Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label data security. Show all posts
Data Theft
Cyber Attacks Cyber Data Cyber Security Ransomware Attacks CyberCriminal Data protection data security Data Theft

Foxconn Cyberattack Exposes Alleged Intel, Apple, Nvidia and Google Project Data

 

A wave of digital intrusion lately hit Foxconn, causing interruptions across certain segments of its North American facilities when the Nitrogen ransomware collective admitted involvement - disclosing they had infiltrated systems and extracted vast troves of confidential information. This incident underscores, yet again, how intensifying demands from cybercriminal networks now challenge critical links within international tech logistics, particularly those manufacturers embedded deep inside the production ecosystems serving top-tier technology brands. 

Later on, after initial reports emerged, Foxconn confirmed disruptions across multiple sites in North America. Right away, its cyber defense units began executing crisis protocols instead of waiting for further escalation. Because systems required immediate protection, temporary measures went into place to shield manufacturing flow. Even so, certain plants experienced brief halts in daily activity due to digital interference. Gradually now, output levels are stabilizing following those earlier setbacks. 

Later, the ransomware operators listed Foxconn on their public leak page, stating they had taken close to 8 terabytes of data - over 11 million individual files. Their claim centers on possession of private technical records: blueprints, project directives meant for internal use, engineering schematics. Information tied to big tech names like Apple, Nvidia, Intel, Google, and Dell reportedly appears within what was pulled. Though unverified, the alleged haul suggests access to development assets considered highly sensitive. 

Even though hackers say they took customer data, Foxconn hasn’t said if any was truly exposed. Without a clear statement, it remains unclear how much information may have been reached - or if partner details were touched at all. Ever since 2023, the Nitrogen ransomware crew has operated under suspicion of ties to variants spawned from exposed Conti 2 code. Researchers point out weaknesses in their tools - especially when striking VMware ESXi systems. 

Despite handing over payments, certain targets still could not retrieve locked data. This failure stems from defective decryption mechanisms built directly into the malicious software. Recovery gaps appear baked into its flawed design. Should that glitch persist, affected groups might face deeper troubles - offering money to hackers does not always bring back locked data or recover what was taken. Back in 2024, the LockBit group took credit for breaching Foxsemicon Integrated Technology - a firm within the larger Foxconn Technology Group. 

It wasn’t an isolated case; a similar unit of Foxconn in Mexico had drawn their attention two years prior. Ransomware attacks on this network are nothing new. The pattern stretches further back than it might first appear. Now worries spread through the hardware world after the recent security incident, given how central Foxconn is to building devices and moving parts for big tech firms worldwide. 

When something interferes with its work, delays may ripple into assembly timelines, logistics systems, operational frameworks, even sensitive processes behind upcoming gadgets and corporate tools. Because they rely on many partners, handle valuable technical details, and face tight deadlines when operations fail, factories and logistics companies often attract ransomware groups. 

With more strikes hitting essential vendors lately, better separation between internal systems is becoming a priority - alongside stronger crisis plans and tighter protection for confidential design files that could be stolen or leaked.
Read more »
Malware Attack
Cyber Attacks Cyber Breaches Cyber websites data security Fake Windows Linux Linux Malware Malware Attack

JDownloader Website Breach Spreads Malware Through Fake Windows and Linux Installers

 

In early May 2026, the official website for JDownloader was compromised, causing users to unknowingly download infected installers instead of legitimate software. During the two-day breach window, attackers replaced Windows and Linux setup files with malicious versions carrying hidden malware. Researchers later discovered that the Windows payload deployed a stealthy Python-based remote access trojan capable of giving attackers control over infected systems. 

Because the files appeared authentic and came directly from a trusted source, many users installed them without suspicion. JDownloader remains one of the most widely used download automation tools, supporting downloads from hosting services, streaming sites, and premium file-sharing platforms across Windows, Linux, and macOS. Its long-standing reputation and large user base made the attack especially dangerous, as users naturally trusted downloads from the official website. 

The issue first gained attention after a Reddit user reported Microsoft Defender warnings while downloading updated installers from the JDownloader website. The files showed suspicious digital signatures linked to unknown names like “Zipline LLC” and “The Water Team” instead of AppWork GmbH, the legitimate developer. Community concern quickly spread online, prompting the development team to investigate. 

Soon after, JDownloader confirmed that attackers had exploited an unpatched flaw in the site’s content management system to modify download links and redirect users toward malicious third-party installers. Developers stated that the compromise was limited to public-facing web content and did not extend to deeper server infrastructure or operating system-level access. The team later clarified that only the Windows “Alternative Installer” downloads and Linux shell installer links were affected. 

Other distribution channels, including macOS packages, Flatpak, Winget, Snap releases, in-app updates, and the main JAR package, remained secure throughout the incident. Developers urged users to verify installer authenticity by checking digital signatures within file properties. Legitimate files should display a verified signature from AppWork GmbH, while unsigned installers or files signed by unfamiliar publishers should be avoided immediately. 

Cybersecurity researcher Thomas Klemenc later analyzed the malicious Windows files and found they acted as loaders for a heavily obfuscated Python-based remote access tool. According to his findings, the malware could execute remote commands through command-and-control servers, silently turning infected devices into attacker-controlled systems. Analysis of the Linux shell installer also uncovered injected malicious code designed to download disguised payloads from suspicious domains. 

Once executed, the malware installed hidden binaries, created persistence mechanisms, elevated privileges using root-level configurations, and disguised itself as legitimate Linux system processes to avoid detection. Experts noted that parts of the Linux malware remain difficult to fully understand because the payload was heavily protected using obfuscation tools like Pyarmor, limiting deeper analysis. 

Although JDownloader stressed that only users who downloaded and executed installers during the breach window were at risk, security professionals strongly recommend reinstalling operating systems on infected machines. Since arbitrary code execution was possible, experts also advise resetting all passwords after cleaning affected devices due to potential credential theft. 

The attack reflects a growing cybersecurity trend in which hackers target trusted software platforms to distribute malware through compromised downloads. Similar incidents recently affected CPU-Z, HWMonitor, and DAEMON Tools, where attackers replaced legitimate installers with infected versions carrying hidden malware.  

As supply chain attacks continue increasing, cybersecurity experts stress the importance of checking digital signatures carefully and avoiding suspicious downloads, even on trusted software platforms.
Read more »
data security
AI coding tools Consumer Data Exposure Corporate Data Breach cybersecurity vulnerabilities Data Breach data security

AI Coding Tools Expose Thousands of Apps With Sensitive Corporate Data Online

 

Thousands of web applications built using AI coding tools have been found publicly accessible online without proper security protections. Researchers at RedAccess identified more than 5,000 exposed apps tied to companies, many revealing private information to anyone with the correct URL. Employee records, customer conversations, system plans, and financial files were among the exposed materials. The problem wasn’t faulty code but missing security setup steps that many users overlooked. 

In many cases, public access remained enabled long after deployment, creating silent data leaks that went unnoticed for months. Many of the vulnerable apps were created using platforms like Replit, Netlify, Base44 owned by Wix, and Lovable. Nearly 2,000 apps appeared to contain genuine sensitive information, including advertising spending reports, company strategy documents, chatbot logs, customer contact details, hospital personnel records, and financial summaries. 

According to RedAccess researcher Dor Zvi, the issue is linked to the rise of “vibe coding,” where non-technical employees use AI tools to rapidly build and publish web applications. Since these platforms make development extremely simple, apps can go live within minutes without any review from engineering or cybersecurity teams. Researchers found the exposed apps through basic Google and Bing searches because many AI coding services host projects publicly on shared domains by default. 

Some applications exposed private information without requiring logins, while others reportedly allowed outsiders to gain administrative control over backend systems. The exposed data covered multiple industries. Hospital staff schedules listing doctors’ identities appeared alongside marketing strategy presentations, shipping records, retailer chatbot conversations, and detailed advertising campaign budgets. Such leaks could expose sensitive competitive information, including business planning timelines and financial allocations. 

The investigation also uncovered phishing websites hosted directly on AI coding platform domains. These fake pages impersonated major companies including Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s. The platforms disputed parts of the findings while acknowledging that publicly accessible apps existed. Amjad Masad said users choose whether apps remain public or private. Lovable emphasized that creators are responsible for configuring security correctly, while Wix stated weakening protections requires deliberate user actions. 

Security experts argue the broader issue remains serious because AI coding tools rarely enforce strong safeguards automatically. Many employees using them lack training in authentication systems or permission controls, allowing insecure deployments to slip through unnoticed. Researchers say the situation resembles earlier waves of exposed Amazon S3 cloud storage buckets, where confusing defaults and user mistakes left sensitive files publicly accessible. 

AI-powered coding platforms may now be accelerating similar risks on a larger scale as businesses increasingly rely on AI tools for internal dashboards, marketing systems, client portals, and reporting applications. Experts also warn the true scale may be far larger. The 5,000 discovered apps only included projects hosted directly on AI platform domains. Thousands more could exist on privately owned domains that standard searches cannot easily detect. 

As AI-generated development grows rapidly, companies are now under pressure to strengthen oversight, improve employee training, and introduce stricter security reviews. Without stronger safeguards, fast AI-assisted app creation could continue exposing confidential corporate and personal information online.
Read more »
Microsoft security
Credential Security Cyber Phishing Cyber Security Data protection data security Microsoft Microsoft security

Microsoft Warns Users About Rising QR Code Phishing and Quishing Scams

 

Microsoft’s cybersecurity researchers have uncovered a growing wave of phishing scams using QR codes hidden inside emails, PDF files, and fake CAPTCHA pages. Instead of clicking suspicious links, victims scan QR codes that secretly redirect them to fraudulent websites designed to steal login credentials and session data. The attacks spread quickly because they bypass many traditional security filters and often appear harmless at first glance. 

Known as “quishing,” these scams hide malicious links inside QR codes, avoiding the usual warning signs tied to suspicious URLs. Emails often create urgency through fake compliance notices, security alerts, or missed-message warnings, encouraging users to scan the code without carefully checking the sender. According to Microsoft, attackers are impersonating HR teams, IT departments, managers, and office administrators to make messages appear legitimate. 

Once scanned, users are routed through several webpages before landing on counterfeit login portals built to capture usernames, passwords, and even live session tokens capable of bypassing some two-factor authentication protections. Researchers say more than 35,000 users across approximately 13,000 organizations worldwide have already been targeted, with cases continuing to rise. Many people trust QR codes because they are commonly used for menus, payments, and sign-ins, making them less likely to question the risks behind scanning one. 
Cybercriminals are exploiting that familiarity to trick users into exposing sensitive information. A recent case highlighted by Digit.in demonstrated how convincing these scams can be. Employees reportedly received emails appearing to come from an Office 365 administrator claiming several messages were awaiting approval. Instead of links, the email included a QR code directing users elsewhere. Investigators tested the QR code using a freshly wiped mobile device across Android and iOS platforms to minimize potential risks. 

While the QR codes in that case did not install malware or alter device settings, the test showed how easily similar scams could deceive unsuspecting users. Security professionals warn that scanning unfamiliar QR codes on devices containing banking apps, work credentials, personal photos, or confidential files can expose users to serious threats without obvious warning signs. Experts recommend avoiding QR codes sent through unsolicited emails, verifying senders carefully, and checking linked addresses before entering passwords. 

As cybercriminals increasingly rely on social engineering instead of direct hacking, simple actions like scanning a QR code are becoming new entry points for digital attacks.
Read more »
Instructure
AI Canvas Cloud Data Breach Data Leak data security Instructure

Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility


Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff.

100s of GBs data leaked

The data breach accounts for hundreds of gigabytes, possibly leaking Canvas users’ email ids, private messages, and names. 

Instructure revealed in May that it was hit by a data breach. The Canvas incidents of 8,809 universities, educational platforms, schools were impacted by the attack. ShinyHunters said that the numbers range between tens of thousands to several millions per institution.

It is concerning that a lot of K-12 students’ data has been leaked. If your child has been affected by the data breach, Malware Bytes can help in what to do next and how to stay safe.

Canvas compromised

Various students who tried using Canvas after the cyberattack received the message from ShinyHunters blackmailing to leak the data if Instructure did not contact the hackers by May 12. Canvas was shut down offline for various students following the incident, but it is now available for most users. 

GTA 6, Studio Rockstar were blackmailed too

ShinyHunters has been killing it this year, with only high profile targets in its track records. The group asked for a ransom from GTA 6 (a video game) Studio Rockstar in April. But in reality, it was a hoax demand as the hackers did not have anything important/worthy to leak. 

Nvidea Geforce allegedly hacked

But recently, the group allegedly claimed responsibility for the Nvidea’s GeForce Now breach, claiming to have “pulled their entire database straight from the backend."

Shiny hunters all over the place

In the Canvas incident, ShinyHunters allegedly stole user records through exposrting features inside the platform. This consists of DAP queries, APIs, and provisioning reports, according to Bleeping Computers. “The unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. 

It also added that it “revoked privileged credentials and access tokens, deployed platform-wide protections, rotated certain internal keys, restricted token creation pathways, and added monitoring across our platforms." 

The impact

Instructure also “engaged a third-party forensic firm and notified law enforcement. Beyond the immediate response, we're hardening administrative access, token management, permissions, monitoring, and related workflows. The investigation may inform further improvements.”

However, it might be too little, too late—parents are unlikely to overlook the possibility of disclosing their children's information. The much bigger problem, though, is the disastrous harm ShinyHunters has caused to Canvas's operations and reputation, as malware historian vx-underground stated on X.

Read more »
leaked sensitive data
Customer Data Data Breach Data Leak Data protection data security Hacking Attack Hacking Group leaked sensitive data

ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users

 

Early this year, Vimeo faced a security incident leading to the theft of personal details tied to over 119,000 people by the ShinyHunters hacking collective. Information on the leak became known via Have I Been Pwned, a service tracking compromised accounts, after examining the exposed records. 

Late last month, Vimeo revealed a security issue affecting its systems. The platform, known for hosting and streaming videos globally, serves many millions of active users. Access by unknown parties came via a flaw tied to Anodot. This firm provides tools that spot irregularities in data flows. Its technology connects directly into parts of Vimeo’s infrastructure. 

The event marks one point where external partnerships introduced risk. Details emerged only after internal reviews concluded. One thing became clear: the entry did not stem from inside Vimeo's own network. Instead, it traced back to how outside services link up. Security teams now examine how third-party integrations affect overall protection levels. 

Surprisingly, early reports showed hackers obtained technical data, video metadata, and titles - sometimes even user emails. Despite the breach, payment information, account passwords, and live session tokens stayed secure, according to internal confirmation. Throughout the event, Vimeo’s main system kept running smoothly, maintaining full service availability. Unexpectedly, operations continued without noticeable interference. 

Right away, Vimeo shut down every login linked to Anodeto stop any more unwanted entry once the break-in came to light. Instead of handling things alone, outside cyber experts joined to support the inquiry. At the same time, officials responsible for enforcing laws got word about what happened. Later, even so, the hackers released a huge 106GB collection of stolen files online when talks reportedly broke down. 

That data appeared on a hidden website used by the ShinyHunters crew, who stated weak login credentials tied to Anodot opened doors unexpectedly. From there, they moved into Vimeo's storage platforms - Snowflake and BigQuery - with little resistance. Some 119,200 individuals had their email addresses disclosed, along with names in certain instances, based on findings from Have I Been Pwned after reviewing the leaked data. 

Though the breach details have circulated, Vimeo hasn’t officially verified how many accounts were impacted. Inside these breaches, access began through deceptive emails or fake support calls tricking staff. Not long ago, compromised logins gave hackers entry to identity tools like Okta and Microsoft Entra. From there, movement spread toward customer relationship software, team messaging apps, file storage, design programs, help desks, and workplace productivity suites. Cloud infrastructure and subscription-based tech now draw more attention than before. 

Breach attempts often follow weak points in unified login setups across company networks. Though main networks stay secure, outside providers sometimes open doors hackers exploit. A breach in one connected service might unlock several company areas at once. Experts observe rising incidents targeting cloud logins and partner tools for this reason. Instead of attacking central defenses, intruders shift focus to these links. Sensitive client data ends up at risk even if primary infrastructure holds firm.  

Recently, ShinyHunters took credit for hacks spanning education, retail, health care, gaming, and government bodies. Vimeo's situation shows third-party links still pose steady threats to big digital services managing vast user information. Despite different targets, weak outside connections often open doors. One breach can ripple through many layers unexpectedly.
Read more »
data security
AI Chatbot AI chatbot dangers AI chatbot data leak Cyber Security Data Privacy Data protection data security

AI Chatbot Training Raises Growing Privacy and Data Security Concerns

 

Most conversations with AI bots carry hidden layers behind simple replies. While offering answers, some firms quietly gather exchanges to refine machine learning models. Personal thoughts, job-related facts, or private topics might slip into data pools shaping tomorrow's algorithms. Experts studying digital privacy point out people rarely notice how freely they share in routine bot talks. Hidden purposes linger beneath what seems like casual back-and-forth. Most chatbots rely on what experts call a large language model. 

Through exposure to massive volumes of text - pulled from sites, online discussions, video transcripts, published works, and similar open resources - these models grow sharper. Exposure shapes their ability to spot trends, suggest fitting answers, and produce dialogue resembling natural speech. As their learning material expands, so does their skill in managing complex questions and forming thorough outputs. Wider input often means smoother interactions. 

Still, official data isn’t what fills these models alone. Input from people using apps now feeds just as much raw material to tech firms building artificial intelligence. Each message entered into a conversational program might later get saved, studied, then applied to sharpen how future versions respond. Often, that process runs by default - only pausing if someone actively adjusts their preferences or chooses to withdraw when given the chance. Worries about digital privacy keep rising.

Talking to artificial intelligence systems means sharing intimate details - things like medical issues, money problems, mental health, job conflicts, legal questions, or relationship secrets. Even though firms say data gets stripped of identities prior to being used in machine learning, skeptics point out people must rely on assurances they can’t personally check. 

Some data marked as private today might lose that status later. Experts who study system safety often point out how new tools or pattern-matching tricks could link disguised inputs to real people down the line. Talks involving personal topics kept inside artificial intelligence platforms can thus pose hidden exposure dangers years after they happen. Most jobs now involve some form of digital tool interaction. 

As staff turn to AI assistants for tasks like interpreting files, generating scripts, organizing data tables, composing summaries, or solving tech glitches, risks grow quietly. Information meant to stay inside - such as sensitive project notes, client histories, budget figures, unique program logic, compliance paperwork, or strategic plans - can slip out without warning. When typed into an assistant interface, those fragments might linger in remote servers, later shaping how the system responds to others. Hidden patterns emerge where private inputs feed public outputs. 

One concern among privacy experts involves possible legal risks for firms in tightly controlled sectors. When companies send sensitive details - like internal strategies or customer records - to artificial intelligence tools without caution, trouble might follow. Problems may emerge later, such as failing to meet confidentiality duties or drawing attention from oversight authorities. These exposures stem not from malice but from routine actions taken too quickly. 

Because reliance on AI helpers keeps rising, people and companies must reconsider what details they hand over to chatbots. Speedy answers tend to push aside careful thinking, particularly when automated aids respond quickly with helpful outcomes. Still, specialists insist grasping how these learning models are built matters greatly - especially for shielding private data and corporate secrets amid expanding artificial intelligence use.
Read more »
India
AI AI tools API Cloud systems Cyber Security data security Digital Platform India

India’s Cybersecurity Workforce Struggles to Keep Pace as AI and Cloud Systems Expand

 



India’s fast-growing digital economy is creating an urgent demand for cybersecurity professionals, but companies across the country are finding it increasingly difficult to hire people with the technical expertise required to secure modern systems.

A new study released by the Data Security Council of India and SANS Institute found that businesses are facing a serious shortage of skilled cybersecurity workers as technologies such as artificial intelligence, cloud computing, and API-driven infrastructure become more deeply integrated into daily operations.

According to the Indian Cyber Security Skilling Landscape Report 2025–26, nearly 73 per cent of enterprises and 68 per cent of service providers said there is a limited supply of qualified cybersecurity professionals in the country. The report suggests that organisations are struggling to build teams capable of handling increasingly advanced cyber risks at a time when companies are rapidly digitising services, storing more information online, and adopting AI-powered tools.

The hiring process itself is also becoming slower. Around 84 per cent of organisations surveyed said cybersecurity positions often remain vacant for one to six months before suitable candidates are found. This delay reflects a growing mismatch between industry expectations and the skills available in the job market.

Researchers noted that many applicants entering the cybersecurity workforce lack practical exposure to real-world security environments. Around 63 per cent of enterprises and 59 per cent of service providers said candidates often do not possess sufficient hands-on technical experience. Employers are no longer only looking for basic security knowledge. Companies increasingly require professionals who understand multiple areas at once, including cloud infrastructure, application security, digital identity systems, and access management technologies. Nearly 58 per cent of enterprises and 60 per cent of providers admitted they are struggling to find candidates with this type of cross-functional expertise.

The report connects this shortage to the changing structure of enterprise technology systems. Many organisations are moving away from traditional on-premise setups and shifting toward cloud-native environments, interconnected APIs, and AI-supported operations. As businesses automate more routine tasks, demand is gradually moving away from entry-level operational positions and toward specialised cybersecurity roles that require analytical thinking, threat detection capabilities, and advanced technical decision-making.

Artificial intelligence is now becoming one of the largest drivers of cybersecurity hiring demand. Around 83 per cent of organisations surveyed described AI and generative AI security skills as essential for future operations, while 78 per cent reported strong demand for AI security engineers. The findings also show that nearly 62 per cent of enterprises are already running active AI or generative AI projects, which experts say can create additional security risks if systems are not properly monitored and protected.

As companies deploy AI systems, the attack surface for cybercriminals also expands. Security teams are now expected to defend AI models, protect sensitive datasets, monitor automated systems for manipulation, and secure APIs connecting multiple digital services. Industry experts have repeatedly warned that many organisations are adopting AI tools faster than they are building security frameworks around them.

Some cybersecurity positions remain especially difficult to fill. The report found that almost half of service providers and nearly 40 per cent of enterprises are struggling to recruit security architects, professionals responsible for designing secure digital infrastructure and long-term defence strategies. Demand is also increasing for specialists in operational technology and industrial control system security, commonly known as OT/ICS security. These professionals help protect critical infrastructure such as manufacturing facilities, power systems, transportation networks, and industrial operations from cyberattacks.

At the same time, companies are facing growing retention problems. Around 70 per cent of service providers and 42 per cent of enterprises said employees are frequently leaving for competitors offering better salaries and career opportunities. Limited access to advanced training and upskilling programs is also contributing to workforce attrition across the sector.

The findings point to a larger issue facing the cybersecurity industry globally: technology is evolving faster than workforce development. Experts believe companies, educational institutions, and training organisations may need to work more closely together to create industry-focused learning pathways that prepare professionals for modern cyber threats instead of relying heavily on theoretical instruction alone.

With India continuing to expand digital public infrastructure, cloud adoption, fintech services, AI development, and connected industrial systems, cybersecurity professionals are expected to play a central role in protecting sensitive information, maintaining operational stability, and preserving trust in digital platforms.

Read more »
Ransomware
Cyber Security Cyber Security Ransomware Attacks Data Leak data security Ransomware

Ransomware Attacks Reach All Time High, Leaked Over 2.6 Billion Records

 

A recent analysis of cybercrime data of last year (2025) disclosed that ransomware victims have risen rapidly by 45% in the previous year. But this is not important, as there exists something more dangerous. The passive dependence on hacked credentials as the primary entry point tactic is the main concern. Regardless of the platforms used, the accounts you are trying to protect, it is high time users start paying attention to password security. 

State of Cybercrime report 2026


The report from KELA found over 2.86 billion hacked credentials, passwords, session cookies, and other info that allows 2FA authentication. Surprisingly, authentication services and business cloud accounted for over 30% of the leaked data in 2025.

The analysis also revealed that infostealer malware which compromised credentials is immune to whatever OS you are using, “infections on macOS devices increased from fewer than 1,000 cases in 2024 to more than 70,000 in 2025, a 7,000% increase,” the report said.

Expert advice


Experts from Forbes have warned users about the risks associated with infostealer malware endless times. The leaked data includes FBI operations aimed at shutting down cybercrime gangs, millions of gmail passwords within leaked infostealer logs, and much more. Despite the KELA analysis, the risk continues. To make things worse, the damage is increasing year after year.

About infostealer


Kela defined the malware as something that is “designed to exfiltrate sensitive data from compromised machines, including login credentials, authentication tokens, and other critical account information.” What is more troublesome is the ubiquity of malware-as-a-service campaigns in the dark web world. The entry barrier is not closed, but the gates have been kicked wide open for experts as well as amateur threat actors. Data compromise in billions

Infostealer malware, according to Kela, ‘is designed to exfiltrate sensitive data from compromised machines, including login credentials, authentication tokens, and other critical account information.” And with the now almost universal availability of malware-as-a-service operations to the infostealer criminal world, the barrier to entry has not only been lowered but kicked to the curb completely.

In 2025, Kela found around “3.9 million unique machines infected with infostealer malware globally, which collectively yielded 347.5 million compromised credentials.” The grand total amounts to 2.86 billion hacked credentials throughout all platforms: databases of infostealer logs and dark web criminal marketplaces.

Tricks used by infostealers:


AI-generated tailored scams, messaging apps, and email frequently use Phishing-as-a-Service to get around MFA. In so-called "hack your own password" assaults, users are duped into manually running scripts in order to circumvent conventional security measures.

Trojanized software is promoted by malicious advertisements and search results, increasing the risk of infection. In supply chain assaults, high-privilege credentials are the target of poisoned packages and DevTools impersonation. Form-grabbing and cookie theft are made possible via compromised browser extension updates. Fake software updates and pirated apps continued to be successful.
Read more »
leaked sensitive data
API API Attack API Keys API security Cyber Security data security government data breaches leaked sensitive data

ClickUp API Key Exposure Leaves Corporate and Government Email Data Public for Over a Year

 

A previously unnoticed weakness in ClickUp’s web infrastructure sat undetected - exposing private data due to an embedded API key left visible on its public site. For over twelve months, access to internal records remained possible because safeguards were missing at a basic level. Emails tied to businesses and official agencies could be pulled by outside parties; no login required. This gap emerged not from complex hacking but from routine coding oversights ignored during deployment. Hidden credentials like these often escape review until examined closely. Months passed before scrutiny revealed what should have been caught earlier. Security gaps of this kind stem less from advanced threats and more from everyday lapses repeated across teams. 

Open talk about the problem began when security analyst Impulsive shared findings showing the leaked credential sat inside a JavaScript file served by ClickUp's site, even before login steps occurred. Since code running in browsers can always be seen, grabbing the API key took little effort and allowed contact with internal servers. Without needing any special access, one basic query allegedly pulled close to a thousand emails plus vast numbers of hidden development settings from the system. The study showed that 959 employee email addresses were part of the leaked data, tied to staff in large companies and public institutions spanning various locations. 

About 3,165 feature flags also turned up in the exposure - visible without restriction. Hidden inside what looks like routine code, these flags might expose how teams test software, plan releases, roll out new tools, or shape future updates. Because of that, malicious actors might mine them to craft deceptive emails, manipulate individuals through tailored messages, or collect insights on rivals’ progress. Surprisingly useful intel often hides where it seems least likely. Early in 2025, news of the exposure surfaced - yet by April 2026, it still hadn’t been fixed, stretching out the time hackers could act. Because access stayed open so long, experts say attackers gained more chances to try breaking in using stolen login details, fake identities, or personalized emails targeting workers linked to the affected websites. 

What happened shows a wider issue for groups depending on cloud-based services. Though easy to avoid, fixed login details remain common in today’s coding practices. When secret access tokens appear in open-source repositories, bots usually find them fast - sometimes in under sixty seconds. Even low-level access codes can lead to large data leaks if internal systems lack strong verification rules. Rotating API keys often helps lower exposure over time. Client-side apps without embedded secrets tend to withstand attacks better. Strict limits on backend access form another layer of defense. 

Protection against phishing gains strength when using tools like DMARC, SPF, or DKIM. Unusual logins catch attention faster with constant tracking. Exposed domains become visible through active threat data streams. Security improves not by one fix alone, but steady adjustments across systems. A quiet mistake lingered unseen within ClickUp's system, revealing data widely before detection. When operations move into shared online environments, oversight gaps often emerge - making careful monitoring essential. Security lapses like this highlight growing pressure on organizations to act earlier, respond smarter, stay alert longer.
Read more »
data security
ADT ADT data breach customer data leak customer data privacy Data Breach Data Extortion Data Leak data security

ADT Data Breach Confirmed After ShinyHunters Threatens Leak of Stolen Customer Information

 

Now comes word that ADT, a provider of home security systems, suffered a data breach following threats by the hacking collective ShinyHunters to expose purloined records if payment isn’t made. This event joins others recently where attackers gain access via compromised credentials or outside service providers. 

On April 20, the company noticed unusual activity within its systems - response teams moved quickly to limit exposure and launch a review from within. It turned out some customer and prospective customer details were reached and copied by those responsible. Names, contact numbers, and home locations made up most of what was seen; in a few cases, birth dates showed up alongside incomplete identification digits used for tax or government purposes. Though only a narrow collection of files was involved, steps followed to assess how far the breach extended. 

What ADT made clear is that financial details of high sensitivity stayed secure. It turned out bank accounts, credit cards, along with any payment records, remained untouched through the incident. On top of this, home security setups and active monitoring kept running without interference. Evidently, the breach never reached operational systems - only certain data areas felt its effect. After claims surfaced on a hacker forum, ShinyHunters stated they accessed more than 10 million records - some containing personal details and private business files. 
Despite the threat to publish everything unless met with demands, confirmation of the full extent remains unverified by ADT. Still, notification letters have gone out to impacted users during ongoing review efforts. What happens next depends on internal assessments already underway. One claim points to vishing as the starting point - a tactic aimed at one worker. Posing as known contacts, hackers won entry through a company-wide login system. 

Once inside, they navigated sideways into linked environments without immediate detection. Access likely extended to cloud services including Salesforce, where information was pulled from storage. Identity theft now drives many cyber intrusions, moving past old tactics that hunted software bugs. Instead of probing code flaws, hackers aim at sign-in systems like Okta, Microsoft Entra, or Google logins. Breaching one verified profile opens doors to numerous company tools. 

With entry secured, stolen information gets pulled out quietly. That data then becomes leverage - no malware needed to lock files. What happened lately isn’t new for ADT - earlier leaks of staff and client details came out earlier this year. Facing repeated issues, many companies struggle to protect digital identities while handling permissions in linked platforms. 

Still under investigation, the incident highlights how often social engineering now shapes current cyber attacks. Rather than exploiting software flaws, hackers rely on mistakes people make - slipping past defenses by tricking users. 

Because of this shift, training staff to spot risks matters just as much as strong login protections. Preventing future breaches depends less on technology alone, more on understanding human behavior. Awareness becomes a shield when passwords fail.
Read more »
Legal Framework
customer privacy Cyber Security Data Privacy Concerns Data protection data security Legal Advisory Legal Framework

Terms And Conditions Grow Harder To Read As Platforms Limit Users’ Legal Rights Study Finds

 

Most people click "agree" without looking - yet those agreements keep getting harder to understand. Complexity rises, researchers note, just as user protections shrink. From Cambridge, a recent study points out expanded corporate access to personal information. Legal barriers grow tougher, making it more difficult to take firms to court. Lengthy clauses quietly reshape power, favoring businesses over individuals. Beginning with a project called the Transparency Hub, results emerge from systematic tracking of legal texts across 300-plus online platforms. 

Stored within it: twenty thousand iterations - past and present - of service conditions and privacy notices from apps like TikTok, among others. Over months, changes in wording reveal shifts in corporate approaches to personal information. What users agree to today may differ subtly from last year’s version, now preserved here. Visibility grows when updates accumulate, showing patterns once hidden beneath routine acceptance clicks. Surprisingly clear trends show a steady drop in how easily people can read service contracts. 

From 2016 to 2025, studies applying the Flesch-Kincaid method reveal nearly 86 percent demand skills typical of university readers. Because of this shift, grasping the full meaning behind digital consent has grown harder for most individuals. While signing up seems routine, the depth of understanding often lags behind. Away from mere complexity, attention turns to changing corporate approaches in handling disagreements. While once settled in open courtrooms, conflict resolution now leans on closed-door arbitration imposed by platform rules. 

A third-party referee reaches final judgments, yet clarity tends to fade behind closed processes. Users find their options shrinking when collective lawsuits are blocked. Even mediator choices sometimes rest with the businesses involved, quietly shaping outcomes. Newer artificial intelligence platforms like Anthropic and Perplexity AI also follow this pattern, embedding clauses that block participation in group litigation. Because of this, anyone feeling wronged has to file a personal claim - often pricier and weaker than joining others in court. A few companies allow narrow chances to decline the clause; however, acting fast after registration is usually required. 

Now appearing, this study arrives as officials across Europe weigh tighter rules for online services, focusing on effects tied to youth engagement. With France leading examples, followed by Spain, Portugal, and Denmark, governments test new steps aimed at tackling unease around digital privacy and web-based risks. One thing stands out: laws around online services are drifting further from what everyday users can grasp. 

Though written rules get longer and tighter, people must now sort through fine print that defines their digital freedoms - frequently unaware of what they’re agreeing to. While clarity lags behind complexity, personal responsibility quietly expands.
Read more »
Hacking Group
Cyber Security Ransomware Attacks Data Breach Data Leak Data protection data security Hacker attack Hacking Group

ShinyHunters Targets McGraw Hill In Salesforce Data Leak Dispute Over Breach Scope

 

A breach at McGraw Hill came to light when details appeared on a leak page run by ShinyHunters, a hacking collective now seeking payment. Appearing online without warning, the listing suggested sensitive data had been taken. The firm acknowledged something went wrong only after outsiders pointed to the published claims. Instead of silence, there followed a brief statement - no elaborate explanations, just confirmation. What exactly was accessed remains partly unclear, though the criminals promise more leaks if demands go unmet. Their method? Take data first, then pressure victims publicly through exposure. 

Though the collective says it pulled around 45 million records from Salesforce setups, McGraw Hill challenges how serious the incident really was. A flaw in a cloud-based Salesforce setup - misconfigured, not hacked - led to what occurred, according to the company. Public release looms unless money changes hands by their stated date. Not a breach of core infrastructure, they clarify. Timing hinges on whether terms get fulfilled. What surfaced came via access error, not forced entry. 

Later came confirmation from the firm: only minor data sat exposed through a public page tied to Salesforce. Not part of deeper networks - systems handling daily operations stayed untouched. Customer records? Still secure. Educational material platforms? Unreached. Personal identifiers like income traces or school files showed no signs of exposure. The breach never reached those layers. A single weak link elsewhere might open doors wider than expected. Problems often start outside core networks, hidden in connected tools. 

One misstep in setup could ripple across several teams relying on Salesforce. When outside systems slip, sensitive details sometimes follow. Security gaps far from the main system still carry risk close to home. What seems distant can quickly become immediate. Even with those reassurances, ShinyHunters insists the breached records include personal details - setting their version against the firm’s own review. Contradictions like this often surface when attacks aim to extort, as hackers sometimes inflate what they took to push targets into responding. 

Now operating at a steady pace, ShinyHunters stands out within the underground scene by focusing less on locking files and more on quietly siphoning information. Instead of scrambling networks, they pressure victims using material already taken - payment demands follow exposure threats. Their name surfaced after breaches hit well-known companies, where leaked datasets served as leverage. Rather than causing immediate downtime, their power lies in what could be revealed. 

What stands out lately is how this group exploited a security gap at Anodet, an analytics company, gaining entry through leaked access tokens aimed squarely at cloud-based data systems. Alongside that incident came the public drop of massive corporate datasets - another sign their main goal remains pulling vast amounts of information from high-profile targets. Among recent breaches, the one involving McGraw Hill stands out - not because of its scale, but due to how it reveals weaknesses hidden within standard cloud setups. 

Instead of breaking through strong defenses, hackers often slip in via small errors made during setup steps handled by outside teams. What makes this case notable is less about immediate damage, more about what follows: sensitive information pulled quietly into unauthorized hands. While systems keep running without interruption, stolen data becomes the weapon - threatening public release unless demands are met. 

Over time, such tactics have shifted the focus of digital attacks away from crashes toward silent leaks. With probes still underway, one thing becomes clear: oversight of outside connections matters more now than ever. When digital intruders challenge what companies say, credibility hinges on openness. Tight rules around setup adjustments help reduce weak spots. How firms handle disclosures can shape public trust just as much as technical fixes. Clarity during crises often separates measured responses from confusion.
Read more »
malicious PDF files
Adobe Adobe Reader Cyber Security Cyberattacks cybersecurity vulnerabilities data security Hacker attack Malicious Files Malicious PDF Attachment malicious PDF files

Adobe Reader Zero-Day PDF Exploit Actively Used in Attacks to Steal Data

 

A fresh security flaw in Adobe Reader - unknown until now - is under attack by hackers wielding manipulated PDFs, sparking alarm across global user bases. Since December, activity has persisted without pause; findings come from analyst Haifei Li, who traced repeated intrusions back months. 

What stands out is the method: an intricate exploit resembling digital fingerprinting, effective despite up-to-date installations. Even patched systems fall vulnerable to this quietly spreading technique. Open a single infected PDF, then the damage begins - little else matters after that. This method spreads quietly because it leans on normal software behaviors instead of obvious malware tricks. 

Instead of complex setups, it taps into built-in functions like util.readFileIntoStream and RSS.addFeed, tools meant for routine tasks. Because these actions look ordinary, alarms rarely sound. Information slips out before anyone notices anything wrong. What makes this flaw especially risky isn’t just stolen information. As Li points out, it might allow further intrusions - such as running unauthorized code from afar or breaking out of restricted environments. Control over the affected device could then shift entirely into an attacker’s hands, turning a minor leak into something far worse. 

Examining deeper, threat analyst Gi7w0rm noticed fake PDFs in these operations frequently include bait written in Russian. With topics tied to current oil and gas industry shifts, the material appears shaped deliberately - aimed at certain professionals to seem believable. Though subtle, the choice of subject matter reflects an effort to mirror real-world events closely. 

Still waiting, Li notified Adobe about the flaw earlier - yet when details emerged, a fix wasn’t available. Without an update out yet, anyone opening PDFs from outside channels stays at risk. For now, while waiting for a solution, specialists urge care with PDFs - especially ones arriving by email or unknown sources. 

Watch network activity closely; odd patterns like strange HTTP or HTTPS calls may point to the vulnerability being used. Unusual user-agent labels in web requests could mean trouble already started. One more zero-day surfaces, revealing how hackers now lean on familiar file types and common programs to slip past security walls. 

While the flaw stays open, sharp attention and careful handling of digital files become necessary tools for staying protected. Though fixes lag behind, cautious behavior offers some shield against unseen threats waiting in plain sight. 
Read more »
NHAI Ban Surveillance Tech
Chinese Cameras Cyber Security data security Highway Tolls NHAI Ban Surveillance Tech

India Bans Chinese Cameras at Highway Tolls Over Data Security Fears

 

India has taken a firm stand against potential surveillance risks by barring Chinese-made high-speed cameras from its highway toll plazas, prioritizing national security amid ongoing border tensions with China. The government's decision stems from concerns that data captured by these devices could be exploited for intelligence gathering, especially in conflict scenarios, prompting officials to replace existing installations and halt new imports of sensitive technology from China. 

This move aligns with broader efforts to reduce reliance on foreign hardware vulnerable to backdoors or remote access. The initiative is part of the National Highways Authority of India (NHAI)'s ambitious FASTag-enabled project to equip around 1,150 toll collection sites with advanced video devices that allow vehicles to pass without slowing down, enhancing traffic efficiency. 

Previously, cheaper Chinese cameras dominated due to cost advantages, but now NHAI has shortlisted trusted alternatives: Taiwan's VIVOTEK (a Delta Electronics unit), Germany's Robert Bosch GmbH, and US-based Motorola Solutions Inc. These suppliers' products, though pricier, undergo rigorous scrutiny to ensure no critical Chinese components. 

India's Standardisation Testing and Quality Certification Directorate (STQC) plays a pivotal role, testing cameras for highway tolls, CCTVs, and government deployments to verify origins and approve only those free of Chinese parts. This mirrors actions in Delhi, where over 140,000 Chinese CCTV cameras are being phased out in stages due to similar security worries.Companies like Hikvision and Dahua face effective bans on internet-connected video equipment, reflecting a nationwide push against perceived data vulnerabilities. 

The decision underscores persistent trust deficits despite recent India-China diplomatic thaws, rooted in decades-old border disputes. Globally, nations like the US, UK, and Australia have imposed restrictions on Chinese surveillance tech—Washington's watchlist targets over 130 firms with military ties, while the UK excluded Huawei from telecoms—fearing espionage via embedded software. India's proactive stance safeguards critical infrastructure handling vast vehicle data, including license plates and movements. 

While costlier, the shift bolsters digital sovereignty and sets a precedent for secure tech procurement in sensitive sectors. As India expands its highway network, this policy ensures smoother tolling without compromising security, signaling a strategic pivot toward reliable international partners.
Read more »
DNSaaS
Cloud Platform Cyberattacks Data Breach Data Integration Data protection data security Data Theft data theft attacks DNSaaS

SaaS Integration Breach Triggers Snowflake Data Theft Attacks Across Multiple Companies

 

A major security event unfolded through a SaaS connector firm, triggering repeated data breaches across over twelve organizations - exposing vulnerabilities inherent in linked cloud environments. Through stolen login credentials, attackers gained indirect entry into various systems, bypassing traditional defenses. Most intrusions focused on user accounts tied to Snowflake, a common cloud storage solution. Access spread quietly, amplified by trust relationships between services. 

This pattern reveals how one weak link can ripple through digital infrastructure. Security teams now face pressure to rethink third-party access controls. Monitoring once-perimeter-based threats must adapt to these fluid attack paths. Trust, when automated, becomes an exploitable feature. Few expected such widespread impact from a single vendor gap. Hidden connections often carry unseen risk. 

Unusual patterns emerged across several client profiles tied to one outside tool, Snowflake confirmed. Not its core network - security gaps arose elsewhere, beyond company walls. To reduce risk, account entry points got temporarily locked down. Notifications went out, alongside practical steps users could apply immediately. External links triggered the alarms, not flaws in-house. Unexpected findings pointed to Anodot - a tool using artificial intelligence for data analysis - as the source of the incident. Though now part of Glassbox since 2025, it struggled worldwide with every linked service. Connections to systems like Snowflake, Amazon S3, and Kinesis stopped working at once. 

Because of these failures, gathering information slowed down sharply. Alerts either came late or did not appear at all - hinting at deeper problems behind the scenes. Unauthorized individuals used compromised login credentials taken from Anodot to infiltrate linked networks, then remove confidential files. Responsibility for these intrusions was asserted by the hacking collective known as ShinyHunters, which says it acquired records from several companies. Instead of immediate disclosure, they are pressuring affected parties through threats of public exposure unless demands are met. 

According to their statements, access to Anodot's infrastructure might have lasted weeks - possibly longer. That timeline hints at serious weaknesses in monitoring and response capabilities. Surprisingly, stolen credentials weren’t just aimed at Snowflake - reports indicate attempts to reach Salesforce too. Detection occurred early enough that no information was exposed during those trials. Notably, hackers increasingly favor slipping through connected services instead of breaking into core software directly. 

Even though the event was large, some groups stayed untouched. One of them, Payoneer, said it knew about Anodot's security problem yet insisted its own setup faced no risk. On another note, Google’s team tracking online threats mentioned keeping an eye on developments - without sharing more specifics. Though widespread, the impact skipped certain players entirely. One event highlights how cyber threats now exploit outside connections more often than before. 

Instead of targeting main systems directly, attackers slip through partner logins and linked software platforms. When companies connect many cloud services together, one weak entry point may spread harm widely. Security must extend beyond internal networks - overlooking external ties creates unseen gaps. A failure at any connected vendor might quickly become everyone’s problem.
Read more »
Google
Cyber Security Cybersecurity data security Gmail Google

Gmail Address Change Feature Fails to Address Core Security Risks, Report Warns

 

A recent update by Google allowing users to change their Gmail address has drawn attention, but cybersecurity experts say it does little to solve deeper issues tied to email privacy and security. 

The feature, which has gained visibility following its rollout in the United States, lets users modify their primary Gmail address while keeping the old one active as an alias. 

The change has been framed as a way to move beyond outdated or inappropriate usernames created years ago. Google CEO Sundar Pichai highlighted the shift in a public post, noting that users no longer need to be tied to early-era email identities. 

However, experts say the update does not address the main problem facing email users today, widespread exposure of email addresses to marketers, data brokers and cybercriminals. 

Once an email address is used online, it is likely to be stored across multiple databases, making it a long-term target for spam and phishing attempts. Changing the visible username does not remove that exposure, especially since older addresses continue to function. 

Jake Moore, a cybersecurity specialist at ESET, said the ability to edit email addresses reflects a broader shift in how digital identity works, but warned it could introduce new risks. “Old addresses will still work as aliases,” he said, adding that this could increase the risk of impersonation and phishing attacks. 

Security researchers also point to the absence of a built-in privacy feature similar to Apple’s “Hide My Email,” which allows users to generate disposable email addresses for sign-ups and online transactions. These temporary addresses can be disabled at any time, limiting long-term exposure. 

Without a comparable system, Gmail users who change their address may still need to share their primary email widely, continuing the cycle of data exposure. 

The update may also create new vulnerabilities in the short term. Cybersecurity reports indicate that attackers are already using the feature as a lure in phishing campaigns, sending emails that direct users to fake login pages designed to steal account credentials. 

There are also early signs of increased spam activity. Online forums have reported a rise in unwanted emails, with some researchers suggesting the address change feature could allow attackers to bypass existing spam filters and start fresh. 

According to security researchers cited by industry outlets, many email filtering systems rely heavily on known sender addresses. 

If attackers rotate or modify those addresses, they may temporarily evade detection until new filters are applied. At the same time, changing a Gmail address does not stop unwanted messages from reaching the original account, since it remains active in the background. 

Experts say the update highlights a broader issue in email security. While giving users more flexibility over their identity, it does not reduce reliance on a single, permanent address that is repeatedly shared across services. 

They suggest that more effective solutions would include tools that limit how widely a primary email address is distributed, along with stronger controls over incoming messages. 

For now, users are being advised to treat emails related to the new feature with caution, particularly those that include links to account settings, as these may be part of phishing attempts.
Read more »
leaked sensitive data
cybercriminals Ransomware Attack Data Breach Data Hackers Data Leak data security Hacker attack leaked sensitive data

Qilin Ransomware Targets Die Linke in Suspected Politically Motivated Cyberattack

 

A major digital attack hit Die Linke when hackers using the name Qilin said they broke into internal networks and copied confidential files. Because of this breach, private details may appear online unless demands are met - raising alarms about rising cyber threats tied to political agendas across European nations. 

On March 27, the group made public what had just been noticed - odd behavior inside their digital setup. Though Die Linke admitted someone got in without permission, they did not at once call it a complete breakdown of data safety. Later signs point toward intruders possibly reaching inner networks. Some organizational details might now be exposed. One report suggests hackers aimed at company systems plus staff details, mainly tied to central offices. 

What got taken stays uncertain right now - no clear picture on volume or leaks so far. Still, authorities admit: chances of sensitive material being exposed feel real enough. Though gaps remain in understanding the full reach, concern holds steady. Notably, Die Linke confirmed its member records stayed untouched. That means information tied to more than 123,000 individuals likely avoided exposure. 

So, the incident may be narrower than first feared. Early in April, the Qilin ransomware crew named Die Linke among those hit, posting details on their public leak page. Despite holding back actual files until now, these moves often aim to push targets toward payment. Pressure builds when sensitive material might go live - this is how cyber gangs tighten control mid-talks. Something like this might point beyond mere hacking. Die Linke sees signs of coordination, possibly tied to Russian-speaking cybercriminal networks. Not accidental, they argue - the timing matters. 

A move within wider hybrid campaigns emerges here, blending digital strikes with influence efforts. Institutions become targets when data breaches align with disinformation. Cyber actions gain weight when paired with political pressure. This event fits a pattern some have seen before. Digital intrusions serve larger goals when linked to real-world disruption. Following the incident, German officials received official notification along with submission of a criminal report. To examine the security lapse, limit consequences, and repair compromised infrastructure, outside cyber specialists are now assisting the organization. 

Far from unique, such attacks mirror past patterns seen in Germany. State-backed hacking efforts have struck before - especially those tied to APT29 - with political groups often in their sights. Surprisingly, cyber operations against Die Linke reveal how digital security now intertwines with global power struggles - political groups face rising risks from attackers motivated by profit or belief alike. 

While once seen as separate realms, online threats today frequently mirror international tensions, pulling parties like Die Linke into the crosshairs without warning. Because motives differ, so do methods; yet all exploit vulnerabilities in systems meant to serve public discourse. Thus, a breach isn’t merely technical - it reflects broader shifts in who gets targeted, and why.
Read more »
Malware attacks
ClickFix ClickFix Attack Cyber Attacks data security Data Theft Infostealer Infostealer Malware leaked sensitive data Mac OS Malware attacks

Infiniti Stealer Targets Mac Users with ClickFix Social Engineering Attack

 

Not stopping at typical malware tricks, Infiniti Stealer targets Macs using clever social manipulation instead of system flaws. Security firm Malwarebytes uncovered the operation, highlighting how it dodges standard protection tools. Once inside, the software slips under the radar easily. What stands out is its reliance on tricking users, not breaking through digital walls. 

Starting off, attackers rely on a technique called ClickFix, tricking people into running harmful software without realizing it. Instead of clear warnings, users land on fake websites designed to look real - usually through deceptive emails or infected links. These pages imitate trusted security checks used by Cloudflare, copying their layout closely. A common "I am not a robot" checkbox shows up first. Then comes misleading directions hidden inside what seems like normal steps. Though simple at glance, each piece nudges victims toward unintended actions.  

Spotlight pops up when users start the process, guiding them toward finding Terminal. Once there, they run an unfamiliar line of code by pasting it directly. What seems like a small task hides its real intent - execution happens under human control, so security tools often stand down. The trick works because actions led by people rarely trigger alarms, even if those actions carry risk. Hidden behind normal behavior, the command slips through defenses without raising flags. 

Execution triggers installation of Infiniti Stealer onto the system. Though built in Python, it becomes a standalone macOS executable through compilation with Nuitka. Because of this conversion, detection by security software weakens. Analysis grows more difficult when facing such repackaged threats instead of standard interpreted scripts. Stealth improves simply by changing how the code runs.  

Once installed, it starts pulling private details from the compromised device. Things like stored login credentials, web history including cookies, snapshots of screens appear among what gets gathered. From there, the data flows toward remote machines managed by hackers - opening doors to hijacked accounts or stolen identities. What leaves the machine often fuels more invasive misuse downstream. What stands out is how this campaign signals a change in the way attackers operate. 

Moving away from technical flaws or harmful file attachments, they now lean heavily on manipulating people’s actions - especially by abusing their confidence in everyday website features such as CAPTCHA challenges. When unsure, steer clear of directions from unknown online sources - particularly if they involve running Terminal commands. Real authentication processes never ask people to enter scripts into core system utilities. 

When signs of infection appear, stop using the device without delay. Security professionals suggest changing credentials through an unaffected system right away. Access tokens tied to the infected hardware should be invalidated promptly. A different machine must handle these updates to prevent further exposure.
Read more »
data security
Ai Data AI technology CPU Cyber Security Data Center data center GPUs Data protection data security

AI Datacenter Boom Triggers Global CPU and Memory Shortages, Driving Price Hikes

 

Spurred by growing reliance on artificial intelligence, computing hardware networks are pushing chip production to its limits - shortages once limited to memory chips now affect core processors too. Because demand for AI-optimized facilities keeps climbing, industry leaders say delivery delays and cost increases may linger well into the coming decade. 

Now coming into view, top chip producers like Intel and AMD face difficulty keeping up with processor needs. Because of tighter supplies, computer and server builders get fewer chips than ordered - slowing assembly processes down. This gap pushes shipment timelines further out while lifting prices by roughly one-tenth to slightly more than an eighth. With supply trailing behind, companies brace for longer waits and steeper costs. Heavy demand has pushed key tech suppliers like Dell and HP to report deeper shortages lately. Server parts now take months rather than weeks to arrive - delays once rare are becoming routine. 

Into early 2026, experts expect disruptions to grow worse, stretching stress across business systems and home buyers alike. With CPU availability shrinking, pressure grows on a memory market already strained. Because of rising AI-driven datacenter projects, need for DRAM and NAND has jumped sharply - shifting production lines from devices like smartphones and laptops. This shift means newer tech such as DDR5 costs more than before, making upgrades less appealing. People now hold onto older machines longer, especially those running DDR4, simply because replacing them feels too costly. 

Nowhere is the strain more visible than in everyday device markets. Higher expenses for parts translate directly into steeper price tags on laptops, along with slower release cycles. Take Valve - their Linux-powered compact desktop hit pause, held back by material shortages. On another front, Micron stepped away from selling memory modules to regular users, focusing instead on large-scale computing and artificial intelligence needs. Shifts like these reveal where attention now lies within the sector. 

Facing growing challenges, legacy chip producers watch as new players step in. Not far behind, Arm launches its debut self-designed CPU, built specifically for artificial intelligence tasks. Demand was lacking - now it's shifting. Big names like Meta, Cloudflare, OpenAI, and Lenovo are paying attention, drawn by fresh potential. Change arrives quietly, then spreads. 

Facing ongoing shortages, market projections point to extended disruptions through the 2030s - altering how prices evolve while shifting the rhythm of technological advances in chips and computing systems.
Read more »
Subscribe to: Posts (Atom)