Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking. Show all posts
rotterdam
Antwerp Hacking IT system malware Netherlands rotterdam

Man Sentenced to Seven Years for Hacking Port IT Systems to Enable Drug Imports

 



A Dutch appeals court has sentenced a 44-year-old man to seven years in prison for his involvement in cyber intrusions targeting major European ports and for using those breaches to support drug trafficking operations.

The ruling was issued by the Amsterdam Court of Appeal, which reviewed a case that began with the man’s arrest in 2021. He was initially convicted a year later by the Amsterdam District Court on multiple charges, including illegal access to computer systems, attempted extortion, and assisting in the import of narcotics. Following that decision, the defendant challenged the verdict, arguing that key evidence used against him had been obtained unlawfully.

At the center of the appeal was the use of messages collected from Sky ECC, an encrypted communication platform. Law enforcement agencies in Europe gained access to the service in 2021 as part of a coordinated investigation into organized crime. That operation led to the arrest of the platform’s leadership and numerous users, with legal proceedings continuing into the following years. The defense claimed that the interception of these communications violated procedural safeguards and undermined the fairness of the trial.

The appeals court rejected those objections, stating that the defense failed to demonstrate how the collection of Sky ECC messages breached the defendant’s legal rights. As a result, most of the original findings were upheld.

However, the court did overturn one charge related to a plan to import approximately 5,000 kilograms of cocaine. Despite this, judges maintained the remaining convictions, including those tied to cybercrime and drug-related offenses.

Court findings show that the man worked with others to breach IT systems used by port operations in Rotterdam and Barendrecht in the Netherlands, as well as Antwerp in Belgium. These systems are responsible for managing logistics and cargo movement within the ports. By gaining unauthorized access, the group aimed to manipulate information so that illegal drug shipments could pass through undetected.

The intrusion was carried out by infecting internal systems at a port logistics company. Malware was introduced through USB devices that were connected by company employees. Authorities have not clarified whether those individuals were coerced, deceived, or willingly involved.

Once the malware was installed, the attacker was able to deploy remote access tools. This allowed him to extract data from internal databases and monitor information as it moved through the network, giving criminal groups operational insight into port activities.

Investigators also found that between mid-September 2020 and late April 2021, the man attempted to sell malicious software along with instructions for its use, working in coordination with others.

Taking into account the hacking activities, the facilitation of drug trafficking, the import of 210 kilograms of cocaine into the Netherlands, and attempted extortion, the court confirmed a final prison sentence of seven years.

Read more »
Scams
Cyber Crime Hacking IT information Korean Air Scams

Korean Air Confirms Employee Data Leak Linked to Third-Party Breach

 



Korean Air has confirmed that personal information belonging to thousands of its employees was exposed following a cyber incident at Korean Air Catering and Duty-Free, commonly referred to as KC&D. The company disclosed the issue after receiving notification from KC&D that its internal systems had been compromised by an external cyberattack.

KC&D, which provides in-flight meals and duty-free sales services, was separated from Korean Air in 2020 and now operates as an independent entity. Despite this separation, KC&D continued to store certain employee records belonging to Korean Air, which were housed on its enterprise resource planning system. According to internal communications, the exposed data includes employee names and bank account numbers. Korean Air estimates that information related to approximately 30,000 employees may have been affected.

The airline clarified that the incident did not involve passenger or customer data. Korean Air stated that, based on current findings, the breach was limited strictly to employee information stored within KC&D’s systems.

In an internal notice circulated to staff, Korean Air acknowledged that while the breach occurred outside its direct operational control, it is treating the situation with seriousness due to the sensitivity of the information involved. The company noted that it only became aware of the incident after KC&D formally disclosed the breach.

Following the notification, Korean Air said it immediately initiated emergency security measures and reported the matter to relevant authorities. The airline is actively working to determine the full extent of the exposure and identify all affected individuals. Employees have been advised to remain cautious of unexpected messages or unusual financial activity, as exposed personal information can increase the risk of scams and identity misuse.

Korean Air leadership reassured staff that there is currently no evidence suggesting further leakage of employee data beyond what has already been identified. The company also stated that it plans to conduct a comprehensive review of its data protection and security arrangements with external partners to prevent similar incidents in the future.

Although Korean Air has not officially attributed the attack to any specific group, a ransomware operation has publicly claimed responsibility for breaching KC&D’s systems. This claim has not been independently verified by Korean Air. Cybersecurity analysts have noted that the same group has been linked to previous attacks exploiting vulnerabilities in widely used enterprise software, often targeting third-party vendors as an entry point.

Ransomware groups typically operate by stealing sensitive data and threatening public disclosure to pressure victims. Such attacks increasingly focus on supply-chain targets, where indirect access can yield large volumes of data with fewer security barriers.

Korean Air stated that investigations are ongoing and that it will continue cooperating with authorities. The airline added that further updates and support will be provided to employees as more information becomes available.

Read more »
Virtual Kidnapping
Cyber Crime FBI Hacking Scammers Sensitive Information Virtual Kidnapping

FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings

 



The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The agency reports that these incidents, often described as virtual kidnappings, are designed to panic the target into paying quickly before verifying the claims.


How the scam begins

The operation usually starts when criminals search social media accounts or any platform where people share personal photos publicly. They collect pictures of individuals, including children, teenagers, and adults, and then edit those images to make it appear as though the person is being held against their will. Scammers may change facial expressions, blur backgrounds, add shadows, or alter body positions to create a sense of danger.

Once they prepare these altered images, they contact a relative or friend of the person in the photo. In most cases, they send a sudden text or place a call claiming a loved one has been kidnapped. The message is crafted to create immediate panic and often includes threats of harm if payment is not made right away.


The role of fake “proof of life”

One recurring tactic is the use of emotionally charged photos or short video clips that appear to show the victim in distress. These materials are presented as proof that the kidnapping is real. However, investigators have observed that the content often contains mistakes that reveal it has been edited. The inconsistencies can range from missing tattoos or scars to unnatural lighting, distorted facial proportions, or visual elements that do not match known photos of the person.

Criminals also try to limit the victim’s ability to examine the images closely. Some use disappearing messages or apps that make screenshots difficult. Others send messages in rapid succession to prevent the victim from taking a moment to reach out to the supposed abducted individual.


Why these scams escalate quickly

Scammers depend on speed and emotional intensity. They frequently insist that any delay will lead to harm, which pressures victims to make decisions without checking whether their loved one is actually safe. In some situations, criminals exploit posts about missing persons by inserting themselves into ongoing searches and providing false updates.

The FBI urges people to be mindful of the information they share online, especially when it involves personal photos, travel details, or locations. The agency recommends that families set up a private code word that can be used during emergencies to confirm identity. Individuals should avoid sharing personal information with unknown callers or strangers while traveling.

If someone receives a threatening call or message, the FBI advises them to stay calm and attempt to contact the alleged victim directly through verified communication channels. People should record or capture any messages, screenshots, phone numbers, images, or audio clips connected to the incident. These materials can help law enforcement determine whether the event is a hoax.

Anyone who believes they have been targeted by a virtual kidnapping attempt is encouraged to submit a report to the FBI’s Internet Crime Complaint Center at IC3.gov. The agency requests detailed information, including phone numbers used by the scammer, payment instructions, message transcripts, and any photos or videos that were provided as supposed evidence.





Read more »
organisations
Atroposia DNS Hijacking Hacking malware Malware Trojan organisations

Atroposia Malware Offers Attackers Built-In Tools to Spy, Steal, and Scan Systems

 




Cybersecurity researchers have recently discovered a new malware platform known as Atroposia, which is being promoted on dark web forums as a subscription-based hacking toolkit. The platform offers cybercriminals a remote access trojan (RAT) that can secretly control computers, steal sensitive data, and even scan the infected system for security flaws, all for a monthly payment.

Researchers from Varonis, a data protection firm, explained that Atroposia is the latest example of a growing trend where ready-to-use malware services make advanced hacking tools affordable and accessible, even to attackers with little technical expertise.


How Atroposia Works

Atroposia operates as a modular program, meaning its users can turn individual features on or off depending on what they want to achieve. Once installed on a device, it connects back to the attacker’s command-and-control (C2) server using encrypted communication, making it difficult for defenders to detect its activity.

The malware can also bypass User Account Control (UAC), a security layer in Windows designed to prevent unauthorized changes, allowing it to gain full system privileges and remain active in the background.

Those who purchase access, reportedly priced at around $200 per month unlock a wide set of tools. These include the ability to open a hidden remote desktop, steal files, exfiltrate data, capture copied text, harvest credentials, and even interfere with internet settings through DNS hijacking.

One of the most distinctive parts of Atroposia is its HRDP Connect module, which secretly creates a secondary desktop session. Through this, attackers can explore a victim’s computer, read emails, open apps, or view documents without the user noticing anything unusual. Because the interaction happens invisibly, traditional monitoring systems often fail to recognize it as remote access.

The malware also provides an Explorer-style file manager, which lets attackers browse, copy, or delete files remotely. It includes a “grabber” feature that can search for specific file types or keywords, automatically compress the selected items into password-protected ZIP archives, and transmit them directly from memory leaving little trace on the device.


Theft and Manipulation Features

Atroposia’s data-theft tools are extensive. Its stealer module targets saved logins from browsers, chat records, and even cryptocurrency wallets. A clipboard monitor records everything a user copies, such as passwords, private keys, or wallet addresses, storing them in an easily accessible list for the attacker.

The RAT also uses DNS hijacking at the local machine level. This technique silently redirects web traffic to malicious sites controlled by the attacker, making it possible to trick victims into entering credentials on fake websites, download malware updates, or expose their data through man-in-the-middle attacks.


A Built-In Vulnerability Scanner

Unlike typical RATs, Atroposia comes with a local vulnerability scanner that automatically checks the system for weak spots, such as missing security patches, outdated software, or unsafe configurations. It generates a score to show which issues are easiest to exploit.

Researchers have warned that this function poses a major threat to corporate networks, since it can reveal unpatched VPN clients or privilege escalation flaws that allow attackers to deepen their access or spread across connected systems.

Security experts view Atroposia as part of a larger movement in the cybercrime ecosystem. Services like SpamGPT and MatrixPDF have already shown how subscription-based hacking tools lower the technical barrier for attackers. Atroposia extends that trend by bundling reconnaissance, exploitation, and data theft into one easy-to-use toolkit.


How Users Can Stay Protected

Analysts recommend taking preventive steps to reduce exposure to such threats.

Users should:

• Keep all software and operating systems updated.

• Download programs only from verified and official sources.

• Avoid pirated or torrent-based software.

• Be cautious of unfamiliar commands or links found online.

Companies are also urged to monitor for signs such as hidden desktop sessions, unusual DNS modifications, and data being sent directly from memory, as these can indicate the presence of sophisticated RATs like Atroposia.

Atroposia’s discovery highlights the growing ease with which advanced hacking tools are becoming available. What once required high-level expertise can now be rented online, posing a serious challenge to both individual users and large organizations trying to protect their digital environments.



Read more »
Security
Cybersecurity Hacking Privacy Public Wifi Security

Stop Using Public Wi-Fi: Critical Security Risks Explained

 

Public Wi-Fi networks, commonly found in coffee shops and public spaces, are increasingly used by remote workers and mobile device users seeking internet access outside the home or office. While convenient, these networks pose significant security risks that are often misunderstood. 

This article explains why tech experts caution against the casual use of public Wi-Fi, emphasizing that such networks can be notably unsafe, especially when unsecured. The distinction between secure and unsecured networks is critical: secure networks require authentication steps like passwords, account creation, or agreeing to terms of service.

These measures typically offer additional layers of protection for users. In contrast, unsecured networks allow anyone to connect without authorization, lacking essential cybersecurity safeguards. According to experts from Executech, unsecured networks do not incorporate protective measures to prevent unauthorized access and malicious activities, leaving users vulnerable to cyberattacks.

When connecting to unsecured public Wi-Fi, data transmitted between a device and the network can be intercepted by attackers who may exploit weaknesses in the infrastructure. Cybercriminals often target these networks to access sensitive information stored or shared on connected devices. Individuals should be wary about what activities they perform on such connections, as the risk of unauthorized access and data theft is high.

Security experts advise users to avoid performing sensitive tasks, such as accessing bank accounts, entering financial details for online shopping, or opening confidential emails, when on public Wi-Fi. Personal and family information, especially involving children, should also be kept off devices used on public networks to mitigate the risk of exposure. 

For those who absolutely must use public Wi-Fi—for emergencies or workplace requirements—layering protections is recommended. Downloading a reputable VPN can help encrypt data traffic, establishing a secure tunnel between the user’s device and the internet and reducing some risk.

Ultimately, the safest approach is to avoid public Wi-Fi altogether when possible, relying on personal routers or trusted connections instead. All public Wi-Fi networks are susceptible to hacking attempts, regardless of perceived safety. By following the suggested precautions and maintaining awareness of potential risks, users can better protect their sensitive information and minimize security threats when forced to use public Wi-Fi networks.
Read more »
Villager
AI software Cyber Security Hacking Supply Chain Villager

Villager: AI Software That Makes Hacking Easier

 


A new penetration testing framework named Villager is drawing international attention for its unusual mix of traditional hacking tools and artificial intelligence. Released in July 2025 through the Python Package Index, the tool has already surpassed 10,000 downloads in just two months, making it one of the fastest-spreading AI-assisted security applications this year.


What Villager Does

At its core, Villager is designed to make penetration testing simulated hacking used to expose system weaknesses more automated. Instead of relying on step-by-step scripts or specialized technical input, it allows users to type simple text commands. These commands are then processed by AI, which translates them into detailed attack sequences. For instance, asking the system to “scan a website for flaws” triggers a chain of actions: launching a containerized Linux environment, running vulnerability scans, and selecting suitable exploits based on what is uncovered.

Villager is built around a distributed architecture that splits its work across different services. A message coordination service, operating on a dedicated port, directs activity. The decision-making engine draws on a library of more than four thousand AI-generated prompts to guide exploit attempts. Each task is carried out inside temporary containers, self-contained systems that disappear after 24 hours. This setup not only automates penetration testing but also makes it harder to trace activities since logs are deleted and network ports are randomized.


Why Experts Are Alarmed

While Villager is being presented as a red-team tool for ethical testing, its design makes it equally attractive to malicious actors. Security researchers warn of parallels with older software like Cobalt Strike, which began as a legitimate testing framework but was widely repurposed by attackers. Villager’s ability to adapt attacks in real time, evade forensic tracking, and lower the technical barriers for launching sophisticated campaigns means that less-skilled individuals could now carry out advanced intrusions with minimal effort.


Risks for Organizations

Because Villager is publicly available through an official software repository, it increases the chance that attackers could blend its use with everyday development processes. This raises supply chain risks, especially for companies using automated pipelines or shared workstations. Faster attack lifecycles, harder attribution, and the wide availability of the tool add up to a new challenge for enterprise defenders.


Protective Measures

Experts recommend organizations strengthen defenses immediately. This includes monitoring for unusual container activity, restricting external package installations, and enhancing incident response logs. Some also suggest deploying security gateways capable of inspecting Model Context Protocol traffic, which can detect and block malicious AI-driven commands before they escalate.

Villager represents both a technological milestone and a serious warning sign. As the boundaries between AI research and offensive security continue to blur, organizations will need to stay one step ahead to protect themselves from tools that automate the very attacks they seek to defend against.



Read more »
Hacking
car tracking Cyber Security cybersecurity vulnerability dealership portal exploit Hacking

White-Hat Hacker Exposes Car Dealership Portal Flaw That Allowed Vehicle Unlocking and Tracking

 

Imagine being able to track any car in real time, find out exactly where it’s parked, and then unlock it using just your phone. Not only that, but you could cancel car shipments or access sensitive customer data—all without ever setting foot inside a dealership. Sounds like a scene from a cyber-thriller, right? Except this actually happened, thanks to a security loophole in a major car manufacturer’s dealership portal.

Fortunately, the person who uncovered this alarming vulnerability wasn’t a criminal but cybersecurity researcher Eaton Zveare. According to TechCrunch, Zveare stumbled upon the issue during what he described as a “weekend project,” when he discovered “two simple API vulnerabilities” within the portal. Although he didn’t reveal the automaker’s name, he did confirm that it’s a “famous brand with several sub-brands.”

By exploiting the flaw, Zveare was able to grant himself administrator-level access—the highest permissions possible. That meant he could view sensitive buyer information such as names, addresses, financial details, and even VIN numbers of vehicles parked on the street. More alarmingly, he could track rental and courtesy cars in real time and remotely unlock vehicles linked to the system. He even had the ability to cancel car shipments to more than 1,000 dealerships across the U.S.

This kind of car hacking vulnerability isn’t new. In January, Subaru faced a similar exposure, raising further concerns about the growing risks of connected car technology.

As Zveare noted, the smarter and more connected vehicles become, the greater the potential for hackers to exploit weak links. Modern car apps already let owners locate, track, and unlock their vehicles remotely—but when that same access falls into the wrong hands, it poses a massive cybersecurity threat to the automotive industry.

This isn’t Zveare’s first big discovery. In 2023, he gained access to Toyota Mexico’s customer data and, shortly before that, infiltrated Toyota’s global supplier management network—a critical system for its supply chain. He later described that flaw as “one of the most severe vulnerabilities I have ever found.”

The silver lining? Zveare responsibly reports all vulnerabilities to companies before going public, giving them time to fix the issues. He first identified the dealership portal exploit in February, and the problem has since been resolved.

Still, his findings highlight a sobering reality: if one researcher can uncover these flaws, malicious hackers may already be exploiting others that remain undiscovered.

So, while you might think locking your car is enough, in the age of connected vehicles and remote access hacks, that may no longer be the case.
Read more »
stolen information
Data Breach Google Hacking Phishing Attack Salesforce Scams stolen information

Google Confirms Data Breach in Salesforce System Linked to Known Hacking Group

 



Google has admitted that some of its customer data was stolen after hackers managed to break into one of its Salesforce databases.

The company revealed the incident in a blog post on Tuesday, explaining that the affected database stored contact details and notes about small and medium-sized business clients. The hackers, a group known online as ShinyHunters and officially tracked as UNC6040, were able to access the system briefly before Google’s security team shut them out.

Google stressed that the stolen information was limited to “basic and mostly public” details, such as business names, phone numbers, and email addresses. It did not share how many customers were affected, and a company spokesperson declined to answer further questions, including whether any ransom demand had been made.

ShinyHunters is notorious for breaking into large organizations’ cloud systems. In this case, Google says the group used voice phishing, calling employees and tricking them into granting system access — to target its Salesforce environment. Similar breaches have recently hit other companies using Salesforce, including Cisco, Qantas, and Pandora.

While Google believes the breach’s immediate impact will be minimal, cybersecurity experts warn there may be longer-term risks. Ben McCarthy, a lead security engineer at Immersive, pointed out that even simple personal details, once in criminal hands, can be exploited for scams and phishing attacks. Unlike passwords, names, dates of birth, and email addresses cannot be changed.

Google says it detected and stopped the intrusion before all data could be removed. In fact, the hackers only managed to take a small portion of the targeted database. Earlier this year, without naming itself as the victim, Google had warned of a similar case where a threat actor retrieved only about 10% of data before being cut off.

Reports suggest the attackers may now be preparing to publish the stolen information on a data leak site, a tactic often used to pressure companies into paying ransoms. ShinyHunters has been linked to other criminal networks, including The Com, a group known for hacking, extortion, and sometimes even violent threats.

Adding to the uncertainty, the hackers themselves have hinted they might leak the data outright instead of trying to negotiate with Google. If that happens, affected business contacts could face targeted phishing campaigns or other cyber threats.

For now, Google maintains that its investigation is ongoing and says it is working to ensure no further data is at risk. Customers are advised to stay alert for suspicious calls, emails, or messages claiming to be from Google or related business partners.

Read more »
Subscribe to: Comments (Atom)