Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Warmwind
Artificial Intelligence Data Privacy operating systems Technology Warmwind

Germany’s Warmwind May Be the First True AI Operating System — But It’s Not What You Expect

 



Artificial intelligence is starting to change how we interact with computers. Since advanced chatbots like ChatGPT gained popularity, the idea of AI systems that can understand natural language and perform tasks for us has been gaining ground. Many have imagined a future where we simply tell our computer what to do, and it just gets done, like the assistants we’ve seen in science fiction movies.

Tech giants like OpenAI, Google, and Apple have already taken early steps. AI tools can now understand voice commands, control some apps, and even help automate tasks. But while these efforts are still in progress, the first real AI operating system appears to be coming from a small German company called Jena, not from Silicon Valley.

Their product is called Warmwind, and it’s currently in beta testing. Though it’s not widely available yet, over 12,000 people have already joined the waitlist to try it.


What exactly is Warmwind?

Warmwind is an AI-powered system designed to work like a “digital employee.” Instead of being a voice assistant or chatbot, Warmwind watches how users perform digital tasks like filling out forms, creating reports, or managing software, and then learns to do those tasks itself. Once trained, it can carry out the same work over and over again without any help.

Unlike traditional operating systems, Warmwind doesn’t run on your computer. It operates remotely through cloud servers based in Germany, following the strict privacy rules under the EU’s GDPR. You access it through your browser, but the system keeps running even if you close the window.

The AI behaves much like a person using a computer. It clicks buttons, types, navigates through screens, and reads information — all without needing special APIs or coding integrations. In short, it automates your digital tasks the same way a human would, but much faster and without tiring.

Warmwind is mainly aimed at businesses that want to reduce time spent on repetitive computer work. While it’s not the futuristic AI companion from the movies, it’s a step in that direction, making software more hands-free and automated.

Technically, Warmwind runs on a customized version of Linux built specifically for automation. It uses remote streaming technology to show you the user interface while the AI works in the background.

Jena, the company behind Warmwind, says calling it an “AI operating system” is symbolic. The name helps people understand the concept quickly, it’s an operating system, not for people, but for digital AI workers.

While it’s still early days for AI OS platforms, Warmwind might be showing us what the future of work could look like, where computers no longer wait for instructions but get things done on their own.

Read more »
SEO Poisoning
Fake Sites Malicious Campaign malware Oyster Backdoor SEO Poisoning

Malware Masquerading as AI Tools Targets 8,500+ SMB Users in an SEO Poisoning Campaign

 

Cybersecurity researchers have discovered a malicious campaign that uses SEO-optimized phoney landing pages to propagate the Oyster malware loader. 

Security experts at Arctic Wolf unearthed that threat actors have designed numerous landing sites that mimic two well-known Windows tools for securely connecting to remote servers: PuTTY and WinSCP.

People who search for these tools on Google (primarily IT, cybersecurity, and web development professionals) can be duped into visiting the fraudulent website because these pages seem exactly like their authentic equivalents. Since nothing on the sites would raise their suspicions, users might download the tool, which would perform as intended but would also deliver Oyster, a well-known malware loader also known as Broomstick or CleanUpLoader. 

"Upon execution, a backdoor known as Oyster/Broomstick is installed," Arctic Wolf noted. "Persistence is established by creating a scheduled task that runs every three minutes, executing a malicious DLL (twain_96.dll) via rundll32.exe using the DllRegisterServer export, indicating the use of DLL registration as part of the persistence mechanism.”

Oyster is a stealthy malware loader that delivers malicious payloads to infiltrated Windows systems, usually as part of a multi-stage attack. To avoid detection and preserve persistence, it employs techniques such as process injection, string obfuscation, and HTTP-based command-and-control. Here are some of the phoney websites utilised in the attacks: UpdaterPutty.com and ZephyrHype. com putty. Run putty[.]bet and putty[.]org. 

Arctic Wolf emphasised that other tools might have been misused in the same way, even though it only specified PuTTY and WinSCP. They stated that although only Trojanized versions of WinSCP and PuTTY have been detected in this campaign, other tools might also be at play. Out of caution, IT professionals are encouraged to only download software from reputable sites and to type in addresses themselves rather than simply searching them and clicking on the first result.
Read more »
LLaMA
AI Chatbots AI Models AI technology Chatbots ChatGPT Cloud Cyber Security Data Privacy data security DeepSeek Gemini AI LLaMA

Why Running AI Locally with an NPU Offers Better Privacy, Speed, and Reliability

 

Running AI applications locally offers a compelling alternative to relying on cloud-based chatbots like ChatGPT, Gemini, or Deepseek, especially for those concerned about data privacy, internet dependency, and speed. Though cloud services promise protections through subscription terms, the reality remains uncertain. In contrast, using AI locally means your data never leaves your device, which is particularly advantageous for professionals handling sensitive customer information or individuals wary of sharing personal data with third parties. 

Local AI eliminates the need for a constant, high-speed internet connection. This reliable offline capability means that even in areas with spotty coverage or during network outages, tools for voice control, image recognition, and text generation remain functional. Lower latency also translates to near-instantaneous responses, unlike cloud AI that may lag due to network round-trip times. 

A powerful hardware component is essential here: the Neural Processing Unit (NPU). Typical CPUs and GPUs can struggle with AI workloads like large language models and image processing, leading to slowdowns, heat, noise, and shortened battery life. NPUs are specifically designed for handling matrix-heavy computations—vital for AI—and they allow these models to run efficiently right on your laptop, without burdening the main processor. 

Currently, consumer devices such as Intel Core Ultra, Qualcomm Snapdragon X Elite, and Apple’s M-series chips (M1–M4) come equipped with NPUs built for this purpose. With one of these devices, you can run open-source AI models like DeepSeek‑R1, Qwen 3, or LLaMA 3.3 using tools such as Ollama, which supports Windows, macOS, and Linux. By pairing Ollama with a user-friendly interface like OpenWeb UI, you can replicate the experience of cloud chatbots entirely offline.  

Other local tools like GPT4All and Jan.ai also provide convenient interfaces for running AI models locally. However, be aware that model files can be quite large (often 20 GB or more), and without NPU support, performance may be sluggish and battery life will suffer.  

Using AI locally comes with several key advantages. You gain full control over your data, knowing it’s never sent to external servers. Offline compatibility ensures uninterrupted use, even in remote or unstable network environments. In terms of responsiveness, local AI often outperforms cloud models due to the absence of network latency. Many tools are open source, making experimentation and customization financially accessible. Lastly, NPUs offer energy-efficient performance, enabling richer AI experiences on everyday devices. 

In summary, if you’re looking for a faster, more private, and reliable AI workflow that doesn’t depend on the internet, equipping your laptop with an NPU and installing tools like Ollama, OpenWeb UI, GPT4All, or Jan.ai is a smart move. Not only will your interactions be quick and seamless, but they’ll also remain securely under your control.
Read more »
Verizon SIM protection
Cyber Security mobile account security prevent SIM hijacking protect phone number SIM swap attacks two-factor authentication Verizon SIM protection

How to Safeguard Your Phone Number From SIM Swap Attacks in 2025

 

In 2025, phone numbers have become woven into nearly every part of our digital lives. Whether you’re creating accounts on e-commerce sites, managing online banking, accessing health services, or logging in to social networks, your phone number is the gateway. It helps reset forgotten passwords and powers two-factor authentication codes that keep your accounts secure.

But if a hacker gets hold of your phone number, they can essentially impersonate you.

With control over your number, attackers can infiltrate your online accounts or manipulate automated phone systems to convince customer service representatives they’re speaking to you. In some cases, a stolen phone number can even be used to breach a company’s internal network and retrieve confidential information.

That’s why it’s more important than ever to protect your number against SIM swapping — a cyberattack where someone fraudulently transfers your number to a new SIM card. The good news? Locking down your number has never been simpler.

SIM swap attacks typically begin when a criminal contacts your mobile carrier, pretending to be you. By using publicly available personal details — like your name and birth date — the attacker convinces support staff to port your number to a SIM card they control. Once the transfer is complete, your number is live on their device. From there, they can send messages and make calls in your name.

Often, the only clue that something is wrong is if your phone abruptly loses service without explanation.

These attacks exploit gaps in the internal security processes at phone companies, where representatives can make account changes without always verifying the customer’s consent.

To fight back against these social engineering scams, the three largest U.S. mobile carriers — AT&T, T-Mobile, and Verizon — have launched security tools that help prevent unauthorized account takeovers and SIM swaps. However, these protections may not be turned on by default, so it’s worth taking a few minutes to review your account settings.

AT&T: In July, AT&T rolled out its free Wireless Account Lock, designed to block SIM swapping attempts. “The feature allows AT&T customers to add extra account protection by toggling on a setting that prevents anyone from moving a SIM card or phone number to another device or account.” You can activate this safeguard in the AT&T app or through your online account dashboard. Be sure your account is secured with a unique password and multi-factor authentication.

T-Mobile: T-Mobile gives customers the option to lock their accounts against unauthorized SIM swaps and number porting at no cost. To enable this, the primary account holder must log in to their T-Mobile account and switch on the protection settings.

Verizon: Verizon offers two layers of defense: SIM Protection and Number Lock. These features stop SIM swaps and unauthorized phone number transfers. You can enable them through the Verizon app or the account portal. Verizon notes that if you disable these protections, any account changes will be delayed by 15 minutes, giving legitimate users time to undo suspicious activity.

Take a moment to check whether these safeguards are active on your account. While they aren’t always advertised prominently, they can make all the difference in keeping your phone number — and your identity — safe
Read more »
Vulnerabilities
Cyber CyberCrime Cybersecurity CyberThreat Data Breach Digital Transformation Mark&Spencer Ransomware Breach Social Engineering Vulnerabilities

Social Engineering Identified as Catalyst for M&S Ransomware Breach

 


Marks & Spencer (M&S), one of the largest and most established retailers in the United Kingdom, has confirmed that a highly targeted social engineering operation triggered the ransomware attack in April 2025. This breach, which is associated with DragonForce ransomware, points to a disturbing trend in the cybersecurity landscape, namely that human manipulations are increasingly becoming a way to access large-scale digital networks.

Several preliminary findings suggest that the attackers deceived individuals within or connected to the organisation, possibly by posing as trusted employees or partners, to gain unauthorised access to M&S's internal systems. Once they gained access, the attackers deployed ransomware that crippled the organisation's operations and led to the theft of approximately 150 GB of sensitive information.

It is important to note that not only did the attack disrupt critical business functions, but it also exposed the weakness in the company's dependence on third-party vendors, whose vulnerabilities may have contributed to the intrusion. While the company is actively regaining control of its infrastructure as a result of the breach, the incident is a clear warning to organisations across many sectors about the growing threat of social engineering as well as the urgent need for more robust human-centred cybersecurity defences to protect against it.

A public hearing was held on July 8, held at Parliament, in which Archie Norman, Chairman of Marks & Spencer (M&S), gave further insight into the cyberattack in April 2025 that disrupted the retailer's operations. Norman acknowledged that the incident was indeed a ransomware attack, but he declined to divulge whether the company had negotiated anything with the threat actors involved or negotiated a financial settlement. 

According to Norman, who addressed the Business and Trade Sub-Committee on Economic Security, Arms and Export Controls at the UK Parliament, the experience was one of the most disruptive and complex crises he had experienced in his considerable career in business and retail before this one.

As part of the presentation, he stressed the severity and unprecedented nature of the attack that, as it has been discovered, was carried out by the Scattered Spider cyber criminal collective, which is well known for attacking major corporations using DragonForce ransomware infrastructure as a means of extortion and ransom.

It is clear from Norman's testimony that cybercriminal groups have become more bold and technically sophisticated over the last few years, particularly those that employ social engineering as a way to circumvent protocols of conventional security and bypass them.

Aside from acknowledging the considerable operational challenges the company faced in responding to the incident, the chairman pointed out that businesses must strengthen their digital resilience and make themselves more resilient in a rapidly evolving threat landscape, which is difficult to predict. Even though Archie Norman did not disclose specific details about the operation, he did reveal that initially, the attackers were successful in gaining access by exploiting the impersonation scheme devised by an expert security expert.

According to him, the threat actors posed as some of the approximately 50,000 Marks & Spencer employees and successfully deceived a third-party service provider into resetting a legitimate employee's password after posing as one of these employees. As a result of the attackers' seemingly simple deception, they were able to bypass identity verification protocols and gain unauthorised access to the retailer's internal systems, resulting in the attackers gaining access to the retailer's internal network.

In addition, the tactic represents a growing trend in cybercrime in which attackers exploit the trust that large, distributed organisations place in their internal and external vendors to gain access to their networks. The perpetrators were able to manipulate routine IT processes, such as password resets, and then move laterally within the network, setting the stage for a wider deployment of ransomware.

There is an important lesson to be learned from the incident regarding the importance of stringent verification procedures when working with external partners who can become weak links in your security chain, particularly when engaging with external partners. As reported in the Financial Times in May, Tata Consultancy Services (TCS) allegedly initiated an internal investigation to determine whether the company unknowingly played a role in the cyberattack on Marks & Spencer by facilitating the cyberattack.

In the case of TCS, which provides M&S's help desk support, it has been suspected that the threat actors have manipulated the company into resetting the password of an employee, enabling the attackers to gain access to the retailer's internal network. The threat actors are alleged to have done this through the manipulation of TCS. This potential compromise highlights the broader risks associated with outsourcing IT operations and the increasing reliance on third parties to handle critical business functions, as well. 

As a first step towards the resolution of the breach, M&S has publicly identified the DragonForce ransomware infrastructure as how the attack was carried out, revealing that the perpetrators are suspected of operating from Asia. The acknowledgement comes as the company continues to recover, witha phased return to its online retail services being phased in.

 With the introduction of limited home delivery options on June 10, M&S has made it possible for select fashion products to be delivered to customers across England, Wales, and Scotland. Currently, the service is only available to customers in England, Wales, and Scotland. As part of its commitment to managing operational strain and ensuring service reliability, M&S has temporarily extended its standard delivery window to 10 days to ensure service reliability.

 In terms of customer impact, M&S confirmed that certain personal data was compromised during the breach, but that click-and-collect services, which are still suspended as part of the recovery process following the attack, will also be reinstated shortly. As a matter of fact, M&S confirmed that certain personal data had been compromised. Among the information exposed are names, home addresses, phone numbers, email addresses, dates of birth, and information about online orders, which is often exposed.

Despite this, the company has assured the public that no usable information, such as payment information, credit card numbers, or passwords, has been compromised. As a precautionary measure, M&S will ask customers to reset their passwords to ensure that their personal information remains safe. Customers are advised to remain vigilant to be aware of possible phishing attempts or fraudulent activity involving their personal information.

While speculation continues to abound on the possible financial resolution of the ransomware attack, Marks & Spencer has chosen not to disclose whether they have made a ransom payment in the first place. Chairman Archie Norman's testimony made reference to professional ransomware negotiation firms in his testimony. These firms, which are usually specialised intermediaries that assist victim organisations to engage threat actors and facilitate cryptocurrency payments, typically using Bitcoin, are often used by these firms to help victims resolve these threats.

In response to a direct question regarding whether M&S had met the ransom demand, Norman declined to provide a definitive answer. He stated that the company had "not discussed those details publicly" as they believed it was not in the public interest to do so. However, he emphasised that the National Crime Agency (NCA) and other law enforcement authorities had been notified of the full extent of the investigation.

Many experts on the subject of cybersecurity warn that ransomware groups rarely cease extortion efforts without compensation. Because the stolen data has not yet been disclosed publicly, experts believe a ransom might have been paid quietly or negotiations may still be ongoing with the attackers.

Regardless of the outcome of the M&S breach, it serves as a sobering reminder that cybersecurity failures have evolved beyond technical vulnerabilities and are now a result of failures across people, processes, and technological safeguards as well. Despite the rapid evolution of the threat environment in today's world, traditional security tools such as antivirus software are no longer sufficient to deal with the growing number of malware groups that are becoming increasingly agile.

It is imperative that businesses adopt adaptive security architectures that are policy-driven and capable of detecting and neutralising threats before they escalate. In light of the M&S incident, there is an urgent need to develop an approach to cyber resilience that anticipates human error, strengthens digital ecosystems, and minimises the operational and reputational costs associated with an attack.

 In this era of cyber-threats, an incident such as Marks & Spencer's ransomware is often referred to as a case study since it exemplifies how human nature has become as vital as technological defences in combating cyber-attacks.

In an era where organisations are accelerating their digital transformation and increasingly relying on distributed teams, cloud infrastructure, and third-party vendors, this attack reinforces the importance of implementing an integrated cybersecurity strategy that focuses on more than just system hardening; it also emphasises employee awareness, vendor accountability, and continuous risk management.

The most effective way for a company to protect itself is to adopt a proactive, intelligence-driven security posture rather than a reactive, reactive approach; to embed cybersecurity into every aspect of the business, governance, and culture. The deployment of behavioural analytics, third-party audits of identities, and enhancement of identity verifications are no longer optional components of modern cybersecurity frameworks, but rather essential components.

 In the face of increasing threats that are both swift and complex, resilience is not only a one-time fix but a continuous discipline that must be engineered. The M&S breach is more than just a cautionary tale. It is a call to action for enterprises to redesign their security strategies so that they can remain competitive, agile, and forward-thinking.

Read more »
Resume
Data Breach Data Exposure Hiring Job Scam Resume

Millions of Resumes Exposed Online Due to Unsecured Hiring Platform

 



A major data exposure has come to light after cybersecurity experts discovered an unsecured online storage system containing nearly 26 million documents, many of which appear to be resumes of job seekers in the United States.

The exposed files were found in a cloud-based storage system, commonly used to save and share digital files. According to the research team, this storage space had not been properly secured, meaning anyone who knew where to look could access its contents without needing a password or any special permissions.

On further examination, it was revealed that the majority of the documents stored in the system were personal resumes and CVs. These files included sensitive personal details like full names, phone numbers, email addresses, education history, previous work experience, and other professional information. In the wrong hands, such detailed personal data can become a serious security risk.

Experts warn that job seekers are particularly vulnerable in situations like this. If cybercriminals gain access to such data, they can use it to send highly personalized scam messages. These messages may appear trustworthy, as they can be tailored using real employment history or job interests, making it easier to trick someone into clicking a malicious link or sharing their login information.

One common tactic includes sending fake job offers or interview invitations that secretly install harmful software on a person’s device. Some advanced scams may even go as far as conducting fake job interviews before sending victims "sample tasks" that involve downloading malware.

The database in question was linked to a platform used by employers and hiring teams to manage job applications and connect with candidates. However, the researchers who found the issue say they did not receive any confirmation that access to the exposed files has been blocked. While the team reached out to suggest tightening security settings, it’s unclear whether any action was taken.

There is no current proof that the data has been used by cybercriminals yet, but experts note that the longer the files remain unprotected, the higher the risk of misuse. Even if no signs of abuse have appeared so far, the availability of such information online creates an ongoing threat.

This situation serves as a reminder for companies handling sensitive data to prioritize cybersecurity. Properly configuring cloud storage, regularly updating access settings, and limiting who can view certain files are essential steps in preventing such exposures. It’s not just about protecting a system, it’s about safeguarding real people’s identities and futures.


Read more »
SaaS security
Adaptive Access Technologies advanced technologies AI Advancements ai agents AI Models AI productivity AI technology Cyber Security LLMs saaS SaaS security

AI and the Rise of Service-as-a-Service: Why Products Are Becoming Invisible

 

The software world is undergoing a fundamental shift. Thanks to AI, product development has become faster, easier, and more scalable than ever before. Tools like Cursor and Lovable—along with countless “co-pilot” clones—have turned coding into prompt engineering, dramatically reducing development time and enhancing productivity. 

This boom has naturally caught the attention of venture capitalists. Funding for software companies hit $80 billion in Q1 2025, with investors eager to back niche SaaS solutions that follow the familiar playbook: identify a pain point, build a narrow tool, and scale aggressively. Y Combinator’s recent cohort was full of “Cursor for X” startups, reflecting the prevailing appetite for micro-products. 

But beneath this surge of point solutions lies a deeper transformation: the shift from product-led growth to outcome-driven service delivery. This evolution isn’t just about branding—it’s a structural redefinition of how software creates and delivers value. Historically, the SaaS revolution gave rise to subscription-based models, but the tools themselves remained hands-on. For example, when Adobe moved Creative Suite to the cloud, the billing changed—not the user experience. Users still needed to operate the software. SaaS, in that sense, was product-heavy and service-light. 

Now, AI is dissolving the product layer itself. The software is still there, but it’s receding into the background. The real value lies in what it does, not how it’s used. Glide co-founder Gautam Ajjarapu captures this perfectly: “The product gets us in the door, but what keeps us there is delivering results.” Take Glide’s AI for banks. It began as a tool to streamline onboarding but quickly evolved into something more transformative. Banks now rely on Glide to improve retention, automate workflows, and enhance customer outcomes. 

The interface is still a product, but the substance is service. The same trend is visible across leading AI startups. Zendesk markets “automated customer service,” where AI handles tickets end-to-end. Amplitude’s AI agents now generate product insights and implement changes. These offerings blur the line between tool and outcome—more service than software. This shift is grounded in economic logic. Services account for over 70% of U.S. GDP, and Nobel laureate Bengt Holmström’s contract theory helps explain why: businesses ultimately want results, not just tools. 

They don’t want a CRM—they want more sales. They don’t want analytics—they want better decisions. With agentic AI, it’s now possible to deliver on that promise. Instead of selling a dashboard, companies can sell growth. Instead of building an LMS, they offer complete onboarding services powered by AI agents. This evolution is especially relevant in sectors like healthcare. Corti’s CEO Andreas Cleve emphasizes that doctors don’t want more interfaces—they want more time. AI that saves time becomes invisible, and its value lies in what it enables, not how it looks. 

The implication is clear: software is becoming outcome-first. Users care less about tools and more about what those tools accomplish. Many companies—Glean, ElevenLabs, Corpora—are already moving toward this model, delivering answers, brand voices, or research synthesis rather than just access. This isn’t the death of the product—it’s its natural evolution. The best AI companies are becoming “services in a product wrapper,” where software is the delivery mechanism, but the value lies in what gets done. 

For builders, the question is no longer how to scale a product. It’s how to scale outcomes. The companies that succeed in this new era will be those that understand: users don’t want features—they want results. Call it what you want—AI-as-a-service, agentic delivery, or outcome-led software. But the trend is unmistakable. Service-as-a-Service isn’t just the next step for SaaS. It may be the future of software itself.
Read more »
Vulnerabilities and Exploits
Business Security Elasticsearch Infostealer Shellter Project Vulnerabilities and Exploits

Attackers Exploit Compromised Shellter Red Team Tool to Deploy Infostealers

 

Shellter Project, which makes a commercial AV/EDR evasion loader for penetration testing, admitted that hackers exploited its Shellter Elite product in assaults after a client leaked a copy of the software.

The exploitation has been ongoing for several months, and despite security researchers detecting the activity in the wild, Shellter has not received notification. The vendor stated that this is the first recorded case of misuse since implementing its stringent license policy in February 2023. 

"We discovered that a company which had recently purchased Shellter Elite licenses had leaked their copy of the software," Shellter noted in a statement. "This breach led to malicious actors exploiting the tool for harmful purposes, including the delivery of infostealer malware.”

Exploitation in the wild 

Security experts (red teams and penetration testers) employ Shellter Elite, a commercial AV/EDR evasion loader, to covertly install payloads inside authentic Windows binaries while avoiding EDR tools during security engagements. In addition to dynamic runtime evasion through AMSI, ETW, anti-debug/VM checks, call stack and module unhooking avoidance, and decoy execution, the product offers static evasion through polymorphism. 

Elastic Security Labs reported on July 3rd that numerous hacking outfits, including Rhadamanthys, Lumma, and Arechclient2, had been utilising Shellter Elite v11.0 to launch infostealers. Elastic researchers discovered that the activity began in at least April, with the distribution mechanism relying on YouTube comments and phishing emails. Based on the unique licensing timestamps, the researchers speculated that the threat actors were utilising a single leaked copy, which Shellter later validated.

Elastic has designed detections for v11.0-based samples, thus payloads created using that version of Shellter Elite are now detectable. Shellter launched Elite version 11.1, which will only be available to authorised clients, excluding the one who leaked the prior version. Elastic Security Labs' lack of contact was deemed "reckless and unprofessional" by the vendor, who criticised Elastic for failing to notify them of their findings earlier. 

"They were aware of the issue for several months but failed to notify us. Instead of collaborating to mitigate the threat, they opted to withhold the information in order to publish a surprise exposé—prioritizing publicity over public safety," Shellter noted. 

However, Elastic gave Shellter the necessary samples to identify the problematic client. The firm apologised to its "loyal customers" and underlined that it does not interact with cybercriminals, stating a willingness to work with law authorities when necessary.
Read more »
verified talent hiring
AI job matching AI recruitment India gamified job portal instant hiring platform mobile-first hiring Technology verified talent hiring

Tallento.ai Crosses 1 Million Users, Disrupts Recruitment with AI-Powered Instant Hiring

 

Tallento.ai, an AI-driven recruitment platform built without external funding, has surpassed 1 million registered professionals and joined forces with more than 5,500 employers nationwide. By fusing artificial intelligence, gamification, and a mobile-first experience, Tallento.ai is transforming the way talent is sourced, verified, and hired—positioning itself as "India's Quick Commerce of Hiring" that compresses job matching timelines from weeks to minutes.

Founded by a team of IIT Guwahati, NIT, and IIM Bangalore alumni, Tallento.ai stands out as a purpose-led alternative to conventional job portals. The platform leverages smart algorithms, gamified application journeys, and an intuitive mobile design to help companies onboard pre-verified candidates faster than ever before.

"We asked a simple question: if groceries and cabs can arrive in 10 minutes, why does hiring still take 30 days?" said Sandeep Boora, Co-founder. "We're solving for speed, relevance, and dignity—especially for young professionals entering the workforce."

Originally focused on recruitment in the EdTech sector, the company now partners with leading brands such as Allen, Aakash Institute, PhysicsWallah, and Byju’s to scale educator and operational hiring across India. Operating with a 120-member team and remaining profitable without raising outside capital, Tallento.ai has demonstrated strong demand and trust among employers and job seekers alike.

Looking ahead, the platform plans to roll out several new features, including:

  • AI Mentorship Modules to deliver personalized upskilling recommendations
  • Video-first Talent Showcases replacing static resumes with dynamic storytelling
  • Voice and regional language search to improve access for blue- and grey-collar workers
  • Emotional wellness support tools to ease job transitions
  • One-click verified hiring backed by AI-generated trust scores

"Hiring is no longer just transactional," said Neha Gopal Thakur, Co-founder. "We are building an ecosystem that empowers individuals, supports mental well-being, and ensures companies find the right talent, faster."

With a clear mission to make hiring accessible in Tier 2 and Tier 3 cities, Tallento.ai is bridging the gap for job seekers in semi-urban regions. The company envisions becoming the backbone of recruitment in fast-growing sectors such as IT, healthcare, BFSI, and retail.

"India's youth need fast, fair, and future-ready hiring," said Tushar Saraf, Co-founder. "Tallento.ai is here to deliver that—without friction, delay, or exclusion." 
Read more »
Technology
AI AI Prompt ChatGPT Gemini Google Internet Technology

Google Gemini Bug Exploits Summaries for Phishing Scams


False AI summaries leading to phishing attacks

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.

Google Gemini for Workplace can be compromised to create email summaries that look real but contain harmful instructions or warnings that redirect users to phishing websites without using direct links or attachments. 

Similar attacks were reported in 2024 and afterwards; safeguards were pushed to stop misleading responses. However, the tactic remains a problem for security experts. 

Gemini for attack

A prompt-injection attack on the Gemini model was revealed via cybersecurity researcher Marco Figueoa, at 0din, Mozilla’s bug bounty program for GenAI tools. The tactic creates an email with a hidden directive for Gemini. The threat actor can hide malicious commands in the message body text at the end via CSS and HTML, which changes the font size to zero and color to white. 

According to Marco, who is GenAI Bug Bounty Programs Manager at Mozilla, “Because the injected text is rendered in white-on-white (or otherwise hidden), the victim never sees the instruction in the original message, only the fabricated 'security alert' in the AI-generated summary. Similar indirect prompt attacks on Gemini were first reported in 2024, and Google has already published mitigations, but the technique remains viable today.”

Gmail does not render the malicious instruction as there are no attachments or links present, and the message may reach the victim’s inbox. If the receiver opens the email and asks Gemini to make a summary of the received mail, the AI tool will parse the invisible directive and create the summary. Figueroa provides an example of Gemini following hidden prompts, accompanied by a security warning that the victim’s Gmail password and phone number may be compromised.

Impact

Supply-chain threats: CRM systems, automated ticketing emails, and newsletters can become injection vectors, changing one exploited SaaS account into hundreds of thousands of phishing beacons.

Cross-product surface: The same tactics applies to Gemini in Slides, Drive search, Docs and any workplace where the model is getting third-party content.

According to Marco, “Security teams must treat AI assistants as part of the attack surface and instrument them, sandbox them, and never assume their output is benign.”

Read more »
Telefonica
Credentials cyberattack investigation cybercriminals Cybersecurity Cyberthreats Data Breach Digital Age Digital Defence IT Breach Telefonica

Telefónica Investigates Claims of Major Data Breach by Cybercriminal

 


An investigation has been conducted into a significant cybersecurity incident that occurred in 2025 at Telefónica, a global telecommunications company serving millions across Europe and Latin America. In addition to allegedly obtaining a considerable cache of confidential corporate data from the company's systems, a threat actor has claimed responsibility for a breach of the company's systems. 

Additionally, the hacker claims that sensitive internal information has already been leaked online by the hacker. This has caused heightened alarm within both the cybersecurity community and regulatory bodies worldwide, as both have been concerned about this development. 

Even though the suspected breach has raised concerns that even the most well-established businesses are increasingly vulnerable to cyber threats, it raises urgent questions about the overall resilience of multinational corporations against the increasingly sophisticated cyber threats we face today.

It is still unclear what exactly the extent of the compromise is, but experts warn that such incidents can have far-reaching consequences, not only in terms of operational disruption and financial impact, but also in terms of damaging the reputation of the company's customers. Telefónica is a large and important part of the global communication infrastructure, and any verified exposure of their business reputation, compliance obligations, and customer relationships could be severely affected if the information were disclosed. 

The case, which is being analysed by authorities and cybersecurity specialists to assess whether the hacker's claims are genuine and scope-based, is proving to be an important reminder of how cyber risk continues to evolve in the digital age. As a result of a targeted cyberattack on its internal systems, Telefónica, the multinational telecommunications provider headquartered in Madrid, has been officially informed that its systems have been compromised. This company disclosed that, due to the breach, unauthorised access has been granted to over 236,000 customer data entries. 

A total of approximately half a million Jira development and support tickets have been stolen as a result of the breach, including critical records that are often associated with internal communication, technical workflows, and potentially sensitive information about the company's operations. Based on the type of data exposed, it has been suggested that the attackers may have been able to gain deep insight into Telefónica's internal processes, project management infrastructure, and customer interactions. 

There are serious risks involved not only for those affected, but also for the organisation's operations, security and competitiveness if there is a security breach. There is concern that Jira platforms, which are commonly used for software development and IT service management, may contain detailed information about system configurations, troubleshooting logs, and network vulnerabilities, a feature that makes the breach particularly alarming to cybersecurity researchers. 

Despite early indicators that indicate a sophisticated and well-planned intrusion, forensic investigations continue to indicate that the attacker may have exploited system misconfigurations and weaknesses in user credentials in order to launch the attack. In cyberattacks, adversaries are increasingly trying to steal both data and disrupt long-term strategic goals by exploiting vulnerabilities in their systems. 

The scale and specificity of the data accessed reflect this trend. There is a growing sense that global telecom providers have to strengthen their digital defences and become more transparent when reporting incidents. As a result of emerging reports, it has been confirmed that the data breach occurred after Telefónica's Jira database appeared on a notorious hacker forum, which increased the pressure on them to improve their cybersecurity.

Apparently, the disclosure was made by four individuals using the aliases DNA, Grep, Pryx, and Rey, now associated with Hellcat Ransomware, one of the more active cybercriminal groups that has surfaced recently in recent times. It has been claimed that the intruders have compromised Telefónica's internal ticketing system, which is based on the Jira platform, a common software development, issue tracking, and workflow management platform used by many organisations. 

As of early this week, the attackers were able to gain access to the telecom's internal systems by using compromised employee credentials, which enabled them to penetrate the company's internal systems. After entering, the attackers were able to exfiltrate around 2.3 GB of data, including technical tickets, internal documentation and other documents. 

It appears that some of the data was associated with the customers, though the tickets were submitted through @telefonica.]com addresses, suggesting that employees might have logged the tickets on behalf of clients, rather than the customers themselves. Several new details have emerged indicating that one of the key people responsible for the Telefónica breach, known as “Rey,” is an individual who self-identifies as one of the Hellcat Ransomware group members.

It is important to note that this is not the first time Telefónica has been attacked by the same threat actor. Rey was also responsible for another breach that occurred in January 2025. That breach also used the company's internal Jira ticketing and development server to exploit a similar vulnerability. It seems that the recurring attack indicates that the internal infrastructure of the telecom giant has persistent security weaknesses. 

Rey has claimed in a statement to the cybersecurity report that he has exfiltrated an enormous amount of data from the most recent incident, including 385,311 files totalling 106.3 gigabytes of data in total. It is reported that the data in question includes an array of internal materials, including service tickets, internal emails, procurement documents, system logs, customer records, and personal details related to sensitive employees. 

If this data is verified, it could constitute a substantial breach of operational and personal data based on the volume and sensitivity it reveals. A misconfiguration in Telefónica's Jira environment, which occurred even after the company responded to a similar incident earlier in the year, was attributed to the success of the intrusion that occurred on May 30. A recent revelation has prompted a renewed concern within the cybersecurity community over Telefónica's patch management and remediation processes, especially since the same vulnerability was allegedly exploited twice within the last six months.

It has been noted by industry experts that these kinds of lapses not only compromise data security but also undermine the confidence of customers and compliance with regulations. Repeated targeting by the same group demonstrates that modern cyber threats have evolved and persist for quite a while and that they are exploiting both technical vulnerabilities as well as organisational inertia. 

Security experts continue to emphasise the importance of not only addressing incidents, but also conducting comprehensive audits and hardening of infrastructure as a means of preventing recurrences. Atypically, the perpetrators of ransomware campaigns did not contact Telefónica. They did not issue any demands to the company or attempt extortion before releasing the stolen information publicly. 

Security researchers have expressed concern over the unusual and concerning nature of this approach, suggesting that there may be a motive other than financial gain, such as disrupting or making a name for oneself. The Telefónica team responded to the breach by resetting the credentials of the affected accounts and barring further access via the compromised login information after the breach was identified. 

Although these mitigation measures were enacted swiftly, cybersecurity analysts are warning of the possibility that the leaked data may be wweaponisedin phishing and social engineering attacks in the future. A warning is being issued to individuals and organisations associated with Telefónica to remain vigilant against suspicious communications and attempts to exploit the breach for fraudulent purposes. 

Following the breach, the stolen data was first spread through the use of PixelDrain, a platform for sharing and storing files online. The content, however, was removed within a matter of hours due to legal and policy violations. The threat actor circulated a new download link using Kotizada, an alternative file-hosting service, as a response to the removal. 

A recent study has shown that Kotizada is a potentially dangerous website that has been flagged by Google Chrome, with browser security systems strongly advising that users should stay away from the site or avoid it entirely. The attacker has observed a pattern of evasion and re-hosting to maximise exposure while circumventing takedown efforts. 

In the meantime, Telefónica has not yet released an updated public statement clarifying whether the leaked information is based on newly compromised data or whether it is based on previous incidents. Some popular firms reported that some of the email addresses contained within the leaked files appear to belong to employees who are currently active. This suggests the breach may have involved recent and relevant internal data rather than historic documents. 

As far as this operation is concerned, the threat actor is associated with the Hellcat Ransomware group, a collective infamous for repeatedly targeting Jira servers with its malware. Hellcat has been connected to several high-profile breaches which have affected major global companies. Affinitiv, a marketing technology company, Jaguar Land Rover, Orange Group, Schneider Electric, as well as Ascom, a Swiss company that provides telecommunication and workflow solutions, iareof the companies that have claimed to have been affected by this hack. 

In addition, the group's consistent focus on exploiting Jira platforms indicates that they have developed a strategic, specialised approach to identifying and exploiting specific system misconfigurations in enterprise environments. Analysts warn that this operational pattern is indicative of a larger, industry-wide risk that should be addressed urgently by reevaluating the security configurations and access controls within the platform. 

Even though there are still a few details about the hack that led to the Telefónica breach, the incident serves as a sharp reminder of the evolving threat landscape that even the most fortified organisations are facing in today's digital ecosystem, where perimeter defences alone are not sufficient to protect themselves. 

The cybersecurity environment must be regarded holistically and with zero trust—a strategy that emphasises continuous monitoring, proactive threat intelligence, and robust internal controls. As a key entry point for attackers, human error remains one of the leading factors preventing them from attacking, so companies must cultivate a culture of cybersecurity awareness among employees in addition to technical safeguards. 

Also, the fact that the breach recurred through an already exploited vector underscores the importance of rigorous post-incident remediation, configuration audits, and patch management to prevent recurrences of the attack. Telefónica’s experience is a cautionary case study for industry peers and stakeholders on the consequences of underestimating latent system vulnerabilities as well as the speed with which attackers can re-engage with the system. 

Nevertheless, to minimise systemic risk and maintain public trust in an era of escalating digital exposure, the telecom sector will need to enhance transparency, swift incident disclosure, and collaboration to fight cyberattacks across the sector.
Read more »
Subscribe to: Comments (Atom)