Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Ransom Demands
Azure Cloud Cloud Attacks Cloud Security Cyber Security Data Theft Microsoft Microsoft Azure Ransom Demands

Microsoft Warns Storm-0501 Shifts to Cloud-Based Encryption, Data Theft, and Extortion

 

Microsoft has issued a warning about Storm-0501, a threat actor that has significantly evolved its tactics, moving away from traditional ransomware encryption on devices to targeting cloud environments for data theft, extortion, and cloud-based encryption. Instead of relying on conventional ransomware payloads, the group now abuses native cloud features to exfiltrate information, delete backups, and cripple storage systems, applying pressure on victims to pay without deploying malware in the traditional sense. 

Storm-0501 has been active since at least 2021, when it first used the Sabbath ransomware in attacks on organizations across multiple industries. Over time, it adopted ransomware-as-a-service (RaaS) tools, deploying encryptors from groups such as Hive, BlackCat (ALPHV), Hunters International, LockBit, and most recently, Embargo ransomware. In September 2024, Microsoft revealed that the group was expanding into hybrid cloud environments, compromising Active Directory and pivoting into Entra ID tenants. During those intrusions, attackers established persistence with malicious federated domains or encrypted on-premises devices with ransomware like Embargo. 

In its latest report, Microsoft highlights that Storm-0501 is now conducting attacks entirely in the cloud. Unlike conventional ransomware campaigns that spread malware across endpoints and then negotiate for decryption, the new approach leverages cloud-native tools to quickly exfiltrate large volumes of data, wipe storage backups, and encrypt files within the cloud itself. This strategy both accelerates the attack and reduces reliance on detectable malware deployment, making it more difficult for defenders to identify the threat in time. 

Recent cases show the group compromising multiple Active Directory domains and Entra tenants by exploiting weaknesses in Microsoft Defender configurations. Using stolen Directory Synchronization Accounts, Storm-0501 enumerated roles, users, and Azure resources with reconnaissance tools such as AzureHound. The attackers then identified a Global Administrator account without multifactor authentication, reset its password, and seized administrative control. With these elevated privileges, they maintained persistence by adding their own federated domains, which allowed them to impersonate users and bypass MFA entirely. 

From there, the attackers escalated further inside Azure by abusing the Microsoft.Authorization/elevateAccess/action capability, granting themselves Owner-level roles and taking complete control of the target’s cloud infrastructure. Once entrenched, they began disabling defenses and siphoning sensitive data from Azure Storage accounts. In many cases, they attempted to delete snapshots, restore points, Recovery Services vaults, and even entire storage accounts to prevent recovery. When these deletions failed, they created new Key Vaults and customer-managed keys to encrypt the data, effectively locking companies out unless a ransom was paid. 

The final stage of the attack involved contacting victims directly through Microsoft Teams accounts that had already been compromised, delivering ransom notes and threats. Microsoft warns that this shift illustrates how ransomware operations may increasingly migrate away from on-premises encryption as defenses improve, moving instead toward cloud-native extortion techniques. The report also includes guidance for detection, including Microsoft Defender XDR hunting queries, to help organizations identify the tactics used by Storm-0501.
Read more »
Whistleblower
Data Breach DODGE Social Security US Citizens Whistleblower

Whistleblower: Social Security Data of 300 Million Americans at Risk After Agency Mishandling

 

A whistleblower has alleged that Social Security information belonging to over 300 million Americans was compromised when Department of Government Efficiency (DOGE) personnel uploaded sensitive data to a cloud storage system lacking adequate security oversight.

The potentially exposed information encompasses a broad range of personal details, including medical diagnoses, financial records, banking data, family relationships, and biographical information. 

The whistleblower expressed concerns that malicious actors gaining access to this cloud environment could enable massive identity theft schemes, potentially disrupting Americans' access to essential healthcare and food assistance programs while forcing the government to undertake the costly process of reissuing Social Security numbers nationwide. 

The Social Security Administration has acknowledged the whistleblower's claims while appearing to minimize their severity. Officials stated that personal information remains housed in secure systems with comprehensive protective measures and emphasized that the data resides in an established SSA environment isolated from internet access. 

The agency maintains it has not detected any security compromises to this system. Despite these assurances, cybersecurity experts warn of substantial risks to personal information resulting from government data handling practices. 

Safety measures 

Financial advisors recommend maintaining calm while implementing protective measures. Melissa Caro from My Retirement Network notes that while such incidents are concerning, Americans' personal information faces constant exposure through various channels. She emphasizes that Social Security numbers have been compromised repeatedly in the past, making ongoing protective measures essential. 

Experts recommend two primary defense strategies: 

Credit monitoring: Establish free accounts with all three major credit bureaus to regularly review credit reports and identify potential issues. The federally authorized AnnualCreditReport.com provides weekly access to reports from Equifax, Experian, and TransUnion, enabling users to monitor their credit profiles for unauthorized activity. 

Credit freezes: Implement credit freezes across all bureau profiles to prevent unauthorized account openings. Catherine Valega from Green Bee Advisory strongly endorses this approach as immediate protection. These free protective measures outperform most commercial identity protection services.

Additional security practices include using unique passwords with multi-factor authentication and maintaining skepticism toward unsolicited communications allegedly from Social Security or financial institutions. Caro emphasizes that regardless of this specific incident, these protective steps should be standard practice given the persistent threat landscape.
Read more »
Technology
AI Cloud Data PromptLock Ransomware Technology

Experts discover first-ever AI-powered ransomware called "PromptLock"

Experts discover first-ever AI-powered ransomware called "PromptLock"

A ransomware attack is an organization’s worst nightmare. Not only does it harm the confidentiality of the organizations and their customers, but it also drains money and causes damage to the reputation. Defenders have been trying to address this serious threat, but threat actors keep developing new tactics to launch attacks. To make things worse, we have a new AI-powered ransomware strain. 

First AI ransomware

Cybersecurity experts have found the first-ever AI-powered ransomware strain. Experts Peter Strycek and Anton Cherepanov from ESET found the strain and have termed it “PromptLock.” "During infection, the AI autonomously decides which files to search, copy, or encrypt — marking a potential turning point in how cybercriminals operate," ESET said.

The malware has not been spotted in any cyberattack as of yet, experts say. Promptlock appears to be in development and is poised for launch. 

Although cyber criminals used GenAI tools to create malware in the past, PromptLock is the first ransomware case that is based on an AI model. According to Cherepanov’s LinkedIn post, Promptlock exploits the gpt-oss:20b model from OpenAI through the Ollama API to make new scripts.

About PromptLock

Cherepanov’s LinkedIn post highlighted that the ransomware script can exfiltrate files and encrypt data, but may destroy files in the future. He said that “while multiple indicators suggest that the sample is a proof-of-concept (PoC) or a work-in-progress rather than an operational threat in the wild, we believe it is crucial to raise awareness within the cybersecurity community about such emerging risks.

AI and ransomware threat

According to Dark Reading’s conversation with ESET experts, the AI-based ransomware is a serious threat to security teams. Strycek and Cherepanov are trying to find out more about PromptLock, but they want to warn the security teams immediately about the ransomware. 

ESET on X noted that "the PromptLock ransomware is written in #Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal."

Threat actors have started using AI tools to launch phishing campaigns by creating fake content and malicious websites, thanks to the rapid adoption across the industry. However, AI-powered ransomware will be a worse challenge for cybersecurity defenders.

Read more »
Workiva
Cloud Server CloudFlare CRM Cybersecurity Data Breach phishing Salesforce ShinyHunters Vulnerabilities Workday Workiva

Workiva Confirms Data Breach in Wake of Salesforce Security Incident


 

A recent cyberattack on Salesforce customers has prompted Workiva to disclose a breach linked to a recent wave of attacks, serving as a reminder of the increasing cybersecurity risks faced by global organisations. Workiva provides financial reporting, compliance, and audit software, as well as financial reporting and compliance software, based in the cloud. 

As the company confirmed, attackers have accessed a third-party customer relationship management system (CRM), exposing information about limited company contact details, including names, email addresses, phone numbers, and support ticket information. As an important note, Workiva stressed that its own platform and customer data remain safe and secure. 

According to the ShinyHunters extortion group, the breach is part of a broader campaign that has been carried out by the threat actors to gain unauthorized access to sensitive business information, including exploiting OAuth tokens and conducting voice phishing. As a result of these attacks, Workiva has warned customers that spear phishing attempts should not be ignored and emphasized that all official communications will continue to come from its verified support channels only. 

According to Workiva, whose cloud-based platform is widely used for financial reporting, compliance and audit processes, the breach could be traced back to unauthorized access to the customer relationship management system of a third party. There has been a breach of security at Adobe. 

In notifications sent to clients who may be affected, the company disclosed that attackers were able to access a limited set of business contact details, such as names, email addresses, phone numbers, and support tickets data. As Workiva clarified, its core platform and any customer data stored inside it have not been compromised, rather the intrusion originated via a connected third-party application that was managed by the vendor responsible for Workiva's customer relationship management system. 

Over 6,300 customers are included in the company, including 85 percent of Fortune 500 companies and prominent names like Google, T-Mobile, Delta Air Lines, Wayfair, Hershey, and Mercedes-Benz, so the company stressed the importance of staying vigilant and warned that the stolen data could be used to conduct spear-phishing scams. 

It was reiterated that Workiva would never solicit sensitive information by text or phone, nor would it seek to communicate with customers through official channels other than its trusted support channels, as a means of reassuring customers. Due to the fact that even the most prominent security vendors were not spared from the wave of intrusions, the cybersecurity community has been on their toes due to the wave of intrusions. 

A simple example of this, Cloudflare, reported that attackers bypassed traditional social engineering by exploiting credential compromises linked to Salesloft Drift, one of the third-party applications that are integrated with Salesforce, instead of taking advantage of traditional social engineering techniques. 

Using this access, threat actors were able to infiltrate Cloudflare's Salesforce environment on August 12, and spend two days mapping the system before conducting a rapid exfiltration operation which, within minutes of the operation, sucked off sensitive data, deleted log files and attempted to erase digital traces. 

Earlier, Palo Alto Networks confirmed that a similar breach had occurred during the period between August 8 and 18, with attackers leveraging stolen OAuth tokens to gain access to the Salesforce system that the Salesforce integration was integrated into. In this period, adversaries were able to extract customer contact information, sales records, and case data. 

After obtaining these items, the adversaries later scanned the stolen data for passwords and cloud service credentials, which were used to facilitate secondary attacks targeting AWS and Snowflake platforms. Analysts point out that these incidents do not imply that core defences have collapsed, but rather that trust dependencies within digital ecosystems are fragile. 

With the use of weak access controls and third-party connections, groups like Scattered Spider, Lapsus$, and ShinyHunters have exploited stolen data and ransom profits on underground channels to make a profit, raising the concern that a much bigger scope of exposure may be uncovered than has been revealed.

Despite being one of the world's largest HR software providers, Workday has confirmed that it also became a victim of a cyberattack campaign utilizing Salesforce's customer relationship management platform. There is a possibility that the incident, which was first reported on August 6, could have impacted the personal information of up to 70 million individuals as well as 11,000 corporate clients' business information. 

Despite Workday stressing that its core HR systems that are known as customer tenants remain unaffected by this attack, it admits that attackers were able to access business contact details in its Salesforce integration, including names, email addresses, phone numbers, and facsimiles. A growing list of victims has included Google, Cisco, Qantas, and Pandora as well as other large companies. 

The breach underscores how adversaries are increasingly targeting third-party service providers that are acting as gateways to vast amounts of personal data. As roughly 60% of Fortune 500 companies use Workday's platform for their digital supply chains, the incident emphasizes the risks involved in a digital supply chain that is interconnected. 

A number of security experts have warned that these SaaS and CRM systems, which were once treated as routine business tools, have now become very valuable attack surfaces for cyber criminals. As analysts point out that ShinyHunters seems to be the likely culprit, attention has now turned to their tactics, namely, phishing campaigns designed to trick employees into giving them their credentials by impersonating HR and IT staff. 

The breach has reignited debate among cybersecurity professionals regarding whether the breaches indicate the development of sophisticated social engineering techniques, or whether they reveal persistent shortcomings in organizational awareness and training. In light of the string of breaches tied to Salesforce integrations, enterprises have reached the point of reassessing, monitoring, and securing third-party platforms that are woven into the daily operation of their companies. 

The incidents were unprecedented in their scope and severity, and although some companies haven't been able to contain the fallout as quickly as others has, the incidents illustrate that even some of the most trusted vendors cannot be made to appear invulnerable. The majority of cybersecurity specialists believe that organizations need to build a wider security posture beyond perimeter defense, including vendor risk management and zero-trust frameworks, as well as tighter controls on identity and access. 

Auditing integrations on a regular basis, minimizing permissions granted through OAuth, and monitoring API usage are no longer optional safeguards, but are strategic imperatives in an environment where many attackers thrive on exploiting overlooked trust relationships in order to achieve the greatest possible gain. 

Additionally, greater focus on employee awareness about spear-phishing and impersonation schemes can be a critical component in reducing the chances of credential theft, which is an entry point that appears to be becoming more prevalent each year. In the case of organizations reliant on SaaS ecosystems, the lesson is clear - securing extended supply chains is as important as protecting internal infrastructure as it is in keeping business resilient, and the adaptors will be the ones best positioned to withstand the next wave of attack.
Read more »
SSN leak
Data Breach Experian credit monitoring financial data exposure Healthcare HSGI cyberattack identity theft protection SSN leak

Over 624,000 Impacted in Major Healthcare Data Breach: SSNs, Financial Data, and Identity Theft Risks

 


A massive healthcare data breach has exposed the sensitive information of more than 624,000 individuals, putting Social Security numbers, financial details, and account credentials at risk.

The breach targeted Healthcare Services Group Inc. (HSGI), a Pennsylvania-based company that manages dining, housekeeping, and laundry services for hospitals across 48 U.S. states. According to BleepingComputer, HSGI has begun notifying impacted individuals through official letters.

Hackers infiltrated HSGI’s network in late September 2024, but the intrusion wasn’t discovered until October 7, 2024. An investigation revealed that a wide range of personal data may have been compromised, including:
  • Full names
  • Social Security numbers
  • Driver’s license and state ID numbers
  • Financial account details
  • Login credentials

The type of data exposed varies for each victim. Some may only have had their names leaked, while others also had SSNs and financial data exposed.

If you receive a data breach notification letter from HSGI, it will outline exactly what information of yours was exposed. The company is offering affected individuals free identity theft protection services from Experian, though the coverage period (12 months vs. 24 months) has not been confirmed.

Even though there’s no evidence yet of misuse of stolen data, experts warn that hackers could use the information for phishing attacks, fraud, or identity theft. Victims are urged to:
  • Monitor bank and credit card accounts closely
  • Watch for suspicious emails or texts
  • Avoid clicking unknown links or downloading attachments
  • Use trusted antivirus software on all devices

The healthcare industry has become a prime target for cybercriminals due to the high value of medical and financial records. Analysts believe this will not be the last attack of its kind, as similar breaches have been reported throughout the past year.

While individuals cannot control a company’s cybersecurity, they can take proactive measures once a breach occurs. As experts warn: You may not stop the breach, but you can protect yourself from becoming the next victim of identity fraud.
Read more »
Software
API Keys AWS Cyber Attacks Salesloft Software

Salesloft Integration Breach Exposes Salesforce Customer Data


 

A recent cyber incident has brought to light how one weak link in software integrations can expose sensitive business information. Salesloft, a sales automation platform, confirmed that attackers exploited its Drift chat integration with Salesforce to steal tokens that granted access to customer environments.

Between August 8 and August 18, 2025, threat actors obtained OAuth and refresh tokens connected to the Drift–Salesforce integration. These tokens work like digital keys, allowing connected apps to access Salesforce data without repeatedly asking for passwords. Once stolen, the tokens were used to log into Salesforce accounts and extract confidential data.

According to Salesloft, the attackers specifically searched for credentials such as Amazon Web Services (AWS) keys, Snowflake access tokens, and internal passwords. The company said the breach only impacted customers who used the Drift–Salesforce connection, while other integrations were unaffected. As a precaution, all tokens for this integration were revoked, forcing customers to reauthenticate before continuing use.

Google’s Threat Intelligence team, which is monitoring the attackers under the name UNC6395, reported that the group issued queries inside Salesforce to collect sensitive details hidden in support cases. These included login credentials, API keys, and cloud access tokens. Investigators noted that while the attackers tried to cover their tracks by deleting query jobs, the activity still appears in Salesforce logs.

To disguise their operations, the hackers used anonymizing tools like Tor and commercial hosting services. Google also identified user-agent strings and IP addresses linked to the attack, which organizations can use to check their logs for signs of compromise.

Security experts are urging affected administrators to rotate credentials immediately, review Salesforce logs for unusual queries, and search for leaked secrets by scanning for terms such as “AKIA” (used in AWS keys), “Snowflake,” “password,” or “secret.” They also recommend tightening access controls on third-party apps, limiting token permissions, and shortening session times to reduce future risk.

While some extortion groups have publicly claimed responsibility for the attack, Google stated there is no clear evidence tying them to this breach. The investigation is still ongoing, and attribution remains uncertain.

This incident underlines the broader risks of SaaS integrations. Connected apps are often given high levels of access to critical business platforms. If those credentials are compromised, attackers can bypass normal login protections and move deeper into company systems. As businesses continue relying on cloud applications, stronger governance of integrations and closer monitoring of token use are becoming essential.




Read more »
Wireless Encryption
Cybersecurity home network protection IOT Security Online Safety Privacy Wi-Fi Security Wireless Encryption

Experts Advise Homeowners on Effective Wi-Fi Protection


 

Today, in a world where people are increasingly connected, the home wireless network has become an integral part of daily life. It powers everything from remote working to digital banking to entertainment to smart appliances, personal communication, and smart appliances. As households have become more dependent on seamless connectivity, the risks associated with insecure networks have increased. 

It is not surprising that cybercriminals, using sophisticated tools and constantly evolving tactics, continue to target vulnerabilities within household setups, making ordinary homes a potential gateway to data theft and invasion. In recognition of the urgency of this issue, cybersecurity experts and industry experts have consistently emphasized the need for home Wi-Fi security to be strengthened. 

The companies that provide these types of solutions, such as Fing, have helped millions of users worldwide with tools such as Fing Desktop and Fing Agent, are at the forefront of this effort. Fing offers visibility and monitoring, along with expert guidance to everyday users. These experts have put together practical measures based upon global trends and real-world experiences, and they are designed to appeal not just to tech-savvy individuals but also to ordinary homeowners, ensuring that the safeguarding of digital life does not just become an optional part of modern life, but becomes an integral part of it as well. 

The use of radio frequency (RF) connections between devices has made wireless networks a fundamental part of everyday life, integrated into homes, businesses and telecommunication systems as well. However, despite their widespread usage, the technology remains largely misunderstood even today. 

Although many people still confuse wireless and Wi-Fi, the term encompasses a wide range of technologies, including Bluetooth, Zigbee, LTE, and 5G technology, which are all part of the wireless network. This lack of awareness is not merely an academic one, as it has real security implications since Wi-Fi is only a portion of this larger ecosystem outlined by IEEE's 802.11 standards, as opposed to Wi-Fi. 

Unlike traditional wired connections, such as Ethernet, wireless networks enable malicious actors to operate remotely, without requiring physical access to infiltrate the network. As cybercriminals are becoming increasingly dependent on wireless connectivity, these networks have become prime hunting grounds for cybercriminals, since remote targeting is so easy. 

Due to this, the demand for robust wireless security solutions is expected to continue to increase, as individuals as well as organizations struggle to identify intrusions and defend themselves against increasingly sophisticated threats, as well as identify intrusions. It is evident from the evolution of wireless encryption standards that network security must continually adapt to meet the sophistication of cyber threats that are prevailing today. 

Throughout the history of the Internet, people have witnessed technological advances and also the pressing need for users to be vigilant not just due to the outdated and vulnerable WEP protocol but also due to the robust safeguards offered by WPA3. While upgrading to the latest standards is important, security experts emphasize that by using layered approaches to security, the real strength of a secure network lies in combining encryption with sound practices such as using strong password policies, regularly updating firmware, and ensuring that devices are properly configured. 

The adoption of updated standards is not only an excellent practice for businesses; it's also a legal, financial, and reputational shield that protects them from legal, financial, and reputational harm. For households, this translates into peace of mind, knowing that their private information, smart devices, and digital interaction are protected against threats that are always evolving. The rapid development of wireless technologies, including the rise of 5G and the Internet of Things (IoT), continues to make it essential to embrace the current security protocols as a precautionary measure. 

By taking proactive steps today, both individuals and organizations can ensure that their digital futures are safer and more resilient. Increasingly, home Wi-Fi networks have become prime targets for cybercriminals, exposing users to numerous risks that range from unauthorized access, data theft, malware infiltration, and privacy breaches if their connections are unsecured. 

In the world of cybersecurity, even simple oversights—for example leaving the router settings unchanged—can be a gateway to attacks. First of all, changing the default SSID of a router can be an effective way to protect a router, as factory-set names reveal the router's make and model, making it easier for hackers to exploit known vulnerabilities. 

In addition to setting strong, unique passwords, professionals emphasize the importance of enabling modern encryption standards such as WPA3 that offer far greater protection than outdated protocols such as WEP and WPA, and that go beyond simple phrases or personal details. There is also the importance of regularly updating router firmware, as manufacturers release patches to address newly discovered security holes on a frequent basis. 

Besides disabling remote management features, enabling the built-in firewall, and creating separate guest networks for visitors, there are several other measures which can help reduce the vulnerability to intrusions as well. A Virtual Private Network (VPN) is an excellent way to enhance the security of a household's communications even further. 

By using these VPNs, households can add a valuable layer of encryption to the communication process. Simple habits, such as turning off their Wi-Fi when not in use, can also strengthen defenses. Ultimately, cybersecurity experts highlight that technology alone isn't enough; it's crucial to encourage awareness among the household members as well. 

In order to ensure that all family members share the responsibility of protecting the home network, it is vital to teach them how to conduct themselves when they are online, avoid phishing traps, and keep passwords safe. In the era of digital technology, the need to secure home Wi-Fi has become an essential part of safeguarding the users' personal and professional lives, not only because of its convenience but also because of its fundamental necessity. 

In addition to technical adjustments and preventative measures, experts advise households to adopt a proactive approach to cybersecurity—viewing it as a daily practice, rather than as a one-time task. In addition to shielding sensitive information and preventing financial losses, this approach also ensures uninterrupted internet access for work, study, and entertainment, as well as ensuring a safe and secure online environment.

As a result of strong defenses at the household level, cybercriminals are able to reduce the opportunities for them to exploit communities as a whole, thereby reducing the threat of cybercrime. The importance of secure Wi-Fi is only going to grow exponentially in the future as the number of Internet of Things (IoT) devices grow exponentially, from camera smarts to personal assistants, and this in itself stresses the need for vigilance in the future as technology becomes more deeply embedded into daily life. 

The key to transforming our Wi-Fi networks from potential vulnerabilities into trusted digital gateways is staying informed, purchasing secure equipment, and educating our family members. By doing so, families can enhance their Wi-Fi networks so that they can serve as trusted digital gateways, protecting their homes from the invisible threats people are facing today while reaping the benefits of living connected.
Read more »
Technology
Music App Privacy and Security Spotify Technology

Spotify Launches In-App Messaging for Private Music, Podcast, and Audiobook Sharing

 

Spotify has introduced an in-app messaging feature called "Messages," allowing users to share music, podcasts, and audiobooks directly within the app. This new feature aims to make music sharing easier and more social by keeping conversations about content within Spotify's ecosystem. 

Messages enable one-on-one chats where users can send Spotify content along with text and emojis. The feature is available to users aged 16 and older and currently rolled out in select Latin and South American markets, with plans to expand to the US, Canada, Brazil, the EU, the UK, Australia, and New Zealand soon. Both free and premium users can access the messaging service.

To start a chat, users tap their profile photo in the app and select the Messages section. They can message only people they've interacted with previously via collaborative playlists, Jams, Blends, or shared Family and Duo plans. Sharing content is simple—users can tap the share icon in the Now Playing screen, choose a friend, and send tracks, podcasts, or audiobooks directly. 

Messaging works on a request-and-approval basis; recipients must accept requests before conversations begin. Users can block contacts and decline requests, ensuring control over their message experience. Once connected, participants can exchange messages, emojis, and content effortlessly. 

Spotify stresses that Messages complements, rather than replaces, sharing via external platforms like Instagram, WhatsApp, Facebook, TikTok, and Snapchat, preserving the option to share content widely while encouraging more focused conversations within Spotify. 

Privacy and safety are priorities, with industry-standard encryption protecting data. Spotify employs detection technologies and human moderators to monitor messages for harmful or illegal content. Users can report inappropriate behavior, with all messaging governed by Spotify’s existing terms and community rules. 

This launch marks a key step in Spotify’s effort to become a more social platform by integrating interactive features directly into the app. The company aims to increase engagement by enabling users to share and discuss music discoveries more seamlessly and privately. As Spotify expands the availability of Messages, it anticipates strengthening community connections and boosting content sharing among friends and families inside the app. 

In summary, Spotify’s Messages feature offers a new, secure way for users to chat and share their favorite music and podcasts without leaving the app, making Spotify a more connected listening experience.
Read more »
QR code verification
Cyber Security Google Google Messages beta Impersonation mobile security measures Online Scams QR code QR code verification

Google Messages Adds QR Code Verification to Prevent Impersonation Scams

 

Google is preparing to roll out a new security feature in its Messages app that adds another layer of protection against impersonation scams. The update, now available in beta, introduces a QR code system to verify whether the person you are chatting with is using a legitimate device. The move is part of Google’s broader effort to strengthen end-to-end encryption and make it easier for users to confirm the authenticity of their contacts.  

Previously, Google Messages allowed users to verify encryption by exchanging and manually comparing an 80-digit code. While effective, the process was cumbersome and rarely used by everyday users. The new QR code option simplifies this verification method by allowing contacts to scan each other’s codes directly. Once scanned, Google can confirm the identity of the devices involved in the conversation and alert users if suspicious or unauthorized activity is detected. This makes it harder for attackers to impersonate contacts or intercept conversations unnoticed. 

According to reports, the feature will be available on devices running Android 9 and higher later this year. For those enrolled in the beta program, it can already be found within the Google Messages app. Users can access it by opening a conversation, tapping on the contact’s name, and navigating to the “End-to-end encryption” section under the details menu. Within that menu, the “Verify encryption” option now provides two methods: manually comparing the 80-digit code or scanning a QR code. 

To complete the process, both participants must scan each other’s codes, after which the devices are marked as verified. Though integration with the “Connected apps” section in the Contacts app has been hinted at, this functionality has not yet gone live. The addition of QR-based verification comes as part of a larger wave of updates designed to modernize and secure Google Messages. Recently, Google introduced a “Delete for everyone” option, giving users more control over sent messages. 

The company also launched a sensitive content warning system and an unsubscribe button to block unwanted spam, following its announcement in October of last year about bolstering protections against abusive messaging practices. With growing concerns about phishing, identity theft, and messaging fraud, the QR code feature provides a more user-friendly safeguard. By reducing friction in the verification process, Google increases the likelihood that more people will adopt it as part of their everyday communication. 

While there is no official release date, the company is expected to roll out this security enhancement before the end of the year, continuing its push to position Google Messages as a secure and competitive alternative in the messaging app market.
Read more »
Technology
AI Business ChatGPT Cloud Data Data Leak GenAI Technology

CISOs fear material losses amid rising cyberattacks


Chief information security officers (CISOs) are worried about the dangers of a cyberattack, and there is an anxiety due to the material losses of data that organizations have suffered in the past year.

According to a report by Proofpoint, the majority of CISOs fear a material cyberattack in the next 12 months. These concerns highlight the increasing risks and cultural shifts among CISOs.

Changing roles of CISOs

“76% of CISOs anticipate a material cyberattack in the next year, with human risk and GenAI-driven data loss topping their concerns,” Proofpoint said. In this situation, corporate stakeholders are trying to get a better understanding of the risks involved when it comes to tech and whether they are safe or not. 

Experts believe that CISOs are being more open about these attacks, thanks to SEC disclosure rules, strict regulations, board expectations, and enquiries. The report surveyed 1,600 CISOs worldwide; all the organizations had more than 1000 employees. 

Doing business is a concern

The study highlights a rising concern about doing business amid incidents of cyberattacks. Although the majority of CISOs are confident about their cybersecurity culture, six out of 10 CISOs said their organizations are not prepared for a cyberattack. The majority of the CISOs were found in favour of paying ransoms to avoid the leak of sensitive data.

AI: Saviour or danger?

AI has risen both as a top concern as well as a top priority for CISOs. Two-thirds of CISOs believe that enabling GenAI tools is a top priority over the next two years, despite the ongoing risks. In the US, however, 80% CISOs worry about possible data breaches through GenAI platforms. 

With adoption rates rising, organizations have started to move from restriction to governance. “Most are responding with guardrails: 67% have implemented usage guidelines, and 68% are exploring AI-powered defenses, though enthusiasm has cooled from 87% last year. More than half (59%) restrict employee use of GenAI tools altogether,” Proofpoint said.

Read more »
PromptLock malware
AI Ransomware Cyber Security ESET cybersecurity research Lua script ransomware Ollama API attack OpenAI gpt-oss-20b PromptLock malware

First AI-Powered Ransomware ‘PromptLock’ Emerges, Using OpenAI gpt-oss-20b Model for Encryption

 


A newly uncovered ransomware strain is making headlines as the first to integrate an artificial intelligence model for malicious operations.

Named “PromptLock” by the ESET Research team, the malware employs OpenAI’s gpt-oss:20b model through the Ollama API to generate customized cross-platform Lua scripts, marking a significant evolution in ransomware development.

Although currently believed to be a proof-of-concept (PoC) with no evidence of active deployment, the architecture highlights how cybercriminals are beginning to embed local large language models (LLMs) into malware to create more adaptive and evasive threats.

Unlike traditional ransomware, which relies on pre-built malicious code, PromptLock operates differently. Written in Golang, with both Windows and Linux variants found on VirusTotal, it sends hard-coded prompts to a locally running AI model.

Network analysis revealed POST requests to a local Ollama API endpoint (172.42.0[.]253:8443), where the AI was instructed to act as a “Lua code generator.”

The prompts directed the AI to generate malicious scripts capable of:
  1. System Enumeration – Collecting OS details, usernames, hostnames, and directories across Windows, Linux, and macOS.
  2. File System Inspection – Scanning drives, locating sensitive files, and identifying PII or confidential data.
  3. Data Exfiltration & Encryption – Running Lua-generated scripts to steal and encrypt information.

To execute encryption, the malware deploys the SPECK 128-bit block cipher, chosen for its lightweight flexibility.

ESET researchers noted that PromptLock appears unfinished, with functions like data destruction defined but not yet implemented.

Adding to its oddity, one prompt contained a Bitcoin address linked to Satoshi Nakamoto, likely a placeholder or diversion tactic.

Despite being a PoC, ESET disclosed the malware due to its implications. “We believe it is our responsibility to inform the cybersecurity community about such developments,” the researchers stated.

Experts warn that as local LLMs grow more accessible, attackers may increasingly rely on AI to dynamically generate malware on compromised systems. This shift could redefine how security teams approach ransomware defense, making proactive monitoring essential.
Read more »
Subscribe to: Comments (Atom)