivist Group Claims Wiper Malware Operation

 

A major cybersecurity breach hit Stryker, the international medical tech company, throwing operations into disarray across continents. Claiming responsibility is a hacktivist faction supportive of Palestine, said to have ties to Iranian networks. Outages spread quickly through digital infrastructure after the intrusion became active. Emergency protocols were activated by staff as normal workflows collapsed without warning. 

Following the incident, blame was placed on Handala - a collective that openly admitted initiating a cyberattack involving destructive software aimed at Stryker’s infrastructure. Data removal affected numerous devices throughout the organization's environment. From those systems, about 50 terabytes containing confidential material were copied before transmission outside secure boundaries. 

Even though confirmation remains absent, whispers among workers stretch from Dublin to San Jose, pointing at chaos. Over two hundred thousand gadgets - servers mostly, but also handheld units - supposedly vanished under digital assault, according to Handala. Operations froze in clusters of buildings scattered through nearly thirty nations. Evidence trickles in from office staff in Perth, San José, Cork, and beyond, painting a fractured picture of stalled systems. 

One moment staff noticed work phones wiped without warning. Then came reports of private gadgets - once linked to office networks - suddenly cleared too. Afterward, guidance arrived: uninstall every business-related app. Tools meant to manage phones, along with messaging software tied to the organization, had to go. Removal became expected across all equipment. Work slowed in certain areas when digital tools went offline, pushing staff toward handwritten logs instead. With networks down, employees handled tasks by hand until technology recovered. 

A breach within Stryker’s Microsoft-based network led to widespread IT outages worldwide, as disclosed in a regulatory document. Right after spotting the problem, the firm triggered its internal cyber crisis protocol. Outside specialists joined the effort soon afterward - helping examine and limit further damage. Even though the disturbance was serious, Stryker said it found no signs of ransomware and thinks the situation is now under control. Still, the company admitted work continues to restore systems, without saying when operations will return fully. 

Yet completion remains uncertain despite progress so far. Emerging in late 2023, Handala already shows patterns of focusing on Israeli entities - using tactics that pair information exfiltration with damaging software meant to erase digital traces. Public exposure of obtained files forms a consistent part of their method, typically done via web-based disclosure channels. Though relatively new, its actions follow a clear playbook centered around visibility and disruption. 

Amid rising global tensions, a fresh assault emerges - tied to surging digital threats fueled by ongoing regional disputes. Noted specialists stress these events reveal a shift: large-scale interference now walks hand-in-hand with widespread information theft. While conflict zones heat up offline, their shadows stretch deep into network spaces. With Stryker rebuilding its digital infrastructure, the event highlights how sophisticated cyberattacks increasingly endanger vital sectors - healthcare and medtech among them - where uninterrupted function matters most.
Read more »
Isreal
Bypass of Sensitive data. Cyber Security Data Hackers data security Data Theft Hacker attack Isreal

Spyware Disguised as Safety App Targets Israelis Amid Rising Cyber Espionage Activity

 

A fresh wave of digital spying has emerged, aiming at people within Israel through fake apps made to look like official warning tools. Instead of relying on obvious tricks, it uses the credibility of public alerts to encourage downloads of harmful programs. 

Cyber experts highlight how these disguised threats pretend to offer protection while actually stealing information. Trust in urgent notifications becomes the weak spot exploited here. What seems helpful might carry hidden risks beneath its surface. Noticed first by experts at Acronis, the operation involves fake texts mimicking alerts from Israel’s Home Front Command - an IDF division. 

Instead of genuine warnings, these messages push a counterfeit app update for civilian missile notifications. While seeming official, the link leads to malicious software disguised as protection tools. Rather than safety, users face digital risks when installing the altered program. Falling for the guide, people install spyware rather than a genuine program. The harmful software can harvest exact whereabouts, texts, stored credentials, phone directories, along with private files kept on the gadget, experts say. Years of activity mark this group within cyber intelligence circles. 

Thought to connect with Arid Viper, the operation fits patterns seen before. Targets often include Israeli military figures, alongside people in areas like Egypt and Palestine. Instead of complex tools, they lean on social engineering to spread malicious software. Their methods persist over time, adapting without drawing attention. What stands out is the level of preparation seen in the attackers, according to Acronis. Their operations show a clear aim, targeting systems people rely on when tensions rise between nations. 

Instead of random strikes, these actions follow a pattern meant to blend in. Official-looking messages appear during crises, shaped like real alerts. Because they resemble legitimate warnings, users are more likely to respond without suspicion. Infrastructure once seen as safe now becomes a vector - simply because it's trusted at critical moments. 

A fresh report from Check Point Software Technologies reveals cyberattacks targeting surveillance cameras in Israel and neighboring areas of the Middle East. These intrusions point toward coordinated moves to collect data while possibly preparing to interfere with essential infrastructure. Cyber operations have emerged alongside rising friction after documented strikes by U.S. and Israeli forces on locations inside Iran. 

In response, several groups aligned with Tehran have stated they carried out digital intrusions aimed at both official Israeli bodies and corporate networks. Even so, specialists observe that such assaults still lack major influence on the overall struggle. Yet, as nations lean more heavily on hacking methods, it becomes clear - cyber tactics now weave tightly into global power contests. When links arrive unexpectedly, skipping the download is wise - trust matters less than origin. 

Official storefronts serve as safer gateways compared to random web prompts. Messages mimicking familiar brands often hide traps beneath clean designs. Jumping straight to installation bypasses crucial checks best left intact. Verified platforms filter out many hostile imitations by design. Risk shrinks when access follows established paths instead of sudden urges. 

When emergencies strike, cyber threats tend to rise - manipulating panic instead of logic. Pressure clouds judgment, creating openings for widespread breaches. Urgency becomes a tool, not a shield, in these moments. Digital attacks grow sharper when emotions run high. Crises rarely pause harm; they invite it.
Read more »
Isreal
Cyber Attacks Cybersecurity Reporting cybersecurity risk Cyerhackers Hacker attack Iran Isreal

Cyberattacks Reported Across Iran Following Joint US-Israeli Strike on Strategic Targets

 

A fresh bout of online actions emerged overnight Friday into Saturday, running parallel to air assaults carried out jointly by U.S. and Israeli forces against sites inside Iran, security researchers noted. The timing suggests the virtual maneuvers were linked to real-world strikes - possibly aiming to scramble communication lines, shape information flow, or hinder organized reactions on the ground. 

Appearing online, altered pages of Iranian media sites showed protest slogans instead of regular articles. Though small in number, these digital intrusions managed to reach large audiences through popular platforms. A shift occurred when hackers targeted BadeSaba - an app relied on by millions for daily religious guidance. Messages within the app suggested military personnel step back and align with civilian demonstrators. Not limited to websites, the interference extended into mobile tools trusted by ordinary users. 

Despite its routine function, the calendar software became a channel for dissenting statements. More than just data theft, the breach turned everyday technology into a medium for political appeal. Someone poking around online security thinks the app got picked on purpose - lots of people who back the government use it to look up faith stuff. According to Hamid Kashifi, who started a tech outfit called DarkCell, that crowd turned the platform into a useful path for hackers aiming to push content within national borders. 

Meanwhile, connections online in Iran began falling fast. According to Doug Madory - who leads internet research at Kentik - access weakened notably when the strikes occurred, with just faint digital signals remaining in certain areas. Some reports noted cyber actions focused on various Iranian state functions, administrative bodies, along with possible facilities tied to defense. 

As referenced by the Jerusalem Post, these incidents might have sought to weaken Iran’s capacity for unified decision-making amid heightened tensions. Possibly just the start, this online behavior could signal deeper conflicts ahead. With hostilities growing, factions linked to Iran might strike back through digital means, according to Rafe Pilling. He leads threat analysis work at Sophos. Targets may include U.S. or Israeli defense systems, businesses, even everyday infrastructure. 

Such moves would come amid rising geopolitical strain. What researchers have seen lately involves reviving past data leaks, while also trying simpler ways to target online industrial controls. Early moves like these could serve as probes - checking weak spots or collecting details ahead of bigger actions, according to experts. Now working at the cybersecurity firm Halcyon, Cynthia Kaiser - once a top cyber official at the Federal Bureau of Investigation - observed a clear rise in digital operations throughout the Middle East. Calls urging more aggressive moves have already emerged from online actors aligned with Iran, she pointed out. 

Meanwhile, Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike, said the firm is already observing reconnaissance efforts and distributed denial-of-service attacks linked to Iranian-aligned groups. Though tensions rise, some experts point to how warfare now blends physical strikes with online attacks - raising fears of broader digital clashes. 

Iran, noted by American authorities before, appears in the same category as China and Russia when discussing state-backed hacking aimed at international systems. With hostilities evolving, unseen pathways into infrastructure take on greater risk, especially given past patterns of intrusion tied to geopolitical friction.
Read more »
Medical Data breach
Cyberattacks Data Breach Data protection data security Hacker attack Healthcare Data Theft Iran hackers Medical Data breach

Iran-Linked Handala Hackers Claim Breach of Israel’s Clalit Healthcare Network

 

A breach at Israel’s biggest health provider has been tied to an Iranian-affiliated hacking collective, which posted stolen patient records online. Claiming credit, a network calling itself Handala detailed the intrusion via public posts. Access reportedly reached Clalit Health Services’ core data stores. That institution cares for around fifty percent of the country’s residents. 

More than ten thousand people saw their medical files exposed, the hackers stated. Samples of what they say is real data now sit on public servers - names, test results, health scans tucked inside. Handala issued a statement saying Israel's hospital networks were left reeling after the breach, calling defenses weak and slow. What followed was not subtle: laughter at how easily systems gave way.  

Not just an attack, but positioned as resistance - this action followed claims of long-standing control and abuse. Echoing past messages, the announcement carried familiar tones seen when digital strikes hit Israeli bodies before. 

A strange post appeared online just hours before the reveal - hinting at something unfolding within Israel’s medical system. By next morning, reports confirmed a possible leak of sensitive information. Right after hearing about it, Clalit's cyber defense units started looking into what happened. Government agencies got updates right away, since detection tools kicked in under standard procedures. 

While checks are still underway, hospital networks remain stable and running without disruption. A fresh incident highlights ongoing digital operations tied to Iran, aimed at entities and people in Israel. In recent years, outfits connected to Tehran have faced claims of seeking information, interfering with key bodies, while also trying to pull in collaborators using internet exchanges along with money offers. 

Now known for bold statements, Handala has taken credit for multiple major cyber events, experts note. While Check Point Research points out that some assertions appear inflated, a few of those declarations align with verified breaches. Unexpected overlaps between claim and evidence keep scrutiny alive. 

In December, hackers revealed they had gained access to ex-Prime Minister Naftali Bennett’s Telegram messages. Confirmation came from Bennett's team - yes, the account was reached, yet his device remained untouched. 

Later, these attackers stated they went after more individuals in politics. Among them: ex-minister Ayelet Shaked and Tzachi Braverman, a close associate of Netanyahu. Earlier, Israel's medical system dealt with digital attacks. Last October, hackers targeted Assaf Harofeh Medical Center using ransomware linked to Qilin. Patient records were at risk when the criminals asked for 70,000 dollars. Threats to expose sensitive information followed if payment failed. 

Later, officials pointed to Iran’s likely involvement in that incident too - showing how digital attacks are becoming a key part of the strain between these nations.
Read more »
Malware attacks
Airport WiFi Security Cyber Attacks cybersecurity threats FBI FBI FBI warning Hacker attack Internet Routers Malware attacks

FBI Warns Outdated Wi-Fi Routers Are Being Targeted in Malware and Botnet Attacks

 

Cybersecurity risks could rise when outdated home routers stop getting manufacturer support, federal agents say. Devices from the late 2000s into the early 2010s often fall out of update cycles, leaving networks open. Without patches, vulnerabilities stay unaddressed - making intrusion more likely over time. Older models reaching end-of-life lack protection upgrades once available. This gap draws attention from officials tracking digital threats to household systems. 

Older network equipment often loses support as makers discontinue update releases. Once patching ends, weaknesses found earlier stay open indefinitely. Such gaps let hackers break in more easily. Devices like obsolete routers now attract criminals who deploy malicious code. Access at admin level gets seized without owners noticing. Infected machines may join hidden networks controlled remotely. Evidence shows law enforcement warning about these risks repeatedly. 

Built from hijacked devices, botnets answer to remote operators. These collections of infected machines frequently enable massive digital assaults. Instead of serving legitimate users, they route harmful data across the web. Criminals rely on them to mask where attacks originate. Through hidden channels, wrongdoers stay anonymous during operations. 

Back in 2011, Linksys made several routers later flagged as weak by the FBI. Devices like the E1200, E2500, and E4200 came under scrutiny due to security flaws. Earlier models also appear on the list - take the WRT320N, launched in 2009. Then there is the M10, hitting shelves a year after that one. Some routers come equipped with remote setup options, letting people adjust settings using web-connected interfaces. 

Though useful, such access may lead to problems if flaws are left unfixed. Hackers regularly search online for devices running open management ports, particularly ones stuck on old software versions. Hackers start by spotting weak routers, then slip through software gaps to plant harmful programs straight onto the machine. Once inside, that hidden code opens the door wide - giving intruders complete control while setting up secret talks with remote hubs. 

Sometimes, these taken devices ping those distant centers each minute, just to say they’re still online and waiting. Opened network ports on routers might let malware turn devices into proxies. With such access, attackers send harmful data across infected networks instead of launching attacks directly. Some even trade entry rights to third parties wanting to mask where they operate from. What makes router-based infections tricky is how hard they are to spot for most people. 

Since standard antivirus tools target laptops and phones, routers often fall outside their scope. Running within the router's own software, the malware stays hidden even when everything seems to work fine. The network keeps running smoothly, masking the presence of harmful code tucked deep inside. Older routers without regular updates become weak spots over time. 

Because of this, specialists suggest swapping them out. A modern replacement brings continued protection through active maintenance. This shift lowers chances of intrusions via obsolete equipment found in personal setups.
Read more »
LexisNexis
AWS Cloud Data Theft Cloud Infrastructure Threats Customer Data Exposed Data Breach Data protection data security Hacker attack LexisNexis

LexisNexis Confirms Data Breach After Hackers Exploit Unpatched React App

 

A breach at LexisNexis Legal & Professional exposed some customer and business data, the firm confirmed. News surfaced after FulcrumSec claimed responsibility and leaked about two gigabytes of files on underground platforms. Hackers accessed parts of the company’s systems, though the breach scope was limited. The American analytics provider confirmed the incident days later, stating only a small portion of its infrastructure was affected. 

The company said an outside actor gained access to a limited number of servers. LexisNexis Legal & Professional provides legal research, regulatory information, and analytics tools to lawyers, corporations, government agencies, and universities in more than 150 countries. According to the firm, most of the accessed information came from older systems and was not considered sensitive, which reduced the potential impact.  

Internal findings showed that much of the exposed data originated from legacy systems storing information created before 2020. Records included customer names, user IDs, and business contact details. Some files contained product usage information and logs from past support tickets, including IP addresses from survey responses. However, sensitive personal identifiers such as Social Security numbers or driver’s license data were not included. Financial information, active passwords, search queries, and confidential client case data were also not part of the compromised dataset. 

The breach reportedly occurred around February 24 after attackers exploited the React2Shell vulnerability in an outdated front-end application built with React. The flaw allowed entry into cloud resources hosted on Amazon Web Services before it was addressed. 

While LexisNexis described the affected systems as containing mostly obsolete data, FulcrumSec claimed the intrusion was broader. The group said it extracted about 2.04GB of structured data from the company’s cloud infrastructure, including numerous database tables, millions of records, and internal system configurations. According to the attacker, the breach exposed more than 21,000 customer accounts and information linked to over 400,000 cloud user profiles, including names, email addresses, phone numbers, and job roles. 

Some of the records reportedly belonged to individuals with .gov email addresses, including U.S. government employees, federal judges and law clerks, Department of Justice attorneys, and staff connected to the Securities and Exchange Commission. FulcrumSec also criticized the company’s cloud security setup, alleging that a single ECS task role had access to numerous stored secrets, including credentials linked to production databases. The group said it attempted to contact the company but claimed no cooperation occurred. 

LexisNexis stated that the breach has been contained and confirmed that its products and customer-facing services were not affected. The company notified law enforcement and engaged external cybersecurity experts to assist with investigation and response. Customers, both current and former, have also been informed about the incident. The company had disclosed another breach last year after a compromised corporate account exposed data belonging to roughly 364,000 customers. 

The latest case highlights how vulnerabilities in cloud applications and outdated software can expose enterprise systems even when they contain primarily legacy information.
Read more »
Malicious Codes
AWS AWS Hijacking Cyber Attacks Cyber flaws cybersecurity risks GitHub Hacker attack Malicious Codes

AWS CodeBuild Misconfiguration Could Have Enabled Full GitHub Repository Takeover

 

One mistake in how Amazon Web Services set up its CodeBuild tool might have let hackers grab control of official AWS GitHub accounts. That access could spill into more parts of AWS, opening doors for wide-reaching attacks on software supplies. Cloud security team Wiz found the weak spot and called it CodeBreach. They told AWS about it on August 25, 2025. Fixes arrived by September that year. Experts say key pieces inside AWS were at stake - like the popular JavaScript SDK developers rely on every day. 

Into trusted repositories, attackers might have slipped harmful code thanks to CodeBreach, said Wiz team members Yuval Avrahami and Nir Ohfeld. If exploited, many apps using AWS SDKs could face consequences - possibly even disruptions in how the AWS Console functions or risks within user setups. Not a bug inside CodeBuild caused this, but gaps found deeper in automated build processes. These weak spots lived where tools merge and deploy code automatically. 

Something went wrong because the webhook filters had been set up incorrectly. They’re supposed to decide which GitHub actions get permission to start CodeBuild tasks. Only certain people or selected branches should be allowed through, keeping unsafe code changes out of high-access areas. But in a few open-source projects run by AWS, the rules meant to check user IDs didn’t work right. The patterns written to match those users failed at their job. 

Notably, some repositories used regex patterns missing boundary markers at beginning or end, leading to incomplete matches rather than full validation. This gap meant a GitHub user identifier only needed to include an authorized maintainer's number within a larger sequence to slip through. Because GitHub hands out IDs in order, those at Wiz showed how likely it became for upcoming identifiers to accidentally align with known legitimate ones. 

Ahead of any manual effort, bots made it possible to spam GitHub App setups nonstop. One after another, these fake apps rolled out - just waiting for a specific ID pattern to slip through broken checks. When the right match appeared, everything changed quietly. A hidden workflow fired up inside CodeBuild, pulled from what should have stayed locked down. Secrets spilled into logs nobody monitored closely. For aws-sdk-js-v3, that leak handed total control away - tied straight to a powerful token meant to stay private. If hackers gained that much control, they might slip harmful code into secure branches without warning. 

Malicious changes could get approved through rigged pull requests, while hidden data stored in the repo gets quietly pulled out. Once inside, corrupted updates might travel unnoticed through trusted AWS libraries to users relying on them. AWS eventually confirmed some repos lacked tight webhook checks. Still, they noted only certain setups were exposed. 

Now fixed, Amazon says it adjusted those flawed settings. Exposed keys were swapped out, safeguards tightened around building software. Evidence shows CodeBreach wasn’t used by attackers, the firm added. Yet specialists warn - small gaps in automated pipelines might lead to big problems down the line. Now worries grow around CI/CD safety, a new report adds fuel. 

Lately, studies have revealed that poorly set up GitHub Actions might spill sensitive tokens. This mistake lets hackers gain higher permissions in large open-source efforts. What we’re seeing shows tighter checks matter. Running on minimal needed access helps too. How unknown data is processed in builds turns out to be critical. Each step shapes whether systems stay secure.
Read more »
Hacker attack
Cyber Attacks Cybersecurity Breach Data Breaches Data Leaked data security Defaced Website Hacked Hacker attack

Russian-Linked Surveillance Tech Firm Protei Hacked, Website Defaced and Data Published

 

A telecommunications technology provider with ties to Russian surveillance infrastructure has reportedly suffered a major cybersecurity breach. The company, Protei, which builds systems used by telecom providers to monitor online activity and restrict access to websites and platforms, had its website defaced and internal data stolen, according to information reviewed by TechCrunch. The firm originally operated from Russia but is now based in Jordan and supplies technology to clients across multiple regions, including the Middle East, Europe, Africa, Mexico, Kazakhstan and Pakistan. 

Protei develops a range of systems used by telecom operators, including conferencing platforms and connectivity services. However, the company is most widely associated with deep packet inspection (DPI) tools and network filtering technologies — software commonly used in countries where governments impose strict controls on online information flow and communication. These systems allow network providers to inspect traffic patterns, identify specific services or websites and enforce blocks or restrictions. 

It remains uncertain exactly when the intrusion occurred, but archived pages from the Wayback Machine indicate the public defacement took place on November 8. The altered site contained a short message referencing the firm’s involvement in DPI technology and surveillance infrastructure. Although the webpage was restored quickly, the attackers reportedly extracted approximately 182 gigabytes of data from Protei’s systems, including email archives dating back several years. 

A copy of the exposed files was later supplied to Distributed Denial of Secrets (DDoSecrets), an organization known for cataloging leaked data from governments, law enforcement agencies and companies operating in surveillance or censorship markets. DDoSecrets confirmed receiving the dataset and made it available to researchers and journalists. 

Prior to publication, TechCrunch reached out to Protei leadership for clarification. Mohammad Jalal, who oversees the company’s Jordan branch, did not initially respond. After publication, he issued an email claiming the company is not connected to Russia and stating that Protei had no confirmed knowledge of unauthorized data extraction from its servers. 

The message left by the hacker suggested an ideological motive rather than a financial one. The wording referenced SORM — Russia’s lawful interception framework that enables intelligence agencies to access telecommunications data. Protei’s network filtering and DPI tools are believed to complement SORM deployments in regions where governments restrict digital freedoms. 

Reports from research organizations have previously linked Protei technology to censorship infrastructure. In 2023, Citizen Lab documented exchanges suggesting that Iranian telecommunications companies sought Protei’s systems to log network activity and block access to selected websites. Documents reviewed by the group indicated the company’s ability to deploy population-level filtering and targeted restrictions. 

The breach adds to growing scrutiny surrounding technology vendors supplying surveillance capabilities internationally, especially in environments where privacy protections and freedom of expression remain vulnerable.
Read more »
Modern Vehicles
autonomous vehicles car tracking Cyber Security cyberattacks on transportation cybersecurity vulnerability Hacker attack Modern Vehicles

Why Oslo’s Bus Security Tests Highlight the Hidden Risks of Connected Vehicles

 

Modern transportation looks very different from what it used to be, and the question of who controls a vehicle on the road no longer has a simple answer. Decades ago, the person behind the wheel was unquestionably the one in charge. But as cars, buses, and trucks increasingly rely on constant connectivity, automated functions, and remote software management, the definition of a “driver” has become more complicated. With vehicles now vulnerable to remote interference, the risks tied to this connectivity are prompting transportation agencies to take a closer look at what’s happening under the hood. 

This concern is central to a recent initiative by Ruter, the public transport agency responsible for Oslo and the surrounding Akershus region. Ruter conducted a detailed assessment of two electric bus models—one from Dutch manufacturer VDL and another from Chinese automaker Yutong—to evaluate the cybersecurity implications of integrating modern, connected vehicles into public transit networks. The goal was straightforward but crucial: determine whether any external entity could access bus controls or manipulate onboard camera systems. 

The VDL buses showed no major concerns because they lacked the capability for remote software updates, effectively limiting the pathways through which an attacker could interfere. The Yutong buses, however, presented a more complex picture. While one identified vulnerability tied to third-party software has since been fixed, Ruter’s investigation revealed a more troubling possibility: the buses could potentially be halted or disabled by the manufacturer through remote commands. Ruter is now implementing measures to slow or filter incoming signals so they can differentiate between legitimate updates and suspicious activity, reducing the chance of an unnoticed hijack attempt. 

Ruter’s interest in cybersecurity aligns with broader global concerns. The Associated Press noted that similar tests are being carried out by various organizations because the threat landscape continues to expand. High-profile demonstrations over the past decade have shown that connected vehicles are susceptible to remote interference. One of the most well-known examples was when WIRED journalist Andy Greenberg rode in a Jeep that hackers remotely manipulated, controlling everything from the brakes to the steering. More recent research, including reports from LiveScience, highlights attacks that can trick vehicles’ perception systems into detecting phantom obstacles. 

Remote software updates play an important role in keeping vehicles functional and reducing the need for physical recalls, but they also create new avenues for misuse. As vehicles become more digital than mechanical, transit agencies and governments must treat cybersecurity as a critical aspect of transportation safety. Oslo’s findings reinforce the reality that modern mobility is no longer just about engines and wheels—it’s about defending the invisible networks that keep those vehicles running.
Read more »
Subscribe to: Posts (Atom)