Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker. Show all posts
Visa news
cyberattacks trending news Hacker USA Visa news

US Embassy Cautions Visa Applicants After Bengaluru Man Falls Prey to Scam

 

The US Embassy in New Delhi has issued a cautionary alert to individuals applying for US visas, urging them to be wary of online scams that falsely promise to expedite visa interview appointments. This warning comes in the wake of a cyber fraud case reported from Bengaluru, where a 45-year-old engineer was duped by a scammer posing as a facilitator on the Telegram messaging app. 

According to reports, the engineer, a resident of RR Nagar, came across a Telegram channel on May 22 that appeared to offer assistance in advancing B-1/B-2 visa interview dates. His appointment was initially set for April 2026. Shortly after joining the channel, he was contacted by someone claiming to be Vanam Sravan Krishna. The individual promised to reschedule the appointment for a fee of ₹10,000. Trusting the offer, the victim shared his US visa portal login credentials and transferred the amount. 

The scammer later sent a forged appointment confirmation and demanded an additional ₹10,000, threatening to change the login credentials if the payment wasn’t made. After the second payment, the fraudster locked the victim out of his visa account by altering the credentials. A case was subsequently filed with the West CEN police on May 24, and investigations are ongoing. 

Following the incident, the US Embassy took to social media to warn applicants that any claim of fast-tracking visa appointments for money is fraudulent. The post emphasized that personal information and login details should never be shared with unverified sources. Embassy officials reiterated that only official platforms should be used for visa-related processes. 

A senior official from the Criminal Investigation Department noted that the applicant may not receive support from the embassy in this case, as he voluntarily shared his credentials and attempted to bypass the official process. According to the officer, the applicant may no longer be able to generate a fresh visa request. 

The incident comes amid evolving visa policies, including proposals reportedly under consideration by US authorities to introduce a $1,000 premium processing fee for faster interview appointments. This follows a broader move to tighten visa screening procedures, including the suspension of new student and visitor visa interviews in several countries. The embassy’s latest alert serves as a reminder to applicants to rely solely on official sources and to be vigilant against offers that appear too good to be true.
Read more »
trending news
Hacker T-Mobile trending news

T-Mobile’s T-Life App Raises Privacy Concerns Over Hidden Screen Recording Feature

 

T-Mobile’s flagship app, T-Life, designed to handle everything from account management to home internet settings and perks like T-Mobile Tuesdays, is now under scrutiny for a controversial feature buried deep within its settings—screen recording. The app, widely promoted as a one-stop solution for T-Mobile users, reportedly includes an option that allows it to record users’ screens during usage. According to T-Mobile, the feature is meant to help the company understand how customers interact with the app and improve the overall experience. 

However, the approach has raised serious privacy and design concerns, with critics calling it inefficient and unnecessary in an era where more refined analytics tools are standard practice across the app industry. What’s alarming is that while T-Mobile claims the feature is for user experience enhancement, screen recording as a method is rarely used by major developers for this purpose. Most prefer in-app tracking systems that anonymise and aggregate user behaviour without capturing screen content. Users and privacy advocates argue that this unusual method points less to data theft and more to a worrying level of incompetence or oversight in app development. 

 
Initially, reports of the screen recording feature surfaced among users of the Apple iPhone 16 series. However, it soon became clear that the issue isn't exclusive to iOS. Several Android users have also flagged the same feature appearing on devices including the Google Pixel 8 and 9, as well as Samsung Galaxy S21 and S22 Ultra models. The discovery has sparked widespread discussion on Reddit and other online forums, where users continue to share screenshots, speculate about the purpose of the feature, and call for greater transparency. 

As of now, T-Mobile has not released an official statement clarifying the extent or exact function of the screen recording capability, leaving users uncertain and concerned. Until the carrier addresses the issue directly, questions around user consent, data security, and development practices remain unanswered, deepening the distrust around what was supposed to be a convenient, all-in-one customer app.
Read more »
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
WiFi
Bank Security Cyber Attacks Hacker Personal Data WiFi

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

5 Signs Your Wi-Fi Has Been Hacked: Protect Your Bank Details

The tech company Aura sent its experts to investigate the telltale indicators that cybercriminals have overcome your wi-fi. A hacker can access all of your sensitive information through your wifi in a number of methods, and it's far easier to detect than you might believe.

In the event that this occurs, outsiders will have access to your bank account information and other private information. They may even be able to listen in on your private discussions with loved ones, parents, or other family members.

However, you can tell if your wifi has been hacked or not by looking for these five indicators:

1. Reduced internet speed

If your internet provider is normally trouble-free, an abrupt and unusual slowdown in your access to the internet may indicate that hackers have attacked your router.

2. Finding strange devices or IP addresses

Unknown gadgets, sometimes known as rogue devices, may indicate that hackers are trying to access private data from your router.

If you see this, you need to check if any unidentified devices are included in the list of connected devices by logging in to your router's IP address, which is typically found on the router itself.

3. Suddenly, the Wi-Fi password has changed

Should this occur without warning, there may be a connection to hacker activity.

You won't be able to access the router and resolve the problem on your own because these annoying hackers typically alter your login credentials after they have access.

4. Unknown or new software installed on your devices

If you notice any strange new software on your device, it can be a sign that hackers have been targeting your network and maybe installing malware.

5. Strange activities on your web browser

You will almost certainly notice this: if your browser starts directing you to strange websites, it's possible that hackers have altered your DNS settings. You may also notice things like ransomware messages appearing that purport to have sensitive data or photos, suggesting that hackers may have gained access to your router.

Fake purchasers will often contact real sellers of goods and appear to be interested in making a purchase in an attempt to obtain your private information.

The scammer would then lie and claim to have transferred monies that are only available through a dubious link, so the transaction never actually happens.

Usually, the link is a phishing one, where the seller enters their bank card information thinking they will get money, but inadvertently allows their account to be drained. There are, nevertheless, safety measures you can do. Downloading antivirus software would help prevent those hackers from getting near you.

Read more »
North Korea
Cyber Security Digital Vigilante Geopolitical Intrigue Hacker North Korea

Alejandro Caceres: The Vigilante Hacker Who Took Down North Korea’s Internet

Alejandro Caceres: The Vigilante Hacker Who Took Down North Korea’s Internet

In the shadowy world of cybersecurity, where nation-states and rogue actors engage in digital warfare, one man stood out—a vigilante hacker named Alejandro Caceres. His audacious mission: was to take down North Korea’s internet infrastructure. 

Caceres launched a one-man cyberwar that disrupted every publicly visible website in North Korea, keeping them offline for over a week. But who was this mysterious figure, and what drove him to such extreme measures?

The Unlikely Hero

Alejandro Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, hardly fits the profile of a cyberwarrior. Yet, his personal vendetta against North Korean spies pushed him to the brink. 

Having been targeted by North Korean agents earlier, Caceres reported the incidents to the FBI, only to receive no government support. Frustrated and disillusioned, he decided to take matters into his own hands. His mission: to send a message to Kim Jong Un’s regime that messing with American hackers would have consequences.

The Pseudonym: P4x

As Caceres executed his attack, he adopted the pseudonym “P4x.” The name was a clever nod to his intention: to force peace with North Korea through the threat of his own punitive measures. 

By hiding behind this moniker, he hoped to evade both North Korean retaliation and potential criminal hacking charges from his own government. P4x became the faceless avenger, a digital vigilante with a singular purpose.

The Tools of the Trade

Armed with custom-built programs and cloud-based servers, Caceres disrupted North Korea’s internet infrastructure. His attacks were intermittent, calculated, and relentless. Publicly visible websites blinked out of existence, leaving the regime scrambling for answers. 

Caceres provided screen-capture videos and real-time evidence of his disruption, all while remaining hidden in his coastal Florida home. 

The Power of One

Caceres’ story underscores the power of a single individual in the vast digital landscape. In a world dominated by nation-states and cyber armies, he stood alone against North Korea. His actions were audacious, risky, and morally ambiguous. Was he a hero or a rogue? The answer, perhaps, lies in the gray areas of cyberwarfare.

The Message

As North Korea’s internet flickered and faltered, Caceres sent a message: No one is untouchable. Even the most secretive regime could be disrupted by a determined hacker. His personal vendetta had transformed into a geopolitical statement. The world watched as North Korea’s cyber defenses crumbled, and P4x became a legend.

Read more »
WormGPT
Artificial Intelligence ChatGPT Cyberactivity Cybersecurity Hacker Technology WormGPT

Evil Unleashed: Meet WormGPT Chat's Wicked Twin

 


Over 100 million users have signed up for ChatGPT since it launched last year, making it one of the top ten most popular apps in the world. Artificial intelligence has taken the world by storm in recent years with OpenAI's chatbots. In the wake of Bing Chat and Google Bard, Microsoft and Google have created follow-up products inspired by Bing Chat. A revolutionary AI is in town - WormGPT, which you could say is here to make your life easier, but it's not here to help you. 

A worm-like AI chatbot called WormGPT has not been designed to bring amusingly wriggly invertebrate AI assistance to the feline-specific ChatGPT, but rather to provide a fun twist on the traditional chatbot. It's a far more malicious and unethical tool that is designed without ethics to be of any use to anyone. A popular advantage of this product is that it boosts productivity, raises effectiveness, and lowers the entry barrier for your average cybercriminal to gain access.  

A hacker came up with WormGPT which is an artificial intelligence (AI) model used to create a malicious computer program. It poses a lot of danger to individuals and companies alike. It is imperative to note that WormGPT is different from its counterpart, ChatGPT, which is designed to help. ChatGPT has an excellent intention, whereas WormGPT is designed to attack large amounts of people. 

This "sophisticated AI model," independently verified by cyber security firm SlashNext, was malicious. SlashNext alleges that the model was trained using a wide range of data sources, with a specific focus on malware-related data as part of its data-gathering process. In the case of GPT-J programming language software, the risks associated with AI modules can be exemplified by the threat of harming even those not well-versed in them.

Researchers from the International Center for Computer Security conducted experiments using phishing emails to better understand WormGPT risks. Despite being highly persuasive, the model also showed strategic cunning to generate persuasive emails. This was strategic. It is important to note that this indicates that sophisticated phishing attacks and business email compromises (BECs) are possible. 

In the last couple of years, experts, government officials, and even the creator of ChatGPT, along with the developers of WormGPT have recognized the dangers of AI tools such as ChatGPT and WormGPT. Their point of view has been that the public must be protected from misuse of these technologies through the adoption of regulations. There have also been warnings from Europol, the international organization that is meant to support law enforcement authorities in preventing the misuse of large language models (LLMs) such as ChatGPT for fraud, impersonation, and social engineering purposes. 

The primary concern with AI tools such as ChatGPT is their ability to automatically generate highly authentic text in response to a user prompt, which is what makes them so appealing to researchers.

The fact that they are so popular for phishing attacks makes them extremely useful. Phishing scams used to be very easy to detect because they had obvious grammatical and spelling errors that allowed them to be detected readily. The major advancement in artificial intelligence has provided a powerful tool for impersonating organizations and people in an extremely realistic manner, thanks to advances in AI. The above situation is even true for those who understand English at a basic level. 

The acquisition of WormGPT Large Language Model (LLM) style ChatGPT for only $60 a month on the dark web has now made it possible to access WormGPT services. Without any ethical or moral limits, it is now possible to access its services. The chatbot is a version of degenerate generative artificial intelligence; in other words, it is not subject to the same filters as its counterpart – the ChatGPT – that is imposed by corporations such as Google, Facebook, and even OpenAI. NordVPN's IT security experts have already described ChatGPT as the "evil twin" of ChatGPT.

It is probably the most powerful hacking tool available in the world at the moment. The WormGPT tool was designed by a skilled hacker who built it on top of open-source LLM GPT-J as of 2021. 

During the testing process of WormGPT, SlashNext discovered some disturbing results that need to be addressed. A phishing email would be very difficult for a human to detect since it is so convincing, but WormGPT went above and beyond just to come up with something convincing, it even put together a very sophisticated way of combining all the phishing email elements to deceive potential victims. 

The purpose of WormGPT is to protect your computer from any sort of attack by your adversaries. WormGPT was able to achieve this through a series of cat-and-mouse games with OpenAI, which Adrianus Warmenhoven explained to us. It can be said that this is the result of a company trying to circumvent the ever-expanding provisions imposed by the government. This is to protect itself from legal liability. It was a method used by the LLM to impart information on illegal activity into seemingly innocuous texts, such as family letters and other correspondences, as part of the training process. 

Cybercriminals will no longer have to be restricted to subverting Open AI, as explained by the expert. With WormGPT they will no longer be required to do so. As a result, they can effectively make this technology evolve based on their own needs, and this, in turn, will transform the world of Artificial Intelligence into a true wild west that is becoming increasingly populated by humans. 

It is without a doubt that they will have to choose from an array of ever-advancing, ever-improving models being offered to ne'er-do-wells shortly, with the first AI chatbot the majority of ne'er-do-wells will have to use to assist them with their criminal acts. 

There is no doubt that Artificial Intelligence will become an increasingly important tool in preventing AI-generated cybercrime in the coming years, resulting in a race to see which side can more proficiently answer its questions. 

As of now, there are 90 seconds left until midnight on the clock of doomsday. This is due to the rapid adoption of disruptive technologies by humans. As a result, the doomsday clock that monitors our internet security might as well be in the middle of the night shortly. The only likely outcome as two disruptive forces collide on the digital landscape is mutually assured destruction, so perhaps it's time to all climb into our antivirus Anderson shelters and fill our bellies with MRE Malwarebytes.
Read more »
Vulnerabilities and Exploits
Customer Data data security Flaws Hacker Security Security flaw Vulnerabilities and Exploits

Major Experian Security Vulnerability Exploited, Attackers Access Customer Credit Reports

 

As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in the URL bar. 

Jenya Kushnir, a cybersecurity researcher, discovered the vulnerability on Telegram after monitoring hackers selling stolen reports and collaborated with KrebsOnSecurity to investigate it further. The concept was straightforward: if you had the victim's name, address, birthday, and Social Security number (all of which could be obtained from a previous incident), you could go to one of the websites offering free credit reports and submit the information to request one.

The website would then redirect you to the Experian website, where you would be asked to provide more personally identifiable information, such as questions about previous addresses of living and such.
And this is where the flaw can be exploited. 

There is no need to answer any of those questions; simply change the address displayed in the URL bar from "/acr/oow/" to "/acr/report," and you will be presented with the report. While testing the concept, Krebs discovered that changing the address first redirects to "/acr/OcwError," but changing it again worked: "Experian's website then displayed my entire credit file," according to the report.

The good news (if it can be called that) is that Experian's reports are riddled with errors. In the case of Krebs, it contained a number of phone numbers, only one of which was previously owned by the author.

Experian has remained silent on the matter, but the issue appears to have been resolved in the meantime. It's unknownfor how long the flaw was active on the site or how many fraudulent reports were generated during that time.
Read more »
Twitter Data Breach
BBC Data Breach Hacker Stolen Data. Twitter users Twitter Twitter Data Breach

Ryushi Demanding Ransom Worth $200,00 For Breached Data


In a recent case of a Twitter data breach, the hacker named “Ryushi” demanded a ransom worth $200,000 to hand over the stolen data of 400 million users. 

In regard to this, a probe has been launched by Ireland’s watchdog. According to the Data Protection Commission (DPC) it "will examine Twitter's compliance with data protection law in relation to that security issue." 

As per the reports, Twitter did not comment on this claim yet, nor did it respond to the press inquiries regarding the claimed breach. 

The stolen data apparently includes victims’ phone numbers and emails, including that of some celebrities and politicians. While the exact size of the haul is yet to be confirmed, only a small “sample” has been made public thus far.  

Several Hints May Prove the Claim 

A cybercrime intelligence firm 'Hudson Rock' was the first to bring up the issue of the sale of stolen data. One of the company's chief technology officers told BBC that several hints seemed to back up the hacker's assertion. 

The data did not seem to have been copied from some earlier breach, where the details were made public from 5.4 million Twitter accounts. 

Out of the 1,000 sample emails provided by the hacker in the earlier incident, only 40 emails appeared, "so we are confident that this breach is different and significantly bigger," the officer said.

Additionally, Mr. Gal noted: "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." An escrow service is a third party that agrees to release funds but only after certain conditions are met (for example handing over data)  

The hacker has said that the breached data was obtained and gathered by taking advantage of a vulnerability in the system, that enables computer programs to connect with Twitter. 

The DCP on the other hand announced that it was investigating the earlier breach that took place on December 23, 2022. Moreover, media reports assert that the hacker is in fact aware of the loss and potential damage the breached data can do.  

Read more »
Subscribe to: Posts (Atom)