Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet. Show all posts
Internet
Cloud Cyber Security Data hack Google Internet

Google Confirms Data Breach from 200 Companies


Google has confirmed that hackers stole data from more than 200 companies after exploiting apps developed by Gainsight, a customer success software provider. The breach targeted Salesforce systems and is being described as one of the biggest supply chain attacks in recent months.

What Happened

Salesforce said last week that “certain customers’ Salesforce data” had been accessed through Gainsight applications. These apps are widely used by companies to manage customer relationships. According to Google’s Threat Intelligence Group, over 200 Salesforce instances were affected.  

Who Is Behind the Attack

A group calling itself Scattered Lapsus$ Hunters, which includes members of the well-known ShinyHunters gang, has claimed responsibility. The gang has a history of targeting large firms and leaking stolen data online.  

The hackers have already published a list of alleged victims. Names include Atlassian, CrowdStrike, DocuSign, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters and Verizon. Some of these companies have denied being impacted, while others are still investigating.

What next?

This is a serious case of risks of third-party apps in enterprise ecosystems. By compromising Gainsight’s software, attackers were able to reach hundreds of companies at once.  

According to Tech Crunch, supply chain attacks are especially dangerous because they exploit trust in vendors. Once a trusted app is breached, it can open doors to sensitive data across multiple organisations.

Industry Response

Salesforce has said it is working with affected customers to secure systems. Gainsight has not yet issued a detailed statement. Google continues to track the attackers and assess the scale of the stolen data.  

Cybersecurity firms are advising companies to review their integrations, tighten access controls and monitor for suspicious activity. Analysts believe this breach will renew calls for stricter checks on third-party apps used in cloud platforms.

The Larger Picture

The attack comes at a time when businesses are increasingly dependent on SaaS platforms like Salesforce. With more reliance on external apps, attackers are shifting focus to these weak links. This makes the issue dangerous.

Read more »
Spyware
AI Android Data Internet malware Pegasus Spyware

How Spyware Steals Your Data Without You Knowing About It


You might not be aware that your smartphone has spyware, which poses a risk to your privacy and personal security. However, what exactly is spyware? 

This type of malware, often presented as a trustworthy mobile application, has the potential to steal your data, track your whereabouts, record conversations, monitor your social media activity, take screenshots of your activities, and more. Phishing, a phony mobile application, or a once-reliable software that was upgraded over the air to become an information thief are some of the ways it could end up on your phone.

Types of malware

Legitimate apps are frequently packaged with nuisanceware. It modifies your homepage or search engine settings, interrupts your web browsing with pop-ups, and may collect your browsing information to sell to networks and advertising agencies.

Nuisanceware

Nuisanceware is typically not harmful or a threat to your fundamental security, despite being seen as malvertising. Rather, many malware packages focus on generating revenue by persuading users to view or click on advertisements.

Generic mobile spyware

Additionally, there is generic mobile spyware. These types of malware collect information from the operating system and clipboard in addition to potentially valuable items like account credentials or bitcoin wallet data. Spray-and-pray phishing attempts may employ spyware, which isn't always targeted.

Stalkerware

Compared to simple spyware, advanced spyware is sometimes also referred to as stalkerware. This spyware, which is unethical and frequently harmful, can occasionally be found on desktop computers but is becoming more frequently installed on phones.

The infamous Pegasus

Lastly, there is commercial spyware of governmental quality. One of the most popular variations is Pegasus, which is sold to governments as a weapon for law enforcement and counterterrorism. 

Pegasus was discovered on smartphones owned by lawyers, journalists, activists, and political dissidents. Commercial-grade malware is unlikely to affect you unless you belong to a group that governments with ethical dilemmas are particularly interested in. This is because commercial-grade spyware is expensive and requires careful victim selection and targeting.

How to know if spyware is on your phone?

There are signs that you may be the target of a spyware or stalkerware operator.

Receiving strange or unexpected emails or messages on social media could be a sign of a spyware infection attempt. You should remove these without downloading any files or clicking any links.

Read more »
TP-Link
AI China Cloud Data Internet Technology TP-Link

TP-Link Routers May Get Banned in US Due to Alleged Links With China


TP-Link routers may soon shut down in the US. There's a chance of potential ban as various federal agencies have backed the proposal. 

Alleged links with China

The news first came in December last year. According to the WSJ, officials at the Departments of Justice, Commerce, and Defense had launched investigations into the company due to national security threats from China. 

Currently, the proposal has gotten interagency approval. According to the Washington Post, "Commerce officials concluded TP-Link Systems products pose a risk because the US-based company's products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government." 

But TP-Link's connections to the Chinese government are not confirmed. The company has denied of any ties with being a Chinese company. 

About TP-Link routers 

The company was founded in China in 1996. After the October 2024 investigation, the company split into two: TP-Link Systems and TP-Link Technologies. "TP-Link's unusual degree of vulnerabilities and required compliance with [Chinese] law are in and of themselves disconcerting. When combined with the [Chinese] government's common use of [home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming" the officials wrote in October 2024. 

The company dominated the US router market since the COVID pandemic. It rose from 20% of total router sales to 65% between 2019 and 2025. 

Why the investigation?

The US DoJ is investigating if TP-Link was involved in predatory pricing by artificially lowering its prices to kill the competition. 

The potential ban is due to an interagency review and is being handled by the Department of Commerce. Experts say that the ban may be lifted in future due to Trump administration's ongoing negotiations with China. 

Read more »
Video Games
AI Children Privacy Internet Technology Video Games

Video Game Studios Exploit Legal Rights of Children


A study revealed that video game studios are openly ignoring legal systems and abusing the data information and privacy of the children who play these videogames.

Videogame developers discarding legal rights of children 

Researchers found that highly opaque frameworks of data collection in the intense lucrative video game market run by third-party companies and developers showed malicious intent. The major players freely discard children's rights to store personal data via game apps. Video game studios ask parents to accept privacy policies that are difficult to understand and also contradictory at times. 

Quagmire of videos games privacy laws

Their legality is doubtful. Video game studios are thriving on the fact that parents won't take the time to read these privacy laws carefully, and in case if they do, they still won't be able to complain because of the complexity of policies. 

Experts studied the privacy frameworks of video games for children aged below 13 (below 14 in Quebec) in comparison to legal laws in the US, Quebec, and Canada. 

Conclusion 

The research reveals an immediate need for government agencies to implement legal frameworks and predict when potential legal issues for video game developers can surface. In Quebec, a class action lawsuit has already been filled against the mobile gaming industry for violating children's privacy rights.

Need for robust legal systems 

Since there is a genuine need for legislative involvement to control studio operations, this investigation may result in legal action against studios whose abusive practices have been revealed as well as legal reforms. 

 Self-regulation by industry participants (studios and classification agencies) is ineffective since it fails to safeguard children's data rights. Not only do parents and kids lack the knowledge necessary to give unequivocal consent, but inaccurate information also gives them a false sense of security, especially if the game seems harmless and childlike.

Read more »
Technology
AI Cloud Dark Web Internet Ransomware Technology

Why Ransomware Attacks Keep Rising and What Makes Them Unstoppable


In August, Jaguar Land Rover (JLR) suffered a cyberattack. JLR employs over 32,800 people and provides additional 104,000 jobs via it's supply chain. JLR is the recent victim in a chain of ransomware attacks. 

Why such attacks?

Our world is entirely dependent on technology which are prone to attacks. Only a few people understand such complex infrastructure. The internet is built to be easy, and this makes it vulnerable. The first big cyberattack happened in 1988. That time, not many people knew about it. 

The more we rely on networked computer technology, the more we become exposed to attacks and ransomware extortion.

How such attacks happen?

There are various ways of hacking or disrupting a network. Threat actors get direct access through software bugs, they can access unprotected systems and leverage them as a zombie army called "botnet," to disrupt a network.

Currently, we are experiencing a wave of ransomware attacks. First, threat actors hack into a network, they may pretend to be an employee. They do this via phishing emails or social engineering attacks. After this, they increase their access and steal sensitive data for extortion reasons. By this, hackers gain control and assert dominance.

These days, "hypervisor" has become a favourite target. It is a server computer that lets many remote systems to use just one system (like work from home). Hackers then use ransomware to encode data, which makes the entire system unstable and it becomes impossible to restore the data without paying the ransom for a decoding key.

Why constant rise in attacks?

A major reason is a sudden rise in cryptocurrencies. It has made money laundering easier. In 2023, a record $1.1 billion was paid out across the world. Crypto also makes it easier to buy illegal things on the dark web. Another reason is the rise of ransomware as a service (RaaS) groups. This business model has made cyberattacks easier for beginner hackers 

About RaaS

RaaS groups market on dark web and go by the names like LockBit, REvil, Hive, and Darkside sell tech support services for ransomware attack. For a monthly fees, they provide a payment portal, encryption softwares, and a standalone leak site for blackmailing the victims, and also assist in ransom negotiations.


Read more »
Technology
AI atlas ChatGPT Cloud Google Internet Technology

Is ChatGPT's Atlas Browser the Future of Internet?

Is ChatGPT's Atlas Browser the Future of Internet?

After using ChatGPT Atlas, OpenAI's new web browser, users may notice few issues. This is not the same as Google Chrome, which about 60% of users use. It is based on a chatbot that you are supposed to converse with in order to browse the internet.  

One of the notes said, "Messages limit reached," "No models that are currently available support the tools in use," another stated.  

Following that: "You've hit the free plan limit for GPT-5."  

Paid browser 

According to OpenAI, it will simplify and improve internet usage. One more step toward becoming "a true super-assistant." Super or not, however, assistants are not free, and the corporation must start generating significantly more revenue from its 800 million customers.

According to OpenAI, Atlas allows us to "rethink what it means to use the web". It appears to be comparable to Chrome or Apple's Safari at first glance, with one major exception: a sidebar chatbot. These are early days, but there is the potential for significant changes in how we use the Internet. What is certain is that this will be a high-end gadget that will only function properly if you pay a monthly subscription price. Given how accustomed we are to free internet access, many people would have to drastically change their routines.

Competitors, data, and money

The founding objective of OpenAI was to achieve artificial general intelligence (AGI), which roughly translates to AI that can match human intelligence. So, how does a browser assist with this mission? It actually doesn't. However, it has the potential to increase revenue. The company has persuaded venture capitalists and investors to spend billions of dollars in it, and it must now demonstrate a return on that investment. In other words, it needs to generate revenue. However, obtaining funds through typical internet advertising may be risky. Atlas might also grant the corporation access to a large amount of user data.

The ultimate goal of these AI systems is scale; the more data you feed them, the better they will become. The web is built for humans to use, so if Atlas can observe how we order train tickets, for example, it will be able to learn how to better traverse these processes.  

Will it kill Google?

Then we get to compete. Google Chrome is so prevalent that authorities throughout the world are raising their eyebrows and using terms like "monopoly" to describe it. It will not be easy to break into that market.

Google's Gemini AI is now integrated into the search engine, and Microsoft has included Copilot to its Edge browser. Some called ChatGPT the "Google killer" in its early days, predicting that it would render online search as we know it obsolete. It remains to be seen whether enough people are prepared to pay for that added convenience, and there is still a long way to go before Google is dethroned.

Read more »
Web browser
AI ChatGPT Cloud Data Internet Technology Web browser

The Risks of AI-powered Web Browsers for Your Privacy


AI and web browser

The future of browsing is AI, it watches everything you do online. Security and privacy are two different things; they may look same, but it is different for people who specialize in these two. Threats to your security can also be dangers to privacy. 

Threat for privacy and security

Security and privacy aren’t always the same thing, but there’s a reason that people who specialize in one care deeply about the other. 

Recently, OpenAI released its ChatGPT-powered Comet Browser, and Brave Software team disclosed that AI-powered browsers can follow malicious prompts that hide in images on the web. 

AI powered browser good or bad?

We have long known that AI-powered browsers (and AI browser add-ons for other browsers) are vulnerable to a type of attack known as a prompt injection attack. But this is the first time we've seen the browser execute commands that are concealed from the user. 

That is the aspect of security. Experts who evaluated the Comet Browser discovered that it records everything you do while using it, including search and browser history as well as information about the URLs you visit. 

What next?

In short, while new AI-powered browser tools do fulfill the promise of integrating your favorite chatbot into your web browsing experience, their developers have not yet addressed the privacy and security threats they pose. Be careful when using these.

Researchers studied the ten biggest VPN attacks in recent history. Many of them were not even triggered by foreign hostile actors; some were the result of basic human faults, such as leaked credentials, third-party mistakes, or poor management.

Atlas: AI powered web browser

Atlas, an AI-powered web browser developed with ChatGPT as its core, is meant to do more than just allow users to navigate the internet. It is capable of reading, sum up, and even finish internet tasks for the user, such as arranging appointments or finding lodgings.

Atlas looked for social media posts and other websites that mentioned or discussed the story. For the New York Times piece, a summary was created utilizing information from other publications such as The Guardian, The Washington Post, Reuters, and The Associated Press, all of which have partnerships or agreements with OpenAI, with the exception of Reuters.

Read more »
Internet
AWS Business Cyber Security Global IT Outage Government Internet

The Fragile Internet: How Small Failures Trigger Global Outages






The modern internet, though vast and advanced, remains surprisingly delicate. A minor technical fault or human error can disrupt millions of users worldwide, revealing how dependent our lives have become on digital systems.

On October 20, 2025, a technical error in a database service operated by Amazon Web Services (AWS) caused widespread outages across several online platforms. AWS, one of the largest cloud computing providers globally, hosts the infrastructure behind thousands of popular websites and apps. As a result, users found services such as Roblox, Fortnite, Pokémon Go, Snapchat, Slack, and multiple banking platforms temporarily inaccessible. The incident showed how a single malfunction in a key cloud system can paralyze numerous organizations at once.

Such disruptions are not new. In July 2024, a faulty software update from cybersecurity company CrowdStrike crashed around 8.5 million Windows computers globally, producing the infamous “blue screen of death.” Airlines had to cancel tens of thousands of flights, hospitals postponed surgeries, and emergency services across the United States faced interruptions. Businesses reverted to manual operations, with some even switching to cash transactions. The event became a global lesson in how a single rushed software update can cripple essential infrastructure.

History provides many similar warnings. In 1997, a technical glitch at Network Solutions Inc., a major domain registrar, temporarily disabled every website ending in “.com” and “.net.” Though the number of websites was smaller then, the event marked the first large-scale internet failure, showing how dependent the digital world had already become on centralized systems.

Some outages, however, have stemmed from physical damage. In 2011, an elderly woman in Georgia accidentally cut through a fiber-optic cable while scavenging for copper, disconnecting the entire nation of Armenia from the internet. The incident exposed how a single damaged cable could isolate millions of users. Similarly, in 2017, a construction vehicle in South Africa severed a key line, knocking Zimbabwe offline for hours. Even undersea cables face threats, with sharks and other marine life occasionally biting through them, forcing companies like Google to reinforce cables with protective materials.

In 2022, Canada witnessed one of its largest connectivity failures when telecom provider Rogers Communications experienced a system breakdown that halted internet and phone services for roughly a quarter of the country. Emergency calls, hospital appointments, and digital payments were affected nationwide, highlighting the deep societal consequences of a single network failure.

Experts warn that such events will keep occurring. As networks grow more interconnected, even a small mistake or single-point failure can spread rapidly. Cybersecurity analysts emphasize the need for stronger redundancy, slower software rollouts, and diversified cloud dependencies to prevent global disruptions.

The internet connects nearly every part of modern life, yet these incidents remind us that it remains vulnerable. Whether caused by human error, faulty code, or damaged cables, the web’s fragility shows why constant vigilance, better infrastructure planning, and verified information are essential to keeping the world online.



Read more »
Technology
AI Browser Cloud Data Google Internet Technology

Incognito Mode Is Not Private, Use These Instead


Incognito (private mode) is a famous privacy feature in web browsers. Users may think that using Incognito mode ensures privacy while surfing the web, allowing them to browse without restrictions, and that everything disappears when the tab is closed. 

With no sign of browsing history in Incognito mode, you may believe you are safe. However, this is not entirely accurate, as Incognito has its drawbacks and doesn’t guarantee private browsing. But this doesn’t mean that the feature is useless. 

What Incognito mode does

Private browsing mode is made to keep your local browsing history secret. When a user opens an incognito window, their browser starts a different session and temporarily saves browsing in the session, such as history and cookies. Once the private session is closed, the temporary information is self-deleted and is not visible in your browsing history. 

What Incognito mode can’t do

Incognito mode helps to keep your browsing data safe from other users who use your device

A common misconception among users is that it makes them invisible on the internet and hides everything they browse online. But that is not true.

Why Incognito mode doesn't guarantee privacy

1. It doesn’t hide user activity from the Internet Service Provider (ISP)

Every request you send travels via the ISP network (encrypted DNS providers are an exception). Your ISPs can track user activity on their networks, and can monitor your activity and all the domains you visit, and even your unencrypted traffic. If you are on a corporate Wi-Fi network, your network admin can see the visited websites. 

2. Incognito mode doesn’t stop websites from tracking users

When you are using Incognito, cookies are deleted, but websites can still track your online activity via device and browser fingerprinting. Sites create user profiles based on unique device characteristics such as resolution, installed extensions, and screen size.

3. Incognito mode doesn’t hide your IP address

If you are blocked from a website, using Incognito mode won’t make it accessible. It can’t change your I address.

Should you use Incognito mode?

It may give a false sense of benefits, but Incognito mode doesn’t ensure privacy. It is only helpful for shared devices.

What can you use?

There are other options to protect your online privacy, such as:

  1. Using a virtual private network (VPN)
  2. Privacy-focused browsers: Browsers such as Tor are by default designed to block trackers, ads, and fingerprinting.
  3. Using private search engines: Instead of Google and Bing, you can use private search engines such as DuckDuckGo and Startpage.

Read more »
Technology
AI Cloud Data Internet Ransomware Technology

Paying Ransom Does Not Guarantee Data Restoration: Report


A new report claims that smaller firms continue to face dangers in the digital domain, as ransomware threats persistently target organizations. Hiscox’s Cyber Readiness Report surveyed 6,000 businesses, and over 59% report they have been hit by a cyber attack in the last year.  

Financial losses were a major factor; most organizations reported operational failures, reputation damage, and staff losses. “Outdated operating systems and applications often contain security vulnerabilities that cyber attackers can exploit. Even with robust defenses, there is always a risk of data loss or ransomware attacks,” the report said.

Problems with ransomware payments

Ransomware is the topmost problem; the survey suggests that around 27% of respondents suffered damage, and 80% agreed to pay ransom. 

Despite the payments, recovery was not confirmed as only 60% could restore their data, while hackers asked for repayments again. The reports highlight that paying the ransom to hackers doesn’t ensure data recovery and can even lead to further extortion. 

Transparency needed

There is an urgent need for transparency, as 71% respondents agreed that companies should disclose ransom payments and the money paid. Hiscox found that gangs are targeting sensitive data like executive emails, financial information, and contracts.

The report notes that criminal groups are increasingly targeting sensitive business data such as contracts, executive emails, and financial information. "Cyber criminals are now much more focused on stealing sensitive business data. Once stolen, they demand payment…pricing threats based on reputational damage,” the report said. This shift has exposed gaps in businesses’ data loss prevention measures that criminals exploit easily.  

AI threat

Respondents also said they experienced AI-related incidents, where threat actors exploited AI flaws such as deepfakes and vulnerabilities in third-party AI apps. Around 65% still perceive AI as an opportunity rather than a threat. The report highlights new risks that business leaders may not fully understand yet. 

According to the report, “Even with robust defenses, there is always a risk of data loss or ransomware attacks. Frequent, secure back-ups – stored either offline or in the cloud – ensure that businesses can recover quickly if the worst happens.”

Read more »
Windows
AI Cloud Internet Microsoft PCs Technology Windows

Microsoft to end support for Windows 10, 400 million PCs will be impacted


Microsoft is ending software updates for Windows 10

From October 14, Microsoft will end its support for Windows 10, experts believe it will impact around 400 million computers, exposing them to cyber threats. People and groups worldwide are requesting that Microsoft extend its free support. 

According to recent research, 40.8% of desktop users still use Windows 10. This means around 600 million PCs worldwide use Windows 10. Soon, most of them will not receive software updates, security fixes, or technical assistance. 

400 million PCs will be impacted

Experts believe that these 400 million PCs will continue to work even after October 14th because hardware upgrades won’t be possible in such a short duration. 

“When support for Windows 8 ended in January 2016, only 3.7% of Windows users were still using it. Only 2.2% of Windows users were still using Windows 8.1 when support ended in January 2023,” PIRG said. PIGR has also called this move a “looming security disaster.”

What can Windows users do?

The permanent solution is to upgrade to Windows 11. But there are certain hardware requirements when you want to upgrade, and most users will not be able to upgrade as they will have to buy new PCs with compatible hardware. 

But Microsoft has offered few free options for personal users, if you use 1,000 Microsoft Rewards points. Users can also back up their data to the Windows Backup cloud service to get a free upgrade. If this impacts you, you can earn these points via Microsoft services such as Xbox games, store purchases, and Bing searches. But this will take time, and users don’t have it, unfortunately. 

The only viable option for users is to pay $30 (around Rs 2,650) for an Extended Security Updates (ESU) plan, but it will only work for one year.

According to PIGR, “Unless Microsoft changes course, users will face the choice between exposing themselves to cyberattacks or discarding their old computers and buying new ones. The solution is clear: Microsoft must extend free, automatic support.”

Read more »
zero-click
AI Cloud Data Internet Spyware Technology zero-click

Zero-click Exploit AI Flaws to Hack Systems


What if machines, not humans, become the centre of cyber-warfare? Imagine if your device could be hijacked without you opening any link, downloading a file, or knowing the hack happened? This is a real threat called zero-click attacks, a covert and dangerous type of cyber attack that abuses software bugs to hack systems without user interaction. 

The threat

These attacks have used spywares such as Pegasus and AI-driven EchoLeak, and shown their power to attack millions of systems, compromise critical devices, and steal sensitive information. With the surge of AI agents, the risk is high now. The AI-driven streamlining of work and risen productivity has become a lucrative target for exploitation, increasing the scale and attack tactics of breaches.

IBM technology explained how the combination of AI systems and zero-click flaws has reshaped the cybersecurity landscape. “Cybercriminals are increasingly adopting stealthy tactics and prioritizing data theft over encryption and exploiting identities at scale. A surge in phishing emails delivering infostealer malware and credential phishing is fueling this trend—and may be attributed to attackers leveraging AI to scale distribution,” said the IBM report.

A few risks of autonomous AI are highlighted, such as:

  • Threat of prompt injection 
  • Need for an AI firewall
  • Gaps in addressing the challenges due to AI-driven tech

About Zero-click attacks

These attacks do not need user interaction, unlike traditional cyberattacks that relied on social engineering campaigns or phishing attacks. Zero-click attacks exploit flaws in communication or software protocols to gain unauthorized entry into systems.  

Echoleak: An AI-based attack that modifies AI systems to hack sensitive information.

Stagefright: A flaw in Android devices that allows hackers to install malicious code via multimedia messages (MMS), hacking millions of devices.

Pegasus: A spyware that hacks devices through apps such as iMessage and WhatsApp, it conducts surveillance, can gain unauthorized access to sensitive data, and facilitate data theft as well.

How to stay safe?

According to IBM, “Despite the magnitude of these challenges, we found that most organizations still don’t have a cyber crisis plan or playbooks for scenarios that require swift responses.” To stay safe, IBM suggests “quick, decisive action to counteract the faster pace with which threat actors, increasingly aided by AI, conduct attacks, exfiltrate data, and exploit vulnerabilities.”

Read more »
Tehcnology
Cloud GitHub GitLab Internet Red Hat Tehcnology

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

An extortion gang by the name of Crimson Collective claimed to have stolen approximately 570GB of compressed data from internal development repositories belonging to Red Hat. Red Hat confirmed the breach impacted one of its GitLab instances.

The stolen data contains around 800 Customer Engagement Reports (CERs), which contain sensitive data about a customer’s platform and network. A CER is a consulting document made for clients that includes infrastructure data, configuration details, authentication tokens, and other data that could be exploited to attack customer networks. 

Red Hat confirmed that it was hit by a security breach impacting its consulting business, but it has not confirmed any of the threat actor’s claims about the stolen GitLab repositories and customer CERs. 

According to Bleeping Computer’s conversation with the hacker, the breach happened two weeks ago. Threat actors allegedly accessed the full database URIs, authentication tokens, and private data in Red Hat CERs and code. They claim that the data was used to get access to the downstream customer infrastructure.

The hacking gang also released a full directory containing the list of the allegedly extracted GitLab repositories and a list of CERs between 2020 and 2025 on Telegram. 

The directory list of CERs contains various sectors and famous organizations like AT&T, Fidelity, Kaiser, Bank of America, Mayo Clinic,  T-Mobile, Costco, Federal Aviation Administration, the US Navy’s Naval Surface Warfare Center, the House of Representatives, etc. 

The hackers claim they contacted Red Hat with an extortion ransom, but did not get any reply except a message asking the hackers to provide a vulnerability report to Red Hat’s security team.

"We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements. Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities. Our ongoing investigation found that an unauthorized third party had accessed and copied some data from this instance," said Red Hat

Read more »
Phishing Campaigns
AI Cloud Cyber Security GenAI Internet Microsoft Phishing Campaigns

Microsoft Stops Phishing Scam Which Used Gen-AI Codes to Fool Victims


AI: Boon or Curse?

AI code is in use across sectors for variety of tasks, particularly cybersecurity, and both threat actors and security teams have turned to LLMs for supporting their work. 

Security experts use AI to track and address to threats at scale as hackers are experimenting with AI to make phishing traps, create obfuscated codes, and make spoofed malicious payloads. 

Microsoft Threat Intelligence recently found and stopped a phishing campaign that allegedly used AI-generated code to cover payload within an SVG file. 

About the campaign 

The campaign used a small business email account to send self addressed mails with actual victims coveted in BCC fields, and the attachment looked like a PDF but consisted SVG script content. 

The SVG file consisted hidden elements that made it look like an original business dashboard, while a secretly embedded script changed business words into code that exposed a secret payload. Once opened, the file redirects users to a CAPTCHA gate, a standard social engineering tactical that leads to a scanned sign in page used to steal credentials. 

The hidden process combined business words and formulaic code patterns instead of cryptographic techniques. 

Security Copilot studied the file and listed markers in lines with LLM output. These things made the code look fancy on the surface, however, it made the experts think it was AI generated. 

Combating the threat

The experts used AI powered tools in Microsoft Defender for Office 375 to club together hints that were difficult for hackers to push under the rug. 

The AI tool flagged the rare self-addressed email trend , the unusual SVG file hidden as a PDF, the redirecting to a famous phishing site, the covert code within the file, and the detection tactics deployed on the phishing page. 

The incident was contained, and blocked without much effort, mainly targeting US based organizations, Microsoft, however, said that the attack show how threat actors are aggressively toying with AI to make believable tracks and sophisticated payloads.

Read more »
Technology
Cloud Data Facebook Google Internet Partiful Technology

Social Event App Partiful Did Not Collect GPS Locations from Photos

 

Social event planning app Partiful, also known as "Facebook events for hot people," has replaced Facebook as the go-to place for sending party invites. However, like Facebook, Partiful also collects user data. 

The hosts can create online invitations in a retro style, which allows users to RSVP to events easily. The platform strives to be user-friendly and trendy, which has made the app No.9 on the Apple store, and Google has called it "the best app" of 2024. 

About Partiful

Partiful has recently developed into a Facebook-like social graph; it maps your friends and also friends of friends, what you do, where you go, and your contact numbers. When the app became famous, people started doubting its origins, alleging that the app had former employees of a data-mining company. TechCrunch, however, found that the app was not storing any location data from user-uploaded images, which include public profile pictures. 

Metadata in photos

The photos that you have on your phones have metadata, which consists of file size, date of capture. With videos, Metadata can include information such as the type of camera used, the settings, and latitude/longitude coordinates. TechCrunch discovered that anyone could use the developer tools in a web browser to get raw user profile photos access from Partiful’s back-end database on Google Firebase. 

About the bug

The flaw could have been problematic, as it could have exposed the location of a person’s profile photo if someone used Partiful. 

According to TechCrunch, “Some Partiful user profile photos contained highly granular location data that could be used to identify the person’s home or work, particularly in rural areas where individual homes are easier to distinguish on a map.”

It is a common norm for companies hosting user photos and videos to automatically remove metadata once uploaded to prevent privacy issues, such as Partiful.

Read more »
Technology
Cloud Dark Web Data Digital ID Internet Technology

Is UK's Digital ID Hacker Proof?


Experts warned that our data will never be safe, as the UK government plans to launch Digital IDs for all citizens in the UK. The move has received harsh criticism due to a series of recent data attacks that leaked official government contacts, email accounts, staff addresses, and passwords. 

Why Digital IDs?

The rolling out of IDs means that digital identification will become mandatory for right-to-work checks in the UK by the end of this Parliament session. It aims to stop the illegal migrants from entering the UK, according to Keir Starmer, the UK's Prime Minister, also stressing that the IDs will prevent illegal working.

Experts, however, are not optimistic about this, as cyberattacks on critical national infrastructure, public service providers, and high street chains have surged. They have urged the parliament to ensure security and transparency when launching the new ID card scheme. 

According to former UK security and intelligence coordinator and director of GCHQ David Omand, the new plan will offer benefits, but it has to be implemented carefully. 

Benefits of Digital IDs

David Omand, former UK security and intelligence coordinator and director of GCHQ, said the scheme could offer enormous benefits, but only if it is implemented securely, as state hackers will try to hack and disrupt. 

To prevent this, the system should be made securely, and GCHQ must dedicate time and resources to robust implementation. The digital IDs would be on smartphones in the GOV.UK’s wallet app and verified against a central database of citizens having the right to live and work in the UK.

Risk with Digital IDs

There is always a risk of stolen data getting leaked on the dark web. According to an investigation by Cyjax, more than 1300 government email-password combinations, addresses, and contact details were accessed by threat actors over the past year. This is what makes the Digital ID card a risk, as the privacy of citizens can be put at risk. 

The UK government, however, has ensured that these digital IDs are made with robust security, secured via state-of-the-art encryption and authentication technology. 

According to PM Starmer, this offers citizens various benefits like proving their identity online and control over how data is shared and with whom.

Read more »
Technology
Cloud Data Domain Internet phishing PyPI Technology

Phishing Campaign Uses Fake PyPI Domain to Steal Login Credentials


Phishing campaign via fake domains

A highly advanced phishing campaign targeted maintainers of packages on the Python Package Index (PyPI), utilizing domain confusion methods to obtain login credentials from unsuspecting developers. The campaign leverages fake emails made to copy authentic PyPI communications and send recipients to fake domains that mimic the genuine PyPI infrastructure.

Campaign tactic

The phishing operation uses meticulously drafted emails that ask users to confirm their email address for “account maintenance and security reasons,” cautioning that accounts will be suspended if not done. 

These fake emails scare users, pushing them to make hasty decisions without confirming the authenticity of the communication. The phony emails redirect the victims to the malicious domain pypi-mirror.org, which mimics the genuine PyPI mirror but is not linked to the Python Software Foundation.

Broader scheme 

This phishing campaign highlights a series of attacks that have hit PyPi and similar other open-source repositories recently. Hackers have started changing domain names to avoid getting caught. 

Experts at PyPI said that these campaigns are part of a larger domain-confusion attack to abuse the trust relationship inside the open-source ecosystem.

The campaign uses technical deception and social engineering. When users open the malicious links, their credentials are stolen by the hackers. 

Domain confusion

The core of this campaign depends upon domain spoofing. The fake domain uses HTTPS encoding and sophisticated web design to build its authority, which tricks users who might not pay close attention while accessing these sites. The malicious sites mimic PyPI’s login page with stark reality, such as professional logos, form elements, and styling, giving users an authentic experience. 

This level of detail in the craft highlights robust planning and resource use by threat actors to increase the campaign’s effectiveness.

How to stay safe?

Users are advised to not open malicious links and pay attention while using websites, especially when putting in login details. 

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately. Inspect your account's Security History for anything unexpected. Report suspicious activity, such as potential phishing campaigns against PyPI, to security@pypi.org,” PyPI said in the blog post.

Read more »
Technology
AI ChatGPT Cloud Gemini Google Internet Technology

Gemini in Chrome: Google Can Now Track Your Phone

Gemini in Chrome: Google Can Now Track Your Phone

Is the Gemini browser collecting user data?

A new warning for 2 billion Chrome users, Google has announced that its browser will start collecting “sensitive data” on smartphones. “Starting today, we’re rolling out Gemini in Chrome,” Google said, which will be the “biggest upgrade to Chrome in its history.” The data that can be collected includes the device ID, username, location, search history, and browsing history. 

Agentic AI and browsers

Surfshark investigated the user privacy of AI browsers after Google’s announcement and found that if you use Chrome with Gemini on your smartphone, Google can collect 24 types of data. According to Surfshark, this is bigger than any other agentic AI browsers that have been analyzed. 

For instance, Microsoft’s Edge browser, which has Copilot, only collects half the data compared to Chrome and Gemini. Even Brave, Opera, and Perplexity collect less data. With the Gemini-in-Chrome extension, however, users should be more careful. 

Now that AI is everywhere, a lot of browsers like Firefox, Chrome, and Edge allow users to integrate agentic AI extensions. Although these tools are handy, relying on them can expose your privacy and personal data to third-party companies.

There have been incidents recently where data harvesting resulted from browser extensions, even those downloaded from official stores. 

The new data collection warning comes at the same time as the Gemini upgrade this month, called “Nano Banana.” This new update will also feed on user data. 

According to Android Authority, “Google may be working on bringing Nano Banana, Gemini’s popular image editing tool, to Google Photos. We’ve uncovered a GIF for a new ‘Create’ feature in the Google Photos app, suggesting it’ll use Nano Banana inside the app. It’s unclear when the feature will roll out.”

AI browser concerns

Experts have warned that every photo you upload has a biometric fingerprint which consists of your micro-expressions, unique facial geometry, body proportions, and micro-expressions. The biometric data included device fingerprinting, behavioural biometrics, social network mapping, and GPS coordinates.

Besides this, Apple’s Safari now has anti-fingerprinting technology as the default browsing for iOS 26. However, users should only use their own browser for it to work. For instance, if you use Chrome on an Apple device, it won’t work. Another reason why Apply is advising users to use the Safari browser and not Chrome. 

Read more »
Internet
Citrix Bleed Cloud Cyber Security Data Leak Email FEMA Internet

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies


An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management Agency technology employees.

Citrix bug leads to breach

The incident occurred on June 22, when threat actors infiltrated Citrix virtual desktop infrastructure inside FEMA via stolen login details. The data was stolen from Region 6 servers, according to NextGov. The DHS security staff were informed of the incident on July 7. A week later, an unknown hacker used a high-level access account and tried to deploy virtual networking software to retrieve details. Mitigation began on July 16. 

In September, further mitigation actions were taken, including reframing FEMA Zscaler policies and restricting access to a few websites. According to Nextgov, an internal FEMA email was found that instructed all employees to change their passwords, but no other details about the incidents were mentioned in the email. 

About FEMA firings

The FEMA employee layoffs happened on August 29, after a routine inspection of the agency’s infrastructure, which revealed a flaw that “allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole,” according to the Department of Homeland Security (DHS). 

The firing announcement came from DHS, which also hit FEMA’s top cybersecurity and technology officers. According to DHS, FEMA’s IT staff “resisted any efforts to fix the problem” and “lied” about the significance of flaws. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS said at the time.

Lack of effort: DHS

FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said when Noem first announced the staff terminations last month. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS also said.

About the Citrix bug

Citrix sells software that employees use for remote access of workplace apps. The flaw, named CitrixBleed 2.0, in the past has allowed threat actors to escape two-factor authentication measures. “Bleed” is a tactic that makes susceptible devices give out memory content, allowing threat actors to place pieces of data and assemble login credentials for infiltrating devices.

Read more »
Website
Advertising AI Cloud Cookie Data Internet Technology Website

The Cookie Problem. Should you Accept or Reject?


It is impossible for a user today to surf the internet without cookies, to reject or accept. A pop-up shows in our browser that asks to either “accept all” or “reject all.” In a few cases, a third option allows you to ‘manage preferences’.

The pop-ups can be annoying, and your first reaction is to remove them immediately, and you hit that “accept all” button. But is there anything else you can do?

About cookies

Cookies are small files that are saved by web pages, and they have information for personalizing user experience, particularly for the most visited websites. The cookies may remember your login details, preferred news items, or your shopping preferences based on your browsing history. Cookies also help advertisers target your browsing behaviour via targeted ads. 

Types of cookies

Session cookies: These are for temporary use, like tracking items in your shopping cart. When a browser session is inactive, the cookies are automatically deleted.

Persistent cookies: As the name suggests, these cookies are used for longer periods. For example, saving logging details for accessing emails faster. They can expire from days to years. 

About cookie options

When you are on a website, pop-ups inform you about the “essential cookies” that you can’t opt out of because if you do, you may not be able to use the website's online features, like shopping carts wouldn’t work. But in the settings, you can opt out of “non-essential cookies.”

Three types of non-essential cookies

  1. Functional cookies- Based on browsing experience. (for instance, region or language selection)
  2. Advertising cookies- Third-party cookies, which are used to track user browsing activities. These cookies can be shared with third parties and across domains and platforms that you did not visit.
  3. Analytics cookies- They give details about metrics, such as how visitors use the website

Read more »
Subscribe to: Comments (Atom)