Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label data security. Show all posts
protecting sensitive data
Cyber Security Data Leak Data protection data security Hacker group hacking groups protecting sensitive data

Telegram Blocks Black Mirror Hacker Group and Data Leak Channels

 

Telegram has stepped up its efforts to curb the spread of sensitive information by blocking several channels accused of leaking private data, with the high-profile Black Mirror hacker group being among the most prominent targets. The platform accused Black Mirror of engaging in activities such as “doxxing and extortion,” according to Novaya Europe. Known for publishing the private correspondence and documents of Russian government officials and influential businessmen, the group often attempted to monetize its activities by offering archives of stolen material to interested buyers. Telegram has gone further by deleting content associated with Black Mirror that had been shared by users in private conversations or added to their favourites, indicating a broad effort to erase the group’s digital footprint. 

The move follows a statement from Telegram’s founder, Pavel Durov, who recently revealed that he had received hundreds of reports about scams, blackmail, and extortion schemes running on the platform. Based on this feedback, he confirmed that numerous channels would be banned for similar violations by the end of the week. According to Durov, Telegram had collected clear evidence that some administrators published damaging content only to later remove it in exchange for money. Others were accused of selling “protection blocks,” where victims were forced to pay to avoid further targeting. Such practices, he noted, amounted to clear violations of Telegram’s rules and could not be tolerated. 

The crackdown comes at a time when Telegram is facing growing suspicion over its relationship with Russian authorities. Reports indicate that the platform deleted more than 373,000 posts and channels in April 2025 alone at the request of Roskomnadzor, Russia’s state censorship body. In late June, at least 10 channels dedicated to open-source investigations, all with “OSINT” in their names, were also blocked. These actions have sparked concerns among journalists, researchers, and independent outlets who rely on Telegram as a primary communication tool to reach Russian audiences, especially since traditional media channels have come under stricter state control following the invasion of Ukraine. 

Adding to user frustration, disruptions have been reported across the service in recent days. Some users complained of difficulties making voice calls through Telegram, which coincided with reports that Russian mobile operators may block calls made via foreign-owned messaging platforms. Analysts suggest this could be part of a broader push by Russian security agencies to limit access to external communication services. For many independent voices in Russia, Telegram has remained one of the few accessible outlets to distribute information freely. With mounting restrictions and targeted bans on influential channels, the future of open dialogue on the platform now appears increasingly uncertain.
Read more »
Ransomwares
customer data compromise Cyber Attacks Data Breaches Data Leak data security RansomHub RansomHub ransomware ransomware attacks Ransomware group Ransomwares

Manpower Data Breach Hits 145,000 After RansomHub Ransomware Attack

 

Manpower, one of the world’s largest staffing and recruitment companies, has confirmed that nearly 145,000 individuals had their personal data compromised following a ransomware attack in late December 2024. The company, which operates as part of ManpowerGroup alongside Experis and Talent Solutions, employs more than 600,000 workers across 2,700 offices worldwide and reported $17.9 billion in revenues last year. 

The breach came to light after the company investigated a systems outage at a Lansing, Michigan, franchise in January 2025. According to a filing with the Office of the Maine Attorney General, attackers gained unauthorized access to Manpower’s network between December 29, 2024, and January 12, 2025. In notification letters sent to affected individuals, Manpower revealed that certain files may have been accessed or stolen during this time. The company stated that the breach potentially exposed personal information, though the full scope of data compromised remains undisclosed. 

On July 28, 2025, the staffing firm formally notified 144,189 individuals that their data may have been involved in the incident. Following the discovery, Manpower announced that it had implemented stronger IT security measures and is cooperating with the FBI to pursue those responsible. To mitigate the impact on victims, the company is also offering complimentary credit monitoring and identity theft protection services through Equifax. 

The ransomware group RansomHub has claimed responsibility for the attack. In January, shortly after Manpower disclosed the incident, the group alleged that it had stolen 500GB of sensitive files from the company’s systems. According to RansomHub, the stolen trove included personal and corporate records such as passports, Social Security numbers, contact details, financial documents, HR analytics, and confidential contracts. The gang initially published details of the breach on its dark web site but later removed Manpower’s listing, raising speculation that a ransom may have been paid to prevent further data leaks. 

RansomHub is a ransomware-as-a-service (RaaS) operation that emerged in early 2024, evolving from earlier groups known as Cyclops and Knight. Since then, it has been linked to numerous high-profile attacks against global organizations, including Halliburton, Kawasaki’s European operations, Christie’s auction house, Frontier Communications, Planned Parenthood, and the Bologna Football Club. The group was also behind the leak of data stolen in the massive Change Healthcare cyberattack, one of the largest breaches in the U.S. healthcare sector, impacting more than 190 million individuals. 

Last year, the FBI reported that RansomHub affiliates had breached over 200 critical infrastructure organizations across the United States, further underlining the group’s reach and persistence. While ManpowerGroup has not confirmed the exact nature of the stolen data or whether negotiations occurred, a company spokesperson clarified that the incident was confined to an independently operated franchise in Lansing. The spokesperson emphasized that the franchise runs on a separate platform, meaning no ManpowerGroup corporate systems were compromised.

The breach highlights the growing risks ransomware attacks pose to global enterprises, particularly those handling large volumes of sensitive employee and client data. It also reflects how threat actors like RansomHub continue to exploit vulnerabilities in third-party and subsidiary operations, targeting organizations indirectly when direct access to corporate systems is more difficult.
Read more »
Remote Workers
Data Breach Data Leak Data protection data security IT workers Job Scams North Korea North Korea Hackers Remote Workers

Leaked Data Exposes Daily Lives of North Korean IT Workers in Remote Work Scams

 

A recent data leak has shed rare light on the hidden world of North Korean IT workers who carry out remote work scams worldwide. The revelations not only expose the highly organized operations of these state-sponsored workers but also offer an unusual glimpse into their demanding work culture and limited personal lives.  

According to the leak, North Korean IT operatives rely on a mix of fraudulent digital identities and sophisticated tools to infiltrate global companies. Using fake IDs, resumes, and accounts on platforms such as Google, GitHub, and Slack, they are able to secure remote jobs undetected. To conceal their location, they employ VPNs and remote access programs like AnyDesk, while AI-powered deepfakes and writing assistants assist in polishing resumes, generating fake profiles, and handling interviews or workplace communication in English. 

The documents reveal an intense work environment. Workers are typically expected to log a minimum of 14 hours per day, with strict quotas to meet. Failure to achieve these targets often results in even longer working hours. Supervisors keep close watch, employing surveillance measures like screen recordings and tight control over personal communications to ensure productivity and compliance. 

Despite the pressure, fragments of normalcy emerge in the leaked records. Spreadsheets point to organized social activities such as volleyball tournaments, while Slack messages show employees celebrating birthdays, exchanging jokes, and sharing memes. Some leaked recordings even caught workers playing multiplayer games like Counter-Strike, suggesting attempts to balance their grueling schedules with occasional leisure. 

The stakes behind these scams are far from trivial. According to estimates from the United Nations and the U.S. government, North Korea’s IT worker schemes generate between $250 million and $600 million annually. This revenue plays a direct role in funding the country’s ballistic missile programs and other weapons of mass destruction, underscoring the geopolitical consequences of what might otherwise appear as simple cyber fraud.  

The leaked data also highlights the global scale of the operation. Workers are not always confined to North Korea itself; many operate from China, Russia, and Southeast Asian nations to evade detection. Over time, the scheme has grown more sophisticated, with increasing reliance on AI and expanded targeting of companies across industries worldwide. 

A critical component of these scams lies in the use of so-called “laptop farms” based in countries like the United States. Here, individuals—sometimes unaware of their role—receive corporate laptops and install remote access software. This setup enables North Korean operatives to use the hardware as if they were legitimate employees, further complicating efforts to trace the fraud back to Pyongyang. 

Ultimately, the leak provides a rare inside view of North Korea’s state-directed cyber workforce. It underscores the regime’s ability to merge strict discipline, advanced digital deception, and even glimpses of ordinary life into a program that not only exploits global companies but also fuels one of the world’s most pressing security threats.
Read more »
Personal Data
AI technology airline cybersecurity Cyber Security Data protection data security Delta Airlines flight price inflation Personal Data

US Lawmakers Raise Concerns Over AI Airline Ticket Pricing Practices

 

Airline controversies often make headlines, and recent weeks have seen no shortage of them. Southwest Airlines faced passenger backlash after a leaked survey hinted at possible changes to its Rapid Rewards program. Delta Air Lines also reduced its Canadian routes in July amid a travel boycott, prompting mixed reactions from U.S. states dependent on Canadian tourism. 

Now, a new and more contentious issue involving Delta has emerged—one that merges the airline industry’s pricing strategies with artificial intelligence (AI), raising alarm among lawmakers and regulators. The debate centers on the possibility of airlines using AI to determine “personalized” ticket prices based on individual passenger data. 

Such a system could adjust fares in real time during searches and bookings, potentially charging some customers more—particularly those perceived as wealthier or in urgent need of travel—while offering lower rates to others. Factors influencing AI-driven pricing could include a traveler’s zip code, age group, occupation, or even recent online searches suggesting urgency, such as looking up obituaries. 

Critics argue this approach essentially monetizes personal information to maximize airline profits, while raising questions about fairness, transparency, and privacy. U.S. Transportation Secretary Sean Duffy voiced concerns on August 5, stating that any attempt to individualize airfare based on personal attributes would prompt immediate investigation. He emphasized that pricing seats according to income or personal identity is unacceptable. 

Delta Air Lines has assured lawmakers that it has never used, tested, or planned to use personal data to set individual ticket prices. The airline acknowledged its long-standing use of dynamic pricing, which adjusts fares based on competition, fuel costs, and demand, but stressed that personal information has never been part of the equation. While Duffy accepted Delta’s statement “at face value,” several Democratic senators, including Richard Blumenthal, Mark Warner, and Ruben Gallego, remain skeptical and are pressing for legislative safeguards. 

This skepticism is partly fueled by past comments from Delta President Glen Hauenstein, who in December suggested that AI could help predict how much passengers are willing to pay for premium services. Although Delta has promised not to implement AI-based personal pricing, the senators want clarity on the nature of the data being collected for fare determination. 

In response to these concerns, Democratic lawmakers Rashida Tlaib and Greg Casar have introduced a bill aimed at prohibiting companies from using AI to set prices or wages based on personal information. This would include preventing airlines from raising fares after detecting sensitive online activity. Delta’s partnership with AI pricing firm Fetcherr—whose clients include several major global airlines—has also drawn attention. While some carriers view AI pricing as a profit-boosting tool, others, like American Airlines CEO Robert Isom, have rejected the practice, citing potential damage to consumer trust. 

For now, AI-driven personal pricing in air travel remains a possibility rather than a reality in the U.S. Whether it will be implemented—or banned outright—depends on the outcome of ongoing political and public scrutiny. Regardless, the debate underscores a growing tension between technological innovation and consumer protection in the airline industry.
Read more »
Personal Data Breach
Data Breach Data Leak Data protection data security Data Theft Italy Personal Data Personal Data Breach

Venice Film Festival Cyberattack Leaks Personal Data of Accredited Participants

 

The Venice Film Festival has reportedly been hit by a cyberattack, resulting in the leak of sensitive personal data belonging to accredited attendees. According to The Hollywood Reporter, the breach exposed information including names, email addresses, contact numbers, and tax details of individuals registered for this year’s event. The affected group includes both festival participants and members of the press who had received official accreditation. News of the incident was communicated through an official notification. 

The report states that unauthorized actors gained access to the festival’s servers on July 7. In response, the event’s IT team acted swiftly to contain the breach. Their immediate measures included isolating compromised systems, securing affected infrastructure, and notifying relevant authorities. Restoration work was launched promptly to minimize disruption. Those impacted by the incident have been advised to contact the festival at privacy@labiennale.org for more information and guidance. 

Organizers assured that the breach would not affect payment processing, ticketing, or booking systems. This means that preparations for the upcoming 82nd edition of the Venice Film Festival will continue as scheduled, with the event set to run from August 27 to September 9, 2025, in Venice, Italy. As in previous years, the program will feature an eclectic mix of global cinema, spanning independent works, arthouse creations, and major Hollywood productions. 

The 2025 lineup boasts notable names in international filmmaking. Hollywood will be represented by directors such as Luca Guadagnino, Guillermo del Toro, Yorgos Lanthimos, Kathryn Bigelow, Benny Safdie, and Noah Baumbach. Baumbach’s new film Jay Kelly features a star pairing of George Clooney and Adam Sandler, alongside a supporting cast that includes Laura Dern, Greta Gerwig, Riley Keough, Billy Crudup, Eve Hewson, Josh Hamilton, and Patrick Wilson. 

Following last year’s Queer, Guadagnino returns with After The Hunt, a morally complex drama starring Ayo Edebiri, Julia Roberts, and Andrew Garfield, screening in the Out of Competition category. Benny Safdie will present The Smashing Machine, featuring Dwayne Johnson and Emily Blunt in a tense sports drama — his first solo directorial effort after his collaborations with brother Josh on acclaimed films like Uncut Gems and Good Time. 

Festival director Alberto Barbera has hinted at a strong awards season presence for several films in the lineup. He cited The Smashing Machine, Kathryn Bigelow’s latest feature, and Guillermo del Toro’s adaptation of Frankenstein as potential Oscar contenders. Despite the cyberattack, the Venice Film Festival remains on track to deliver one of the year’s most anticipated cinematic showcases.
Read more »
PWA
Browser Browser Security Client Accounts Cyber Attacks cybercriminals Data protection data security Data Theft Mobile Security PWA

Cybercriminals Escalate Client-Side Attacks Targeting Mobile Browsers

 

Cybercriminals are increasingly turning to client-side attacks as a way to bypass traditional server-side defenses, with mobile browsers emerging as a prime target. According to the latest “Client-Side Attack Report Q2 2025” by security researchers c/side, these attacks are becoming more sophisticated, exploiting the weaker security controls and higher trust levels associated with mobile browsing. 

Client-side attacks occur directly on the user’s device — typically within their browser or mobile application — instead of on a server. C/side’s research, which analyzed compromised domains, autonomous crawling data, AI-powered script analysis, and behavioral tracking of third-party JavaScript dependencies, revealed a worrying trend. Cybercriminals are injecting malicious code into service workers and the Progressive Web App (PWA) logic embedded in popular WordPress themes. 

When a mobile user visits an infected site, attackers hijack the browser viewport using a full-screen iframe. Victims are then prompted to install a fake PWA, often disguised as adult content APKs or cryptocurrency apps, hosted on constantly changing subdomains to evade takedowns. These malicious apps are designed to remain on the device long after the browser session ends, serving as a persistent backdoor for attackers. 

Beyond persistence, these apps can harvest login credentials by spoofing legitimate login pages, intercept cryptocurrency wallet transactions, and drain assets through injected malicious scripts. Some variants can also capture session tokens, enabling long-term account access without detection. 

To avoid exposure, attackers employ fingerprinting and cloaking tactics that prevent the malicious payload from triggering in sandboxed environments or automated security scans. This makes detection particularly challenging. 

Mobile browsers are a favored target because their sandboxing is weaker compared to desktop environments, and runtime visibility is limited. Users are also more likely to trust full-screen prompts and install recommended apps without questioning their authenticity, giving cybercriminals an easy entry point. 

To combat these threats, c/side advises developers and website operators to monitor and secure third-party scripts, a common delivery channel for malicious code. Real-time visibility into browser-executed scripts is essential, as relying solely on server-side protections leaves significant gaps. 

End-users should remain vigilant when installing PWAs, especially those from unfamiliar sources, and treat unexpected login flows — particularly those appearing to come from trusted providers like Google — with skepticism. As client-side attacks continue to evolve, proactive measures on both the developer and user fronts are critical to safeguarding mobile security.
Read more »
Personal Information
Cyber Security Data Privacy Data protection data security Data Surveillance Personal Data Personal Information

New York Lawmaker Proposes Bill to Regulate Gait Recognition Surveillance

 

New York City’s streets are often packed with people rushing to work, running errands, or simply enjoying the day. For many residents, walking is faster than taking the subway or catching a taxi. However, a growing concern is emerging — the way someone walks could now be tracked, analyzed, and used to identify them. 

City Councilmember Jennifer Gutierrez is seeking to address this through new legislation aimed at regulating gait recognition technology. This surveillance method can identify people based on the way they move, including their walking style, stride length, and posture. In some cases, it even factors in other unique patterns, such as vocal cadence. 

Gutierrez’s proposal would classify a person’s gait as “personal identifying information,” giving it the same protection as highly sensitive data, including tax or medical records. Her bill also requires that individuals be notified if city agencies are collecting this type of information. She emphasized that most residents are unaware their movements could be monitored, let alone stored for future analysis. 

According to experts, gait recognition technology can identify a person from as far as 165 feet away, even if they are walking away from the camera. This capability makes it an appealing tool for law enforcement but raises significant privacy questions. While Gutierrez acknowledges its potential in solving crimes, she stresses that everyday New Yorkers should not have their personal characteristics tracked without consent. 

Public opinion is divided. Privacy advocates argue the technology poses a serious risk of misuse, such as mass tracking without warrants or transparency. Supporters of its use believe it can be vital for security and public safety when handled with proper oversight. 

Globally, some governments have already taken steps to regulate similar surveillance tools. The European Union enforces strict rules on biometric data collection, and certain U.S. states have introduced laws to address privacy risks. However, experts warn that advancements in technology often move faster than legislation, making it difficult to implement timely safeguards. 

The New York City administration is reviewing Gutierrez’s bill, while the NYPD’s use of gait recognition for criminal investigations would remain exempt under the proposed law. The debate continues over whether this technology’s benefits outweigh the potential erosion of personal privacy in one of the world’s busiest cities.
Read more »
Katz
Atlantis AIO CaaS Credentials Theft CyberCrime cybercriminals Cybersecurity Data Breach Data Harvesting SDK data security Data Theft Flashpoint infostealers Katz

Cybercrime-as-a-Service Drives Surge in Data Breaches and Stolen Credentials

 

The era of lone cybercriminals operating in isolation is over. In 2025, organized cybercrime groups dominate the threat landscape, leveraging large-scale operations and sophisticated tools to breach global organizations. Recent intelligence from Flashpoint reveals a troubling surge in cyberattacks during just the first half of the year, showing how professionalized cybercrime has become — particularly through the use of Cybercrime-as-a-Service (CaaS) offerings. 

One of the most alarming findings is the 235% rise in data breaches globally, with the United States accounting for two-thirds of these incidents. These breaches exposed an astounding 9.45 billion records. However, this number is eclipsed by the dramatic 800% increase in stolen login credentials. In total, threat actors using information-stealing malware compromised more than 1.8 billion credentials in just six months. 

These tools — such as Katz Stealer or Atlantis AIO — are widely accessible to hackers for as little as $30, yet they offer devastating capabilities, harvesting sensitive data from commonly used browsers and applications. Flashpoint’s report emphasizes that unauthorized access, largely facilitated by infostealers, was the initial attack vector in nearly 78% of breach cases. 

These tools enable threat actors to infiltrate organizations and pivot across networks and supply chains with ease. Because of their low cost and high effectiveness, infostealers are now the top choice for initial access among cybercriminals. This rise in credential theft coincides with a 179% surge in ransomware attacks during the same period. 

According to Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint, this dramatic escalation highlights the industrial scale at which cybercrime is now conducted. The report suggests that to counter this growing threat, organizations must adopt a dual strategy: monitor stolen credential datasets and set up alert systems tied to specific compromised domains.  

Furthermore, the report advocates for moving beyond traditional password-based authentication. Replacing passwords and basic two-factor authentication (2FA) with passkeys or other robust methods can help reduce risk. 

As cybercriminal operations grow increasingly professional, relying on outdated security measures only makes organizations more vulnerable. With CaaS tools making sophisticated attacks more accessible than ever, companies must act swiftly to enhance identity protection, tighten access controls, and build real-time breach detection into their infrastructure. 

The rapid evolution of cybercrime in 2025 is a stark reminder that prevention and preparedness are more critical than ever.
Read more »
IBM Security
AI governance AI Risks AI Systems AI technology Breaches Cyber Security Data Breaches data security IBM IBM research IBM Security

Racing Ahead with AI, Companies Neglect Governance—Leading to Costly Breaches

 

Organizations are deploying AI at breakneck speed—so rapidly, in fact, that foundational safeguards like governance and access controls are being sidelined. The 2025 IBM Cost of a Data Breach Report, based on data from 600 breached companies, finds that 13% of organizations have suffered breaches involving AI systems, with 97% of those lacking basic AI access controls. IBM refers to this trend as “do‑it‑now AI adoption,” where businesses prioritize quick implementation over security. 

The consequences are stark: systems deployed without oversight are more likely to be breached—and when breaches occur, they’re more costly. One emerging danger is “shadow AI”—the widespread use of AI tools by staff without IT approval. The report reveals that organizations facing breaches linked to shadow AI incurred about $670,000 more in costs than those without such unauthorized use. 

Furthermore, 20% of surveyed organizations reported such breaches, yet only 37% had policies to manage or detect shadow AI. Despite these risks, companies that integrate AI and automation into their security operations are finding significant benefits. On average, such firms reduced breach costs by around $1.9 million and shortened incident response timelines by 80 days. 

IBM’s Vice President of Data Security, Suja Viswesan, emphasized that this mismatch between rapid AI deployment and weak security infrastructure is creating critical vulnerabilities—essentially turning AI into a high-value target for attackers. Cybercriminals are increasingly weaponizing AI as well. A notable 16% of breaches now involve attackers using AI—frequently in phishing or deepfake impersonation campaigns—illustrating that AI is both a risk and a defensive asset. 

On the cost front, global average data breach expenses have decreased slightly, falling to $4.44 million, partly due to faster containment via AI-enhanced response tools. However, U.S. breach costs soared to a record $10.22 million—underscoring how inconsistent security practices can dramatically affect financial outcomes. 

IBM calls for organizations to build governance, compliance, and security into every step of AI adoption—not after deployment. Without policies, oversight, and access controls embedded from the start, the rapid embrace of AI could compromise trust, safety, and financial stability in the long run.
Read more »
Personal Data
Advanced Social Engineering Customer Data Customer Data Exposed Data Breach Data Leak Data Privacy data security Malware. Scattered Spider Personal Data

Allianz Life Data Breach Exposes Personal Information of 1.4 Million Customers

 

Allianz Life Insurance has disclosed a major cybersecurity breach that exposed the personal details of approximately 1.4 million individuals. The breach was detected on July 16, 2025, and the company reported the incident to the Maine Attorney General’s office the following day. Initial findings suggest that the majority of Allianz Life’s customer base may have been impacted by the incident. 

According to Allianz Life, the attackers did not rely on exploiting technical weaknesses but instead used advanced social engineering strategies to deceive company employees. This approach bypasses system-level defenses by manipulating human behavior and trust. The cybercriminal group believed to be responsible is Scattered Spider, a collective that recently orchestrated a damaging attack on UK retailer Marks & Spencer, leading to substantial financial disruption. 

In this case, the attackers allegedly gained access to a third-party customer relationship management (CRM) platform used by Allianz Life. The company noted that there is no indication that its core systems were affected. However, the stolen data reportedly includes personally identifiable information (PII) of customers, financial advisors, and certain employees. Allianz SE, the parent company, confirmed that the information was exfiltrated using social engineering techniques that exploited human error rather than digital vulnerabilities. 

Social engineering attacks often involve tactics such as impersonating internal staff or calling IT help desks to request password resets. Scattered Spider has been known to use these methods in past campaigns, including those that targeted MGM Resorts and Caesar’s Palace. Their operations typically focus on high-profile organizations and are designed to extract valuable data with minimal use of traditional hacking methods. 

The breach at Allianz is part of a larger trend of rising cyberattacks on the insurance industry. Other firms like Aflac, Erie Insurance, and Philadelphia Insurance have also suffered similar incidents in recent months, raising alarms about the sector’s cybersecurity readiness.  

Industry experts emphasize the growing need for businesses to bolster their cybersecurity defenses—not just by investing in better tools but also by educating their workforce. A recent Experis report identified cybersecurity as the top concern for technology firms in 2025. Alarmingly, Tech.co research shows that nearly 98% of senior leaders still struggle to recognize phishing attempts, which are a common entry point for such breaches. 

The Allianz Life breach highlights the urgent need for organizations to treat cybersecurity as a shared responsibility, ensuring that every employee is trained to identify and respond to suspicious activities. Without such collective vigilance, the threat landscape will continue to grow more dangerous.
Read more »
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
rogue VPN servers
Cyber Networks Cyber Security data security DNS Free Wi-Fi Mobile Encryption Network Security Public Wifi Robust security rogue VPN servers

How to Stay Safe on Public Wi-Fi: Myths, Real Risks, and Smart Habits

 

Many people view public Wi-Fi as an open invitation for hackers to steal their personal data, but this perception isn’t entirely accurate. While using Wi-Fi in public places such as cafés, airports, or hotels does come with certain cybersecurity risks, the actual danger lies not in the connection itself but in how people use it.

Modern websites and apps typically use encryption protocols like HTTPS, which secure most of your sensitive information, including passwords and messages, making casual data theft far less likely than commonly believed. However, even with HTTPS in place, not all your online activity is invisible. Some data, like the websites you visit, may still be visible through DNS queries. 

Additionally, not every service online uses robust encryption, leaving some room for exposure. These vulnerabilities aren’t as dramatic as horror stories suggest, but they do exist. The greater risk occurs when users unknowingly connect to rogue networks. Cybercriminals often set up fake Wi-Fi hotspots with names that closely mimic those of legitimate businesses, such as a café or airport. Once someone connects to these impostor networks, attackers can monitor traffic, inject malicious content, or trick users into providing login details through fake portals. 

This tactic is especially effective in busy locations where users are in a rush to get online. A study from Statista revealed that about 40% of public Wi-Fi users have faced some form of data breach. These breaches typically occur not because Wi-Fi is inherently unsafe, but because people connect without confirming if the network is authentic. Once connected to a malicious hotspot, attackers can intercept data or even hijack active sessions, impersonating the user without ever needing their password. 

To safely use public Wi-Fi, a few precautions can go a long way. Always verify the network name with staff before connecting, and avoid networks that don’t require passwords unless you are certain of their authenticity. Disable automatic connections and file sharing on your devices when in public spaces. Using a virtual private network (VPN) provides an additional layer of protection by encrypting your data, even if you’ve joined a compromised network. 

However, it’s important to avoid free VPN services, which may compromise your privacy. Reputable providers offer stronger protections and better security practices. Users should also be wary of login portals that ask for more than basic information. Legitimate public Wi-Fi networks usually request a simple access code, such as one printed on a receipt or linked to a hotel room number. Avoid entering personal details like email addresses or credit card numbers unless you’re absolutely certain the network is genuine. 

For sensitive tasks like banking or shopping, it’s best to wait until you’re on a secure, trusted network or switch to mobile data. Keeping your device software up to date is another crucial step. Manufacturers frequently release patches for known vulnerabilities, and delaying updates means exposing yourself to risks that have already been fixed. Make a habit of updating your system before heading out, rather than waiting until you’re already traveling. 

In summary, public Wi-Fi isn’t the threat it’s often made out to be, but carelessness can turn it into one. Most attackers rely on social engineering and users’ haste, not on technical flaws in the network. Taking a few extra seconds to verify the network, using a VPN, and staying alert to suspicious login pages can significantly reduce your risk. Being mindful while connecting can be the difference between staying safe and falling victim to a data breach.
Read more »
data security
customer privacy Customer Trust Cyber Community Cyber Security Data Privacy Data Safety User Data data security

Why Web3 Exchanges Must Prioritize Security, Privacy, and Fairness to Retain Users

 

In the evolving Web3 landscape, a platform’s survival hinges on its ability to meet community expectations. If users perceive an exchange as unfair, insecure, or intrusive, they’ll swiftly move on. This includes any doubts about the platform’s transparency, ability to safeguard user data, or deliver features that users value.  

The challenge lies in balancing ideal user experience with realistic limitations. While complete invulnerability isn’t feasible, exchanges must adopt rigorous security protocols that align with industry best practices. Beyond technical defenses, they must also enforce strict data privacy policies and ensure customer funds remain entirely under user control. 

So, how can an exchange rise to these expectations without compromising service quality? The key lies in maintaining equilibrium between protection and functionality. A robust exchange must operate with enterprise-level security, including encryption at a high standard. Since smart contract flaws can remain hidden for long periods, it’s essential that platforms perform internal and third-party audits. 

Security firms and penetration testers, like red teams, simulate cyberattacks to expose and address weaknesses before attackers can exploit them. Users evaluating exchanges should consider not just the presence of encryption but also whether the platform uses external experts to continuously test its defenses. In handling funds, exchanges must mitigate risks such as consensus failures and ensure their infrastructure can validate and process inter-chain transactions securely. 

However, these protective measures shouldn’t come at the cost of speed or efficiency. Metrics such as transactions per second (TPS), consensus time, and finality should remain optimized for a seamless experience. Equally important is protecting user privacy. Web3 users face threats ranging from data leaks and surveillance to the misuse of trading data by advanced bots. 

These issues demand concrete actions—not vague assurances. Transparent privacy policies and secure data practices are essential. Enclave Markets has set an example in privacy-focused trading. Their off-chain enclave prevents malicious actors from seeing trade activity, effectively eliminating front-running and ensuring fair execution with zero spread and no slippage.  

Another often overlooked area is fairness in reward programs. Many exchanges structure incentives in ways that disproportionately benefit bots or large-scale traders. Enclave Markets addresses this with a more balanced rewards system that favors genuine users over manipulators. Their recently introduced EdgeBot allows users to track and trade tokens directly within Telegram, minimizing friction and response time. 

This type of intuitive innovation reflects a deep understanding of user needs. Ultimately, users must take responsibility to verify if a platform truly upholds the principles of fairness, security, and privacy. These aren’t optional features—they’re the foundation of any trustworthy Web3 exchange.
Read more »
Data Theft
CISA CISA advisory CVE CVE exploits CVEs Cyber Attacks Cyber Exploits Cyber flaws Cyber Vulnerabilities Data protection data security Data Theft

CISA Urges Immediate Patching of Critical SysAid Vulnerabilities Amid Active Exploits

 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about two high-risk vulnerabilities in SysAid’s IT service management (ITSM) platform that are being actively exploited by attackers. These security flaws, identified as CVE-2025-2775 and CVE-2025-2776, can enable unauthorized actors to hijack administrator accounts without requiring credentials. 

Discovered in December 2024 by researchers at watchTowr Labs, the two vulnerabilities stem from XML External Entity (XXE) injection issues. SysAid addressed these weaknesses in March 2025 through version 24.4.60 of its On-Premises software. However, the urgency escalated when proof-of-concept code demonstrating how to exploit the flaws was published just a month later, highlighting how easily bad actors could access sensitive files on affected systems. 

Although CISA has not provided technical specifics about the ongoing attacks, it added the vulnerabilities to its Known Exploited Vulnerabilities Catalog. Under Binding Operational Directive 22-01, all Federal Civilian Executive Branch (FCEB) agencies are required to patch their systems by August 12. CISA also strongly recommends that organizations in the private sector act swiftly to apply the necessary updates, regardless of the directive’s federal scope. 

“These vulnerabilities are commonly exploited by malicious cyber actors and present serious threats to government systems,” CISA stated in its warning. SysAid’s On-Prem solution is deployed on an organization’s internal infrastructure, allowing IT departments to manage help desk tickets, assets, and other services. According to monitoring from Shadowserver, several dozen SysAid installations remain accessible online, particularly in North America and Europe, potentially increasing exposure to these attacks. 

Although CISA has not linked these specific flaws to ransomware campaigns, the SysAid platform was previously exploited in 2023 by the FIN11 cybercrime group, which used another vulnerability (CVE-2023-47246) to distribute Clop ransomware in zero-day attacks. Responding to the alert, SysAid reaffirmed its commitment to cybersecurity. “We’ve taken swift action to resolve these vulnerabilities through security patches and shared the relevant information with CISA,” a company spokesperson said. “We urge all customers to ensure their systems are fully up to date.” 

SysAid serves a global clientele of over 5,000 organizations and 10 million users across 140 countries. Its user base spans from startups to major enterprises, including recognized brands like Coca-Cola, IKEA, Honda, Xerox, Michelin, and Motorola.
Read more »
Personal Information
customer data compromise customer data leak customer data privacy Data Breach Data Leak Data Privacy data security Database Leaked Fashion Retailer Personal Information

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak

 

Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look. 

The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million. 

The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours. 

However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform. 

In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers. 

The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.
Read more »
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
protecting sensitive data
Army British Army Data Breach Data Leak Data protection data security Information Security protecting sensitive data

UK Army Probes Leak of Special Forces Identities in Grenadier Guards Publication

 

The British Army has initiated an urgent investigation following the public exposure of sensitive information identifying members of the UK Special Forces. General Sir Roly Walker, Chief of the General Staff, has directed a comprehensive review into how classified data was shared, after it was found that a regimental newsletter had published names and postings of elite soldiers over a period of more than ten years. 

The internal publication, created by the Grenadier Guards Regimental Association, is believed to have revealed the identities and current assignments of high-ranking officers serving in confidential roles. Several names were reportedly accompanied by the abbreviation “MAB,” a known military code linked to Special Forces. Security experts have expressed concern that such identifiers could be easily deciphered by hostile actors, significantly raising the risk to those individuals. 

The revelation has triggered backlash within the Ministry of Defence, with Defence Secretary John Healey reportedly outraged by the breach. The Ministry had already issued warnings about this very issue, yet the publication remained online until it was finally edited last week. The breach adds to growing concern over operational security lapses in elite British military units.  

This latest disclosure follows closely on the heels of another incident in which the identities of Special Forces soldiers involved in missions in Afghanistan were exposed through a separate data leak. That earlier breach had been shielded by a legal order for nearly two years, emphasizing the persistent nature of such security vulnerabilities. 

The protection of Special Forces members’ identities is a critical requirement due to the covert and high-risk nature of their work. Publicly exposing their names can not only endanger lives but also jeopardize ongoing intelligence missions and international collaborations. The leaked material is also said to have included information about officers working within the Cabinet Office’s National Security Secretariat—an agency that advises the Prime Minister on national defence—and even a soldier assigned to General Walker’s own operational staff. 

While the Grenadier Guards’ publication has now removed the sensitive content, another regiment had briefly published similar details before promptly deleting them. Still, the extended availability of the Grenadier data has raised questions about oversight and accountability in how military associations manage sensitive information.  

General Walker, a former commander of the Grenadier Guards, announced that he has mandated an immediate review of all information-sharing practices between the army and regimental associations. His directive aims to ensure that stronger protocols are in place to prevent such incidents in the future, while still supporting the positive role these associations play for veterans and serving members alike. 

The Defence Ministry has not released details on whether those named in the leak will be relocated or reassigned. However, security analysts say the long-term consequences of the breach could be serious, including potential threats to the personnel involved and operational risks to future Special Forces missions. As investigations continue, the British Army is now under pressure to tighten internal controls and better protect its most confidential information from digital exposure.
Read more »
protecting sensitive data
Chinese Hackers Cyber Attacks cyber espionage cybercriminal group Cyberthreatm Salt Typhoon Hacks data security Data Theft DHS Hacker attack Hacker group protecting sensitive data

Chinese Hacker Group Salt Typhoon Breaches U.S. National Guard Network for Nine Months

 

An elite Chinese cyber-espionage group known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network for nearly nine months, according to a classified Pentagon report revealed in a June Department of Homeland Security (DHS) memo. The memo, obtained by the nonprofit Property of the People through a freedom of information request, indicates the hackers had deep access between March and December 2024, raising alarms about compromised military or law enforcement data. 

Salt Typhoon has previously been linked to some of the most expansive cyber-intrusions into American infrastructure. This latest revelation suggests their reach was even broader than earlier believed. Authorities are still investigating the full extent of data accessed, including sensitive internal documents, personal information of service members, and network architecture diagrams. The affected state’s identity remains undisclosed. 

The Department of Defense declined to comment on the matter, while a spokesperson from the National Guard Bureau confirmed the breach but assured that the incident did not hinder any ongoing state or federal missions. Investigations are ongoing to determine the scope and potential long-term impact of the breach. 

China’s embassy in Washington did not directly deny the allegations but claimed the U.S. had not provided concrete evidence linking Salt Typhoon to the Chinese government. They reiterated that cyberattacks are a global threat and that China also faces similar risks. 

Salt Typhoon is particularly notorious for its ability to infiltrate and pivot across different networks. In a prior campaign, the group was linked to breaches at major telecom companies, including AT&T and Verizon, where hackers allegedly monitored text messages and calls tied to U.S. political figures, including both Trump and Harris campaigns and Senate Majority Leader Chuck Schumer’s office.

The hybrid structure of the National Guard — functioning under both federal and state authority — may have provided a wider attack surface. According to the DHS memo, the group may have obtained intelligence that could be used to compromise other states’ National Guard units and their local cybersecurity partners. Fourteen state National Guard units reportedly share intelligence with local fusion centers, potentially magnifying the risk. 

In January 2025, the U.S. Treasury Department sanctioned a company in Sichuan believed to be facilitating Salt Typhoon operations for China’s Ministry of State Security. Past incidents have shown that Salt Typhoon can maintain access for years, making complete removal and defense particularly challenging.
Read more »
Ransomwares
cryptocurrency Cyber Attacks CyberCriminal cybercriminal group data security Ransom Demands ransomware attacks Ransomware Groups Ransomwares

Romanian Arrested in Diskstation Ransomware Operation Targeting Synology NAS Devices

 

A 44-year-old Romanian national has been arrested as part of a coordinated international law enforcement effort to take down the cybercriminal group behind the Diskstation ransomware campaign. This group is known for targeting Synology Network-Attached Storage (NAS) devices, which are widely used by businesses and organizations for centralized file storage, data backups, and hosting. These attacks have primarily affected entities operating in enterprise environments, where NAS systems are critical to daily operations. 

The Diskstation ransomware group has operated under several aliases, including DiskStation Security, Quick Security, 7even Security, Umbrella Security, and LegendaryDisk Security. Since its emergence in 2021, the group has engaged in multiple ransomware campaigns, encrypting data on NAS devices and demanding cryptocurrency payments in exchange for decryption keys. 

Victims have included international organizations involved in civil rights advocacy, film production, and event management. These attacks left many victims unable to continue operations unless they agreed to pay substantial ransoms. Authorities in Italy launched an investigation after numerous companies in the Lombardy region reported ransomware attacks that rendered their data inaccessible. 

The attackers demanded payments in cryptocurrency, prompting investigators to analyze the affected systems and blockchain transactions. This digital trail eventually led police across borders, uncovering connections in both France and Romania. The operation, dubbed “Elicius,” was coordinated by Europol and culminated in a series of raids in Bucharest in June 2024. During these raids, several individuals believed to be involved in the Diskstation campaign were identified. One suspect was caught in the act of committing a cybercrime. 

The 44-year-old man who was arrested is now in custody and faces charges including unauthorized access to computer systems and extortion. While the Diskstation name is often associated with Synology’s NAS products, this specific campaign received little attention from mainstream cybersecurity outlets. 

However, it caused significant disruption to organizations worldwide. The ransomware gang reportedly demanded payments ranging from $10,000 to several hundred thousand dollars, depending on the organization’s size and data sensitivity. Law enforcement agencies continue to investigate the broader network behind the Diskstation operation. 

The case underscores the growing threat of ransomware campaigns targeting critical infrastructure and storage solutions. As attackers evolve their methods and target widely used systems like Synology NAS, cybersecurity vigilance remains crucial for all organizations, regardless of size or industry.
Read more »
Ransomwares
Cyber Attacks Data Leak data security Data Theft DragonForce DragonForce Ransomware Group Hacker attack Hacking Group Ransomware attack Ransomware group Ransomwares

Belk Hit by Ransomware Attack as DragonForce Claims Responsibility for Data Breach

 

The department store chain Belk recently became the target of a ransomware attack, with the hacking group DragonForce taking responsibility for the breach. The cybercriminals claim to have stolen 156 GB of sensitive data from the company’s systems in early May. 

JP Castellanos, Director of Threat Intelligence at cybersecurity firm Binary Defense, stated with high confidence that DragonForce is indeed behind the incident. The company, based in Ohio, specializes in threat detection and digital forensics. During an investigation of dark web forums on behalf of The Charlotte Observer, Castellanos found that DragonForce had shared samples of the stolen data online. 

In a message directed at Belk, the group stated that its original aim wasn’t to damage the company but to push it into acknowledging its cybersecurity failures. DragonForce claims Belk declined to meet ransom demands, which ultimately led to the data being leaked, affecting numerous individuals. 

Following the breach, Belk has been named in multiple lawsuits. The complaints allege that the company not only failed to protect sensitive personal information but also delayed disclosing the breach to the public. Information accessed by the attackers included names, Social Security numbers, and internal documentation related to employees and their families. 

The cyberattack reportedly caused a complete systems shutdown across Belk locations between May 7 and May 11. According to a formal notice submitted to North Carolina’s Attorney General, the breach was discovered on May 8 and disclosed on June 4. The total number of affected individuals was 586, including 133 residents of North Carolina. 

The stolen files contained private details such as account numbers, driver’s license data, passport information, and medical records. Belk responded by initiating a full-scale investigation, collaborating with law enforcement, and enhancing their digital security defenses. On June 5, Belk began notifying those impacted by the attack, offering one year of free identity protection services. These services include credit and dark web monitoring, as well as identity restoration and insurance coverage worth up to $1 million. 

Despite these actions, Belk has yet to issue a public statement or respond to ongoing media inquiries. DragonForce, identified by experts as a hacktivist collective, typically exploits system vulnerabilities to lock down company networks, then demands cryptocurrency payments. If the demands go unmet, the stolen data is often leaked or sold. 

In Belk’s case, the group did not list a price for the compromised data. Castellanos advised anyone who has shopped at Belk to enroll in credit monitoring as a precaution. Belk, which was acquired by Sycamore Partners in 2015, has been working through financial challenges in recent years, including a short-lived bankruptcy filing in 2021. 

The retailer, now operating nearly 300 stores across 16 southeastern U.S. states, continues to rebuild its financial footing amid cybersecurity and operational pressures.
Read more »
Subscribe to: Posts (Atom)