Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hackers. Show all posts
phishing
anime AttackonTitan Cyber Security DemonSlayer GenZ Hackers Kaspersky Naruto OnePiece phishing

Hackers Use Popular Anime Titles to Lure Gen Z into Malware Traps, Warns Kaspersky

 

Cybercriminals are increasingly camouflaging malware as anime content to exploit the growing global fascination with Japanese animation, according to cybersecurity firm Kaspersky. Their recent analysis of phishing incidents between Q2 2024 and Q1 2025 revealed over 250,000 attacks leveraging anime themes to deceive victims.

Anime, a stylized form of animated entertainment that originated in Japan, has become immensely popular, particularly among Gen Z — individuals born in the early 2000s. Kaspersky’s research highlights that anime is now more mainstream than ever, especially with younger audiences. Approximately 65% of Gen Z reportedly consume anime regularly, a trend that has made them prime targets for themed phishing campaigns.

“They connect to the characters,” Kaspersky noted, adding that viewers often become “emotionally invested” in the shows. This emotional connection is being weaponized by threat actors who are tricking fans into clicking on malicious links under the pretense of offering “exclusive episodes”, “leaked scenes”, or “premium access”.

Among the anime franchises most frequently used in these scams, Naruto topped the list with around 114,000 attack attempts. Demon Slayer followed with 44,000 incidents, trailed by other popular titles like Attack on Titan, One Piece, and Jujutsu Kaisen.

However, anime isn’t the only bait being used. Hackers have also disguised malicious content using names from other pop culture phenomena including Shrek, Stranger Things, Twilight, Inside Out, and Deadpool & Wolverine, with these non-anime themes accounting for an additional 43,000 phishing attempts. A notable spike in such attacks occurred in early 2025, coinciding with the release of the latest Shrek trailer.

As a precaution, Kaspersky advises users to steer clear of suspicious links or downloads, especially when the offer appears too good to be true. Instead, viewers looking for the latest episodes should use verified platforms such as Netflix, Hulu, or Disney+ to avoid falling victim to cyber scams.
Read more »
IT desk
Data Breach Dior Hackers harrods IT desk

Hackers Are Fooling IT Help Desks — Here’s How You Can Stay Protected

 


IT support teams, also known as service desks, are usually the first people we call when something goes wrong with our computers or accounts. They’re there to help fix issues, unlock accounts, and reset passwords. But this helpfulness is now being used against them.

Cybercriminals are targeting these service desks by pretending to be trusted employees or partners. They call in with fake stories, hoping to trick support staff into giving them access to systems. This method, called social engineering, relies on human trust — not hacking tools.


Recent Examples of These Attacks

In the past few months, several well-known companies have been hit by this kind of trickery:

1. Marks & Spencer: Attackers got the IT team to reset passwords, which gave them access to personal data. Their website and online services were down for weeks.

2. Co-Op Group: The support team was misled into giving system access. As a result, customer details and staff logins were stolen, and some store shelves went empty.

3. Harrods: Hackers tried a similar trick but were caught in time before they could cause any damage.

4. Dior: An unknown group accessed customer information like names and shopping history. Thankfully, no payment details were leaked.

5. MGM Resorts (2023): Hackers phoned the help desk, pretending to be someone from the company. They convinced the team to turn off extra security on an account, which led to a major cyberattack.


Why Hackers Target Support Desks

It’s often much easier to fool a person than to break into a computer system. Help desk workers are trained to respond quickly and kindly, especially when someone seems stressed or claims they need urgent access.

Hackers take advantage of this by pretending to be senior staff or outside vendors, using pressure and believable stories to make support agents act without asking too many questions.


How These Scams Work

• Research: Criminals gather public details about the company and employees.

• Fake Identity: They call the support team, claiming to be locked out of an account.

• Create Urgency: They insist the situation is critical, hoping the agent rushes to help.

• Avoiding Security: They make up excuses for not being able to use two-step login and ask for a reset.

• Gain Access: Once the reset is done, they log in and start their attack from the inside.


What Can Be Done to Prevent This

Companies should train their support teams to slow down, ask the right questions, and always verify who they’re talking to — no matter how urgent the request sounds. It’s also smart to use extra security tools that help confirm a person’s identity before giving access.

Adding clear rules and multi-layered checks will make it harder for attackers to slip through, even when they try their best to sound convincing.

Read more »
Telecom
China Cyber Security Hackers Telecom

China Launches Advanced Quantum Security Network Said to Be “Unhackable”

 


A major Chinese telecom company has launched what it claims is the first commercial security system that can protect digital communication from even the most powerful future hackers — including those using quantum computers.

China Telecom Quantum, a state-owned firm, recently introduced a new kind of encryption system that combines two advanced technologies to create strong protection for data, phone calls, and user identity. This system was successfully used to make a secure phone call between Beijing and Hefei  a distance of more than 1,000 kilometers — without risking any data leaks or breaches.


The Problem: Quantum Computers Could Break Today’s Encryption

As quantum computing continues to develop, it is expected to pose a serious threat to current cybersecurity systems. These new types of computers are extremely fast and powerful, and experts believe they could one day crack the encryption used to protect sensitive information like passwords, bank data, and government records.

To stay ahead of these threats, China Telecom has built a new system that combines:

1. A quantum-based method that sends encryption keys using the principles of quantum physics, making them nearly impossible to steal or intercept.

2. A mathematics-based method that protects data using very difficult equations that even quantum computers would find hard to solve.


This two-layer approach forms a highly secure framework to protect digital communication.


Tested in Real Conditions and Ready to Use

China Telecom says the system has been tested successfully and is ready to be used on a large scale. The company has already created secure quantum networks in 16 cities, including Beijing, Shanghai, Guangzhou, and Hefei.

These networks now make up a nationwide secure communication system. Among them, Hefei’s network is the largest and most advanced in the world, with eight main hubs and over 150 connection points spread across 1,147 kilometers. It is already being used by around 500 government departments and nearly 400 publicly owned companies.


Extra Tools for Safe Messaging and Document Management

The company has also introduced two new secure tools:

• Quantum Secret — a messaging and teamwork app designed to keep communication safe from even advanced hackers.

• Quantum Cloud Seal — a platform made for secure digital approvals, auditing, and managing documents for businesses and government offices.

Both tools are already being used across different industries in China.

With this launch, China has taken a major step toward building a future-ready cybersecurity system — one that can stay strong even as quantum computing technology continues to grow.

Read more »
Hackers
Cactus ransomware Cyber crimes elastic Google Hackers

Cybercriminals Are Dividing Tasks — Why That’s a Big Problem for Cybersecurity Teams

 



Cyberattacks aren’t what they used to be. Instead of one group planning and carrying out an entire attack, today’s hackers are breaking the process into parts and handing each step to different teams. This method, often seen in cybercrime now, is making it more difficult for security experts to understand and stop attacks.

In the past, cybersecurity analysts looked at threats by studying them as single operations done by one group with one goal. But that method is no longer enough. These days, many attackers specialize in just one part of an attack—like finding a way into a system, creating malware, or demanding money—and then pass on the next stage to someone else.

To better handle this shift, researchers from Cisco Talos, a cybersecurity team, have proposed updating an older method called the Diamond Model. This model originally focused on four parts of a cyberattack: the attacker, the target, the tools used, and the systems involved. The new idea is to add a fifth layer that shows how different hacker groups are connected and work together, even if they don’t share the same goals.

By tracking relationships between groups, security teams can better understand who is doing what, avoid mistakes when identifying attackers, and spot patterns across different incidents. This helps them respond more accurately and efficiently.

The idea of cybercriminals selling services isn’t new. For years, online forums have allowed criminals to buy and sell services—like renting out access to hacked systems or offering ransomware as a package. Some of these relationships are short-term, while others involve long-term partnerships where attackers work closely over time.

In one recent case, a group called ToyMaker focused only on breaking into systems. They then passed that access to another group known as Cactus, which launched a ransomware attack. This type of teamwork shows how attackers are now outsourcing parts of their operations, which makes it harder for investigators to pin down who’s responsible.

Other companies, like Elastic and Google’s cyber threat teams, have also started adapting their systems to deal with this trend. Google, for example, now uses separate labels to track what each group does and what motivates them—whether it's financial gain, political beliefs, or personal reasons. This helps avoid confusion when different groups work together for different reasons.

As cybercriminals continue to specialize, defenders will need smarter tools and better models to keep up. Understanding how hackers divide tasks and form networks may be the key to staying one step ahead in this ever-changing digital battlefield.

Read more »
Public Sector
Critical Infrastructure Cyber Attacks Cyber Warfare DDoS Hacker attack Hackers Indian Cyber Security Malware Attack Military Data Public Sector

India Faces Cyber Onslaught After Operation Sindoor Military Strikes

 

In the aftermath of India’s military action under Operation Sindoor, Pakistan responded not only with conventional threats but also with a wave of coordinated cyberattacks. While India’s defense systems effectively intercepted aerial threats like drones and missiles, a simultaneous digital assault unfolded, targeting the nation’s critical infrastructure and strategic systems. 

Reports from The Times of India indicate that the cyberattacks were focused on key defense public sector units (PSUs), their supporting MSMEs, and essential infrastructure including airports, ports, the Indian Railways, power grids, and major telecom providers such as BSNL. Additionally, digital financial platforms—ranging from UPI services to stock exchanges and mobile wallets—were also in the crosshairs. 

Sources suggest these cyber intrusions aimed to steal classified military data, disrupt daily life, and damage India’s global standing. Allegedly, the attackers sought intelligence on missile defense systems and military readiness. In retaliation, India reportedly struck back at Pakistani military infrastructure, although the cyber battlefield remains active. 

Cybersecurity expert and Interpol trainer Pendyala Krishna Shastry confirmed the attacks involved a range of methods: malware deployment, denial-of-service (DoS) strikes, phishing schemes, and website defacements. These tactics targeted multiple sectors, including finance, telecom, and public services, aiming to breach systems and sow confusion. 

Website tracking portal Zone-H recorded several government domain breaches. Notable targets included the websites of the National Institute of Water Sports (niws.nic.in) and nationaltrust.nic.in, both of which were defaced before being restored. The Central Coalfields Ltd (CCL) website also experienced a breach, displaying a message from a group calling itself “Mr Habib 404 – Pakistani Cyber Force,” declaring, “You thought you were safe, but we are here.” 

Although CCL’s Public Relations Officer Alok Gupta dismissed the breach as a technical issue with no data loss, cybersecurity experts warn that downplaying such incidents could weaken national digital defense. 

This escalation underscores how cyber warfare is now being integrated into broader military strategies. Experts argue that India must urgently strengthen its cyber defenses to address the growing threat. Priorities include deploying AI-based threat detection, reinforcing CERT-In and sector-specific Security Operation Centres (SOCs), enforcing strong cybersecurity practices across public systems, and expanding collaboration on global cyber intelligence. 

As state-sponsored attacks become more sophisticated and frequent, India’s ability to defend its digital frontier will be just as crucial as its military strength.
Read more »
WordPress Plugin
data access Hackers malware WordPress Plugin

Harmful WordPress Plugin Posing as Security Tool Grants Hackers Full Access

 



A newly discovered cyberattack is targeting WordPress websites by using a plugin that pretends to improve security but actually opens a backdoor for criminals. This fake plugin secretly gives attackers full control of affected sites.


How the Infection Begins

Security researchers at Wordfence found this malware while cleaning an infected website earlier this year. They noticed that a key WordPress system file named ‘wp-cron.php’ had been tampered with. This edited file was creating and activating a hidden plugin on its own, without the website owner’s permission.

This plugin has appeared under various names such as:

• wp-antymalwary-bot.php

• addons.php

• wpconsole.php

• wp-performance-booster.php

• scr.php

Even if the plugin is deleted manually, the altered ‘wp-cron.php’ file automatically brings it back the next time someone visits the website. This allows the malicious code to keep coming back.


How Hackers Might Be Gaining Entry

It’s still not clear how the hackers are getting into these websites in the first place. Experts believe they may be using stolen login credentials for hosting accounts or file transfer services like FTP. Unfortunately, no server logs were available to confirm exactly how the breach happens.


What the Plugin Allows Attackers to Do

Once active, the plugin checks if it's running correctly and then silently gives the attacker admin-level control. By using a special hidden function, attackers can log in as an administrator without using the usual login page. All they need is a specific web address and a password to take over the site.

The plugin also opens a secret door (called an API route) that doesn’t require login access. This lets attackers do things like:

• Add harmful code into theme files

• Clear plugin cache data

• Carry out other hidden tasks via special web requests

In updated versions of the malware, the plugin can also add harmful JavaScript to the website’s code. This can be used to show spam, redirect users to risky websites, or collect data from site visitors.


What Site Owners Should Watch For

Website managers should check the ‘wp-cron.php’ file and their theme’s ‘header.php’ file for any unfamiliar edits. Also, log entries with keywords like “emergency_login” or “urlchange” should be seen as warning signs of a possible attack.

Regular monitoring and cleanup can help prevent these kinds of silent takeovers.

Read more »
VPN
Breach Cyber Security DomainControllers Hackers Ransomware Reconnaissance VPN

Majority of Human-Operated Cyberattacks Target Domain Controllers, Warns Microsoft

 

Microsoft has revealed that nearly 80% of human-operated cyberattacks involve compromised domain controllers, according to a recent blog post published on Wednesday. Alarmingly, in over 30% of these incidents, attackers use the domain controller—a central system in corporate IT networks—to spread ransomware across the organization.

A breached domain controller can give hackers access to password hashes for every user in the system. With these credentials, cybercriminals can identify and exploit privileged accounts, including those held by IT administrators. Gaining control of these accounts allows attackers to escalate their access levels.

"This level of access enables them to deploy ransomware on a scale, maximizing the impact of their attack," Microsoft stated.

One such attack, observed by the tech giant, involved a group known as Storm-0300. The hackers infiltrated a company’s systems by exploiting its virtual private network (VPN). After acquiring administrator credentials, they tried to access the domain controller through the remote desktop protocol (RDP). Once inside, they carried out a series of actions including reconnaissance, bypassing security measures, and escalating their privileges.

Despite the growing frequency of attacks, Microsoft emphasized the difficulty in protecting domain controllers due to their critical role in network management and authentication.

Defenders often face the challenge of “striking the right balance between security and operational functionality,” the blog noted.

To improve protection, Microsoft suggested enhancing domain controllers’ ability to differentiate between legitimate and malicious activity—an essential step toward minimizing server compromises.

Jason Soroko, senior fellow at cybersecurity firm Sectigo, stressed the importance of proactive security measures.

"Ultimately, even the most advanced defense mechanisms may falter if misconfigured or if legacy systems create vulnerabilities. Hence, vigilant customer-side security practices are critical to fortifying these systems against modern cyberthreats," Sectigo said.

While Microsoft offers strong protective tools, their success hinges on users maintaining up-to-date systems and activating features like multifactor authentication.


Read more »
Technology
Artificial Intelligence Digital Identity Hackers Technology

AI-Powered Tools Now Facing Higher Risk of Cyberattacks

 



As artificial intelligence becomes more common in business settings, experts are warning that these tools could be the next major target for online criminals.

Some of the biggest software companies, like Microsoft and SAP, have recently started using AI systems that can handle office tasks such as finance and data management. But these digital programs also come with new security risks.


What Are These Digital Identities?

In today’s automated world, many apps and devices run tasks on their own. To do this, they use something called digital identities — known in tech terms as non-human identities, or NHIs. These are like virtual badges that allow machines to connect and work together without human help.

The problem is that every one of these digital identities could become a door for hackers to enter a company’s system.


Why Are They Being Ignored?

Modern businesses now rely on large numbers of these machine profiles. Because there are so many, they often go unnoticed during security checks. This makes them easy targets for cybercriminals.

A recent report found that nearly one out of every five companies had already dealt with a security problem involving one of these digital identities.


Unsafe Habits Increase the Risk

Many companies fail to change or update the credentials of these identities in a timely manner. This is a basic safety step that should be done often. However, studies show that more than 70% of these identities are left unchanged for long periods, which leaves them vulnerable to attacks.

Another issue is that nearly all organizations allow outside vendors to access their digital identities. When third parties are involved, there is a bigger chance that something could go wrong, especially if those vendors don’t have strong security systems of their own.

Experts say that keeping old login details in use while also giving access to outsiders creates serious weak spots in a company's defense.


What Needs to Be Done

As businesses begin using AI agents more widely, the number of digital identities is growing quickly. If they are not protected, hackers could use them to gain control over company data and systems.

Experts suggest that companies should treat these machine profiles just like human accounts. That means regularly updating passwords, limiting who has access, and monitoring their use closely.

With the rise of AI in workplaces, keeping these tools safe is now more important than ever.


Read more »
Subscribe to: Posts (Atom)