Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Deceptive VPN Websites Become Gateway for Corporate Data Theft

  The financial motivation of a threat group tracked by Microsoft as Storm-2561 has been quietly exploiting the familiarity of enterprise VP...

All the recent news you need to know
Technology
AI Actress Hollywood Backlash Oscars Video Pro-AI Anthem Technology

AI Actress Tilly Norwood's Controversial Oscars Music Video Sparks Debate

 

Tilly Norwood, billed as the world's first AI-generated actress, has released a new music video titled "Take The Lead" just ahead of the Oscars, promoting AI's role in entertainment. Created by Particle6 Group's Xicoia division under CEO Eline van der Velden, the video features Norwood singing pro-AI lyrics like "AI’s not the enemy, it’s the key" while riding a pink flamingo and performing in stadiums.Despite claims of 18 human collaborators, including costume designers and prompters, the project has drawn sharp criticism for its uncanny visuals and generic composition. 

The video's launch ties into Hollywood's awards season, with Norwood teasing an Oscars appearance in the caption: "Can’t wait to go to the Oscars! Does anyone know if they have free valet parking for my flamingo?" However, view counts remain low, hovering around 4,000 to 23,000 shortly after upload, with comments largely mocking its lack of "human spark."Norwood's social media reflects uneven popularity: nearly 90,000 Instagram followers but under 4,000 YouTube subscribers and just 3 on TikTok. 

Lyrics drawn from van der Velden's essay defend AI creativity, with lines like "When they talk about me, they don’t see the human spark" amid visuals of falling dollar bills with garbled symbols. Critics highlight the "standard AI sheen" where details falter under scrutiny, questioning if it truly showcases innovation. Particle6 positions this as part of the expanding "Tillyverse," a digital universe for AI characters, recently bolstered by hires like Amazon's Mark Whelan for strategy. 

Backlash has been fierce since Norwood's 2025 debut. SAG-AFTRA condemned her, actors threatened boycotts of agencies "signing" her, and outlets like The Guardian slammed early projects like "AI Commissioner." Even supporter Kevin O’Leary misnamed her "Norwell Tillies" while advocating AI replace background actors.Particle6 insists on building AI-human collaborations, but no major film or TV roles have materialized beyond short content. 

As the Oscars approach, Norwood's stunt underscores AI's disruptive potential in Hollywood, blending hype with hostility.While Particle6 eyes a "Scarlett Johansson of AI," industry resistance persists amid fears of job losses. The "Tillyverse" launch later this year could escalate tensions, forcing a reckoning on AI's creative boundaries.
Read more »
Medical Hacking
Cyber Attacks Cybersecurity Attack Data Removal data security Digital Infrastructure Hacker attack Malware attacks Medical Hacking

Stryker Hit by Major Cyberattack as Hacktivist Group Claims Wiper Malware Operation

 

A major cybersecurity breach hit Stryker, the international medical tech company, throwing operations into disarray across continents. Claiming responsibility is a hacktivist faction supportive of Palestine, said to have ties to Iranian networks. Outages spread quickly through digital infrastructure after the intrusion became active. Emergency protocols were activated by staff as normal workflows collapsed without warning. 

Following the incident, blame was placed on Handala - a collective that openly admitted initiating a cyberattack involving destructive software aimed at Stryker’s infrastructure. Data removal affected numerous devices throughout the organization's environment. From those systems, about 50 terabytes containing confidential material were copied before transmission outside secure boundaries. 

Even though confirmation remains absent, whispers among workers stretch from Dublin to San Jose, pointing at chaos. Over two hundred thousand gadgets - servers mostly, but also handheld units - supposedly vanished under digital assault, according to Handala. Operations froze in clusters of buildings scattered through nearly thirty nations. Evidence trickles in from office staff in Perth, San José, Cork, and beyond, painting a fractured picture of stalled systems. 

One moment staff noticed work phones wiped without warning. Then came reports of private gadgets - once linked to office networks - suddenly cleared too. Afterward, guidance arrived: uninstall every business-related app. Tools meant to manage phones, along with messaging software tied to the organization, had to go. Removal became expected across all equipment. Work slowed in certain areas when digital tools went offline, pushing staff toward handwritten logs instead. With networks down, employees handled tasks by hand until technology recovered. 

A breach within Stryker’s Microsoft-based network led to widespread IT outages worldwide, as disclosed in a regulatory document. Right after spotting the problem, the firm triggered its internal cyber crisis protocol. Outside specialists joined the effort soon afterward - helping examine and limit further damage. Even though the disturbance was serious, Stryker said it found no signs of ransomware and thinks the situation is now under control. Still, the company admitted work continues to restore systems, without saying when operations will return fully. 

Yet completion remains uncertain despite progress so far. Emerging in late 2023, Handala already shows patterns of focusing on Israeli entities - using tactics that pair information exfiltration with damaging software meant to erase digital traces. Public exposure of obtained files forms a consistent part of their method, typically done via web-based disclosure channels. Though relatively new, its actions follow a clear playbook centered around visibility and disruption. 

Amid rising global tensions, a fresh assault emerges - tied to surging digital threats fueled by ongoing regional disputes. Noted specialists stress these events reveal a shift: large-scale interference now walks hand-in-hand with widespread information theft. While conflict zones heat up offline, their shadows stretch deep into network spaces. With Stryker rebuilding its digital infrastructure, the event highlights how sophisticated cyberattacks increasingly endanger vital sectors - healthcare and medtech among them - where uninterrupted function matters most.
Read more »
VPN
Age Verification NordVPN Privacy Technology Telegram Twitter User Data VPN

Can a VPN Protect Your Privacy During Age Verification? A Complete Breakdown

 



The heightened use of age verification systems across the internet is directly influencing how people think about online privacy tools. As more governments introduce these requirements, interest in privacy-focused technologies is rising in parallel.

Age verification laws are now being implemented in multiple countries, requiring millions of users to submit personal and often sensitive information before accessing certain websites, particularly those hosting adult or restricted content. While policymakers argue that these rules are necessary to prevent minors from being exposed to harmful material, critics continue to highlight the serious privacy risks associated with handing over such data.

Virtual Private Networks, commonly known as VPNs, are widely marketed as tools designed to protect user privacy and secure online data. In recent months, there has been a noticeable surge in VPN adoption in regions where age verification laws have come into force. This trend was particularly evident in the United Kingdom and the United States during the latter half of 2025, and again in Australia in March 2026.

However, whether VPNs can truly protect users during age verification processes is not a simple yes-or-no question. Their capabilities are limited in certain areas, and understanding both their strengths and weaknesses is essential.


What VPNs Can Protect

At a fundamental level, VPNs work by encrypting a user’s internet connection, which prevents third parties from easily observing online activity. This includes internet service providers, network administrators, and in some cases, government surveillance systems.

When a VPN connection is active, external observers are generally unable to determine which websites or applications a user is accessing. In the context of age verification, this means that third parties monitoring network traffic will not be able to tell whether a user has visited a platform that requires identity checks, provided the VPN is properly configured.

Certain platforms, including X (formerly Twitter), Reddit, and Telegram, have introduced age verification requirements in specific regions. Many adult websites have implemented similar systems.

In addition to hiding browsing activity, VPNs also encrypt the data being transmitted. This ensures that any information entered during the verification process cannot be easily intercepted by external parties while it is in transit. Even after the verification step is completed, ongoing internet activity continues to be routed through the VPN’s secure tunnel, maintaining a level of privacy.

Modern VPN services are also evolving into broader cybersecurity platforms. Leading providers such as NordVPN, Surfshark, and ExpressVPN now offer additional tools beyond basic encryption. These may include password management systems, encrypted cloud storage, antivirus protection, and identity theft monitoring services.

Some of these services also provide features such as dark web monitoring, financial compensation options in cases of identity theft, credit tracking, and access to support teams that assist users in resolving security incidents. These added layers can help reduce the impact if personal data submitted during an age verification process is later exposed or misused.

One of the central criticisms of age verification systems is the cybersecurity risk they introduce. In this context, advanced VPN subscriptions can offer tools that help users respond to potential data breaches, even if they cannot prevent them entirely.


What VPNs Cannot Protect

Despite their advantages, VPNs are not a complete solution for online anonymity. They do not eliminate all risks, nor do they make users invisible.

In the case of age verification, a VPN cannot prevent the verification provider from accessing the information that a user voluntarily submits. Organizations such as Yoti, Persona, and AgeGo are responsible for processing this data. These companies will still be able to view, verify, and in many cases temporarily store personal details.

Typical verification methods require users to submit sensitive information such as credit card details, government-issued identification documents, or biometric inputs like selfies. This data is directly accessible to the verification service, regardless of whether a VPN is being used.

Data retention practices vary between providers. For example, Yoti states that it deletes user data immediately after verification unless further review is required. In cases where manual checks are necessary, the data may be retained for up to 28 days.

The longer personal information remains stored, the greater the potential risk to user privacy and security. This concern has already been validated by real-world incidents. In October 2025, Discord experienced a data breach in which attackers accessed information related to users who had requested manual reviews of their age verification results.

It is important to understand that any personal data submitted online can potentially be used to identify an individual. The use of a VPN does not change this fundamental reality.


Why VPN Interest Is Increasing

The expansion of age verification systems has given rise to public awareness of online privacy issues. As a result, many users are exploring VPNs as a way to better protect themselves.

At the same time, some individuals are attempting to use VPNs to bypass age verification requirements altogether. This is typically done by connecting to servers located in countries where such laws have not yet been implemented. However, this approach is not consistently reliable and does not guarantee success, as many platforms use additional verification mechanisms beyond geographic location.


Final Considerations

VPNs remain an important tool for strengthening online privacy, particularly when it comes to protecting browsing activity and securing data in transit. However, they are not a complete safeguard against all risks associated with age verification systems.

Users should also be cautious when choosing a VPN provider. Many free services operate on business models that involve collecting and monetizing user data, which can undermine privacy rather than protect it. In contrast, reputable paid VPN services generally offer stronger security features and more transparent data handling practices.

Among paid options, some lower-cost services are widely marketed to new users entering the VPN space. For instance, Surfshark has been advertised at approximately $1.99 per month under long-term plans, while PrivadoVPN has promoted multi-year subscriptions priced near $1.11 per month.

However, pricing alone should not be the deciding factor. Security architecture, logging policies, and transparency practices remain far more critical when evaluating whether a VPN service genuinely protects user privacy. While VPNs can reduce certain risks, they cannot fully protect personal information once it has been directly shared with a verification service.



Read more »
South Africa
Bitcoin Data Breach IT system land bank Microsoft Server Ransomware South Africa

Ransomware Attack Hits South Africa’s Land Bank, Hackers Demand Bitcoin Payment

 



South Africa’s Finance Minister Enoch Godongwana has disclosed that the Land and Agricultural Development Bank of South Africa was targeted in a ransomware incident earlier this year.

The cyberattack took place on January 12, according to official confirmation.

Details of the breach were made public through a parliamentary response after Adil Nchabeleng requested clarification on how the incident occurred, which systems were impacted, and whether the attackers issued any ransom demands.

In his response, the Minister stated that the attackers demanded 5 Bitcoin, estimated to be worth around R5.4 million. The bank chose not to comply with this demand. He further confirmed that core banking infrastructure and data related to farmers were not accessed or compromised.

Initial investigations revealed that suspicious activity was detected within certain parts of the bank’s IT environment. Further analysis suggested that an external party gained entry by exploiting a vulnerability in an internet-facing server. Following this, ransomware was deployed, leading to encryption of portions of the bank’s server systems as well as several employee laptops.

The attack specifically affected servers operating within virtual environments that run on Microsoft systems. Authorities have identified the perpetrators as part of a Ransomware-as-a-Service group, indicating the use of commercially distributed ransomware tools.

In response to the breach, the bank acted swiftly to contain the damage. Affected systems were isolated, indicators of compromise were removed, and additional security measures were implemented to strengthen defenses.

Officials emphasized that critical platforms, including enterprise resource planning systems, core banking infrastructure, and customer relationship management tools, were not accessed. This was attributed to the fact that the SAP environment is maintained separately from other server systems, providing an additional layer of protection.

However, other parts of the IT environment were significantly impacted. Systems outside the SAP infrastructure were either encrypted or rendered inaccessible to staff, and multiple laptops were also locked by the ransomware.

The attackers reportedly demanded payment in Bitcoin in exchange for restoring access to data and refraining from releasing any stolen information. Despite this, the bank confirmed that it did not make any ransom payment.

During the recovery phase, the bank continued to isolate affected environments, remove malicious traces, and enhance its cybersecurity posture. This included strengthening firewall configurations, patching known vulnerabilities, and improving detection mechanisms to better respond to future threats.

This incident follows a series of cyberattacks affecting organizations in South Africa. In May of the previous year, South African Airways experienced a major cyber disruption that affected its website, mobile application, and several internal systems. Immediate steps were taken at the time to reduce the impact on flight operations and customer services.

The Land Bank attack sheds light on the increasing frequency of ransomware incidents targeting key institutions. It also underscores the importance of proactive cybersecurity measures, including system segmentation, timely updates, and continuous monitoring to prevent and mitigate such threats.

Read more »
Vendor Security Compliance
Conduent Data Breach Cybersecurity Threats healthcare data breach identity theft risk Privacy Ransomware attack sensitive data protection Third Party Risk Management Vendor Security Compliance

Large Scale Data Breach at Conduent Hits 25 Million Users Nationwide


 

A central component of public service delivery, Conduent is entrusted with the invisible yet indispensable machinery that keeps the system running from healthcare eligibility systems to benefits administration, and occupies a unique position at the intersection of government operations and private data stewardship. This centrality, however, is the subject of recent scrutiny.

Several months ago, from October 2024 to January 2025, a covert intrusion occurred within the organization's network, resulting in the exfiltration of at least 25 million individuals' personal data. It was not simply routine identifiers exposed in the breach; it also compromised information related to Medicaid and SNAP programs as well as Social Security numbers. 

Modern digital infrastructure faces a sobering reality in light of the incident: the fallout of compromised organizations that are responsible for managing critical public services extends far beyond corporate boundaries, putting millions of individuals at risk for years to come. In the subsequent disclosures, it has been established that the scope of the compromise has been clarified, suggesting a much greater impact than was initially anticipated. 

Approximately 25 million individuals in the United States were affected by the breach, according to a February update provided by the Wisconsin Department of Agriculture, Trade and Consumer Protection, thereby cementing the incident's ranking as one of the most consequential data breaches in recent history.

There appears to have been sustained access to internal systems during the period late 2024 to early 2025, as determined by forensic assessments. There are multiple layers of personally identifiable and regulatory information that have been exfiltrated during this period, including full names, social security numbers, insurance records, and sensitive medical information. 

Observing the nature and composition of the compromised information, it appears that the attackers were not merely opportunistic, but also understood the value embedded within aggregated service provider environments, where administrative, healthcare, and benefits data are converged to create highly lucrative targets. In light of Conduent's operational footprint, it becomes more apparent that the incident has scale and systemic implications. 

By 2019, the company reported serving over 100 million people across the United States with its services, while maintaining relationships with the majority of Fortune 100 companies and hundreds of government agencies. Considering that public-sector programs and private enterprise workflows are integrated in such an extensive way, one may understand why the affected population appears to be fragmented and unrelated.

As part of Conduent's administrative processes, the company processes state-run benefit programs, such as Medicaid and the Supplemental Nutrition Assistance Program, across a multitude of states, as well as document handling, payment processing, and claims support for healthcare providers and insurers, including Blue Cross Blue Shield networks. 

A significant portion of the Volvo Group's workforce is exposed to this virus through its corporate services division, which also involves large-scale workforce management. This virus has also been confirmed to affect employees connected with major industrial organizations, including several segments of the Volvo Group workforce. There is a strong correlation between the intrusion and the SafePay ransomware group, which publicly claimed responsibility following the breach, suggesting a financially motivated operation with an emphasis on data exfiltration and extortion. 

As a result of the compromised dataset, this incident exceeds the traditional narrative of ransomware. In regulatory disclosures and notification communications, it is reported that the exfiltrated information consists of a dense accumulation of personally identifiable and protected health information, including full legal names, residence information, date of birth, Social Security numbers, and detailed insurance and medical records. 

Since Conduent serves as an intermediary processor, many of those affected may not have been directly connected with the company, which highlights an opacity in third-party data ecosystems, which routinely transmit sensitive information to vendor-controlled environments without the knowledge of end users due to the company's role as an intermediary processor. As a result of its expanding scope, as well as its long-term risk profile associated with the data exposed, this breach is distinguishable from previous disclosures. 

An initial estimate of approximately 10 million affected individuals has since more than doubled, illustrating the delay in visibility often associated with third-party compromises as downstream entities gradually become aware of their vulnerabilities.

In addition, by including immutable identifiers such as Social Security numbers with medical and insurance data, the introduction of long-term vectors for identity fraud, medical exploitation, and precision-targeted social engineering campaigns is greatly enhanced. 

The incident highlights a persistent blind spot in organizational security strategies: breaches originated within vendor infrastructure often go unnoticed by the organizations that rely on them, thereby making it difficult for them to respond appropriately and to hold vendors accountable. Hence, the appearance of breach notifications from an unfamiliar service provider does not represent an anomalous occurrence, but rather indicates the degree to which modern data processing ecosystems are becoming increasingly interconnected and vulnerable. 

A series of remedial measures have been implemented by Conduent following the disclosure in order to mitigate downstream risk for affected individuals, including providing free identity monitoring services to consumers and setting up dedicated support channels. Several state-level advisories, including those issued by the Wisconsin Department of Agriculture, Trade, and Consumer Protection, indicate that call center infrastructure has been activated to assist affected residents. 

However, officials and cybersecurity experts have emphasized that large-scale breach notifications frequently attract opportunistic fraud campaigns, in which attackers attempt to exploit public awareness by using phishing and impersonation techniques. People are advised to independently verify enrollment links and communication channels-preferably via state notices or hotlines-before providing sensitive identifiers. 

The company is also being subjected to increased regulatory scrutiny in addition to its response efforts. Investigations conducted by multiple state attorneys general are ongoing, as well as an internal review conducted by the company. 

According to Conduent's form 10-K filing with the Securities and Exchange Commission for 2025, evidence of active misuse of the compromised data has not been uncovered to date. Since the affected datasets are large, highly sensitive, and widely distributed, the absence of immediate exploitation does not significantly reduce long-term risk exposure, as regulators seek greater transparency, and affected parties pursue accountability through the courts, it is widely anticipated that disclosures, supplemental notifications, and legal proceedings will occur in the aftermath of the incident, prolonging its lifecycle well beyond its initial discovery. 

As well as its immediate impact, the incident illustrates the systemic risks that are embedded within third-party ecosystems, which can undermine even robust internal defenses due to vulnerabilities resulting from external dependences. 

As a result, organizations linked to service providers such as Conduent are exposed to the same threat surface. Therefore, a more detailed and continuously enforced vendor security posture is necessary.  It is critical to develop tightly scoped access controls on an operational basis, ensuring that third parties are given only the minimal permissions necessary to access the system and data, which are ideally controlled by just-in-time authentication methods. 

Using segmentation strategies, including demilitarized zones and isolated environments, further reduces the possibility of lateral movement from a compromised partner environment. These measures can be enhanced by implementing application allowlisting and execution controls which can prevent unauthorized tools from being deployed after a compromise, which is often the basis for post-compromise escalation. 

Increasingly, organizations are required to adopt continuous validation frameworks that monitor access to regulated datasets in real time, as opposed to periodic audits. It is important that vendors adhere to defined security baselines, breach disclosure timelines, and audit rights as stipulated in their contracts, and that data volumes and sensitivity are minimized wherever possible as a means of reducing security risks. 

To reconstruct attack paths and meet regulatory expectations in the event of an incident, robust logging and telemetry, designed for forensic readiness, remains critical. During this period, security operations and incident response teams must maintain close monitoring of vendor-linked authentication patterns and data access patterns in order to take prompt action, such as revocation of credentials or isolation of compromised endpoints at the onset of an attack.

In terms of executive level security strategy, the breach underscores the need to embed third-party risk into a multi-layered security strategy rather than treating it as a peripheral issue. Controls such as application allowlisting, formalized third-party risk management programs, which continuously evaluate partner security posture are among the steps required to ensuring cross-functional coordination, and implementation of standardized third-party risk management programs. 

A breach such as the one experienced by Conduent illustrates the fact that resilience in a profoundly interconnected digital infrastructure is no longer confined solely to internal controls, but is determined by the collective security discipline of every organization within it. This incident indicates that organizations need to rethink how trust is distributed across digital ecosystems in order to avoid further occurrences. It is no longer sufficient to consider security as a boundary confined within enterprise perimeters; it must be continuously validated across all external dependencies that process, store, or transmit sensitive data. 

A shift toward verifiable trust models, increased supply chain visibility, and enforceable accountability mechanisms is required to address this issue that extend beyond contractual assurances into measurable technical controls. As well as proactive resilience, it is vital to rigorously test detection, containment, and recovery capabilities against realistic scenarios of third-party compromise. 

It is anticipated that regulatory expectations will continue to evolve, and threat actors will continue to exploit aggregation points within service-driven architectures. Thus, organizations with a focus on transparency, continuous assurance, and coordinated response mechanisms will be better able to survive cascading breaches from afar.
Read more »
Technology
agentic AI tools AI workplace automation Anthropic Claude Cowork Microsoft Copilot Cowork OpenAI Codex Technology

Microsoft Unveils ‘Copilot Cowork’ to Push Agentic AI Into the Workplace

 

Microsoft is intensifying its efforts to capture consumer attention in the AI space, where rivals like ChatGPT and Gemini have gained significant traction. On Monday, the company introduced a fresh set of “agentic” AI updates, with its most notable addition being Copilot Cowork.

Developed in partnership with Anthropic, Copilot Cowork is designed to function as an autonomous digital assistant. Similar in concept to Anthropic’s Claude Cowork, it can access data from files, emails, and calendars to independently carry out tasks without requiring constant human input. From generating spreadsheets to conducting research and compiling reports, the tool aims to act like a true workplace collaborator.

"Cowork is the new chat. It's the new way of interacting with AI," said Charles Lamanna, Microsoft’s president of business applications and agents. He emphasized the shift from interactive AI usage to full task delegation, adding, "With chat, you're babysitting every step -- this is much more like 'fire and forget' with Cowork to get the job done."

Lamanna shared a personal use case where he employed Copilot Cowork to evaluate his meeting schedule over the next three months. By analyzing his emails and calendar, the AI identified meetings that might not require his presence and presented the findings in a clear chart. After his review, the system declined certain meetings and attached AI-generated summaries when necessary. He described the 40-minute process as "delightful and practical," noting that it saved both him and his executive assistant several hours.

Currently available as a limited research preview, Copilot Cowork is part of a broader push by Microsoft into agent-based AI. The company also announced that its AI agent management platform, Agent 365, will become widely available starting May 1. This platform enables organizations to monitor and manage multiple AI agents used across workflows. Microsoft revealed it has already created over 500,000 AI agents internally using this system. Additionally, new AI models from both Anthropic and OpenAI will be integrated into Copilot, signaling Microsoft’s neutral stance amid increasing competition among AI developers.

Agentic AI tools are rapidly gaining popularity, especially among professionals seeking automation. Even in its preview stage, Claude Cowork has attracted widespread attention while also raising concerns in financial markets. Earlier this year, major tech stocks dipped as advancements from Anthropic prompted uncertainty about the future of employment.

Tools such as Claude Code and Codex are becoming capable of replacing traditional software solutions—an area where Microsoft has long been dominant. This shift explains Microsoft’s urgency in advancing its own agentic AI capabilities. Industry experts increasingly believe that 2026 could mark a breakthrough year for such technologies, with projects like OpenClaw highlighting their growing influence.

Lamanna noted that "the shape of what we do on a day-to-day basis will change," but stressed that AI should ultimately free up time for more meaningful work. He described the transition as moving from using AI to assist with tasks toward fully delegating them to autonomous agents.

However, as these tools become more accessible, questions around their impact on jobs persist. Concerns have been amplified by AI-driven layoffs at major companies like Amazon and Block. At the same time, some research suggests that AI adoption may lead to longer work hours and reduced job satisfaction for certain employees. As with any emerging technology, its real impact will depend on how effectively it is implemented in the workplace.
Read more »
Subscribe to: Comments (Atom)

Featured